15:55:30 RRSAgent has joined #dnt 15:55:30 logging to http://www.w3.org/2014/08/06-dnt-irc 15:55:32 RRSAgent, make logs world 15:55:32 Zakim has joined #dnt 15:55:34 Zakim, this will be TRACK 15:55:34 ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 5 minutes 15:55:35 Meeting: Tracking Protection Working Group Teleconference 15:55:35 Date: 06 August 2014 15:55:50 npdoty has changed the topic to: August 6 agenda: http://lists.w3.org/Archives/Public/public-tracking/2014Aug/0004.html 15:57:14 JackHobaugh has joined #dnt 15:58:00 T&S_Track(dnt)12:00PM has now started 15:58:07 +npdoty 15:58:32 eberkower has joined #dnt 15:59:05 fielding has joined #dnt 15:59:45 +Jack_Hobaugh 15:59:46 +Fielding 16:00:15 justin has joined #dnt 16:00:36 regrets+ cargill, chrispedigo, kulick 16:00:46 +vincent 16:00:49 +RichardWeaver 16:00:50 vincent has joined #dnt 16:01:03 Richard_comScore has joined #dnt 16:01:45 +eberkower 16:01:50 moneill2 has joined #dnt 16:02:00 Zakim, mute me, please 16:02:00 eberkower should now be muted 16:02:20 +justin 16:02:24 vinay has joined #dnt 16:02:29 dsinger has joined #dnt 16:02:30 +[IPcaller] 16:02:34 AL has joined #dnt 16:02:43 + +1.646.840.aaaa 16:02:44 zakim, who is on the phone? 16:02:44 zakim, [IPcaller] is me 16:02:44 On the phone I see npdoty, Fielding, Jack_Hobaugh, vincent, RichardWeaver, eberkower (muted), justin, [IPcaller], +1.646.840.aaaa 16:02:44 +moneill2; got it 16:02:44 zakim mute me 16:02:49 +vinay 16:02:49 +Wendy 16:03:00 zakim, mute me 16:03:00 vincent should now be muted 16:03:16 +MECallahan 16:03:21 +dsinger 16:03:30 zakim, [apple] has dsinger 16:03:30 sorry, dsinger, I do not recognize a party named '[apple]' 16:03:54 zakim, who is on the phone? 16:03:54 On the phone I see npdoty, Fielding, Jack_Hobaugh, vincent (muted), RichardWeaver, eberkower (muted), justin, moneill2, +1.646.840.aaaa, vinay, Wendy, MECallahan, dsinger 16:04:08 +Jeff 16:04:12 Zakim, aaaa is AliceL 16:04:12 +AliceL; got it 16:04:32 no 16:04:35 jeff_ has joined #dnt 16:04:39 I wear a brace on my wrist 16:04:43 sorry 16:04:52 sorry - I can't 16:05:13 scribenick: Jeff 16:05:29 JB: 4 issues 16:05:37 ... deidentification 16:05:43 adrianba has joined #dnt 16:05:53 ... personalization 16:06:09 ... audience measurement 16:06:44 ... (reminder we are off next week) 16:07:05 ... rework compliance doc to include definition of tracking (Roy's proposal) 16:07:09 +[Microsoft] 16:07:17 Topic: Deidentification 16:07:17 Topic: Deidentification 16:07:19 zakim, [Microsoft] is me 16:07:19 +adrianba; got it 16:07:23 zakim, mute me 16:07:23 adrianba should now be muted 16:07:25 ... 3 proposals 16:07:39 johnsimpson has joined #dnt 16:07:47 https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification 16:07:58 ... NAI (internal linkages), safe harbor which could be re-identified but not in production 16:08:10 ... Roy's proposal. straightforward w/o details 16:08:27 ... Vincent (article 29). Accomplish Roy's ideas with prescription 16:08:33 ... and a 4th proposal 16:08:41 Brooks has joined #dnt 16:08:46 +Brooks 16:08:57 ... David's need also to promise not to reidentify 16:09:12 ... David, we've discussed this on the list - do you have a specific proposal? 16:09:27 David: We need to capture the idea. Don't have specific text proposal. 16:09:35 ... Issues (e.g.) with public release 16:09:41 + +1.310.292.aabb 16:09:46 ... maybe drop the word "contractually" from my text 16:10:19 Justin: If you say you only release deidentified data and are wrong you are already on the hook. 16:10:26 regard to "contractually", if you release the data publicly, it seems like you're not prohibiting anyone from trying to reidentify 16:10:30 David: Yes, so just drop the word contractually. 16:10:30 zakim aabb is johnsimpson 16:10:33 +[FTC] 16:10:48 Zakim, aabb is johnsimpson 16:10:48 +johnsimpson; got it 16:10:57 JB: Do you need proviso for aggregate statistics 16:11:08 DS: Not needed if you are totally confident you are OK. 16:11:16 +hefferjr 16:11:17 JB: So how do you characterize that idea? 16:11:29 q? 16:11:31 DS: Yes, I'm working on it. 16:11:46 ... open to proposal from the group 16:11:58 JB: Fair idea. FTC has that requirement as well. 16:12:16 ... Let's iterate on the list for a day or two then move to CfO. 16:12:30 David: Can I change contractually prohibits to restricts? 