IRC log of dnt on 2012-04-12

Timestamps are in UTC.

00:04:05 [enewland]
enewland has joined #dnt
00:06:54 [mischat]
mischat has joined #dnt
00:22:03 [enewland]
enewland has joined #dnt
00:23:58 [sidstamm]
sidstamm has joined #dnt
00:26:17 [schunter]
schunter has joined #dnt
01:12:47 [sidstamm]
sidstamm has joined #dnt
01:13:06 [sidstamm_]
sidstamm_ has joined #dnt
02:44:51 [ifette]
ifette has joined #dnt
02:46:09 [dsinger]
dsinger has joined #dnt
03:04:34 [tl]
tl has joined #dnt
03:21:14 [tl]
tl has joined #dnt
13:11:45 [RRSAgent]
RRSAgent has joined #dnt
13:11:45 [RRSAgent]
logging to http://www.w3.org/2012/04/12-dnt-irc
13:11:58 [Zakim]
Zakim has joined #dnt
13:12:01 [npdoty]
rrsagent, make logs public
13:14:19 [schunter]
schunter has joined #dnt
13:17:14 [hwest]
hwest has joined #dnt
13:18:09 [ninja]
ninja has joined #dnt
13:18:41 [schunter]
schunter has joined #dnt
13:20:17 [johnsimpson]
johnsimpson has joined #dnt
13:21:57 [mischat]
mischat has joined #dnt
13:22:22 [npdoty]
scribenick: npdoty
13:22:29 [npdoty]
schunter: thanks for returning to our third day
13:22:30 [jchester2]
jchester2 has joined #dnt
13:22:34 [npdoty]
... already made a lot of progress
13:22:35 [ifette]
ifette has joined #dnt
13:22:43 [npdoty]
... today diving in to the technical details of our protocols
13:22:54 [vincent_]
vincent_ has joined #dnt
13:22:55 [npdoty]
... smaller groups to dive in on areas that are unclear
13:23:13 [npdoty]
Topic: Scribes
13:23:34 [dstark]
dstark has joined #dnt
13:23:38 [Joanne]
Joanne has joined #DNT
13:24:48 [npdoty]
scribe for 10:30-11: Joanne
13:24:56 [robsherman]
robsherman has joined #dnt
13:25:21 [ifette]
ScribeNick: hwest
13:25:30 [hwest]
Matthias: Reviews agenda
13:26:39 [rvaneijk]
rvaneijk has joined #dnt
13:26:41 [aleecia]
aleecia has joined #dnt
13:26:47 [efelten_]
efelten_ has joined #dnt
13:27:29 [hwest]
Matthias: David put together the open and pending issues into a tracker; one group where it looks like we have agreement, second group where items have been discussed, and a third group we should talk about today
13:27:47 [hwest]
… most of these are listing as pending review, we have text, they've been around for a while. Would like to close them.
13:28:18 [hwest]
… ISSUE-47, regarding the response of the server - all proposals on the table address the question
13:28:33 [hwest]
npdoty: Well known URI proposal, that's true. I think it's an open question tho
13:28:41 [hwest]
WileyS: Other proposal has optional append too
13:28:59 [fielding]
fielding has joined #dnt
13:29:05 [hwest]
Matthias: I'll send our consensus to the list to make sure everyone agrees
13:29:06 [amyc]
amyc has joined #dnt
13:29:10 [Chris]
Chris has joined #dnt
13:29:10 [vinay]
vinay has joined #dnt
13:29:32 [npdoty]
for my own reminder, for header proposal, have the optional code that you can append to a well-known URI, which can describe the policy
13:29:45 [ac]
ac has joined #DNT
13:29:50 [hwest]
… next item ISSUE-84, make DNT status to JS. I think I made a mistake here. Page loads and sees the JS. Removed at some point, but want to re-discuss it later. Will discuss today.
13:30:05 [hwest]
Matthias: ISSUE-108 re DNT in other protocols
13:30:26 [npdoty]
http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#other-protocols
13:30:29 [npdoty]
looks good to me
13:30:38 [hwest]
… this doc only specifies HTTP, but could be applied to other protocols. No objections heard about this, can close.
13:30:51 [hwest]
Dsinger: There's a para in the doc that seems to belong in the compliance doc, can address later.
13:31:05 [aleecia]
4.5 Tracking Preference Expressed in Other Protocols
13:31:05 [aleecia]
A user's tracking preference is intended to apply in general, regardless of the protocols being used for Internet communication. The protocol expressed here is specific to HTTP communication; however, the semantics are not restricted to use in HTTP; the same semantics may be carried by other protocols, either in future revisions of this specification, or in other specifications.
13:31:06 [aleecia]
When it is known that the user's preference is for no tracking, compliant services are still required to honor that preference, even if other protocols are used. For example, re-directing to another protocol in order to avoid receipt of the header is not compliant.
13:31:33 [hwest]
Matthias: ISSUE-109 about fingerprinting risks of an API, API was closed. Shane and others disagree.
13:31:48 [hwest]
Dsinger: we can discuss in the breakout.
13:32:02 [hwest]
WileyS: If we have same-origin rules on who can see what, lower risk.
13:32:22 [hwest]
Matthias: Looks like we can close it after the breakout.
13:32:36 [hwest]
… ISSUE-14 also remains open until after the session
13:32:46 [hwest]
… ISSUE-114 I mean
13:33:13 [marc]
marc has joined #DNT
13:33:38 [hwest]
… ISSUE-115 seems closed, we've decided to include out of band consent for exceptions.
13:33:54 [hwest]
Dsinger: we don't explicitly have text but can definitely happen. Seems we can close this.
13:34:19 [hwest]
Matthias: Have answered the question and can close the issue.
13:34:28 [hwest]
npdoty: do we have corresponding language in the compliance doc?
13:34:48 [hwest]
Dsinger: UA has a means to find out other than the API
13:35:11 [hwest]
Matthias: ISSUE-115 is closing.
13:35:21 [hwest]
Aleecia: that means a MUST for a response header?
13:35:38 [hwest]
Matthias: ISSUE-118 closing.
13:35:50 [npdoty]
can anyone help me find the corresponding issue for compliance doc on requirements/text for out-of-band consent?
13:36:16 [hwest]
… ISSUE-125 was over email discussion, sufficient means of testing whether the UA supported DNT
13:36:27 [hwest]
WileyS: would prefer DNT null but that's ok
13:36:57 [npdoty]
WileyS, so we're all comfortable with http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#exceptions-when-not-enabled
13:37:01 [hwest]
Matthias: … ISSUE-125 closing. We'll update the tracker ASAP and migrate that to the doc.
13:37:11 [jmayer]
jmayer has joined #dnt
13:37:12 [hwest]
… Now two big blocks for the working groups
13:37:28 [hwest]
… server responses working group and exceptions working group
13:37:37 [hwest]
… will discuss
13:37:51 [justin_]
justin_ has joined #dnt
13:37:58 [hwest]
… Roy and Tom will lead the server responses working group
13:38:10 [hwest]
… goal of the session is to address feedback from site to user agents
13:38:14 [tlr]
tlr has joined #dnt
13:38:31 [hwest]
… whether site is first party, complies with DNT, thinks it has an exception
13:38:49 [hwest]
… three texts on the table - Tom's header, Roy's URI, and a hybrid
13:39:16 [hwest]
… purpose is to agree on one of those three texts, or a mixture. This group needs to get to a final and consolidated document
13:39:31 [hwest]
mgroman: Does this include whether it's may or must to respond, and which parties are responding?
13:39:55 [hwest]
Matthias: Both those issues are in this group. I think that for the response there is a MUST, just not sure which one it'll be.
13:40:05 [hwest]
WileyS: not optional if you support DNT
13:40:05 [npdoty]
issue-48?
13:40:05 [trackbot]
ISSUE-48 -- Response from the server should indicate the server will honor it -- closed
13:40:05 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/48
13:40:16 [hwest]
… for all parties
13:40:42 [hwest]
Aleecia: If I understand the group, there are two things that first parties must do - respond with their status, and can't append data
13:41:40 [KevinT]
KevinT has joined #dnt
13:41:43 [hwest]
Matthias: Also input for this group is optimal requirements - status transmission, ease of implementation, transparency, granularity, maintainability, transmission of larger info (?), compatibility, resources
13:41:58 [hwest]
… questions?
13:42:11 [hwest]
Chris: Some of these are subjective, is the goal to firm up that language?
13:42:25 [hwest]
Matthias: Goal is to find a mechanism that does these things
13:43:09 [alex_]
alex_ has joined #dnt
13:43:23 [hwest]
… for this, headers are easy, for URI...
