IRC log of dnt on 2014-10-22

Timestamps are in UTC.

15:57:07 [RRSAgent]
RRSAgent has joined #dnt
15:57:07 [RRSAgent]
logging to
15:57:09 [trackbot]
RRSAgent, make logs world
15:57:09 [Zakim]
Zakim has joined #dnt
15:57:11 [trackbot]
Zakim, this will be TRACK
15:57:12 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
15:57:12 [trackbot]
Date: 22 October 2014
15:57:13 [Zakim]
ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 3 minutes
15:57:23 [npdoty]
npdoty has changed the topic to: 22 October:
15:57:31 [npdoty]
regrets+ wileys, dsinger
15:57:34 [Zakim]
T&S_Track(dnt)12:00PM has now started
15:57:42 [Zakim]
15:59:22 [Zakim]
15:59:43 [Zakim]
15:59:58 [Zakim]
16:00:13 [Zakim]
+ +31.65.275.aaaa
16:00:20 [Zakim]
16:00:31 [schunter]
schunter has joined #dnt
16:00:32 [walter]
Zakim, IPcaller is me
16:00:32 [Zakim]
+walter; got it
16:01:06 [kulick]
kulick has joined #dnt
16:01:19 [justin]
justin has joined #dnt
16:01:29 [justin]
zakim, who is on the phone?
16:01:29 [Zakim]
On the phone I see Fielding, npdoty, hefferjr, Wendy, +31.65.275.aaaa, walter
16:01:30 [ChrisPedigoDCN]
ChrisPedigoDCN has joined #dnt
16:01:35 [Zakim]
16:02:01 [npdoty]
Zakim, aaaa is rvaneijk
16:02:01 [Zakim]
+rvaneijk; got it
16:02:03 [Zakim]
16:02:11 [Zakim]
16:02:31 [Zakim]
16:02:40 [moneill2]
moneill2 has joined #dnt
16:02:46 [WileyS]
WileyS has joined #DNT
16:02:50 [vincent]
vincent has joined #dnt
16:03:02 [eberkower]
eberkower has joined #dnt
16:03:04 [fielding]
I didn't make any progress this week, sadly
16:03:25 [Zakim]
16:03:26 [npdoty]
scribenick: kulick
16:03:36 [moneill2]
zakim, [IPCaller] is me
16:03:36 [Zakim]
+moneill2; got it
16:03:48 [kulick]
justin: next week TPAC for W3C meeting, so no call next week
16:03:59 [Zakim]
16:04:02 [kulick]
2 TPE issues
16:04:06 [justin]
16:04:06 [trackbot]
issue-262 -- guidance regarding server responses and timing -- pending review
16:04:06 [trackbot]
16:04:08 [kulick]
issue 262
16:04:14 [eberkower]
Zakim, mute me please
16:04:14 [Zakim]
eberkower should now be muted
16:04:46 [kulick]
... we talked about DNT signal when passing on outside of browser/client
16:04:51 [Zakim]
16:05:03 [kulick]
... nick sent something last night
16:05:21 [Zakim]
16:05:26 [justin]
Nick's proposal:
16:05:27 [kulick]
npdoty: you might be talking to alot of servers and not know in advacnce
16:05:43 [WileyS]
16:05:47 [kulick]
... we already have a signal... we might be able to use
16:06:06 [kulick]
... tk headers might not be good for 24 hrs
16:06:23 [kulick]
... very small change to cache response headers
16:06:31 [npdoty]
regrets- wileys
16:06:37 [kulick]
... we can respond to commeter about using ?
16:06:37 [justin]
ack wiley
16:06:52 [kulick]
shane: 2nd part of nick
16:07:24 [kulick]
... 's email covered whther bid recp can use and Nick felt couldnt be use
16:08:14 [kulick]
... (paraphrasing) nick brought up race condition, shane feels it is edge case
16:08:30 [npdoty]
wileys is referring to a separate email, my response about recent knowledge:
16:08:32 [vincent]
16:08:34 [fielding]
agree with Nick's summary; basically, we just need to say that the Tk response's TSV applies to the current request and the resource-specific tracking status resource would have to be specific to the winning bidder
16:09:05 [kulick]
... we can solve vast majority and could find acceptable solution to very high edge case
16:09:59 [moneill2]
16:10:08 [WileyS]
Changing their DNT setting wouldn't change the UGE
16:10:18 [WaltMichel]
WaltMichel has joined #DNT
16:10:36 [kulick]
npdoty: some cases where svr has more accurate info where exception... there are also cases where users change DNT settings... not sure which are more likely... i was trying to get across that users would lose confdence if they kept getting signals back related to the signal
16:10:38 [WileyS]
Nick, are you saying their is a "special mode" that invalidates all previously provided UGEs?
