IRC log of dnt on 2017-03-20

Timestamps are in UTC.

16:05:15 [RRSAgent]
RRSAgent has joined #dnt
16:05:15 [RRSAgent]
logging to
16:05:17 [trackbot]
RRSAgent, make logs world
16:05:17 [Zakim]
Zakim has joined #dnt
16:05:19 [trackbot]
Zakim, this will be TRACK
16:05:19 [Zakim]
ok, trackbot
16:05:20 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
16:05:20 [trackbot]
Date: 20 March 2017
16:05:38 [mschunter]
Any suggestions what 2 topics to promote from "new" to "under discussion"?
16:06:05 [fielding]
fielding has joined #dnt
16:06:09 [wileys]
wileys has joined #dnt
16:06:29 [fielding]
me too
16:06:32 [mschunter]
My webex just ended.
16:06:39 [mschunter]
Or crashed
16:07:04 [wileys]
Same as Rob - on WebEx but no Host
16:07:57 [Craig]
unable to access webx. not accept the call in number working for anyone?
16:08:23 [at]
at has joined #dnt
16:08:25 [Bert]
16:08:29 [vincent_]
vincent_ has joined #dnt
16:08:36 [mikeoneill]
16:08:49 [fielding]
16:09:38 [aleecia]
aleecia has joined #dnt
16:12:49 [vincent__]
vincent__ has joined #dnt
16:13:29 [walter]
16:13:33 [walter]
as in, about to dial in
16:13:51 [mschunter]
16:14:04 [aleecia]
mcshunter: today we discuss issue 13, issue 2
16:14:06 [mschunter]
16:14:36 [aleecia]
mschunter: one conclusion last week, if using JS API about collecting content, should publish in tracking status resource what you actually do
16:14:44 [aleecia]
… issue 19, waiting for text
16:14:54 [aleecia]
… is Walter on the call?
16:15:01 [aleecia]
rob: trying to call in, not there yet
16:15:15 [aleecia]
mschunter: is Mike here? (yes) issue 13
16:15:24 [walter]
mschunter: I am trying to call in
16:15:32 [walter]
does mschunter actually pay attention to IRC?
16:15:41 [aleecia]
mikeoneill: similar to promises, DNT asynch and DNT property in JS
16:15:57 [aleecia]
… it’s what it was when the session was enabled, it normally doesn’t change,
16:16:12 [aleecia]
… if you had an event, if would be more efficient. could have a DNT change event.
16:16:41 [aleecia]
… listen for event, do a call back when the event occurs, which is the DNT value either changed or became valid (couldn’t determine header value initially)
16:16:56 [aleecia]
mschunter: if you start with DNT:0, you keep it for lifetime of session?
16:16:57 [mschunter]
16:17:33 [wileys]
You’ll receive a new DNT header with every single page load so I’m not sure where the “lifetime of the session” comes in from that perspective.
16:17:39 [aleecia]
mikeoneill: determine it’s valid inside the callback for the event but not be for other times. this is for JS in a library, there could be better implementations from browsers
16:18:20 [aleecia]
mikeoneill: no way to amend or vary that property in a reliable fashion, and in many circumstances doesn’t matter, but could. if there’s a DNT change event, in the callback we can confirm the DNT value is valid
16:18:35 [aleecia]
mschunter: have JS property, <can’t understand>
16:18:45 [aleecia]
… value can be 0 or 1, maybe it changes
16:18:53 [aleecia]
mikeoneill: normally doesn’t change
16:19:27 [aleecia]
mschunter: JS call for 0 or 1, if someone revokes consent, i call again and get a different value.
16:19:31 [aleecia]
[cross talk]
16:19:51 [fielding]
16:19:56 [aleecia]
mikeoneill: can do it inside a time out, a set time interval, but the reason we introduced promises is then we have an artificial delay
16:20:11 [aleecia]
… if an event, you know it’s changed. it might change from unknown to known the first time.
16:20:37 [aleecia]
mschunter: the point is instead of a variable to poll, you get notified if it changes
16:21:05 [mschunter]
DNT-updated event in addition to DNT property.
16:21:08 [aleecia]
mikeoneill: if you have an event you can pass the property in the callback. I’m not saying to remove the property. Just that the value is valid guarentted inside that callback
16:21:19 [mschunter]
ack fiel
16:21:41 [aleecia]
fielding: don’t see a need for this. parameter is there for JS to check before it does something. not an event that occurs later in the future.
16:21:55 [aleecia]
… doesn’t happen on a running page, with ads waiting for value to change
16:22:22 [aleecia]
mikeoneill: iFrame, could happen. ad exchange asking for consent and user gives consent.
