IRC log of dnt on 2012-01-04

Timestamps are in UTC.

16:37:47 [RRSAgent]
RRSAgent has joined #dnt
16:37:47 [RRSAgent]
logging to http://www.w3.org/2012/01/04-dnt-irc
16:37:55 [Zakim]
Zakim has joined #dnt
16:38:04 [aleecia]
Zakim, this will be dnt
16:38:05 [Zakim]
ok, aleecia; I see T&S_Track(dnt)12:00PM scheduled to start in 22 minutes
16:38:16 [aleecia]
chair: aleecia
16:38:24 [aleecia]
rrsagent, make logs public
16:40:42 [schunter]
schunter has joined #dnt
16:44:28 [johnsimpson]
johnsimpson has joined #DNT
16:44:48 [johnsimpson]
johnsimpson has left #DNT
16:47:19 [vincent]
vincent has joined #dnt
16:48:02 [tl]
tl has joined #dnt
16:50:40 [rvaneijk]
rvaneijk has joined #dnt
16:51:15 [sidstamm]
sidstamm has joined #dnt
16:51:28 [Zakim]
T&S_Track(dnt)12:00PM has now started
16:51:35 [Zakim]
+[Mozilla]
16:51:36 [Zakim]
+ +1.408.674.aaaa
16:51:38 [dsinger]
dsinger has joined #dnt
16:52:18 [Zakim]
+??P27
16:52:21 [tl]
zakim, Mozilla has tl
16:52:21 [Zakim]
+tl; got it
16:53:23 [aleecia]
agenda+ Selection of scribe
16:53:26 [efelten]
efelten has joined #dnt
16:53:35 [aleecia]
agenda+ Any comments on minutes from the last call:
16:53:47 [aleecia]
agenda+ Review of overdue action items
16:54:00 [aleecia]
agenda+ Discussion of action-34, draft of first-party text
16:54:11 [aleecia]
agenda+ Discussion of Europe, Canada, the US and DNT; request for volunteers
16:54:19 [aleecia]
agenda+ Review of open issues and current status
16:54:30 [aleecia]
agenda+ Issue-6, What are underlying concerns?
16:54:41 [aleecia]
agenda+ Issue-15, What special treatment should there be for children's data?
16:54:50 [aleecia]
agenda+ Announce next meeting & adjourn
16:55:09 [schunter]
zakim, who is here?
16:55:09 [Zakim]
On the phone I see [Mozilla], +1.408.674.aaaa, ??P27
16:55:10 [Zakim]
[Mozilla] has tl
16:55:11 [Zakim]
On IRC I see efelten, dsinger, sidstamm, rvaneijk, tl, vincent, schunter, Zakim, RRSAgent, aleecia, bryan, tlr-bbl, hober, trackbot, pde
16:55:17 [npdoty]
npdoty has joined #dnt
16:55:21 [schunter]
zakim, ??P27 is Matthias Schunter
16:55:21 [Zakim]
I don't understand '??P27 is Matthias Schunter', schunter
16:55:42 [npdoty]
trackbot, start meeting
16:55:44 [trackbot]
RRSAgent, make logs world
16:55:47 [trackbot]
Zakim, this will be
16:55:48 [Zakim]
I don't understand 'this will be', trackbot
16:55:49 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
16:55:51 [trackbot]
Date: 04 January 2012
16:56:11 [aleecia]
Nick, I've done it
16:56:14 [aleecia]
We're set
16:56:15 [tl]
i love that our robots can't quite work out each others' syntax
16:56:22 [aleecia]
Please don't wipe out the agenda :-)
16:56:25 [schunter]
zakim, this is ??P27
16:56:25 [Zakim]
sorry, schunter, I do not see a conference named '??P27' in progress or scheduled at this time
16:56:38 [Zakim]
+[Mozilla.a]
16:56:46 [sidstamm]
Zakim, Mozilla.a has sidstamm
16:56:46 [Zakim]
+ +31.65.141.aabb
16:56:50 [Zakim]
+sidstamm; got it
16:56:57 [aleecia]
agenda?
16:56:57 [rvaneijk]
Zakim, aabb is rvaneijk
16:57:12 [schunter]
zakm, ??P27 is schunter
16:57:18 [Zakim]
+rvaneijk; got it
16:57:27 [schunter]
zakim, ??P27 is schunter
16:57:27 [Zakim]
+schunter; got it
16:57:42 [Zakim]
+ +1.425.214.aacc
16:58:08 [Joanne]
Joanne has joined #DNT
16:58:08 [chesterj1]
chesterj1 has joined #dnt
16:58:44 [vincent]
maybe we could add issue 32? I've sent a draft before the holidays
16:58:58 [Zakim]
+ +1.510.859.aadd
16:59:02 [Zakim]
+ +1.415.520.aaee
16:59:07 [Zakim]
+ +1.202.326.aaff
16:59:14 [npdoty]
Zakim, aadd is npdoty
16:59:14 [Zakim]
+npdoty; got it
16:59:15 [clp]
clp has joined #dnt
16:59:17 [aleecia]
There are many drafts before the holidays that we won't likely get to today, but if we do get through the agenda quickly, I'd love to do more!
16:59:19 [efelten]
Zakim, aaff is efelten
16:59:19 [Zakim]
+efelten; got it
16:59:24 [johnsimpson]
johnsimpson has joined #dnt
16:59:25 [Joanne]
+1.415.520 is Joanne
16:59:28 [clp]
What is the dial in number and code again?
16:59:31 [Zakim]
+[Apple]
16:59:33 [dsinger]
zakim, [apple] has dsinger
16:59:33 [Zakim]
+dsinger; got it
16:59:39 [dsinger]
zakim, code?
16:59:39 [Zakim]
the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), dsinger
16:59:42 [ksmith]
ksmith has joined #dnt
16:59:46 [aleecia]
+1.617.761.6200, conference code TRACK (87225)
16:59:53 [justin]
justin has joined #dnt
16:59:57 [bryan]
present+ Bryan_Sullivan
16:59:58 [WileyS]
WileyS has joined #DNT
17:00:15 [Zakim]
+??P34
17:00:23 [enewland]
enewland has joined #dnt
17:00:24 [aleecia]
useful URLs today: http://www.w3.org/2011/tracking-protection/compliance-issues.html has summary of status on issues; http://www.w3.org/2011/tracking-protection/temp-parties-draft-jm-tl.html has draft of first party work
17:00:30 [Zakim]
+ +1.760.705.aagg
17:00:31 [Zakim]
+ +1.301.270.aahh
17:00:34 [aleecia]
I'll repeat those when relevant
17:00:44 [aleecia]
agenda?
17:00:47 [jmayer]
jmayer has joined #dnt
17:00:49 [alex___]
alex___ has joined #dnt
17:00:49 [Lia]
Lia has joined #dnt
17:00:54 [npdoty]
Zakim, agenda?
17:01:00 [hefferjr]
hefferjr has joined #dnt
17:01:18 [bryan]
zakim, +1.425.214.aacc is bryan
17:01:28 [schunter]
zakim, who is here?
17:01:41 [clp]
Been away last few weeks, forgive me, real life called me away, here now --clp
17:01:52 [schunter]
zakim, who is online?