16:10:39 [walter]
WileyS: do you foresee usage of UGE in a DNT:0 situation?
16:10:47 [justin]
ack vincent
16:10:47 [walter]
ah, ok, I get your point
16:11:00 [WileyS]
Walter, no need for a UGE in a DNT:0 situation.
16:11:06 [kulick]
vincent: unclear to meif these are data processors or service provider
16:11:33 [npdoty]
WileyS, I could imagine a UA that gave me a setting for a private browsing mode, where it would always send DNT:1, even while DNT:0 is configured for some servers
16:11:45 [npdoty]
I personally would use that mode when researching medical issues, for example
16:11:55 [kulick]
... not clear how it is going to work
16:12:05 [kulick]
justin: huh?
16:12:19 [WileyS]
Nick, UGE trumps DNT:1 - even in a "private mode"
16:12:33 [kulick]
vincent: bidders might not prov response at same time... are they SPs?
16:12:42 [WileyS]
Nick, we've not created a DNT signal that trumps all previous UGEs
16:12:51 [kulick]
justin: ad network is not a data processr, but a SP
16:13:03 [justin]
ack mo
16:13:05 [vincent]
no they are not even SP
16:13:18 [vincent]
and I don't hink justin said that either
16:13:29 [justin]
vincent, right I don't think they are service providers.
16:13:30 [npdoty]
Wileys, an advantage of storing DNT:0 in the user agent is that the user can control them, and decide not to keep the exception at all times
16:13:32 [walter]
kulick: ad network _is_ a data processor
16:13:35 [kulick]
mike: the ad exchg to respond would have to have a memory of the user
16:13:50 [walter]
kulick: but I would agree that they are attributable to the 1st party
16:13:58 [WileyS]
Nick, we're storing the UGE with the UA - that's the point.
16:13:59 [kulick]
(sorry botu that... thx walter)
16:14:30 [kulick]
justin: what are implications of that?
16:14:39 [walter]
but it proves the problem of the 1st/3rd party distinction
16:14:43 [kulick]
mike: i dont think shane's is an answer
16:14:45 [npdoty]
q+ to respond about service provider
16:14:55 [kulick]
... wrt dynamic response... how does it calc it?
16:14:58 [justin]
ack npd
16:14:58 [Zakim]
npdoty, you wanted to respond about service provider
16:15:06 [kulick]
npdoty: maybe they are the same
16:15:26 [WileyS]
An "Ad Exchange" then communicates to "Ad Networks" - just so we're all clear
16:15:32 [kulick]
... the end user is copmm with ad server... servers are comm'ing with other servers
16:15:58 [vincent]
but they are still sharing the data with several entites
16:16:01 [kulick]
.... whoever wins bid needs to send response value
16:16:06 [WileyS]
In many transactions the bid winner never communicates with the UA
16:16:27 [WileyS]
The Ad Exchange simply serves the ad if they're holding the creative
16:16:39 [kulick]
justin: bid losers wouldnt be able to signal anything?
16:16:44 [kulick]
npdoty: yep
16:17:02 [kulick]
mike: (scribe fail)
16:17:03 [WileyS]
The ad network has the user's identity through cookie mapping
16:17:17 [npdoty]
yeah, the contents of the request are forwarded along, as I understand it
16:17:24 [npdoty]
... which would include cookies and URL parameters
16:17:31 [walter]
which is problematic indeed
16:17:34 [kulick]
justin: clear division of value4s trying to be addressed, likely to go CfO
16:17:42 [justin]
16:17:44 [kulick]
... want to give another week to find compriomise
16:17:53 [WileyS]
My concern is that everyone doesn't appear to be very clear on how an Ad Exchange works.
