15:56:58 <RRSAgent> RRSAgent has joined #dnt
15:56:58 <RRSAgent> logging to http://www.w3.org/2014/09/03-dnt-irc
15:57:00 <trackbot> RRSAgent, make logs world
15:57:02 <trackbot> Zakim, this will be TRACK
15:57:02 <Zakim> ok, trackbot, I see T&S_Track(dnt)12:00PM already started
15:57:03 <trackbot> Meeting: Tracking Protection Working Group Teleconference
15:57:03 <trackbot> Date: 03 September 2014
15:57:13 <fielding> fielding has joined #dnt
15:57:36 <npdoty> regrets+ schunter
15:57:51 <Zakim> +Fielding
15:57:59 <JackHobaugh> JackHobaugh has joined #dnt
15:58:13 <npdoty> Zakim, who is on the phone?
15:58:13 <Zakim> On the phone I see ??P2, Fielding
15:58:37 <Zakim> + +1.408.260.aaaa
15:58:43 <sidstamm> Zakim aaaa is me
15:58:58 <sidstamm> Zakim, aaaa is sidstamm
15:58:58 <Zakim> +sidstamm; got it
15:59:03 <Zakim> +Jack_Hobaugh
15:59:06 <Zakim> +npdoty
15:59:17 <Zakim> +RichardWeaver
15:59:40 <Richard_comScore> Richard_comScore has joined #dnt
15:59:45 <Zakim> +[FTC]
15:59:59 <rvaneijk> Nick, I am not identified yet, calling through skype
16:00:02 <Zakim> +[IPcaller]
16:00:10 <walter> zakim, IPcaller is me
16:00:10 <Zakim> +walter; got it
16:00:18 <npdoty> Zakim, ??p2 is rvaneijk
16:00:18 <Zakim> +rvaneijk; got it
16:00:55 <Zakim> +hefferjr
16:00:59 <jeff> jeff has joined #dnt
16:01:10 <npdoty> volunteer to scribe?
16:01:38 <WileyS> WileyS has joined #dnt
16:01:42 <ChrisPedigoOPA> ChrisPedigoOPA has joined #dnt
16:01:49 <dsinger> dsinger has joined #dnt
16:01:58 <justin> justin has joined #dnt
16:02:03 <Zakim> +Carl_Cargill
16:02:11 <justin> zakim, who is on the phone?
16:02:11 <Zakim> On the phone I see rvaneijk, Fielding, sidstamm, Jack_Hobaugh, npdoty, RichardWeaver, [FTC], walter, hefferjr, Carl_Cargill
16:02:13 <Zakim> +Jeff
16:02:19 <Zakim> +[Apple]
16:02:22 <Zakim> +WileyS
16:02:24 <dsinger> zakim, [apple] has dsinger
16:02:24 <Zakim> +dsinger; got it
16:03:03 <Zakim> +ChrisPedigoOPA
16:03:05 <Zakim> +justin
16:03:12 <npdoty> agenda+ TPE Last Call comments
16:03:20 <npdoty> Zakim, clear agenda
16:03:20 <Zakim> agenda cleared
16:03:24 <npdoty> agenda+ TPE Last Call comments
16:03:29 <vinay> vinay has joined #dnt
16:03:36 <Carl_Cargill> Carl_Cargill has joined #dnt
16:03:36 <Richard_comScore> Sorry - I can't
16:03:38 <Zakim> + +1.917.934.aabb
16:03:47 <npdoty> agenda+ Deidentification
16:03:49 <walter> npdoty: I'm on Skype
16:03:51 <vinay> zakim, aabb is vinay
16:03:51 <Zakim> +vinay; got it
16:03:55 <walter> npdoty: that usually isn't good enough to be scribing
16:03:56 <npdoty> agenda+ issue-203
16:04:04 <npdoty> agenda+ Personalization
16:04:09 <npdoty> agenda+ Audience Measurement
16:04:39 <npdoty> scribenick: npdoty
16:04:54 <npdoty> justin: Roy will walk us through a series of Last Call comments so far
16:05:05 <justin> https://www.w3.org/2011/tracking-protection/track/products/6
16:05:05 <npdoty> ... divided into issues, between David and Roy
16:05:56 <npdoty> ... Roy had at my urging spent some time at Compliance, but now want to spend more time on TPE Last Call comments
16:06:02 <hober> hober has joined #dnt
16:06:04 <npdoty> ... could go to Candidate Recommendation separately
16:06:26 <npdoty> ... in particularly, seeing some implementations, like EFF Privacy Badger and Disconnect.me extension
16:06:32 <Zakim> +kulick
16:06:41 <kj> kj has joined #dnt
16:06:43 <npdoty> ... had heard from advertising industry about their own definitions of Do Not Track