17:01:53 [pmagee]
pmagee has joined #dnt
17:02:01 [Zakim]
+ +1.202.684.aaii
17:02:06 [npdoty]
scribenick: johnsimpson
17:02:06 [cOlsen]
cOlsen has joined #dnt
17:02:07 [Zakim]
I see 9 items remaining on the agenda:
17:02:13 [Zakim]
1. Selection of scribe [from aleecia]
17:02:17 [Zakim]
2. Any comments on minutes from the last call: [from aleecia]
17:02:20 [dwainberg]
dwainberg has joined #dnt
17:02:21 [Zakim]
3. Review of overdue action items [from aleecia]
17:02:23 [Zakim]
4. Discussion of action-34, draft of first-party text [from aleecia]
17:02:25 [johnsimpson]
zakim, mute me
17:02:25 [Zakim]
5. Discussion of Europe, Canada, the US and DNT; request for volunteers [from aleecia]
17:02:27 [npdoty]
Zakim, close agendum 1
17:02:29 [Zakim]
6. Review of open issues and current status [from aleecia]
17:02:31 [Zakim]
7. Issue-6, What are underlying concerns? [from aleecia]
17:02:33 [Zakim]
8. Issue-15, What special treatment should there be for children's data? [from aleecia]
17:02:36 [npdoty]
Zakim, close agendum 2
17:02:37 [Zakim]
9. Announce next meeting & adjourn [from aleecia]
17:02:39 [johnsimpson]
minutes are accepted
17:02:41 [Zakim]
+ +1.801.830.aajj
17:02:42 [laurengelman]
laurengelman has joined #dnt
17:02:43 [Zakim]
+ +1.813.366.aakk
17:02:43 [aleecia]
http://www.w3.org/2011/tracking-protection/track/actions/overdue
17:02:45 [npdoty]
Zakim, take up agendum 3
17:02:45 [Zakim]
+ +1.408.349.aall
17:02:45 [tedleung]
tedleung has joined #dnt
17:02:47 [Zakim]
+bryan; got it
17:02:49 [Zakim]
+ +1.202.326.aamm
17:02:51 [Zakim]
+??P65
17:02:55 [Zakim]
+ +1.508.655.aann
17:02:55 [johnsimpson]
move to action items
17:02:56 [enewland]
Justin and I are not able to dial in
17:02:57 [Zakim]
On the phone I see [Mozilla], +1.408.674.aaaa, schunter, [Mozilla.a], rvaneijk, bryan, npdoty, +1.415.520.aaee, efelten, [Apple], ??P34, +1.760.705.aagg, +1.301.270.aahh,
17:02:57 [hwest]
hwest has joined #dnt
17:03:02 [Zakim]
... +1.202.684.aaii, +1.801.830.aajj, +1.813.366.aakk, +1.408.349.aall, +1.202.326.aamm, ??P65, +1.508.655.aann
17:03:04 [Zakim]
[Apple] has dsinger
17:03:04 [henryg]
henryg has joined #dnt
17:03:06 [Zakim]
[Mozilla] has tl
17:03:06 [cOlsen]
C. Olsen has joined
17:03:08 [Zakim]
[Mozilla.a] has sidstamm
17:03:10 [Zakim]
+ +1.310.392.aaoo
17:03:10 [alex___]
Zakim, aakk is alex__
17:03:12 [Zakim]
+ +1.813.366.aapp
17:03:14 [Zakim]
I don't understand your question, schunter.
17:03:38 [Zakim]
On IRC I see cOlsen, pmagee, hefferjr, Lia, alex___, jmayer, enewland, WileyS, justin, ksmith, johnsimpson, clp, chesterj1, Joanne, npdoty, efelten, dsinger, sidstamm, rvaneijk,
17:03:39 [efelten]
Zakim, aamm is cOlsen
17:03:41 [rvaneijk]
action item 14 is in progress, my apologies.
17:03:41 [trackbot]
Sorry, couldn't find user - item
17:03:43 [Zakim]
... tl, vincent, schunter, Zakim, RRSAgent, aleecia, bryan, tlr-bbl, hober, trackbot, pde
17:03:47 [Zakim]
sorry, johnsimpson, I do not know which phone connection belongs to you
17:03:51 [Zakim]
agendum 1, Selection of scribe, closed
17:03:53 [Zakim]
I see 8 items remaining on the agenda; the next one is
17:03:55 [Zakim]
2. Any comments on minutes from the last call: [from aleecia]
17:03:56 [tlr-bbl]
action-14: in progress
17:03:56 [trackbot]
ACTION-14 Write straw man proposal on response from server being optional (related to Issue-81) notes added
17:04:01 [johnsimpson]
jonathan has not worked on action item
17:04:03 [Zakim]
agendum 2, Any comments on minutes from the last call:, closed
17:04:05 [Zakim]
I see 7 items remaining on the agenda; the next one is
17:04:07 [Zakim]
3. Review of overdue action items [from aleecia]
17:04:09 [johnsimpson]
jonathan needs another week
17:04:11 [Zakim]
+ +1.202.326.aaqq
17:04:15 [Zakim]
agendum 3. "Review of overdue action items" taken up [from aleecia]
17:04:17 [Zakim]
+ +1.714.852.aarr
17:04:20 [alex___]
Zakim, aakk is alex___
17:04:24 [johnsimpson]
zakim, mute me
17:04:29 [Zakim]
+ +1.202.643.aass
17:04:31 [Zakim]
+alex__; got it
17:04:37 [Zakim]
+ +1.646.825.aatt
17:04:43 [fielding]
fielding has joined #dnt
17:04:53 [Zakim]
+cOlsen; got it
17:04:55 [Zakim]
+ +1.202.637.aauu
17:04:55 [npdoty]
are we using action items for the drafting text assignments that were due Dec 21? are all of those finished?
17:04:59 [aleecia]
http://www.w3.org/2011/tracking-protection/temp-parties-draft-jm-tl.html
17:04:59 [johnsimpson]
turning to action 34.
17:05:03 [Chris]
Chris has joined #dnt
17:05:08 [Zakim]
+ +1.206.369.aavv
17:05:16 [johnsimpson]
zakim, who is on call?
17:05:24 [Zakim]
sorry, alex___, I do not recognize a party named 'aakk'
17:05:26 [Zakim]
sorry, johnsimpson, I do not know which phone connection belongs to you
17:05:26 [justin]
zakim, aaqq is justin has enewland
17:05:39 [tedleung]
zakim, aavv is tedleung
17:05:44 [adrianba]
adrianba has joined #dnt
17:05:44 [Zakim]
+??P88
17:06:04 [Zakim]
I don't understand your question, johnsimpson.
17:06:14 [Zakim]
I don't understand 'aaqq is justin has enewland', justin
17:06:16 [johnsimpson]
jonathan: four definitions
17:06:22 [Zakim]
+tedleung; got it
17:06:31 [johnsimpson]
plans to address each in sequence...
17:06:40 [Zakim]
+ +44.789.449.aaww
17:06:44 [Zakim]
+ +1.212.565.aaxx
17:06:50 [Zakim]
- +44.789.449.aaww
17:06:54 [johnsimpson]
high level points crisp text
17:06:59 [BrianTs]
BrianTs has joined #DNT
17:07:07 [Zakim]
+[Microsoft]
17:07:16 [adrianba]
zakim, [Microsoft] has adrianba
17:07:21 [Zakim]
+??P91
17:07:22 [npdoty]
jmayer, we can't hear you
17:07:23 [johnsimpson]
tried to strike balance...
17:07:31 [Zakim]
- +1.202.684.aaii
17:07:31 [johnsimpson]
lost jonathan
17:07:33 [Zakim]
+adrianba; got it
17:07:41 [johnsimpson]
tom picks up.
