15:42:08 RRSAgent has joined #dnt 15:42:08 logging to http://www.w3.org/2013/05/22-dnt-irc 15:42:10 RRSAgent, make logs world 15:42:10 Zakim has joined #dnt 15:42:12 Zakim, this will be 15:42:12 I don't understand 'this will be', trackbot 15:42:13 Meeting: Tracking Protection Working Group Teleconference 15:42:13 Date: 22 May 2013 15:42:19 Zakim, this will be 87225 15:42:19 ok, npdoty; I see T&S_Track(dnt)12:00PM scheduled to start in 18 minutes 15:50:01 efelten has joined #dnt 15:52:54 rvaneijk has joined #dnt 15:55:55 T&S_Track(dnt)12:00PM has now started 15:56:03 +schunter 15:57:16 +efelten 15:58:16 +npdoty 15:58:37 fielding has joined #dnt 15:58:46 Yianni has joined #DNT 15:58:55 zakim, call thomas-781 15:58:55 ok, tlr; the call is being made 15:58:56 +Thomas 15:59:14 zakim, I am thomas 15:59:14 ok, tlr, I now associate you with Thomas 15:59:16 zakim, mute me 15:59:16 Thomas should now be muted 15:59:20 +Yianni 15:59:26 +Chris_IAB 15:59:27 Zakim, who is on the phone 15:59:28 I don't understand 'who is on the phone', schunter 15:59:31 Zakim, mute me 15:59:31 Yianni should now be muted 15:59:38 Chris_IAB has joined #dnt 15:59:39 Zakim, who is on the phone? 15:59:39 On the phone I see schunter, efelten, npdoty, Thomas (muted), Yianni (muted), Chris_IAB 15:59:42 +RichardWeaver 15:59:52 +kulick 15:59:54 Richard_comScore has joined #dnt 15:59:59 jchester2 has joined #dnt 16:00:01 is there a call today? 16:00:04 samsilberman has joined #dnt 16:00:07 +Fielding 16:00:17 Lmastria_DAA has joined #dnt 16:00:34 +jchester2 16:00:35 +phildpearce 16:00:36 +Peder_Magee 16:00:36 + +1.415.436.aaaa 16:00:36 zakim, mute me 16:00:38 jchester2 should now be muted 16:00:40 + +1.781.482.aabb 16:00:43 WileyS has joined #DNT 16:00:46 phildpearce has joined #dnt 16:00:49 I'm joining from 212-380-xxxx 16:00:52 +Chris_Pedigo 16:00:54 adrianba has joined #dnt 16:00:57 +[DAA] 16:01:01 dan_auerbach has joined #dnt 16:01:01 ChrisPedigoOPA has joined #dnt 16:01:02 peterswire has joined #dnt 16:01:08 paulohm has joined #dnt 16:01:11 susanisrael has joined #dnt 16:01:12 zakim aabb is samsilberman 16:01:13 hefferjr has joined #dnt 16:01:18 <_023263538magee> _023263538magee has joined #dnt 16:01:23 npdoty, thanks-- I'm on the East Coast today, so I guess I was just "early" 16:01:39 + +1.212.231.aacc 16:01:41 +paulohm 16:01:55 sidstamm has joined #dnt 16:02:02 vincent has joined #dnt 16:02:08 + +1.301.365.aadd 16:02:09 +Craig_Spiezle 16:02:12 + +49.431.98.aaee 16:02:21 301.365.0653 is peter swire's line today 16:02:22 Zakim, aaee is ninjamarnau 16:02:22 +ninjamarnau; got it 16:02:25 +vinay 16:02:29 zakim, mute thomas 16:02:29 Thomas was already muted, tlr 16:02:29 Zakim, aadd is peterswire 16:02:31 +??P51 16:02:31 +peterswire; got it 16:02:32 -??P51 16:02:33 susanisrael has joined #dnt 16:02:34 Zakim, aabb is samsilberman 16:02:35 CraigSpiezle has joined #dnt 16:02:37 +samsilberman; got it 16:02:37 Zakim, aadd is swire 16:02:38 sorry, schunter, I do not recognize a party named 'aadd' 16:02:43 +[Mozilla] 16:02:48 Zakim, Mozilla has sidstamm 16:02:48 +sidstamm; got it 16:02:52 +hefferjr 16:02:53 Zakim, who is on the phone? 16:02:53 On the phone I see schunter, efelten, npdoty, Thomas (muted), Yianni (muted), Chris_IAB, RichardWeaver, kulick, Fielding, jchester2 (muted), Peder_Magee, phildpearce, 16:02:56 ... +1.415.436.aaaa, samsilberman, Chris_Pedigo, [DAA], paulohm, +1.212.231.aacc, peterswire, Craig_Spiezle, ninjamarnau, vinay, [Mozilla], hefferjr 16:02:56 [Mozilla] has sidstamm 16:03:07 +vincent 16:03:13 zakim, aacc is WileyS 16:03:13 +WileyS; got it 16:03:14 + +1.202.787.aaff 16:03:30 cOlsen has joined #dnt 16:03:30 +BerinSzoka 16:03:33 Zakim 917.934.1044 is susanisrael 16:03:35 + +1.202.344.aagg 16:03:37 JC has joined #DNT 16:03:43 am on phone from 212.790.xxxx 16:03:47 scribenick: susanisrael 16:04:12 +[Microsoft] 16:04:28 Zakim, [DAA] has Lmastria_DAA 16:04:28 +Lmastria_DAA; got it 16:04:32 schunter: will run call in 2 parts, 1st, TPE, 2nd, compliance 16:04:41 +Wendy 16:04:57 issue-194? 16:04:57 ISSUE-194 -- How should we ensure consent of users for DNT inputs? -- open 16:04:57 http://www.w3.org/2011/tracking-protection/track/issues/194 16:05:04 Mike_Zaneis has joined #dnt 16:05:07 +[Microsoft.a] 16:05:14 zakim, [Microsoft.a] is me 16:05:14 +adrianba; got it 16:05:26 schunter: I provided several issues to discuss. 194. how decide content of users for dnt input? 16:05:37 Zakim, who is on the phone? 16:05:37 On the phone I see schunter, efelten, npdoty, Thomas (muted), Yianni (muted), Chris_IAB, RichardWeaver, kulick, Fielding, jchester2 (muted), Peder_Magee, phildpearce, 16:05:40 ... +1.415.436.aaaa, samsilberman, Chris_Pedigo, [DAA], paulohm, WileyS, peterswire, Craig_Spiezle, ninjamarnau, vinay, [Mozilla], hefferjr, vincent, +1.202.787.aaff, BerinSzoka, 16:05:40 ... +1.202.344.aagg, [Microsoft], Wendy, adrianba 16:05:40 [DAA] has Lmastria_DAA 16:05:40 [Mozilla] has sidstamm 16:05:49 ...currently dnt tools have input 1 and 0 but so do many tools so hard to say if they compliance 16:05:50 +mecallahan 16:05:56 +[FTC] 16:06:00 mecallahan has joined #dnt 16:06:01 q+ 16:06:11 +WaltMichel_Comcast 16:06:23 +jeffwilson 16:06:29 Brooks has joined #dnt 16:06:32 +dwainberg 16:06:36 kulick has joined #dnt 16:06:38 dwainberg has joined #dnt 16:06:40 one idea at f2f was to introduce tools ....including 2 and 4 ....there are legacy things that send 1, 0 and new ones that send 2, 4 16:06:49 Zakim 202.344.aagg is me 16:06:53 q+ to ask whether we didn't decide that legacy *wasn't* the problem 16:07:02 s/2 and 4/true and false/ 16:07:04 if they receive 2, 4 they must follow guidance, and if they get legacy signals they have to decide.... 16:07:06 Zakim, aagg is Mike_Zaneis 16:07:06 +Mike_Zaneis; got it 16:07:16 s/2, 4/true, false/ 16:07:25 q+ 16:07:26 *tx e felten. having trouble hearing schunter 16:07:43 q? 16:07:45 q+ 16:07:45 q? 16:07:46 would like feedback and 2, 4/true/false..... 16:07:52 q+ to ask: what will stop the (noncompliant/legacy) tools from sending the new signals? 16:07:54 ack fielding 16:07:58 +hwest 16:08:03 I don't believe there is much value for the true/false flags. The effort to update code to this area doesn't seem to buy us any protection 16:08:08 hwest has joined #dnt 16:08:13 +1 to Roy 16:08:28 ack npdoty 16:08:28 npdoty, you wanted to ask whether we didn't decide that legacy *wasn't* the problem 16:08:32 yes, +1 to fielding 16:08:35 ...fielding: problem is that only problems we are having with UAs right now is deliberate mis-sending of signals and i don't want to send more data over wire, particularly more variations of same, doesn't solve anything 16:08:35 What did Roy say?? 16:08:46 ok 16:08:48 q- since my question was asked 16:08:54 q- 16:08:57 npdoty: was going to echo roy, but thought we decided at f2f that legacy not the issue..... 