See also: IRC log
<trackbot> Date: 05 February 2014
<ninja> trackbot, status?
<schunter> Hi Ninja!
<moneill2> akim, [IPCaller] is me
<Chris_IAB> I just dialed in
<npdoty> trackbot, start meeting
<trackbot> Meeting: Tracking Protection Working Group Teleconference
<trackbot> Date: 05 February 2014
<ninja> trackbot, start meeting
<trackbot> Meeting: Tracking Protection Working Group Teleconference
<trackbot> Date: 05 February 2014
<npdoty> scribenick: dsinger
<moneill2> i can take over after david
<npdoty> scribenick: moneill2
ok
issue-239
<trackbot> issue-239 -- Should tracking status representation include an array of links for claiming compliance by reference? -- raised
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/239
matthias: we seem to have reached consensus
<ninja> http://www.w3.org/wiki/Privacy/TPWG/Proposals_on_status_URL_array_for_compliance_regimes
matthias: no objections received
<dsinger> issue-239?
<trackbot> issue-239 -- Should tracking status representation include an array of links for claiming compliance by reference? -- raised
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/239
<schunter> http://www.w3.org/wiki/Privacy/TPWG/Proposals_on_status_URL_array_for_compliance_regimes
<npdoty> editors, I believe this text is already in the draft
matthias: 1 or compliance regimes can be claimed, implicitly also w3c regime
<Chris_IAB> trying to catch up after being away… how did the past couple of working group polls net out?
<npdoty> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.compliance
<dsinger> ACTION: dsinger to check that the compliance array is in the TPE spec [recorded in http://www.w3.org/2014/02/05-dnt-minutes.html#action01]
<trackbot> Created ACTION-435 - Check that the compliance array is in the tpe spec [on David Singer - due 2014-02-12].
matthias, action on dsinger to make sure text in doc
matthias, next item 1st & 3rd party elements
<npdoty> ninja, can you grab pointers to meeting minutes for Chris_IAB?
matthias: CfO next
<schunter> https://www.w3.org/wiki/Privacy/TPWG/Proposals_on_elements_for_1and3_party_use
matthias: we have 4 proposals ,
too many
... can we reduce num proposals to 2 & 3
<justin> The question is does anyone support the old version from last public working draft?
<schunter> Proposal 2 and proposal 3 should be renamed to proposal 1 and proposal 2.
npdoty: only 2 & 3 are relevant
matthias: 2 proposals remove prop 1
<fielding> "usage in third-party contexts" is not going to work with other WG decisions
kulick: need to understans, both allow for 1st or 3rd party
<npdoty> kulick, even with Proposal 3 (silence), it could be done, we just wouldn't have a common definition/signal yet
matthias: , p2 is define it in TPE, p2 not defined in TPE but may be in TPC
<Chris_IAB> schunter, would it be possible to have the proposal owners present their proposals on this call, before we move to Cfo?
<fielding> ditto what Matthias just said --- the only difference is that proposal 2 has a definition in TPE
matthias: if tpc have different rules, this is how to declare
<robsherman> +q
dsinger: , its not just TPC could indicate useful info in TPE
<Chris_IAB> hard to hear Roy… echoey
<JackHobaugh> Roy, you are cutting out.
<kulick> didnt get all of that
fielding: i suggest other contexts other tahn 3rd party
<fielding> will irc
<JackHobaugh> no echo, but Roy's VoIP appears to be somewhat clipped.
<fielding> yes, everything else is okay
<JackHobaugh> I am muted at my phone
<fielding> or "other controllers' contexts"
matthias: do you mean 1 is first party, 3 is everything else?
Chris_IAB: could we all proposers are on call, so they can present them?
matthias: nick can summerise his again
robsherman: does not need CfO
<fielding> To clarify what I meant to say, the "usage in third-party contexts" part of proposal 2 does not match definition of context. Saying "other contexts" for 3 would be better.
robsherman: idea is to preserve 1 and 3 qualifiers, important to have them
<npdoty> how about "usage as a first-party" and "usage as a third-party"? to avoid "context" altogether, if we're defining that term in a different way
<dsinger> given the confusion over the meaning of 'context' I agree to remove it from the third party defn
robsherman: phrase "other contexts" not meaningful
<fielding> npdoty, fine as well (note that I still don't want these definitions in the spec, I just want to make them less bad)
Chris_IAB: try for consensus first before CfO
robsherman: maybe we can resolve this with Roy offline
<Chris_IAB> robsherman, good idea :)
<dsinger> If Roy is OK after his edit, I am OK with it
<npdoty> we've discussed it a couple times now, yeah? are there suggestions for getting those positions to agreement?
matthias: do we have this in general for all TPCs or for each
<fielding> I still would prefer that it not be in TPE at all. I am just trying to get the text to the point where either decision would not conflict with other WG decisions.