17:07:43 [Zakim]
+ +1.415.520.aayy
17:08:07 [johnsimpson]
we can wal through document
17:08:12 [Zakim]
+ +1.206.658.aazz
17:08:25 [johnsimpson]
... definitions lots of stuff in it
17:08:43 [tl]
http://www.w3.org/2011/tracking-protection/track/actions/overdue
17:08:48 [aleecia]
http://www.w3.org/2011/tracking-protection/temp-parties-draft-jm-tl.html
17:08:48 [jmayer]
got dropped
17:08:49 [tl]
A "first party" is any party, in a specific network interaction, that can infer
17:08:49 [tl]
with high probability that the user knowingly and intentionally communicated
17:08:49 [tl]
with it. Otherwise, a party is a third party.
17:08:49 [tl]
A "third party" is any party, in a specific network interaction, that cannot
17:08:49 [tl]
infer with high probability that the user knowingly and intentionally
17:08:49 [alex___]
Zakim, mute me
17:08:49 [Zakim]
sorry, alex___, I do not know which phone connection belongs to you
17:08:50 [tl]
communicated with it.
17:08:54 [jmayer]
rejoining
17:09:02 [aleecia]
thanks, Jonathan
17:09:05 [alex___]
Zakim, aakk is alex
17:09:05 [Zakim]
sorry, alex___, I do not recognize a party named 'aakk'
17:09:12 [KevinT]
KevinT has joined #dnt
17:09:21 [alex___]
Zakim, alex is aakk
17:09:21 [Zakim]
+aakk; got it
17:09:45 [Zakim]
+ +1.202.684.bbaa
17:09:51 [alex___]
Zakim, mute me
17:09:51 [Zakim]
sorry, alex___, I do not know which phone connection belongs to you
17:09:54 [johnsimpson]
knowingly and intentionally ... have bunch of specific componets
17:09:59 [jmayer]
Zakim, bbaa is jmayer
17:09:59 [Zakim]
+jmayer; got it
17:10:11 [amyc]
amyc has joined #dnt
17:10:44 [johnsimpson]
infer with high probability,,, most confusing word is "party"
17:11:42 [andyzei]
andyzei has joined #dnt
17:12:12 [clp]
+
17:12:21 [clp]
?+
17:12:21 [johnsimpson]
important component is one set of examples would be Flicker and Yahoo, needs to understand branding. might get that Flcker is Yahoo, not necessarily the other way.. same with Google an You Tube
17:12:22 [JC]
JC has joined #DNT
17:12:25 [clp]
+?
17:12:26 [jimk]
jimk has joined #DNT
17:12:46 [hwest]
+q
17:12:53 [clp]
+q
17:12:54 [aleecia]
(noted)
17:13:13 [johnsimpson]
We think that corporate affiliation is not good. .. must people don't get it. Relying on branding
17:13:17 [aleecia]
(going to let Tom finish, then ask Jonathan if he wants to comment, then the queue)
17:13:31 [JC]
I can't connect using (617)761.6200
17:13:44 [aleecia]
Nick, can you help JC?
17:13:59 [jimk]
If anyone can help I'm having trouble with the +1.617.761.6200 number; it's failing via Skype, where it was working
17:14:02 [johnsimpson]
Tom: Lot of non-normative discussion to guide it... mashups multiple first parties
17:14:07 [clp]
try dialing 1 first? then wait, then 87225#
17:14:12 [fielding]
q+
17:14:16 [WileyS]
+q
17:14:20 [JC]
I did
17:14:21 [dsinger]
q+
17:15:30 [johnsimpson]
Jonathan comments... High level: balance between bright line rules and high level standards
17:15:57 [clp]
now
17:15:59 [WileyS]
Q-
17:16:05 [fielding]
okay for details
17:16:20 [johnsimpson]
nick: my telephone number is 310-292-7041, didn't see what letters zakim assigned
17:16:22 [fielding]
s/okay/okay to wait/
17:16:35 [Adam]
Adam has joined #dnt
17:16:43 [aleecia]
ack clp
17:17:13 [aleecia]
That document URL again in case you cannot find it quickly in email: http://www.w3.org/2011/tracking-protection/temp-parties-draft-jm-tl.html
17:17:24 [Zakim]
+[Microsoft.a]
17:17:51 [johnsimpson]
charles: just wanted to point out some use cases a good use of good branding.
17:18:00 [clp]
I will take an Action to create pictures of good and bad examples for first party / third party relationships in UI
17:18:16 [clp]
defniing "obvious to the user"
17:18:26 [johnsimpson]
charles volunteers to offer some pictures of good and bad branding
17:18:36 [Zakim]
+[Microsoft.aa]
17:18:43 [npdoty]
zakim, aaoo is johnsimpson
17:18:43 [Zakim]
+johnsimpson; got it
17:18:59 [aleecia]
action: clp to create pictures of good and bad examples for first party / third party relationships in UI
17:18:59 [trackbot]
Sorry, couldn't find user - clp
17:19:00 [johnsimpson]
thanks, nick
17:19:07 [johnsimpson]
zakim, mute me
17:19:07 [Zakim]
johnsimpson should now be muted
17:19:28 [npdoty]
is there concern over ambiguity on "ordinary user"?
17:19:34 [npdoty]
A "party" is any commercial, nonprofit, or governmental organization, a subsidiary or unit of such an organization, or a person, that an ordinary user would perceive to be a discrete entity for purposes of information collection and sharing. Domain names, branding, and corporate ownership may contribute to, but are not necessarily determinative of, user perceptions of whether two parties are distinct.
17:19:53 [hwest]
No more concern than 'reasonable' and similarly vague words
17:19:55 [tl]
npdoty, it's an analogue of the "reasonable person" legal standard
17:19:57 [fielding]
me
17:20:05 [johnsimpson]
Aleecia asks for comments on definition
17:20:13 [johnsimpson]
Aleecia says reasonable is vague
17:20:25 [Zakim]
+ +44.789.449.bbbb
17:20:25 [rvaneijk]
The first party definition leaves good room to hook up action item 14. I am happy with the defs.
17:20:33 [aleecia]
ack hwest
17:20:53 [aleecia]
Roy next
17:21:10 [bryan]
"that an ordinary user would perceive" needs to be validated through some sort of survey process
17:21:12 [johnsimpson]
heather says reasonable, huge number of vague words
17:21:15 [clp]
FYI Aleecia, I hope to have that Action completed by Monday of next week (pictures)
17:21:26 [aleecia]
great, thanks Charles
17:21:52 [amyc]
is there precedent in W3C specs for such standards?
17:21:59 [amyc]
or similar language?
17:22:09 [amyc]
that we could reuse in this spec
17:22:14 [johnsimpson]
Heather adsks are we mandating a survey of users?
17:22:23 [johnsimpson]
Jonathan says no
17:22:26 [Zakim]
+[Microsoft.aaa]
17:22:35 [npdoty]
s/Heather adsks/hwest:/
17:22:42 [dwainberg]
"overwhelming majority of cases will be clear" << I'm not sure that's true
17:22:47 [BrianTs]
Zakim, [Microsoft.aaa] has BrianTs
17:22:49 [npdoty]
s/Jonathan says/jmayer:/
17:22:49 [Zakim]
+BrianTs; got it
17:23:04 [johnsimpson]
... jonathan in close cases the language is designed to put burden on Website
17:23:38 [clp]
What about "most users" rather than "an ordinary user" ?
17:23:51 [WileyS]
Agree - I believe there needs to be a "good faith" standard - equally subjective but at least sets forth good practices.