16:08:58 q? 16:09:03 schunter: what to do? 16:09:11 ack dan_auerbach 16:09:15 npdoty: thought we decided to stick with 0 and 1 16:09:36 danauerbach: agree with roy and nick and it would create unhelpful clutter 16:09:36 q? 16:09:46 ack hefferjr 16:09:46 ack hefferjr 16:09:48 I said that the issue right now is UAs (and others) deliberately sending a signal that is not based on user choice -- adding two more signals does not solve anything. 16:10:10 … and I really don't want to send more bytes on the wire than 8. 16:10:12 not sure waiting will help 16:10:16 hefferjr: have no opinion on value of abandoning 0 and 1 but if we do let's delay until spec and responsibilities are finalized before we change signals 16:10:54 q? 16:10:57 schunter: i think about signals, True can be abbreviated with "T" but if no one wants True and False in addition to 0, 1 we can close issue....does anyone want more signals? 16:11:02 is there anyone who wants to have more signals than 0 and 1, for any reason? 16:11:07 +q 16:11:08 schunter: doesn't seem to be the case.... 16:11:29 I think we wouldn't close issue-194, as it covers some other topics 16:11:29 schunter: so if you go back to the issue..... 16:11:29 q? 16:11:31 ack WileyS 16:11:33 ack Wil 16:11:52 moneill2 has joined #dnt 16:12:07 mostly non-user-agent http clients 16:12:19 wileys: i think roy caught this in irc, but want to reiterate this from f2f, we have many user agents sending signals without user preference so I don't see value in this approach, just as easy to game the system with new flags 16:12:23 agree with Shane 16:12:52 WileyS, do you mean user agents like browsers or things like firewalls? 16:12:55 I think "DNT: 1" is explicitly misstating in these cases, given our definition of DNT: 1 16:12:57 schunter: to some extent i agree, the argument i heard was that if bad agents are required to explicitly misstate what they do this creates a hook for legal action 16:13:06 Sid, all the above 16:13:15 ok, so they would be noncompliant 16:13:16 +q 16:13:29 .....naturally anyone can send these signals but they are misstating but if no one thinks this make sense or is useful we should not do it.... 16:13:33 q+ 16:13:42 q+ 16:13:47 ack peterswire 16:13:50 ack pet 16:13:56 Sid, yes, if the final standard states sending DNT:1 without specific and express user action/preference setting, then they would be in non-compliance. 16:14:18 makes sense, WileyS 16:14:20 Sending "t" is as much bytes as sending "1" 16:14:41 q? 16:14:45 peterswire: i have no view on right answers, but what mattias stated is what i heard from some people, especially on site side. for example, i heard that if anti-virus is sending signals this might help in legal action if people say they are sending false signals 16:14:46 ack Chris_IAB 16:14:48 ack Chris 16:15:32 peterswire, would you want to follow up with any of those people directly to see if they want to come forward subsequently with a text proposal or use case? 16:15:34 q? 16:15:34 chris_iab: agree with shane, the problem is the signal can be hijacked. one of the fundamental problems with sending http signals. so i dont think this adds credibility to argument that this provides a legal hook of some sort 16:15:39 ack sidstamm 16:15:39 ack sidstamm 16:15:41 everyone should use HTTPS so that network intermediaries can't hijack. i know this doesn't fully solve the problem, but it helps... 16:15:48 Zakim, who is on the phone? 16:15:48 On the phone I see schunter, efelten, npdoty, Thomas (muted), Yianni (muted), Chris_IAB, RichardWeaver, kulick, Fielding, jchester2 (muted), Peder_Magee, phildpearce, 16:15:51 ... +1.415.436.aaaa, samsilberman, Chris_Pedigo, [DAA], paulohm, WileyS, peterswire, Craig_Spiezle, ninjamarnau, vinay, [Mozilla], hefferjr, vincent, +1.202.787.aaff, BerinSzoka, 16:15:51 ... Mike_Zaneis, [Microsoft], Wendy, adrianba, mecallahan, [FTC], WaltMichel_Comcast, jeffwilson, dwainberg, hwest 16:15:51 [DAA] has Lmastria_DAA 16:15:51 [Mozilla] has sidstamm 16:16:20 npdoty, yes i am 16:16:24 sidstamm: made this point at f2f, but important so repeating. With TPE there will have to be some trust on both sides of protocol. sure, UAs who don't get consent "properly" are noncompliant..... 16:16:28 apologies, didn't realize my # wasn't saved 16:16:28 Zakim, aaaa is dan_auerbach 16:16:28 +dan_auerbach; got it 16:16:37 +[IPcaller] 16:16:53 zakim, [IPCaller] is me 16:16:53 +moneill2; got it 16:16:55 but for purpose of TPE, we need to assume everyone is being honest. For TPE doc, let's just focus on protocol itself. 16:16:59 q? 16:17:36 q+ 16:17:40 schunter: so we seem to have agreement to leave 1,0 signals. a related question i have is can we close issue 194? since we have no idea how to protect signals? or keep it open? 16:17:48 yes, we can reopen if someone finds up with a way to guarantee authenticity of the signal. 16:17:53 http://www.w3.org/2011/tracking-protection/track/issues/194 16:17:55 +q 16:17:58 BerinSzoka has joined #DNT 16:17:59 +q 16:18:00 issue-194? 16:18:00 ISSUE-194 -- How should we ensure consent of users for DNT inputs? -- open 16:18:00 http://www.w3.org/2011/tracking-protection/track/issues/194 16:18:51 npdoty: i am all for decreasing number of issues, but in this case i think issue 194 is intended to cover more than whether we would change syntax of dnt signal, so i think we should just add a note about sticking with 0, 1 to issue 16:18:54 ack npdoty 16:18:59 schunter: agree 16:19:01 q? 16:19:06 ack peter 16:19:09 -jeffwilson 16:19:32 Who proposed this? 16:19:37 we can re-open the issue if new information is provided 16:19:39 q+ 16:19:50 Chappell was on this issue, but is not on the call 16:19:54 peterswire: i might be misrembering but some people i think i remember discussing this with are not on call today, so i am not sure of procedure, but I would be inclined to follow up with them and make sure they have no strong views 16:20:10 we can "close" this part of an issue, and re-open if we hear new concerns 16:20:16 +1 16:20:16 q- 16:20:18 FYI- NAI Summit is today, so low attendance from industry 16:20:20 +1 16:20:22 schunter: suggest following nick's suggestion of putting comment in issue, then suggest people post to mailing list if they have strong feelings, ok? 16:20:32 Ack BerinSzoka 16:20:34 +jeffwilson 16:20:38 NAI Summit was yesterday 16:20:45 q+ 16:21:01 Chapell has joined #DNT 16:21:05 NAI Board Meeting is today - which I'm ditching for 90 mins to be here :-) 16:21:13 berinszoka: i don't know enough to have an informed opinion, but as to chris's point, it's a problem if signal can be hijacked. Everyone here wants signal to be legally binding, and wants to trust it.... 16:21:22 issue-194: agreement that we would continue with DNT: 0 and DNT: 1 (rather than a change to obsolete legacy clients, or for other reasons), but issue-194 may cover additional things 16:21:22 Notes added to ISSUE-194 How should we ensure consent of users for DNT inputs?. 16:21:48 I don't think we want any language about legal enforcability in a technical standard 16:21:50 q? 16:21:52 ....so getting back to analogy of dock and ship, it might be a good thing for consumer advocates to make sure signal is robust. I think we may want to have a conversation about legal enforceability. 