16:58:58 RRSAgent has joined #dnt 16:58:58 logging to http://www.w3.org/2013/12/18-dnt-irc 16:59:00 RRSAgent, make logs world 16:59:00 Zakim has joined #dnt 16:59:02 Zakim, this will be TRACK 16:59:02 ok, trackbot, I see T&S_Track(dnt)12:00PM already started 16:59:03 Meeting: Tracking Protection Working Group Teleconference 16:59:03 Date: 18 December 2013 16:59:07 +hober 16:59:10 Zakim, who is on the phone? 16:59:10 On the phone I see Carl_Cargill, ??P50, hober 16:59:17 eberkower has joined #dnt 16:59:20 +Jack_Hobaugh 16:59:22 Zakim, ??P50 is schunter 16:59:23 +schunter; got it 16:59:48 +Peder_Magee 16:59:50 +eberkower 17:00:01 adrianba has joined #dnt 17:00:01 Zakim, mute me please 17:00:02 eberkower should now be muted 17:00:08 <_538> _538 has joined #dnt 17:00:13 robsherman has joined #dnt 17:00:13 susanisrael has joined #dnt 17:00:23 zakim, code? 17:00:23 the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), ninja 17:00:26 carlcargill has joined #dnt 17:00:32 +SusanIsrael 17:00:38 +npdoty 17:00:39 vinay has joined #dnt 17:00:39 +Joanne 17:00:44 +[CDT] 17:00:46 +RobSherman 17:00:49 zakim, cdt has me 17:00:49 +justin; got it 17:00:50 +dwainberg 17:00:54 +[IPcaller] 17:00:59 +Andrew_Kirkpatrick 17:01:03 zakim, ipcaller is me 17:01:03 +walter; got it 17:01:12 dwainberg has joined #dnt 17:01:15 fielding has joined #dnt 17:01:35 +ninja 17:01:37 +Fielding 17:01:48 zakim, mute me 17:01:48 ninja should now be muted 17:01:50 + +1.813.907.aaaa 17:01:52 regrets+ johnsimpson 17:02:12 +Bryan_Sullivan 17:02:29 kj has joined #dnt 17:02:43 +[Apple] 17:02:50 zakim, [Apple] has dsinger 17:02:50 +dsinger; got it 17:02:52 Zakim, aaaa is hefferjr 17:02:52 +hefferjr; got it 17:03:04 zakim, who is on the phone? 17:03:05 On the phone I see Carl_Cargill, schunter, hober, Jack_Hobaugh, Peder_Magee, eberkower (muted), SusanIsrael, npdoty, Joanne, [CDT], RobSherman, dwainberg, walter, 17:03:05 ... Andrew_Kirkpatrick, ninja (muted), Fielding, hefferjr, Bryan_Sullivan, [Apple] 17:03:05 [CDT] has justin 17:03:05 [Apple] has dsinger 17:03:08 -Bryan_Sullivan 17:03:25 +ChrisPedigoOPA 17:03:26 volunteers to scribe? 17:03:30 moneill2 has joined #dnt 17:03:31 cOlsen has joined #dnt 17:03:36 ChrisPedigoOPA has joined #dnt 17:03:53 +Bryan_Sullivan 17:03:54 +moneill 17:03:59 susanisrael can scribe to start, who wants to take the second half? 17:04:08 i take over 17:04:13 scribenick: susanisrael 17:04:13 +[FTC] 17:04:15 laurengelman has joined #dnt 17:04:17 thanks, ninja 17:04:27 +??P79 17:04:31 yes :) 17:05:03 Zakim, ??P79 is laurengelman 17:05:03 +laurengelman; got it 17:05:30 npdoty has changed the topic to: agenda December 18: http://lists.w3.org/Archives/Public/public-tracking/2013Dec/0090.html 17:05:38 agenda http://lists.w3.org/Archives/Public/public-tracking/2013Dec/0090.html 17:06:03 +Chapell 17:06:04 bryan has joined #dnt 17:06:19 link to CfO https://www.w3.org/2002/09/wbs/49311/tpwg-collect-204/results 17:06:27 Chapell has joined #DNT 17:06:31 +kulick 17:06:37 rvaneijk has joined #dnt 17:06:42 justin:had cfo on collecting retaining use share and they were not strong objections, but there were stronger objections to A, so we went with B (when such narrow differences in future chairs would appreciate avoiding cfo) 17:06:47 +[Microsoft] 17:06:53 zakim, [Microsoft] is me 17:06:53 +adrianba; got it 17:07:02 ....when people object to how term is used please object to that not definition 17:07:24 +rvaneijk 17:07:26 FPFJoeN has joined #dnt 17:07:49 i don't disagree, justin 17:07:55 I proposed the same. 17:07:56 ...note inadvertent error, that share requires you first collect. Not intended. Roy proposed friendly amendment, delete "has collected." 17:08:05 Brooks has joined #dnt 17:08:16 +Brooks 17:08:19 q+ 17:08:24 ...vinay says he does not disagree--was unintentional. to be transparent will send revised definition to group and hope there are no concerns..... 17:08:36 ....will send around in christmas/festivus spirit.... 17:08:38 ack dsinger 17:09:06 +Wendy 17:09:08 q- 17:09:19 dsinger: not a minor problem. def says you share only if you collected. you could pass data around during transaction and that would not be sharing. 17:10:02 justin: did not mean to understate importance, just meant it was unintentional. Will send explanation around on collection. 17:10:28 WileyS has joined #dnt 17:10:30 vincent has joined #dnt 17:10:32 reminder on deadline for network interaction Call for Objections: https://www.w3.org/2002/09/wbs/49311/tpwg-interact-217/ 17:10:38 ....one other reminder, cfo on network transaction closes tonight. Now move on to discussion of issues # ___ and 151 17:10:45 +WileyS 17:10:47 zakim, who is making noise? 17:10:52 zakim, who is making noise? 17:10:58 dsinger, listening for 10 seconds I heard sound from the following: SusanIsrael (18%), schunter (97%) 17:11:06 Topic: issues 151 and 153 17:11:09 wseltzer, listening for 10 seconds I heard sound from the following: kulick (43%), schunter (59%) 17:11:20 Matthias: basically discussion on that one was that user agents/add ons, etc can modify preferences if they follow requirements. 17:11:23 +vincent 17:11:42 on a high level, brad proposed only user agents can do so.... 17:11:58 ....these 2 alternatives, and don't see easy way to reconcile them.... 17:12:11 +q 17:12:15 dsinger: why do we need to prohibit plug-ins and add-ons? 17:12:30 ack WileyS 17:12:39 the setter can change the UA string also 17:12:39 issue-143 17:12:39 issue-143 -- Activating a Tracking Preference must require explicit, informed consent from a user -- closed 17:12:39 http://www.w3.org/2011/tracking-protection/track/issues/143 17:12:51 q+ 17:12:54 wileys: primary issue is validation. today user agent string that says who user is and who set. Helps increase confidence in industry to implement standard 17:13:20 ....as we allow other elements to inject signal we can't validate if they did the right thing... 