Tracking Protection Working Group Teleconference

06 Nov 2013


See also: IRC log


MECallahan, Rigo, schunter, WaltMichel, dwainberg, Joanne, Rachel_N_Thomas, Jack_Hobaugh, Ari, Carl_Cargill, Amy_Colando, RichardWeaver, AWK, kulick, hefferjr, justin, +1.301.633.aaaa, SusanIsrael, FPFJoeN, hwest, moneill2, Chris_Pedigo, Chapell, JC, Brooks, MattHayes, +1.646.654.aabb, eberkower, Fielding, [Microsoft], adrianba, WileyS, LeeTien, laurengelman, Olsen, RobSherman


<trackbot> Date: 06 November 2013

<justin> scribenick: gshans

<FPFJoeN> I am 301

<FPFJoeN> (calling remotely today)

Schunter: last week sent around final plan. goal is to do option 3 - TPE first, then compliance. While TPE should be self-contained, can't mix and match with other documents.

Carl: Still a work in progress, taking a lot of cycles.

<dwainberg> was there an agenda for today?

Schunter: main Q - how to ensure what is in doc is well defined.

<JackHobaugh> Can someone post an agenda for today's call?

<schunter> http://www.w3.org/mid/52792C63.3070204@schunter.org

<justin> I think Matthias accidentally just sent to the Chairs list. I just forwarded to the public list, but I've been having email problems.

Carl: Options 3 and 4 received approx same # of votes, with 3 in lead. Given that 1 & 2 didn't receive many votes, we're looking to do 3/5 - 3+4 combined so we can move forward. This has led to serious discussions about crafting a way forward. We think we have a way forward, but still have to iron out some elements - need to clear some of the details.

<justin> But the agenda is basically Issue-5, Issue-10, Issue-16, and share definitions.

<justin> http://lists.w3.org/Archives/Public/public-tracking/2013Nov/0024.html

Finalised revised TPWG plan based on option 3 (Matthias/Carl)

<justin> Agenda above

<justin> Apologies to all for delayed posting . . .

Carl: Agenda - Scribe, ID, finalize agenda. Issue-5. Continued input is sought.

<schunter> Yes. My mistake...


<rigo> issue-5?

<trackbot> issue-5 -- What is the definition of tracking? -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/5

Schunter: we will move to call for objections on issue 5.

<rigo> November 20: Call for Objection closes

<rigo> November 20: Call for Objection closes

Brooks: How do we do issue-5 before issue-16 if issue-5 has definitions contingent on issue-16/

<JackHobaugh> I agree with Brooks, these definitions cannot be finalized in isolation.

schunter: both definitions contain literal language and explanations, so there will always be some dependencies, but we have to pick one to start with.

Brooks: this just moves the ball down the road.

<WileyS> +q

Schunter: other issue-5 questions?

WileyS: how far can we stretch friendly amendment request? We would like to put forward def. of tracking for issue-5 that DAA is putting forward.

schunter: we closed call for issues a few weeks ago. don't want to open it again. Have to pick one of the three, or pick none.

<justin> We've been doing this for *years* . . .

<justin> Is the definition public?

<fielding> If it is new information, it can be proposed later. I am certain that the DAA-prototype definition won't be new, even though I have not seen it. I am also certain that it won't be accepted by the group regardless.

WileyS: The difficulty here is timing. the DAA is working towards a definition. Would be ideal to have alignment between W3C and the DAA. Not introducing it for consideration would prevent further problems.
... having alignment with compliance from DAA and technical definitions in TPE would be ideal.

Justin: could do what Roy proposed.

<fielding> Shane, alignment is expected, which is why the DAA will eventually align with a W3C definition if we ever have one, because the DAA has no credibility whatsoever at this point outside its own membership.

WileyS: could end up on divergent courses.

Justin: When it's ready, bring it back to the group.

Carl: If we get a regulatory statement (say from Europe), then we are forced to deal with that as well. This would open pandora's box.

<moneill2> put that dog away

WileyS: majority of third parties that this impacts. Primary driver here should be implementation.

Justin: When it's ready to bring to us, bring it up.

ISSUE-10 [Justin]

<rigo> issue-10?

<trackbot> issue-10 -- What is a first party? -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/10

<schunter> I have to go into listening only mode.

<fielding> The purpose of a definition of tracking in TPE is to define what the user is expressing. Therefore, it is entirely defined by how the browsers present that option to the user. Whether or not a site wishes to adhere to that expressed preference is an entirely different question. Perhaps they won't, but they will at least know what the user is asking.