16:12:33 JB: Sure 16:12:41 dsinger, fielding, would "aggregate and anonymous" work as the additional category? 16:13:14 JB: [thinking out loud about Nick's input] 16:13:31 ... Nick, help David with the language. 16:13:37 ... let's iterate 16:13:40 WileyS has joined #dnt 16:13:44 yeah, use of "anonymous" has often been confusing in the past. I'll follow up on the email thread. 16:13:49 q? 16:13:57 ... so that would then be the fourth proposal and then we move to CfO. 16:14:09 Topic: Roy's document 16:14:12 +WileyS 16:14:13 http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-i203.html 16:14:18 JB: Kudos to Roy for input 16:14:46 ... restate compliance obligations to take into account new definition of tracking 16:15:03 RF: Overview 16:15:12 ... take advantage of defn of tracking 16:15:16 (I did the edit to the wiki, help appreciated) 16:15:20 ... so compliance is series of statements by server 16:15:36 ... defines (e.g.) what it means when server says it is not tracking, etc. 16:15:52 ... used Nick's version - we require minimal level of compliance in order to reference spec 16:16:34 ... beyond that, the rewrite discusses document scope (sec 1); section 2 (removed definitions that were in TPE) 16:16:36 for what it's worth, you could still use the TPE without a compliance indicator to indicate to the user that you're tracking but not limiting to any particular set of permitted uses 16:16:41 ... dropped 1st and 3rd party 16:16:57 ... Section 3: Goes through all the cases of a server response to a DNT request 16:17:02 ... reqts on what they must do 16:17:14 ... server should state exactly what they are doing 16:17:28 ... use defn of tracking; not distinctions between 1st and 3rd party 16:17:36 ... those distinctions are still there 16:17:44 ... not tracking to follow users in own sites 16:18:12 ... data collector, collecting within own site and not referral info from other sites would say they are not tracking 16:18:17 ... (defined in 3.3) 16:18:35 ... below that is defn of tracking in DNT 0, 1, not enabled 16:18:56 ... This doc much smaller than TCS 16:19:16 q? 16:19:20 ... could have dropped some other sections that are not needed - but I was not going to make those changes. 16:19:45 JB: You said this sets "base level of compliance". How does that relate to "send disregard"? 16:20:17 RF: There was a description of reqts for disregard signal 16:20:34 ... I put it in the bottom of compliance (needs to be consistent with reqts of TPE) 16:20:39 ... bottom of 3.3 16:21:02 JB: 1st party and 3rd party. Is this David's notion of tunnel vision. 16:21:37 ... frequence capping not need to be permitted use (already within context) 16:21:55 ok, tunnel vision was by party 16:21:57 RF: Yes. But tunnel vision was only within a domain; here we use within a context 16:22:15 DS: I'm aligned. 16:22:48 RF: Our objective is to restrict knowledge outside of "here" 16:23:02 DS: Dropping 1st and 3rd party is a huge advantage. 16:23:15 q+ 16:23:27 ack npd 16:23:30 dsinger, cause of the referrer issue I guess 16:23:54 first party can no longer know from where the traffic comes 16:23:56 ND: Concern about tunnel vision before was we said - "Maybe we don't need permitted uses". 16:24:05 ... but we found we could not do it. 16:24:18 ... billing, incoming referrals 16:24:41 ... so 1st and 3rd party approach helped us talk about the distinctions. 16:25:05 JB: So you are saying tunnel vision is not better; but are you saying it is worse? 16:25:24 ND: David's notion that it is machine testable is not actually true. 16:25:28 +q 16:25:29 q+ 16:25:31 ... It was just a decision we made 16:25:40 ... Based on user understanding 16:25:51 OK, but practically we cannot stop data flowing within a party. 16:25:57 JB: So with tunnel vision, embedded 3rd parties could pull out more? 16:26:02 dsinger, as I understand you can not keep the referrer with the "tunnel vision" right? 