Privacy Interest Group Teleconference

13 Aug 2015

See also: IRC log


npdoty, MikeONeill, tara, christine, Wseltzer, gregnorcie, anssi, frankwagner, lakepolan, Anssi_Kostiainen, Mark_Foltz, katiehs, terri


<trackbot> Date: 13 August 2015

<gnorcie> testing

<npdoty> any volunteers to scribe?

<npdoty> gnorcie or JoeHallCDT, can you scribe to start? then MikeONeill will take over halfway through?

<JoeHallCDT> I cannot

<JoeHallCDT> sorry

<JoeHallCDT> distracted and have to leave early :/

<npdoty> MikeONeill, why don't you start and we'll help you out when you need to stop?


<npdoty> scribenick: MikeONeill

<tara> Thanks!

Christine askinf for intros

<tara> 1. Welcome and introductions

ansik intoduces hmself

<tara> (Anssi Kostiainen)

Mark Foltz

didnt catch name

<npdoty> Anton and Mounir, Google London

geolocation still working on use cases, postponing our discussion till next ca

Presentation API

Now presentation API

<tara> Anssi Kostiainen and Mark Foltz are from the Second Screen Presentation Working Group

<keiji> Presentation API WD http://www.w3.org/TR/presentation-api/

<christine> Email from the Second Screen WG - https://lists.w3.org/Archives/Public/public-secondscreen/2015Jul/0010.html

Mark Foltz is starting presentation

Basic use case to allow web app use secondary displays

essentiall display other piece of content that what use is viewing

<tara> (If you are not speaking, please mute! Thanks.)

app can send url to display

other option is for browser to send video straem

<anssik> https://github.com/w3c/presentation-api/blob/gh-pages/uc-req.md

<anssik> [use cases document]

webcoferencing, can use home TV, gaming all use cases


tara thanks

<anssik> 1. Private mode browsing for the presenting context

Anssi walk through privacy aspects

<christine> The four issues are here: https://lists.w3.org/Archives/Public/public-secondscreen/2015Jul/0010.html

<anssik> https://github.com/w3c/presentation-api/issues/45

Anssi we use GitHub for tracking issues

privacy issue 1) privacy mode what happens?

Anssi second device shared by multiple users. How to protect privacy in that situation. Should we require "private mode browsing" context?

Anssi privacy mode not standardised

Nick, is idea we dont want to show logged in or private video?

Mark Foltz, one possible modes send url or stream

Mark Foltz, device should not have access to cookie hjars, other data

<Zakim> npdoty, you wanted to comment on differences from postMessage or from full-screen api and to comment on private browsing mode and whose privacy

<npdoty> I think there are some interesting challenges regarding how private this presentation mode should be

<npdoty> for example, will the URL also send state (like in query parameters)? will postMessage send private information that shouldn't be shared?

<npdoty> does the presentation screen allow for any interaction (which in a public context could be worrisome if I'm logged in)?

<npdoty> any communication between the presenting and the controlling side must be confidential

<npdoty> MikeONeill: different technologies could be used for actual showing the video (eg webrtc) Mark: yes.

<npdoty> MikeONeill: should the user be alerted in some way that there in a privacy mode?

<npdoty> mfoltzgoogle: user doesn't have to choose or be aware, the user should just know that when the presentation is over, you're not leaving any private state behind

<anssik> 2. Fingerprinting and screen availability monitoring

Anssi 2nd privacy issue. Fingerprinting. to supply good experience the website needs to now whether there are secondary screens

<tara> (for a good user experience)

Ansii doing this we reaveal one bit of fingerprinting info (presense of othe screens)


<anssik> https://github.com/w3c/presentation-api/issues/9

Chritstine, what info about presention devices

Anssi, only one bit to in=dicate if presentations are prsesent

<tara> MikeONeill: there was a unique GUID in the Media Stream, so was concerned about "drive-by fingerprinting" -- others might use it as convenient API for fingerprinting. Would not like this sort of precedent to be set.

<npdoty> I would be less concerned about a single boolean than something with much more detail, and it would be more straightforwardly detectable. but it would be worth determining whether there was any alternative way to implement it

<anssik> 3. Security and privacy considerations

<tara> Anssik: We are only providing Boolean - "screens or no screens" and that's all.