17:24:13 [johnsimpson]
Heather: need to clarify expectations
17:24:27 [WileyS]
+q
17:24:40 [clp]
If you want it stronger, "the vast majority of users"
17:24:44 [johnsimpson]
Aleecia: Not clear to what you are suggesting instead
17:24:55 [justin]
I think "good faith" is too weak. Would be fine with "reasonable," "ordinary," or "clear branding"
17:25:06 [clp]
"most users"
17:25:09 [clp]
was the original idea
17:25:14 [clp]
vague
17:25:15 [amyc]
agree with Aleecia, want to avoid most or quantitifying
17:25:48 [clp]
Aha, the reasonable man standard, got you J.
17:25:50 [johnsimpson]
aleecia: looking at this as user-centric definition
17:25:53 [aleecia]
q?
17:25:58 [aleecia]
ack fielding
17:26:10 [johnsimpson]
Roy: Questions: Separating parties from other ones is wrong
17:26:22 [johnsimpson]
... all about first party
17:26:36 [laurengelman]
usually with a reasonable person standard, someone later-- a court or other entity-- comes up with reasonable implementations
17:26:41 [johnsimpson]
... third party and the second party
17:26:52 [johnsimpson]
... doesn't make sense... a waste of time
17:27:01 [clp]
FYI, the second party "the user" can also be software, not a person, FYI
17:27:26 [johnsimpson]
1st party is owner of initial page request
17:27:42 [npdoty]
s/1st/... 1st/
17:27:55 [npdoty]
q?
17:28:00 [johnsimpson]
impossible to know if user intentionally accessed. Site can determine if ist site accessed
17:28:21 [npdoty]
s/impossible/... impossible/
17:28:44 [johnsimpson]
Jmayer: got trapped in definitions, owner is a website, who mis the owner
17:29:05 [johnsimpson]
... what if page is operated by multiple companies?...
17:29:06 [clp]
+q
17:29:28 [johnsimpson]
... I think there is so much stuff here we wanted to unpack it...
17:29:37 [johnsimpson]
... not asking the sites to have ESP...
17:29:56 [johnsimpson]
... want to set objective standard
17:30:26 [johnsimpson]
... were subjective definitions suggested earlier, we don't think we've done that here.
17:30:26 [Zakim]
- +1.206.658.aazz
17:31:06 [clp]
I am i the queue for "party"
17:31:28 [johnsimpson]
Aleecia paraphrase Roy: Trying to give general definition across three parties.
17:31:40 [clp]
^^aleecia is queue going to be run though?
17:31:51 [johnsimpson]
Roy: what does branding have to do with 3rd parties?
17:32:03 [aleecia]
ack dsinger
17:32:19 [dsinger]
I think the definition is right in spirit, but problematically vague in testability and detail; there is far too much judgment call in here. We can expect that some organizations will try to operate 'close to the line' and what we have here is a very soft/blurry line. That's not good.
17:32:40 [johnsimpson]
David: Definition is right in spirit, too much judgment calling here. Agree with spirit, not crazy about details...
17:32:42 [fielding]
"legal entity"
17:32:59 [Zakim]
+ +44.142.864.bbcc
17:33:28 [johnsimpson]
... can I bring a suit? are they legal entity? Too much judgment. Need testability.
17:34:05 [dsinger]
"ordinary user" … "perceive" …
17:34:13 [johnsimpson]
jmayer: is there a use case of someone trying to game the text?
17:34:16 [justin]
"Legal entity" could either be too narrow or too broad depending on how an organization is structured, and in any event will not conform to users' expectations.
17:34:25 [aleecia]
ack WileyS
17:34:43 [johnsimpson]
Shane: My concerns in opposite direction...
17:34:56 [johnsimpson]
... agree need to be user centric
17:34:56 [npdoty]
+1 to justin, I don't think user expectations will match legal entities, and like user expectations as the motivation
17:35:35 [dsinger]
q+
17:35:38 [johnsimpson]
...we'll need to provide good faith examples of people trying to act the way
17:36:01 [justin]
Discoverable cannot be the test
17:36:23 [rvaneijk]
+1 justin. The legal layer can be on top of the technical layer. The technical layer may be user centric, the legal layer may be legal entity centric.
17:36:41 [johnsimpson]
Shane: important for a Disney to make clear... fair practice, good faith examples needed.
17:37:08 [johnsimpson]
Aleecia: Do you want to move to corporate identity?
17:37:21 [aleecia]
so the example of "foo.com, powered by google analytics!"?
17:37:27 [npdoty]
I liked your point, Shane, about needing examples to guide implementing sites, but I'm not sure why you conclude that this definition therefore breaks the Internet
17:37:53 [johnsimpson]
Shane says sees examples on both affiliate and and branding model that could work... Need examples. Very needed
17:37:56 [clp]
Yes
17:38:15 [laurengelman]
what about nbc universal or fox
17:38:20 [johnsimpson]
Shane agrees to come up with examples
17:38:37 [WileyS]
-q
17:38:42 [npdoty]
ack clp
17:38:54 [aleecia]
action: shane to also write additional examples around branding for first parties by next week
17:38:54 [trackbot]
Created ACTION-44 - Also write additional examples around branding for first parties by next week [on Shane Wiley - due 2012-01-11].
17:39:22 [johnsimpson]
Charles: A subtle point, since describing party. Can a party be scraping, screenware, software, rather than entity itself...
17:39:28 [jmayer]
Moving the bar from user understanding to user discoverability is a non-starter for me. Opens loopholes, deviates from user expectations, places an inordinate burden on users.
17:39:38 [bryan]
IMO software acting on my behalf is a type of 1st party.
17:40:19 [jmayer]
agree
17:40:22 [johnsimpson]
Aleecia points out definition of user agent could answer Charles' issue
17:40:24 [aleecia]
q?
17:40:30 [aleecia]
ack dsinger
17:41:02 [jmayer]
YouTube + Google
17:41:17 [clp]
(unless there is no agent allowed to be acting on behalf of first and third parties, three software agents all acting on behalf of each party is possible in theory)
17:41:30 [johnsimpson]
dsinger: seems to me the legal entity test is important, two separate legal ought not to be a single entity
17:41:42 [justin]
Well, I think we need to make sure that "foo.com powered by google analytics" doesn't make google a first party if Foo is a separate legal entity
17:41:51 [justin]
So I agree with dsinger
17:41:52 [jmayer]
http://www.youtube.com/t/contact_us
17:41:54 [jmayer]
YouTube LLC
17:42:00 [johnsimpson]
Aleecia: question gets into merge acquisitions
17:42:15 [clp]
There is: legal structure, functional biz structure, domain structure, web page inclusion structure, and first party/thirf party structure
17:42:24 [bryan]
legal entity is itself a fuzzy term
17:42:41 [johnsimpson]
... movie companies create brand new companies for liability reasons
17:42:46 [rvaneijk]
SInger +1
17:43:07 [clp]
good point!
17:43:20 [WileyS]
-1 : At the end of the day the same entity is paying for liability related issues
17:43:23 [laurengelman]
i think it will be the opposite-- they will claim they are all under one roof as a defense under the first party exception
17:43:51 [aleecia]
q?
17:44:00 [johnsimpson]
Alecia: asks Jonathan and Tom to think about issue
17:44:27 [aleecia]
Tom's request: if you want changes, please write them down
17:44:30 [aleecia]
And add to email
17:44:39 [johnsimpson]
Tom asks to out comments in emails
17:45:06 [justin]
I think changing "legal entity" to common ownership would solve most of these problems.