16:21:55 ack Thomas Roessler (DNT) 16:21:55 ack t 16:22:06 schunter: i think we all want strong signal 16:22:16 Present+ Jack_Hobaugh 16:22:22 Zakim, who is on the phone? 16:22:22 On the phone I see schunter, efelten, npdoty, Thomas, Yianni (muted), Chris_IAB, RichardWeaver, kulick, Fielding, jchester2 (muted), Peder_Magee, phildpearce, dan_auerbach, 16:22:25 ... samsilberman, Chris_Pedigo, [DAA], paulohm, WileyS, peterswire, Craig_Spiezle, ninjamarnau, vinay, [Mozilla], hefferjr, vincent, +1.202.787.aaff, BerinSzoka, Mike_Zaneis, 16:22:25 ... [Microsoft], Wendy, adrianba, mecallahan, [FTC], WaltMichel_Comcast, dwainberg, hwest, moneill2, jeffwilson 16:22:25 [DAA] has Lmastria_DAA 16:22:25 [Mozilla] has sidstamm 16:22:25 peterswire, Chapell just joined 16:22:30 Thomas, could you just explain why you think we're meeting htt threshold? 16:22:35 htt=that 16:22:50 sorry folks - i'm having trouble extricating myself from the nai board meeting 16:22:50 peterswire, to your last point about not having the right folks on the call re the last issue 16:22:52 tlr: i agree with berin that signal should be reliable, and i think we are meeting that threshold in what we have,,,,but happy to reopen if we have actual technical means to strengthen it, but otherwise wouldn't reopen it..... 16:22:55 Zakim, drop aaff 16:22:55 +1.202.787.aaff is being disconnected 16:22:57 - +1.202.787.aaff 16:22:58 I'm not saying we're not meeting the threshold. but some people seem to think we're not 16:23:04 berin, I'm making a symmetry argument. 16:23:11 issue-137? 16:23:11 ISSUE-137 -- Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s) -- pending review 16:23:11 http://www.w3.org/2011/tracking-protection/track/issues/137 16:23:11 schunter: nick pls add note to issue 16:23:21 If HTTP is good enough to serve ads and information about ad impressions, then it's good enough for DNT. 16:23:22 explain? 16:23:24 Thomas, I respectfully disagree - the signal is simply far to easy to hijack in its current form. Its such a fundamental issue that I don't know how we resolve this without significant technical overhead. 16:23:34 +1 to shane 16:23:35 schunter: Issue 137 was David's but it seems he is not on call..... 16:23:54 schunter: so let's postpone this discussion 16:23:54 Or we accept the signal will be gamed in high percentages and attempt to find balance elsewhere 16:24:37 I think we all need to look out for issues that could cause a #DNTFail in the future: as situation where all our work turns out for naught because, for example, some company starts hijacking the signal and servers stop respecting it. 16:24:39 schunter: we are trying to avoid having a chair decision, and so for now we are adding note and want to get to consensus, otherwise peter and i will decide with group input and call for objection..... 16:24:44 yes 16:24:46 yes 16:24:58 peterswire: is volume on call ok? 16:24:58 Topic: Compliance 16:25:01 -moneill2 16:25:20 peterswire, now that we have more folks on the call, do you want to go over the issue we skipped earlier 16:25:32 + +1.202.787.aahh 16:25:39 WileyS: If you assume that most signals are gamed, you can still re-validate consent locally while using the exception API to record your state. 16:25:39 peterswire: i propose to do quick check on sunnyvale issues, then go through jonathan's comments on issue merger and redefinition, then go through fuller list of issues in agenda 16:26:02 Rob, I hope not - trying to find solutions going forward. As with de-identification not all solutions are purely technical in nature, so once the DNT standard becomes a standard, we'll be looking for ways to motivate non-compliance UAs to become compliant. Will be expensive and time consuming (whack-a-mole) but I believe it will be necessary. 16:26:02 ack htomas 16:26:15 peterswire: want to get full set of assignments today. I know tlr is on call only for a while. You are doing something on data retention. 16:26:29 sorry, interested in what? 16:26:47 s/non-compliance/compliant 16:27:00 zakim, mute me 16:27:00 Thomas should now be muted 16:27:06 tlr: update is that i got about a dozen notes from people who said they were interested but haven't been able to schedule yet. Hope to do so in next day or two, apologies for being slow. 16:27:09 scribenick: npdoty 16:27:09 Nick, definitely want to be there 16:27:17 got it. I'm interested, but I think I've already expressed as much :) 16:27:25 peterswire: susanisrael, update or new date? 16:27:56 susanisrael: I've had several conversations, trying to follow up with Jeff Chester with Rigo, but Rigo has been out [sick] for a few days 16:28:11 ... don't like to delay, but might be able to get the language in next week 16:28:19 ... need to go back and forth with Rigo 16:28:20 I look forward to hearing from Susan and Rigo what their proposal is. 16:28:46 susanisrael: owe jeff and justin a call. people have been very helpful, just scheduling issues rather than substantive issues 16:28:58 action-404? 16:28:58 ACTION-404 -- Susan Israel to further Fact finding on scope of audience measurement and the DAA exception (one page of text) -- due 2013-05-15 -- OPEN 16:28:58 http://www.w3.org/2011/tracking-protection/track/actions/404 16:29:15 susanisrael: try for next week on audience measurement 16:29:23 action-404 due 2013-05-29 16:29:23 Set ACTION-404 Further Fact finding on scope of audience measurement and the DAA exception (one page of text) due date to 2013-05-29. 16:29:30 scribenick: susanisrael 16:29:37 action-402? 16:29:37 ACTION-402 -- Shane Wiley to work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures -- due 2013-05-15 -- OPEN 16:29:37 http://www.w3.org/2011/tracking-protection/track/actions/402 16:29:46 action-403? 16:29:46 ACTION-403 -- Justin Brookman to write language on red / yellow / green -- due 2013-05-15 -- OPEN 16:29:46 http://www.w3.org/2011/tracking-protection/track/actions/403 16:29:48 I want to be part of crafting that language 16:30:06 peterswire: on red, yellow, green, shane you and i traded emails. I don't think i have an actual action item but I do have some things from f2f. I hope to have proposed normative text next week.... 16:30:11 dan, audience measurement or traffic light? 16:30:26 ....proposed idea is never have full history with url.... 16:30:35 in particular, I'm hesitant to let any language get into even a draft spec without my signoff, given that this is a joint action item 16:30:41 Zakim, drop aahh 16:30:41 +1.202.787.aahh is being disconnected 16:30:43 - +1.202.787.aahh 16:31:04 ....this would be on top of normative text from daa and ftc, and would include examples from dan and some new examples from nonnormative. should have complete package next week...... 16:31:08 ack thomas 16:31:21 -[DAA] 16:31:25 peterswire: nick pls assign action item to shane 16:31:29 action-402? 