16:43:47 RRSAgent has joined #dnt 16:43:47 logging to http://www.w3.org/2013/12/04-dnt-irc 16:43:49 RRSAgent, make logs world 16:43:49 Zakim has joined #dnt 16:43:51 Zakim, this will be TRACK 16:43:51 ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 17 minutes 16:43:52 Meeting: Tracking Protection Working Group Teleconference 16:43:52 Date: 04 December 2013 16:47:05 fielding has joined #dnt 16:54:13 justin has joined #dnt 16:55:33 JackHobaugh has joined #dnt 16:55:37 npdoty has joined #dnt 16:56:04 T&S_Track(dnt)12:00PM has now started 16:56:12 +WaltMichel 16:56:12 -WaltMichel 16:56:12 T&S_Track(dnt)12:00PM has ended 16:56:12 Attendees were WaltMichel 16:57:16 npdoty has changed the topic to: agenda December 4: http://lists.w3.org/Archives/Public/public-tracking/2013Dec/0008.html 16:57:35 trackbot, start meeting 16:57:37 RRSAgent, make logs world 16:57:39 Zakim, this will be TRACK 16:57:39 ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 3 minutes 16:57:39 Zakim, agenda? 16:57:40 Meeting: Tracking Protection Working Group Teleconference 16:57:40 Date: 04 December 2013 16:57:41 I see nothing on the agenda 16:57:49 Dsinger has joined #dnt 16:58:00 agenda+ issue-153 16:58:07 agenda+ issue-161 16:58:22 agenda+ issue-197 16:58:33 T&S_Track(dnt)12:00PM has now started 16:58:40 +dsinger 16:58:47 +Jack_Hobaugh 16:59:36 +WaltMichel 16:59:39 agenda+ network transaction 16:59:47 +Amy_Colando 17:00:03 +Fielding 17:00:04 agenda+ issue-151 17:00:08 ninja has joined #dnt 17:00:11 +Carl_Cargill 17:00:12 +[IPcaller] 17:00:17 zakim, IPcaller is me 17:00:17 +walter; got it 17:00:29 +Peder_Magee 17:00:44 +[CDT] 17:00:48 <_538> _538 has joined #dnt 17:00:48 zakim, cdt has me 17:00:48 +justin; got it 17:00:51 +hober 17:00:57 sidstamm has joined #dnt 17:01:00 + +49.681.302.5.aaaa 17:01:05 +LeeTien 17:01:07 +[Mozilla] 17:01:12 zakim, aaaa is ninja 17:01:12 +ninja; got it 17:01:13 Zakim, Mozilla has me 17:01:13 +sidstamm; got it 17:01:29 Zakim, who is on the phone? 17:01:29 On the phone I see dsinger, Jack_Hobaugh, WaltMichel, Amy_Colando, Fielding, walter, Carl_Cargill, Peder_Magee, [CDT], hober, ninja, LeeTien, [Mozilla] 17:01:32 [Mozilla] has sidstamm 17:01:32 [CDT] has justin 17:01:32 +npdoty 17:01:33 +Jeff 17:01:39 jeff has joined #dnt 17:01:49 robsherman has joined #dnt 17:01:54 moneill2 has joined #dnt 17:01:55 + +1.916.323.aabb 17:01:57 +RobSherman 17:01:59 Ari has joined #dnt 17:02:11 vinay has joined #dnt 17:02:16 +Andrew_Kirkpatrick 17:02:35 +kulick 17:02:39 +moneill 17:02:46 + +1.323.253.aacc 17:03:03 kulick has joined #dnt 17:03:41 Zakim, aacc is Ari 17:03:41 +Ari; got it 17:03:41 Matthias will use my phone today, as we sit in the same conference room today 17:03:56 zakim, ninja has schunter 17:03:56 +schunter; got it 17:03:58 Zakim, aabb is Joanne_McNabb 17:03:58 +Joanne_McNabb; got it 17:03:59 +Bryan_Sullivan 17:04:06 bryan has joined #dnt 17:04:16 +Wendy 17:04:21 present+ Bryan_Sullivan 17:04:28 +Brooks 17:04:35 adrianba has joined #dnt 17:04:50 +Chapell 17:04:51 justin, he just arrived 17:04:55 one more minute 17:04:56 kj has joined #dnt 17:05:06 Chapell has joined #DNT 17:05:12 cOlsen has joined #dnt 17:05:14 Zakim, who is on the phone? 17:05:14 On the phone I see dsinger, Jack_Hobaugh, WaltMichel, Amy_Colando, Fielding, walter, Carl_Cargill, Peder_Magee, [CDT], hober, ninja, LeeTien, [Mozilla], npdoty, Jeff, 17:05:17 ... Joanne_McNabb, RobSherman, Andrew_Kirkpatrick, kulick, moneill, Ari, Bryan_Sullivan, Wendy, Brooks, Chapell 17:05:17 [Mozilla] has sidstamm 17:05:17 ninja has schunter 17:05:17 [CDT] has justin 17:05:51 scribenick: ninja 17:05:53 Brooks has joined #dnt 17:05:54 +[FTC] 17:06:01 +hefferjr 17:06:03 johnsimpson has joined #dnt 17:06:06 with Amy to take over scribing halfway through 17:06:12 thanks to Ninja and Amy for volunteering 17:06:15 +[Microsoft] 17:06:26 zakim, [Microsoft] is me 17:06:26 +adrianba; got it 17:06:43 Apologies. Traveling today. Only able to join on IRC. 17:06:50 Zakim, agenda? 