16:59:00 RRSAgent has joined #privacy 16:59:00 logging to http://www.w3.org/2017/01/19-privacy-irc 16:59:29 RRSagent, make minutes 16:59:29 I have made the request to generate http://www.w3.org/2017/01/19-privacy-minutes.html keiji 16:59:45 RRSAgent, make logs team 17:00:40 present+ 17:01:02 present+ 17:01:20 npdoty has joined #privacy 17:01:22 Meeting: Privacy Monthly January 2017 17:01:30 present+ 17:01:53 present+ 17:02:06 agenda+ Requests for reviews 17:02:21 agenda+ I-D Action: draft-ietf-httpbis-client-hints-03.txt 17:02:30 agenda+ ePrivacy Directive 17:02:38 agenda+ Privacy questionnaire 17:03:30 (how many pieces of software does WebEx require you to install these days?) 17:03:40 more than 9000 17:03:59 Billions and billions. 17:05:11 Giving a moment for folks to join... 17:06:39 agenda+ Security IG summary 17:07:26 agenda item 1: privacy review requests 17:07:26 Remote Playback API 17:07:39 http://w3c.github.io/remote-playback/ 17:07:49 until Jan 30 for review 17:07:51 WebRTC Statistics API 17:07:52 also for Web RTC 17:07:59 https://www.w3.org/TR/2016/WD-webrtc-stats-20161214/ 17:08:04 short time frame - looking for comments 17:08:13 Screen Orientation API 17:08:26 https://www.w3.org/TR/screen-orientation/ 17:08:27 3rd request is screen orientation API 17:08:35 https://www.w3.org/TR/security-privacy-questionnaire/ 17:08:42 https://github.com/w3c/screen-orientation/issues 17:08:46 they used the draft questionnaire 17:08:51 IndexedDB API 17:08:53 4th request 17:09:05 https://www.w3.org/TR/IndexedDB-2/ 17:09:07 RRSagent, make minutes 17:09:07 I have made the request to generate http://www.w3.org/2017/01/19-privacy-minutes.html keiji 17:09:14 https://github.com/w3c/IndexedDB/issues/ 17:09:27 they were looking for comments, PING did not provide comments in timeframe - Tara asked if comments are still welcome 17:09:38 Wendy mentioned that there might be some concerns 17:09:47 deadline for the 3rd request is 12 Feb 17:10:12 time to make comments 17:10:18 +q 17:10:21 tara asking for volunteers 17:10:36 ack mike 17:10:51 weiler has joined #privacy 17:11:17 mike looked at indexDB, might say something over the weekend - the basic privacy danger is that the third party could use indexdb to track you - like you can with local storage to re-enliven cookies 17:11:54 mike: issue of third parties having access to storage in browsers - is the broader issue 17:12:06 mike: relevant is the ePrivacy directive 17:12:21 zakim, who's here/ 17:12:22 zakim, who's here? 17:12:28 Zakim has joined #privacy 17:12:32 present+ 17:12:32 browsers are obliged under the proposal to guard access by third parties of storage within browsers 17:12:53 mike continued - we should have a general discussion about Web RTC 17:12:58 local IP address issues 17:13:01 q+ 17:13:31 Christine - the exposure of local IP address in WebRTC has been an ongoing issue for W3C and IETF specs 17:13:53 Christine: we're in a better position now; Nick? 17:14:21 Nick: suggestion was for different modes; default mode would expose only RFC 1918 local IP addr (auto-config, not one hidden behind VPN) 17:15:01 ack christine 17:15:23 present+ keiji, npdoty, christine, barryleiba, mikeoneill, tara 17:15:26 tara to send a call to list for volunteers for reviews 17:15:29 zakim, who's here? 17:15:29 Present: weiler, keiji, npdoty, christine, barryleiba, mikeoneill, tara 17:15:31 On IRC I see weiler, npdoty, RRSAgent, christine, keiji, tara, barryleiba, mikeoneill, yoav, Mek, plinss, schuki, mounir, terri, dveditz, rrware, hadleybeeman, mkwst, lukasz, 17:15:31 ... dustinm, adrianba, jyasskin, wseltzer, trackbot 17:15:53 agenda item 2: I-D Action: draft-ietf-httpbis-client-hints-03.txt 17:15:58 https://datatracker.ietf.org/doc/draft-ietf-httpbis-client-hints/ 17:16:08 https://tools.ietf.org/html/draft-ietf-httpbis-client-hints-03 17:16:49 for indicating preferences ... discussion around identifiability 17:17:05 as a result of 'hints' 17:17:05 mikeoneill: I think this might be the right one https://www.ietf.org/id/draft-ietf-rtcweb-ip-handling-03.txt 17:17:33 q+ 17:17:36 mark n and nick replied on list 17:17:48 Marc has joined #privacy 17:18:04 mike: did you get a reply to your comment? (asking Nick) 17:18:23 nick: I think so, he had some questions or request, have some follow-up to do 17:18:44 Mark replied on Christmas day: https://lists.w3.org/Archives/Public/public-privacy/2016OctDec/0065.html 17:19:22 tara: is anyone here following the work in IETF (from PING)? 