IRC log of dnt on 2014-12-10

Timestamps are in UTC.

16:51:51 [RRSAgent]
RRSAgent has joined #dnt
16:51:51 [RRSAgent]
logging to
16:51:53 [trackbot]
RRSAgent, make logs world
16:51:55 [trackbot]
Zakim, this will be TRACK
16:51:55 [Zakim]
ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 9 minutes
16:51:56 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
16:51:56 [trackbot]
Date: 10 December 2014
16:52:00 [npdoty]
chair: justin
16:52:05 [npdoty]
regrets+ schunter, cargill
16:53:48 [moneill2]
moneill2 has joined #dnt
16:57:45 [Zakim]
T&S_Track(dnt)12:00PM has now started
16:57:52 [Zakim]
16:58:55 [dsinger]
dsinger has joined #dnt
16:59:12 [WaltMichel]
WaltMichel has joined #DNT
16:59:47 [Zakim]
16:59:54 [dsinger]
zakim, [apple] has dsinger
16:59:54 [Zakim]
+dsinger; got it
17:00:01 [fielding]
fielding has joined #dnt
17:00:21 [Zakim]
17:00:35 [Zakim]
17:00:43 [ChrisPedigoDCN]
ChrisPedigoDCN has joined #dnt
17:00:50 [Zakim]
17:01:19 [Zakim]
17:01:39 [moneill2]
zakim,iIPCaller] is me
17:01:39 [Zakim]
sorry, moneill2, I do not recognize a party named 'iIPCaller]'
17:01:41 [Zakim]
17:01:52 [moneill2]
zakim, [IPCaller] is me
17:01:52 [Zakim]
+moneill2; got it
17:02:19 [justin]
justin has joined #dnt
17:02:29 [npdoty]
Zakim, clear agenda
17:02:30 [Zakim]
agenda cleared
17:02:36 [npdoty]
agenda+ TPE Last Call issues
17:02:39 [npdoty]
agenda+ Compliance
17:02:41 [vincent]
vincent has joined #dnt
17:02:42 [npdoty]
agenda+ AOB
17:02:48 [kulick]
kulick has joined #dnt
17:02:59 [Zakim]
17:03:00 [Zakim]
17:03:50 [Zakim]
17:04:11 [npdoty]
scribenick: moneill2
17:04:31 [npdoty]
Zakim, take up agendum 1
17:04:31 [Zakim]
agendum 1. "TPE Last Call issues" taken up [from npdoty]
17:04:38 [moneill2]
justin: issue 262 roys proposal
17:04:50 [npdoty]
17:04:50 [trackbot]
issue-262 -- guidance regarding server responses and timing -- pending review
17:04:50 [trackbot]
17:04:51 [npdoty]
17:04:52 [WileyS]
WileyS has joined #dnt
17:05:22 [Zakim]
17:05:41 [moneill2]
fielding: tpe provides g response indicating server acting for multiple parties respone get back will be in header field
17:06:29 [moneill2]
fielding: only is tsr, not in header. If all recipients respond with N gateway responds with n
17:06:59 [moneill2]
fielding: contractual agreement that recipients could not receive tracking data
17:07:14 [vincent]
17:07:18 [justin]
ack vincent
17:07:23 [npdoty]
17:07:39 [fielding]
17:07:41 [justin]
q+ vincent
17:07:48 [justin]
ack npd
17:07:53 [moneill2]
justin: cant hear vincent
17:08:10 [Zakim]
17:08:28 [vincent]
trying to dial back, in case my wuestion was about the third paragrpah
17:08:44 [moneill2]
npdoty: thanks to roy, main question do we need extra requirements, must be service provider?
