16:51:51 RRSAgent has joined #dnt 16:51:51 logging to http://www.w3.org/2014/12/10-dnt-irc 16:51:53 RRSAgent, make logs world 16:51:55 Zakim, this will be TRACK 16:51:55 ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 9 minutes 16:51:56 Meeting: Tracking Protection Working Group Teleconference 16:51:56 Date: 10 December 2014 16:52:00 chair: justin 16:52:05 regrets+ schunter, cargill 16:53:48 moneill2 has joined #dnt 16:57:45 T&S_Track(dnt)12:00PM has now started 16:57:52 +npdoty 16:58:55 dsinger has joined #dnt 16:59:12 WaltMichel has joined #DNT 16:59:47 +[Apple] 16:59:54 zakim, [apple] has dsinger 16:59:54 +dsinger; got it 17:00:01 fielding has joined #dnt 17:00:21 +[FTC] 17:00:35 +Fielding 17:00:43 ChrisPedigoDCN has joined #dnt 17:00:50 +WaltMichel 17:01:19 +[IPcaller] 17:01:39 zakim,iIPCaller] is me 17:01:39 sorry, moneill2, I do not recognize a party named 'iIPCaller]' 17:01:41 +ChrisPedigoOPA 17:01:52 zakim, [IPCaller] is me 17:01:52 +moneill2; got it 17:02:19 justin has joined #dnt 17:02:29 Zakim, clear agenda 17:02:30 agenda cleared 17:02:36 agenda+ TPE Last Call issues 17:02:39 agenda+ Compliance 17:02:41 vincent has joined #dnt 17:02:42 agenda+ AOB 17:02:48 kulick has joined #dnt 17:02:59 +justin 17:03:00 +kulick 17:03:50 +vincent 17:04:11 scribenick: moneill2 17:04:31 Zakim, take up agendum 1 17:04:31 agendum 1. "TPE Last Call issues" taken up [from npdoty] 17:04:38 justin: issue 262 roys proposal 17:04:50 issue-262? 17:04:50 issue-262 -- guidance regarding server responses and timing -- pending review 17:04:50 http://www.w3.org/2011/tracking-protection/track/issues/262 17:04:51 https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Regarding_gateways_and_exchanges 17:04:52 WileyS has joined #dnt 17:05:22 +WileyS 17:05:41 fielding: tpe provides g response indicating server acting for multiple parties respone get back will be in header field 17:06:29 fielding: only is tsr, not in header. If all recipients respond with N gateway responds with n 17:06:59 fielding: contractual agreement that recipients could not receive tracking data 17:07:14 q+ 17:07:18 ack vincent 17:07:23 q+ 17:07:39 http://lists.w3.org/Archives/Public/public-tracking/2014Dec/0013.html 17:07:41 q+ vincent 17:07:48 ack npd 17:07:53 justin: cant hear vincent 17:08:10 -vincent 17:08:28 trying to dial back, in case my wuestion was about the third paragrpah 17:08:44 npdoty: thanks to roy, main question do we need extra requirements, must be service provider? 17:08:47 +q 17:08:55 +vincent 17:09:16 +hefferjr 17:09:35 fielding: question better addressed for shane 17:09:52 http://lists.w3.org/Archives/Public/public-tracking/2014Dec/0013.html 17:09:52 justin: can shane take a look at rules for g 17:10:06 WileyS, we’re looking at Roy’s language here: http://lists.w3.org/Archives/Public/public-tracking/2014Dec/0013.html and I was unsure whether the service provider concept will work for the common exchange implementations 17:10:15 https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Regarding_gateways_and_exchanges 17:10:32 ack vincent 17:12:02 vincent: my suggestion mabe covered by Roys? Will gateway either sends N or T (q to Roy) what about permitted uses, user cannot tell 17:12:37 justin: is concern about G sending N or T 17:12:44 I think Roy’s proposal suggests that the gateway sends T if it or its bidders is known to be tracking 17:12:51 justin: when gateway replies N 17:13:35 vincent: bidders may reply with C if they think they have consent 17:13:37 if the winning bidder felt it had out of band consent, then it would send back “C” in the Tk header 17:14:04 fielding: site might say it tracks in general, 17:14:51 right, G is a dynamic response (like ?), so it makes sense for cases where it might be N or might be C 17:14:56 fielding: if gateway has set of requirements that bidders dont track then it reasonable to respond N, otherwise G 17:15:25 not really, it's not dynamic, the gateway send either N or T or G 17:15:38 fielding: it replies T if it know non selected bidders are tracking 17:16:42 fielding: needs