16:26:19 ... An ad network can pop up and collect ads - what data are you worried about? 16:26:34 q+ 16:26:37 ND: Either approach requires permitted uses 16:26:49 JB: So 1st and 3rd party distinction matters. 16:26:49 vincent, in my proposal, right, you cannot keep data that associates the user with any other party. referer headers, other party’s URLs, and so on 16:27:00 ... with tunnel vision still pretty limited 16:27:12 ... so what is the privacy delta? 16:27:35 ND: First I was explaining the history 16:27:40 dsinger, I think that's why it was not adopted, publisher were afraid that they could no longer know which keyword drvie more traffic to their website 16:27:46 ... if the group wants to change the direction we will address issues 16:27:58 ... e.g. if the user meant for their data to be remembered. 16:28:12 ... previously we used first part context. 16:28:25 vincent, not sure I follow, we should pursue this in email 16:28:29 JB: Here, a widget on my screen could remember my interactions 16:28:33 ack mon 16:28:39 q- 16:28:49 Mike: I like this. A lot cleaner. Elegant. 16:29:02 ... how do we define 1st and 3rd parties? 16:29:04 -MECallahan 16:29:09 ... should be machine testable 16:29:31 ... no less machine testable. 16:29:45 ... for permitted use - we were going to drop some anyways. 16:29:58 ... if data within one domain. 16:30:07 -vinay 16:30:15 ... Still have: can we limit UIDs? 16:30:21 ... cache header approach? 16:30:42 ack field 16:30:49 RF: Testability 16:30:57 ... main thing is conformance testing 16:31:03 ... not testable by third parties 16:31:30 ... regulators apply that type of test 16:31:31 q? 16:31:40 agree with Roy, if someone’s data gets leaked, and we find records that link users to other parties, we have a clear prima facie violation 16:31:57 JB: How does this treat headers for what we called 1st parties? 16:32:19 ... web sites log where people come from, even if tracking is turned off 16:32:29 ... would that impact tunnel vision approach? 16:32:37 RF: Yes, it is affected. 16:32:51 ... permitted uses for financial logging, added a phrase. 16:32:53 This may include counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, tracking referrals and conversion to the extent necessary to account for an agreed bounty program, and auditing compliance with this and other standards. 16:33:12 ... I made that explicit for actual financial transaction 16:33:20 ... also for general web page analytics 16:33:31 ... should be OK to track referral links to a page if not tied to user 16:33:47 ... folks that do analytics will be terribly upset for this suggestion 16:34:07 Aggregation vs. user level tracking. Issue is that you need to start with the raw log file with user specific elements to ensure you double count the same user for the same referrer. 16:34:08 ... user that does not want to be tracked does not want to be tracked between adjacent as much as 3 different sites. 16:34:09 I'm not sure why web analytics is a less common case than paid referrals for advertising 16:34:20 ... shouldn't have exception for web analytics. 16:34:30 ... should dissasociate refered data from user. 16:34:42 Roy - you can't remove the user until aggregation has occurred. 16:34:50 ... can't track individual user (if not for financial reasons) 16:34:51 agree with Roy. “I get 2,000 visitors a day from IBM” and “Roy was here yesterday”, but they are distinct records 16:34:59 +q 16:35:06 rrsagent, make minutes 16:35:06 I have made the request to generate http://www.w3.org/2014/08/06-dnt-minutes.html jeff_ 16:35:21 JB: How quickly would I need to deidentify 16:35:22 justin, that sounds like a raw data exception 16:35:27 RF: That is a separate issue. 16:35:29 q+ 16:35:48 JB: No, I am tracking a user short term. Does that violate definition? 16:36:12 RF: You can use information to customize page. But not in a log file for a while. 16:36:21 ... we talked about it. Did we make a decision? 16:36:30 JB: We walked away from it. 16:36:31 ack wiley 16:36:37 SW: Retention issue. 