16:02:27 RRSAgent has joined #dnt 16:02:27 logging to http://www.w3.org/2017/05/08-dnt-irc 16:02:29 RRSAgent, make logs world 16:02:29 Zakim has joined #dnt 16:02:31 Zakim, this will be TRACK 16:02:31 ok, trackbot 16:02:32 Meeting: Tracking Protection Working Group Teleconference 16:02:32 Date: 08 May 2017 16:03:24 chair: schunter 16:04:03 mikeoneill has joined #dnt 16:04:12 present+ dsinger 16:04:20 present+ 16:04:31 present+ hober 16:05:14 fwagner has joined #dnt 16:05:32 schunter_ has joined #dnt 16:05:35 at has joined #dnt 16:06:19 zakim, agenda? 16:06:19 I see nothing on the agenda 16:07:16 present+ 16:08:22 https://github.com/w3c/dnt/issues/13 16:08:38 https://w3c.github.io/dnt/DNTChangeEvent.html 16:14:49 I think Mike is saying that the browser would implement the doNotTrack event but might not have implemented the exceptions API. 16:14:52 aleecia has joined #dnt 16:15:48 fielding, correct, and since not every browser has implemented the exception API, a polyfill approach would simulate the DNT properties/events. 16:18:58 I disagree DNT is a different case, since the exception API is not shipped by most browsers 16:20:16 why aren’t they looking at it when they care? 16:21:25 1. read the value 16:23:20 I still don’t get why you’re not reading it when you need to know the value. When you have a branch in your code that depends on the value, read it then. 16:23:47 it is impossible for an event to fire faster than a read. The only distinction here is that *inside* the event handler the value is static, which is not relevant to a site implemenation. It is relevant to a browser extension trying to manage a separate UI. 16:25:27 I do not mean this as critique, but listening to people talk over each other is not the best use of my time just now. Sorry to be so constrained. Good luck — I’ll catch the next meeting. 16:26:31 just making sure (a) we don’t introduce unneeded complexity and diverge from implementations and (b) we don’t have a fundamental misconception (on either side) 16:27:06 schunter has joined #dnt 16:27:20 in 4minutes, I would like to move on. 16:27:36 It seems there is no consensus evolving and I suggest waiting for more implementations. 16:27:53 If all implementers request the event, we can reconsider. 16:28:30 Agreed - this appears to be a corner case where those currently implementing aren’t requesting this level of “event-based support” 16:30:43 fwagner has joined #dnt 16:31:31 q+ to talk about blocking 16:32:12 ack ds 16:32:12 dsinger, you wanted to talk about blocking 16:34:59 +q 16:35:04 +q 16:37:05 the right language is "if a publisher has a site-wide API and a TP does not receive DNT;0, then the publisher can discover this fact via a new API". 16:37:17 +q 16:37:36 ack mike 16:37:38 q+ to talk about sitewide * exceptions and the EU 16:37:49 Stronger disagree - in queue to explain how RTB will likely work under GDPR 16:38:41 Check the email chain - Rob introduced the concept of “Blocking” 16:39:06 I am just calling for transparency, as an optional field, because some companies have indicated wanting to use such a property and it would help them to become compliant with EU law. 16:40:11 Rob - a 3rd party list not need to be machine readable to be legally compliant 16:40:35 wileys, agreed 16:40:36 ack schun 16:40:43 Proposed consensus: 16:41:13 1. otherParties can contain a complete list of third parties 16:41:44 2a : if otherParties exists, a new API allows the publisher to list all TPs that are not on this list. 16:42:10 fwagner has joined #dnt 16:42:43 2b If otherParties does not exist and a site-wide exception exists, then the API can be used to list all TPs that did not receive DNT;0 16:43:29 ack wil 16:43:32 +q 16:43:33 The site wanting to know, and the user to know, what it is asking for can either (a) know what sites are (recursively) pulled in to their site by inclusion, and then ask for a general site-specific exception (using the wildcard for all targets in the API) or (b) be clear as to what thirs parties it needs the exception for, and list those domains explicitly in the request API. We already have the modulation ‘to the parties I care about’ in the API, we don’t 16:43:33 need it replicated in the WKR, do we? 16:44:47 q+ 16:45:00 ack ds 16:45:00 dsinger, you wanted to talk about sitewide * exceptions and the EU 16:45:03 ack ds 16:47:19 Simplified implementation: The otherParties are in the TSR. If you then call a site-wide exception, this is auto-constrained to this list. Would this make sense? 16:48:48 Wrong - same party array is meant to determine who receives DNT:0 16:49:13 Sama party array scopes the “Site” in the Site-wide Exception 16:49:23 Same 16:49:44 otherParties should receive DNT:0 as well IMHO 16:50:20 And the more useless text we require to be sent 16:50:43 fielding, transparency is not useless.. 16:51:28 +q 16:51:33 David (paraphrased by matthias): Studpid idea? 16:51:55 rvaneijk, the user has already decided to access the site and the site contains subresources that specifically identify other sites, so this information is completely useless. I have explained that too many times already. 16:52:04 Shane: site-wide exception, he wants an API that lists all third parties that did not get DNT;0 16:52:24 Rob: Machine readable TSR optional field otherParties for pre-flight checks 16:52:58 But we should all be honest that a machine readable list such as OtherParty is just another form of a Tracking Protection List 16:53:27 Why build it if we don’t expect it to be used? 16:53:51 Because we want to see how the market evolves and what the best solution to GDPR compliance will be. 16:54:04 I.e. I cannot tell whether it will be used or not. 16:54:29 Changes to the spec needed: 16:54:42 (a) add a field otherParties to list known third parties 16:54:48 (Summarizing my point on Matthias’s idea) I don’t see any reaon to move a parameter of the API to the WKR; that just means the UA has to do a fetch when the API is called; we’re better with the API being self-contained 16:54:54 Shane, the list is independent from the purpose 16:55:16 Yes, and the net extension can be called the extorter, because that is how it will be used. 16:55:36 (b) specify an API that allows publisher to retrieve the third parties that did not receive DNT;0 16:55:37 Doesn’t need to be machine readilble if our only goal is user transparency. 16:55:55 s/net extension/next extension/ 16:56:12 correct, a MAY 16:57:15 But it can be handled easily, if it is machine readable 16:57:32 schunter, yes, makes sense 16:59:44 q+ 17:00:02 ack mik 17:00:31 ack schun 17:00:35 ack wil 17:00:35 I think we are in consensus, right? 17:00:50 ack wil 17:01:36 q- 17:01:59 wileys has left #dnt 17:03:48 present +wileys, rvaneijk, aleecia, fwagner, mikeoneill 17:04:10 present+ wileys, rvaneijk, aleecia, fwagner, mikeoneill 17:04:17 zakim, list attendees 17:04:17 As of this point the attendees have been dsinger, fielding, hober, mikeoneill, wileys, rvaneijk, aleecia, fwagner 17:04:39 present+ schunter 17:06:12 zakim, list attendees 17:06:12 As of this point the attendees have been dsinger, fielding, hober, mikeoneill, wileys, rvaneijk, aleecia, fwagner, schunter 17:06:31 trackbot, end meeting 17:06:31 Zakim, list attendees 17:06:31 As of this point the attendees have been dsinger, fielding, hober, mikeoneill, wileys, rvaneijk, aleecia, fwagner, schunter 17:06:39 RRSAgent, please draft minutes 17:06:39 I have made the request to generate http://www.w3.org/2017/05/08-dnt-minutes.html trackbot 17:06:40 RRSAgent, bye 17:06:40 I see no action items