15:38:18 RRSAgent has joined #dnt 15:38:18 logging to http://www.w3.org/2014/04/30-dnt-irc 15:38:20 RRSAgent, make logs world 15:38:22 Zakim, this will be TRACK 15:38:22 ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 22 minutes 15:38:23 Meeting: Tracking Protection Working Group Teleconference 15:38:23 Date: 30 April 2014 15:38:51 chairs: justin, carl 15:39:10 regrets: fielding, WileyS, ninja, schunter 15:41:31 jeff has joined #dnt 15:54:51 npdoty has joined #dnt 15:55:52 T&S_Track(dnt)12:00PM has now started 15:55:59 +Jeff 15:56:27 +npdoty 15:56:34 trackbot, start meeting 15:56:36 RRSAgent, make logs world 15:56:38 Zakim, this will be TRACK 15:56:38 ok, trackbot, I see T&S_Track(dnt)12:00PM already started 15:56:39 Meeting: Tracking Protection Working Group Teleconference 15:56:39 Date: 30 April 2014 15:56:45 regrets+ WileyS 15:56:48 regrets+ fielding 15:56:52 justin has joined #dnt 15:56:59 regrets+ ninja 15:57:17 JackHobaugh has joined #dnt 15:57:58 eberkower has joined #dnt 15:58:11 dsinger has joined #dnt 15:58:38 +[Apple] 15:58:54 zakim, [apple] has dsinger 15:58:54 +dsinger; got it 15:59:03 +hefferjr 15:59:05 zakim, agenda? 15:59:05 I see 5 items remaining on the agenda: 15:59:06 1. Confirmation of scribe. Volunteers welcome! [from ninja] 15:59:06 2. Offline-caller-identification [from ninja] 15:59:06 3. ISSUE-207: Conditions for dis-regarding (or not) DNT signals [from ninja] 15:59:06 4. Unknowing and short time data retention, ISSUE-134 and ISSUE-208 [from ninja] 15:59:06 5. User agent compliance [from ninja] 15:59:14 zakim, who is here? 15:59:14 On the phone I see Jeff, npdoty, [Apple], hefferjr 15:59:16 [Apple] has dsinger 15:59:16 On IRC I see dsinger, eberkower, JackHobaugh, justin, npdoty, jeff, RRSAgent, walter, Zakim, trackbot, wseltzer, hober 15:59:18 +[IPcaller] 15:59:27 zakim, [ipcaller] is me 15:59:27 +walter; got it 15:59:42 +Jack_Hobaugh 15:59:52 Ari has joined #dnt 16:00:01 + +1.650.480.aaaa 16:00:15 chair: justin 16:00:26 650.480 is Ari from Rocket Feul 16:00:35 Zakim, aaaa is Ari 16:00:36 +Ari; got it 16:00:39 +eberkower 16:00:53 Zakim, mute me please 16:00:53 eberkower should now be muted 16:01:06 +Carl_Cargill 16:01:16 +WSeltzer 16:01:36 Carl_Cargill has joined #dnt 16:01:37 -eberkower 16:01:52 sidstamm has joined #dnt 16:01:55 scribenick: jeff 16:02:03 + +aabb 16:02:08 Zakim, aabb is Mozilla 16:02:08 +Mozilla; got it 16:02:10 moneill2 has joined #dnt 16:02:19 Zakim, mozilla has me 16:02:19 +sidstamm; got it 16:02:20 +justin 16:02:30 +Chris_Pedigo 16:02:47 Justin: Let's start 16:02:53 +[IPcaller] 16:02:55 ... 3 agenda items 16:02:55 what "number"? 16:03:06 ... 1. Conditions for disregard signal 16:03:06 zakim, [ipcaller] is me 16:03:06 +moneill2; got it 16:03:11 Chapell has joined #DNT 16:03:13 oh, looks like our PBX chose sip instead of pots 16:03:13 robsherman has joined #dnt 16:03:21 +robsherman 16:03:26 ... Background: TPE allows disregard to convey to UA that you will not honor signal 16:03:47 ... Rob and Mike have argued that UA needs more info 16:03:51 https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Disregarding 16:03:54 ... they've merged their text proposal 16:04:04 ... party MUST provide the SPECIFIC reason 16:04:13 ... easily discoverable 16:04:29 kulick has joined #dnt 16:04:29 ... servers should implement so could be understood by UA 16:04:46 Brooks has joined #dnt 16:04:47 ... Mike, how are you imagining this 16:04:51 +Brooks 16:04:57 rvaneijk has joined #dnt 16:05:07 Mike: When server returns status w tracking resource 16:05:11 +rvaneijk 16:05:11 +kulick 16:05:15 ... how does user find element in privacy policy 16:05:23 ... to explain disregard 16:05:35 ... this makes clear that what the specific reason is 16:05:41 q? 16:05:42 ... should be stated in privacy policy 16:05:53 ... but 3rd party elements