17:13:20 q+ 17:13:27 if they change one header thay can another 17:13:52 goal is to increase confidence in industry to get strong adoption, and then ease scope from there, along with validation structure. 17:14:17 +FPFJoeN 17:14:27 202.587 is me 17:14:34 ...discussed this around issue 143, and felt that would be too heavy (validation string) at outset, so narrowed scope to validatable source... 17:14:35 zakim, mute me 17:14:35 FPFJoeN should now be muted 17:14:37 q? 17:14:46 sidstamm has joined #dnt 17:14:47 dsinger: sort of makes sense, discuss later, raises issues 17:14:59 wileys: goal is adoption 17:15:00 I don't think forbidding plugins will help with validating signals only coming from browsers 17:15:02 hi all, apologies I am unable to dial in today, but will watch IRC 17:15:05 UA headers cannot be validated today, how cabn they be used to validate the source of a DNT signal? 17:15:10 the asumption is that servers can discrimate compliance on inspecting the UA string 17:15:21 wileys: trying to get bulk of users/uses in v1 then expand 17:15:44 dsinger: could say if browser permits plug-ins and extensions it is responsible for result 17:15:50 wileys: fair 17:16:08 +q 17:16:38 Doesn't anyone else support kulick's proposal to prohibit add-ons and software from sending DNT:1 headers? On the recent calls, I don't think we've heard support for this proposal beyond kulick and WileyS. Anyone else? 17:16:45 reduction of user choice is not the goal of the TPWG - removing user-requested functions outside the browser is a reduction in choice for users 17:16:46 wileys: it's ok if user agent makes sure plug in has done right things and takes responsibility? 17:16:49 I've provided updated text from Brad on the wiki: http://www.w3.org/wiki/Privacy/TPWG/Proposals_on_limitations_for_add-ons 17:16:58 Justin: i support kullick's proposal 17:17:11 wileys: text is purposely narrow 17:17:31 s/justin/susanisrael 17:17:57 q? 17:17:58 dsinger: agree that we're trying to find trustworthy signal, let's see if we can iterate on text 17:18:03 (I think susanisrael is saying she supports kulick's proposal, not me.) 17:18:12 This was scheduled to go to Call for Objection today. 17:18:14 * justin sorry, and yes, i support kulick's proposal 17:18:40 wileys: dsinger, you drive, we are fine with text and will review any changes you propose 17:18:48 it sounds like there was a potential iteration on plug-ins if user agents accept responsibility 17:18:57 q? 17:19:01 ack wal 17:19:03 David Singer will propose a new update, with review from Brad/Shane 17:19:12 thank you for the exchange 17:19:35 hwest has joined #dnt 17:19:39 walter: short of hearing there is no way to validate i have heard nothing that makes any sense on this subject, and there is no way to validate signal 17:19:57 ...i can't see how this language would enhance conficdence of industry 17:20:16 walter: we should stop wasting time on issues that are outside control of user agent 17:20:29 q? 17:20:34 ack br 17:20:46 I couldn't hear very well - the last speaker was very mumbled 17:20:51 GSHans has joined #dnt 17:21:00 WileyS: sorry, Skype... 17:21:01 q+ 17:21:24 WileyS: long story short, stop bickering about validating the signal because you fundamentally cannot do so based on UA headers. 17:21:30 bryan: i dropped a couple notes on irc. user header is not validatable today. Any restriction on user choice is not in interest of tpwg or consistent with goal of tpwg. There are 2 options i submitted 12 december 17:21:38 Strongly disagree with Bryan - as to the purpose for our being here and to what the fair and balanced approach to validation may appropriately be 17:21:40 you probably cannot validate the signal anyway 17:21:55 sorry, Bryan, I must have missed the specific text alternatives; if you can help me find them on the mailing list, that would be great 17:21:55 +WaltMichel 17:21:59 ...either spec remains as is or remains silent on anything outside browser. These are 2 choices that are valid in my opinion 17:22:09 q? 17:22:15 matthias: so now we have 2 texts that don't satisfy your requirement? 17:22:17 bryan, it sounds like the current text does satisfy your concern though? 17:22:40 WaltMichel has joined #DNT 17:22:42 q+ 17:22:42 q? 17:22:47 ack mo 17:22:52 bryan: i can submit language that says text reads on nothing but browsers, this set. This whole argument is based on house of fallacy cards 17:23:22 q? 17:23:28 ack d 17:23:31 moneill: if you can change one header can change another header. not true that user could look at user agent string as basis for deciding what to do 17:23:54 David - we will strongly object to that position 17:24:09 what about leaving normative language on ignoring signals to the compliance spec? 17:24:10 Well, we do have the disregard signal . . . 17:24:11 dsinger: heard a lot about balance here. should say that party MUST NOT ignore dnt signal based on suspicion about whether user set signal 17:24:14 Agree with Shane. David -- that's also a compliance issue and shouldn't be addressed in the TPE 17:24:20 That means everyone would have to recognize IE10 even though we KNOW they are turning it on by default 17:24:25 ...takes protocol away from interests of users 17:24:28 dsinger, this may be related to issue 197 - the disregard signal 17:24:32 reference to the proposal (I will add specific text for #2) is at http://lists.w3.org/Archives/Public/public-tracking/2013Dec/0074.html 17:24:36 dsinger: if hard to set then should make it hard to ignore 17:24:42 s/that says text/that says @@@. This text/ 17:24:45 q+ 17:24:52 zakim, close the queue 17:24:52 ok, justin, the speaker queue is closed 17:24:52 q+ 17:24:56 +LeeTien 17:24:57 q+ dwainberg 17:25:04 zakim, open the queue 17:25:04 ok, justin, the speaker queue is open 17:25:06 It isn't. It is an install-time option, as I understand 17:25:09 q+ dwainberg 17:25:13 zakim, close the queue 17:25:13 ok, justin, the speaker queue is closed 17:25:14 IE doesn't have a default - we prompt users during install or during first run on Win7 17:25:28 note also that IE sends different UA strings to different sites for compat reasons 17:25:35 vinay, does compliance for UAs need to be in the TPE, but compliance for servers be in Compliance? 