16:22:40 [aleecia]
… get out of the mindset that it’s client-server. code could be operating within the client
16:22:57 [aleecia]
… consent can be initiated by top-level context or an iFrame nested within that context
16:23:04 [aleecia]
… DNT value that applies could change
16:23:04 [mschunter]
MTS: Only relevant if DNT info if 0/1 is cached elsewhere and needs updating for consistency.
16:23:40 [aleecia]
… mobile devices are disconnected, could have a web app still running but different origins with JS code opperating in combination to implement a web application
16:23:50 [rvaneijk]
16:24:10 [aleecia]
fielding: app operates fine, trigger a refresh, communicate with other iFrames. having them all look for an event isn’t — cut off
16:24:44 [aleecia]
mikeoneill: you could do it that way but why not a general purpose event, or hang off another event like a message event, or a set time out event
16:24:54 [aleecia]
fielding: or just check the value!
16:25:12 [aleecia]
mikeoneill: might trigger from timeout or message event
16:25:38 [aleecia]
… they might not have been triggered, if they want to know then the only way to determine is to have an arbitrary time out
16:25:46 [aleecia]
mschunter: we’re talking across each other
16:26:11 [aleecia]
… call the value now, and call it again later [sorry missing this ]
16:26:41 [aleecia]
[audio poor]
16:27:15 [walter]
rvaneijk: you are hard to understand
16:27:20 [aleecia]
rvanejik: want to understand. if something is loading you want to check to see if it’s finished, with DNT a session can take a long time.
16:27:26 [aleecia]
… user can change consent to another status
16:27:46 [vincent_]
vincent_ has joined #dnt
16:27:54 [aleecia]
… trying to understand if there’s a benefit to using an event listener rather than checking DNT status property. doesn’t it make any difference in costs per round trip?
16:28:18 [aleecia]
mikeoneill: could do a time out, check every 500 ms and check the value. problem with that, how long is the time out and it’s just annoying.
16:28:42 [aleecia]
… have an event, have a callback, you know it’s valid. it’s just a nicer way to do things. and you can guarentee the value is valid.
16:29:29 [aleecia]
… trying to come up with a DNT library to implement the API or something like it if the browser isn’t supported. be able to respond with ad iFrames also respond, and implement even if the API isn’t there. but how do you know when it’s valid or not? that’s what i’m trying to solve.
16:29:53 [aleecia]
… can write up the use case. if people liek it we go with it, if not, drop it
16:29:57 [aleecia]
… can define the use case more
16:30:15 [aleecia]
fielding: with an event, browser needs to know which listeners to notify, complicated
16:30:26 [aleecia]
mikeoneill: just your origin
16:30:37 [aleecia]
fielding: browser has to track this, could be each iFrame
16:30:52 [mschunter]
ack rv
16:30:55 [aleecia]
mikeoneill: it sets the event and knows where DNT was sent
16:31:19 [aleecia]
mschunter: seems nice to have, unless wanted we’ll push it out [for the next version]
16:31:44 [rvaneijk]
Mike's proposal seems logical to me, i.e., dnthaschanged.eventlistener: function() {} etc.
16:31:50 [aleecia]
mikeoneill: agree, just like to say — will write thoughts and get people to read it, make up minds next time.
16:32:04 [aleecia]
(fwiw, sounds good to me but for next version)
16:32:18 [aleecia]
fielding: other things to deal with
16:32:26 [MArtin__Telekom]
MArtin__Telekom has joined #dnt
16:32:26 [aleecia]
… so ok to wait a week to see text
16:32:49 [aleecia]
rvaneijk: would be helpful to see it written, give Mike another week
16:33:00 [rvaneijk]
16:33:03 [aleecia]
16:33:20 [fielding]
We need to reopen some last call issues that were closed because they would require a change to the API
16:33:32 [walter]
didn't quite get the name of the last speaker
16:33:32 [rvaneijk]
Welcome MArtin__Telekom !
16:33:43 [aleecia]
mschunter: issue 13, pushed one more week
16:33:57 [aleecia]
could someone else scribe?
16:34:21 [aleecia]
mschunter: introductions please
16:35:00 [aleecia]
MArtin_Telekom: [getting a few words only] working with Mike to implement it for — ?
16:35:31 [aleecia]
mschunter: Martin is the first round, was Frank, partially taking over.