17:08:47 [moneill2]
17:08:55 [Zakim]
17:09:16 [Zakim]
17:09:35 [moneill2]
fielding: question better addressed for shane
17:09:52 [fielding]
17:09:52 [moneill2]
justin: can shane take a look at rules for g
17:10:06 [npdoty]
WileyS, we’re looking at Roy’s language here: and I was unsure whether the service provider concept will work for the common exchange implementations
17:10:15 [justin]
17:10:32 [justin]
ack vincent
17:12:02 [moneill2]
vincent: my suggestion mabe covered by Roys? Will gateway either sends N or T (q to Roy) what about permitted uses, user cannot tell
17:12:37 [moneill2]
justin: is concern about G sending N or T
17:12:44 [npdoty]
I think Roy’s proposal suggests that the gateway sends T if it or its bidders is known to be tracking
17:12:51 [moneill2]
justin: when gateway replies N
17:13:35 [moneill2]
vincent: bidders may reply with C if they think they have consent
17:13:37 [npdoty]
if the winning bidder felt it had out of band consent, then it would send back “C” in the Tk header
17:14:04 [moneill2]
fielding: site might say it tracks in general,
17:14:51 [npdoty]
right, G is a dynamic response (like ?), so it makes sense for cases where it might be N or might be C
17:14:56 [moneill2]
fielding: if gateway has set of requirements that bidders dont track then it reasonable to respond N, otherwise G
17:15:25 [vincent]
not really, it's not dynamic, the gateway send either N or T or G
17:15:38 [moneill2]
fielding: it replies T if it know non selected bidders are tracking
17:16:42 [moneill2]
fielding: needs to be an indication if tracking is going on
17:16:50 [npdoty]
should respond with a dynamic response (G, for example) if the Tk header will provide more information. otherwise, should follow the existing rules for T and N.
17:17:11 [moneill2]
vincent: does gateway send T or G or N
17:17:17 [dsinger]
q+ for a minor question
17:17:26 [WileyS]
fair - bid losers are not able to "retain" user level data but we do allow aggregate/anonymized retention to enhance bidding algorithms so other permitted uses should remain in place regardless - fair?
17:17:40 [eberkower]
eberkower has joined #dnt
17:17:47 [npdoty]
and if the gateway sends G, it must transmit a more informative value in the Tk response header (from the selected party, for example)
17:18:06 [moneill2]
vincent: why not say only G response (others confuse users)
17:18:45 [justin]
17:18:57 [justin]
ack mo
17:19:01 [npdoty]
scribenick: npdoty
17:19:08 [npdoty]
moneill2: 3 things
17:19:13 [Zakim]
17:19:25 [eberkower]
Zakim, mute me please
17:19:25 [Zakim]
eberkower should now be muted
17:19:27 [justin]
WileyS, if it's really deidentified, the data is out of scope
17:19:47 [npdoty]
… on service provider, the gateway is saying it’s a service provider of the bidders. it needs kind of reciprocal agreement about not keeping data in some cases. so not exactly the same as service providers we’ve discussed before.
17:19:53 [justin]
WileyS, TPE is clear about that.
17:20:00 [WileyS]
Justin - I agree but if its not deidentified but only used for analytical purposes it should still be protected by a permitted use as well, correct?
17:20:09 [vincent]
WileyS, it's not teh same when only one party receive the information and you know which one it is and when mulitple parties receive the request and you're not aware of it. Users should be able to see difference
17:20:28 [npdoty]
… if the general preference is DNT:1, then you can’t utilize consent. [@@scribe may have missed@@]
17:21:00 [amyc]
amyc has joined #dnt
17:21:01 [WileyS]
Vincent - as long as there is no tracking occurring I'm not seeing the issue
17:21:03 [npdoty]
… a whole range of bidders that may or may not be collecting data, need a way for the gateway to report that, because otherwise the user/agent won’t know who they are
17:21:10 [justin]
WileyS, well, there's no "analytical purposes" permitted use, even in TCS :) But none at all for TPE, if you're retaining data at all, you need to say "T" and can provide information in WKR around what you use tracking data for.