Ansii, 3: should be a section on privacy and security consideration - asking for guidance on that section

<anssik> https://github.com/w3c/presentation-api/issues/45

Nick, grat to see questionaire use. asking for meta level feedback back

<tara> Nick: is the questionnaire working well? Suggestions?

<anssik> https://w3ctag.github.io/security-questionnaire/

Ansii, pasting links to other questionaires

<mfoltzgoogle> +q

<tara> Questionnaire helped to anticipate issues early in the process.

<tara> Unclear where these documents fit into the process -- could use guidance.

Mark Foltz: comments happy to provide feedback on questionaire

<JoeHallCDT> regrets, I need to leave the call early

<anssik> https://w3c.github.io/fingerprinting-guidance/

<anssik> https://w3c.github.io/privacy-considerations/

<anssik> 4. Rejecting the Promise when user cancels the screen selection

<npdoty> I think the latter of those is less up-to-date, but hopefully the fingerprinting doc (also undergoing revisions) will be helpful

Ansii: issue 4- rejecting promise - if use gets prompt to choose screen if click cancel, currently webpage get to know that

Ansii with specific error code, app knows the user has rejected presentation screen

need to think about it

<avayvod> Have to go, sorry.

Nick: geolocation did have a way but implementations rejected that
... not so concerned, but apps need to handle case when user just ignores it, so why have it

<npdoty> you definitely would want to know whether there was an error somewhere

<npdoty> but I'm not sure the difference between "user rejected the request" and "user ignored the request"

<anssik> some details in https://github.com/w3c/presentation-api/issues/20

Mark, gist was sitees may ant to pause video, then resume if user accepts

<fwagner> Sorry I have to drop of earlier, but have hardly conducted to participate more often than in the past....

Ansii, open to PING making recomendations

<anssik> https://lists.w3.org/Archives/Public/public-secondscreen/2015Jul/0010.html

<anssik> summary of the issues

Ansii, inviting comments on list or github,

<npdoty> timeline for feedback?

<tara> Thanks very much!

<fwagner> Sorry, I have to drop of, but promise to participate more often than in the past....

Christine, very impressed, covered privacy issues etc.

Christine, time frame for feedback?

<npdoty> +1, great to see a group very interested in the topic and lots of privacy/security thoughts already

Anssi, not at reveur stage yet. Whatever works for PING

<npdoty> s/revuer/wide review/

Christine, it varies a lot of specs needs inputs, we need to shepherd, encourage others to contribute

<npdoty> next month or two?

Christine: next PING call Sept 17

Anssi, chime in on issues, no need to do whole thing in one go

<christine> Does anyone now want to step up as a shepherd for the review of this spec?

<npdoty> cool, thanks.

<gnorcie> I could possibly, let me discuss w/ Joe

Anssi, within 1 month if we have name would be good

thanks ANsii & Mark great presentation

Draft TAG security and privacy questionnaire

<mfoltzgoogle> Just wanted to suggest that any feedback in advance of TPAC at the end of October would be very helpful. The Second Screen Working Group will be meeting F2F there.

<npdoty> thanks, mfoltzgoogle, that's useful

Christine, mentions wiki, being shipped to gitub

<npdoty> gnorcie, do you have an update on that? when should we send that feedback to tag or move to github?

gnorcie: next step maybe we should strip out security bits, rather than have one doc

chritine, lets concentrate on privacy first, w

<tara> (Thanks, Wendy!)

gnorcie, we need to try using the questionaire on new spec see how it works

Christine, presentation API or geofencing talking about next month

Christine, if no objection we could publish as draft note, lets see this published

<tara> Nick will do updates on the fingerprinting docs, circulate, and we'll publish as draft PING note.

<tara> Sept 17 for next call.

<npdoty> thanks

next call on geofencing


<npdoty> trackbot, end meeting

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/08/13 17:04:49 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/present+ markschultz/present+ Mark_Foltz/
Succeeded: s/Ansii/Anssi/
FAILED: s/revuer/wide review/
Found ScribeNick: MikeONeill
Inferring Scribes: MikeONeill
Present: npdoty MikeONeill tara christine Wseltzer gregnorcie anssi frankwagner lakepolan Anssi_Kostiainen Mark_Foltz katiehs terri

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 13 Aug 2015
Guessing minutes URL: http://www.w3.org/2015/08/13-privacy-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.

[End of scribe.perl diagnostic output]