17:06:50 I see 5 items remaining on the agenda: 17:06:52 1. issue-153 [from npdoty] 17:06:52 2. issue-161 [from npdoty] 17:06:52 3. issue-197 [from npdoty] 17:06:52 4. network transaction [from npdoty] 17:06:52 5. issue-151 [from npdoty] 17:06:59 schunter: offline caller identification done. we can dive right in 17:07:23 ... today mainly items from the batch closing, where I received comments 17:07:47 rvaneijk has joined #dnt 17:07:52 ? 17:07:56 q? 17:07:57 ... my purpose is still to close them. Would like to address the concerns and find resolutions. 17:08:04 Issue-153? 17:08:04 Issue-153 -- What are the implications on software that changes requests but does not necessarily initiate them? -- pending review 17:08:04 http://www.w3.org/2011/tracking-protection/track/issues/153 17:08:15 ... let's start with ISSUE 153 17:08:15 Zakim, next agendum 17:08:15 agendum 1. "issue-153" taken up [from npdoty] 17:08:16 +rvaneijk 17:08:38 ... to what extent can intermediaries change signals 17:09:20 correction, it is ISSUE 163, not 153 17:09:37 q+ 17:09:45 ack kulick 17:09:46 Issue-163? 17:09:46 Issue-163 -- How in the spec should we ensure user agents don't twist a user preference one way or another? -- raised 17:09:46 http://www.w3.org/2011/tracking-protection/track/issues/163 17:09:51 ... Currently the text is flexible on the topic of changing the signal. Brad wants to insert text making sure only user agents can send/change the signal 17:09:58 WaltMichel has joined #DNT 17:10:01 q+ 17:10:52 kulick: Want to make the spec more adoptable. Let's take the well established user interfaces of user agents to get mor trust of the users 17:10:54 q+ 17:11:15 +q 17:11:16 schunter: So you have more concerns regarding the quality? 17:11:31 Notes that plugins have UI and are really very different from routers, proxies, etc. 17:12:01 ack walter 17:12:02 kulick: Yes, main concern is how user would interact with intermediaries. 17:12:08 +Susan_Israel 17:12:11 q+ 17:12:32 susanisrael has joined #dnt 17:13:11 walter: Think this is a non-issue. There is no way of verifying if a signal was inserted by an intermediary. So I would ask the websites to honor the signal that they receive 17:13:32 The suggested text changes have nothing to do with issue 163 17:13:33 +1 to appreciation for providing specific text! 17:14:06 +1 on guidance 17:14:23 npdoty: These recommendations won't actually control the market place. It may have bigger impact to not forbid plug-ins but to put restrictions on them. 17:14:30 q? 17:14:33 q+ 17:14:35 q- 17:14:38 ack moneill2 17:14:41 ack mo 17:15:05 +hwest 17:15:12 moneill: The tide is against user agent strings. Will be a problem to differentiate there. 17:15:37 hwest has joined #dnt 17:15:40 s/on them/on them, and W3C shoudn't be restricting which technologies can implement a spec/ 17:15:52 dsinger_ has joined #dnt 17:15:55 ack br 17:16:01 q+ 17:16:10 ... Exceptions could be established by the exception UI we have been discussing 17:16:23 +[Apple] 17:16:28 -dsinger 17:16:35 zakim, [apple] has dsinger 17:16:35 +dsinger; got it 17:17:21 bryan: limiting the agents that are allowed will limit our own scope and will not be future-proof. 17:17:37 q+ 17:17:46 issue-176? 17:17:46 issue-176 -- Requirements on intermediaries/isps and header insertion that might affect tracking -- closed 17:17:46 http://www.w3.org/2011/tracking-protection/track/issues/176 17:17:54 ... many examples of intermediaries that already work and are in support of the user. 17:17:56 q+ 17:18:00 +David_MacMillan 17:18:14 issue-177? 17:18:14 issue-177 -- Should we specify compliance requirements for software and hardware other than user agents? For example, is a web server package compliant if it tweaks DNT headers? -- raised 17:18:14 http://www.w3.org/2011/tracking-protection/track/issues/177 17:18:23 q? 17:18:24 ... fundamental question is how to validate a DNT signal. We will not solve this in DNT. 17:18:29 ack ku 17:19:40 issue-153? 