17:25:36 wileys: i disagree. so IE10 forcibly activates signal as default. so then saying i still have to honor it? that's false. No one will adopt if forced to honor signal set by fault 17:25:53 dsinger: not true at all. YOu are ignoring validly set signals 17:25:55 WileyS, Shane you have to check for IE11 now and you cant do that (in fact) by checking the UA string 17:26:00 dsinger: not non compliant 17:26:13 q? 17:26:18 wileys: it is noncompliant. we have to respond. 17:26:32 dsinger: i care about honest transaction 17:26:53 Let's move this discussion to ISSUE-197 later on the call. 17:26:56 wileys: if you say i believe this transaction not compliant, and here are alternatives, that is honest 17:27:05 +q 17:27:13 (We're rehashing old ground here.) 17:27:16 nonsense 17:27:19 q+ 17:27:23 matthias: david why do you think shane is wrong 17:27:31 q? 17:27:34 dsinger: shane you are completely wrong on this 17:27:35 Let's stick to 153 please. 17:27:57 * +1 to deep breaths 17:28:20 ack hobe 17:28:28 matthias: exhcnage arguments 17:28:39 on call for objections 17:29:09 q+ 17:29:20 adrianba, defaulting to a set option during install is not the same as a user preference affirmatively selected at first use. Presenting IE's implementation as conforming to the protocol is completely absurd. 17:29:29 ...[who is speaking?] problematic. historically w3c has not listed broswers of day 17:29:29 (Yeah, we can't do that.) 17:29:34 +1, we should not (and I believe, do not) rely on lists of user agents 17:30:05 q? 17:30:07 ack walt 17:30:07 ack walter 17:30:07 bryan: i was not suggesting you list browsers. was saying if you limited browsers to those following rules only then would be logical 17:30:42 walter: think we are arguing about a compliance issue not a tpe issue. This should be left to the compliance spec 17:30:59 fielding, protocols don't define UI 17:31:12 nor, for that matter, is the pre-selected option a choice for privacy, since that option also pre-selects allowing Microsoft to collect data on that same user 17:31:12 ...so issue 153--even though I agree with dsinger that IE10 should be deemed valid--don't think we should get in to this now 17:31:25 IE11 presents a checkbox during first run on Win7 if you haven't previously modified the setting in IE10 17:31:26 to fielding: an install-time choice, and asking the user, or even suggesting a setting, do not constitute a 'default' 17:31:39 +David_MacMillan 17:31:50 I quite agree this is a compliance question 17:31:51 matthias: so if you want to get this in to cfo please propose text 17:32:21 q? 17:32:22 The TPE merely has to say what the signal is and how it is formed 17:32:24 ack dw 17:32:25 matthias: so you have user sending signals, and other side responding, i think it is a valid point that this could go in compliance text 17:32:27 NEW TEXT BY TOMORROW 17:32:50 dwainberg: i want to address this false issue of balance, as if there is any balance between sides of signal 17:33:12 +Thomas_Bause_Mason 17:33:15 ....the costs, incentives, and consequences are very different on the 2 sides of the transactions 17:33:17 adrianba, application level protocols communicate semantics, and when you deliberately lie about those semantics you are not conforming to the protocol. That is HTTP/1.1. 17:33:32 Justin, are you driving for text by tomorrow because we're moving to the CfO next week or will this be pushed out a few weeks due to x-mas and new years? 17:33:46 matt has joined #dnt 17:33:46 the contraint is already that it has to reflect the choice of the user 17:34:02 dsinger, an install-time choice made by someone other than the user is not, by definition, the user's choice. 17:34:03 ...this notion of balance and tit for tat on what's said on client side and server side is ridiculous and we should dispense with it and focus on the outcome we want in marketplace 17:34:09 -kulick 17:34:32 WileyS, well technically you were supposed to have next text in by last week! I would like to move to Call for Objection tomorrow night, and the response timing would take account of Christmas and New Years. 17:34:33 +kulick 17:34:34 +Amy_Colando 17:34:39 zakim, open the queue 17:34:39 ok, justin, the speaker queue is open 17:34:45 matthias: no agreement, so by tomorrow night ....walter suggested move to compliance...i want all this text by tomorrow night. 17:34:54 fielding: it's a choice presented TO THE USER. "Do you want fries with that?" is not McDonalds forcing fries on the population 17:34:54 matthias: next issue is 151. 17:35:00 issue-151? 17:35:00 issue-151 -- User Agent Requirement: Be able to handle an exception request -- open 17:35:00 http://www.w3.org/2011/tracking-protection/track/issues/151 17:35:02 http://www.w3.org/wiki/Privacy/TPWG/Proposals_on_UA_requirement_to_handle_exceptions 17:35:14 dsinger, you have obviously never installed IE10 or IE11 17:35:30 dsinger: more like, we've added fries with that, please let us know if you like to have those removed. 