don't know enough to appreciate this 16:06:21 ... in TPE can connect with reason for tracking resource 16:06:26 +eberkower 16:06:30 ... here it is a MAY, with some non-normative text 16:06:45 Zakim mute me please 16:06:50 Justin: If a server has D for 3 scenarios, how does a user know which case it is? 16:07:12 Mike: The User Agent has a User I/F to make it clear 16:07:16 Zakim, mute me, please 16:07:16 eberkower should now be muted 16:07:22 ... non-normative reqt. 16:07:36 q+ 16:07:43 ... so UA has to pass signal somehow 16:07:49 ... what does D signal mean 16:07:56 ack npd 16:08:13 Nick: TPE has a series of fields 16:08:35 ... policy property and @@ property to give user more control 16:08:35 vincent has joined #dnt 16:08:47 ... server w disregard signal can fill in one of those properties 16:08:53 ... that could be an implementation approach 16:08:54 s/@@/config/ 16:08:58 +Chapell 16:09:11 Mike: We could use the privacy policy, but we have the field for the reason for disregard 16:09:22 ... we wanted something in TCS to identify reason 16:09:36 ... unstructured text doc can't be decoded by UA 16:09:48 ... site might have 80 policies for all 3rd parties 16:09:54 +SusanIsrael 16:09:56 susanisrael has joined #dnt 16:09:57 ... would a user need to plow through all of them? 16:10:05 Justin: I hear the reqt 16:10:13 ... but it is not in what you proposed 16:10:21 Mike: First we said there should be some mechanism 16:10:36 ... now it is qualified 16:10:37 I was trying to suggest that the config/policy properties can provide a more specific explanation to the user 16:10:46 ... maybe we should extend the non-normative text 16:10:51 ... technical thing in TCS 16:10:55 since it doesn't seem like we have a settled list that needs to be encoded in a qualifiers list 16:11:06 Justin: You would require people to say this field means this reason, etc. 16:11:10 q? 16:11:13 Mike: Yup. As a possibility 16:11:26 Justin: Do you want that in the doc now 16:11:32 Mike: We are happy w text as is 16:11:37 I need at least in the document: "A party MUST provide information regarding the specific reason for not honoring the user's expression. The party's representation MUST be be easy discoverable, clear and unambiguous. " 16:11:45 as in, Mike's and Rob's proposal 16:11:51 Justin: Your language and TPE language quite close 16:12:00 adrianba has joined #dnt 16:12:08 ... since don't require field for qualifier 16:12:24 Mike: Specific reason could be in privacy policy 16:12:36 ... non normative text says that might not be good enough 16:12:52 But isn't one of the reasons why the signal is being disregarded because the user is not setting the signal? 16:12:57 Justin: Are you saying privacy policy needs to disclose ALL reasons for disregard? 16:12:59 + +1.425.614.aacc 16:13:04 Mike: I'm trying to avoid that 16:13:07 zakim, aacc is me 16:13:07 +adrianba; got it 16:13:12 zakim, mute me 16:13:12 adrianba should now be muted 16:13:16 we already require that the policy outline the possible reasons (well, the word ‘all’ is not there) 16:13:18 ... there should be a SPECIFIC reason 16:13:44 Justin: See Ari's point above. Would that be OK with you? 16:13:44 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#TSV-D 16:13:46 Mike: Yes 16:13:52 the purpose is to pin down company representation. 16:14:09 Justin: Do people object? 16:14:26 ... here we say you must state specific reason 16:14:30 It is pretty mild text, that improves transparency. 16:14:32 ... what about reason(s)? 16:14:45 do we merely need to insert “all” — “all” the reasons that a singal might be disregarded? 16:14:53 Mike: With Status ID return you can point to different privacy policies 16:14:57 s/singal/signal/ 16:14:58 could we get some examples of the kind of specific reasons you have in mind? 16:15:25 Justin: Are you implictly requiring that (since you use singular) 16:15:32 issue-207? 