17:19:40 issue-153 -- What are the implications on software that changes requests but does not necessarily initiate them? -- pending review 17:19:40 http://www.w3.org/2011/tracking-protection/track/issues/153 17:19:52 kulick: I hear the critique. The lack of actual control is an issue. I want to ensure that the manner in which we write the spec is the best manner for success 17:20:01 schunter has joined #dnt 17:20:19 zakim, who is making noise? 17:20:34 dsinger, listening for 10 seconds I could not identify any sounds 17:20:47 q? 17:20:54 ack ds 17:20:56 q? 17:21:03 ... browsers have more insights on what we want to achieve in user interaction. What I am looking to do is being more prescriptive on how to communicate with the users. 17:21:25 kulick, sorry. Not sure if I got this wright 17:21:29 right 17:21:57 An HTTP intermediary must not add, delete, or modify the DNT header field in requests forwarded through that intermediary unless that intermediary has been specifically installed or configured to do so by the user making the requests. For example, an Internet Service Provider must not inject DNT: 1 on behalf of all of their users who have not expressed a preference. 17:22:18 dsinger: I am concerned that websites may start ignoring DNT signals if they think it has been set by an intermediary 17:22:18 q+ 17:22:20 +1 on dsinger 17:22:20 kulick's change was about plugins: 17:22:22 He wants to change the … unless that … part. 17:22:35 ack field 17:22:37 Zakim, please close the queue 17:22:38 ok, npdoty, the speaker queue is closed 17:22:41 “Likewise, a user agent extension or add-on MUST NOT alter the tracking preference.” 17:23:05 +1 to Roy, re-visiting 17:23:27 "unless that intermediary has been specifically installed or configured to do so by the user making the requests" - "installed or configured" covers a wide range of arrangements on how the user's preference is expressed by an intermediary 17:23:27 zakim, who is making noise? 17:23:37 fielding: We may be going back on old ground here. There was an unresolved issue in the June draft on user agent compliance. 17:23:43 justin, listening for 14 seconds I heard sound from the following: Carl_Cargill (3%) 17:24:12 q- 17:24:18 q? 17:24:26 ack bryan 17:24:28 ... I don't see the value in making this distinction. It will limit our options to set up restrictions for intermediaries. 17:25:08 -[FTC] 17:25:26 bryan: Current text can be interpreted in a variety of ways. Even intermediaries can be specifically installed and configured by the user. 17:25:44 q+ 17:27:10 schunter: I think we have consensus. Kulick is the only member of the group raising this concerns. If we later find out that we run into problems with intermediaries, we can revisit the text. 17:27:12 Zakim, open the queue 17:27:12 ok, npdoty, the speaker queue is open 17:27:18 q+ kulick 17:27:22 ack kulick 17:27:39 ... If kulick would withdraw his objection, we can close this ISSUE 17:28:09 kulick: We need to be more prescriptive in how the choice is offered to users. 17:28:27 the points I make are general an not indicative of any position of my company - when I say "we are covered" under the current text, I mean that the group of stakeholders that I consider myself a member of, e.g. parents that care about how the web is used in their home, or users that want to ensure they don't have to manage DNT preferences in each and every device/browser/app they use 17:28:27 +1 re: providing granularity in how choice should be offered 17:28:31 -Carl_Cargill 17:28:44 schunter: Would a non-normative guidance, example URI be sufficient? 17:28:58 schunter1 has joined #dnt 17:28:59 if the concern is about user education, we may have a different issue on that 17:29:07 q? 17:29:10 +Carl_Cargill 17:29:12 kulick: Want to avoid biased presentation 17:29:20 schunter: Agree. 17:29:47 +MECallahan 17:29:48 The spec says "unless that intermediary has been specifically installed or configured to do so by the user making the requests." 17:29:54 ... dsinger, would it be possible to provide such an example of a model user agent? 