17:35:35 Justin: i can do that. John simpson is one of the people who wanted this to be optional and he is not on call so we may not get to agreement.... 17:36:07 Sure - more than happy to merge 17:36:13 +MattHayes 17:36:18 ....there are 2 proposals in wiki that are quite similar (Jack's and Shane's) so could we merge these? "If you send dnt 1 must be able to process uges. " 17:36:41 JackHobaugh, are you comfortable with Shane's text? I can more easily understand that text 17:36:43 ....so there is indication of willingness to merge... jack are you ok with other text? 17:36:48 Of course mine is better! LOL - just kidding. I need to read them again to see how best to merge but I think they are both saying the same thing. 17:36:55 can someone remind what technical reason (this is the TPE) there is to link exceptions and the DNT header? 17:37:11 jackhobaugh: i think shane was trying to broaden my language 17:37:28 again, this is a compliance issue, not a TPE issue 17:37:39 wileys: i have to read them, don't remember, but jack if yours just broadens ours, more than happy 17:37:50 justin: will ping you off line to pick one 17:38:03 q? 17:38:06 q+ 17:38:11 Neither option are adequate for me on this, I will add another option to the wiki 17:38:15 justin: now is a good time for questions 17:38:32 David, its about a fully forced transaction 17:38:49 dsinger: what tech reason to link exceptions and dnt? understand that industry looking for paper thin excuses to ignore 17:38:51 This may also be a compliance issue... 17:38:58 s/fully forced/fully formed/ 17:39:10 wileys: really looking for fully formed transactions, so this is conversation not command 17:39:37 ...this is why we supported response....want full conversations. If you can say no you should be able to say yes 17:39:43 this sounds like compliance to me. there is not technical link here 17:39:49 s/not/no/ 17:39:57 ...trying to bring balance to gain adoption 17:40:00 q+ 17:40:05 ack ds 17:40:27 q- 17:40:34 q+ to note that user agents that do not support or have javascript activated need an option to support DNT and a javascript-only UGE process would exclude them. 17:40:43 dsinger: you did say in cambridge you did not want to honor....(? not sure if this is what david said) 17:40:55 wileys: not true. But will register exception where granted. 17:41:12 wileys: we did not refuse to store exceptions in user agent 17:41:23 q? 17:41:36 in Cambridge we heard (a) we don't expect to use the exceptions API and (b) we intend to use the absence of it as (another) reason to ignore DNT headers. I am now hearing that (a) is no longer true. 17:41:38 ...instant on signal says no to everything. UGE is attempt to restore some equity 17:41:41 susanisrael, I can take over starting from the next issue on the agenda 17:42:08 again, that is not a technical reason 17:42:35 wileys: I agree it is compliance-esc, but saying if you are implementing method A, must do method B 17:42:40 dsinger: not technical 17:42:41 I think it's the compliance of the user agent, right? 17:43:06 ok 17:43:06 npdoty: compliance to the technical spec or to the compliance spec? 17:43:07 matthias: david makes a valid point, that this may not be part of TPE. 17:43:22 ack npdoty 17:43:27 another option that should be considered, if we can't reach consensus on this issue, is to move the UGE to a separate spec on a different timeline (where e.g. we could consider other approaches including declarative), and support only out-of-band exceptions in the first release 17:43:30 kulick has joined #dnt 17:43:33 ... and one option may be moving it to compliance 17:43:43 q? 17:43:43 justin: question for shane: came up in cambridge : why out of band consent to be retained? 17:43:54 wileys: for parity 17:44:37 Understood - non-JS supportive environments would not be able to support this 17:44:47 npdoty: i share concern about implementation, widespread adoption. My question is a clarification. Browsers with java off are minority, around 2 percent. for text by shane and jack do we interpret that as ... 17:45:01 ...if user turns of java script do we say you have turned off dnt? 17:45:05 s/java off/javascript off/ 17:45:30 would certainly trust Shane's numbers as more up-to-date than mine 17:45:40 absolutely, it's not the common case, because JavaScript has been useful 17:46:05 WileyS: I disagree that DNT is comparable to willingly sacrifice some usability 17:46:11 wileys: if user de-activates javascript i think we could live with that; they are not getting other features. OK with that; we don't have to say DNT is off because they can't store UGE, or we could move to UGE in cookies 17:46:23 justin: i am confused. How would you know what's going on. 17:46:34 justin: why? 17:46:53 dsinger_ has joined #dnt 17:46:58 -LeeTien 17:47:04 wileys: it's validatable. I don't expect major browsers to try to game the system in that way, just turning off js for UGE. 17:47:06 npdoty has joined #dnt 17:47:09 javscript can be turned off only for a few domains (e.g. using noscript) 17:47:12 justin: do you need to revise proposals? 17:47:22 wileys: can use non-normative text 17:47:48 q? 17:47:52 justin: would it be that if you are technically able to support UGE you must, but if you can't you can't is that right? 17:48:16 wileys: that's fair--consistent with Mike's and Walter's conversation on the list re: screen readers, etc. 17:48:21 I interpret that along the silence/editors' draft view; the API is required, but non-JS agents can't implement it 17:48:33 q+ to discuss timing 17:48:43 wileys: ok with UGE not supported where JS generally not supported.... 17:48:51 justin: so "should"? 