17:45:28 [johnsimpson]
Jmayer: network interaction
17:45:53 [aleecia]
3.1 A "network interaction" is an HTTP request and response, or any other set of logically related network traffic.
17:46:14 [clp]
+q
17:46:20 [jmayer]
justin, common ownership has all sorts of problems, see the writeup
17:46:21 [aleecia]
Determination of a party's status is limited to a single transaction because a party's status may be affected by time, context, or any other factor that influences user expectations.
17:46:31 [fielding]
q+
17:46:32 [aleecia]
ack clp
17:46:41 [johnsimpson]
Discussing Netwok Interaction 3.
17:47:03 [johnsimpson]
Charles: What is "logically related"?
17:47:05 [aleecia]
ack fielding
17:47:30 [johnsimpson]
Roy: Is it a single network interaction or a sequence?
17:47:55 [justin]
jmayer, corporate ownership as necessary, but not sufficient, for first party status. Still need branding or other means to get "reasonable expectations."
17:47:55 [johnsimpson]
Jonathan: Just a single...
17:48:07 [npdoty]
fielding, can you give an example where you think it should be more than one request/response?
17:48:10 [npdoty]
Zakim, who is talking?
17:48:21 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: +1.408.674.aaaa (84%), +1.801.830.aajj (9%), ??P65 (69%)
17:48:37 [npdoty]
Zakim, mute ??P65
17:48:37 [Zakim]
??P65 should now be muted
17:48:56 [npdoty]
Zakim, who is talking?
17:49:05 [Zakim]
-schunter
17:49:05 [aleecia]
4.1 Definitions
17:49:06 [aleecia]
A "first party" is any party, in a specific network interaction, that can infer with high probability that the user knowingly and intentionally communicated with it. Otherwise, a party is a third party.
17:49:07 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: jmayer (19%), schunter (6%)
17:49:13 [johnsimpson]
Move to next section, 4 A first party..
17:49:31 [kj]
kj has joined #dnt
17:49:36 [Zakim]
+??P3
17:49:56 [dsinger]
q+
17:50:02 [johnsimpson]
... places where we think a clear difference...
17:50:03 [aleecia]
ack dsinger
17:50:19 [fielding]
same comments as before
17:50:34 [aleecia]
+dsinger, should add awareness of the site
17:50:38 [npdoty]
does "intentionally" capture "independent choice"?
17:50:41 [johnsimpson]
Dsinger: User should be aware of the distinctness... Should be an independent choice.
17:50:52 [schunter]
zakim, ??P3 is schunter
17:50:52 [Zakim]
+schunter; got it
17:51:28 [johnsimpson]
Dsinger: user not making the decison,,. the site is
17:51:29 [jmayer]
how about firefoxwithbing.com
17:51:56 [johnsimpson]
Roy: user doesn't use domain...just clicking on link
17:52:19 [johnsimpson]
Roy: following a link is fine...
17:52:46 [johnsimpson]
... no difference between site and a mashup site
17:52:49 [justin]
Do these mashups actually exist? Who owns cheezburgerongooglemaps.com in your scenario?
17:53:07 [Zakim]
-[Microsoft]
17:53:11 [jmayer]
justin, I agree corporate ownership will almost always happen when two entities are the same party (*not* first party). Wouldn't mind specifying that floor.
17:53:12 [johnsimpson]
Aleecia: two different examples here
17:53:34 [adrianba]
adrianba has left #dnt
17:54:00 [jmayer]
justin, If multiple first parties, then not necessarily corporate ownership.
17:54:14 [johnsimpson]
.... google maps and craigs list one type... an aggregating site don't know what you're going to get
17:54:23 [fielding]
right, but in those cases the user is "pulling in data" using XHR from two sites, essentially making both third parties, and the sites know that because of the APIs used
17:54:31 [Zakim]
-[Mozilla.a]
17:54:39 [justin]
jmayer, fine, but still trying to wrap my head around "multiple first parties"
17:54:40 [johnsimpson]
Aleecia: daivid probably right might want to go more fine grained....
17:54:46 [aleecia]
q?
17:55:17 [mgroman]
mgroman has joined #dnt
17:55:27 [jmayer]
...if the debate is what to do about mashups, we're in great shape.
17:55:40 [johnsimpson]
Roy: user is pulling data from multiple sites, other sites are third party
17:55:45 [bryan]
agree with Roy, a site "can infer with high probability" as the URL for APIs are typically distinct from URLs intended for direct access
17:56:39 [jmayer]
I would support some sort of "what the hell, someone just embedded all my stuff" safe harbor for things like personal websites.
17:56:47 [laurengelman]
the publisher should be responsible
17:56:49 [npdoty]
aleecia: a concerning situation where a site that intends to always be a first party and then gets embedded somewhere without the site's knowledge
17:56:55 [Zakim]
-[Microsoft.aa]
17:56:55 [johnsimpson]
Aleecia: I've created a site, I get in sucked in as a third party. How do I deal with that? Roy says you consider to act as a 1st party
17:58:00 [WileyS]
+q
17:58:21 [aleecia]
(we want to be careful because we don't have safe harbor power :-)
17:58:41 [johnsimpson]
lauren: the publisher is the one the user is interacting with, whatever legal or subjective test the publisher is the only one that can do it...
17:58:42 [jmayer]
Would like to reiterate that if we're focusing on corner cases like random embeds, I think we're making awesome progress.
17:59:48 [johnsimpson]
aleecia: I've created a site... can put notice to users that this comes from elsewhere
17:59:56 [aleecia]
ack WileyS
17:59:57 [justin]
HousingMaps.com is the name of the craiglist/google mashup. Why isn't the owner of that site the first party, along with any other co-owned and co-branded corp entity. At least one of Google or Craigslist will be a third-party in that scenario, but I don't see why that's a problem
18:00:14 [johnsimpson]
Shane: 1st party in many cases, wouldn't be in a technical position to affect the outcome...
18:00:30 [aleecia]
Justin - I was agreeing with that (and thanks for the url)
18:00:35 [npdoty]
justin, I think dsinger's point was that the definition about user interaction would lead Google and Craigslist to argue that they're first parties too
18:00:54 [johnsimpson]
... should recognize should self identify... 3rd party should recognize
18:01:22 [rvaneijk]
controller - processor is bounded by a contract.
18:01:39 [justin]
npdoty, the user interaction could at some point turn Google or Craigslist into a first party if they're not the owner, but that's a different issue.
18:01:50 [Zakim]
- +1.801.830.aajj
18:01:57 [johnsimpson]
Question about the EU context?
18:02:01 [bryan]
sites can also know that there has been a mashup of data from their 1st party URLs due to other things such as headers e.g. referrer
18:02:16 [jmayer]
As a practical matter - publishers often have no idea what third parties are on their site. Can't expect them to carry much burden.
18:02:32 [schunter]
q+
18:02:39 [johnsimpson]
Lauren: Whole point of the problem is the user has no idea what's going on. ..
18:02:50 [jmayer]
Disagree about publisher being in the best position to understand party status.
18:03:28 [johnsimpson]
Aleecia: Useful to build something supports German's and U/
18:03:30 [jmayer]
Overwhelming majority of cases, a third party knows it's a third party - and the first party knows essentially nothing about the third party.
18:03:36 [justin]
For the record, HousingMaps.com says "this site is in no way affiliated with craigslist or Google" :)
18:03:44 [johnsimpson]
and U.S. practices.
