See also: IRC log
<trackbot> Date: 29 October 2014
<bhill2> scribenick: bhill2
DanA: other areas of privacy that need focus
... I worked on the data minimization draft on the TAG
... APIs should only expose required information to applications using them
... e.g. geolocation only to the accuracy required (city vs. square meter)
... earlier this year hosted STRINT workshop joint w/ IETF + W3C about protecting web against pervasive monitoring
... that's about bad government or other network actors
... ignores whole other angle which is commercial privacy in context of tracking networks, how users use the web
... this is a complex beast
... in tag we are thinking about private browsing modes, have become a feature of all major browsers but work differently
... not good user understanding of when what they do is private and when they should seek additional privacy
... for what kinds of web usage they should think about privacy
... e.g. researching medial information, political topics, - might want to use private browsing or TOR
... also need to understand what privacy they are giving up when they use the web in general and what the transaction is
... search for a washing machine, they will follow you around the web for a week
... working on both education and outreach and what we can socialize with the browser community
<scribe> scribenick: npdoty
http://www.w3.org/Privacy/ <- Privacy Interest Group (PING) home page
runnegar: talk about the Privacy Interest Group and what we are doing
... develop guidance for web spec authors
... 1) what are the known privacy vulnerabilities and risks associated with web standards?
... 2) what privacy design principles make sense for the Web?
... 3) how do we make sure privacy concerns are raised early?
... 4) how should privacy reviews be conducted?
... 5) how should conflicts between privacy and functionality be resolved?
... what's the problem space / threat model?
... and process: how do we do this in the W3C community?
tara: maybe you've done reviews, or solicited reviews, or would like to get privacy reviews
... how do you think we could be of benefit to that community?
... suggestions welcome both now and later
katiehs: Process document is being re-written. should immediately have a privacy/security section, someone to contact to get that conversation started
<scribe> scribenick: bhill2
DanA: one other thing - STRINT workshop was a call for additional encryption
... more TLS is part of mitigation strategy
... also about other features including HTTP/2, only implementing in secure mode
Christine and Tara
Christine Runegar
christine: there are two sessions combined here
... first - talk about PING and what we are doing
... develop guidance for web spec authors on privacy
... run through questions for discussions
... 1st question: What are the known privacy vulnerabilities and risks associated with web standards?
... 2nd: what are the relevant privacy questions for the web?
... how do we make sure privacy concerns are raised early?
... how should privacy reviews be conducted?
... how will conflicts between privacy and functionality be resolved?
... What is the threat model, what can we do about it at the spec layer, what is the process in W3C community?
Tara Whalen
scribe: how do you feel a group like PING could be of benefit?
Katie: process document is being rewritten, some mention in template of a security/privacy section
christine: documents we are working on: one is guidance on fingerprinting
<npdoty> privacy considerations section should be in the boilerplate?
christine: second is general privacy guidance for web standards
... third is guidance for how to conduct a privacy review
<npdoty> I think it's a cool idea, torgo
<npdoty> Specification Privacy Assessment
<npdoty> http://yrlesru.github.io/SPA/
<npdoty> TAG, Privacy Interest Group and Web Security Interest Group might all be doing similar types of reviews
<rigo> Dan, note that STRINT also callled for data minimization
<wseltzer> [some extra handles: affordances, defaults]
<npdoty> mnot: +1 wseltzer
<npdoty> mnot: privacy, more than many things, is complex and subtle
<npdoty> ... we need a mental model for users
<npdoty> ... communicate a complex thing to them in as a simple way as possible
<npdoty> katie: we have an opportunity to create an international standard, as opposed to country-by-country regulation
<npdoty> ... would make everyone's life easier on the Web
christine: building those capabilities into specs is important. don't let specs decide for users that a given level of privacy is not important
MarkNottingham: Wendy said it well, thank you. Privacy is subtle and complex, need a mental model for users to understand.
... be as simple but truthful as possible
Hadley: UX or education?
Mark: Both
Katie: being an intl stds org, we do have oppty, if ambitious to create an international standard
... everyone had different rules and authorities, if there was a standard that makes sense
... would make everyone's life on the web easier and better
... world has a standard in accessiblity space that we have given them
... that's the win we have there, much broader interest
... seems to me companies are interested
hadley: yes, much easier to make policy on something new
FredrickHirsch: get worried when we say we need to educate users
... indicates a design or usability problem, can't boil the ocean
Rigo: hint to Adrian Bateman : workshop on policy and user controls
... have to be more intelligent on what we ask the user
<npdoty> ... the world has an Accessibility standard because of our work, that gets modified only slightly in different countries
<npdoty> ... a big win
<npdoty> hadley: easier to make policy based on existing practices rather than entirely new
<npdoty> fjh: I'm concerned about educating users, seems like a sign of a usability problem
Rigo: deadline for position papers for this workshop is friday
NickDoty: push back on concept of balance
<npdoty> rigo: Workshop on User-Centric Controls is intended to address user interface
<npdoty> ... there is research present on user understanding and user experience
<npdoty> https://www.w3.org/2014/privacyws/
NickDoty: can be tempting to think we have to give up functionality to get privacy
... in much larger number of cases you don't. data minimization is good engineering practice for interop, future proofing, extensibility, performancenot just privacy
... don't need to have privacy duke it out with other things
dan: I meant, e.g. if you turn on private browsing mode then you won't be able to have WebGL or XYZ technology
... we already do have a push pull here
... that's part of user education piece
... when I explain to non-technical people about private browsing mode, they ask why its not always on?