<robsherman> The suggestion was that we modify the text proposal to address Roy's concern, and if we can address his concern there is no need for two proposals.
<dsinger> yes, it's architectural, but the TPE needs to make sense and provide uniformity of signalling, by itself'
<npdoty> I've changed to "usage as a * party" in the wiki
<Chapell> +1 Chris_IAB
Chris_IAB: have to have a solid
line between the documents, maybe most contentios bits should
be in TPC
... its about how to send signals
<bryan> +1 - The TPE is about the protocol, not the intent or adherence to the semantics
matthias: how do we reach consensus?
<npdoty> do we mean "edits" like the usage/context thing?
Chapell: can live with Roy's proposal, will participate id OK with them
<npdoty> I believe the updated text is:
<npdoty> While different compliance regimes can define requirements and uses of certain qualifiers, and a particular compliance regime might not require the use of qualifiers for particular activities to be permitted, the following qualifiers have the defined, descriptive meanings.
<npdoty> "1": the resource is designed for usage as a first party
<npdoty> "3": the resource is designed for usage as a third party
<Chris_IAB> there are two things we probably shouldn't conflate: the definition itself, AND where that definition exists (TPE vs Compliance) -- we should be careful to separate the issues accordingly
<robsherman> +q
Chapell, can you type that in I missed it
npdoty: can set up a call tomorrow to see how we can combine
<Chapell> I (and I believe others - some of whom are not on the call today) would object to the use of 1st party / 3rd party definitions anywhere. in Compliance or TPE. Not looking to necessarily debate this point here and now, but Matthias had indicated that 'nobody' was objecting to that langauge, it was a question of 'where it goes'
<Chapell> So, for the record... I am objecting
Chris_IAB: we must not conflate where def is and what signal describes
<npdoty> we already have a definition. this text doesn't create new definitions.
<justin> chapell, The group has already settled on definitions on party, first party, and third party. Those issues are closed.
<fielding> Chris_IAB, this discussion is about use of a term in TPE. If the term exists in TPE, it will be defined in TPE.
Matthias: only about 1 & 3 in TPE
<Chapell> Justin, npdoty, that's fine... but lets not confuse the decision of the chairs with group consensus on an issue
Matthias: or leave it to TPCs
<Chris_IAB> QUESTION: does anyone see a world where the TPE would be deployed APART from a compliance document? If not, then we can comfortably move definitions into compliance docs. Arguments to that logic?
<fielding> I did look at it. It does not address my concerns.
robsherman: befor we should go forward Roy and me should talk
<justin> Chris_IAB, The TPE defines the parameters of the DNT signal. To the extent elements of that signal need to be defined, TPE must define them.
<fielding> My concern is that we DO NOT need "first party" and "third party" in TPE.
Matthias: while we have 1st & 3rd parties, if nobody uses them the defs go away
<dsinger> we don't use the term 'tracking' either
<Chris_IAB> justin, you need only define what a signal is, not what it means
<fielding> dsinger, what spec are you reading?
matthias: maybe in complaince regime
<justin> Chris_IAB, No, that is not correct. The group has defined what the signal is intended to convey. That issue is closed.
dsinger: if TPCs dont need 1 & 3 signal, they dont need to require them
<Chris_IAB> justin, anyway, the TPE is not deployed in a silo by itself
<ninja> Chris_IAB, this may be true for the server side. But the user is not able to choose a compliance regime. So a basic setting of scope and meaning of his DNT;1 or 0 signal is useful.
dsinger: anxious that 1 & 3 signal was not machine testable
<Chris_IAB> justin, I continue to disagree with this approach… it's too much of a slippery slope
<fielding> honestly, dsinger, that is absurd
dsinger: we dont need tracking in the TPE either
<schunter> IMHO we do since we have a signal "0" Not tracking
<fielding> tarcking="N"
<npdoty> fielding, is there a constructive way that you can express that concern to dsinger?