<schunter> Carl/Justin/Rigo: Can you take over?

Justin: Issue-10 - roy's proposal, and david's proposal, will move forward. Alternative - don't define this in TPE. Could have it defined in compliance.

<rigo> November 20: Call for Objection closes

<rigo> on ISSUE-10

Roy: group needs an understanding of the terms, even if they're not in the document. need to know what they mean even if not in protocol. might be possible to remove all notions of parties from TPE

Justin: we're going to close the issue. if group participants want to object to either document, that's ok.

dwainberg: doesn't make sense to include party defs in TPE - would be better to wait in compliance doc.

Amy Colando: Q for Roy. Is there a way to put some defs in a guidance doc that's not part of the specification?

Roy: could have a user's guide a la a glossary.

Carl: Issue-16


<rigo> issue-16?

<trackbot> issue-16 -- What does it mean to collect, retain, use and share data? -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/16

Carl: vinay is driving the discussion. there have been a lot of msgs back and forth.

<fielding> Many other WGs have published user guide documents, usually as Notes, that include less formal descriptions, configuration advice, and guidance regarding how to make use of the corresponding technical standard.

vinay: has raised Qs that we need to address. Lot of emails last week. Have proposed compromise language. a few things have come from that. 1) most of the group is under idea that there is a difference between sharing (transferring of data) vs facilitating (allowing others to collect). dwainberg asked - we were defining terms that were 1) dependent on tracking and 2) possible outside TPE. No consensus yet. Possible that roy's work could address.

fielding: tracking definition uses collection in a way that assumes that we're discussing retention or sharing.

vinay: many are concerned that compliance obligations fall outside TPE and the compliance obligations should define the terms.

fielding: user has to express intent and doesn't have a choice on which compliance document to refer to. if there's no protocol that defines its own terms, there's no protocol at all. The definitions have to be used and understood by user.

<WileyS> Roy, disagree on the alignment direction - just now seeing your "credibility" statement. In that light, I'm assuming the W3C's credibility here is the P3P standard?

Brooks: What we're recognizing here is that TPE is supposed to represent your preference. The preference is defined by compliance document. Difficult to express preference in a way that depends on something that has yet to be drafted. Outcome is to take more and more of compliance doc and put it into TPE.
... alternatively - say that you're making a choice with respect to something that has yet to be defined. As we're seeing, it's integral to what TPE is setting out to do.

dwainberg: to follow on, what are we imagining is going to happen with the document once we reach last call.

<WileyS> +1 to David's question

<WileyS> Implementation is relevant

fielding: what's the issue?

<WileyS> A protocol that Servers will implement = success

wainberg: a protocol that's incomplete is not helpful.

<justin> We're just trying to standardize the expression of a desire not to be tracked. That's what TPE does (inter alia).

fielding: same way they do now - we will honor DNT signal that is business-specific. it would be better to have universal standard, but we don't. it is necessary for user to understand what they are configuring across all browsers. otherwise protocol is not uniform from user perspective and no chance that sites can implement correctly.

fieldign: in every development, there will be areas where standard is under development and there could be some market confusion. however, possible failure is not a reason to not try.

WileyS: example contradicts the possibility. introducing a def of DNT and having a further proliferation.

fielding: what we have now is a number of PR campaigns. If we can't resolve the issue, i'll ask the browsers, but if we can't do that, then we've given up.

schunter: important to express what DNT-1 means, and tracking vs. not tracking.

<kulick> GSHans, that was David W. speaking... not Shane.

vinay: not clear how to proceed. do hear the concerns.

Cargill: do we have enough clarity to initiate call for objections.

[correction to earlier - wainberg speaking, not wileys]

vinay; some people are uncomfortable defining terms that are dependent on tracking, or if there are compliance questions

justin: once we have common understanding of meaning, that will shape how compliance is defined.

cargill: on one hand, we want terms defined if they are to be used. on other hand, may not want to use term even if it is defined. unless we define terms you can't object to them. you can only objection to the inclusion of a non-defined term, which is acceptable in some sense.

<WileyS> Vinay called it perfectly

vinay: I think there are some people who are uncomfortable with agreeing to language without knowing how it's going to be used.

<fielding> If the WG can't make a decision on behalf of the users, then browser developers will have to choose a common definition of Do Not Track. If they refuse to do so, then there is no protocol to specify.

<WileyS> Definitions blind of context in use are difficult to agree to...