13:43:31 [hwest]
… may want to have an intro with these goals in the document
13:43:54 [hwest]
Kevin: Is this high level requirements or are we specifying elements etc?
13:44:14 [fielding]
Tom's hybrid proposal is at http://lists.w3.org/Archives/Public/public-tracking/2012Apr/att-0067/tsr-tk_hybrid.markdown.txt
13:44:15 [hwest]
Matthias: I think currently we want to avoid policy language
13:44:23 [hwest]
… but some indication is useful
13:44:32 [hwest]
Kevin: Decided on the list it was out of scope
13:44:42 [hwest]
Matthias: Not our intent to put compliance spec into machine readable policy
13:44:54 [hwest]
Kevin: If UA can read it?
13:45:00 [aleecia]
May I just say: I have no plans to a 2.0 on compliance :-)
13:45:28 [hwest]
Matthias: Related issues are 107 (format), 120 (must or may), 124 (expression), and 112 (subdomains)
13:45:42 [hwest]
… questions
13:46:07 [hwest]
Ifette: It's not always request-response, some HTTP includes a server push
13:46:18 [hwest]
… not always in direct response, can provide something ahead of time without an actual request
13:46:50 [hwest]
Fielding: doesn't impact tracker status here. but will affect dynamic response header field because server doesn't know your status
13:47:00 [hwest]
Rigo: Should we have non normative lines in the spec?
13:47:09 [hwest]
fielding: No, the resource will work fine
13:47:32 [npdoty]
have we talked about long-polling as well?
13:47:54 [ifette]
ISSUE-130?
13:47:54 [trackbot]
ISSUE-130 -- Site-specific Exceptions b) Global Exception for Third Parties (thisthirdparty, anywhere) [refining ISSUE-111] -- open
13:47:54 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/130
13:48:02 [fielding]
npdoty, not that I am aware of
13:48:02 [hwest]
Matthias: The exception API for sites to ask for exceptions
13:48:19 [hwest]
… site specific, site-wide, and web-wide exceptions
13:48:24 [fielding]
we haven't talked about non-browser uses of HTTP
13:49:12 [enewland]
enewland has joined #dnt
13:50:05 [aleecia]
(could someone remind me what we're officially calling business uses?)
13:50:11 [hwest]
abc: What about when it's not a known third party? They're trusted but no formal relationship?
13:50:12 [npdoty]
(maybe long-polling doesn't have any particular impact on either proposal)
13:50:15 [npdoty]
aleecia, permitted uses
13:50:20 [npdoty]
s/abc:/alex:/
13:50:25 [aleecia]
(thank!)
13:50:43 [hwest]
Matthias: So the question is whether this can only be caught when visiting a third party, or whether you can ask for a web wide exception
13:50:57 [hwest]
Alex: additional caveat is that there's no business relationship between first and third party
13:51:04 [hwest]
… a pixel tag on a third party through an ad network
13:51:23 [hwest]
Matthias: When we decided on these exceptions we thought first parties would be calling these expceionts
13:51:29 [hwest]
… so can third parties call it tow?
13:51:39 [hwest]
Alex: I have a proposal...
13:51:47 [hwest]
matthias: You should join this working group!
13:51:50 [npdoty]
alex is referring to: http://www.w3.org/mid/2DB61344-AB42-4533-9763-39F348479222@nielsen.com
13:51:59 [hwest]
tl: Any party can call JS
13:52:05 [hwest]
ifette: do we want everyone to load JS?
13:52:19 [hwest]
Amyc: If we've already agreed on an out of band exception, then you can do that
13:52:27 [Lia]
Lia has joined #dnt
13:52:41 [hwest]
Matthias: at this point I'm generating input for Nick
13:52:55 [npdoty]
s/Nick/Nick and David/
13:52:59 [hwest]
Dsinger: mental model for the web wide exception was that a third party would ask for that kind of exception, ex a social network
13:53:33 [hwest]
Rigo: Important if we're not sure or if it's not set etc, that any party in this game can actually trigger the consent
13:53:50 [hwest]
Matthias: I think that's where we're heading
13:54:00 [hwest]
Dsinger: Clearly we need to discuss origin resctripctions
13:54:13 [hwest]
Matthias: it would be weird if a party that is not first or third can ask for exceptions for others
13:54:52 [hwest]
tl: so there may be a business case, might go to an opt out page, i.e. the NAI page opts out (or requests DNT) for all members
13:55:03 [hwest]
WileyS: We have an all-off and all-on model
13:55:49 [enewland_]
enewland_ has joined #dnt
13:56:08 [hwest]
Matthias: Questions around whether third party can call API, how to populate and manage third parties list, transparency, origin restriction, accountability
13:56:40 [npdoty]
do we have text on this all-off/all-on question? I think we have some sections that explicitly contradict that, but if it's an open question, maybe we should create an issue
13:57:41 [hwest]
… issues 113, 128, 129, 130 will be addressed in that WG
13:58:28 [hwest]
Matthias: ISSUE-111 may need a WG too, has content from the list, but not sure who read these messages and whether we agree or not
13:58:43 [hwest]
… you hit a site and you want to tell it whether there are DNT exceptions
13:58:55 [hwest]
… can use API for polling, easier to tell whats going on from the header
13:59:10 [hwest]
… three values for DNT here
13:59:53 [hwest]
ifette: This is wrapped up in the discussion of whether we allow granularity in the site wide exception or not
14:00:24 [hwest]
Matthias: You're right to some extent. This is based on the current spec which allows these pairs, but could lose the last line if we don't have that kind of granular pairs
14:00:54 [hwest]
Dsinger: So we're asking the group about granularity?
14:00:56 [hwest]
ifette: Yes
14:01:02 [hwest]
Dsinger: We'll discuss that in our breakout
14:01:21 [hwest]
Matthias: loose ends - ISSUE-116, re JS, agreement was no, closing
14:01:49 [hwest]
npdoty: that's not a yes or no question
14:02:02 [ifette]
ifette: specifically, the group should consider requiring a * on one side or another, e.g. you can get a "all third parties on this site" or "this third party across all sites" but not "abc on xyz"
14:02:15 [hwest]
Matthias: Seems like no one is interested, but if someone wants to write text on the DOM
14:02:16 [mischat]
mischat has joined #dnt
14:02:27 [hwest]
WileyS: Wasn't there a thread on this?
14:02:43 [hwest]
fielding: Not in a way that's been defined, Mozilla implemented but it's not defined
14:02:59 [hwest]
Matthias: Either someone can propose a text, and then we discuss. Or we remove it.
14:03:47 [ifette]
ScribeNick: ifette
14:03:50 [ifette]
dsinger: what is the concern?
14:03:57 [ifette]
tom l: DNT is related to the specific DNT interaction
14:04:04 [ifette]
... if you are seeing a header, it's the specific request
14:04:11 [ifette]
... the DOM property may not reflect the specific request / interaction
14:04:15 [ifette]
Matthias: What do we do with it?
14:04:21 [ifette]
TomL: volunteering to take an action
14:04:40 [ifette]
ACTION: tom lowenthal to come up with updated text for a DOM api to allow access to DNT state
14:04:40 [trackbot]
Sorry, couldn't find user - tom
14:04:46 [jmayer]
Check my slides from the meeting last March.
14:04:51 [ifette]
ACTION: lowenthal to come up with updated text for a DOM api to allow access to DNT state
14:04:52 [trackbot]
Created ACTION-167 - Come up with updated text for a DOM api to allow access to DNT state [on Thomas Lowenthal - due 2012-04-19].
14:04:56 [jmayer]
I walked through some of the challenges to a DOM status flag.
14:05:13 [ifette]
RRSAgent, close action 1
14:05:13 [RRSAgent]
I'm logging. I don't understand 'close action 1', ifette. Try /msg RRSAgent help
14:05:16 [fielding]
the version that Mozilla mentioned does not match what MSIE implemented, nor what we have specified
14:05:24 [jmayer]
Erm, last April.
14:05:25 [ifette]
gah, nmind
14:05:36 [ifette]
Rigo: Going back into the past is very complex
14:05:39 [jmayer]
http://www.w3.org/2011/track-privacy/slides/Mayer.pdf
14:05:49 [ifette]
... if the easiest mechanism of what you have in mind is revocation is overriding new header...
