16:01:19 <RRSAgent> RRSAgent has joined #dnt
16:01:19 <RRSAgent> logging to http://www.w3.org/2017/05/01-dnt-irc
16:01:21 <trackbot> RRSAgent, make logs world
16:01:21 <Zakim> Zakim has joined #dnt
16:01:23 <trackbot> Zakim, this will be TRACK
16:01:23 <Zakim> ok, trackbot
16:01:24 <trackbot> Meeting: Tracking Protection Working Group Teleconference
16:01:24 <trackbot> Date: 01 May 2017
16:01:36 <mikeoneill> present+
16:01:46 <fielding> present+
16:01:59 <fwagner> fwagner has joined #dnt
16:02:08 <walter> present+
16:02:30 <fielding> present+ schunter
16:02:54 <walter> fwagner: you may want to mute
16:03:23 <fwagner> now better ?
16:03:41 <schunter> https://github.com/w3c/dnt/issues?q=is%3Aopen+is%3Aissue+milestone%3ATPE-CR-April-2017
16:03:43 <walter> now it's fielding's turn to be noisy :-)
16:03:53 <fwagner> :-)
16:04:30 <wileys> wileys has joined #dnt
16:04:55 <schunter> https://github.com/w3c/dnt/issues/13
16:05:46 <fielding> talking about "doNotTrack property should be derived from EventTarget"
16:06:19 <at> at has joined #dnt
16:06:43 <fielding> q+
16:06:56 <schunter> ack f
16:10:34 <walter> in Javascript every variable is mutable...
16:11:06 <fielding> I don't have a strong push for a function -- just a question on which is more appropriate
16:12:21 <dsinger> present+ dsinger
16:12:36 <schunter> Since the function has no parameters it indeed does not seem to make a big different.
16:14:09 <fielding> I would prefer that we have one attribute for the global default DNT setting and a separate method to retrieve the current DNT string for this document origin.
16:16:02 <fielding> dsinger: concerned about the temporal scope for the DNT value: how often do you need to check the value?
16:17:10 <schunter> q+
16:17:41 <wileys> It won’t be possible.  We’ll only honor the original signal coming in the header
16:17:55 <wileys> Too difficult to continual check back and then change processing mid-stream on a page load
16:18:48 <fielding> yes, designing these features for the sake of an extension manager is different from designing them for the sake of sites trying to comply
16:20:04 <walter> The thing is, from a purely legalistic viewpoint, consent has to be withdrawable at any time
16:20:16 <walter> from a practical point, I think it is worth cutting some corners here
16:20:37 <wileys> I believe you can fairly defend completing a page load if the original header said DNT:0 and honor the DNT1 change on the next page load
16:20:59 <walter> wileys: and the other way around
16:21:00 <walter> ?
16:21:11 <wileys> Agreed
16:21:25 <dsinger> right, I can see a lifetime that lasts for the time a page is open.
16:21:26 <wileys> But trying to change mid-page seems very dificult
16:21:28 <walter> but yes, I would consider that a defensible position for web pages. For web-services it's more complicated.
16:22:06 <wileys> And we have OS controls for Apps so this isn’t needed there
16:22:15 <wileys> Just close the browser
16:22:34 <wileys> +q
16:23:37 <walter> I would support that answer
16:23:51 <walter> if you do recurring interactions through a persistent process
16:24:12 <walter> it is reasonable to check for changes in the DNT with the same frequency you have those interactions
16:24:25 <schunter> Proposal: DNT;0 lasts as long as the page lasts. If some processes have a longer life-time, they have to regularily check the DNT status and need to be able to change their behavior if the DNT value has changed.
16:25:20 <wileys> Agreed in either direct DNT 0 or 1 - basically the initial value holds true throughout the lifespan of the UA interaction with the end user
16:25:41 <walter> schunter: How about: if you do polling for web helper processes, AJAX-calls, what have you, you must poll for DNT changes too?
16:25:57 <fielding> q+
16:27:01 <schunter> ackschutner
16:27:03 <schunter> ack sch
16:27:22 <wileys> q-
16:27:28 <schunter> ack fi
16:27:47 <schunter> Corner cases: Polyfill? Web-workers?
16:28:44 <Brendan> +1 they're edge cases
16:29:09 <walter> Brendan: they're not edge cases for apps etc, but I can live with it being pushed to a later revision
16:29:41 <walter> the basic question to me is, how much of a change is it to have an event handler or a variable for that?