17:21:44 [Zakim]
17:21:49 [npdoty]
… Nick, you changed a reference from “first party” to “that party”, which is actually quite a significant difference
17:21:53 [fielding]
remember that tracking data is about a particular user across multiple sites
17:21:55 [WileyS]
Justin - okay, as long as data in aggregated/de-identified we're good. I think that should cover us.
17:22:03 [npdoty]
q+ to respond separately to mike’s question
17:22:15 [justin]
ack ds
17:22:15 [Zakim]
dsinger, you wanted to discuss a minor question
17:22:19 [npdoty]
justin: moneill2, good if you can send some of that in email
17:22:27 [moneill2]
17:22:55 [npdoty]
dsinger: why not just report any single tracking status response, not just N? could work for T as well, say
17:22:56 [WileyS]
I don't believe any of the exchanges will be able to respond in that manner today - will take time - if it ever happens at all.
17:22:59 [npdoty]
justin: +1
17:23:13 [moneill2]
dsinger: missed it
17:23:15 [npdoty]
dsinger: I’m not sure about how the gateway should respond about its own tracking
17:23:35 [fielding]
17:23:37 [npdoty]
… what happens if the gateway has an exception, or the other sites don’t, or vice versa?
17:23:41 [npdoty]
q- later
17:23:41 [moneill2]
dsinger: gateway tracking - missed a load of that my phone died
17:23:42 [vincent]
WileyS, if there are multiple recipients I'd like to know when information about me is collected/used by multiple parties
17:24:02 [WileyS]
The gateway will only tracking for operational purposes: security, financial, and reporting - not profiling
17:24:03 [justin]
ack fieldi
17:24:15 [npdoty]
fielding: the service provider requirement was to handle the gateway tracking issue
17:24:18 [WileyS]
Vincent - doesn't the "G" response tell you that?
17:24:29 [justin]
WileyS, right but that's still tracking for TPE
17:24:31 [npdoty]
… in that case, you can’t do tracking other than just for the recipient that you’re a service provider for
17:24:44 [moneill2]
fielding: service provider requirement ... my phone died again .
17:24:57 [npdoty]
… if the user-granted exceptions apply to the particular request, to the entire exchange
17:25:01 [moneill2]
can anybody else scribe my phone keeps fading out
17:25:05 [WileyS]
Justin - I disagree, we should only have to respond with "T" if actual tracking is occurring, not only a permitted use
17:25:18 [WileyS]
Justin - permitted uses are permitted uses for a reason
17:25:20 [moneill2]
npdity: phew
17:25:22 [vincent]
WileyS, if I have a G yes and that's ok with me. But if I have a N I'll guess that only one party received data about me and that's clearly not the case
17:25:48 [npdoty]
fielding: transitive in the sense that the exchange can do with it what it wants, including with other parties
17:25:50 [justin]
WileyS, there are no permitted uses in TPE. That's in TCS. In which case you respond T and link to TCS to explain the limitations on the tracking you're doing.
17:25:58 [justin]
17:26:02 [WileyS]
Vincent, I don't believe the "N" will realistically occur in the Gateway/Exchange scenario - not for a long time if at all
17:26:34 [justin]
ack npd
17:26:34 [Zakim]
npdoty, you wanted to respond separately to mike’s question
17:26:35 [npdoty]
fielding: other responses might inspire the user to ask for more information about the data collector, which is why I suggested that the only common response to send back is N
17:26:39 [WileyS]
Justin, agreed - but "T" is only required when you meet the definition of tracking which the TCS states permitted uses are not considered tracking.
17:27:08 [npdoty]
fielding: added requirements to make it more palatable, but if advocates feel it’s not useful, no objection to changing
17:27:19 [justin]
WileyS, I think "permitted uses" are still technically tracking, they're just permissible tracking (as defined by TCS).
