Privacy Interest Group Teleconference

22 Oct 2015

See also: IRC log


npdoty, runnegar, tara, JoeHallCDT, LCPolan, KatieHS, Haritos-Shea, Lukasz_Olejnik, moneill2, kodonog, christine, mandyam, chaals, Lukasz
wseltzer, Lukasz_Olejnik
christine, tara


<trackbot> Date: 22 October 2015

<tara> Waiting for more folks to join the WebEx before getting started...

<npdoty> volunteers to scribe?

<npdoty> moneill2 or kodonog, care to scribe for us today?


<npdoty> scribenick: moneill2

Welcome and introductions

Gary is giving background

<npdoty> S/Gary/Giri/

Gary is chair of geolocation group

<npdoty> S/Gary/Giri/

<tara> I can see the first slide w/sidebar.

Geofencing API http://www.w3.org/TR/geofencing/

Giri: interoperabilty has been problem on mobile web. Geofencing ability to draw a geometrical shape determine if user device is inside or outside fence
... Qualcom had pre-standard implementations on Android
... 18month ago restarted geolocation group, came up with geofencing API. Based on service workers, allowing web developer to persist a process

<npdoty> [slide 2]

Giri: no consensus on https origins
... geofencing API uses https origins, better privacy than geolocation
... there is a privacy & security section

<npdoty> [slide 4]

Giri: only circular region defined so far

<npdoty> [slide 5]

<npdoty> [slide 4]

Giri: requires a developer opt-in. Service workers requires data persistence

<npdoty> yeah, that persistence kind of scares me, since it's potentially entirely in the background

Giri: pervasive monitoring risk, what is users home location etc. is a problem. some solutions being talked about by browsers
... should this be solved in API, or in meta context

<nick> some potentially scary things about user awareness

<nick> we need to give some guidance

<npdoty> if I load a page on my friend's computer and then it works in the background forever, can I just track my friend's location into the future forever?

Giri: this is broader than geofencing, more and more sensor API functionality


Giri: maybe some best practices requirements for service workers?

<nick> have we talked to service worker group?

Giri: Ping needs to raise this right now

<Lukasz> clear visibility/transparency display in browser UI

<nick) work item for PING

<tara> <moneill> Had there been any discussion of using the Permissions API?

<npdoty> moneill2: revocability and expiry of permissions

Giri: geolocation is in permission spec
... guidance from PING on deviceorientation, access to sensors determine pin entry etc.
... effort in device api working group

<npdoty> regarding deviceorientation: https://lists.w3.org/Archives/Public/public-geolocation/2015Aug/0003.html

<christine> +q

<npdoty> giri: deviceorientation is widely deployed, but never issued a Last Call

<christine> perpective on how we can coordinate at TPAC

Giri: geolocation TPAC agenda available, in joint meeting with automotive working group

<christine> can you be at IETF/PING meeting


<Zakim> npdoty, you wanted to comment on timeline

<nick> Nick will be at TPAC, when do we need to resolve thee issues

you are fading out gary

<npdoty> giri: on timeline, still have technical issues re: geofencing spec that need to be resolved

<npdoty> ... concerned about the stability of the questionnaire

<npdoty> ... if it's in good shape, can settle on a collective response to the questionnaire in quick order

<npdoty> ... would like it to be done no later than the end of November

Giri: still some tech issues, need to be resolved first, in questionaire is in good face, put to bed by end Nov

<nick> we need to keep changing questionaire

Giri: general issue with service workers, needs to be sorted

<nick> serviceworkers not on PING list as of now, but it will be

<npdoty> moneill2: where do we find out about what's happening with service workers? is there a general requirement about data persistence for service workers?

<npdoty> giri: process persistence for service workers which requires some data persistence

<npdoty> ... then there are actual identifiers for the service worker themselves (scope URL), those identifiers also seem to persist

<npdoty> ... and underlying geolocation data is persisted in the sense of boundaries

<npdoty> ... Web Apps Working Group is working on Service Workers

<npdoty> https://slightlyoff.github.io/ServiceWorker/spec/service_worker/#security-considerations

<npdoty> https://lists.w3.org/Archives/Public/public-webapps/

<npdoty> giri: on our first geofencing implementation, we wanted a level of process persistence, and had a Persistent Web Workers, which we had trouble commercializing because of the problem of end user management

<npdoty> ... should we add UI to the browser? can the user see which worker is active? shut down workers?

<npdoty> ... had concluded that that kind of UI was going to be necessary

Giri: user manageability of erviceworkers was not resolved, ened up as a trade off, ui is necessary, dont know if it will happen

thanks gary

<npdoty> I'll add Geofencing and Service Workers to our ongoing wiki list

Privacy and Security Questionnaire https://www.w3.org/wiki/Privacy_and_security_questionnaire

<npdoty> Greg is regrets, who's been working on this particular item

<christine> maybe talk about TPAC agenda, in short time left, TPAC great opportunity

TPAC preparation

<nick> webapps sound like a priority, e.g serviceworkers

<chaals> webapps group is now webplatform , meeting on tuesday about serviceworkers

<chaals> webplatfor is also covering everything html, chaals is joint chaire, user context has clerar privacy issues

<npdoty> chaals, is there a link on that? I'm not familiar with that particular a11y work

<nick> serviceworker discussion, should we try to raise discussion earlier

<chaals> issues should be raised online on GitHub

<chaals> question has this been taken into account

<tar> other TPAC items?

<nick> webpayment WG announced, al lot of privacy questions, early stage a good time to discuss privacy

<chaals> latest draft of User Context spec, now a deliverable for the ARIA working group...


<npdoty> https://www.w3.org/wiki/Privacy/Privacy_Reviews


<npdoty> moneill2: Permissions API (WebAppSec), it would be good to talk to people there at TPAC

<npdoty> ... in terms of user awareness and control

<npdoty> npdoty: sure, I'll try to look at that while at TPAC, and can share some comments on the list

<chaals> [unfortunately I won't be in the meetings, although I will be at TPAC and hope to catch up with people there]

<npdoty> 26 November is Thanksgiving (US)

<npdoty> 3 December?


<npdoty> trackbot, end meeting

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/10/22 17:00:50 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/<gary>/Giri:/G
Succeeded: s/<christine>/tara:/
Succeeded: s/some WAI group/the ARIA working group/
Found ScribeNick: moneill2
Inferring Scribes: moneill2
Default Present: npdoty, runnegar, tara, JoeHallCDT, LCPolan, KatieHS, Haritos-Shea, Lukasz_Olejnik, moneill2, kodonog, christine, mandyam, chaals
Present: npdoty runnegar tara JoeHallCDT LCPolan KatieHS Haritos-Shea Lukasz_Olejnik moneill2 kodonog christine mandyam chaals Lukasz
Regrets: wseltzer Lukasz_Olejnik
Found Date: 22 Oct 2015
Guessing minutes URL: http://www.w3.org/2015/10/22-privacy-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.

[End of scribe.perl diagnostic output]