16:35:43 [aleecia]
MArtin_Telekom: well alligned with Frank
16:36:07 [aleecia]
mschunter: one goal Martin has is content management [really unclear phone line]
16:37:14 [aleecia]
at: eff, work on privacy badger, been following for 6-8 weeks. started work migrating features into privacy badger to make it more compatible with TPE. focused on tracking status resource and the API
16:37:32 [aleecia]
… privacy badger checks to see if there’s a hashed version of EFF’s policy at our own well known url
16:37:43 [aleecia]
… also check tracking status resource moving forward
16:37:55 [aleecia]
… depends on resolution of outsanding questions in the working group
16:38:11 [aleecia]
… our devs are working on this and won’t have a prototype for a little while
16:38:48 [aleecia]
… will also implement consent API. users can today white list sites they’re visiting. the consent API gives us another way to deal with that, but there are still WG issues open so we’re looking for a clear spec, but we’ve started work
16:38:54 [aleecia]
… will report back as we make progress
16:39:13 [aleecia]
mschunter: implementors please give feedback and share ideas
16:39:44 [aleecia]
at: understand there’s an enthusiasm to lock it down, so is the feedback all that interesting or just an implementation report?
16:40:26 [aleecia]
mschunter: depends how serious the comments are. “this feature doesn’t work with that feature” or use cases that need new JS all valuable information about shortcomings. we’d discuss fix v. postpone.
16:40:56 [aleecia]
… wouldn’t constrain yourself, but the smaller the change the more likely it gets into the next release. big issues are still useful, we see what we can do
16:41:01 [aleecia]
at: right
16:41:43 [walter]
16:41:44 [aleecia]
speaker unclear: Alan and Martin are not official group members, we might make them so
16:41:51 [aleecia]
(maybe that was Bert?)
16:42:01 [aleecia]
… give me email address, will contact.
16:42:08 [MArtin__Telekom]
Martin Kurze (Deutsche telekom), working on DNT
16:42:08 [aleecia]
[cross talk]
16:42:15 [MArtin__Telekom]
16:42:47 [aleecia]
16:43:32 [aleecia]
MArtin_Telekor: will work on joining the dlist
16:43:52 [aleecia]
(of note, directions are on the home page for the WG)
16:44:04 [aleecia]
for EFF, Cory has to tag Alan
16:44:19 [aleecia]
fielding: could we do this another time and have a meeting?
16:44:20 [aleecia]
16:44:29 [aleecia]
mschunter: issue 2
16:44:51 [aleecia]
walter: what will it take for an alternative compliance that piggybacks on TPE
16:45:08 [aleecia]
… as long as the URI is an optional part of the spec, it’s forseeable there will be trouble for alt spec
16:45:41 [aleecia]
… we have promises for certain behavior in compliance, and if the promise is an optional flag, then the promise may get ignored or
16:45:51 [aleecia]
… would like more info to be manditory about compliance
16:46:04 [rvaneijk]
Walter, I think this would work: "compliance": [ "", "", "" }
16:46:08 [aleecia]
… would like every party to express their understanding of their role, e.g. “I’m a third party"
16:46:25 [aleecia]
mschunter: party has to be manditory?
16:46:59 [vincent__]
vincent__ has joined #dnt
16:47:03 [aleecia]
… couldn’t you make the flag mandiroty by the compliance to use same party field?
16:47:11 [mikeoneill]
16:47:13 [wileys]
That would be up to the specific compliance standard the site is using
16:47:32 [wileys]
I would think any compliance standard can go above and beyond the TPE on what is and is not mandatory
16:47:36 [aleecia]
walter: is it appropriate that some flags are manditory in some compliance contexts?
16:47:39 [mschunter]
16:47:47 [wileys]
A compliance standard would NOT be able to go lower than the TPE
16:48:10 [rvaneijk]
Wileys, agreed :)
16:48:15 [aleecia]
mschunter: not all compliance specs require all fields, but specific “if EFF, then field 5 is not optional, now required as part of EFF”
16:48:30 [aleecia]
mikeoneill: not sure what Walter is asking about, same party array?
16:48:58 [aleecia]
walter: several ways together. if for example the URI with the compliance spec is not manditory, how does the UA know which compliance spec is in play?
16:48:59 [rvaneijk]
same party could be e.g. "same-party": [ "", "", "", "" ]
16:49:13 [rvaneijk]
Which is not the same as a distinction between data controller and processor...
16:49:18 [aleecia]
… if the same party is not in use, the UA may have a different understanding of roles and causes issues
16:49:41 [aleecia]
mikeoneill: so same party array, something the server is declairing?
16:50:08 [aleecia]
walter: server doesn’t declare, 1st party contracts to another party to collect user data and only for the 1st party, perfectly fine in EU ePriv regs.