16:15:32 issue-207 -- Conditions for dis-regarding (or not) DNT signals -- raised 16:15:32 http://www.w3.org/2011/tracking-protection/track/issues/207 16:15:32 ... If so be more explicit 16:15:34 q? 16:15:37 Mike: Let's hear other opinions 16:15:52 Justin: Comments? Rob - more explicit to require qualifier from server? 16:15:53 q+ 16:15:59 ... Or reason(s)? 16:15:59 ack rv 16:16:07 Rob: Two stage thing 16:16:13 ... 1. User transparency 16:16:22 ... D won't be used frequently 16:16:38 ... But if they have lots of reasons, company should be transparent 16:16:47 ... otherwise can send the T signal 16:16:52 whether or not it's exceptional is yet to be seen, no? 16:16:58 ... Mike and I met in the middle 16:16:58 how about non-normative text like: "Parties may use the "policy", "config" and "qualifiers" properties of the tracking status resource defined in [TRACKING-DNT] so that the reason can be clearly communicated to the user by the user agent." 16:17:09 ... TPE building blocks can help improve transparency 16:17:15 ... hence non-normative text 16:17:47 Justin: Sound like you are OK if the policy itself has specific reason. 16:17:54 ... Fair? 16:17:56 Rob: Yes 16:18:06 ChrisPedigoOPA has joined #dnt 16:18:29 q+ 16:18:35 From the industry side, I think it depends on what we mean by specific 16:18:37 q 16:18:38 = 16:18:43 q+ 16:18:47 Justin: Hence less prescriptive. Little more expansive than TPE. David? 16:18:48 ack dsinger 16:19:02 David: Maybe TPE should just say ALL the reasons. 16:19:21 q+ 16:19:27 ... under which a tracking request would be disregarded 16:19:33 +vincent 16:19:38 Justin: I read TPE to already say ALL 16:19:41 ack chris 16:19:56 Chris: I'm OK with general reqt for transparency 16:20:12 ... But concerned about responding with a D in real-time 16:20:29 +q 16:20:30 q+ to discuss potential consent 16:20:34 yoyu use a different status — potential consent 16:20:34 ... You might be OK with the protocol, but then learn user is subscriber 16:20:41 you should not use the D signal for OOBC 16:20:50 ... then you might have permission to disregard, but didn't know that in real-time. 16:21:04 Justin: We have a signal for potential consent. 16:21:13 ack mo 16:21:17 q- 16:21:21 Mike: P signal is there for that purpose 16:21:26 we want to avoid abuse of D signal ! 16:21:33 q+ 16:21:42 Chris: Maybe I don't know yet 16:21:53 Justin: I'm trying to understand the scenario 16:22:00 ... service like Facebook? 16:22:07 Chris: Take a newspaper 16:22:14 ... user comes without login 16:22:18 ... read some article 16:22:23 ... hit the paywall 16:22:32 Rob, we also want to avoid abuse of DNT signals that are not set knowingly by humans 16:22:34 ... newspaper got some info about user 16:22:46 ... at paywall they link it all together 16:22:47 You can not track before logging in ! You can not link together without being logged in. 16:22:54 ... but would not have responded with D or P 16:23:05 +1 to rvaneijk 16:23:07 Justin: The way we defined tracking it should be OK 16:23:23 ... Newspaper is not tracking in its own context 16:23:37 Chris: They might want to follow you at other sites, introducing a third party 16:23:40 And then you want to send D to justify this tracking behaviour? 16:23:51 Justin: Interesting 16:23:56 ack cha 16:23:58 q? 16:24:14 Alan: Don't understand why we are expanding beyond TPE 16:24:27 ... Chris gave one example 16:24:38 ... we'll become overly perspective 16:24:46 Justin: Good point. Maybe just a TPE question. 16:25:01 ... should there be extra rules in compliance? 16:25:13 ... two proposals are not much different 16:25:21 ... two places to address same issue is confusing 16:25:51 Alan: ePrivacy directive. 