16:31:29 ACTION-402 -- Shane Wiley to work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures -- due 2013-05-15 -- OPEN 16:31:29 http://www.w3.org/2011/tracking-protection/track/actions/402 16:31:40 Chapell has joined #DNT 16:31:40 +q 16:31:42 q? 16:31:43 wileys, i think the assigned action item with dan was for something different 16:31:49 tlr: your read, dan? 16:32:06 Okay, I'll take first stab 16:32:17 action-402 due 2013-05-28 16:32:17 Set ACTION-402 Work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures due date to 2013-05-28. 16:32:37 dan: less concerned about dividing actions than whether we agree on text before it gets into a draft spec...on other hand if we want to hammer out text together happyp to do that.... 16:32:38 I'll take first stab to get to the group quickly - we can iterate from there 16:32:58 action-402: text to group sooner rather than later is great, but might include Dan A. or Rob v.E. 16:32:58 Notes added to ACTION-402 Work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures. 16:33:23 peterswire: one question, there was traffic on list as to what to call various different states, and it wasn't clear to some people from the sunnyvale doc. labeling of 3 states somewhat important in my mind.... 16:33:59 zakim, mute me 16:33:59 Thomas should now be muted 16:34:18 ....my current understanding of de-identification language in daa code is analogous to yellow, and if you go all the way to green, that is unlinkable.....that term "de-identified means something different under hipaa.... 16:34:24 I believe de-identified data could be released to the public with little concern of it being reverse engineered 16:34:32 The risk remains with the key holder 16:34:47 WileyS that is a different discussion. 16:35:01 NOTE - if the de-identified data has been appropriately stripped of side-data (data minimization) 16:35:19 ....where it means it is so de-identified you can put it on the web. so in u.s. this term means really de-identified in hipaa, finding a name for that de-identified state is important, in my mind. ok as part of assignment shane? 16:35:35 I am still screaming for a new def for de-identified, e.g. hashed pseudonym 16:35:39 +1 to peter that de-identification is bad naming 16:35:43 yes, agree with Rob 16:35:58 Wileys, your version of de-identified data without the key (which is the same as described Green/Unlinkable) could be released to the public, yeah? 16:36:04 Rob, I speaking in the context of HIPPA only 16:36:10 I know. 16:36:15 wileys: i think labeling should be a separate issue. I think our de-identified state actually meets hipaa bar. It's contentious and has legal ramifications so maybe someone else should do it. 16:36:19 rob, can you take action item to propose different terms? 16:36:21 rvaneijk, would you take a separate action on proposing new names? 16:36:44 rob seems to have strong feelings so perhaps he would be willing to take an action item...nick will follow up offline...... 16:36:47 @tlr yes, but see discussion on the list. 16:36:48 Nick, I believe so - as long as the public doesn't have the key and the de-identified data has been appropriately minimized, there should be little to no risk of reidentification in public hands. 16:36:57 action: van eijk to propose a new set of names around red-yellow-green de-identification 16:36:57 'van' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., rvaneijk, wvanhols). 16:37:04 if it meets the HIPAA bar, will Yahoo release the data publicly? it would be an interesting and important test case for re-identification attacks to resolve our empirical disagreement 16:37:08 ok 16:37:12 ....other action item from sunnyvale had to do with user education and user interface.....was this lou's action item..... 16:37:28 WileyS, see my last comment 16:37:31 action: rvaneijk to porpose a new set of names around yellow state 16:37:31 Created ACTION-406 - Porpose a new set of names around yellow state [on Rob van Eijk - due 2013-05-29]. 16:37:37 Shane, you keep saying that your proposed algorithm leaves data safe to release. What's your technical basis for that claim? 16:37:48 if there's any way Yahoo would be willing to release data, we can revisit the bet you proposed to me about re-identifying a user 16:37:53 i think the browsers were going to work on this and alan wanted to work on it. I also offered to help. 16:38:07 Dan, we would likely not release it publically but perhaps release it to an independent org under NDA to test our assumptions of strength. 16:38:09 peterswire: i don't know whether we have a date for that language.... 16:38:35 Yep, I've offered to help -- I believe there was a discussion but I did not partipcate as they wanted to keep the group relatively small 16:38:39 I don't believe we currently have that tracked under an action item 16:38:45 Chris Mejia can help 16:38:57 <---- this guy can help 16:39:08 peterswire: part of today's goal is to see when we will get some text for the full group..... 16:39:17 seeing that chris mejia can help..... 16:39:18 I'd like to help as well 16:39:22 hearing: Chapell, Chris_IAB interested 16:39:23 Ed, if the record has been appropriately de-identified (see the steps in the graphic Brad Kulick circulated) then releasing that to a 3rd party should come with little risk of reidentification. Something to be tested... 16:39:26 Shane, that'd be a great thing to do, but hard to substitute for public release in terms of getting side channel data for effective attacks. still, feel free to keep me looped in on any release -- i am willing to be proven wrong in terms of the power of "yellow" 16:39:41 sure 16:39:52 Shane, I was asking for a technical rationale. Repeating the claim is not a rationale. 16:40:01 peterswire: seeking traditional idea of people having assignments with date, let's say 2 weeks from alan and chris mejia 16:40:22 * i do think david singer was working on this as well and alex 16:40:43 action: Mejia (with Alan Chapell) to draft text regarding browser education as discussed in Sunnyvale (Item 6 in Draft Framework, also in consensus action summary) 16:40:44 Created ACTION-407 - (with Alan Chapell) to draft text regarding browser education as discussed in Sunnyvale (Item 6 in Draft Framework, also in consensus action summary) [on Chris Mejia - due 2013-05-29]. 16:40:51 peterswire: going next to jonathan mayer's email. I hope it can be handled in a fruitful way despite his not being on..... 16:41:12 Ed, the proposed steps I'm referencing are technical in nature (secret hash of IDs, replacing IP Address, cleansing URLs, removing side-data facts). I apologize if I'm missing what you're asking for. 16:41:19 Topic: Issue Cleanup 16:41:34 Shane, just curious: Is a URL "side data" to be scrubbed? 16:41:35 can someone paste the link to jonathan's email please? 16:41:39 Oxymoron? 16:41:50 Paul, yes, the URL must be scrubbed. 16:41:56 .....we have proposed set of issues that yianni and nick sent to group and one set of comments/concerns came from jonathan.....so thanks to yianni for writing this up while i teach in the summer......legal ethics of washington lawyering.... 16:42:00 moneill2 has joined #dnt 16:42:02 Shane, not just "cleansed" but deleted altogether? 