17:27:20 [fielding]
17:27:49 [moneill2]
that party could be either party
17:28:05 [WileyS]
Justin, I don't believe that's correct then - as we should only need to respond with "T" when actual cross-site tracking is occurring for a non-permitted use.
17:28:33 [npdoty]
npdoty: on moneill2’s separate question, I didn’t intend to make a major change, was just trying to make smoother language. email me and I’ll fix it
17:28:40 [npdoty]
justin: thanks fielding for putting this together
17:28:50 [npdoty]
… there might be some questions that are challenging to deal with it
17:28:56 [justin]
17:29:03 [fielding]
T is for tracking, including for a permitted use. Tracking itself is only for cross-party data collection.
17:29:14 [npdoty]
… let’s try to gather together on that
17:29:21 [npdoty]
justin: I’ll follow up on the list today
17:29:49 [npdoty]
17:29:49 [trackbot]
action-465 -- Roy Fielding to Respond to issue-260 regarding validating dnt signal -- due 2014-11-26 -- OPEN
17:29:49 [trackbot]
17:30:07 [npdoty]
fielding: didn’t get to it. <illness>
17:30:30 [npdoty]
justin: fielding, any comments to nick’s proposed edits regarding yours, David’s and his language?
17:30:57 [npdoty]
fielding: nick made additional edits which may have addressed my concerns
17:31:04 [npdoty]
Zakim, take up agendum 2
17:31:05 [Zakim]
agendum 2. "Compliance" taken up [from npdoty]
17:31:21 [npdoty]
17:31:26 [justin]
scribenick: justin
17:31:42 [justin]
npdoty: I've been making editorial changes to TCS, tried to document with comments.
17:32:07 [justin]
npdoty: Two primary reasons: one was issue-203, how to use tracking in the TCS, how to indicate what you think you are, how to indicate compliance.
17:32:37 [justin]
... Updated Section 3 on how to respond, and indications to other sections.
17:33:20 [justin]
... Also updated scope and substantive section to make clear that what you're purporting to comply with is what you comply with.
17:33:45 [justin]
... Also, made editorial changes just to clarify. Didn't try to change substance, but if you disagree, please let me know.
17:34:09 [justin]
... Also updating scope section, lots of other proposals most of which are out of date. Tried to accomodate, lmk what you think.
17:34:28 [justin]
17:34:50 [npdoty]
scribenick: npdoty
17:35:02 [npdoty]
justin: nick will continue to clean up Compliance doc
17:35:15 [npdoty]
… hope to get to agreement on the particular issue-203
17:35:27 [dsinger]
17:35:27 [trackbot]
issue-262 -- guidance regarding server responses and timing -- pending review
17:35:27 [trackbot]
17:35:28 [npdoty]
… sounds like the hardest thing we have left to do is issue-262
17:35:45 [fielding]
17:35:52 [npdoty]
… I think after 262 and 260, then I think we’re pretty close to done
17:36:17 [npdoty]
fielding: suggest that we publish nick’s document as a Working Draft this week or next week
17:36:29 [dsinger]
17:36:37 [justin]
ack fielding
17:36:57 [justin]
ack ds
17:37:00 [npdoty]
npdoty: did publish a Working Draft just before thanksgiving
17:37:08 [npdoty]
17:37:13 [justin]
ack npd
17:38:00 [npdoty]
dsinger: which process?