17:49:09 wileys: no keep it a must but provide escape clause in non-normative 17:49:17 sounds like a should 17:49:30 justin: let's work on this offline 17:50:19 bryan: i dropped a couple notes on irc. I think the case where you don't support this particular approach to UGE is a very important case. those people have to be protected. we don't want to eliminate... 17:50:49 out-of-band exceptions (likely stored in cookies) are already present as an option that doesn't require javascript 17:50:49 ...2 percent of peoplle --a significant number. If we don't have way to support UGE without JS, should make it its own spec. 17:51:06 ....reliance on a specific UA technology is really limiting 17:51:09 spinning off UGE creates serious unbalance in the short term 17:51:14 ack dsinger 17:51:14 dsinger_, you wanted to discuss timing 17:51:19 Candidate Recommendation (CR) 17:51:19 A Candidate Recommendation is a document that W3C believes has been widely reviewed and satisfies the Working Group's technical requirements. W3C publishes a Candidate Recommendation to gather implementation experience. 17:51:23 ack bryan 17:51:23 bryan, you wanted to note that user agents that do not support or have javascript activated need an option to support DNT and a javascript-only UGE process would exclude them. 17:51:24 q- bryan 17:51:28 David - that is not the answer you received - at least not from us 17:51:44 actually, we are only talking about LC 17:51:47 not CR 17:51:57 David - its not valid if it doesn't support UGE 17:52:01 David - I don't recall the discussion you are citing. In fact, I remember you being very upset as the discussion took a different turn while in Cambridge 17:52:01 and no that whole argument is nonsense 17:52:05 dsinger: we have timing issue. I asked in cambridge if industry would behave like gentlemen and honor spec during implementation period/candidate rec. Answer was "NO." Apparently industry will not honor valid signals. 17:52:05 Not worth addressing 17:52:07 we'd be moving to Last Call (which is a wider comment period) before the Call for Implementations 17:52:34 -Joanne 17:52:59 Brooks_ has joined #dnt 17:53:00 justin: i will work with shane and jack to refine their proposal. Bryan if you want to suggest some other specific thing will try to get that done in next few days, but it's important and if it slips it slips...... 17:53:24 justin: would like to have these discussions sooner in the timeline for cfo, though they are good discussions. 17:53:25 Can we discuss holiday timing? Its my understanding we're hitting the pause button for the next 2 weeks - correct? 17:53:26 after a Last Call ends, the document enters CR, guys 17:53:29 scribenick ninja 17:53:35 scribenick: ninja 17:53:43 Thank you Justin! 17:53:53 we're not having calls for the next two Wednesdays, but I'm still expecting us to do work in the meantime on mailing lists 17:54:11 Justin: Holiday timing, christmas is next wednesday, then new years, so next call on Jan. 8 17:54:19 Nick, I'm sure everyone will be on the mailing list on Christmas ;-) 17:54:23 Topic: Contexts 17:54:25 ... Next issue-240 Defining context 17:54:49 q+ on context 17:54:55 ... This is because objections raised against the definition of tracking 17:55:00 WileyS, I recall having replied to public-tracking on christmas eve in past years ;) 17:55:38 ... 3 ways to go: 1. not define at all, 2. tie it to parties, 3. new text 17:56:19 dsinger: first party context vs. third party context is not the way it is meant within the tracking def. 17:56:21 david can you please restate 17:56:22 we may be overloading the term "context" indeed 17:56:26 i am lost too 17:56:26 +q 17:56:27 roy? 17:56:53 justin: context allows more flexibility 17:56:57 I specifically explained the intent in the poll. It clearly does not represent a first/third party distinction, explicitly. 17:56:59 we are overloading 'context'. (a) context is either first-party or third-party (b) each embedding is a different 'context' (there are many) 17:57:32 ... concept allows e.g. parties to change roles from first to third party and maybe similarly context 17:57:48 npdoty has joined #dnt 17:58:31 dsinger: not to confuse third party context with “whenever I collect data in a third party context it is the same context" 17:58:39 I think dsinger is referring to ways that the group have often used "context" in our discussions 17:59:04 q+ 17:59:09 from the explanation in the poll: For example, something along the lines of: For the purpose of this definition, a context is a set of resources that share the same data controller, same privacy policy, and a common branding, such that a user would expect that data collected by one of those resources is available to all other resources within the same context. 17:59:15 fielding: current definition releis on boundaries of user activity 17:59:19 The notes don't enter the spec. The definition says "outside the context in which it occurred". 18:00:00 q- 18:00:03 ... lone way could be that each designated resource has to state what it defines as “its context” 18:00:12 Roy, I am supporting your note that say we need a definition: "The above definition also depends on there being a definition of context" 18:00:17 q- 18:00:19 s/lone/one 18:00:21 -RobSherman 18:00:50 q+ 18:01:06 dsinger: support the need for a definition to get rid of ambiguity of tracking definition 18:01:39 schunter: we want to define semantics of user's preference signal 18:01:51 ... when he sets it the semantics should be clear 18:02:43 fielding: actually the same thing. If a given party has a common owner, privacy policy etc, it is the same context 18:03:00 ... context as a defined set of resources 18:03:36 q- 18:03:51 schunter: As I understand fielding - he suggests an easily discoverable list of resources that belong to same context 18:03:51 Roy's proposed definition: Discoverable set of URLs 18:03:55 a natural way (which the group has past pursued) has been the breadth of a party 18:03:57 So basically, what I am hearing is that the co-chairs ported a definition of tracking into the TPE for which the TPWG does not agree on the meaning of the terms used within the tracking definition itself. For example, the meaning of "context." 