1 or 2 word choices made a big difference 16:25:54 q? 16:26:11 Nick: f/u on Chris 16:26:21 ... discussed this with P 16:26:55 RVE (: 16:27:01 s.f/u on Chris.I would like to follow up on Chris' comment. 16:27:59 Chris: If I am a publisher, I'll respond with P to everybody 16:28:07 ... I don't know if I have consent 16:28:18 ... I have a problem with requiring any of these responses 16:28:26 Hang on, ‘P’ is for a third party, the first party can already broadly track 16:28:27 ... should list in privacy policy 16:28:45 Justin: Agree w Nick. 16:28:56 ... to David's point - the case is a publisher wants to go offsite 16:29:01 ... for retargetting 16:29:08 ... good question for TPE implementation 16:29:08 D is for the case where you (and your third parties) simply ‘ignore’ the signal for some reason, without further consideration of permitted use, consent, etc. 16:29:10 agree with dsinger, I though justin already expalined that? 16:29:16 hefferjr has joined #dnt 16:29:19 ... orthogonal 16:29:23 +q 16:29:23 q? 16:29:25 ... we should check on that issue in implementation 16:29:29 q- 16:29:36 ack heff 16:29:49 hefferjr: P consent for out-of-band consent. Not verified in real-time 16:29:57 ... we have bounds 16:30:02 the other point I was going to bring up, for Chapell, was that the difference was just that Compliance would require sending a D signal when disregarding the user's request, while the TPE just makes it possible to do so 16:30:07 ... not to be used every time someone logs on 16:30:24 Justin: TPE has bounds. Might not cover Chris' scenario. He might have issues. 16:30:32 ... not Disregarding 16:30:35 q? 16:30:38 ... let's look at implementation testing 16:30:48 Justin: Anything else on disregard signal? 16:31:00 ... Rob and Mike don't want to back down 16:31:09 ... maybe consider non-normative language to signal to user 16:31:18 ok 16:31:21 ok 16:31:30 ... Mike should consider the input and decide what to propose 16:31:41 ... Alan has pointed out covered in TPE, may need CfO 16:31:50 Topic: Unknowing / Short-term 16:31:59 Justin: unknowing data collection (208) and short term data collection 16:32:01 Zakim, who is making noise? 16:32:12 npdoty, listening for 10 seconds I heard sound from the following: Chapell (13%) 16:32:25 ... noone has spoken up in favor of proposal, so we will drop and close the issue if we don't hear in a week 16:32:30 https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Short_Term 16:32:46 s/short term data collection/short term data retention/ 16:33:18 ... David, why do we need a permitted use for short term data retention 16:33:25 David: Clarifies short term retention 16:33:33 ... can keep data in a closed pipe 16:33:43 ... can keep aggregate data or have consent 16:33:57 johnsimpson has joined #dnt 16:33:58 ... or data under another permitted use 16:34:06 ... you tell us length of retention 16:34:24 ... non-normative: if you process in 2 hours than you exposure is less than 2 months 16:34:39 +johnsimpson 16:34:42 ... delay is OK - but be careful in treatment of retained data before processing 16:34:43 I concur with Walter's response on the mailinglist: in favour of Jonathan's proposal or nothing at all. 16:34:53 Justin: What about the broad research case? 16:35:06 David: Extracted data must be one of three cases 16:35:17 ... where is the leak? 16:35:25 apologies for joining late… stuck in traffic 16:35:28 Justin: You can say end result is aggregate data 16:35:41 David: Then that is in your privacy policy 16:35:47 ... "I keep data forever" 16:35:56 ... people may or may not be comfortable with it 16:36:02 Justin: Broader than I read it 16:36:12 ... some advocates may have an issue 16:36:23 q? 16:36:35 David: We couldn't figure out a fixed retention period 16:36:42 ... would be happy if we could find one 16:36:47 Justin: Agreed 16:37:13 ... should say,"as long as end result is aggregate" 16:37:14 q? 16:37:18 rvaneijk, I think you're referring to jonathan's proposal on unknowing; where dsinger is proposing an approach for short-term raw/collection 16:37:29 David: That relies on "tracking data" being the thing in our scope 16:37:38 ... meaning stuff that can be tied to a user 16:37:52 q? 16:38:07 Justin: I have more questions which I'll put into email 16:38:19 ... Last agenda item... broad issue 16:38:24 ... User agent compliance 16:38:26 Topic: UA Compliance 16:38:38 so, next steps on raw are for email discussion and possible amicable consensus? 