16:06:53 <vincent> vincent has joined #dnt
16:06:59 <npdoty> ... interest in experimenting with their own, good idea to prioritize TPE Last Call comments
16:07:36 <npdoty> ... Roy has sent his initial responses to maybe half of the Last Call comments so far
16:07:57 <Zakim> +vincent
16:08:21 <npdoty> ... let's talk them over on the call, if no disagreements, send an email to the list with an announcement about any objections to Roy's or David's responses
16:08:35 <adrianba> adrianba has joined #dnt
16:09:13 <fielding> Basically, an email response with a link to the issue tracker which explains the WG decision regarding their comment.
16:09:24 <npdoty> npdoty: WG just needs to respond (email is fine) to the commenter, and hopefully that resolves the commenter's issue
16:09:27 <dsinger> apologizes for his lateness but has been studying the comments and will have a proposal for some/most/all of them soon
16:09:46 <npdoty> fielding: a reply from the WG rather than a reply from me
16:10:14 <Zakim> +[Microsoft]
16:10:22 <adrianba> zakim, [Microsoft] is me
16:10:24 <Zakim> +adrianba; got it
16:10:38 <npdoty> justin: walk through rationales for each issue, and then people can raise feedback on the call as necessary
16:10:45 <npdoty> fielding: +1
16:10:47 <npdoty> Zakim, take up agendum 1
16:10:47 <Zakim> agendum 1. "TPE Last Call comments" taken up [from npdoty]
16:10:49 <fielding> https://www.w3.org/2011/tracking-protection/track/issues/244
16:11:27 <npdoty> fielding: comment from Article 29 working party about not overriding regulation
16:11:30 <pmagee> pmagee has joined #dnt
16:11:57 <npdoty> fielding: obviously, this standard can't overturn regulatory language or regulation
16:12:03 <justin> q?
16:12:12 <npdoty> ... understandable, but not the kind of thing we put in standards
16:12:21 <npdoty> q+
16:12:32 <justin> ack npd
16:13:11 <rvaneijk> q+
16:13:20 <npdoty> npdoty: we have a relevant section in Compliance, would that be sufficient to address the comment?
16:13:36 <npdoty> fielding: no harm in it in TCS
16:14:06 <justin> ack rva
16:14:38 <npdoty> rvaneijk: doesn't matter whether clarifying text ends up in TPE or TCS, but want to avoid view of a data controller that ePrivacy Directive or other requirements are satisfied
16:14:56 <npdoty> ... could be confusion about how a data controller should respond technically
16:15:13 <npdoty> ... if it's a different issue on the TCS, maybe we should raise a separate issue and link it
16:15:50 <npdoty> justin: also a FAQ sort of page we'd talked about, dsinger has done a lot of work, that might be the logical place for it to reside
16:15:56 <sidstamm> is the ask for an advisory note?  "By the way, this doesn't mean you satisfy any laws"?  I can see how it would be helpful to implementors, but I'm not convinced anyone would rely only on TPE to satisfy any regulations (or any spec implementation for that)
16:16:28 <sidstamm> but +1 to adding this to a FAQ
16:16:30 <npdoty> ... as with self-regulatory schemes
16:16:33 <sidstamm> don't think it should be in TPE
16:16:38 <justin> q?
16:16:38 <dsinger> given that TPE is a protocol, it
16:16:50 <fielding> https://www.w3.org/2011/tracking-protection/track/issues/245
16:16:52 <dsinger> is hardly likely to conform to laws.  TCS (if anywhere) is the right place
16:17:00 <npdoty> npd: +1 to adding explanation to FAQ
16:17:03 <sidstamm> exactly dsinger
16:17:21 <rvaneijk> prefer adding to TCS instead of FAQ.