<fielding> tracking="N" is a functional part of the spec
dsinger: signal important in own right for user
<Chapell> Chris_IAB for some reason, the chairs seem intent on porting many definitions as possible - over the objections of many within the group
<fielding> DNT:1 is a signal within the spec
matthias: By end of week we decide if to forward to CfO
<justin> Chris_IAB, No one is telling you what to do in response to the DNT signal. That's what a compliance regime determines.
Chris_IAB: TPE must have an assiciated TPC for implementation, docs then become one
<npdoty> Chris_IAB, the group, based on issue-239, made a decision to not make normative references to the Compliance document and its definitions
matthias: TPE defines user prefs, sites use TPC to decide what they do
<npdoty> ... which is why we've been spending time on removing references, and making sure the terms are defined
Chris_IAB: we made decision to bifurcate
<JackHobaugh> i am muted
<schunter> I would not call CDTs input noise, though ;-)
justin: its an optional field, you dont have to use it (in TPC), but group has made decision
<schunter> Jack: IMHO you caused some echo.
Chris_IAB: there is a conflict
<JackHobaugh> I am muted locally.
<JackHobaugh> I have been for the duration of this call.
justin: pput your objection down in CfO
<Chapell> Justin: I don't understand how one might offer a different interpretation of first and third party given the significant history there.
<justin> jackhobaugh, is there something you want to add?
matthias: i would like to woork twds CfO, Roys proposal claer, prop1 needs more work
<dsinger> I think we should edit proposal 1 in line with Roy's suggestion, as the authors of it seem OK with that
<JackHobaugh> I get that, feel free to mute me at your end.
<npdoty> dsinger, indeed, I've made that edit
matthis: next issue 240
<schunter> http://www.w3.org/wiki/Privacy/TPWG/Proposals_on_the_definition_of_context
<fielding> issue-240?
<trackbot> issue-240 -- Do we need to define context? -- open
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/240
<npdoty> ACTION: doty to follow up with 241 proposers (dsinger, fielding, robsherman at least) to finalize proposals / see if consensus is possible [recorded in http://www.w3.org/2014/02/05-dnt-minutes.html#action02]
<trackbot> Created ACTION-436 - Follow up with 241 proposers (dsinger, fielding, robsherman at least) to finalize proposals / see if consensus is possible [on Nick Doty - due 2014-02-12].
<npdoty> action-436 due February 7
<trackbot> Set action-436 Follow up with 241 proposers (dsinger, fielding, robsherman at least) to finalize proposals / see if consensus is possible due date to 2014-02-07.
fielding: trying for def give
clarification of what user means, from their perpective,
slightl dif from prop 5
... prop5 relies on def of parties
<npdoty> prop 1 adds "common data controller" and "group identity"
fielding: my def considers separate branding diff contexts
<JackHobaugh> Roy, could you explain why you replaced "share" with "with"?
<npdoty> fielding, would you say that context in your Proposal 1 is a strict subset of party in Proposal 5?
kulick: is second sentence needed?
<npdoty> second sentence: " A context represents a typical user's expectations regarding the boundaries of a commonly branded Web site (i.e., what makes it distinct from sites with a different group identity) independent of the technology, domain names, or parties operating that site via one or more origin servers. "
fielding: cant understand it without second sentence, prefer to keep it
matthias: compremise - mark sentence sentence as a note
<fielding> okay on marking it as a note
<fielding> that any *implementer* would understand
<JackHobaugh> I would like to request that M2 be extended a week because we have only had since 3 am today to consider Roy's revised proposal.
<ninja> dsinger, would you be able to take over scribing?
kullick: typical users knowledge not improved by 2nd sentence, complex environment that users might not understand
matthias: 2nd sentence as non-normative note
<npdoty> kulick, does that help your concern?
fielding: dont like non-normative para, happy for note at beginning of sentence
<kulick> npdoty, did roy just say add a note to the beginning of the sentence?
<kulick> i would want to understand what the note was
<fielding> I just updated the wiki
<kulick> i do think it would improve it, just not certain i could say i am good with it right now
<npdoty> kulick, the proposal from schunter / fielding was to mark the second sentence as a note
<dsinger> do we need to re-open the "definition of tracking" and change it to say "it's whatever the compliance regime(s) stop you doing when you say you don't track"?
Chris_IAB: cant see TPE being implemented without TPC, slipeery sloper, unzipped them then now zipping back up, certain TPC hampered
<fielding> … to add "Note that a context" where "A context" was at the beginning of sentence 2
<ninja> scribenick: dsinger
<kulick> roy, i see the update. i dont think it makes a difference from what was there before, but I appreciate your willingness to find a compromise
<scribe> scribenick: dsinger
<justin> Again, Chris_IAB, the decision has made to define tracking in the TPE. That is closed. The only question is whether to add more flavor around the idea of context to clarify what tracking means. However, the TPE does not prescribe what exactly you need to do in response to that request not to be tracked.