16:42:16 q+ 16:42:18 q+ 16:42:33 +[IPcaller] 16:42:37 Paul, no - cleansing finds the middle ground of removing re-identification risk and maintain utlitiy in remaining data. 16:42:40 email from jmayer on issue cleanup: http://lists.w3.org/Archives/Public/public-tracking/2013May/0092.html 16:42:44 zakim, [IPCaller] is me 16:42:44 +moneill2; got it 16:42:53 q+ 16:43:01 ack dan_auerbach 16:43:04 ....first item was fraud prevention, item 24.......mozilla/eff proposal had more detail re: fraud prevention but we haven't had formal reaching of consensus on different approaches, and we have 2 diff ideas, could put it into pending review 16:43:36 Paul and Dan, I concede that deleting all data is the safest approach to de-identification. Can we please stop repeating that mantra? 16:43:41 Shane, because doesn't any user who knows a single URL they've visited + date + time become an adversary who can then reID all of their rows in the data? 16:43:42 I agree with Dan. No pending review now. 16:43:44 dan auerbach: just wanted to follow up on security cleanup, i agree with jonathan that this should not go to pending reivew yet. think we need to agree on how narrow this should be.... 16:44:04 yes, I think both security and fraud are covered by 24 right now 16:44:09 issue-24? 16:44:09 ISSUE-24 -- Possible exemption for fraud detection and defense -- open 16:44:09 http://www.w3.org/2011/tracking-protection/track/issues/24 16:44:21 q+ 16:44:25 peterswire, this strengthens my recollection that security and fraud are under the same issue. Right? so i think there are at least 2 proposals 16:44:56 davidwainberg: i thought we had consensus at some point that we should not use term fraud bc of the way the term is used in ad industry 16:45:11 q+ 16:45:14 does someone want to take an action item if you don't want to move to pending review? 16:45:16 Paul, if I know my browsing history (I'm the only one who knows those details) and I view a de-identified record set to the point I'm able to recognize my own browsing history - no new knowledge has been gained. What privacy harm has occured in that outcome? 16:45:17 ack dwainb 16:45:19 *I remember this same thing as david and think it preceded peter's joining 16:45:20 -jeffwilson 16:45:31 http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#security 16:45:33 q+ 16:45:35 ack thomas 16:45:44 The language is in the editor's draft already 16:45:45 dwainberg: nick,and justin and i had thread on this but it dropped? 16:45:52 dwainberg, "disingenuous traffic" instead of fraud 16:46:23 current text includes "fraudulent" but also other categories, like "malicious activity" 16:46:25 npdoty: i do think david and justin and i had a discussion on list. I had issues with "invalid" but was wordsmithing, but i think text now captures david's intention....... 16:46:31 q? 16:46:33 q+ 16:46:35 ack peter 16:46:37 q- 16:46:40 ack Chris_IAB 16:46:41 peterswire: david can you review text and report to group.... 16:47:35 q? 16:47:42 chris_iab: i remember conversation david refers to and think it was before you joined. at iab we tend to refer to the kind of traffic that may be called fraudulent as "disingenuous"....security and fraud not always related.... 16:47:55 we are only talking about data collection permissions, not about all security 16:47:57 personally, "disingenuous" is a new one for me, but I would prefer it over "invalid" which would seem to encompass a wider range of unintentionally incorrect traffic 16:48:01 q+ 16:48:09 Shane, I think it can be done with a single URL (+date +time). You don't need a "history." So it's something an adversary can know about a lot of people other than just himself or herself. I'm just confused about why you think the risk of ReID is so low. 16:48:13 +1 to Nick 16:48:14 peterswire: when john callas first addressed group he thought security terms made sense, does that part of it work 16:48:42 q? 16:48:46 Chris, that'd be fantastic! 16:49:02 chris_iab: with respect to john callas, he may not have protected a publisher, we do that and though it's hard maybe i can bring in a speaker.... 16:49:02 Paul, please explain how knowing your own records in a data set helps you re-identify other records in the same dataset? 16:49:05 ack dan_auerbach 16:49:13 Chris - happy to help on the security side vs fraud 16:49:31 dan auerbach: i think it would be fantastic chris if you could wrangle a speaker to discuss details 16:49:49 q? 16:50:10 chris_iab: they don't usually discuss details, but can look at definitions, and talk at a macro level, won't open kimono on everything they do at major publishers..... 16:50:50 Shane, I'm assuming you want to keep a pseudonym that relates rows in the table as belonging to the same person. If you're throwing all such pseudonyms away, that's really great, and I am closer to agreeing with your claim. 16:51:13 dan auerbach: having worked in industry and been on front lines, i think that if opening kimono completely might be off table, they might be able to give some detail, and we could also tighten those defs and get language tighter, separate security and fraud...... 16:51:53 peterswire: heard helpful raising of hands from david wainberg, chris mejia, dan so i would be inclined to give david the pen. would that take week or 2 weeks david? 16:51:54 vinay has joined #dnt 16:52:03 dwainberg: should be quick, can do next week 16:52:12 action: wainberg to review security/fraud text (with chris mejia and dan auerbach) 16:52:13 Created ACTION-408 - Review security/fraud text (with chris mejia and dan auerbach) [on David Wainberg - due 2013-05-29]. 16:52:18 http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#security 16:52:19 peterswire: can also look at separating security/fraud words 16:52:50 action-408: related to issue-24 16:52:50 Notes added to ACTION-408 Review security/fraud text (with chris mejia and dan auerbach). 16:53:12 which action was that? 16:53:28 … the action that tlr is talking about? 16:53:28 tlr: a few ancient action items pending review dealing with graduated response. were on ian fette, [? someone else?] and maybe shane. Does anyone know if this is still a live topic? should we start from clean slate or use text from last october or nov..... 16:53:30 http://www.w3.org/2011/tracking-protection/track/actions/279 16:53:34 ... among others 16:53:40 ....if clean slate, let's close action items.... 16:53:53 apologies, all, I have to leave early for another commitment. 16:53:57 -[Mozilla] 16:54:05 tlr: my preference is to close. can look at same substance in new way..... 16:54:05 +1 to deleting the sentence on graduated response. 16:54:24 I would be happy to ask the editors to integrate proposed text (a definition from Ian) as they find helpful 16:54:46 q? 16:54:47 I need a chance to look 16:54:49 Ian's text is at http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0506.html 16:54:51 before coming to an opinion 16:54:53 peterswire: maybe nick and yianni and i can pull together and ask people on list what their view is. ok? that way not prejudging...... 