16:18:08 [kulick]
... folks invited to respond to proposals
16:18:13 [kulick]
16:18:16 [kulick]
16:18:23 [vincent]
will the cfo be on the tehcnical solution or the fact that ad-exhcange can propagate teh signal when they receive DNT:1?
16:18:24 [walter]
WileyS: I'm very willing to be educated on that topic, and so are others I presume
16:18:44 [kulick]
rvaneijk: anyway to differientiate targeted v. non targeted ad?
16:18:48 [npdoty]
q+ on what our options are
16:19:02 [WileyS]
The Ad Exchange doesn't know - and there isn't a signal to pass that information on to the Ad Exchange by the bid winner today (something we're working on in the AdChoices Metadata working group)
16:19:07 [kulick]
justin: (scribe fail)
16:19:31 [npdoty]
justin: tracking is not identical to whether a particular ad is targeted
16:19:52 [WileyS]
All Ad Exchanges all support all forms of ad serving
16:19:54 [kulick]
rvaneijk: if one sets DNT, they dont want targeting, therefore, trying to understand at protocol level if distinction can be made
16:20:09 [moneill2]
16:20:11 [justin]
ack npd
16:20:11 [Zakim]
npdoty, you wanted to comment on what our options are
16:20:17 [WileyS]
contextual, retargeting, profiling, demo, etc.
16:20:57 [kulick]
npdoty: wrt to auctions... i want to understand the caching of tk headers
16:21:17 [vincent]
16:21:22 [kulick]
npdoty: are all options represented currently?
16:21:42 [justin]
ack mon
16:21:48 [fielding]
16:22:03 [kulick]
mike: if ad ex doesnt pass uniq id for that user
16:22:14 [kulick]
... that would be fine wrt DNT
16:22:18 [kulick]
... the key is
16:22:33 [kulick]
... is the ad exch allow to pass downstream uniq user id
16:22:42 [WileyS]
It needs to pass an ID to support even basic ad serving (zero targeting0
16:22:51 [WileyS]
16:22:55 [kulick]
justin: if no uniq, does fall under tracking
16:23:05 [kulick]
... (scribe fail)
16:23:18 [justin]
ack vincent
16:23:20 [Carl]
Carl has joined #dnt
16:23:22 [WileyS]
Ad networks need to retain some information even for basic billing and security purposes
16:23:46 [npdoty]
right, in theory, you could pass only the URL, stripped of any identifiers/cookies/etc, to other servers and certainly not be tracking
16:24:03 [kulick]
vincent: 3rd proposal, if ad exch gets DNT:1
16:24:05 [kulick]
16:24:07 [vincent]
16:24:09 [npdoty]
WileyS, but for the exchange model, is the ad exchange retaining data for more than just the purposes of the fulfilling ad or ad network
16:24:25 [justin]
ack fielding
16:24:44 [kulick]
roy: note: our conv last week was related to response had to be valid for 24 hrs
16:25:03 [kulick]
... tk_respnse header field would be for current response only
16:25:03 [WileyS]
Nick, no - there are strict contractual controls which only allow the bid winner to retain data for the purpose of processing.
16:25:10 [kulick]
roy, is that accurate?
16:25:17 [WileyS]
Will do
16:25:36 [kulick]
justin: Shane, please provide your objections to Nick's proposal... please write it up for digestion for folks
16:25:40 [justin]
16:25:47 [npdoty]
WileyS, great. so I think we are good with the service provider definition as is.
16:25:54 [WileyS]
16:26:02 [kulick]
rvaneijk: Shane, can I re-input it for later this week?
16:26:03 [justin]
16:26:17 [kulick]
justin: anyone else on this issue?
16:26:18 [fielding]
close enough … Nick and I talked about the 24-hour issue last week after the call and decided that making the Tk header field indicate only for the current request would be sufficient for Shane's use case
16:26:44 [kulick]
... roy, please iterate on nick's proposal, shane please send your obj
16:26:57 [kulick]
... hard issue, we have more work to do on this one
16:27:10 [kulick]
... close on most of remaining issues
16:27:19 [justin]
16:27:19 [trackbot]
issue-266 -- automatic expiration of a tracking preference exception via API parameter -- raised
16:27:19 [trackbot]
16:27:24 [kulick]
... some discussion about issue 266
16:27:56 [kulick]
... any objections to mike's suggestion to add parameters in?