17:20:08 Barry is following HTTP group in general but not everything they are doing, will take a quick look at the doc 17:20:35 nick: might be useful, it made me wonder what other specs might be doing other things 17:21:18 ack mike 17:21:18 barry: we should look at what the group is putting out, will put on my queue - mark is on group and liasion to IETF, so presume he is alert - he sent this one (for example) 17:21:45 agenda item 3 - ePrivacy directive 17:21:52 http://www.politico.eu/wp-content/uploads/2016/12/POLITICO-e-privacy-directive-review-draft-december.pdf 17:22:07 https://baycloud.com/blog/do-not-track-the-key-to-compliance-with-the-eprivacy-and-general-data-protection-regulations 17:22:10 q+ 17:22:42 tara: some items more relevant for tracking protection wg, perhaps 17:22:51 q+ 17:23:24 christine: on my list as well, question: brought up in the Tracking Protection WG, but does anyone know what they plan to do? 17:23:40 mikeoneill: haven't discussed it yet, though it's on the tpwg mailing list 17:23:56 mike: we need to monitor 17:24:18 mike: browsers would have a legal obligation to protect personal data of the user 17:24:30 mike: because they have to ask and register consent 17:24:53 mike: see what I have written (link above) 17:26:42 mike: potentially a big legal obligation 17:27:05 mike: quite important and ties to our work here 17:27:20 tara: thanks to the link to the analysis 17:27:46 ack chr 17:27:50 ach mik 17:28:13 Privacy questionnaire 17:28:15 agenda item 4 - privacy questionnaire 17:28:44 Christine renewing effort in new year to address questionnaire 17:28:54 Will be done in chunks of work instead of one lot of work 17:29:07 +1, I like the idea of working on particular pieces 17:29:26 agenda item 5 - summary of security IG call 17:29:59 tara: fairly short call, core participants 17:30:17 charter was updated and renewed 17:30:42 https://www.w3.org/2011/07/security-ig-charter.html 17:30:47 thinking about how to manage the security reviews 17:31:03 need people with the right amount of expertise and how to do that 17:31:11 manage workload 17:31:21 question around the development of the questionnaires 17:31:44 interested in knowing how PING work on questionnaire proceeds 17:31:48 update security wiki 17:31:58 relevant issues in the press, who does reviews, etc 17:32:12 sam: biggest // is around reviews 17:32:18 q+ 17:32:30 ack mik 17:32:38 ack np 17:32:52 nick: curious about the size of the group and the reviews q 17:33:14 if smaller than this group and both struggling to get reviews, wonder if we should combine? 17:33:16 q+ 17:33:40 sam: you are on the right track 17:33:48 should combine where we can 17:34:11 ack chr 17:34:28 Christine: we should renew the practice of inviting a rep from the group 17:34:37 For a robust discussion of issues 17:34:45 We could also invite the security IG rep at that time 17:34:59 And then we get one combined discussion 17:35:27 nick: enough overlap to do collaboration 17:36:27 tara: heads-up one in the planning 17:36:47 q+ 17:37:08 mike: re WebRTC statistics thing, maybe we could meet with Security IG 17:37:10 rrsagent, draft minutes 17:37:10 I have made the request to generate http://www.w3.org/2017/01/19-privacy-minutes.html weiler 17:37:26 zakim, who's here? 17:37:26 Present: weiler, keiji, npdoty, christine, barryleiba, mikeoneill, tara 17:37:28 On IRC I see Marc, Zakim, weiler, npdoty, RRSAgent, christine, keiji, tara, barryleiba, mikeoneill, yoav, Mek, plinss, schuki, mounir, terri, dveditz, rrware, hadleybeeman, mkwst, 17:37:28 ... lukasz, dustinm, adrianba, jyasskin, wseltzer, trackbot 17:37:29 mike: will look into over the next week or so 17:37:53 zakim, who's here? 17:37:53 Present: weiler, keiji, npdoty, christine, barryleiba, mikeoneill, tara 17:37:54 mike: ask WebRTC people to give a presentation 17:37:55 On IRC I see Marc, Zakim, weiler, npdoty, RRSAgent, christine, keiji, tara, barryleiba, mikeoneill, yoav, Mek, plinss, schuki, mounir, terri, dveditz, rrware, hadleybeeman, mkwst, 17:37:55 ... lukasz, dustinm, adrianba, jyasskin, wseltzer, trackbot 17:37:58 rrsagent, draft minutes 17:37:58 I have made the request to generate http://www.w3.org/2017/01/19-privacy-minutes.html weiler 17:38:06 tara: Web payments looking to talk to us in Feb 17:38:21 tara: choose a time for the next call 17:38:27 ack m 17:38:33 Chair: Tara 17:38:42 16 February? 17:38:47 16 Feb? 17:39:06 RSA conflict 17:39:49 9 Feb? 17:41:17 tara: propose 16 Feb 17:41:45 sam: reminder to give early notice to all include web sec 17:41:55 Goodbye 17:41:55 rrsagent, draft minutes 17:41:55 I have made the request to generate http://www.w3.org/2017/01/19-privacy-minutes.html weiler 17:41:58 barryleiba has left #privacy 17:42:05 Marc has left #privacy 17:42:27 weiler, can we make the minutes public? 17:42:40 RRSagent, make minutes 17:42:40 I have made the request to generate http://www.w3.org/2017/01/19-privacy-minutes.html keiji 17:42:45 RRSagent, make public 17:42:46 I'm logging. I don't understand 'make public', keiji. Try /msg RRSAgent help 17:43:01 i: RRSagent, make minutes public 17:43:04 RRSAgent, make log public 17:45:44 keiji has left #privacy 20:00:17 Zakim has left #privacy 20:28:32 chaals has joined #privacy 21:35:27 yoav has joined #privacy 21:43:21 chaals has joined #privacy