18:03:49 [WileyS]
Sorry Aleecia - didn't mean to interrupt - thought you had finished your statement
18:03:59 [aleecia]
No problem, I paused too long :-)
18:04:39 [aleecia]
My question right now is basically: is this a problem, and if so how large a problem is it
18:04:54 [schunter]
q-
18:05:10 [fielding]
possible new issue: what do we do about browser add-ins/extension that overlay or manipulate content on the client-side?
18:05:12 [KevinT]
But the first party embedded the initial third party to start the chain. with that comes responsibility with what happens downstream with respect to user expectations.
18:05:38 [johnsimpson]
jmayer: often publishers don't know what 3rd parties are doing on sites. Don't see a lot of need for 1st party to get involved, because 3rd party knows their status..
18:06:02 [johnsimpson]
Sean: would fall back on contractual langauge
18:06:09 [bryan]
Roy, IMO addins are part of the 1st party site from where they were obtained
18:06:14 [johnsimpson]
.... couldn't monitor in real time
18:06:17 [npdoty]
fielding, is that part of guidance to the user agent? (I would assume browser extensions are also user agents)
18:06:30 [fielding]
and what about the "check for fraudulent website" interaction that many browsers perform automatically?
18:07:00 [laurengelman]
i know how it works. i don't disagree. but that is a by-product of publisher's not bearing any legal or social responsibility for what happens to their users, not a architectural requirement of the system.
18:07:02 [jmayer]
+q
18:07:29 [johnsimpson]
aleecia: third parties exist to collect data, some exist for other reasons -- how to differentiate?
18:07:37 [bryan]
virus/phishing site checkers are a type of 1st party - the user is getting a specific service from them intentionally
18:07:38 [fielding]
npdoty, yes … these are network interactions that are not intentionally made by the user but still subject to our DNT protocol, maybe?
18:08:08 [johnsimpson]
aleecia: mashup site providing info is different situation
18:08:34 [aleecia]
ack jmayer
18:08:36 [johnsimpson]
aleecia: how to treat to examples differently?
18:08:40 [justin]
Why do we need to treat those sites differently? If the second category of third-party sites isn't tracking, what is the concern, as long as the responsibility is on the third-party, not the first-party (as we have structured thus far)?
18:09:11 [laurengelman]
publishers can absolutely have riders in their contracts with ad servers that limit the sharing of user data with campaigns or creative
18:09:31 [johnsimpson]
jmayer: measurement of 3rd parties on web; almost all we've seen are ads, we're treading into corner cases
18:09:46 [jmayer]
All in favor of covering edge cases. But want to make sure we recognize points of agreement.
18:09:48 [fielding]
referral networks
18:09:59 [johnsimpson]
Aleecia: yes, but edge cases will be interesting...
18:10:30 [johnsimpson]
Roy: referral networks -- common things that aren's ads
18:11:01 [aleecia]
4.2.1 Overview
18:11:02 [aleecia]
We draw a distinction between those parties an ordinary user would or would not expect to share information with, "first parties" and "third parties" respectively. The delineation exists for three reasons.
18:11:02 [johnsimpson]
Moving to Section 4.2
18:11:14 [aleecia]
First, when a user expects to share information with a party, she can often exercise control over the information flow. Take, for example, Example Social, a popular social network. The user may decide she does not like Example Social's privacy or security practices, so she does not visit examplesocial.com. But if Example Social provides a social sharing widget embedded in another website, the user may be unaware she is giving information to Example Social and u
18:11:14 [aleecia]
to exercise control over the information flow.
18:11:27 [aleecia]
Second, we recognize that market pressures are an important factor in encouraging good privacy and security practices. If users do not expect that they will share information with an organization, it is unlikely to experience market pressure from users to protect the security and privacy of their information. In practice, moreover, third parties may not experience sufficient market pressure from first parties since increasingly third parties do not have a direc
18:11:27 [aleecia]
business relationship with the first party websites they appear on. We therefore require a greater degree of user control over information sharing with such organizations.
18:11:39 [aleecia]
Last, third parties are often in a position to collect a sizeable proportion of a user's browsing history – information that can be uniquely sensitive and easily associated with a user's identity. We wish to provide user control over such information flows.
18:11:43 [johnsimpson]
Don't want to reopen "what is tracking debate", but want to list our concerns
18:11:55 [aleecia]
We recognize that, unlike with a bright-line rule, there can be close calls in applying our standard for what constitutes a first party or a third party. But we believe that in practice, such close calls will be rare. The overwhelming majority of content on the web can be classified as first party or third party, with few cases of ambiguity in practice.
18:11:56 [pedermagee]
pedermagee has joined #dnt
18:12:11 [aleecia]
We require a confidence at a "high probability" before a party can consider itself a first party. Where there is reasonable ambiguity about whether a user has intentionally interacted with a party, it must consider itself a third party. Our rationale is that, in the rare close cases, a website is in the best position to understand its users' expectations. We therefore impose the burden of understanding user expectations on the website. We also wish, in close ca
18:12:11 [aleecia]
to err on the side of conforming to user expectations and protecting user privacy. If the standard is insufficiently protective, ordinary users have limited recourse; if the standard imposes excessive limits, websites retain the safety valve of explicitly asking for user permission.
18:12:43 [jmayer]
After moving through the document, it would be helpful to hear where people are - is this close to consensus?
18:12:48 [johnsimpson]
Aleecia: Have reasons why not technical definition
18:13:06 [aleecia]
4.2.3 Multiple First Parties
18:13:07 [aleecia]
There will almost always be only one party that the average user would expect to communicate with: the provider of the website the user has visited. But, in rare cases, users may expect that a website is provided by more than one party. For example, suppose Example Sports, a well known sports league, collaborates with Example Streaming, a well known streaming video website, to provide content at www.examplesportsonexamplestreaming.com. The website is prominentl
18:13:07 [aleecia]
advertised and branded as being provided by both Example Sports and Example Streaming. An ordinary user who visits the website may recognize that it is operated by both Example Sports and Example Streaming.
18:13:21 [aleecia]
4.2.4 User Interaction with Third-Party Content
18:13:22 [aleecia]
A party may start out as a third party but become a first party later on, after a user interacts with it. If content from a third party is embedded on a first party page, the third party may become an additional first party if it can infer with high probability that the average user knowingly and intentionally communicated with it. If a user merely moused over, closed, or muted third-party content, the party would not be able to draw such an inference.
18:13:40 [WileyS]
Not close until Corporate Ownership and Affiliates are addressed in a more reasonable manner. I believe a "reasonably discoverable" standard should be set here.
18:13:49 [WileyS]
That was to JMayer's question...
18:14:31 [jmayer]
"addressed in a more reasonable manner" = ?
18:14:51 [clp]
Why "average user" here rather than "reasonable" or "ordinary" ?
18:15:05 [johnsimpson]
Shane: Jonathan asked if close to consensus. We can't be close until corporate and affilitiate status are addressed...
18:15:08 [tedleung]
yep
18:15:10 [jmayer]
clp, tried to be clear that this is objective and, if necessary, testable.
18:15:21 [tedleung]
(speaking for Disney)
18:15:45 [johnsimpson]
... ESP and Disney are is an acceptable approach...
18:15:46 [jmayer]
Shane, can you expand that example?
18:16:14 [npdoty]
s/ESP/ESPN/
18:16:45 [johnsimpson]
Aleecia -- If user and visit ESP, but no branding you're saying OK...
18:16:57 [justin]
+q
18:17:11 [fielding]
what are we trying to protect by this definition? why does it matter that ESPN and other sites are owned by Disney?