16:38:46 ... [bunch of issue numbers said too quickly] 16:38:53 ... how to ensure signal is valid 16:39:09 ... do we need to be more prescriptive? consequences? 16:39:11 http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_User_Agent_Compliance 16:39:15 -robsherman 16:39:22 nick, correct. 16:39:28 [issues collected together above] 16:39:41 Justin: Before becoming chair I said this is dealt with in TPE 16:39:58 ... lots of rules... need to make sure it reflects user choice 16:40:00 issue-205? 16:40:00 issue-205 -- user agent compliance requirements; connections to TPE -- raised 16:40:00 http://www.w3.org/2011/tracking-protection/track/issues/205 16:40:11 ... I propose to mirror in compliance, or leave it in TPE 16:40:20 ... flip side of what Alan said 16:40:25 ... other proposals in wiki 16:40:50 ... Alan said UA itself should not track for advertising (e.g. Amazon silk browser) 16:41:02 q? 16:41:54 ... Jack had language to take sentence from scope section (applies to UA that can access web...) and move it to section 5 on UA compliance 16:42:19 ... I won't read current TCS language (from Swire and W3C staff) 16:42:22 ... mooted 16:42:41 ... old proposals: Jonathan Mayer (preselected is compliant) 16:42:58 ... those are proposals 16:43:02 ... any others? 16:43:16 q? 16:43:40 ... Follow-UP on mailing list 16:43:59 ... AOB? 16:44:03 q+ 16:44:10 ack ds 16:44:17 q+ on WD publications 16:44:19 David: 3 comments from AvK on TPE 16:44:24 ... FOLLOWED-UP off line 16:44:28 ... will bring to list soon 16:44:51 Justin: Systemically the group will not look until we have critical mass of issues 16:44:58 ... but individual follow-up is good 16:45:07 thanks, dsinger 16:45:24 ack npd 16:45:24 npdoty, you wanted to comment on WD publications 16:45:32 Nick: We are required to publish drafts every 3 months. 16:45:35 ... We did TPE 16:45:47 ... We should publish compliance 16:45:54 ... we had some editorial changes 16:46:09 ... harmonize w TPE 16:46:25 Justin: Last heartbeat was January 16:46:33 http://www.w3.org/TR/2014/WD-tracking-compliance-20140128/ 16:46:33 Nick: Yes, every three months 16:46:56 ... just a snapshot 16:47:08 ... does not represent consensus 16:47:21 q+ 16:47:26 ack rv 16:47:38 Rob: I have concerns wrt audience measurement 16:47:44 ... looks like it is a done deal 16:47:56 ... but I'm not sure it will make it in the end 16:48:07 q+ 16:48:18 ... If you publish, make it more explicit that it is not sure that audience measurement is in spec 16:48:21 ... now implied that it is 16:48:33 Justin: Agree. 16:48:40 ack npd 16:48:40 ... make it clear there is an open debate. 16:48:54 Nick: We have both a note and an issue marker 16:49:02 ... what if we drop not and leave issue 16:49:07 Rob: Not explicit enough. 16:49:38 Justin: We can say in note that there is a debate about this permitted use 16:49:39 q? 16:49:45 -vincent 16:49:49 rrsagent, make minutes 16:49:49 I have made the request to generate http://www.w3.org/2014/04/30-dnt-minutes.html jeff 16:49:57 Note: An open question for the group is whether or how audience measurement would be addressed. See issue 25. 16:50:00 aren't there a lot of open questions? I am not sure why any one particular one should be singled out if we have noted the issues. 16:50:09 +LeeTien 16:50:26