16:17:46 <npdoty> fielding: true (about not discriminating), but we don't define a user interface
16:18:05 <npdoty> ... if it were, we should reference the W3C's guidelines on user interface/acessibility (WCAG)
16:18:16 <npdoty> ... don't know of a place in the TPE where that reference/addition would be appropriate
16:18:16 <justin> rvaneijk, Yes, since there is already language in TCS, could easily be revised to expand a bit.
16:18:49 <justin> q?
16:19:27 <npdoty> justin: is this the same concern about not being excused from local law requirements?
16:19:57 <npdoty> rvaneijk: consultation was done when status of TCS was uncertain, answer written in that context
16:19:57 <sidstamm> it's up to the user agent to determine how to best interact with users given their environment's constraints, right?  Accessibility is something software makers must take on no matter the protocol behind it (TPE)
16:20:07 <npdoty> ... that some users may need special assistance is a generic comment
16:20:30 <npdoty> npd: I would think section 4 of TPE is more relevant than 7.7
16:20:56 <npdoty> rvaneijk: I could see TCS being appropriate, but this is a normative suggestion, not just an explanatory comment
16:21:18 <dnt> dnt has joined #dnt
16:21:33 <justin> q?
16:21:39 <npdoty> justin: sounds like people are okay with revisiting section 7 of TCS regarding legal requirements
16:22:00 <fielding> https://www.w3.org/2011/tracking-protection/track/issues/246
16:22:14 <kulick> kulick has joined #dnt
16:22:46 <moneill2> moneill2 has joined #dnt
16:22:51 <npdoty> fielding: comment from Mike, actually discussed before Last Call
16:23:02 <Zakim> +[IPcaller]
16:23:07 <npdoty> ... response we heard from IE team that this was already implemented/shipped
16:23:22 <moneill2> zakim, [IPCaller] is me
16:23:22 <Zakim> +moneill2; got it
16:23:23 <rvaneijk> npdoty, we could redraft to make it non-normative. The standard would gain a lot in my view if users with special needs get accommodated.
16:23:30 <justin> q?
16:23:36 <npdoty> ... don't have a particular concern about the terminology, but already have implementation
16:23:40 <dsinger> this is a long-standing frustration; I guess we should check, apart from the implementation issue, WOULD the WG like to change the names?
16:23:44 <dsinger> q+
16:24:13 <npdoty> q+
16:24:22 <justin> ack ds
16:24:35 <justin> ack npd
16:24:37 <adrianba> q+
16:25:01 <justin> ack adria
16:25:15 <npdoty> fielding: already heard concerns from Adrian beforehand
16:25:19 <dsinger> ok, so we can respond that we agree but we feel it’s too late to change
16:25:27 <npdoty> npdoty: +1
16:25:48 <npdoty> adrianba: might have a slight preference for "permission" terminology, but only slight, and had been using this name and this implementation for some time
16:25:58 <WileyS> I'm in the same spot - I like "permission" over "exception" but its been SOOOO long it would difficult to make the change now.
16:26:34 <justin> q?
16:26:40 <npdoty> justin: sounds like momentum is similar, that we shouldn't change it at this point, even if there's a slight difference in preference over terminology
16:26:59 <npdoty> moneill2: stick with what we've got now
16:27:16 <npdoty> issue-247?
16:27:16 <trackbot> issue-247 -- update HTTP draft references (httpbis) -- pending review
16:27:16 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/247
16:27:41 <justin> q?
16:27:44 <npdoty> fielding: needed to update the HTTP draft references in the spec, and yes, I did that
16:27:48 <npdoty> issue-248?
16:27:48 <trackbot> issue-248 -- using Unicode notation in ABNF -- pending review
16:27:48 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/248
16:28:29 <justin> q?