14:05:58 [ifette]
Nick: Maybe revocation has special meaning
14:06:06 [ifette]
... i mean if you persist something you should be able to unpersist something
14:06:12 [mischat]
mischat has joined #dnt
14:06:15 [ifette]
Rigo: I debate your assumption of persistance
14:06:30 [ifette]
... when we talk about the user preference, a newer preference overrides an older preference
14:06:41 [ifette]
roessler: if something is stored, there's a way to change that preference
14:06:43 [WileyS]
WileyS has joined #DNT
14:06:46 [ifette]
rigo: don't need technology
14:06:50 [hwest_]
hwest_ has joined #dnt
14:06:53 [ifette]
npdoty: if you persist granted exceptions on the UA
14:07:02 [ifette]
roy: you need a way to edit such exceptions granted on the UA
14:07:18 [ifette]
dsinger: you can go back to the site and renegotiate so that it calls the JS api again, or the UA might give you UI to edit your excepions
14:07:23 [ifette]
npdoty: referring to latter part
14:07:23 [hwest]
hwest has joined #dnt
14:07:31 [ifette]
dsinger: you want suggestion that a UA should provide such a UA?
14:07:39 [ifette]
s/such a UA/such a UI/
14:07:45 [ifette]
npdoty: yes
14:07:50 [ifette]
lowenthal: don't like requirements for UI, market can take care of this
14:08:02 [ifette]
matthias: proposal is for npdoty to go to the exceptions WG, and if he's dissatisfied, create an issue
14:08:02 [hwest]
ScribeNick: hwest
14:08:24 [hwest]
Matthias: Right now this issue doesn't exist, not in the database, will get created if we need it
14:08:29 [npdoty]
apologies for not creating this issue in the database originally
14:08:34 [hwest]
… homework for the editors and me, dependancies in the compliance spec
14:08:52 [hwest]
… ISSUE-61, 117 need to do a pass on the dependancies in the spec
14:09:01 [hwest]
tl: Isn't 61 fixed by the well known URI?
14:09:20 [hwest]
Matthias: Yes, but still a dependancy to ...
14:09:23 [ifette]
ACTION: matthias to go through the document with editors and address ISSUE-61 and ISSUE-117 to address dependencies in the compliance spec
14:09:23 [trackbot]
Created ACTION-168 - Go through the document with editors and address ISSUE-61 and ISSUE-117 to address dependencies in the compliance spec [on Matthias Schunter - due 2012-04-19].
14:09:38 [hwest]
tl: no, doesn't matter what the policy is, could be absurd and you could still publish it
14:09:45 [hwest]
… just a mechanism
14:09:50 [hwest]
Dsinger: can we close 61?
14:10:17 [tl]
tl has joined #dnt
14:10:39 [hwest]
Rigo: If we allow for lists where somebody can say "a,b,c,d,e belong to me and are the same" and A responds that they honor DNT, and the rest don't, and A says 'not my business', then you go into a problem saying that if you state that others belong to you, you have to take responsibility for that
14:11:00 [hwest]
Dsinger: May want to add to the compliance spec that incompatible privacy policies may mean that you're not the esame party
14:11:24 [hwest]
Rigo: can be fixed by taking responsibility for the assertion
14:11:45 [hwest]
Matthias: Suggest we close, we have a mechanism. But should open issue for compliance doc to get a line in there about this.
14:11:58 [hwest]
… but 61 will be closing.
14:12:11 [hwest]
… or flipped to the other doc
14:12:21 [jchester2_]
jchester2_ has joined #dnt
14:12:27 [hwest]
… last piece of the agenda was other issues, but we'll do that later
14:12:53 [hwest]
Dsinger: I think we can close 117 too
14:13:09 [hwest]
… Roy, do you want it open?
14:13:20 [hwest]
fielding: this issue is about whether there's a definition of tracking in the spec
14:13:31 [npdoty]
issue-5?
14:13:31 [trackbot]
ISSUE-5 -- What is the definition of tracking? -- raised
14:13:31 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/5
14:13:37 [hwest]
Dsigner: ok that's definitely an open issue
14:13:50 [npdoty]
s/Dsigner/dsinger/
14:15:00 [mischat_]
mischat_ has joined #dnt
14:15:07 [hwest]
Matthias: Defining the meaning of a term is the issue, we'll define in the compliance spec
14:15:22 [hwest]
… will take it offline
14:15:40 [hwest]
… now, breakout groups for 45 minutes, then coffee break
14:16:21 [hwest]
… so coffee at 11 and reports at 1130
14:16:48 [hwest]
… the header URI group will stay here, the exception WG to go outside
14:18:30 [mischat_]
mischat_ has joined #dnt
14:26:09 [Chris]
Chris has joined #dnt
14:28:31 [mischat]
mischat has joined #dnt
14:38:27 [mischat]
mischat has joined #dnt
14:43:05 [mischat]
mischat has joined #dnt
14:43:27 [hober]
hober has joined #dnt
14:43:56 [enewland]
enewland has joined #dnt
14:53:02 [mischat]
mischat has joined #dnt
14:58:28 [mischat]
mischat has joined #dnt
15:07:27 [mischat_]
mischat_ has joined #dnt
15:08:47 [vinay]
vinay has joined #dnt
15:19:42 [fielding]
issue: does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)
15:19:42 [trackbot]
Created ISSUE-137 - Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s) ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/137/edit .
15:21:13 [aleecia]
aleecia has joined #dnt
15:22:13 [fielding]
action: hwest to provide an alternative approach to well-known URI for resources that are used in both first-party and third-party contexts without changing the resource URI
15:22:13 [trackbot]
Created ACTION-170 - Provide an alternative approach to well-known URI for resources that are used in both first-party and third-party contexts without changing the resource URI [on Heather West - due 2012-04-19].
15:26:07 [vincent_]
vincent_ has joined #dnt
15:28:28 [Zakim]
Zakim has left #dnt
15:30:14 [tl]
tl has joined #dnt
15:33:24 [robsherman]
robsherman has joined #dnt
15:37:13 [justin]
justin has joined #dnt
15:38:07 [Joanne]
Joanne has joined #DNT
15:38:45 [alex]
alex has joined #dnt
15:39:11 [Lia]
Lia has joined #dnt
15:39:11 [Joanne]
Roy: Tracking status resource designed to use a diff URI for tracking status resource
15:39:11 [hwest]
hwest has left #dnt
15:39:27 [hwest]
hwest has joined #dnt
15:39:58 [Joanne]
...Heather to take on action item to change
15:39:58 [Joanne]
...on IRC
15:40:05 [Chris]
Chris has joined #dnt
15:40:22 [schunter]
schunter has joined #dnt
15:40:23 [Joanne]
...distinguish first party and outsourcing for 1st party
15:40:54 [Joanne]
... increaine open issues by 1
15:41:12 [tlr]
tlr has joined #dnt
15:41:18 [npdoty]
npdoty has joined #dnt
15:41:31 [npdoty]
scribenick: Joanne
15:41:31 [Joanne]
JohnSimpson: hybrid idea don't know where we are at
15:41:36 [jmayer]
jmayer has joined #dnt
15:41:36 [Joanne]
David reporting for exceptions group
15:42:07 [Joanne]
David: discussed two questions
15:42:08 [Joanne]
...yes cross orgins restrictions should apply to API
15:42:39 [Joanne]
...site wide, web wide exceptions
15:42:40 [Joanne]
...do we also need explicit exceptions
15:42:48 [amyc]
amyc has joined #dnt
15:42:48 [Joanne]
... raises operational questions on how the API behaves
15:43:10 [rigo]
ifette, I still believe there is a misunderstanding
15:43:10 [Joanne]
.... did not agree on keeping or elimnating that explicit/explicit
15:43:41 [Joanne]
... open question calling for postion papers
15:43:41 [Joanne]
...recognized to be a hard question
15:44:12 [Joanne]
T1: will the browser enforce that provision
15:44:13 [Joanne]
David: yes
15:44:14 [fielding]
west, what if we allowed the Tk header field to carry the response status for those resources that dynamically choose between first/third party compliance?
15:44:34 [npdoty]
I can take an action to write up the list of use cases (based on what we discussed in the room, largely, but maybe with more detail) for the origin/origin exception pair
15:44:37 [fielding]
s/west/hwest/; damn autocorrect
15:45:04 [hwest]
fielding, I'm still concerned about dynamically generating responses or resources that way
15:45:04 [Joanne]
David: did not hit on our other questions
15:45:04 [Joanne]
Matthais: WG made progress but not done
15:45:08 [npdoty]
hwest, fielding, that sounds promising to me -- use the header when it's dynamic in a way that's inconvenient for the resource
15:45:29 [hwest]
fielding, npdoty - yes, I think that it may be much easier to implement
15:45:29 [Joanne]
... go back after lunch to resolve issues
15:45:52 [johnsimpson]
johnsimpson has joined #dnt
15:45:52 [Joanne]
ifette: David's group issues are hard - need discussion
15:46:21 [Joanne]
... Roy group are there rewirtes
15:46:51 [Joanne]
...Matthais group has issues where the group is blocked
15:47:33 [ifette]
Aleecia, I'm sorry :(
15:47:33 [Joanne]
Jmyaer: would it be productive to go back into small groups
15:47:43 [npdoty]
s/jmyaer/jmayer/
15:47:49 [ifette]
It's just that for our group, I don't think another 45m is going to do anything productive
15:47:54 [ifette]
we're rather blocked
15:48:00 [aleecia]
If you can help more productive conversations, you really don't have anything to be sorry about, Ian!