to be an indication if tracking is going on 17:16:50 should respond with a dynamic response (G, for example) if the Tk header will provide more information. otherwise, should follow the existing rules for T and N. 17:17:11 vincent: does gateway send T or G or N 17:17:17 q+ for a minor question 17:17:26 fair - bid losers are not able to "retain" user level data but we do allow aggregate/anonymized retention to enhance bidding algorithms so other permitted uses should remain in place regardless - fair? 17:17:40 eberkower has joined #dnt 17:17:47 and if the gateway sends G, it must transmit a more informative value in the Tk response header (from the selected party, for example) 17:18:06 vincent: why not say only G response (others confuse users) 17:18:45 q? 17:18:57 ack mo 17:19:01 scribenick: npdoty 17:19:08 moneill2: 3 things 17:19:13 +eberkower 17:19:25 Zakim, mute me please 17:19:25 eberkower should now be muted 17:19:27 WileyS, if it's really deidentified, the data is out of scope 17:19:47 … on service provider, the gateway is saying it’s a service provider of the bidders. it needs kind of reciprocal agreement about not keeping data in some cases. so not exactly the same as service providers we’ve discussed before. 17:19:53 WileyS, TPE is clear about that. 17:20:00 Justin - I agree but if its not deidentified but only used for analytical purposes it should still be protected by a permitted use as well, correct? 17:20:09 WileyS, it's not teh same when only one party receive the information and you know which one it is and when mulitple parties receive the request and you're not aware of it. Users should be able to see difference 17:20:28 … if the general preference is DNT:1, then you can’t utilize consent. [@@scribe may have missed@@] 17:21:00 amyc has joined #dnt 17:21:01 Vincent - as long as there is no tracking occurring I'm not seeing the issue 17:21:03 … a whole range of bidders that may or may not be collecting data, need a way for the gateway to report that, because otherwise the user/agent won’t know who they are 17:21:10 WileyS, well, there's no "analytical purposes" permitted use, even in TCS :) But none at all for TPE, if you're retaining data at all, you need to say "T" and can provide information in WKR around what you use tracking data for. 17:21:44 +[Microsoft] 17:21:49 … Nick, you changed a reference from “first party” to “that party”, which is actually quite a significant difference 17:21:53 remember that tracking data is about a particular user across multiple sites 17:21:55 Justin - okay, as long as data in aggregated/de-identified we're good. I think that should cover us. 17:22:03 q+ to respond separately to mike’s question 17:22:15 ack ds 17:22:15 dsinger, you wanted to discuss a minor question 17:22:19 justin: moneill2, good if you can send some of that in email 17:22:27 ok 17:22:55 dsinger: why not just report any single tracking status response, not just N? could work for T as well, say 17:22:56 I don't believe any of the exchanges will be able to respond in that manner today - will take time - if it ever happens at all. 17:22:59 justin: +1 17:23:13 dsinger: missed it 17:23:15 dsinger: I’m not sure about how the gateway should respond about its own tracking 17:23:35 q+ 17:23:37 … what happens if the gateway has an exception, or the other sites don’t, or vice versa? 17:23:41 q- later 17:23:41 dsinger: gateway tracking - missed a load of that my phone died 17:23:42 WileyS, if there are multiple recipients I'd like to know when information about me is collected/used by multiple parties 17:24:02 The gateway will only tracking for operational purposes: security, financial, and reporting - not profiling 17:24:03 ack fieldi 17:24:15 fielding: the service provider requirement was to handle the gateway tracking issue 17:24:18 Vincent - doesn't the "G" response tell you that? 17:24:29 WileyS, right but that's still tracking for TPE 17:24:31 … in that case, you can’t do tracking other than just for the recipient that you’re a service provider for 17:24:44 fielding: service provider requirement ... my phone died again . 