16:28:31 <npdoty> fielding: had been using %31 and %30 in quotes, but really don't think it's necessary
16:28:52 <fielding> fielding has left #dnt
16:29:02 <npdoty> ... also don't need additional Unicode representation of it, no ambiguity
16:29:02 <fielding> fielding has joined #dnt
16:29:05 <justin> q?
16:29:15 <npdoty> justin: not sure of the details, but sounds like an editorial decision
16:29:30 <npdoty> issue-249?
16:29:30 <trackbot> issue-249 -- DNT-extension excludes should spell out control, space, double quote (or use Unicode code points) -- pending review
16:29:30 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/249
16:30:20 <dsinger> see http://tools.ietf.org/html/rfc5234#appendix-B.1
16:30:21 <npdoty> fielding: similarly, a comment about where we exclude control characters, but using ABNF
16:30:34 <justin> q?
16:31:04 <npdoty> npdoty: do we have a reference to the ABNF / RFC?
16:31:06 <npdoty> fielding: yes.
16:31:11 <npdoty> issue-250?
16:31:11 <trackbot> issue-250 -- Non-ASCII not permitted in extensions -- pending review
16:31:11 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/250
16:31:14 <dsinger> yes http://www.w3.org/TR/tracking-dnt/#bib-ABNF
16:32:06 <npdoty> fielding: limited to ASCII, intentionally to discourage human-readable text
16:32:20 <npdoty> ... comment from Addison was about using Unicode, assuming that it's human readable text
16:32:41 <npdoty> justin: why don't we want human-readable?
16:33:13 <npdoty> fielding: extension syntax, things that would be added to every outgoing HTTP request in the header
16:33:24 <npdoty> ... not sure we need the extension syntax at all
16:33:46 <npdoty> ... the design intention was to use a minimal number of characters
16:33:53 <npdoty> ... simple characters, rather than names
16:34:05 <dsinger> I think we’re fine where we are…and I think we should say what the requirements are on extensions or explicitly forbid them, and that’s a change
16:34:24 <dsinger> we could mark as ‘at risk’ as unused/unimplemented
16:34:44 <npdoty> fielding: should decide whether we want this at all, discussed at very first meeting in cambridge
16:34:49 <npdoty> npd: +1 for "at risk"
16:35:09 <npdoty> fielding: currently we don't really mention the extensions at all
16:35:27 <npdoty> q+
16:36:10 <npdoty> q-
16:36:13 <sidstamm> if nobody implements extensions during CR, we drop it from the spec
16:36:49 <justin> q?
16:37:03 <fielding> issue-251?
16:37:03 <trackbot> issue-251 -- Section title for 6.2.7 doesn't match earlier description -- pending review
16:37:03 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/251
16:37:12 <npdoty> npdoty: "at risk" is a decision that we make about features that might or might not be implemented, that they would be dropped if the CR / Call for Implementations phase doesn't see any implementations of the feature
16:37:16 <Zakim> -vincent
16:37:19 <npdoty> justin: all okay with "at risk"?
16:37:21 <npdoty> fielding: sure.
16:38:13 <npdoty> fielding: "Potential Consent" title versus the description "tracking only if consented"
16:38:20 <npdoty> ... I don't think they need to be the same. seems editorial
16:38:29 <justin> q?
16:38:39 <fielding> https://www.w3.org/2011/tracking-protection/track/issues/252
16:39:11 <npdoty> fielding: status id to reference a resource-specific tracking status resource
16:39:26 <npdoty> ... need a small number of characters to fit inside a URL
16:39:46 <npdoty> ... comment was about internationalization, to include an IRI path in that value
16:40:00 <justin> q?
16:40:11 <npdoty> ... not a name connection, besides an origin server root
16:40:16 <justin> q?
16:40:21 <npdoty> q+
16:40:27 <justin> ack np
16:42:06 <justin> q?
16:42:19 <justin> issue-253?
16:42:19 <trackbot> issue-253 -- Section 6.4.2: restriction to "URI-safe characters" -- pending review
16:42:19 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/253
16:42:20 <npdoty> npdoty: would that prevent a server administrator only using non-ascii character set paths from redirecting to them?
16:42:48 <npdoty> fielding: only applies to after /.well-known/dnt; so not to other pages on the site
16:43:01 <npdoty> issue-259?