17:30:07 I will provide feedback today 17:30:09 thx 17:30:09 q? 17:30:13 Yes, the existing language seems fairly strong. 17:30:14 Zakim, next agendum 17:30:14 agendum 2. "issue-161" taken up [from npdoty] 17:30:23 ... looking forward to kulick's message later if we can close this issue. 17:30:31 issue-161? 17:30:31 issue-161 -- Do we need a tracking status value for partial compliance? -- pending review 17:30:31 http://www.w3.org/2011/tracking-protection/track/issues/161 17:30:37 http://www.w3.org/2011/tracking-protection/track/issues/161 17:30:40 kulick, issue-194 might be relevant to your related concern 17:31:01 schunter: Next up, ISSUE-161 17:31:29 overtaken by events 17:31:31 thx Nick, I will review 194 17:31:38 ... Do we need a signal for partial compliance. The current status is either fully or not compliant. 17:31:54 ... To us it was unclear how partial compliance could look like 17:32:13 q+ 17:32:36 ack fielding 17:33:22 q+ 17:33:39 fielding: Last week when I edited the TPE I removed this, as there is no way to define partial compliance within a self-contained TPE document 17:34:09 is dwainberg on the call? he had asked that this be kept open 17:34:28 zakim, who is here? 17:34:28 On the phone I see Jack_Hobaugh, WaltMichel, Amy_Colando, Fielding, walter, Peder_Magee, [CDT], hober, ninja, LeeTien, [Mozilla], npdoty, Jeff, Joanne_McNabb, RobSherman, 17:34:32 ... Andrew_Kirkpatrick, kulick, moneill, Ari, Bryan_Sullivan, Wendy, Brooks, Chapell, hefferjr, adrianba, rvaneijk, Susan_Israel, hwest, [Apple], David_MacMillan, Carl_Cargill, 17:34:32 ... MECallahan 17:34:32 [Mozilla] has sidstamm 17:34:32 ninja has schunter 17:34:32 [Apple] has dsinger 17:34:32 [CDT] has justin 17:34:36 On IRC I see schunter1, dsinger, hwest, susanisrael, WaltMichel, rvaneijk, johnsimpson, Brooks, Chapell, kj, adrianba, bryan, kulick, vinay, Ari, moneill2, robsherman, jeff, 17:34:36 ... sidstamm, _538, ninja, npdoty, JackHobaugh, justin, fielding, Zakim 17:34:40 schunter: I would like to discuss this Issue based on the TPE draft as it was last week and postpone the discussion on the editorial changes 17:34:54 I raised this issue 17:35:31 or have it mean "in testing" (which would also imply non-compliance) 17:35:42 npdoty: +1 17:35:42 Well, I think this is all related to the idea of multiple compliance regimes. 17:35:48 q? 17:35:49 "under construction, making no particular claims" 17:35:51 ack ds 17:35:52 q- 17:35:56 schunter: let us push this to next week as I need to contact dwainberg for clarification. 17:35:58 I think there were lots of people interested in an "in testing" flag, fielding, though I appreciate your having brought it up originally 17:35:58 justin: that too, if we have that this issue is even mooter than it is now 17:36:00 issue-197? 17:36:00 issue-197 -- How do we notify the user why a Disregard signal is received? -- pending review 17:36:00 http://www.w3.org/2011/tracking-protection/track/issues/197 17:36:05 Zakim, next agendum 17:36:05 agendum 3. "issue-197" taken up [from npdoty] 17:36:23 schunter: Now ISSUE-197. How to notify a user on a disregard signal 17:36:47 "An origin server that sends this tracking status value must detail within the server's corresponding privacy policy the conditions under which a tracking preference might be disregarded. 17:36:48 " 17:36:48 zakim, who is making noise? 17:36:59 walter, listening for 10 seconds I heard sound from the following: ninja (90%) 17:37:40 ... Based on whatever context a site may decide to disregard the the user signal. It could be beneficial to tell the user why his signal has been disregarded 17:37:56 amyc has joined #dnt 17:38:00 npdoty, yes, but without a single compliance document the testing mechanism is far easier -- just link to a testing compliance document. 17:38:16 I think the diff is just to remove the Option box around "5.2.7 Disregarding" 17:38:52 JackHobaugh: I wasn't sure to close this because I needed to give it more thought. 