16:50:24 [aleecia]
… but the UA doesn’t understand the first party role of the other party, because there is no array being used
16:50:44 [aleecia]
mikeoneill: it’s transparency info and the UA isn’t required to look at it anyway
16:51:10 [aleecia]
walter: even in the tech spec we say 1st and 3rd parties distinct. but your understanding of your own role is an optional party array
16:51:19 [aleecia]
mikeoneill: issue 22 or something?
16:51:22 [aleecia]
walter: overlaps
16:51:33 [aleecia]
mikeoneill: example of what we want for issue 22?
16:51:51 [aleecia]
… discuss that first?
16:52:01 [aleecia]
… tell a server if a thrid party or not, seperate issue
16:52:04 [fielding]
The UA has no need to to look. The compliance requirement is on the server complying to them, not on the user agent, and might not even apply until long after the communication occurs.
16:52:36 [aleecia]
at: under the EFF policy, more info is always better, but in terms of how we work 1st party is held responsible for ensuring compliance of their 3rd parties
16:52:58 [aleecia]
… either technically, legally, or by design the 1st party ensures the 3rd parties are in compliance with EFF’s
16:53:13 [aleecia]
… not that important to us what the other embedded resources believe their role to be
16:53:30 [aleecia]
walter: merge with 22 and carry on from there?
16:54:45 [aleecia]
mschunter: would be useful. current TPE distinguishes but if there’s no way to find out 1st or 3rd party that’s potentially dangerous. the other issue is how flexible requiring fields per compliance approach. any compliance approach can make a field manditory but not make it optional,
16:54:52 [aleecia]
request: let’s write that into the spec then…
16:55:07 [aleecia]
mschunter: writing use cases is a good idea, thanks for volunteering
16:55:15 [aleecia]
… which issues next time for the agenda?
16:55:22 [fielding]
16:55:26 [walter]
16:55:32 [aleecia]
… have 5 open issues we haven’t started, send preferences to M
16:55:44 [mschunter]
16:55:51 [aleecia]
… if no feedback, chair will pick about three
16:56:29 [aleecia]
discussion of formatting of docs on github; Roy’s working on it
16:58:28 [aleecia]
fielding: we had comments in last call to change to shorter names but MSFT had implemented. will send a proposal to the dlist during the week
16:58:37 [aleecia]
mschunter: need a new issue number for that
16:58:46 [aleecia]
mikeoneill: just the names or the arch?
16:58:51 [fielding]
16:58:58 [aleecia]
fielding: interface names only.
16:59:22 [aleecia]
… if david is able to, maybe there are things we can cull (summarized)
16:59:38 [aleecia]
mschunter: do we agree to do this work based on last call comments?
16:59:49 [aleecia]
fielding: also changes to promises
16:59:57 [aleecia]
… response to issue 256
17:00:08 [aleecia]
mschunter: ok, on you to propose updates
17:00:13 [aleecia]
fielding: ok
17:00:22 [aleecia]
17:01:04 [wileys]
wileys has left #dnt
17:08:07 [Bert]
17:08:16 [Bert]
17:08:53 [Bert]
scribeoptions: -final
17:09:02 [Bert]
RRSAgent, make minutes v2
17:09:02 [RRSAgent]
I have made the request to generate Bert
17:31:25 [Bert]
scribeoptions: -draft -noEmbed
17:31:27 [Bert]
RRSAgent, make minutes v2
17:31:27 [RRSAgent]
I have made the request to generate Bert
17:32:30 [Bert]
previous meeting:
17:32:33 [Bert]
RRSAgent, make minutes v2
17:32:33 [RRSAgent]
I have made the request to generate Bert
18:29:29 [Bert]
zakim, bye
18:29:29 [Zakim]
leaving. As of this point the attendees have been Bert, mikeoneill, fielding
18:29:29 [Zakim]
Zakim has left #dnt
18:35:55 [Bert]
present+ Matthias (mschunter), Brendan, Alan Toner (at), Vincent, Rob, Shane, Aleecia, Walter, Martin Kurze
18:36:16 [Bert]
18:36:20 [Bert]
RRSAgent, make minutes v2
18:36:20 [RRSAgent]
I have made the request to generate Bert
18:37:47 [Bert]
s/speaker unclear/Bert/
18:38:07 [Bert]
s/(maybe that was Bert?)//
18:38:11 [Bert]
RRSAgent, make minutes v2
18:38:11 [RRSAgent]
I have made the request to generate Bert
18:52:07 [Bert]
18:52:21 [Bert]
18:52:23 [Bert]
RRSAgent, make minutes v2
18:52:23 [RRSAgent]
I have made the request to generate Bert
18:53:20 [at_]
at_ has joined #dnt
19:48:21 [Bert]
RRSAgent, bye
19:48:21 [RRSAgent]
I see no action items