15:48:18 [tl]
tl has joined #dnt
15:48:19 [Joanne]
Roy: doesn't think there us a need to go back to small group and issues created is for a larger group discussion
15:48:30 [Joanne]
Matthias: are you suggestioning smaller group is done and go back to larger group
15:48:42 [npdoty]
dsinger, ifette, are there other issues besides this origin/origin question for the exception discussion?
15:49:10 [npdoty]
dsinger, ifette, it seemed like we had a reasonably long list -- were all of those dependent on the single issue?
15:49:10 [hober]
hober has joined #dnt
15:50:32 [Joanne]
Roy: leave issues open until closed
15:51:02 [Joanne]
T1: can you put text into draft
15:51:19 [amyc]
Closed to me implies that group has considered, this has not been discussed by whole group
15:51:48 [npdoty]
action: fielding to insert the tk/uri hybrid into the tracking-dnt draft
15:51:49 [trackbot]
Created ACTION-171 - Insert the tk/uri hybrid into the tracking-dnt draft [on Roy Fielding - due 2012-04-19].
15:51:49 [Joanne]
Roy: 1 response to tracking status. tom wants issue maker for service provider issue and other issues
15:52:19 [Joanne]
...Heather has action item
15:52:20 [Joanne]
Matthais: create action for Roy to add to draft
15:52:50 [Joanne]
...that's it and back to dsinger
15:53:06 [ninja]
ninja has joined #dnt
15:53:07 [Joanne]
ifette: for issue 111 can be done over email instead of larger group
15:53:09 [chapell]
chapell has joined #dnt
15:53:34 [ifette]
q?
15:53:34 [Joanne]
dsinger: open issue to be considered through postiion pieces
15:53:36 [rigo_]
rigo_ has joined #dnt
15:53:55 [Zakim]
Zakim has joined #dnt
15:54:26 [Joanne]
npdoty: will take action to write up some use cases
15:54:35 [npdoty]
action: doty to write up more detailed list of use cases for origin/origin exceptions
15:54:35 [Joanne]
dsinger: ifette to write up why it is problematic for user agent
15:54:36 [trackbot]
Created ACTION-172 - Write up more detailed list of use cases for origin/origin exceptions [on Nick Doty - due 2012-04-19].
15:54:39 [ifette]
ACTION: ifette to provide writeup on why managing explicit-explicit pairings is problematic from UI perspective
15:54:39 [trackbot]
Created ACTION-173 - Provide writeup on why managing explicit-explicit pairings is problematic from UI perspective [on Ian Fette - due 2012-04-19].
15:55:04 [ifette]
Zakim, close ACTION-172
15:55:04 [Zakim]
I don't understand 'close ACTION-172', ifette
15:55:25 [vinay]
vinay has joined #dnt
15:55:39 [ifette]
close action-172
15:55:39 [trackbot]
ACTION-172 Write up more detailed list of use cases for origin/origin exceptions closed
15:55:44 [ifette]
trackbot, sigh
15:55:44 [trackbot]
Sorry, ifette, I don't understand 'trackbot, sigh'. Please refer to http://www.w3.org/2005/06/tracker/irc for help
15:56:06 [Joanne]
ifette: his write up will address Rigo's question
15:56:08 [Joanne]
dsinger: can thrid parties call the API
15:56:13 [ifette]
trackbot, open action-172
15:56:13 [trackbot]
Sorry, ifette, I don't understand 'trackbot, open action-172'. Please refer to http://www.w3.org/2005/06/tracker/irc for help
15:56:43 [Joanne]
...can call it with origin match
15:56:43 [Joanne]
...#4 is an easy question
15:56:47 [npdoty]
action: ninja to write up implication of origin/* exceptions in EU context
15:56:47 [trackbot]
Created ACTION-174 - Write up implication of origin/* exceptions in EU context [on Ninja Marnau - due 2012-04-19].
15:56:48 [Joanne]
...can the API be used to revoke
15:56:50 [ifette]
ACTION-172?
15:56:50 [trackbot]
ACTION-172 -- Nick Doty to write up more detailed list of use cases for origin/origin exceptions -- due 2012-04-19 -- CLOSED
15:56:50 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/172
15:57:21 [Joanne]
WileyS: can it make a user setting or remove a user setting
15:57:25 [npdoty]
action-174: rvaneijk and rigo may be interested in helping
15:57:25 [trackbot]
ACTION-174 Write up implication of origin/* exceptions in EU context notes added
15:57:27 [ifette]
ACTION-172?
15:57:27 [trackbot]
ACTION-172 -- Nick Doty to write up more detailed list of use cases for origin/origin exceptions -- due 2012-04-19 -- OPEN
15:57:27 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/172
15:57:30 [ifette]
phew
15:57:46 [rigo]
action-174?
15:57:46 [trackbot]
ACTION-174 -- Ninja Marnau to write up implication of origin/* exceptions in EU context -- due 2012-04-19 -- OPEN
15:57:46 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/174
15:57:46 [Joanne]
dsinger: yes, it should be designed so the user can change thier mind
15:58:17 [Joanne]
Tl: there should be a different call, not the same call
15:58:43 [fielding]
hwest, another possibility would be to have a parent structure of JSON objects in the resource representation, one per context (indicated by domain or wildcard)
15:58:43 [Joanne]
WileyS: it is a simle removal
15:59:14 [hwest]
Yes, fielding, that was one of the things I was going to think about/write up
15:59:38 [rigo]
action-174: We should wait for the write-up from Ian Fette on why this doesn't work
15:59:38 [trackbot]
ACTION-174 Write up implication of origin/* exceptions in EU context notes added
16:00:10 [Joanne]
Tl take action item
16:00:37 [npdoty]
action: lowenthal to draft API method for sites to remove, a la removeTrackingException()
16:00:38 [Joanne]
dsigner: broswer allows remove some expcetions and not others
16:00:38 [trackbot]
Created ACTION-175 - Draft API method for sites to remove, a la removeTrackingException() [on Thomas Lowenthal - due 2012-04-19].
16:01:40 [Joanne]
Ninja - can you scribe?
16:02:13 [rigo]
ifette, npdoty, what issue are actions 173 and 174 attached to?
16:02:23 [ninja]
Scribenick: ninja
16:02:49 [Joanne]
thanks Ninja
16:03:49 [ninja]
dsinger: Action for the editors to modify the text on question 5
16:04:19 [ninja]
... Question 6 on transparency
16:05:43 [ninja]
dsinger: no text change on that one. The UA has sufficient information. We do not decide use.
16:06:32 [schunter]
schunter has joined #dnt
16:06:39 [ninja]
... Question 7: Sending DNT:0 to the first party
16:06:39 [npdoty]
action: singer to update site-specific exceptions text to note that embedded third-party javascript may make the call rather than the first party (even though it probably shouldn't do so without working it out with the publisher)
16:06:40 [trackbot]
Created ACTION-176 - Update site-specific exceptions text to note that embedded third-party javascript may make the call rather than the first party (even though it probably shouldn't do so without working it out with the publisher) [on David Singer - due 2012-04-19].
16:06:57 [ninja]
tl: there might be legal implications of this signal
16:07:09 [ifette]
q+
16:07:13 [jmayer]
q+
16:07:18 [ninja]
dsinger: We overload one character
16:07:19 [npdoty]
q+ rigo
16:07:27 [tl]
+q
16:07:29 [ninja]
tl: this is a matter of the API
16:07:55 [npdoty]
q+ because even in the * case it's non-trivial
16:08:04 [johnsimpson]
q?
16:08:09 [rigo]
ack ifette
16:08:09 [npdoty]
q+ to note that even in the * case it's not-trivial (and we'll definitely have to figure that out)
16:08:22 [ninja]
dsinger: we postpone that until we have decided on the site wide exceptions
16:08:38 [hwest]
q+
16:09:01 [hwest]
q-
16:09:06 [npdoty]
dsinger: I think maybe we should have a second character rather than overloading the single character
16:09:18 [npdoty]
ack jmayer
16:09:25 [ninja]
dsinger: we need to seperate the answers to finding about your own first party status and the status of your third parties
16:09:29 [ac]
ac has joined #dnt
16:09:36 [ifette]
ifette: I think the issue of how do you get the browser to tell "Hey Mr. First Party, you have a special exception" is very tied up into the site/* ISSUE-111 question
16:10:16 [ifette]
q?