18:03:57 seems that a definition of 'context' is pretty central here. 18:04:48 yes indeed 18:04:56 FYI (to Jack): The alterative definition was David's, which was rather broad. Defining this remaining term seemed preferable ;-) 18:05:06 quite how we can 'agree' on a definition of tracking when it depends on defining 'context', which is as yet undefined, is unclear to me 18:05:22 moneill: If we don't understand it, how can the user understand it? We need to define this clearly. Vague definition not helpful for a technical spec 18:06:03 I think it needs to be defined and defined in a way that is discoverable by the user, but it also has to be flexible enough to suit a wide variety of multi-domain single-branded sites. 18:06:14 justin: A number of people on IRC, the phone, in the CfO asked for more clarity on context. 18:06:31 A question I have: Are subsequent interactions "same context"? (If I visit SiteX once a month, can they cross-correlate across transactions?) 18:06:36 q? 18:06:47 ack mo 18:06:52 ... I would like the participants to get out of this cal and start thinking on whether and how they would like to define context. 18:07:06 ... continue this discussion on the mailing list 18:07:16 Roy-Def: "the URLs listed in the same-party field"? 18:07:27 we have past agreed to work on easy discoverability for the breadth of a party, which seems to fit for this sense of "context" 18:07:42 I also think that (ultimately) such self-identification of context would be evaluated by the same folks who would regulate compliance with DNT 18:08:04 As long as we clearly exclude someone being able to claim "all this data was collected in the third-party context"... 18:08:07 carlcargill has joined #dnt 18:08:13 ... For me it makes sense to tie it to the concept of party. But please send your ideas to the list. 18:08:26 Topic: issue-197 18:09:02 schunter: On issue-197. the current text disregard signal only rare and well defined conditions 18:09:22 ... proposal of dwainberg to remove this sentence? 18:09:50 Note that the D tracking status value is meant to be used only in situations that can be adequately described to users as an exception to normal behavior. An origin server that responds with D in ways that are inconsistent with their other published and unexpired claims regarding tracking is likely to be considered misleading. 18:09:52 dwainberg: no. I agree with the intent. But think this last sentence is confusing and unclear. 18:09:55 Note that the D tracking status value is meant to be used only in situations that can be adequately described to users as an exception to normal behavior. An origin server that responds with D in ways that are inconsistent with their other published and unexpired claims regarding tracking is likely to be considered misleading. 18:10:24 I think it's a note explaining it, and is useful in that sense, and doesn't imply any conformance or requirements 18:10:42 ... I agree with the rationale that servers need to provide a rationale for disregarding signals. 18:11:01 ... You cannot judge this basedon frequency of sending D 18:11:10 I think dwainberg just disagrees with the third paragraph (which is fine, just clarifying) 18:11:18 -rvaneijk 18:11:30 q? 18:11:39 q? 18:11:40 does someone who wrote this paragraph want to explain? 18:11:41 schunter: opinions? 18:11:50 Note that the D tracking status value is meant to be used only in situations that can be adequately described to users as an exception to normal behavior. 18:12:02 dsinger: delete the second sentence and just leave the first one. 18:12:05 +rvaneijk 18:12:08 schunter, not same-party (and in fact we don't even need that list). I meant just a link from a first-party resource's TSR to some resource that amounts to a name for that context. All resources that point to the same context resource would then be considered to be in the same context. Resources that are used across multiple contexts (e.g., third party subrequests) would not be allowed to make such a link. 18:12:10 -vincent 18:12:35 Roy: Can you propose text for the ISSUE-240? 18:12:46 fielding, do you have a background on this paragraph or any preference? 18:13:24 dwainberg: that would be better. But how to describe adequate behavior if it is unclear what is normal. Sending D could be normal and adequate behavior. 18:13:43 fielding, What would stop a publisher from including non-affiliated parties in the TSR? To allow for tracking that a user wouldn't necessarily expect? 18:13:47 -[FTC] 18:13:54 it would be normal if all browsers weren't compliant 18:14:25 Zakim, who is making noise? 18:14:32 am I the only one hearing 80's synthesizer music? 18:14:34 dsinger: suggestion - We could not envision a case where a server would have reason to disregard most or all DNT signals 18:14:39 npdoty, listening for 10 seconds I heard sound from the following: WileyS (76%), schunter (15%), dwainberg (33%) 18:14:48 Zakim, who is making noise? 18:14:58 Did someone place the group on hold? 18:15:01 I think we should sick the RIAA on someone? 18:15:01 Wainberg - like the academy awards speech where you went on too long (: 18:15:04 npdoty, listening for 10 seconds I could not identify any sounds 18:15:10 zakim, who is making noise? 18:15:16 dwainberg, is that you? 18:15:24 wseltzer, listening for 13 seconds I heard sound from the following: SusanIsrael (14%), schunter (3%) 18:15:26 zakim, are you making noise? 