16:43:01 <trackbot> issue-259 -- require public-facing statement of server response policy -- pending review
16:43:01 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/259
16:44:22 <npdoty> fielding: comment from EFF was about privacy-policy explanations of the tracking status values in response
16:44:40 <npdoty> ... but actually the tracking status values are defined terms in this specification already
16:44:49 <justin> q?
16:44:53 <ChrisPedigoOPA> +q
16:45:20 <npdoty> justin: thought might be about a mischievous server that would use "C" inappropriately, say
16:45:20 <justin> ack chris
16:45:45 <npdoty> ChrisPedigoOPA: California law requires sites to explain whether or how they respond to Do Not Track
16:46:02 <npdoty> ... we generally want to make privacy policies shorter
16:47:27 <npdoty> justin: regarding California law, many sites seem to be linking/referring to self-regulatory page explanations
16:47:37 <justin> q?
16:47:46 <npdoty> ... doesn't seem that this would conflict with the Californian law, might actually be along the same lines
16:48:19 <npdoty> fielding: if the FTC needs such a regulatory hook, they could add it themselves
16:48:24 <rvaneijk> http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140AB370
16:49:06 <npdoty> justin: could perhaps make the argument that an omission is unfair or deceptive
16:49:31 <npdoty> ... will follow up with Lee to see if he has comments on the list
16:49:43 <npdoty> npd: I'm not sure we have an entirely accurate reading of the FTC/enforcement hook issue
16:49:45 <dsinger> issue-262?
16:49:45 <trackbot> issue-262 -- guidance regarding server responses and timing -- pending review
16:49:45 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/262
16:49:57 <npdoty> ... given the results with nonsense P3P CPs
16:50:26 <npdoty> fielding: timing regarding ad bidding process
16:50:29 <dsinger> oh, is there a deadlock issue here?
16:51:22 <npdoty> ... only at the time of the winning bid does the bidding server know which server will be connected
16:52:01 <rvaneijk> q+
16:52:02 <npdoty> fielding: UAs are not required to check tracking status resource, DNT signal will just be sent to any resource that's loaded
16:52:49 <npdoty> ... so the UA can actively verify before making the request, if it's configured to do so, which would be uncommon
16:52:53 <justin> ack rva
16:52:54 <dsinger> q+
16:53:00 <npdoty> ... but covered by existing language in the spec already
16:53:01 <justin> q+
16:53:36 <npdoty> rvaneijk: if the bidding server operates differently from the site that wins the bid
16:54:18 <npdoty> fielding: there may be regulatory regimes that apply to different sites that make the bid, but doesn't change how the spec applies
16:55:10 <fielding> What I included in my response was: " Note that the tracking status
16:55:11 <fielding> of the bid winner is separate from the tracking status of the bidding
16:55:12 <fielding> process if they are separate HTTP requests; if the market acts as a
16:55:14 <fielding> gateway and provides the bid winning response itself, then the market
16:55:15 <fielding> is responsible for the tracking status of itself and all downstream
16:55:15 <fielding> recipients (those it shared the request data with)."
16:55:20 <npdoty> rvaneijk: not sure how it plays out down the advertising bidding chain
16:55:37 <npdoty> ... conveyance of the restrictions of DNT:1
16:55:46 <WileyS> I want to jump in on this one but have run out of time.  Could we touch on this one again?
16:55:52 <Zakim> -WileyS
16:57:13 <justin> ack ds
16:57:17 <npdoty> fielding: if the bidding server is the only server that responds to the request, then it needs to respond for itself and all the downstream servers; if it redirects, then each server can respond individually
16:58:43 <justin> ack ju
16:59:00 <npdoty> dsinger: if a UA checks tracking status resource for new sites before it loads them, but the ad server doesn't respond to the tracking status resource until it knows the winner of the ad bidding process
17:00:25 <justin> q?
17:00:27 <npdoty> justin: how would ad bidding server respond if it didn't know at the time?
17:01:11 <npdoty> fielding: server can respond that it doesn't respect DNT, or that it does respect DNT with the TCS compliance, but up to the server to confirm that that status is correct
17:01:41 <justin> q?