17:38:55 q? 17:39:35 q+ 17:39:50 schunter: Let's also push this back to next week. Fielding, did I represent the old status correctly, that a disregard-signal should be explained in the privacy policy? 17:40:08 Ninja, I can start scribing with next agenda item 17:40:09 fielding: Yes. It has not been changed in the current draft. 17:40:23 amyc, yes. thank you 17:40:29 JackHobaugh, what were your additional questions? (this has been stable text for many months, right?) 17:40:48 that becomes circular - if you are not in compliance then the "D" signal itself means nothing 17:40:52 Walter: I think a site that disregards signals cannot claim compliance. 17:40:55 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#TSV-D 17:41:06 Roy deleted this sentence "An origin server that always responds with D is not considered compliant even if that response is compelled by factors beyond the origin server's control. " 17:41:27 q+ 17:41:31 "Note that the D tracking status value is meant to be used only in situations that can be adequately described to users as an exception to normal behavior. An origin server that responds with D in ways that are inconsistent with their other published and unexpired claims regarding tracking is likely to be considered misleading." 17:41:51 +1 to Walter 17:42:01 Schunter: Understand your concerns. Unless you send a disregard signal you have to be compliant. 17:42:12 npdoty has joined #dnt 17:42:20 dsinger, right. 17:42:43 yes, we need to separate compliance issues from the TPE 17:42:52 dsinger: A server always sending disregard should not be able to claim compliance. It is a hole we should close. 17:43:01 I think walter is proposing invalidating the use of the disregard signal. he is saying there is no valid reason to disregard a dnt signal. Is that right? 17:43:12 -Joanne_McNabb 17:43:34 q+ 17:43:34 correction: the old TPE said that; we may need something similar but that isn't a formal link to compliance. 17:43:36 nonsense 17:43:38 q- 17:43:51 ack wal 17:43:54 ack susanisrael 17:44:11 As written in spec: "An origin server that responds with D in ways that are inconsistent with their other published and unexpired claims regarding tracking is likely to be considered misleading." 17:44:18 +[Microsoft] 17:44:23 -Amy_Colando 17:44:50 walter: It is important that unless the server sends disregard they have to be compliant as they claim. 17:44:53 +1 You can't have a signal that the use of makes you non-compliant 17:45:03 +1 to susan's point 17:45:12 This seems like a question of semantics. You're compliant with the spec but you're not complying with the DNT:1 request. 17:45:24 Justin, I think you are right. 17:45:24 maybe we're confused about "compliant": you're not complying with the expressed preference, but you could still be compliant with a set of rules 17:45:32 +1 justin 17:45:49 susanisrael: Don't understand what walter means. Does in your view disregard means yu contradict the claim of compliance? 17:46:48 and this is why specs talk about conformance to requirements instead of compliance 17:46:58 walter: I am fine with a site claiming being compliant, but whenever they send disregard - the site is not compliant for this specific session 17:47:47 susanisrael, So the site is overall compliant but thinks they received an invalid signal. 17:47:53 fielding, you think we should say "conformant to the spec, non-compliant with the request"? 17:48:06 What the user does probably depends on what the user agent does in response to the disregard signal. 