16:36:57 ... If all first parties globally need to look at all inbound refers 16:37:08 ... minimal level of retention to allow aggregation 16:37:15 ... will need user context 16:37:23 ... that is a wrong direction 16:37:38 ... if every website must implement this, DNT will fail quickly 16:37:50 ... go back to core tenets - 1st v 3rd party. 16:37:57 first-party is all in one context 16:38:02 ... we are getting far afield 16:38:11 ... it will cause the demise of DNT 16:38:30 RF: From the perspective of "adoption" it helps to have a spec they can adopt. 16:38:40 ... I appreciate that we want compliance from day 1. 16:38:53 q+ to ask about defining requirements (1st/3rd; or additional requirements on the definition of tracking) 16:38:56 ... but it does no good to have people say they adopted DNT - but they are still tracking. 16:39:07 Based on Roy's conception of "Tracking" - far too broad at this point based on where we started as a group in my opinion. 16:39:17 ... my preference is that immediate referral data is allowed. 16:39:34 ... based on what we want to achieve - we have a protocol that can communicate the options. 16:39:53 ... we won't get instant adoption 16:40:00 ack ds 16:40:01 ... this won't prevent them 16:40:17 If no one adopts there is no value to adoption for others. Same issue for P3P - if we don't all adopt then there is no motivation for anyone to adopt. 16:40:23 I was merely going to note that we still need a short-term retention definition (the ‘roach motel’ with only 3 exits) 16:40:24 DS: @@@ sounds muffled 16:40:35 WileyS, it would be enough for web analytics provider to adapt to DNT, website publishers would not have much to do (if anything) 16:40:49 Short-term? How short? Monthly and quarterly aggregate roll-ups? 16:41:10 ack npdoty 16:41:10 npdoty, you wanted to ask about defining requirements (1st/3rd; or additional requirements on the definition of tracking) 16:41:13 to WileyS, not that this deals with your issue 16:41:19 WileyS, on the other hand, there's a question what the signal communicates, whether or not it's listened to 16:41:24 Nick: Trying to get around the concern 16:41:48 ... Now we want to limit our scope on tracking - but then we state here is how you comply as a 1st or 3rd party. 16:41:55 notes that we might not expect many ‘first parties’ to try to or claim compliance, and maybe users are OK with that as an initial state 16:42:00 right, we could exclude "immediate referral data" (which includes headers and URI tokens) from the notion of tracking, but it would be much harder to defend 16:42:02 ... Roy's approach goes back to definition of tracking 16:42:05 Vincent, those that use 3rd parties (like Adobe), I agree. Anyone who uses their own tracking packages or internal reporting schemes from logs won't be helped. 16:42:09 ... but then - what about things that are out of scope 16:42:19 q+ 16:42:20 ... refers header, link where user came from 16:42:45 ... easier way is to look at other examples for different contexts 16:43:08 ... alternative - look at Roy's new text for 3.3 - elaboration for definition of tracking 16:43:20 yep 16:43:25 ... requirements on defn of tracking 16:43:43 WileyS, I don't think there are a lot of publishers who use internal tools, most use existing tools (Adobe, GA, ...) 16:43:47 JB: So compliance obligations would be written to make exceptions for what people do? 16:43:54 +q 16:44:01 ... Roy is saying that we are telling 1st parties not to accept refer headers. 16:44:38 ... You are suggesting that 1st parties can't say "no tracking" because they accept refer headers - but can rely on definition of tracking. Nick? 16:44:43 Vincent, I don't believe that's true. I'll try to dig up an analytics survey from last year - showed a much higher number (relative percentage) of "self-serve" models in play than you may imagine. 16:44:46 Nick: That's one approach. 