16:10:17 [npdoty]
ack rigo
16:10:22 [ninja]
... We have an open question on how we convey these answers
16:11:10 [marc]
marc has joined #DNT
16:11:55 [ninja]
rigo: DNT:0 on the first party is important in the EU. I don't believe we need an expression in the header. In the US the first party can just ignore this signal. In the EU it has a meaning.
16:12:04 [npdoty]
dsinger: harmless to separate the two statements even if in some cases we won't need both
16:12:40 [jmayer]
jmayer: Some jurisdictions may want to impose additional restrictions on first parties. We've gone to all this trouble to build a consent mechanism, why not support a first-party domain/first-party domain exception? If a jurisdiction decides it wants to attach a semantic to "DNT: 0" to the first party, so be it.
16:12:49 [ifette_]
ifette_ has joined #dnt
16:12:52 [ifette_]
q+
16:13:03 [ninja]
schunter: WWe have agreement that we want to be able to send DNT:0 to first parties.
16:13:22 [npdoty]
q+ WileyS
16:13:29 [rigo]
q?\
16:13:34 [rigo]
ack tl
16:13:36 [ninja]
... we now need to find out how to convey that.
16:13:49 [WileyS]
q?
16:13:50 [jmayer]
+q
16:14:24 [ninja]
tl: possible answers are header and APIs
16:14:29 [npdoty]
ack npdoty
16:14:29 [Zakim]
npdoty, you wanted to note that even in the * case it's not-trivial (and we'll definitely have to figure that out)
16:14:39 [rigo]
ack npdoty
16:14:52 [ninja]
dsinger: A first party can always call the API to find out about the status of its third parties
16:15:04 [npdoty]
ack ifette_
16:15:07 [schunter]
q?
16:15:16 [schunter]
q+
16:16:29 [tl]
+q
16:17:04 [npdoty]
q+
16:17:05 [tl]
+q to say that the browser may not know which state the site is in at load time
16:17:10 [ninja]
ifette: We have 3 options. 1. DNT1 and no exceptions. DNT1 and all third parties have exceptions. 3. DNT1 and some third parties have exceptions. A first party needs to know this before loading content. I don't want to do a roundtrip to find about about the third party status.
16:17:21 [npdoty]
ack WileyS
16:17:26 [aleecia]
ack WileyS
16:17:59 [schunter]
Current proposal (on my slide):
16:18:09 [schunter]
DNT;0 = You have a site-wide exception
16:18:19 [ninja]
WileyS: we have proposed a DNT2 signal indicating that you have a mixed state and need to find out
16:18:26 [schunter]
DNT;1 = You don't;
16:18:51 [schunter]
DNT;2 = some third party exeptions exist for your side (please poll if you like).
16:18:53 [ninja]
dsinger: I think we need to take this to an email discussion.
16:18:58 [rigo_]
rigo_ has joined #dnt
16:19:08 [robsherman]
robsherman has joined #dnt
16:19:33 [ifette]
ISSUE-111?
16:19:33 [trackbot]
ISSUE-111 -- Signaling state/existence of site-specific exceptions -- open
16:19:33 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/111
16:19:52 [jmayer]
-q
16:19:55 [npdoty]
q-
16:20:01 [tl]
-q
16:20:02 [npdoty]
queue=
16:20:36 [ninja]
WileyS: Please respond to issue 111 on this matter. It is not yet covered.
16:20:58 [ninja]
dsinger: We also will create a new issue.
16:21:01 [ifette]
Zakim, what is the status of flight DL1539?
16:21:01 [Zakim]
I don't understand your question, ifette.
16:21:19 [aleecia]
(thanks for the reminder that I need to check in… :-)
16:21:20 [npdoty]
added to my to-do list for Zakim features
16:21:39 [ninja]
dsinger: Question 8 - API for web-wide exceptions.
16:22:13 [jmayer]
+q
16:22:29 [ninja]
schunter: one concern about this web wide APIs - if the user changes his mind the APIs might not always reflect the truth.
16:22:55 [ifette]
q+ schunter
16:22:56 [ifette]
q+ rigo
16:22:57 [tl]
+q
16:23:01 [WileyS]
+q
16:23:09 [npdoty]
q- schunter
16:23:11 [rigo_]
q?
16:23:15 [ninja]
dsinger: If you given a web-wide exception - you will always see this in the response header.
16:23:15 [rvaneijk]
rvaneijk has joined #dnt
16:23:19 [aleecia]
q+ schunter
16:23:24 [aleecia]
(he asked to be added)
16:23:52 [npdoty]
(sorry, I thought he was talking and that we always give the chairs the prerogative of speaking)
16:24:14 [aleecia]
( :-) )
16:24:16 [rigo_]
q-
16:24:26 [rigo]
q-
16:24:27 [ninja]
dsinger: this gives the user more granularity than not enabling this API. though we might run into mixed signals.
16:25:52 [rigo]
q+
16:26:25 [npdoty]
ack jmayer
16:26:26 [fielding]
q+
16:26:28 [rigo]
ack jmayer
16:26:40 [ShaneW]
ShaneW has joined #DNT
16:26:42 [aleecia]
ack tl
16:26:54 [aleecia]
oops - unack tl :-)
16:27:19 [ifette]
q+
16:27:19 [ninja]
jmayer: we have 3 possible API answers: 1 webwide, 2. not webwide, 3 webwide with exceptions
16:27:38 [ninja]
... Concern is - How do we convey this.
16:28:18 [npdoty]
I don't have doubts in social networks building good features and granularity
16:28:26 [hwest]
There are networks with these kinds of preferences now
16:28:32 [ifette]
q+ schunter
16:28:32 [npdoty]
just that some users are going to have their particular preferences
16:28:38 [ninja]
... if a social network wants to build it - great. But it's currently not done.
16:28:45 [JC]
JC has joined #DNT
16:28:46 [jmayer]
hwest, which networks?
16:29:00 [schunter]
schunter has joined #dnt
16:29:07 [jmayer]
Facebook lets a user opt out of instant personalization on all sites.
16:29:09 [rigo]
ack ri
16:29:14 [rigo]
+1 to tl
16:29:28 [jmayer]
That's the only third-party control I'm aware of.
16:29:32 [ninja]
tl: An API does not bind your choice for all future.
16:29:46 [jmayer]
Google lets a user opt out of +1 personalization on other sites and in ads on other sites.
16:29:56 [jmayer]
Also not granular.
16:30:05 [ifette]
ACTION: lowenthal to add an API to let a site request a web-wide exception
16:30:05 [trackbot]
Created ACTION-177 - Add an API to let a site request a web-wide exception [on Thomas Lowenthal - due 2012-04-19].
16:30:06 [ninja]
dsinger: Back to the Question: we agree that we want the API to convey web wide exceptions
16:30:14 [rigo]
ack Wile
16:30:18 [aleecia]
ack WileyS
16:30:28 [aleecia]
ack fielding
16:30:34 [aleecia]
ack schunter
16:30:36 [rigo]
ack shun
16:31:33 [ninja]
fielding: Would the response for a third party calling the API be true or false?
16:31:41 [rigo]
ack ifette
16:31:54 [ninja]
tl: Yes. (hope I got that right)
16:32:29 [npdoty]
I think the out-of-band consent mechanisms (which I totally support having!) are not well-positioned for this particular granularity question
16:33:53 [npdoty]
also, I'm really not trying to object to any concept of a Web-wide exception, just trying to explain the concerns we had that would be needed in such a proposal
16:34:38 [npdoty]
action-172: vincent may be interested in helping
16:34:38 [trackbot]
ACTION-172 Write up more detailed list of use cases for origin/origin exceptions notes added
16:34:55 [fielding]
I meant that the *other* API, the one for asking if I have an exception on this page, will return true if there is a web-wide exception (no additional API needed on that front)
16:44:28 [robsherman]
robsherman has joined #dnt
16:51:34 [vincent_]
vincent_ has joined #dnt
16:52:59 [schunter]
schunter has joined #dnt
16:56:28 [schunter]
schunter has joined #dnt
17:00:27 [hwest]
hwest has joined #dnt
17:01:18 [hwest_]
hwest_ has joined #dnt
17:08:50 [mischat]
mischat has joined #dnt
17:15:48 [mischat_]
mischat_ has joined #dnt
17:28:48 [chapell]
chapell has joined #dnt
17:33:02 [Joanne]
Joanne has joined #DNT
17:37:13 [vinay]
vinay has joined #dnt
17:37:14 [tedleung]
tedleung has joined #dnt
17:37:45 [hwest]
hwest has left #dnt
17:37:49 [hwest]
hwest has joined #dnt
17:37:59 [npdoty]
scribenick: npdoty
17:38:05 [npdoty]
q?