17:48:39 walter: Should be clear to the user that with a disregard signal received, he will probably being tracked 17:48:42 npdoty, I think we already cover this in the spec to the extent we can without creating a universal compliance document 17:48:55 I agree with Justin's and Nick's restatements, but I still think walter is saying you can never disregard a signal and be deemed a party (not site) that is compliant with the spec. I don't agree with that idea. 17:49:03 matthias: Issue 217 and 228 17:49:08 fielding, I'm asking about your suggestions on phrasing 17:49:14 Zakim, next agendum 17:49:14 agendum 4. "network transaction" taken up [from npdoty] 17:49:27 scribenick: amyc 17:49:29 I think this is just an announcement 17:49:36 Carl: where do we leave prior issue, raised by Roy, some confusion on agenda 17:50:02 susanisrael: from a user's perspective if you're tracking him/her (for whatever reason), you're tracking. It is the opposite of DNT to say that tracking can be DNT-compliant. 17:50:06 Justin: there is time to respond, wanted to say something about issue 151, share status 17:50:08 issue-151? 17:50:09 issue-151 -- User Agent Requirement: Be able to handle an exception request -- open 17:50:09 http://www.w3.org/2011/tracking-protection/track/issues/151 17:50:15 Call for Objections on 217/228 is https://www.w3.org/2002/09/wbs/49311/tpwg-interact-217/ 17:50:23 Carl: we can discuss 151 17:50:25 comments requested by December 18th 17:50:39 Zakim, agenda? 17:50:39 I see 2 items remaining on the agenda: 17:50:40 4. network transaction [from npdoty] 17:50:40 5. issue-151 [from npdoty] 17:50:41 walter: the user may not have asked not to be tracked. That may be why the signal was not deemed valid. 17:50:49 Zakim, next agendum 17:50:49 agendum 5. "issue-151" taken up [from npdoty] 17:51:08 justin: options for 151, user agent must, should or may respond to request or no language at all 17:51:10 q+ 17:51:25 http://www.w3.org/wiki/Privacy/TPWG/Proposals_on_UA_requirement_to_handle_exceptions 17:51:29 susanisrael: there's no way of telling that from the server's end. And in an EU context the user doesn't need to express any preference not to be tracked. 17:51:36 npdoty: two options for 151, inserting 17:51:54 I thought the call for options closed ages ago? 17:51:56 susanisrael: if you don't send a disregard signal and claim compliance, you must adhere to the compliance spec 17:52:24 walter: i was not thinking about the eu context but was suggesting that it doesn't make sense to include in the spec an option that makes the party that uses it non compliant. It's just illogical. 17:52:40 Matthias: in last call, cannot find consensus whether no language means implicitly mandatory or implicitly optional 17:52:40 q? 17:52:43 q+ 17:52:45 ack npd 17:52:58 I am pretty sure that Shane's proposal is an explicit MUST 17:53:13 Yes, I think that was clear from last week's call. 17:53:13 ... some disagreement amongst standards experts, so suggesting more explicit language 17:53:13 johnsimpson has left #dnt 17:53:22 Roy, yes, we are a MUST 17:53:25 q? 17:53:28 walter: i do agree that if you don't send a disregard signal and claim compliance you must honor the signal. 17:53:36 I think we're more likely to reach consensus with no changes to the text, which I believe has support from Shane and others 17:53:39 susanisrael: that is my point, if you do not claim compliance for a user whose signal you disregard, you don't need a disregard signal. 17:53:53 ack dsinger 17:53:56 Justin: proposal from Shane, should be more clear that there is must 17:54:11 -hwest 17:54:11 Dsinger: time for text submissions has closed 17:54:21 I don't think this one was closed 17:54:31 -RobSherman 17:54:44 walter: and my point was that many people requested the inclusion of a disregard signal. You're just saying you don't want to include it. If that's your point, we should have a discussion about that, though I thought we already agreed to include it. 17:54:48 ... compliance depends on what you state, doesn't have anything to do with exceptions API, depends on what you claim you are doing - so happy with Shane's proposal to be silent 17:55:20 Justin: list of proposals due to be closed today, thought Shane wanted MUST to be more clearly reflected in document 17:55:24 susanisrael: I am not saying I don't want it included. I'm pretty agnostic to its inclusion. As long as none claims compliance while disregarding a signal without a disregard response. 17:55:24 q+ 17:55:30