18:15:26 I don't understand your question, dsinger. 18:15:30 Zakim, mute schunter 18:15:30 schunter should now be muted 18:15:32 Zakim, mute dwainberg 18:15:32 dwainberg should now be muted 18:15:38 Zakim, unmute schunter 18:15:38 schunter should no longer be muted 18:15:38 nope 18:15:39 zakim, mute me 18:15:39 sorry, dsinger, I do not know which phone connection belongs to you 18:15:41 I don't think that's me 18:15:43 Zakim, unmute dwainberg 18:15:43 dwainberg should no longer be muted 18:15:45 Zakim doesn't recognize that music as noise 18:15:47 zakim, mute [apple] 18:15:47 [Apple] should now be muted 18:15:48 Can you mute all? 18:15:48 zakim, mute me 18:15:48 Chapell should now be muted 18:15:53 Zakim, mute all 18:15:53 sorry, npdoty, I do not know which phone connection belongs to all 18:15:58 its the NSA 18:15:59 could someone at least add some vocals to accompany it? 18:16:19 Zakim, who is on the phone? 18:16:19 On the phone I see Carl_Cargill, schunter, hober, Jack_Hobaugh, Peder_Magee, eberkower (muted), SusanIsrael, npdoty, [CDT], dwainberg, walter, Andrew_Kirkpatrick, ninja (muted), 18:16:22 Zakim, who is making noise 18:16:23 ... Fielding, hefferjr, [Apple] (muted), ChrisPedigoOPA, Bryan_Sullivan, moneill, laurengelman, Chapell (muted), adrianba, Brooks, Wendy, WileyS, FPFJoeN (muted), WaltMichel, 18:16:23 ... David_MacMillan, Thomas_Bause_Mason, kulick, Amy_Colando, MattHayes, rvaneijk 18:16:23 [CDT] has justin 18:16:23 [Apple] has dsinger 18:16:23 I don't understand 'who is making noise', schunter 18:16:24 zakim, who is making noise? 18:16:30 Zakim, who is making noise? 18:16:35 dsinger, listening for 10 seconds I heard sound from the following: Jack_Hobaugh (10%) 18:16:43 Zakim, mute me 18:16:43 rvaneijk should now be muted 18:16:44 Zakim, mute Jack_ 18:16:44 Jack_Hobaugh should now be muted 18:16:46 this is a first for me in conf calls 18:16:55 schunter, listening for 14 seconds I heard sound from the following: Jack_Hobaugh (3%) 18:16:56 Well, to the list then? :) 18:17:02 -Amy_Colando 18:17:20 heheh 18:17:20 Maybe it is Zakim. 18:17:22 Can Zakim not figure out where it's coming from??? 18:17:50 zakim, unmute [apple] 18:17:50 [Apple] should no longer be muted 18:17:53 WileyS, no, it couldn't 18:17:57 Zakim, unmute me 18:17:57 schunter was not muted, schunter 18:18:15 schunter: back to 197 18:18:19 Zakim, unmute me 18:18:19 rvaneijk should no longer be muted 18:18:51 schunter: question is, do we find better text to say that we expect the D signal to be the exception and not the rule? 18:18:59 it is clearly non-normative 18:19:49 dsinger: phrasing: if you encounter such situation (server always sending D), please get back to us, because we did not envision it being used that way. 18:19:54 is the suggestion that we should make it non-normative note and clarify? 18:20:05 The text already says that. 18:20:20 -SusanIsrael 18:20:21 It is already non-normative. 18:20:39 action: singer to propose an update on normal/abnormal on D signal 18:20:39 Created ACTION-434 - Propose an update on normal/abnormal on d signal [on David Singer - due 2013-12-25]. 18:20:44 schunter: action on dsinger to propose new text and then group assesses whether it is more acceptable 18:20:49 issue-239? 18:20:49 issue-239 -- Should tracking status representation include an array of links for claiming compliance by reference? -- raised 18:20:49 http://www.w3.org/2011/tracking-protection/track/issues/239 18:21:02 fielding, it's not marked as non-normative or as a Note, maybe it's hard to do that when surrounded by an option box 18:21:03 Normative text in TPE is indicated by RFC2119 terms, not silly paragraph labels. 18:21:24 schunter: on issue 239. several proposals on the mailing list since last week 18:21:39 topic: issue-239 18:21:46 ... what's the status on this. Can we reach consensus without a CfO? 18:21:49 what was the published timing? 18:21:52 Q? 18:21:54 q+ 18:22:09 dsinger: have not studied it yet. deadline? 18:22:27 schunter: currently M1. We are just looking at text proposals. 18:22:36 We're fine with the text "as is". I believe Roy has done a good job defending his thinking and approach to the current text. 18:22:53 schunter: soon after holidays I would like to freeze proposals. 18:23:06 q? 18:23:49 ... underlying question is - should a site be able to specifically link to a certain compliance regime? 18:23:52 ok. we may need to discuss what the requirements on the pointer or regime are, for example. I will think about it 18:24:11 ack np 18:24:52 npdoty: mailing list better for detailed discussion. Sent my proposal there. 18:25:26 ... Would be useful if we had something coming back to the user indicating the compliance. 18:25:42 q+ 18:25:47 ack w 18:26:13 ... /me npdoty, missed second part of your statement. you were blurred. 18:26:40 Nick's objection is at http://lists.w3.org/Archives/Public/public-tracking/2013Dec/0095.html 18:26:48 npdoty: useful to give a common compliance response to the user 18:27:07 ... for the same reason that we don't parameterize the signal being sent by the user 18:27:19 q? 18:27:24 ... two propoals; 1) to return to previous text (our last WD) that indicates compliance 18:27:31 -WaltMichel 18:27:35 My response is at http://lists.w3.org/Archives/Public/public-tracking/2013Dec/0098.html 18:27:42 ... or 2) if the group prefers to remove compliance, at least capture the existing responses 18:27:53 ... for compliance in an appendix or in the Compliance document 18:28:15 scribenick: npdoty 18:28:23 -ninja 18:28:35 schunter: could have a more explicit statement even if all pointing to the same document 18:28:43 q+ to discuss user information 18:28:50 +ninja 18:28:55 slacker 18:29:11 npdoty: haven't responded to Roy's message from 4am. :) 18:29:57 ack dsi 18:29:57 dsinger, you wanted to discuss user information 18:30:08 schunter: if we all agree on a single compliance document, it doesn't hurt for us all to point to it from the array 18:30:26 http://www.w3.org/2011/tracking-protection/drafts/dnt-for-users 18:30:36 npdoty: brief response is that if the goal is just a single compliance, then extra architecture is unneeded and could be confusing 18:30:50 The motivation bits being ... 