17:38:26 [npdoty]
aleecia: have a better understanding of where we're going
17:38:34 [npdoty]
... down to two primary proposals
17:38:50 [dsinger]
dsinger has joined #dnt
17:38:50 [npdoty]
... ideas from three other proposals
17:39:04 [amyc]
amyc has joined #dnt
17:39:11 [npdoty]
... want to get more people listed as authors
17:39:14 [npdoty]
<cross-talk>
17:39:26 [ac]
ac has joined #dnt
17:39:39 [rigo]
rigo has joined #dnt
17:39:47 [npdoty]
continue to use the standard of significant contributions of text
17:39:49 [tl]
tl has joined #dnt
17:39:56 [npdoty]
aleecia: some agreements
17:40:08 [npdoty]
... agree on using meaningful interaction to handle first parties
17:40:23 [npdoty]
... generally agree on what a third-party is
17:40:35 [Lia]
Lia has joined #dnt
17:40:36 [npdoty]
... third parties siloing data by party
17:40:58 [npdoty]
... high level agreement on outsourcing
17:41:08 [npdoty]
... agree on permitted uses (and the name! yay!)
17:41:14 [npdoty]
... agree on unlinkable data
17:41:30 [npdoty]
... agreement on some short time for raw server logs, still need to figure out the details
17:41:35 [npdoty]
... disagree on permitted uses
17:41:44 [tlr]
tlr has joined #dnt
17:42:04 [npdoty]
aleecia: overview of the areas we disagree
17:42:14 [npdoty]
... big vs small
17:42:27 [npdoty]
<laughter about our use of photos, no offense intended>
17:42:55 [npdoty]
... what I think I saw from FTC was the party size being small but the permitted uses are fairly broad
17:43:20 [npdoty]
... and on the Article 29 side, not as worried about the party size, but more concerns about limiting permitted uses
17:43:36 [npdoty]
rvaneijk: more concerned about permitted uses
17:43:58 [npdoty]
... if these data flows contain unique identifiers, permitted uses won't pass compliance test in the EU
17:44:14 [npdoty]
<will be pasted in to IRC, because scribe cannot capture the paragraph numbers, etc.>
17:44:34 [johnsimpson]
johnsimpson has joined #dnt
17:44:35 [amyc]
q+
17:44:36 [npdoty]
rvaneijk: proposal
17:44:46 [npdoty]
<scribe not capturing the proposal, rvaneijk should follow up>
17:44:46 [justin]
justin has joined #dnt
17:44:55 [npdoty]
q+ mike
17:44:57 [npdoty]
q+ fielding
17:45:03 [hwest]
q+ Alex
17:45:03 [npdoty]
q+ alex
17:45:05 [rvaneijk]
Addressing permitted uses for 3rd parties:
17:45:06 [rvaneijk]
When the status of a party is third party,
17:45:08 [rvaneijk]
AND the third party does not have an exception,
17:45:09 [rvaneijk]
AND the user has explicitly expressed to have DNT=1,
17:45:11 [rvaneijk]
the permitted use descriptions for dataflows for 3rd parties enabled MUST not contain unique identifiers.
17:45:12 [rvaneijk]
If these dataflows contain unique identifiers the 'Permitted uses in 4.4.1.1'
17:45:14 [rvaneijk]
will not pass the compliance test in the EU.
17:45:16 [rvaneijk]
The test is: strictly necessary to provide the service AND requested by the user.
17:45:17 [rvaneijk]
Normative tekst:
17:45:19 [rvaneijk]
A third party MUST take reasonable privacy safeguards (i.e. technical and organizational)
17:45:20 [rvaneijk]
to prevent unique identifiers in dataflows when the third party does not have an exception, AND the user has
17:45:22 [rvaneijk]
explicitly expressed to have DNT enabled.
17:45:45 [npdoty]
rvaneijk: really hoping we can work on text regarding proportionality
17:46:34 [npdoty]
wileys: agreed that if we add the appropriate non-normative text for proportionality, could be compliant
17:46:46 [hwest]
q?
17:46:47 [johnsimpson]
?q
17:46:52 [npdoty]
ack amyc
17:47:19 [npdoty]
amyc: understand the concern on unique identifiers
17:47:44 [npdoty]
... in addition to the cookie, the unique IP address would also count
17:48:19 [npdoty]
rvaneijk: as we discussed yesterday, certain elements of the protocol are strictly necessary to set up and maintain the communication
17:48:20 [jmayer]
jmayer has joined #dnt
17:48:33 [npdoty]
... IP address is necessary for the communication and so strictly necessary
17:48:48 [npdoty]
s/so strictly/therefore strictly/
17:49:40 [npdoty]
amyc: regardless of whether the unique identifier is the cookie or IP address, but the question of whether it's necessary during later uses
17:49:46 [npdoty]
q- mike
17:49:48 [npdoty]
ack Alex
17:50:14 [pde]
q+
17:50:35 [npdoty]
alex: a lot of talk about our being relevant to EU laws, will the EU reconsider laws or directive if we decide that a id cookie or something is acceptable?
17:51:15 [npdoty]
rvaneijk: not representing the EU, representing Article 29, will do our best to give feedback
17:51:16 [npdoty]
ack fielding
17:51:34 [hwest]
q?
17:51:39 [npdoty]
fielding: the unique identifier can be present if it's not collected
17:51:41 [jmayer]
+q
17:52:04 [hwest]
q+ tl
17:52:20 [npdoty]
rvaneijk: that's why I say reasonable efforts to prevent the use, I hope that in a non-normative part we can make that more explicit
17:52:43 [ShaneW]
+q
17:52:44 [jchester2]
jchester2 has joined #dnt
17:52:49 [tl]
tl has joined #dnt
17:53:04 [npdoty]
pde: services requested by the user seems to be particularly important
17:53:08 [tl]
q?
17:53:22 [npdoty]
... when I load a newspaper page, am I also requesting the analytics and other services even if I don't realize?
17:53:28 [npdoty]
ack pde
17:53:38 [npdoty]
rvaneijk: should be both necessary and requested by the user
17:53:51 [npdoty]
... like the meaningful interaction thing we were talking about, that's specifically requested
17:54:05 [npdoty]
... the necessary part is about enabling the communication
17:54:06 [hwest]
q+ Rigo
17:54:11 [johnsimpson]
q?
17:54:12 [npdoty]
ack jmayer
17:55:03 [npdoty]
jmayer: collection vs. no-collection point, some user configures their browser or network adds an ID header to traffic
17:55:27 [npdoty]
... some cases where there's no responsibility from the server
17:55:49 [npdoty]
... why would you set a unique ID that you never log or you never use?
17:56:28 [npdoty]
fielding: would only log a hash of it to a particular site, so that you can't correlate that activity across sites?
17:56:46 [npdoty]
s/sites?/sites/
17:57:57 [npdoty]
questions about who can speak for whom
17:58:19 [ShaneW]
q?
17:58:21 [mischat]
mischat has joined #dnt
17:58:33 [npdoty]
rvaneijk: unique identifiers must not be used, even when siloed per first party, yes
17:58:48 [npdoty]
fielding: but if the use of it is necessary for a particular purpose?
17:58:51 [pde]
(if the room will allow me a quip) fielding, it's great that companies have this practice, now Please Please Please just do the hashing on the client side when users send DNT:1, and we will all be happy
17:59:13 [rigo]
q?
17:59:18 [rigo]
ack tl
17:59:30 [npdoty]
tl: we're having a detailed discussion of legal compliance, better put in the Global Considerations document
17:59:41 [npdoty]
... we're talking about a voluntary system to do a particular thing with a particular preference
17:59:44 [vincent_]
vincent_ has joined #dnt
17:59:53 [ifette]
ifette has joined #dnt
18:00:12 [npdoty]
... we should expect the legal regimes to do the best thing for their citizens, may facilitate ways to comply with those legal regimes
18:00:24 [npdoty]
ack ShaneW
18:00:27 [mischat__]
mischat__ has joined #dnt
18:00:30 [rigo]
ack shanew
18:01:08 [npdoty]
ShaneW: art29wp side, if we add non-normative text narrowing down the use cases, we'll actually be in alignment, in the same ball park?