16:28:08 [WileyS]
As long as they aren't mandatory. They won't ever be used (not voluntarily)
16:28:20 [kulick]
... any objs if params arent used if they go away
16:28:27 [npdoty]
WileyS, I think the suggestion is that it would be an optional parameter.
16:28:36 [kulick]
... pls dscribe nick
16:28:37 [WileyS]
"At risk" means that if no one implements the feature then it will be removed from the standard
16:29:08 [kulick]
npdoty: when going to call for implementation... if no one imps feature and we called feature at-risk, then we would remove
16:29:21 [kulick]
... this would happen before proposed recommendation
16:29:56 [kulick]
mike: want to hear from browser companies
16:30:03 [npdoty]
+1, getting feedback from browsers would be useful. as would feedback from sites that would want to use it
16:30:04 [fielding]
I think the current plan is to add some expiration or max-use (delta seconds) values to the UGE interfaces in a way that won't effect the interface signature.
16:30:16 [kulick]
rvaneijk: imp not relevant for us, but that the toolbox retains such a feature
16:30:40 [kulick]
sorry correction
16:30:46 [kulick]
rvaneijk: imp not as relevant for us, but that the toolbox retains such a feature
16:30:56 [kulick]
justin: nick, thoughts on that?
16:31:28 [kulick]
npdoty: main issue is that it slows down procees to convergence
16:32:07 [kulick]
justin: (scribe fail)
16:32:39 [kulick]
... other process might conflict with at-risk status
16:33:14 [kulick]
... torn at at-risk status... maybe I should email for thots
16:33:45 [kulick]
rvaneijk: (bg noise... having trouble deciphering)
16:34:00 [justin]
16:34:05 [npdoty]
if we expect no one will start implementing or try to use for a number of years, and we can't convince any browsers to implement it before then, I'm concerned about including it
16:34:12 [kulick]
thx npdoty
16:34:26 [npdoty]
but if it's likely to see regulatory requirements and be useful, then I hope we can convince implementation (or some alternative) sooner, rather than later
16:34:29 [kulick]
justin: one more new issues that nick found
16:34:29 [justin]
16:34:29 [trackbot]
issue-267 -- registration of DNT/Tk header fields and ./well-known/dnt URI -- raised
16:34:29 [trackbot]
16:34:34 [kulick]
... issue 267
16:35:00 [kulick]
npdoty: it is a last call comment
16:35:04 [schunter]
schunter has joined #dnt
16:35:18 [kulick]
... track header fields and URIs for standards...
16:35:39 [kulick]
need to follow process to share these
16:35:47 [kulick]
justin: when?
16:35:56 [kulick]
roy: whenever we want
16:36:05 [kulick]
... once registered, can't un-reg
16:36:18 [npdoty]
are we planning to change any of these names, though?
16:36:28 [kulick]
justin: roy, can u remind us on your todo list?
16:36:49 [kulick]
roy: with new ones today, i have describe JSON formats
16:37:26 [npdoty]
+1, we don't care :)
16:37:31 [kulick]
... no one in working group cares about these changes
16:37:37 [walter]
16:37:48 [kulick]
justin: anything else on TPE?
16:37:50 [justin]
16:37:51 [kulick]
16:37:52 [justin]
16:37:52 [trackbot]
issue-24 -- Possible exemption for fraud detection and defense -- pending review
16:37:52 [trackbot]
16:38:01 [kulick]
.... now issue 24
16:38:45 [kulick]
... shane obj to graduated resp... he and david worked on some new lang.... nick was going to propose a merger of some lang he had objs to
16:38:56 [kulick]
npdoty: I have submited propose yet
16:39:10 [kulick]
justin: on isse 235 on auditability
16:39:13 [npdoty]
Topic: Compliance issues
16:39:14 [npdoty]
action: doty to propose merger of security language
16:39:14 [trackbot]
Created ACTION-462 - Propose merger of security language [on Nick Doty - due 2014-10-29].
16:39:32 [kulick]
... shane and amy mentioned not sure what it meant
16:39:35 [walter]
Yes, I will do so
16:39:42 [kulick]
... asked walter to craft guidance lang
16:39:50 [justin]
ack walter
16:39:51 [kulick]
... want to share walter?