16:55:21 action: doty to circulate (with yianni, tlr, peter) regarding "graduated response" and old actions 16:55:21 Created ACTION-409 - Circulate (with yianni, tlr, peter) regarding "graduated response" and old actions [on Nick Doty - due 2013-05-29]. 16:55:25 trackbot, link action-408 to issue-24 16:55:25 ACTION-408 (Review security/fraud text (with chris mejia and dan auerbach)) associated with ISSUE-24. 16:55:25 Paul, records would maintain a persistent identifier for a period of time in the de-identified state. Those identifiers don't represent anything in the real-world so I'm still struggling with how that helps you re-identify a record outside of those that you have detailed copy of the fact in a raw form through some other source. Is that what you're suggesting here? Could you please provide a 16:55:26 real-world example of how this would occur? Thank you. 16:55:49 +1 also to adopting Ian's text on graduated response 16:55:57 -Thomas 16:56:03 peterswire: next on jmayer email had to do with issues 191 and 188 re: normative and nonnormative language re: de-identification.....had concerns re merging....staff thought we could work on both together. dan do you have aview? 16:56:10 I don't believe graduated response works in the real-world 16:56:22 Shane, since we're talking about something the call moved off 20 minutes ago, should we maybe take it offline? I'm happy to have a quick call about this later today. I think it can be a very quick call. 16:56:29 We already debunked the idea of adding new cookies during the Security discussion at the F2F 16:56:32 Shane, as one example, the AOL data set contained user identifiers that were completely dissociated from any real-world identifier. 16:56:36 Same with the Netflix dataset. 16:56:41 Among others. 16:56:45 dan auerbach: no strong view but might have to look back at text, but suggest we heed jonathan's request not to merge if he had a concern.... 16:56:47 Ed, the search terms were not cleansed. Next... 16:57:30 q+ 16:57:43 peterswire: next a whole bunch of issues that go to user consent. Some had no action items and no texts, if there is a way to flag dependencies that might be helpful..... 16:57:48 combining issues, to narrow our work scope, seems like a good idea 16:57:57 gotta start working to an end, right? 16:58:02 Ed and Paul, happy to take you through each of the public examples and point out how simple fact cleansing would have removed the risk. 16:58:08 -dwainberg 16:58:09 q? 16:58:14 q- 16:58:14 q- Thomas 16:58:19 npdoty: issue tracker does not have formal note for dependencies, but can add links back to others, narrowing down issues and flagging interdependencies...... 16:58:33 Shane, agree that experience shows it is easy to think your data is safe to release when it's not. 16:58:45 from peter, regarding 132, narrow those down, and just make sure we have links back to the "super issue" 16:58:49 Question is what rationale you have for thinking that your method leaves data safe to release. 16:58:55 q? 16:59:03 npdoty, can you post the current issue being discussed? 16:59:09 peterswire: issue 184 re: 1st and 3rd parties.......whether website can condition access to website on consent to tracking. This issue has not come up since i have been chair though i am familiar with it in other settings. 16:59:16 issue-184? 16:59:16 ISSUE-184 -- 3rd party dependencies in 1st party content -- raised 16:59:16 http://www.w3.org/2011/tracking-protection/track/issues/184 16:59:34 q? 16:59:41 does anyone want to take an action? 16:59:43 We need to hear from Walter. q 16:59:48 unmute me 16:59:55 zakim, unmute me 16:59:55 jchester2 should no longer be muted 17:00:03 q? 17:00:09 ....is this issue live? i think people are looking at it right now. I am not seeing anyone asking to take an action item or go live, so i suggest moving it to pending review and putting it on list with note that we did not get any live proposals 17:00:14 Ed, it depends on the details of the record set in question. If I send you a list of anonymized IDs and cleansed URLs with a noisy date/time stamp. Do you feel you can reverse engineer that to real people? Would love to understand how you think that is possible. 17:00:15 +dwainberg 17:00:22 -vincent 17:00:30 dwainber_ has joined #dnt 17:00:34 q? 17:00:36 zakim, mute me 17:00:36 jchester2 should now be muted 17:00:41 jeffchester: i think we need to check with Walter first, it was his proposal 17:00:42 Shane: (1) any first party with an apache access.log will know URLs (+date + time) for users; (2) any person who shares a computer with somebody else can extract URLs (+date + time) for other users; (3) any FBI agent who seizes a computer or an access.log file can do the same; (4) any person sitting in a cafe using unsecured wifi and a packet sniffer can get URLs. Given the low entropy of date/time, all of these people can probably match even against scrubbe[CUT] 17:00:44 we gave an alert when we announced issue reviews on the call last week, and an email with issue resolutions a week ago 17:00:49 As a general procedural point, the process of moving things forward shouldn't require sustained objections 17:00:55 peterswire: fine. will do that before moving to pending review 17:00:58 that puts undue burden on participants with fewer resources 17:01:17 q? 17:01:18 URL histories also tend to have high entropy, even if scrubbed. 17:01:20 action: peter to review issue-184 with Walter and Rob before merging/pending review 17:01:20 'peter' is an ambiguous username. Please try a different identifier, such as family name or username (e.g., pkosmala, peterswire). 17:01:29 peterswire: issue 16, collection: has to do with transient retention, has to do with a permitted use for short term collection 17:01:30 action: swire to review issue-184 with Walter and Rob before merging/pending review 17:01:30 Created ACTION-410 - Review issue-184 with Walter and Rob before merging/pending review [on Peter Swire - due 2013-05-29]. 17:01:32 npdoty, can you post the link to issue 16 please, being discussed now? 17:01:42 trackbot, associate acton-410 with issue-184 17:01:42 Sorry, tlr, I don't understand 'trackbot, associate acton-410 with issue-184'. Please refer to for help. 17:01:44 issue-16? 17:01:44 ISSUE-16 -- What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) -- open 17:01:44 http://www.w3.org/2011/tracking-protection/track/issues/16 17:01:46 ninjamarnau has joined #dnt 17:01:46 q+ 17:01:52 trackbot, link action-410 to issue-184 17:01:52 ACTION-410 (Review issue-184 with Walter and Rob before merging/pending review) associated with ISSUE-184. 17:02:10 q+ 17:02:16 issue-134? 17:02:16 ISSUE-134 -- Would we additionally permit logs that are retained for a short enough period? -- open 17:02:16 http://www.w3.org/2011/tracking-protection/track/issues/134 17:03:11 ack susanisrael 17:03:13 ack Chris_IAB 17:03:43 chris_iab: looks like what we were trying to do is create a use for transient data.....I have heard people say we should not collect data. this is impossible, since we need data to respond to request, but you can limit retention period...... 