... functionality gets taken away when you turn that on
ddorwin: private browsing mode is about tracks on client, not server, many do not understand that
fjh: users are saying what they want - not another mode, just things to be private by default
AdrianBateman: people want magic
... nobody wants to make the investment in learning but the world is a complex place
... shouldn't write off ability to educate people
... is possible for people to learn but we need to think about how to simplify
... how much of this should we be working on together, while also allowing different groups to compete on privacy
... a more competitive landscape might drive innovation and incentivize improvements
hadley: we could also have governments impose this on technology being built
Bart_van_Leeuwen: fingerprinting: isn't a problem that we are behavioral animals with routines
... hard to be completely private
christine: not a magic bullet, but about fingerprinting, in an ideal world I could have the default vanilla browser fingerprint
... lots of issues but its an idea
... also hear "its too late" but nick has some ideas on how you could improve the situation
... put aside user education, there are things the w3c community could do to improve user privacy when they use the web that they don't need to fully understand
... data minimization is a classic example
katie: or tokenizing it
steven: one word: whisper
... how would that have undone what whisper was doing? selling itself as anonymous and then tracking users
christine: guardian was able to discover it and then there is possibility of enforcement
steven: not sure how we can help when companies break their promises
hadley: certification?
steven: don't know, just panicing
wseltzer: some things w3c cannot address, some we have tools at hand
... tools for spec authors
... guidance to implementers on privacy considerations
... web platform docs can give guidance to developers
... can create background for regulators
... e.g. to step in in cases of clear violation and abuse vs implementing a spec as written with no privacy guidance
AxelPolleres: maybe we should not hope to avoid tracking but we should invest in making it possible to track being tracked
... transparency, accountability are important
dan: mozilla tool?
room: "Collusion" was the name of the tool
<Steven> Here are the slides from this morning's credentials for the web session - http://opencreds.org/presentations/2014/tpac-credentials/index.html#slide1
katie: even though it is an awesome idea, someone in security will work around
fjh: important to ask the right questions
... Hal Abelson and DJW at MIT have done work.. on this, accountability, consequences
<wseltzer> bhill2: If we make privacy/security investmets that are trivial to work around, we haven't accomplished much
<wseltzer> ... make sure our investments are meaningful
bhill: we should invest in things that we can accomplish and make a difference
<wseltzer> ... rather than putting limited engergy of community into reducing the temperature of lava from 1m degrees by 10
npdoty: fingerprinting, lots of research on detecting heuristics, we have a choice about what we put into http headers
... vs putting things into javascript where it is easier to detect fingerprinting
... just by being observable we can make progress
hadley: we can easily be obsessive and build isolated boxes but that is not what users need and want
... if it's not usable, users will go elsewhere where there are no protections
dan: if you ask users of nytimes about facebook integration, they might say yes... but you need tracking to have that
katie: we want to provide tools for devs, orgs and governments to make this happen, not be the police
hadley: for the record not the only member of UK government here
Charles_Engelke: wouldn't we need to go beyond the user agent to transports, etc. eg. ISP interference like Verizion
... has been found to do
<wseltzer> [use Tor]
mnot: ISPs can do this even over HTTPS at TCP layer, etc
hadley: one purpose of govt is to protect people with little power from those with lots of power
... e.g. with cookies, sites can be forced to interrupt users to inform them of use of cookies
... govt could protect individuals from intermediaries
Joerg_Heuer: Deutsche Telecom has been doing lots of work and is privacy aware
... one thing that frightens us is not knowing if what we do is legal or not or will become illegal after we have built it
... need tools to give services and users a way to communicate in a way which is almost guaranteed to be OK
... rather than ex-post-facto discovering they are breaking the law
... idea of a security tool that holds your identities, with a profile implementation bound to virtual cards
... always convey my profile information with customer card and service could decide to never store it
... so I could decentralize services, have data portability
... would be one tool, if acceptable, that would relieve companies of burden of holding profile data, data breaches, illegal processes
... we can't avoid IP addresses, tracks from user agent
katie: the reason to start with principles is that's what all the laws are built off
... so when you come up with something they can map to what you decide to do
... want to add specific relevance to web content and environment, but legally speaking getting principles right is important
christine: remind everyone that Frederick and DAP did some trailblazing in this area for developing guidance in their space
... we want to level that out to all w3c standards as much as possible and perhaps add new things
... come to PINGs meeting on friday where we will work through these various design principles
<fjh> Is "lightbeam" the Firefox extension Dan was thinking of? Builds graph of 3rd party connections from browsing
hadley: we are not only people who set standards for web, we are influential standards body among our peer orgs
dan: can we learn from history, web has become universal platform for banking and commerce, https got us here
... design principle for https is getting people to spend money on the web according to PHB
... now people are comfortable but also feel there is some level of security associated
... certain websites people visit, e.g. when NHS put Facebook like buttons on their site, lots of outrage
... didn't want facebook to know what they were viewing there
... what can we learn from work web sites need to do, certification, regulation
... this kind of website needs to implement these kinds of principles
hadley: useful on two levels - tangibly learn from the past, also really useful to use metaphors and previous stories to talk about things otherwise feel new and scary
... explain to developers, policy makers, make it sound understandable and easier
fjh: wasn't just ssl that helped ecommerce, also regulation limiting liability
... $50 limit to liability in US
<wseltzer> wseltzer: huge thanks to bhill for scribing, even through network outages!