16:40:36 [kulick]
walter: i'll provide write up with general principles and current thinking
16:40:40 [kulick]
justin: okay
16:40:55 [kulick]
walter: more focused on gen principles and not prescriptive
16:41:24 [justin]
16:41:29 [npdoty]
walter, were you looking for non-normative examples? or normative requirements?
16:41:31 [kulick]
justin: good, but some specificity might be helpful to get meeting of the minds
16:41:42 [justin]
16:41:42 [trackbot]
issue-148 -- What does DNT:0 mean? -- pending review
16:41:42 [trackbot]
16:41:45 [kulick]
... two more issues
16:41:50 [kulick]
... iusssue 148
16:41:59 [kulick]
... def of DNT:0
16:42:06 [walter]
npdoty: I want to encapsulate some general EPD auditing principles or refer to them, but that takes some looking into global standards in that field
16:42:10 [npdoty]
" When a user sends a DNT:0 signal, the user is expressing a preference to allow tracking. This recommendation places no restrictions on collection or use of data from network interactions with DNT:0 signals. Note, however, that a party might be limited by its own statements to the user regarding the DNT:0 setting. "
16:42:17 [kulick]
... nick sent some lang on this to the group... nick, care to describe?
16:42:19 [walter]
npdoty: luckily I have some EDP auditors around at my day job
16:42:45 [fielding]
16:42:56 [kulick]
npdoty: please provide feedback.... took away personalization, just speaks to tracking and some statements related to UGEs
16:43:08 [kulick]
... I would appreciate review
16:43:33 [moneill2]
npdoty, that text ok with me
16:43:39 [walter]
Yes, I would support such language
16:43:40 [kulick]
justin: consent you give is limited by the offer presented
16:44:01 [kulick]
... pending review... raise concerns people
16:44:02 [npdoty]
16:44:06 [kulick]
... final issue 203
16:44:09 [justin]
16:44:09 [trackbot]
issue-203 -- Use of "tracking" in third-party compliance -- open
16:44:09 [trackbot]
16:44:14 [kulick]
... how to use tracking in the document
16:44:35 [kulick]
... stuck on ths for a while... roy proposed a considerable re-writting...
16:45:07 [npdoty]
16:45:30 [kulick]
... not sure how to resolve... nick and roy are generally agreemd on what we want to accomplish... not agreeing on implementation of lang
16:45:36 [justin]
16:45:39 [kulick]
... personally, I don't care
16:45:45 [moneill2]
16:45:51 [justin]
ack mo
16:45:54 [kulick]
... anyone within the group have strong feelings on this one?
16:46:16 [WileyS]
There are no restrictions on user IDs...?
16:46:25 [kulick]
mike: user ids, i prefer david's proposal b/c it retains user id restrictions, Roy's doesnt have this, right?
16:46:38 [kulick]
justin: i am confused by your statement
16:46:48 [kulick]
... both relate to tracking data
16:46:58 [kulick]
... both would include uniq ids
16:47:11 [justin]
16:47:11 [kulick]
... not seeing the delta you are referencing
16:47:26 [kulick]
roy: (scribe fail)
16:47:45 [kulick]
mike: check out david's section (normative bit)
16:48:17 [npdoty]
I don't think there's a difference, except for where that paragraph is located
16:48:38 [kulick]
... my POV is the approach of having some personal data b/c has id and is going acrtoss contexts is a problem
16:48:50 [fielding]
"Outside the permitted uses and explicitly-granted exceptions listed below, a third party to a given user action MUST NOT collect, share, or associate with related network interactions any identifiers that identify a specific user, user agent, or device. For example, a third party that does not require unique user identifiers for one of the permitted uses MUST NOT place a unique identifier in cookies or other browser-based local storage mechanisms."
16:48:53 [kulick]
justin: data min lang is agreed upon and close issue
16:49:14 [kulick]
... (paraphrase) we've covered this in data min
16:49:14 [WileyS]
None are reasonably available so that solves that issue...
16:49:24 [kulick]
... roy are you proposing to elim that lang
16:49:27 [kulick]
roy: yes
16:49:45 [kulick]
justin: this is a long standing core issue...