17:24:57 … if the user-granted exceptions apply to the particular request, to the entire exchange 17:25:01 can anybody else scribe my phone keeps fading out 17:25:05 Justin - I disagree, we should only have to respond with "T" if actual tracking is occurring, not only a permitted use 17:25:18 Justin - permitted uses are permitted uses for a reason 17:25:20 npdity: phew 17:25:22 WileyS, if I have a G yes and that's ok with me. But if I have a N I'll guess that only one party received data about me and that's clearly not the case 17:25:48 fielding: transitive in the sense that the exchange can do with it what it wants, including with other parties 17:25:50 WileyS, there are no permitted uses in TPE. That's in TCS. In which case you respond T and link to TCS to explain the limitations on the tracking you're doing. 17:25:58 q? 17:26:02 Vincent, I don't believe the "N" will realistically occur in the Gateway/Exchange scenario - not for a long time if at all 17:26:34 ack npd 17:26:34 npdoty, you wanted to respond separately to mike’s question 17:26:35 fielding: other responses might inspire the user to ask for more information about the data collector, which is why I suggested that the only common response to send back is N 17:26:39 Justin, agreed - but "T" is only required when you meet the definition of tracking which the TCS states permitted uses are not considered tracking. 17:27:08 fielding: added requirements to make it more palatable, but if advocates feel it’s not useful, no objection to changing 17:27:19 WileyS, I think "permitted uses" are still technically tracking, they're just permissible tracking (as defined by TCS). 17:27:20 q- 17:27:49 that party could be either party 17:28:05 Justin, I don't believe that's correct then - as we should only need to respond with "T" when actual cross-site tracking is occurring for a non-permitted use. 17:28:33 npdoty: on moneill2’s separate question, I didn’t intend to make a major change, was just trying to make smoother language. email me and I’ll fix it 17:28:40 justin: thanks fielding for putting this together 17:28:50 … there might be some questions that are challenging to deal with it 17:28:56 q? 17:29:03 T is for tracking, including for a permitted use. Tracking itself is only for cross-party data collection. 17:29:14 … let’s try to gather together on that 17:29:21 justin: I’ll follow up on the list today 17:29:49 action-465? 17:29:49 action-465 -- Roy Fielding to Respond to issue-260 regarding validating dnt signal -- due 2014-11-26 -- OPEN 17:29:49 http://www.w3.org/2011/tracking-protection/track/actions/465 17:30:07 fielding: didn’t get to it. 17:30:30 justin: fielding, any comments to nick’s proposed edits regarding yours, David’s and his language? 17:30:57 fielding: nick made additional edits which may have addressed my concerns 17:31:04 Zakim, take up agendum 2 17:31:05 agendum 2. "Compliance" taken up [from npdoty] 17:31:21 http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html 17:31:26 scribenick: justin 17:31:42 npdoty: I've been making editorial changes to TCS, tried to document with comments. 17:32:07 npdoty: Two primary reasons: one was issue-203, how to use tracking in the TCS, how to indicate what you think you are, how to indicate compliance. 17:32:37 ... Updated Section 3 on how to respond, and indications to other sections. 17:33:20 ... Also updated scope and substantive section to make clear that what you're purporting to comply with is what you comply with. 17:33:45 ... Also, made editorial changes just to clarify. Didn't try to change substance, but if you disagree, please let me know. 17:34:09 ... Also updating scope section, lots of other proposals most of which are out of date. Tried to accomodate, lmk what you think. 17:34:28 q? 17:34:50 scribenick: npdoty 17:35:02 justin: nick will continue to clean up Compliance doc 17:35:15 … hope to get to agreement on the particular issue-203 17:35:27 issue-262? 