16:29:48 <schunter> Points I like to get a text proposal for:
16:29:51 <walter> if it is a lot, push it to a later revision
16:30:11 <walter> I can also live with it being a variable for now, and it become an event handler at a later stage
16:30:14 <schunter> 1. the initial value holds true throughout the lifespan of the UA interaction with the end user
16:30:18 <walter> that is survivable change-wise
16:30:22 <schunter> 2. Event API is fine
16:30:44 <schunter> 3. If anything lasts longer than the UA interaction/page, it need to regularily check the DNT status
16:32:41 <fielding> https://github.com/w3c/dnt/issues/9
16:34:51 <fielding> but then we have to spend a year trying to reach agreement on those definitions
16:35:59 <wileys> Why is this needed?
16:36:36 <wileys> +q
16:36:49 <rvaneijk> Google Analytics could go under Same Party, if the processor agreement was signed
16:37:18 <fielding> q+
16:39:44 <schunter> ack wil
16:40:32 <fielding> what is the user going to do with the information "this call you just made thinks you were in a first party context" given that the browser has NO IDEA whether it is making a first party or third party request. Remember, "first party" is defined by ownership and control, not domain name
16:40:42 <schunter> Parties say T or N or C
16:40:47 <schunter> Scenario 1: Widget
16:40:58 <schunter> Site says T (because 1st party)
16:41:08 <schunter> Third party says T (because it has no consent)
16:41:21 <schunter> Widget says C (because it has a direct relationship)
16:41:43 <schunter> Scenario 2: Google (1st party) was misused as a third party
16:41:53 <schunter> - Google says T (it believes it is 1st party)
16:42:06 <schunter> - Site says T because it believes it is 1st parties
16:43:02 <schunter> q?
16:43:07 <schunter> ack fi
16:45:30 <schunter> q+
16:47:56 <schunter> ack sch
16:50:58 <fielding> https://lists.w3.org/Archives/Public/public-tracking/2017Apr/0053.html
16:51:10 <fielding> Shane is talking about the above message
16:51:43 <walter> q+
16:53:40 <mikeoneill> q+
16:55:00 <schunter> ack w
16:55:01 <fielding> Thinking of this from the site implementation perspective (AEM), I think it is very unlikely that enterprises want browsers to differ in their processing of site elements based on an invisible list found within the TSR of a live site.
16:55:54 <wileys> Again - this conversation is outside the scope of the DNT signal (Privacy Badger, AdBlock Plus, etc.)
16:55:54 <schunter> Requirement 1 "truthful reporting": If a user-granted exception is present, then browsers should tell the site what third parties received DNT;1 (or were blocked or otherwise hindered).
16:56:31 <fielding> Keep in mind that tools like AEM already contain management of links that prevent unintended subresources being inserted in any page.
16:56:35 <schunter> Requirement 2 "blocking unauthorized third parties": Blocking all third parties not in the list.
16:57:11 <schunter> Discussion: If a publisher has a site-wide exception, is the UA allowed to send some third parties DNT;1
16:59:35 <wileys> The tech spec already defines what a site-wide exception means
16:59:45 <fielding> I don't understand. We don't have "reciprocal transparency" now, nor are we likely to get it soon given that browsers would consider it to be a privacy violation.
17:00:16 <schunter> q?
17:00:19 <schunter> ack mi
17:00:52 <wileys> Says the person who just interrupted the conversation
17:01:20 <wileys> Disagree - we’re discussing UGE - not OOBC
17:01:54 <wileys> This should not change
17:02:23 <wileys> Next week it is…
17:02:33 <wileys> wileys has left #dnt
17:02:34 <walter> wileys: sorry if that went too far
17:03:26 <fielding> Zakim, list attendees
17:03:26 <Zakim> As of this point the attendees have been mikeoneill, fielding, walter, schunter, dsinger
17:04:08 <fielding> present+ wileys
17:05:01 <fielding> present+ rvaneijk
17:06:27 <fielding> present+ fwagner, Brendan
17:06:33 <fielding> Zakim, list attendees
17:06:33 <Zakim> As of this point the attendees have been mikeoneill, fielding, walter, schunter, dsinger, wileys, rvaneijk, fwagner, Brendan
17:07:14 <fielding> trackbot, end meeting
17:07:14 <trackbot> Zakim, list attendees
17:07:14 <Zakim> As of this point the attendees have been mikeoneill, fielding, walter, schunter, dsinger, wileys, rvaneijk, fwagner, Brendan
17:07:22 <trackbot> RRSAgent, please draft minutes
17:07:22 <RRSAgent> I have made the request to generate http://www.w3.org/2017/05/01-dnt-minutes.html trackbot
17:07:23 <trackbot> RRSAgent, bye
17:07:23 <RRSAgent> I see no action items