17:01:47 <npdoty> npd: sounds like a server that handles down-stream server-to-server communication, would need to respond with the union of possible statuses
17:02:02 <npdoty> justin: will follow up in email
17:02:26 <Zakim> +vincent
17:02:42 <npdoty> justin: timing for discussing the next batch of responses?
17:02:48 <rvaneijk> q+
17:02:49 <dsinger> I can discuss 243, 255, 256 next week
17:03:10 <npdoty> dsinger: can discuss exceptions API issues for next week
17:03:11 <justin> next week ok
17:03:13 <npdoty> ack rvan
17:03:25 <npdoty> rvaneijk: any rough answers on TCS going to Last Call and scheduling?
17:03:48 <npdoty> justin: some open issues in the document, but not many left. close out the few remaining issues in the next month or two
17:04:13 <npdoty> ... because there's been concern about implementation, take it to the group about proceeding to Last Call or not
17:04:27 <rvaneijk> ok, tnx
17:04:49 <dsinger> issue-243?
17:04:49 <trackbot> issue-243 -- origin/browsing context terminology -- raised
17:04:49 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/243
17:05:08 <Zakim> -vinay
17:05:18 <npdoty> dsinger: I thought I had aligned, but experts assure me that I didn't sufficiently align with existing definitions
17:05:21 <Zakim> -walter
17:05:29 <npdoty> ... intend for it to be editorial, just making the correct references
17:05:36 <justin> q?
17:05:38 <dsinger> issue-255?
17:05:38 <trackbot> issue-255 -- comments on doNotTrack property -- raised
17:05:38 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/255
17:05:39 <npdoty> ... would welcome any help with that from experts on origin
17:06:09 <sidstamm> dsinger, anne vk might be willing to help with the browsing context stuff (I think he was the origin of the comment for issue 243)
17:06:10 <npdoty> dsinger: on 255, people I've talked to agree about navigator, rather than window
17:06:29 <npdoty> ... shouldn't have a mixed enumeration
17:06:38 <npdoty> q+
17:06:49 <npdoty> ... should have an unspecified string
17:06:52 <justin> ack npd
17:07:04 <fielding> q+
17:07:42 <adrianba> q+
17:08:02 <justin> ack fie
17:08:32 <npdoty> npdoty: we discussed window v navigator already, and even though we'd had concerns about window, saw that there were exceptions that might make the value different (and so navigator could be misleading)
17:08:36 <dsinger> OK, on the one hand we have the exceptions; on the other, window is a bad place for new properties, and navigator is automatically exposed in workers
17:08:44 <npdoty> dsinger: concern about polluting the window namespace, and about workers
17:08:51 <npdoty> npd: workers was a new issue to me
17:09:14 <npdoty> fielding: dev will in any case need to check that the value is defined
17:09:37 <npdoty> ... null is used here whether the UA hasn't implemented DNT or has implemented DNT but no expressed preference
17:09:53 <justin> ack adr
17:10:38 <npdoty> adrianba: torn about this one. agree that we talked about the issue earlier and that commenters weren't aware of the WG decision
17:11:01 <npdoty> ... despite pollution of window, the value may vary by window and navigator value isn't consistent across the browser
17:11:20 <npdoty> ... one piece of new information in mail thread was that there other things on navigator that vary by context
17:11:49 <npdoty> ... we changed our implementation to match the spec when implemented exceptions
17:11:56 <fielding> issue-255?
17:11:56 <trackbot> issue-255 -- comments on doNotTrack property -- raised
17:11:56 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/255
17:12:02 <dsinger> issue-256?