18:01:30 [npdoty]
rvaneijk: will send a template for the non-normative text, work with Shane on that
18:02:02 [npdoty]
ShaneW: re FTC, talked about user expectations and examples, examples may bridge the divide more cleanly
18:02:15 [npdoty]
... descriptive guidance on how we might find a hybrid here
18:02:31 [rvaneijk]
(proportionality and subsidiarity weight against the intrusion on user privacy)
18:03:23 [npdoty]
<laughter about putting FTC folks on the spot representing the full commission>
18:03:47 [npdoty]
rigo: shouldn't get in to legal discussions, but should decide if our stuff is useful in a certain surrounding
18:03:56 [npdoty]
ack Rigo
18:04:07 [justin_]
justin_ has joined #dnt
18:04:12 [alex]
alex has joined #dnt
18:05:06 [rvaneijk]
WP29 does care about party size, but discussion still has to be done on how big is a party.
18:05:13 [npdoty]
aleecia: I think what we heard on the call last week is that the FTC can do tradeoffs, trading off larger party size for narrower uses
18:05:33 [npdoty]
efelten: the FTC report did talk about some of these issues and I would refer you there
18:05:46 [npdoty]
... if there's a lack of clarity, feel free to ask ed
18:06:01 [npdoty]
... Julie Brill was here yesterday and talked about conversation and a process where not everyone will get everything they want
18:06:26 [npdoty]
... I don't think the Commission feels they want to push this group to a single position, just strongly support this group moving towards consensus
18:06:32 [npdoty]
aleecia: happy face!
18:06:43 [npdoty]
... closed 59% now, including the issues we've opened even being here
18:06:45 [schunter]
schunter has joined #dnt
18:07:04 [npdoty]
... unified drafts on points of compliance
18:07:11 [npdoty]
... Tom and Shane to discuss next week
18:07:24 [npdoty]
if not done, invited to Aleecia's house for dinner
18:07:49 [npdoty]
action: lowenthal to talk with Shane about an updated compliance proposal
18:07:50 [trackbot]
Created ACTION-178 - Talk with Shane about an updated compliance proposal [on Thomas Lowenthal - due 2012-04-19].
18:08:05 [npdoty]
aleecia: and there's an action open on Aleecia to present that to the full group
18:08:19 [npdoty]
... sharpened where we are divided
18:08:34 [npdoty]
aleecia: still need to do a response to the CG, though it might be lightweight
18:08:40 [npdoty]
... some editorial work on readability
18:08:53 [npdoty]
... Last Call means we're not taking more issues internally
18:09:06 [npdoty]
... if you need more time to discuss internally, please start early
18:09:19 [npdoty]
... are there new issues that we haven't thought about? we need to know those
18:09:44 [npdoty]
... would prefer not to hold another f2f, but we are more effective in this format
18:10:03 [npdoty]
... looking at a possible meeting end of June, more to come soon
18:10:40 [npdoty]
... thanks for your participation and to schunter for his patience
18:11:06 [Lia]
Lia has joined #dnt
18:11:42 [npdoty]
no objections to closing this meeting early -- we'll be done by 3
18:11:47 [justin_]
I can scribe if you need a break, npdoty
18:11:57 [npdoty]
encouraged to continue discussing stuff, but the main group will be over
18:12:02 [npdoty]
scribenick: justin_
18:12:06 [fielding]
FYI, scheduling, I plan on not being available during July and August due to sabbatical.
18:12:10 [npdoty]
thank you justin_!
18:12:48 [justin_]
dsinger: outstanding questions: 2. how do we populate an manage the list for the site?
18:13:09 [hwest]
Question, since I was not in the exception group - does the API have a full list of third parties?
18:13:14 [justin_]
Wileys: thought this had been resolved, but questions about to handle removal
18:13:21 [dsinger]
q?
18:13:32 [ifette]
ifette has joined #dnt
18:13:43 [justin_]
. . . everything else off on UI, so I think we're done here
18:13:56 [justin_]
. . . conceptual agreement but no draft text (but action-itemed)
18:13:59 [hwest]
Or is this list the list of exceptions?
18:14:32 [justin_]
dsinger: let's take off-line until we see what APIs we need
18:14:52 [justin_]
. . . new question: (3) What is the accountability for a site-wide exception?
18:15:09 [aleecia]
aleecia has joined #dnt
18:15:12 [aleecia]
q+ forgot to give Nick time on logo; revisions to getting to closed (end of the queue is great, I meant to bring these up and forgot)
18:15:21 [aleecia]
heh, fail
18:15:27 [rigo]
q+
18:15:27 [johnsimpson]
q?
18:15:32 [aleecia]
ack forgot
18:15:32 [Zakim]
forgot, you wanted to give Nick time on logo; revisions to getting to closed (end of the queue is great, I meant to bring these up and forgot)
18:15:33 [justin_]
npdoty, got it, keep trying to remember, keep screwing up
18:15:42 [aleecia]
(sigh)
18:15:44 [tl]
tl has joined #dnt
18:16:13 [justin_]
WileyS: we should add non-normative text warning about risks about overly broad exception requests.
18:16:27 [aleecia]
q+
18:16:29 [aleecia]
q- later
18:16:34 [justin_]
... use SHOULD and MAY language, but ultimately up to companies to convince consumers to grant
18:16:44 [npdoty]
this sounds like a section for the Compliance doc, that the TPE doc can refer to
18:17:06 [justin_]
(crosstalk about who should draft action item)
18:17:34 [justin_]
WileyS working with ninja and npdoty to develop text
18:17:43 [jmayer]
+q
18:17:46 [justin_]
Wileys: Is working group OK with this being non-normative?
18:17:51 [hwest]
q+
18:17:52 [dsinger]
q?
18:17:56 [justin_]
tl: I'm comfortable with that too
18:18:03 [aleecia]
q- later
18:18:07 [aleecia]
ack aleecia
18:18:10 [johnsimpson]
q?
18:18:28 [npdoty]
action: wiley to draft section on seriousness of the request for a user-granted exception (with ninja)
18:18:28 [trackbot]
Created ACTION-179 - Draft section on seriousness of the request for a user-granted exception (with ninja) [on Shane Wiley - due 2012-04-19].
18:18:46 [justin_]
... companies are taking brand responsibility in the requests they make
18:18:59 [justin_]
... consumers can make their decisions based on trustworthiness
18:19:10 [aleecia]
ack rigo
18:19:13 [npdoty]
action-179: nick may also be interested in drafting
18:19:13 [trackbot]
ACTION-179 Draft section on seriousness of the request for a user-granted exception (with ninja) notes added
18:19:22 [alex]
Q?
18:19:23 [JC]
p?
18:19:28 [JC]
q?
18:19:43 [aleecia]
JC is helping us mind our p's and q's
18:19:44 [justin_]
rigo: giving the first party responsibility for the constellation of third parties is very common law approach
18:20:12 [justin_]
... you can't convey liability to first parties for third party behavior in this spec
18:20:30 [hwest]
q-
18:20:46 [ShaneW]
+q
18:20:52 [justin_]
dsinger: stick to question --- OK just to have non-normative text?
18:20:59 [rigo]
ack jmayer
18:21:07 [hwest]
A note on this language: we will likely need to tweak it based on the outcome of the exception discussions
18:21:12 [justin_]
jmayer: agree non-normative text is fine, but want to be clear about implications
18:21:20 [hwest]
(i.e., if we don't have granular exceptions)
18:22:39 [justin_]
... some had been under impression that site-wide exception implied a legal representation on the part of the first party
18:22:54 [justin_]
... admitted, there are still non-legal incentives in place . . .
18:23:14 [dsinger]
q?
18:23:20 [justin_]
... difference in understanding my change people's opinions
18:23:22 [aleecia]
ack shanew
18:23:28 [hwest]
q+
18:23:36 [justin_]
WileyS: non-normative text should be clear that it doesn't affect liability
18:23:37 [rigo]
q?
18:24:07 [justin_]
hwest: like the language, but it will need to be tweaked based on what sort of user-granted exceptions we end up allowing
18:24:19 [npdoty]
there's no proposal where we don't have site-wide exceptions, so this text will always be necessary, right?
18:24:38 [npdoty]
ack hwest
18:25:04 [ShaneW]
+q
18:25:15 [npdoty]
ack ShaneW
18:25:17 [tl]
+q
18:25:19 [aleecia]
ack Shanew
18:25:23 [justin_]
dsinger: one last issue: Who asks for permission, and how, if a third party doesn't have a script presence?
18:25:37 [fielding]
q+
18:26:05 [justin_]
WileyS: This is a web-wide exception ('cause it's a third party).
18:26:44 [justin_]
... The answer is the NAI/DAA website in reverse. First-party provides a laundry list of third parties you want to ask for permission for.