16:44:58 ... but there are other approaches 16:45:12 q? 16:45:21 ack ds 16:45:25 q+ 16:45:25 JB: Noone today can respond with an N. 16:45:40 DS: We can have a 3rd party permitted use "I claim to be the first party" 16:45:59 ... or have a note that we don't expect 3rd parties to adopt at same rate 16:46:19 ... Understand Shane's concerns - but we should still explore this. 16:46:32 ... "I'm clean. I'm not tracking you" 16:46:35 Note - only 19 participants on today's call. 1 of those being a co-chair and 2 being editors. If we see this dramatic of a drop in attention to this standard, why do we think developing a standard that all web servers globally would need to implement would be adopted? 16:46:39 ... we can soften 1st party problem 16:46:50 q+ on use cases/audiences 16:46:54 WileyS, if you could share the survey result that'd be great 16:47:19 q? 16:47:22 JB: It may be OK for first parties not to change their practies short term 16:47:23 WileyS, it's also August 16:47:25 q+ on first party / machine-readable 16:47:28 Vincent - I'll try to find it again - over a year ago. if you could dig up metrics to back up your statement that only 3rd party tools are used that would be helpful as well. 16:48:05 Mike: Not just refer headers. But I agree w David. Add special cases. 16:48:14 I think it is a legitimate concern that "all websites" do some amount of "tracking" if we include immediate referral data as tracking data. However, that doesn't make it easier to explain to a user that doesn't want tracking. Is referral data okay for the DNT:1 user? 16:48:22 ack ws 16:48:22 wseltzer, you wanted to comment on use cases/audiences 16:48:24 q? 16:48:31 Oops - forgot to mention 2 of those are staff - so really only 14 participants in total. If August is considered such a low participation period perhaps we shouldn't be meeting righ tnow. 16:48:34 Wendy: Voice to IRC chat 16:48:46 ... keep in mind various audiences and use cases 16:48:58 ... adoption by servers, users and communication to users 16:49:25 Shane, we have 3 staff ;) 16:49:27 q? 16:49:33 ack mon 16:49:47 I never said that 16:49:51 to Wileys, on participation, yes, I would be cautious about making ‘decisions’ in a low period, on the other hand, I am appreciating the quality of interaction on this call and the amount of inteliigence and light being shed (by you and others) 16:49:56 WileyS, there is nothing in our specs that requires all servers to implement. They only need to implement if they say they do. 16:50:08 WaltMichel has joined #DNT 16:50:28 ack npd 16:50:28 npdoty, you wanted to comment on first party / machine-readable 16:50:30 ack npd 16:50:57 Roy, but if very few servers ever adopt a standard then it fades quickly - much like P3P. Standards only work when there is high adoption - otherwise why have a standard. 16:51:01 Nick: Machine-readable - your statement is that user agent might not expect DNT from 1st party 16:51:05 ... so less important 16:51:16 ... but not easy to see in practice 16:51:22 ... so we are getting away from it 16:51:32 ... We expect sites to interact with users on their sites. 16:51:38 ... easy to implement DNT 16:51:41 [I've never liked the 1st/3d party distinction] 16:51:52 ... referals, data append, setting preferences - more complicated 16:51:52 WileyS, in that case, you don't need to concern yourself about what that non-standard said. 16:52:16 JB: Where in Roy's spec is data append prohibited? 16:52:31 Roy, fair, if we want to build a standard that no one will adopt then there is no need to be concerned with that standard. 16:52:33 Nick: In 3.3 where he elaborates on defn of tracking 16:52:36 using data collected about another context 16:52:38 An origin server that sends a TSV of N (not tracking) MUST NOT engage tracking if a similar request is made to the designated resource while that tracking status remains fresh. In other words, the party MUST NOT knowingly collect, retain, use, or share data from a network interaction with the designated resource that would allow that party to associate the same user with tracking data it has previously obtained from user activity in other contexts, MUST NOT retain, 16:52:38 use, or share data derived from this user activity outside the context in which this activity occurred, and MUST NOT tailor or personalize the response from the designated resource based on data derived from this user's activity in other contexts (aside from contextual data provided by the user in the current request). 