17:03:44 issue-184? 17:03:44 ISSUE-184 -- 3rd party dependencies in 1st party content -- raised 17:03:44 http://www.w3.org/2011/tracking-protection/track/issues/184 17:03:55 q? 17:03:59 .....however this may go away if we go down de-identification path 17:04:12 q+ 17:04:17 peterswire: so maybe put this into Thomas's data retention discussion 17:04:21 Paul, agreed that external attacks need to occur to gain access to non-de-identified data that may be used to help reverse engineer a separate entities de-identified data. The approach is not without risk. Do you have an example of where this is occured with a dataset that was not shared publically? How real is this risk in the broader spectrum? We're debating absolute positions - when I fully 17:04:21 concede this approach comes with some risk and needs to be bolstered by operational and administrative controls. Happy to state DNT:1 de-identified records are not allowed to be shared publically. 17:04:25 ack dan_auerbach 17:04:28 Ed, disagree - depends on the cleansing approach taken. 17:04:36 dan auerbach: but not moving to pending review, right? 17:04:38 Chapell has joined #DNT 17:04:41 -[FTC] 17:04:52 peterswire: correct, part of ongoing discussions on data retention 17:05:14 peter: leave issue 16 open while discussions continue regarding data retention (which might address the "transient" part, which seemed the remaining open part of definitions) 17:05:20 I agree with Jonathan 17:05:41 Shane: Thanks for the concession. I didn't mean to be taking a vote in the "technical" versus "administrative" deidentification debate. I was just responding to your strong claims of confidence about surviving public release. If you're retracting that, I'm backing off too. 17:05:43 +q 17:05:44 can someone please post what JM wrote? 17:05:51 post here, I mean 17:05:51 WileyS, the linkability aspect can not be overlooked, it is not just about external risk for reverse engineering a hash 17:05:59 peterswire: issue 10: has to do with issue of first party definition. jonathan says there was supposed to be a trade that never happened. what do people remember? 17:06:07 jmayer's email: http://lists.w3.org/Archives/Public/public-tracking/2013May/0092.html 17:06:16 +q 17:06:17 npdoty, thanks :) 17:06:23 zakim, unmute me 17:06:23 jchester2 should no longer be muted 17:06:30 ack WileyS 17:06:54 wileys: jonathan's memory accurate. talked about strict defs of first party originally then moved to similar url, then to daa def of affiliated websites...and this was part of proposal concession process...... 17:07:34 .....the advocate proposal conceded this as part of a trade but they reserved right to pull back if they didn't get other concessions across the board..... 17:07:50 if we want to avoid closing the issue until we have that agreement, that sounds fine (and compatible with the proposed pending review status) 17:08:00 q? 17:08:07 jeffchester: think wileys described this accurately. I think this was wrapping up when this was happening..... 17:08:14 I know the history: Shane is right on point 17:08:22 ack jchester 17:08:38 Rob, disagree - we've already reached the EU Legal bar of "likely reasonable" for non-re-identification. 17:08:40 Shane, here is some data on entropy of URL histories: http://petsymposium.org/2012/papers/hotpets12-4-johnny.pdf 17:08:40 q+ 17:08:44 And I should point out that I disagree with both sides regarding what should be defined as party, first party, and third party, since the way they are defined has nothing to do with reality of user expectations regarding intentional use of websites. 17:08:45 +q 17:08:47 zakim, mute me 17:08:47 jchester2 should now be muted 17:08:50 ....were willing to discuss responsibility of first parties in context of broader dnt standard and i have not conceded that first parties are exempt from dnt...... 17:09:16 q+ 17:09:22 I move we keep it open for now, so the advocates can discuss how to address 17:09:25 ack npdoty 17:09:26 +q 17:09:26 ack WileyS 17:09:44 npdoty: i think i understand shane's and jeff's views but suggest moving to pending review, which is intended for situation where we have text but have not reached consensus..... 17:09:55 zakim, unmute me 17:09:55 jchester2 should no longer be muted 17:10:31 ack dan_auerbach 17:10:33 q+ 17:10:33 wileys: i think we did agree that first and third parties would be treated differently because people understand they are interacting with a first party. scope of definition then became the issue 17:10:50 Zakim, who is making noise? 17:10:53 Ed, thank you for the link - I'll definitely read this. 17:11:00 npdoty, listening for 10 seconds I heard sound from the following: dwainberg (12%), jchester2 (30%) 17:11:23 dan auerbach: my understanding of pending review was like the new "closed" so i feel strongly that if there is an objection it should not get steamrolled...so I am hesitant to move these things to pending review...... 17:11:26 q+ 17:11:47 q- 17:11:54 q- dwain 17:11:55 ....ok if there will be an opportunity to object to things in pending review 17:12:04 kulick has left #dnt 17:12:09 kulick has joined #dnt 17:12:23 q? 17:12:26 dan wants to make it clear that issues can be objected to before we move to closed, without any prejudice 17:12:32 peterswire: one reason we are not using closed is that i realized how hard it is to get to agreement on these issues 17:12:32 (which I'm fine with) 17:13:07 jeffchester: shouldn't move things to pending review before we (advocates?) move things to pending review..... 17:13:21 ....i will convene call with colleagues..... 17:13:42 zakim, mute me 17:13:42 jchester2 should now be muted 17:14:26 chris pedigo: want to echo what shane said. Group really has agreed that first parties should be treated differently from third parties......re: affiliates I understand Jeff's perspective that this may be open 17:14:54 q? 17:15:05 -q 17:15:10 ......but this has been unchanged for a long time, and we need to move things to the parking lot now 17:15:15 ack ChrisPedigoOPA 17:15:47 at least we will have another lawyer in the room by next week! 17:15:47 peterswire: i have heard request from jeff to wait a week. Hearing stability but one week delay requested, I'm willing to wait a week..... 17:15:52 action: chester to review action-10 on first party text before moving to pending review 17:15:52 Created ACTION-411 - Review action-10 on first party text before moving to pending review [on Jeffrey Chester - due 2013-05-29]. 17:16:23 peterswire: that completes list of issues jonathan sent in about issue mergers etc. In agenda there are proposed closed and narrowed issues at bottom. ..... 17:16:39 I would ask that we not only discuss this on the calls, or we can extend out a week continuously 17:17:01 -Peder_Magee 17:17:08 q? 17:17:22 first is issue 60, will a recipient know if 1st or 3d party, 102, short names and specs, 157 charter. I propose to send these to list with request for objections to closing..... 