18:17:19 [johnsimpson]
Aleecia: Nielsen says 100 unique sites a day for average
18:17:21 [jmayer]
So Disney's position is that, even if users don't understand that ESPN is owned by Disney, ESPN should be able to share data with Disney?
18:17:29 [npdoty]
s/ESP/ESPN/
18:17:35 [clp]
May be because of images, ads, also loaded with a page? one page can be 12-15 entities?
18:17:51 [bryan]
Does that metric include images pulled into email readers etc? Otherwise the number seems way high to me also.
18:17:51 [dsinger]
even if the vast majority of sites I visit each day are ones I have visited before, there's no way I am going to research the corporate structure of ANY site I visit, let alone work out which ones I am visiting for the first time!!
18:17:55 [johnsimpson]
Aleecia: You're putting burden on user to discover the affiliations...
18:17:55 [jmayer]
Reject this repeated claim about "users who care." The burden should not be on users.
18:17:55 [aleecia]
(Aleecia to find Neilsen data for Shane on # unique sites per day)
18:18:15 [fielding]
jmayer, why not?
18:18:35 [johnsimpson]
Shane: need to figure out a way to have a best practice for discoverable affiliation.
18:18:42 [laurengelman]
This is a list of assets owned by Rupert Murdoch's News Corporation: http://en.wikipedia.org/wiki/List_of_assets_owned_by_News_Corporation so they are covered for sharing ampong all of these as first-party?
18:19:00 [jmayer]
Because they're in a terrible position to learn about and understand corporate relationships, as against a company that can use domains, branding, marketing, slogans, etc.
18:19:15 [johnsimpson]
Shane: trying to figure our where gaining consensus
18:19:16 [justin]
I just clicked on 20 links on ESPN.com and didn't see anything about Disney at all in those links. THE LINKS THAT A USER WOULD REASONABLY GO TO (stories about sports)
18:19:23 [justin]
-1
18:19:30 [enewland]
-1
18:19:30 [rvaneijk]
-1
18:19:30 [clp]
-1
18:19:31 [WileyS]
Click on Privacy Policy
18:19:31 [dsinger]
-1
18:19:32 [andyzei]
-1
18:19:33 [jmayer]
-INT_MAX
18:19:34 [Chris]
+1
18:19:36 [fielding]
sure, but why does it matter which funnel is used to give data to Disney? Disney still has the data.
18:19:39 [tl]
-1
18:19:40 [vincent]
-1
18:19:43 [hwest]
+1 potentially
18:19:43 [laurengelman]
-1
18:19:48 [npdoty]
sharvey: +1
18:20:03 [johnsimpson]
-1 strongly disagree
18:20:07 [vincent]
we have to click on the link "learn more" first, meaning that I have to intereact with ESPN before I actually know it belongs to Disney
18:20:34 [justin]
WileyS, given the typical ESPN browsing experience, how can you say that I am intentionally or even knowingly sharing data with Disney?
18:20:37 [bryan]
The way the question was phrased implies an inordinate amount of effort to research the relationship - I don't think that was the intent of the discoverability assertion.
18:20:46 [tedleung]
I don't have a prescription for a solution
18:20:50 [johnsimpson]
Shane: I see this as an area where we will polarize as group.
18:20:59 [dsinger]
I really hope we can find a non-polarized consensus!
18:21:03 [tedleung]
but we definitely have concerns around the current language re: branding
18:21:06 [jmayer]
Another important safety valve for erring on the side of multiple parties - websites can ask for an exception.
18:21:14 [jmayer]
If a website decides it's a first party, the user is out of luck
18:21:44 [justin]
Why isn't branding the non-polarizing middle ground? Yahoo/Flickr are co-parties, but ESPN/Disney isn't because there's no branding where any ordinary user would see it?
18:21:47 [justin]
_q
18:21:52 [justin]
-q
18:21:53 [fielding]
q+
18:21:57 [johnsimpson]
Aleecia: I think everyone understands there is a need to send data. I think need to have understanding of data flows when DNT is on.
18:22:00 [bryan]
q+
18:22:01 [aleecia]
ack fielding
18:22:02 [tedleung]
it's a good example. I'm not taking it personally
18:22:08 [WileyS]
"no understanding" is strong - many could argue users willingfully "dont want to understand" hence the low privacy policy reading rates
18:22:23 [aleecia]
Shane, how would I know what I don't know?
18:22:49 [aleecia]
What you suggest is that users would have to pay attention to corp ownership for each site they visit
18:22:51 [jmayer]
roy, users might care about what part of Disney gets data, who it can share it with, how it can use it, ...
18:22:54 [Zakim]
- +1.760.705.aagg
18:22:58 [johnsimpson]
Roy: If the concern of the user is being provided to corporations they don't know about. What I care about is not how data gets to Disney, but if they have it.
18:22:58 [aleecia]
And make decisions based on this
18:23:13 [aleecia]
It's like we're reinventing the privacy policy problem
18:23:26 [jmayer]
aleecia, +INT_MAX
18:23:29 [aleecia]
It's not the users don't care, it's that the burden for reading privpols is way too high
18:23:35 [jmayer]
We've tried putting the burden on users. It doesn't work.
18:23:49 [WileyS]
There has to be a middle ground
18:24:05 [johnsimpson]
Roy: Like to find easy definition of what trying to protect against...
18:24:05 [aleecia]
I hope so
18:24:19 [justin]
WileyS, "don't want to understand" isn't fair --- it's not economically rational for users to click through privacy policies to try to figure out what's going on --- they're not useful document for users
18:24:20 [laurengelman]
This plan purposely favors large companies over small one. It permits a company with multiple entities to create profiles and prevents small companies with one or few sites from doing so.
18:24:20 [aleecia]
Use case of hospital and insurance company
18:25:05 [johnsimpson]
Brian: discoverable is related to what is a good example...
18:25:10 [WileyS]
Justin - many companies have invested heavily to make their privacy centers "useful" to users - so a blanket statement here doesn't feel fair
18:25:16 [npdoty]
s/Brian/bryan/
18:25:22 [tedleung]
q+
18:25:32 [aleecia]
ack bryan
18:25:47 [jmayer]
Shane, companies have been working on improving privacy transparency. But it has real limits. Can't pretend that better website design will solve the problem.
18:25:49 [justin]
WileyS, the average privacy policy is not worth a user clicking on
18:26:06 [johnsimpson]
Bryan: Things are more discoverable than they seem; just need examples.
18:26:29 [Zakim]
-jmayer
18:26:30 [WileyS]
Safe Travels Jonathan!
18:26:46 [npdoty]
yes
18:26:48 [bryan]
q-
18:26:52 [aleecia]
ack tedleung
18:27:00 [WileyS]
All of this boils down to User Education
18:27:15 [dsinger]
- thinks 'discoverable' is a lot less important than 'evident', and (like before) something that is NOT easily discoverable is prima facie, not evident :-)
18:27:15 [WileyS]
Branding, Data Collection / Use Practices, etc.
18:27:25 [aleecia]
If you can solve user education, you're first on my holiday gift list :-)
18:27:45 [johnsimpson]
Ted: We are a bigger company; for smaller companies it's a much tougher problem. When read so many other parts of spec in flux... hard to know what will work...
18:28:28 [johnsimpson]
... part of where we are is that we're still working through all the pieces and need to see how work together...
18:28:55 [johnsimpson]
... that's what I'm feeling...from reading all the drafts.