17:35:27 issue-262 -- guidance regarding server responses and timing -- pending review 17:35:27 http://www.w3.org/2011/tracking-protection/track/issues/262 17:35:28 … sounds like the hardest thing we have left to do is issue-262 17:35:45 q+ 17:35:52 … I think after 262 and 260, then I think we’re pretty close to done 17:36:17 fielding: suggest that we publish nick’s document as a Working Draft this week or next week 17:36:29 q+ 17:36:37 ack fielding 17:36:57 ack ds 17:37:00 npdoty: did publish a Working Draft just before thanksgiving 17:37:08 q+ 17:37:13 ack npd 17:38:00 dsinger: which process? 17:38:20 npdoty: following existing 2005 process. definitely good to ask for comments early 17:38:30 q? 17:38:32 dsinger: good to reach out to stakeholders, maybe PING 17:38:33 webapps security 17:40:06 npdoty: still making editorial changes now, so might be better to do another snapshot and ask for a wider review in a week or two 17:40:07 q? 17:40:15 justin: sounds reasonable, we still have TPE to work through 17:40:53 dsinger: an update on the JavaScript issues 17:41:01 … made those changes to the draft last night 17:41:09 … links to formal definitions, uncontroversial 17:41:19 … we decided to keep the cookie-processing model, as discussed 17:41:33 … move the status to navigator from window, we agreed 17:41:48 … can’t switch to an enumerator, since there are possible extensions, keep a string 17:42:08 … exposes in Service Workers now 17:42:52 … not returning a Promise from the exceptions calls, because these are synchronous from the point of the view of the page 17:43:05 … the site has already got consent 17:43:22 … only seems like an edge case 17:43:29 … changed the advisory note to regard to other visits 17:43:46 … sticking with URI instead of URL 17:44:10 … delete explanationString and siteName? just insert a note about how the UA presents them 17:44:18 yay, will do 17:44:21 … integrates Mike’s expiry parameters, I believe verbatim 17:44:21 http://lists.w3.org/Archives/Public/public-tracking/2014Dec/0016.html 17:44:25 … Mike, please check 17:44:28 … summarized in email 17:44:43 justin: thanks dsinger for working through all those 17:44:50 … everyone, please take a look at that 17:45:14 dsinger: does anything need to be marked at risk? 17:45:49 q? 17:45:54 justin: concern about european regulatory requirements regarding marking expiry at risk 17:46:07 … think the group all came around to that, but send replies to the list as appropriate 17:46:21 q+ 17:47:15 dsinger: CR early next year? 17:47:19 justin: yeah 17:47:26 fielding: unless we think another last call is merited 17:47:30 ack npd 17:48:20 npdoty: just to confirm, will we plan to talk on December 24 or 31? 17:48:22 looks like the editors should do a diff from the previous last-call document, but I don’t think anything we made major technical changes in TPE 17:48:44 suggest weekly calls until we get to LC on Compliance? 17:48:45 justin: no. and not clear we need regular weekly calls in January either, depending on when it’s needed 17:49:21 I will be on vacation Dec 20 through Jan 4. 17:49:38 justin: will discuss with other chairs about how much time we need to take up going forward 17:49:41 -[FTC] 17:49:44 … talk again next week 17:49:49 -ChrisPedigoOPA 17:49:50 -kulick 17:49:50 -WaltMichel 17:49:51 -[Microsoft] 17:49:51 -justin 17:49:52 -eberkower 17:49:52 -vincent 17:49:53 -[Apple] 17:49:53 -hefferjr 17:49:55 -npdoty 17:49:55 -Fielding 17:49:56 trackbot, end meeting 17:49:56 Zakim, list attendees 17:49:56 As of this point the attendees have been npdoty, dsinger, [FTC], Fielding, WaltMichel, ChrisPedigoOPA, moneill2, justin, kulick, vincent, WileyS, hefferjr, eberkower, [Microsoft] 17:50:01 -WileyS 17:50:02 -moneill2 17:50:02 T&S_Track(dnt)12:00PM has ended 17:50:03 Attendees were npdoty, dsinger, [FTC], Fielding, WaltMichel, ChrisPedigoOPA, moneill2, justin, kulick, vincent, WileyS, hefferjr, eberkower, [Microsoft] 17:50:04 RRSAgent, please draft minutes 17:50:04 I have made the request to generate http://www.w3.org/2014/12/10-dnt-minutes.html trackbot 17:50:05 RRSAgent, bye 17:50:05 I see no action items