17:12:02 <trackbot> issue-256 -- comments on exception APIs (asynchronous/promise/parameter names) -- raised
17:12:02 <trackbot> http://www.w3.org/2011/tracking-protection/track/issues/256
17:12:30 <npdoty> dsinger: comment was about returning a promise
17:12:33 <adrianba> q+
17:12:34 <npdoty> q+
17:12:53 <npdoty> ... currently we return nothing
17:13:06 <justin> ack adr
17:13:18 <npdoty> ... could be an improvement to let the site know that the UA finally got an answer from the user
17:13:39 <npdoty> adrianba: core of the feedback is that this should be asynchronous API, and to do that you should use a promise
17:14:13 <npdoty> ... when we changed the design of the exceptions, expect UI to be rare and didn't want to deal with event callbacks
17:14:30 <npdoty> ... user might also approve and later (even immediately) revoke it
17:14:51 <npdoty> ... don't preclude the use of the UI, but don't expect it to be typically implemented
17:15:15 <npdoty> q-
17:15:25 <npdoty> npd: was going to make the same explanation that Adrian just did
17:15:30 <fielding> http://lists.w3.org/Archives/Public/public-tracking-comments/2014Apr/0001.html
17:15:50 <npdoty> dsinger: concerned about phishing uses of the explanation string
17:16:19 <justin> q?
17:16:21 <npdoty> q+
17:16:26 <justin> ack npd
17:17:14 <moneill2> +q
17:17:21 <adrianba> q+
17:17:27 <justin> ack mon
17:18:07 <npdoty> npdoty: discussed the misleading/phishing issue previously, but this typically won't be used in interactive UIs, and phishing would be much less of a concern with retrospective review of a list of exceptions, for example
17:18:20 <justin> ack adr
17:18:22 <npdoty> moneill2: would you need some way to explain to the user what the site/operator actually is?
17:18:46 <npdoty> adrianba: figure out the right balance between utility of having a string that can be recorded in the exceptions database for future auditing
17:19:03 <npdoty> ... against the risk of a misleading string that could cause confusion to the user and the possible effects
17:19:29 <npdoty> ... could add informative guidance that calls out the potential risk, not present the text to the user in a way that could lead to that confusion
17:19:30 <npdoty> +1
17:19:35 <dsinger> sure, don’t present the text as definitive but “the site claims that…”
17:20:06 <sidstamm> we've seen attacks in the browser's download pop-ups... some bad guys name files things like "INSTALL THIS ANTIVIRUS OR YOU WILL LOSE YOUR MONEY.exe"
17:20:13 <npdoty> npd: dsinger, or don't present the text for interactive decision-making, but only informative after-the-fact?
17:20:28 <npdoty> justin: timing?
17:20:46 <npdoty> fielding: some activity in HTTP, but still expect another batch ready by next week
17:21:03 <npdoty> justin: thank you all, especially to roy and david. keep pushing through these and have a similar call next week
17:21:08 <Zakim> -rvaneijk
17:21:09 <Zakim> -adrianba
17:21:10 <Zakim> -ChrisPedigoOPA
17:21:11 <Zakim> -hefferjr
17:21:16 <Zakim> -RichardWeaver
17:21:18 <Zakim> -vincent
17:21:19 <Zakim> -moneill2
17:21:24 <Zakim> -Jack_Hobaugh
17:21:25 <npdoty> ... will send out an email about TCS issues
17:21:30 <Zakim> -[FTC]
17:21:37 <npdoty> ... thanks for staying a little late
17:21:37 <Zakim> -justin
17:21:40 <Zakim> -kulick
17:21:43 <Zakim> -Fielding
17:21:46 <Zakim> -Carl_Cargill
17:21:49 <Zakim> -[Apple]
17:21:53 <Zakim> -Jeff
17:21:56 <Zakim> -npdoty
17:21:58 <npdoty> Zakim, list attendees
17:21:58 <Zakim> As of this point the attendees have been Fielding, +1.408.260.aaaa, sidstamm, Jack_Hobaugh, npdoty, RichardWeaver, [FTC], walter, rvaneijk, hefferjr, Carl_Cargill, Jeff, WileyS,
17:22:02 <Zakim> ... dsinger, ChrisPedigoOPA, justin, +1.917.934.aabb, vinay, kulick, vincent, adrianba, moneill2
17:22:08 <npdoty> rrsagent, please draft the minutes
17:22:08 <RRSAgent> I have made the request to generate http://www.w3.org/2014/09/03-dnt-minutes.html npdoty
17:22:34 <npdoty> rrsagent, bye
17:22:34 <RRSAgent> I see no action items