<justin> But doesn't the definition then define what the context will be?

cargill: are we objecting to inclusion, or to defintiion>

<WileyS> Roy, since browsers are already sending the signal do you believe they've already choosen a "common definition"? Since they lack one and they are able to send the signal, there doesn't appear to be dependency.

justin: are there people who object to the substance?

<justin> If we can agree on vocabulary, it sounds like then we should just revise other language based on common understanding of terms.

<fielding> Shane, they do have a common definition -- they just don't have the wording for it. My proposal covers what the browsers have documented, other than the default issue which is still a fault in MSIE.

LeeTien: no strong objection to the language. There is some lack of clarity, but there's not a clear way out. But it's good enough for someone who's careful. V. interested to see what Roy comes up with.

cargill: Issue-16. Four terms to define. May have some consensus on those terms as defined. Do not have consensus if these terms should be included in TPE or if they should be made operative in context of TPE. Correct?

Vinay: Yes. There is some apprehension about agreeing without knowing of consequences, but general agreement.

<rigo> ISSUE-16: Carl says, Four terms to define. May have some consensus on those terms as defined. Do not have consensus if these terms should be included in TPE or if they should be made operative in context of TPE.

<trackbot> Notes added to ISSUE-16 What does it mean to collect, retain, use and share data?.

<fielding> Note that all of those terms are used in the definition of tracking, so …

Cargill: Vinay, LeeTien - if they could be written up (along with David Singer) with a statement of what they mean, we will then put out Call for objections. We will move them into 16 - and call for objections on definition as well as on inclusion.

<fielding> this is unlike the question of whether to include "party", which is not currently in the definition of tracking but is used in TPE for compliance pointers.

Brooks: we are looking for consequences before the horse. if we choose not to define these terms, these are the terms that tracking is based on.

Justin: what are the ramifications?

Brooks: If we're going to have key terms part of tracking, decide whether they can be defined first before tracking.

<eberkower> Can we like one or more definitions and not others in the Call for Objection?

Cargill: at least some of the terms are viable in Issue 16.

<justin> Sure, eberkower --- doubt we'll want to create a massive five-dependency matrix, but you can feel free to be clear in the comments field which you want to include or not.

<eberkower> Ok, thanks

Jack: Sounds like we're still in compliance document. We should open up TPE and work on that, then make the decision.

<rachel_n_thomas> Agree with Jack!

<rachel_n_thomas> You can begin work on the TPE and just not *start* with the definitions. Plenty else to discuss there.

<fielding> none of the ISSUE-16 terms indicate a form compliance -- they would be necessary to say anything about compliance, but that's separate.

Justin: Think we should close out issues, and there aren't a lot of issues open in TPE. If there are specific things that you want, raise them.

definition of network interaction and user interaction

<rigo> issue-204?

<trackbot> issue-204 -- Definitions of collection / retention and transience / network interaction -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/204

<rigo> issue-217?

<trackbot> issue-217 -- Terminology for user action, interaction, and network interaction -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/217

<rigo> issue-228?

<trackbot> issue-228 -- Revise the Network Interaction definition -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/228

<justin> There are three related issues all going to a definition of network transaction. I believe fielding has proposed specific text under a different issue, I will go look for it.

<eberkower> http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Revise_network_interaction_definition

<justin> Issues 204, 217, ad 228.

<fielding> 228 is just a duplicate of 217

<justin> Here are (some of) Roy's comments on this issue: http://lists.w3.org/Archives/Public/public-tracking/2013Sep/0102.html

<rigo> 204: From the June draft on, definitions of collect and retain have included a concept of "transience"; should we define this term or use concepts of network interaction?

Cargill: 204. Issues of transience. 217. Terminology.

<rigo> term "network interaction"

<rigo> term "user interaction"

<rigo> now talking about issue-217?

<rigo> issue-217?

<trackbot> issue-217 -- Terminology for user action, interaction, and network interaction -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/217

fielding: compliance doc had section called network transaction, but that term was never used elsewhere - usually network interaction. that is thought of is a request and corresponding response. whether the def is in there, unclear if it's referring to single interaction or an entire sequence of web resource requests, starting from initial UI action finishing through to a phase state and to when network requests have stopped. can't use same term for both meanings.

<justin> Network transaction or interaction aren't used in TPE, so maybe we don't need to include in that document. I do not care. We may not even need it in compliance.

fielding: Not sure if we use single action, or even if we use set of overall requests in any way.

<moneill2> +q

<schunter> i have to drop.

cargill: within context of driving TPE to completion, not clear if we need these terms.

Fielding: will probably need individual network interaction, but possibly not overall set.