18:30:53 dsinger: had worked on an explanatory document for users, with no responses on the mailing list 18:31:02 q+ 18:31:08 ... hard to explain to users what it means to them without a common baseline 18:31:17 … If a user is not interested in verifying compliance (the far more common 18:31:17 case), no response is ever obtained or checked. 18:31:24 ... hard to help the users make an informed choice, if the meaning is a multiple set of compliance regimes 18:31:56 q? 18:31:59 ack w 18:32:11 npdoty has joined #dnt 18:32:15 … If a user is interested in verifying compliance, they will have to rely on some communication of compliance by the server. Preventing the response message from communicating such claims directly prevents deployment of this protocol without a completed Compliance document, and even after such a document is produced we would have to *add* a similar link or versioning feature if that document is ever allowed to change. … 18:32:22 dsinger: that's the conceptual problem, wanted to respect the industry request for users to be fully informed 18:32:55 … In contrast, the compliance array solves this communication problem directly, without reliance on some future TCS deliverable, and does not in any way prevent TCS from becoming the one true consensus at some time in the future. Implementations can use the existing TR links to indicate compliance to specific versions of the TCS. 18:32:57 walter: @@@; web of trust plugin for firefox, for example 18:33:12 ... not to dismiss the concern, but may be a way to get out of it 18:33:26 ... was hoping for a meaningful compliance specification 18:33:42 -Peder_Magee 18:33:49 ... but discussions have shown unbreachable concerns, can't get to common baseline 18:34:02 ... for example, what we've discussed hasn't met the requirements of the European Union 18:34:16 But adding an "EU specific layer" ON TOP of a baseline is fine. we can still explain the baseline. 18:34:16 ... w3c may not be the best avenue to fix the compliance bit 18:34:31 q? 18:34:36 npd: walter, sorry, missed your initial point, what was the response to dsinger's concern? 18:34:37 if there is no common basis, what do we explain to users before they start browsing? 18:34:51 walter: would like chairs to respond to original poll regarding ways forward 18:35:10 is happy to let people puzzle over this problem and discuss in email (or future) 18:35:13 schunter: run over on time; look at alternatives 18:35:33 ... a longer discussion what we will do after the TPE document 18:35:37 npdoty: my initial point is that at least publicly acknowledging that the TPE as such means nothing that a user could derive an expectation from would open the possibility for third parties to step in 18:35:41 only 3 have to date!! 18:35:44 -ChrisPedigoOPA 18:35:45 -Chapell 18:35:45 -dwainberg 18:35:45 -MattHayes 18:35:46 -FPFJoeN 18:35:46 -Jack_Hobaugh 18:35:47 -Brooks 18:35:47 -Andrew_Kirkpatrick 18:35:49 -Bryan_Sullivan 18:35:49 -rvaneijk 18:35:49 reminder: objections on network interaction are due tonight 18:35:50 -adrianba 18:35:50 -[Apple] 18:35:50 Happy Holidays all! 18:35:51 -hober 18:35:52 -David_MacMillan 18:35:53 -hefferjr 18:35:53 -WileyS 18:35:55 -Fielding 18:35:55 -eberkower 18:35:56 -moneill 18:35:56 -laurengelman 18:36:00 -[CDT] 18:36:01 -walter 18:36:07 [adjourned.] 18:36:07 -Wendy 18:36:09 -ninja 18:36:11 -Carl_Cargill 18:36:11 Zakim, list attendees 18:36:13 As of this point the attendees have been Carl_Cargill, hober, Jack_Hobaugh, schunter, Peder_Magee, eberkower, SusanIsrael, npdoty, Joanne, RobSherman, justin, dwainberg, 18:36:13 ... Andrew_Kirkpatrick, walter, ninja, Fielding, +1.813.907.aaaa, Bryan_Sullivan, dsinger, hefferjr, ChrisPedigoOPA, moneill, [FTC], laurengelman, Chapell, kulick, adrianba, 18:36:17 ... rvaneijk, Brooks, Wendy, WileyS, vincent, FPFJoeN, WaltMichel, LeeTien, David_MacMillan, Thomas_Bause_Mason, Amy_Colando, MattHayes 18:36:17 -schunter 18:36:17 -Thomas_Bause_Mason 18:36:18 I sent proposed text for Issue 153 as requested. 18:36:23 rrsagent, please draft the minutes 18:36:23 I have made the request to generate http://www.w3.org/2013/12/18-dnt-minutes.html npdoty 18:36:36 -kulick 18:37:02 -npdoty 18:37:03 T&S_Track(dnt)12:00PM has ended 18:37:03 Attendees were Carl_Cargill, hober, Jack_Hobaugh, schunter, Peder_Magee, eberkower, SusanIsrael, npdoty, Joanne, RobSherman, justin, dwainberg, Andrew_Kirkpatrick, walter, ninja, 18:37:03 ... Fielding, +1.813.907.aaaa, Bryan_Sullivan, dsinger, hefferjr, ChrisPedigoOPA, moneill, [FTC], laurengelman, Chapell, kulick, adrianba, rvaneijk, Brooks, Wendy, WileyS, vincent, 18:37:04 ... FPFJoeN, WaltMichel, LeeTien, David_MacMillan, Thomas_Bause_Mason, Amy_Colando, MattHayes 18:37:58 dsinger: I am no longer sure whether there is a point of pursuing such a baseline given the stalemate in this group 18:38:09 dsinger: or rather, I am afraid I am sure there isn't 18:38:49 Zakim, bye 18:38:49 Zakim has left #dnt 18:38:51 rrsagent, bye 18:38:51 I see 1 open action item saved in http://www.w3.org/2013/12/18-dnt-actions.rdf : 18:38:51 ACTION: singer to propose an update on normal/abnormal on D signal [1] 18:38:51 recorded in http://www.w3.org/2013/12/18-dnt-irc#T18-20-39