17:17:22 any objection to closing the very few issues to close? 17:17:46 issue 60, 157, 102 17:17:56 there is also a proposed narrowed issue on minimization. If this was in Jonathan's email i did not skip it in person....... 17:17:58 peter will send one final email about closing those issues 17:18:44 one issue addressed in sunnyvale was (in addition to disclosure of retention periods per tlr group) also should there be firm retention limits...... 17:18:53 issue-31? 17:18:53 ISSUE-31 -- Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions) -- open 17:18:53 http://www.w3.org/2011/tracking-protection/track/issues/31 17:19:23 q? 17:19:32 q+ 17:19:34 how many of the proposed issue closing mails have been sent to public-tracking-announce? 17:19:40 the language in janathan's email did not, I think, neutrally capture this, but I think the general minimization principle could go into pending review and i am inclined to open new issue on whether there should be firm retention limits. 17:20:26 dan auerbach: in jonathan's email he said "how stringent is global standard" so please wait a week for me to review.... 17:20:33 dan or others, is there anything we can do to provide additional confidence that pending review is not closed? 17:20:39 ack dan_auerbach 17:20:51 Their should be firm requirement for transparency on data retention per permitted use 17:21:03 peterswire: we are attempting to clarify where things are rather than surprising people, but we'll wait a week on issue 31 and create a new retention issue as discussed in f2f....... 17:21:07 q? 17:21:10 + to Rob - we've already agreed to that 17:21:11 Nick, I think more clarity around the process of how to get to last call given areas of disagreement would go a long way 17:21:13 -samsilberman 17:21:14 wait a week before moving on issue-31, and create new issue regarding minimization or heightened transparency regarding going beyond certain retention limits 17:21:17 If we are going to continue with this level of pushback, then I will ask the chairs to abandon this notion of STABLE and just formally close all issues according to normal W3C process. We do not need consensus to close. 17:21:46 -mecallahan 17:21:47 dan_auerbach, I will do anything I can to do that 17:21:48 -Chris_Pedigo 17:21:49 -peterswire 17:21:50 -ninjamarnau 17:21:50 -RichardWeaver 17:21:51 -kulick 17:21:51 -Wendy 17:21:52 -moneill2 17:21:54 -dwainberg 17:21:54 -paulohm 17:21:55 -hefferjr 17:21:55 -Yianni 17:21:56 -efelten 17:21:57 -schunter 17:21:58 -hwest 17:21:58 -WaltMichel_Comcast 17:22:00 kulick has left #dnt 17:22:00 -jchester2 17:22:00 -dan_auerbach 17:22:01 -Craig_Spiezle 17:22:01 -Mike_Zaneis 17:22:03 -adrianba 17:22:04 ....there were no other comments on issue clarification. any other comments? [none] Goal was to get clarity and narrow the list of things that should get our attention...... 17:22:04 -Fielding 17:22:06 On the AVG user-expression override example... AVG also overrides the document.referral from google.com/?q=keyword to avg.com/?q=keyword when a user comes from organic search (in addition to inserting DNT=1) meaning that two changes are exposed in the DOM, increasing the chance that a server might use these 2 elements to differentiate tracking behaviour for AVG users vs other DNT=1 users. 17:22:06 ... spending several weeks on moving issues to pending review is not a path to anything, certainly not to Last Call 17:22:15 Invalid click Expert suggestion: Dr Alexander Tuzhilin. http://www.businesswire.com/news/home/20090909005127/en/Search-Advertising-Fraud-Prevention-Expert-Joins-Click 17:22:21 -[Microsoft] 17:22:23 On the user-education piece here is a collection of useful videos: http://www.youtube.com/watch?v=A6fV2v7LLPo&list=PL45AABD8BB96D3785&index=4 17:22:30 -BerinSzoka 17:22:38 -Chris_IAB 17:22:39 Zakim, list attendees 17:22:39 As of this point the attendees have been schunter, efelten, npdoty, Thomas, Yianni, Chris_IAB, RichardWeaver, kulick, Fielding, jchester2, phildpearce, Peder_Magee, 17:22:39 ... +1.415.436.aaaa, +1.781.482.aabb, Chris_Pedigo, +1.212.231.aacc, paulohm, +1.301.365.aadd, Craig_Spiezle, +49.431.98.aaee, ninjamarnau, vinay, peterswire, samsilberman, 17:22:42 ... sidstamm, hefferjr, vincent, WileyS, +1.202.787.aaff, BerinSzoka, +1.202.344.aagg, [Microsoft], Lmastria_DAA, Wendy, adrianba, mecallahan, [FTC], WaltMichel_Comcast, 17:22:42 ... jeffwilson, dwainberg, Mike_Zaneis, hwest, dan_auerbach, moneill2, +1.202.787.aahh 17:22:45 -npdoty 17:22:49 rrsagent, please draft the minutes 17:22:49 I have made the request to generate http://www.w3.org/2013/05/22-dnt-minutes.html npdoty 17:25:30 -phildpearce 17:27:30 dan_auerbach, can I give you an action to do the reviews you wanted one more week to do on issue-31 / minimization? 17:27:40 Zakim, bye 17:27:40 leaving. As of this point the attendees were schunter, efelten, npdoty, Thomas, Yianni, Chris_IAB, RichardWeaver, kulick, Fielding, jchester2, phildpearce, Peder_Magee, 17:27:40 Zakim has left #dnt 17:27:42 rrsagent, bye 17:27:42 I see 8 open action items saved in http://www.w3.org/2013/05/22-dnt-actions.rdf : 17:27:42 ACTION: van eijk to propose a new set of names around red-yellow-green de-identification [1] 17:27:42 recorded in http://www.w3.org/2013/05/22-dnt-irc#T16-36-57 17:27:42 ACTION: rvaneijk to porpose a new set of names around yellow state [2] 17:27:42 recorded in http://www.w3.org/2013/05/22-dnt-irc#T16-37-31 17:27:42 ACTION: Mejia (with Alan Chapell) to draft text regarding browser education as discussed in Sunnyvale (Item 6 in Draft Framework, also in consensus action summary) [3] 17:27:42 recorded in http://www.w3.org/2013/05/22-dnt-irc#T16-40-43 17:27:42 ACTION: wainberg to review security/fraud text (with chris mejia and dan auerbach) [4] 17:27:42 recorded in http://www.w3.org/2013/05/22-dnt-irc#T16-52-12 17:27:42 ACTION: doty to circulate (with yianni, tlr, peter) regarding "graduated response" and old actions [5] 17:27:42 recorded in http://www.w3.org/2013/05/22-dnt-irc#T16-55-21 17:27:42 ACTION: peter to review issue-184 with Walter and Rob before merging/pending review [6] 17:27:42 recorded in http://www.w3.org/2013/05/22-dnt-irc#T17-01-20 17:27:42 ACTION: swire to review issue-184 with Walter and Rob before merging/pending review [7] 17:27:42 recorded in http://www.w3.org/2013/05/22-dnt-irc#T17-01-30 17:27:42 ACTION: chester to review action-10 on first party text before moving to pending review [8] 17:27:42 recorded in http://www.w3.org/2013/05/22-dnt-irc#T17-15-52 17:27:43 ... +1.415.436.aaaa, +1.781.482.aabb, Chris_Pedigo, +1.212.231.aacc, paulohm, +1.301.365.aadd, Craig_Spiezle, +49.431.98.aaee, ninjamarnau, vinay, peterswire, samsilberman, 17:27:43 ... sidstamm, hefferjr, vincent, WileyS, +1.202.787.aaff, BerinSzoka, +1.202.344.aagg, [Microsoft], Lmastria_DAA, Wendy, adrianba, mecallahan, [FTC], WaltMichel_Comcast, 17:27:43 ... jeffwilson, dwainberg, Mike_Zaneis, hwest, dan_auerbach, moneill2, +1.202.787.aahh