16:49:58 [npdoty]
that language ^ above is present in both proposals, though in different sections
16:50:12 [kulick]
... this is resolved previously
16:50:53 [kulick]
mike: (scribe fail)
16:51:21 [kulick]
roy: i was thinking do not add thinks that you do not need
16:51:30 [kulick]
justin: do redundant?
16:51:41 [kulick]
justin: so redundant?
16:51:42 [WileyS]
Have to drop a bit early - apologies (heading to the airport and its raining so may take longer that I hope)
16:51:43 [kulick]
roy: yes
16:52:00 [Zakim]
16:52:09 [kulick]
justin: conceptually, you dont see a diff between yours and david's?
16:52:18 [kulick]
roy: no, there is a diff
16:52:42 [kulick]
... not in david's b/c his scope is less
16:54:03 [kulick]
... diff example: (paraphrase) can collect a cookie and not retain, therefore is not breaking DNT
16:56:04 [kulick]
... accepting cookies (which could be an id) isn't necessarily mean there is tracking, but way it is wrtiten, this doesnt match
16:56:48 [kulick]
(scirbe is waiting for conclusion to paraphase etire conv)
16:56:52 [npdoty]
16:57:18 [justin]
ack npd
16:57:22 [kulick]
justin: I dont see diff, just need to convey clearly
16:57:50 [kulick]
npdoty: i dont see a big difference
16:58:01 [npdoty]
16:58:01 [kulick]
... there is something else in gen req section
16:58:22 [kulick]
npdoty: see
16:58:53 [kulick]
justin: do you see a delta between yours and david/nick's?
16:59:10 [kulick]
roy: most of mine is editorial...
17:00:02 [kulick]
... my prim concern is the TPE has reqs around tracking dta and TCS has reqs around 1st and 3rd and imps dont know (for the most part) when they are 1st vs. 3rd party
17:00:23 [kulick]
... if re-phrased as what I claim to be instead of what I am, that takes care of editorial disctintion
17:00:30 [kulick]
... rest is readability really
17:00:53 [kulick]
... making permitted uses applicable to all parties, with one exception (scribe missed bvery end)
17:01:04 [kulick]
justin: distinction appears to be meaningful
17:01:13 [kulick]
... nick are you okay moving to that model?
17:01:28 [kulick]
... do you agree with Roy's concern?
17:01:46 [kulick]
npdoty: useful to know it is mostly editorial
17:01:47 [Zakim]
17:01:57 [kulick]
... i am for consistency
17:02:34 [kulick]
... i thot we already agreed on lang about i thot I was a 1st party... i dont see mneed to re-write, but if just editorial and we need to have clarity, then I have something to do
17:02:58 [kulick]
justin: i think is editorial, but want to hear from others and will harrass you on email to answer
17:03:21 [kulick]
rvaneijk: question about audeince3 measure -- whatis the status
17:03:29 [Zakim]
17:03:31 [Zakim]
17:03:32 [Zakim]
17:03:33 [Zakim]
17:03:34 [Zakim]
17:03:34 [Zakim]
17:03:35 [kulick]
justion: working on it and will have something in 2 weeks (next call)
17:03:36 [Zakim]
17:03:37 [Zakim]
17:03:41 [kulick]
... bye great folks
17:03:46 [Zakim]
17:03:48 [Zakim]
17:03:49 [Zakim]
17:03:51 [Zakim]
17:03:51 [Zakim]
T&S_Track(dnt)12:00PM has ended
17:03:51 [Zakim]
Attendees were Fielding, npdoty, hefferjr, Wendy, +31.65.275.aaaa, walter, Carl_Cargill, rvaneijk, kulick, Chris_Pedigo, justin, moneill2, eberkower, WileyS, vincent
17:04:26 [npdoty]
trackbot, end meeting
17:04:26 [trackbot]
Zakim, list attendees
17:04:26 [Zakim]
sorry, trackbot, I don't know what conference this is
17:04:34 [trackbot]
RRSAgent, please draft minutes
17:04:34 [RRSAgent]
I have made the request to generate trackbot
17:04:35 [trackbot]
RRSAgent, bye
17:04:35 [RRSAgent]
I see 1 open action item saved in :
17:04:35 [RRSAgent]
ACTION: doty to propose merger of security language [1]
17:04:35 [RRSAgent]
recorded in