<WileyS> Network Interaction = Request/Response pair?

Cargill: can propose individual network interaction as issue-217.

moneill: tracking does refer to network transaction.

moneill2: not sure whether network interaction is relevant to TPE

<justin> The only reason we added this to the discussion was because people raised it during the discussion of share/collect/&c.

Cargill: waiting for definition form roy, will follow up

<WileyS> I don't believe "Network Interaction" is needed from a pure TPE perspective as long as Request and Response are defined (and already are)

<rigo> issue-217: Postponed until 20 Nov while waiting for a definition from Roy

<trackbot> Notes added to issue-217 Terminology for user action, interaction, and network interaction.

jackhobaugh: not been much conversation around network interaction

<justin> WileyS, I think that's right --- as I said, we started talking about this when we were talking about collect, that's the only reason I added this to the agenda. But if it's not controversial, we can at least consolidate issues.

vinay: can we move definition of collect into 16.

cargill: move issues surrounding collect from 228 to 16

<rachel_n_thomas> i'm on mute, so you shouldn't be getting noise from my line...

roy: 228 and 217 seem identical.

carl: move definitions from 228 into 16. looking for

<rigo> ISSUE-228: Decision to consolidate the ISSUE-228 into ISSUE-217

<trackbot> Notes added to ISSUE-228 Revise the Network Interaction definition.

rigo: merge 204 into 217?

roy: 204 is about issue-5. ask David Singer.

cargill: set 204 aside.
... 228 and 217 merged. collection move to 16.

<rigo> ACTION: Vinay to move definitions of collection from ISSUE-228 to ISSUE-16 in 2 weeks [recorded in http://www.w3.org/2013/11/06-dnt-minutes.html#action01]

<trackbot> Created ACTION-433 - Move definitions of collection from issue-228 to issue-16 in 2 weeks [on Vinay Goel - due 2013-11-13].

JackHobaugh: move 228-217 as merged back to wiki? 217 appears to not be on.

<fielding> actually, 204 is expressing a dependency between 16 and 217

<rigo> ISSUE-217: Use Jacks wiki page for issue-228 to consolidate definitions

<trackbot> Notes added to ISSUE-217 Terminology for user action, interaction, and network interaction.

dwainberg: planned to discuss criteria for implementation testing. broad agreement to do that sooner rather than later.

justin: is there a proposal?

dwainberg: not yet. can put pen to paper on proposal prior to conversation.

justin: would prefer to have a concrete idea prior to discussion

<rigo> trackbot, and meeting

<trackbot> Sorry, rigo, I don't understand 'trackbot, and meeting'. Please refer to <http://www.w3.org/2005/06/tracker/irc> for help.

<rigo> trackbot, end meeting

Summary of Action Items

[NEW] ACTION: Vinay to move definitions of collection from ISSUE-228 to ISSUE-16 in 2 weeks [recorded in http://www.w3.org/2013/11/06-dnt-minutes.html#action01]
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.138 (CVS log)
$Date: 2013-11-06 18:23:48 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/whther/whether/
Found ScribeNick: gshans
Inferring Scribes: gshans
Default Present: MECallahan, Rigo, schunter, WaltMichel, dwainberg, Joanne, Rachel_N_Thomas, Jack_Hobaugh, Ari, Carl_Cargill, Amy_Colando, RichardWeaver, AWK, kulick, hefferjr, justin, +1.301.633.aaaa, SusanIsrael, FPFJoeN, hwest, moneill2, Chris_Pedigo, Chapell, JC, Brooks, MattHayes, +1.646.654.aabb, eberkower, Fielding, [Microsoft], adrianba, WileyS, LeeTien, laurengelman, Olsen, RobSherman
Present: MECallahan Rigo schunter WaltMichel dwainberg Joanne Rachel_N_Thomas Jack_Hobaugh Ari Carl_Cargill Amy_Colando RichardWeaver AWK kulick hefferjr justin +1.301.633.aaaa SusanIsrael FPFJoeN hwest moneill2 Chris_Pedigo Chapell JC Brooks MattHayes +1.646.654.aabb eberkower Fielding [Microsoft] adrianba WileyS LeeTien laurengelman Olsen RobSherman
Regrets: wseltzer
Agenda: http://lists.w3.org/Archives/Public/public-tracking/2013Nov/0024.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 06 Nov 2013
Guessing minutes URL: http://www.w3.org/2013/11/06-dnt-minutes.html
People with action items: vinay

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.

[End of scribe.perl diagnostic output]