18:27:07 [schunter]
q+
18:27:09 [npdoty]
ack tl
18:27:10 [justin_]
... user would then pick the ones she's fine granting permission for
18:27:26 [jmayer]
+q
18:27:26 [justin_]
tl: partially agree with Shane, but not sure it needs to be that complicated
18:27:27 [fielding]
q-
18:27:40 [rigo]
everything that is simpler than what Shane just depicted would be better
18:27:56 [rigo]
but we need a possibility to ask for permission
18:28:04 [npdoty]
"effective script origin", yeah?
18:28:13 [justin_]
WileyS: yes it does, because we've agreed on origin restrictions
18:28:22 [schunter]
Can a pixel/image start a redirect (using a header) to then load html with Javascript?
18:28:31 [ShaneW]
q?
18:28:32 [justin_]
dsinger: first-party has to initiate it somehow
18:28:35 [rigo]
q?
18:28:51 [npdoty]
does this satisfy alex's use case?
18:29:21 [justin_]
alex: my concern with that approach:
18:29:46 [justin_]
... in this case, I have no real estate on the page, and no business relationship with the first-party
18:29:57 [justin_]
everyone: then what are you doing there?
18:30:18 [justin_]
alex: here's the use case
18:30:41 [tl]
+q
18:30:48 [rigo]
q?
18:31:05 [justin_]
... if there are two first parties and we want to measure both of them . . .
18:31:15 [aleecia]
ack schunter
18:31:26 [justin_]
schunter: <obscured by voices in the hall>
18:32:23 [rigo]
q?
18:32:26 [rigo]
ack jmayer
18:32:27 [justin_]
alex: today's model has to adapt for the things we want to do
18:32:27 [npdoty]
schunter: can a pixel re-direct to load a script? --- sounds like: no.
18:32:47 [aleecia]
ack tl
18:32:47 [schunter]
schunter said: TrackingPixeler needs relationship with someone who has a someonw who is able to load HTML on the page,.
18:32:51 [npdoty]
ack tl
18:32:54 [justin_]
jmayer: this is super-trivial, can change your practices very easy
18:33:01 [justin_]
tl: +1 to jmayer
18:33:35 [aleecia]
action-120?
18:33:35 [trackbot]
ACTION-120 -- Alexandros Deliyannis to write a proposal on web-wide exception API (for ISSUE-113) (with npdoty) -- due 2012-04-04 -- OPEN
18:33:35 [trackbot]
http://www.w3.org/2011/tracking-protection/track/actions/120
18:33:35 [justin_]
dsinger: relaxing x-origin restrictions probably not worth it for your problem
18:33:37 [tl]
+q
18:33:39 [jmayer]
To be precise, you can just use an iframe instead of an img.
18:33:50 [justin_]
alex: I have suggested text on this issue, Issue-120
18:33:52 [npdoty]
alex, I think maybe we can talk about different mechanisms that user agents could use to make a decision
18:33:53 [jmayer]
If the iframe gets DNT: 0, do the same tracking you would do with the img.
18:34:03 [justin_]
Action 120, rather
18:34:03 [trackbot]
Sorry, couldn't find user - 120,
18:34:06 [amyc]
amyc has joined #DNT
18:34:11 [jmayer]
If the iframe gets DNT: 1, return HTML with script in, request an exception.
18:34:25 [npdoty]
q?
18:34:26 [npdoty]
ack tl
18:34:28 [justin_]
tl: we've already worked this out, I strongly object to a new parallel technique for those who don't want to embed a script
18:34:41 [aleecia]
queue closed.
18:34:48 [hwest]
A response - why would we be encouraging more people to use more scripts?
18:34:57 [justin_]
dsinger: and you shouldn't have the authority to follow the user
18:35:03 [jmayer]
hwest, this is a one-time exception request script in an iframe.
18:35:04 [hwest]
(Or more specifically, do we want to open that particular pandora's box?)
18:35:07 [justin_]
dsinger: that was the last issue --- all done here!
18:35:11 [jmayer]
It's sandboxed from the main page.
18:35:20 [hwest]
jmayer, I don't think that works
18:35:31 [jmayer]
hwest, is that a technical claim?
18:35:35 [npdoty]
thanks to dsinger for leading us through all of these!
18:35:36 [justin_]
schunter: I'm going to do something nasty. Going through raised issues list and see if that raises any new ones
18:35:37 [hwest]
Or at least you can't just do the iframe when you need the request
18:36:47 [justin_]
npdoty: W3C likes logos for high-profile works. We did this with HTML5 recently.
18:36:53 [fielding]
Alex's proposal is at http://www.w3.org/mid/2DB61344-AB42-4533-9763-39F348479222@nielsen.com
18:36:55 [dstark]
dstark has joined #dnt
18:37:06 [justin_]
... our PR guy wants me to develop an image for this process.
18:38:02 [justin_]
wseltzer: <displays snazzy HTML5 shield>
18:38:53 [justin_]
dsinger: this brings up issues of messaging to users
18:39:10 [justin_]
... this is a conversation we can have offline
18:39:11 [jmayer]
iDNT
18:39:35 [npdoty]
dsinger: I've talked to hwest about having a conversation (with users and research and so on) about text presented to the user, etc.
18:39:49 [npdoty]
Q?
18:39:53 [justin_]
schunter: just one raised issue left
18:39:53 [npdoty]
q+ ShaneW
18:40:10 [aleecia]
ack shanew
18:40:38 [fielding]
see link above
18:40:48 [justin_]
... it's ISSUE-137: Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s)
18:40:51 [ShaneW]
Suggested Title: Web-Wide Exception Well Known URI
18:41:26 [justin_]
... will leave this as open issue
18:41:53 [npdoty]
issue: should we have Web-Wide Exception via a Well-Known URI?
18:41:53 [trackbot]
Created ISSUE-139 - Should we have Web-Wide Exception via a Well-Known URI? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/139/edit .
18:42:11 [ShaneW]
Alex: All yours now :-)
18:42:13 [npdoty]
issue-139: see Alex's proposal at http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0076.html
18:42:13 [trackbot]
ISSUE-139 Should we have Web-Wide Exception via a Well-Known URI? notes added
18:42:21 [justin_]
dsinger: Can we reserve and say that "extensions are currently reserved"?
18:42:27 [justin_]
fielding: this issue isn't ripe yet
18:42:29 [npdoty]
q?
18:42:41 [aleecia]
Hi Nick, I'd created issue-138 :-)
18:42:42 [justin_]
dsinger: don't want the question to get lost in the future
18:42:52 [amyc]
or do we just delete any language about extensions?
18:42:58 [amyc]
from current spec?
18:43:02 [justin_]
action item created for dsinger
18:43:02 [trackbot]
Sorry, couldn't find user - item
18:43:24 [aleecia]
(also on actions, we still have Tracking Preference Expression (DNT) and could drop the (DNT) at some point)
18:43:36 [npdoty]
close issue-139
18:43:36 [trackbot]
ISSUE-139 Should we have Web-Wide Exception via a Well-Known URI? closed
18:43:37 [justin_]
schunter: anything else?
18:43:38 [aleecia]
<grin>
18:43:41 [npdoty]
(sorry for the dupe)
18:43:59 [justin_]
... thank you very much, <gavel>
18:44:01 [npdoty]
<applause all around>
18:44:31 [npdoty]
schunter: amazed how much progress we can make during the f2f's
18:44:43 [justin_]
... hopeful this can be resolved without another f2f
18:44:57 [johnsimpson]
johnsimpson has left #dnt
18:44:59 [justin_]
... but will get back to you about new venue shortly!
18:45:04 [justin_]
... adjourned
18:45:25 [aleecia]
thank you to MSFT!
18:45:47 [wseltzer]
+1 on the thanks!
18:46:59 [npdoty]
rrsagent, draft minutes
18:46:59 [RRSAgent]
I have made the request to generate http://www.w3.org/2012/04/12-dnt-minutes.html npdoty
18:47:44 [npdoty]
Chair: schunter
18:47:53 [npdoty]
Meeting: Tracking Protection Working Group face-to-face
18:53:24 [schunter]
schunter has joined #dnt
19:53:28 [tl]
tl has joined #dnt
20:11:30 [tl]
tl has joined #dnt
20:13:25 [mischat]
mischat has joined #dnt
20:47:59 [Zakim]
Zakim has left #dnt
21:19:10 [ifette]
ifette has joined #dnt
21:20:03 [ifette_]
ifette_ has joined #dnt
21:28:47 [ifette_]
ifette_ has joined #dnt
21:58:50 [alex]
alex has joined #dnt
22:04:42 [mischat]
mischat has joined #dnt
22:27:42 [schunter]
schunter has joined #dnt
22:49:02 [hwest]
hwest has joined #dnt
22:49:12 [hwest_]
hwest_ has joined #dnt
23:50:41 [schunter1]
schunter1 has joined #dnt