16:52:43 ... first paragraph 16:52:46 RF: Yes. 16:53:38 JB: I thought for CfO for data append you said no! 16:53:48 RF: This is about using the information in responding to request. 16:53:52 Can someone provide an example of data append where they user has not given consent and/or its not public data? 16:54:07 ... If user has DNT=1, they would not get data about their interactions at other sites mixed in at this site. 16:54:35 JB: But if I send NYT my Yahoo address with DNT=1 with that prohibit searching email address for data broker? 16:54:48 RF: Yes, that is a strict translation of defn of tracking. 16:54:58 JB: OK. We had CfO and that issue is closed. 16:55:08 q? 16:55:10 ... let's not revisit. 16:55:15 rrsagent, make minutes 16:55:15 I have made the request to generate http://www.w3.org/2014/08/06-dnt-minutes.html jeff_ 16:55:19 1st party / 3rd party context really does come to the root of the issues we initially were attempting to solve. Expanding the scope so broadly now is only going to cause more confusion and difficulty in implementation. 16:55:20 Topic: Data minimization 16:55:33 -AliceL 16:55:38 JB: Language has been revised 16:55:48 ... rationale? 16:55:57 RF: I don't remember a consensus 16:56:11 ... minimization already says that you can only collect if for permitted use. 16:56:11 it might be helpful if we narrowed this proposal down to those things related to issue-203 16:56:21 ... so language is redundant. 16:56:29 ... can go back in if there is a consensus 16:56:53 JB: OK, so it is editorial 16:56:58 Topic: Personalization 16:57:01 q? 16:57:06 JB: Language was deleted. 16:57:11 ... Rationale? 16:57:20 RF: You asked us to delete it. 16:57:21 I understand it can be difficult to write a narrow proposal when you're working on elaborating a general idea 16:57:39 JB: I said made sense to delete on frequency capping. Not more broadly. 16:57:44 RF: OK. 16:58:07 ... It's just a proposal. 16:58:16 q? 16:58:40 Justin: What should we do with this proposal? 16:58:48 ... Chairs and staff should discuss. 16:58:52 ... Thanks, ROy. 16:58:58 ... very thoughtful 16:58:59 suggest we dig up the ‘tunnel vision’ discussion from the archives, but I don’t recall it being very helpful 16:59:03 ... some reluctance 16:59:15 ... Chris P and Rob could have some significant concerns. 16:59:18 ... keep talking 16:59:46 q+ on minimal proposal 16:59:47 RF: Purpose of proposal was to address comments about 1st party v 3rd party. 17:00:21 ... Nick could look through proposal and see what language he wants to use for main TCS; even if just adopting some of the editorial changes. 17:00:27 ... see if worth discussing 17:00:32 ... editorial pass 17:00:47 q+ 17:00:53 q- 17:00:59 JB: I've heard the complaint that this favors first party. 17:01:00 q+ to talk about parties and their size 17:01:10 +vinay 17:01:22 ... this does not prevent FB from showing up on the NYT showing what people did on FB 17:01:26 q? 17:01:48 RF: FB can be either 1st party, 3rd party, or talk about their own data 17:02:01 ... FB should be able to track if they have consent to do so. 17:02:04 and they can get consent easier than the others 17:02:13 JB: They can't use behavioral data. 17:02:26 ... but the concern is whether they can use their information on the NYT. 17:02:33 ... Does this allow? 17:02:37 RF: Yes. 17:02:53 hmm... I thought this i203 proposal was written to explicitly define that activity as tracking 17:03:18 RF: Concern was not about FB showing data. It was about networks of large users can customize ads better 17:03:25 ... does not address that at all. 17:03:32 ack npd 17:03:32 npdoty, you wanted to comment on minimal proposal 17:03:34 to use the data they need to identify the user on a anotehr context (site) 17:03:45 .. but gets 1st and 3rd party out of scpe 17:03:51 s/scpe/spec/ 17:03:59 Nick: Pragmatic suggestion. 17:04:15