18:28:58 [Zakim]
- +1.646.825.aatt
18:29:08 [Zakim]
-efelten
18:29:24 [laurengelman]
yes. it would be useul to understand what data flow can happen or not happen if disney and espn are both first parties or not.
18:29:35 [johnsimpson]
Aleecia: Would be useful to take the text been discussing and put it in and see what's going on...
18:30:02 [johnsimpson]
... feel getting close...
18:30:06 [Zakim]
- +1.301.270.aahh
18:30:08 [npdoty]
+1, maybe having all of the text pieces in the same draft (even though we're not finished with it) will help us see the multiple (moving) pieces together
18:30:46 [fielding]
yay, more writing tasks ;-)
18:30:52 [johnsimpson]
Aleecia: please but issues in email...
18:30:58 [npdoty]
s/but/put/
18:31:20 [aleecia]
http://www.w3.org/2011/tracking-protection/compliance-issues.html
18:31:38 [Zakim]
- +44.789.449.bbbb
18:31:56 [johnsimpson]
Aleecia: Thanks for getting text in.. Look forward ti getting into docs
18:31:59 [andyzei]
Happy New Year!
18:32:03 [mgroman]
mgroman has left #dnt
18:32:04 [Zakim]
- +1.408.349.aall
18:32:05 [Zakim]
-??P88
18:32:05 [Zakim]
- +1.212.565.aaxx
18:32:06 [Zakim]
- +1.202.326.aaqq
18:32:06 [Zakim]
- +1.415.520.aaee
18:32:06 [Zakim]
-aakk
18:32:07 [Zakim]
- +1.415.520.aayy
18:32:08 [Zakim]
-??P65
18:32:08 [johnsimpson]
Happy New year
18:32:10 [Zakim]
- +1.202.643.aass
18:32:12 [Zakim]
-cOlsen
18:32:12 [tedleung]
thanks aleecia
18:32:14 [Zakim]
-[Mozilla]
18:32:16 [Zakim]
-bryan
18:32:18 [Zakim]
-rvaneijk
18:32:20 [Zakim]
- +1.202.637.aauu
18:32:22 [Zakim]
-johnsimpson
18:32:24 [Zakim]
-??P34
18:32:25 [npdoty]
Zakim, list attendees
18:32:26 [Zakim]
- +1.813.366.aapp
18:32:28 [Zakim]
- +1.408.674.aaaa
18:32:29 [tedleung]
tedleung has left #dnt
18:32:30 [Zakim]
- +1.714.852.aarr
18:32:32 [Zakim]
-[Microsoft.aaa]
18:32:33 [johnsimpson]
johnsimpson has left #dnt
18:32:34 [Zakim]
- +1.508.655.aann
18:32:34 [bryan]
Final note: We should be able to reach consensus on what is discoverable (in terms of branding relationships) by an average user through consideration of typical examples from our public websites and services. I believe that average users can typically find out with one or two clicks whether content presented on a site is sourced by an affiliate of the 1st party (and not thus a 3rd party). I recommend that group members provide such examples to determine how easy
18:32:36 [Zakim]
- +44.142.864.bbcc
18:32:38 [Zakim]
-[Apple]
18:32:40 [Zakim]
-tedleung
18:32:42 [Zakim]
-??P91
18:32:45 [Zakim]
As of this point the attendees have been +1.408.674.aaaa, tl, [Mozilla], +31.65.141.aabb, sidstamm, rvaneijk, schunter, +1.510.859.aadd, +1.415.520.aaee, +1.202.326.aaff, npdoty,
18:32:45 [fielding]
zakim, aarr is fielding
18:32:47 [Zakim]
... efelten, dsinger, +1.760.705.aagg, +1.301.270.aahh, +1.202.684.aaii, +1.801.830.aajj, +1.813.366.aakk, +1.408.349.aall, bryan, +1.202.326.aamm, +1.508.655.aann,
18:32:48 [KevinT]
KevinT has left #dnt
18:32:50 [Zakim]
... +1.310.392.aaoo, +1.813.366.aapp, +1.202.326.aaqq, +1.714.852.aarr, +1.202.643.aass, alex__, +1.646.825.aatt, cOlsen, +1.202.637.aauu, +1.206.369.aavv, tedleung,
18:32:53 [Zakim]
... +44.789.449.aaww, +1.212.565.aaxx, adrianba, +1.415.520.aayy, +1.206.658.aazz, aakk, +1.202.684.bbaa, jmayer, [Microsoft], johnsimpson, +44.789.449.bbbb, BrianTs,
18:32:56 [Zakim]
... +44.142.864.bbcc
18:32:58 [Zakim]
sorry, fielding, I do not recognize a party named 'aarr'
18:33:00 [Zakim]
-[Microsoft.a]
18:33:13 [npdoty]
zakim, aarr is fielding
18:33:13 [Zakim]
sorry, npdoty, I do not recognize a party named 'aarr'
18:33:23 [rvaneijk]
rvaneijk has left #dnt
18:33:34 [fielding]
too late, I guess … just replace in minutes
18:33:56 [fielding]
s/+1.714.852.aarr/fielding/
18:34:11 [clp]
Bye all, Happy New Year
18:34:12 [fielding]
it's because I hung up first
18:34:15 [aleecia]
Bryan, please go ahead and take a try
18:34:26 [npdoty]
trackbot, end meeting
18:34:26 [trackbot]
Zakim, list attendees
18:34:26 [Zakim]
As of this point the attendees have been +1.408.674.aaaa, tl, [Mozilla], +31.65.141.aabb, sidstamm, rvaneijk, schunter, +1.510.859.aadd, +1.415.520.aaee, +1.202.326.aaff, npdoty,
18:34:27 [trackbot]
RRSAgent, please draft minutes
18:34:27 [RRSAgent]
I have made the request to generate http://www.w3.org/2012/01/04-dnt-minutes.html trackbot
18:34:28 [trackbot]
RRSAgent, bye
18:34:28 [RRSAgent]
I see 2 open action items saved in http://www.w3.org/2012/01/04-dnt-actions.rdf :
18:34:28 [RRSAgent]
ACTION: clp to create pictures of good and bad examples for first party / third party relationships in UI [1]
18:34:28 [RRSAgent]
recorded in http://www.w3.org/2012/01/04-dnt-irc#T17-18-59
18:34:28 [RRSAgent]
ACTION: shane to also write additional examples around branding for first parties by next week [2]
18:34:28 [RRSAgent]
recorded in http://www.w3.org/2012/01/04-dnt-irc#T17-38-54
18:34:29 [Zakim]
... efelten, dsinger, +1.760.705.aagg, +1.301.270.aahh, +1.202.684.aaii, +1.801.830.aajj, +1.813.366.aakk, +1.408.349.aall, bryan, +1.202.326.aamm, +1.508.655.aann,
18:34:32 [Zakim]
... +1.310.392.aaoo, +1.813.366.aapp, +1.202.326.aaqq, +1.714.852.aarr, +1.202.643.aass, alex__, +1.646.825.aatt, cOlsen, +1.202.637.aauu, +1.206.369.aavv, tedleung,
18:34:35 [npdoty]
Zakim, who is on the phone?
18:34:36 [Zakim]
... +44.789.449.aaww, +1.212.565.aaxx, adrianba, +1.415.520.aayy, +1.206.658.aazz, aakk, +1.202.684.bbaa, jmayer, [Microsoft], johnsimpson, +44.789.449.bbbb, BrianTs,
18:34:38 [Zakim]
... +44.142.864.bbcc
18:34:38 [Zakim]
On the phone I see npdoty, schunter