17:38:20 [npdoty]
npdoty: following existing 2005 process. definitely good to ask for comments early
17:38:30 [justin]
17:38:32 [npdoty]
dsinger: good to reach out to stakeholders, maybe PING
17:38:33 [moneill2]
webapps security
17:40:06 [npdoty]
npdoty: still making editorial changes now, so might be better to do another snapshot and ask for a wider review in a week or two
17:40:07 [justin]
17:40:15 [npdoty]
justin: sounds reasonable, we still have TPE to work through
17:40:53 [npdoty]
dsinger: an update on the JavaScript issues
17:41:01 [npdoty]
… made those changes to the draft last night
17:41:09 [npdoty]
… links to formal definitions, uncontroversial
17:41:19 [npdoty]
… we decided to keep the cookie-processing model, as discussed
17:41:33 [npdoty]
… move the status to navigator from window, we agreed
17:41:48 [npdoty]
… can’t switch to an enumerator, since there are possible extensions, keep a string
17:42:08 [npdoty]
… exposes in Service Workers now
17:42:52 [npdoty]
… not returning a Promise from the exceptions calls, because these are synchronous from the point of the view of the page
17:43:05 [npdoty]
… the site has already got consent
17:43:22 [npdoty]
… only seems like an edge case
17:43:29 [npdoty]
… changed the advisory note to regard to other visits
17:43:46 [npdoty]
… sticking with URI instead of URL
17:44:10 [npdoty]
… delete explanationString and siteName? just insert a note about how the UA presents them
17:44:18 [moneill2]
yay, will do
17:44:21 [npdoty]
… integrates Mike’s expiry parameters, I believe verbatim
17:44:21 [dsinger]
17:44:25 [npdoty]
… Mike, please check
17:44:28 [npdoty]
… summarized in email
17:44:43 [npdoty]
justin: thanks dsinger for working through all those
17:44:50 [npdoty]
… everyone, please take a look at that
17:45:14 [npdoty]
dsinger: does anything need to be marked at risk?
17:45:49 [justin]
17:45:54 [npdoty]
justin: concern about european regulatory requirements regarding marking expiry at risk
17:46:07 [npdoty]
… think the group all came around to that, but send replies to the list as appropriate
17:46:21 [npdoty]
17:47:15 [npdoty]
dsinger: CR early next year?
17:47:19 [npdoty]
justin: yeah
17:47:26 [npdoty]
fielding: unless we think another last call is merited
17:47:30 [justin]
ack npd
17:48:20 [npdoty]
npdoty: just to confirm, will we plan to talk on December 24 or 31?
17:48:22 [dsinger]
looks like the editors should do a diff from the previous last-call document, but I don’t think anything we made major technical changes in TPE
17:48:44 [dsinger]
suggest weekly calls until we get to LC on Compliance?
17:48:45 [npdoty]
justin: no. and not clear we need regular weekly calls in January either, depending on when it’s needed
17:49:21 [fielding]
I will be on vacation Dec 20 through Jan 4.
17:49:38 [npdoty]
justin: will discuss with other chairs about how much time we need to take up going forward
17:49:41 [Zakim]
17:49:44 [npdoty]
… talk again next week
17:49:49 [Zakim]
17:49:50 [Zakim]
17:49:50 [Zakim]
17:49:51 [Zakim]
17:49:51 [Zakim]
17:49:52 [Zakim]
17:49:52 [Zakim]
17:49:53 [Zakim]
17:49:53 [Zakim]
17:49:55 [Zakim]
17:49:55 [Zakim]
17:49:56 [npdoty]
trackbot, end meeting
17:49:56 [trackbot]
Zakim, list attendees
17:49:56 [Zakim]
As of this point the attendees have been npdoty, dsinger, [FTC], Fielding, WaltMichel, ChrisPedigoOPA, moneill2, justin, kulick, vincent, WileyS, hefferjr, eberkower, [Microsoft]
17:50:01 [Zakim]
17:50:02 [Zakim]
17:50:02 [Zakim]
T&S_Track(dnt)12:00PM has ended
17:50:03 [Zakim]
Attendees were npdoty, dsinger, [FTC], Fielding, WaltMichel, ChrisPedigoOPA, moneill2, justin, kulick, vincent, WileyS, hefferjr, eberkower, [Microsoft]
17:50:04 [trackbot]
RRSAgent, please draft minutes
17:50:04 [RRSAgent]
I have made the request to generate trackbot
17:50:05 [trackbot]
RRSAgent, bye
17:50:05 [RRSAgent]
I see no action items