<justin> Just trying again to clarify the distinction between the two documents.
<npdoty> +1 to dsinger, does the signal just mean something completely different based on who you're talking to? how should a UA explain that?
mschunbter: proposal 5?
<justin> npdoty, dsinger, no the signal is defined within TPE. Closed issue.
chrispedigo: proposal 5: not so
different from Roy's. From implementers perspective may be
easier to understand. Also for a corporate entity. Tried to
keep simple
... tried to link back to defn of party, so that where
transparency is needed, it's more discoverable,
<fielding> would it be better as "Note that this definition of context is intended to represent …"?
<Chris_IAB> justin, you'll remember that I didn't really agree with your closing stance on whether to include a definition of Tracking in the TPE, for every reason we are now encountering (slippery slope). I don't think I was alone.
also more support for consumers
scribe: happy to take questions
moneill2: proposal 4: associates
a context with a data controller, an entity that the user is
expecting is collecting or could collect
... single data controller defines a context
... if multiple domains are used, then they are in teh
same-party array of the WKR, so it's clear that they are udner
the same controller
matthias: if we compare with Roy,
replaces group identity with branding, reqs the same privacy,
and requires discoverability thru the same-party array
... do it's more restrictive in that it introdices
requirements
moneill2: yes
mschunter: comments?
npdoty: Matthias already touched on: how important is common branding? Essential? Easily discernable? Discoverable?
moneill2: OK by me, check with Rob?
npdoty: in this case, are they mergable
?
moneill2: yes, probably so. let me check with my co-authors
<fielding> My proposal now reads: A context is a set of resources with a common data controller and a group identity that is easily discoverable by a user. Note that this definition of context is intended to represent a typical user's expectations regarding the boundaries of a commonly branded Web site (i.e., what makes it distinct from sites with a different group identity) independent of the technology, domain names, or parties operating that site via one or more origin
<fielding> servers.
mschunter: Roy, one is the language on group identity (maybe not a big deal), and a question for Mike is whether the same-party needs to be required; then there is the common privacy policy. Roy, what about these?
<npdoty> right, some companies might write smaller privacy policies for parts of their site
fielding: the problem is that privacy policies tend to be fungible, and apply to a set of resources, so requiring that they all update in lockstep or be identical is not always workable, even if they are aligned (on this question)
mschunter: example is IBM, that had a number of policies that had common elements but were not identical
<moneill2> +q
mschunter: Mike/Rob/Roy to
explore a common proposal
... proposal 5? can we drop in favor of proposal 1?
<robsherman> +q
chrispedigo: I think this is a little cleaner for 1. Not opposed to Roy's as such. One is a difference about user expectations. There are different ways for a user to come to an expectation. One is common branding. Another is easily discoverable. There is a balance in the defn of party and value in using it. Please keep it as part of the discussion
mschunter: proposal 6
<kulick> +1 to leaving proposal 5
chris: I think these definitions belong in the compliance and not the TPE
mschunter: so we seem to have multiple proposals, heading towards call for objections
<schunter> Qß
moneill2: I cannot get hold of Rob, so I will get his input by next week, and talk to Roy
robsherman: we decided not to merge 5 and 1, right?
justin: yes, there is a logical difference between the two, no immediate plan to combine
mschunter: this was the last item on the agenda
justin: let's look at some outstanding issues quickly
issue-143?
<trackbot> issue-143 -- Activating a Tracking Preference must require explicit, informed consent from a user -- closed
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/143
justin: last week Shane brought
up issue 143. maybe we should put into TPE a way to 'sign' the
DNT signal. "set by Chrome", "set by Cisco", etc.
... issue was closed in Sunnyvale last year, the chairs of that
epoch decided that there was no support for continuing
discussion, and no proposals
<npdoty> issue-194?
<trackbot> issue-194 -- How should we ensure consent of users for DNT inputs? -- open
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/194
justin: we decided to merge it with the general idea in compliance, of how can you ensure that signals are validly sent
(issue 194)
scribe: absent new info, we are
not interested in re-opening now, and given we want to get to
last call, maybe testing will reveal a need to re-open
... but we need to hear idea of other issues we need to
consider before last call
... we will be looking at 240 and 241 soon, and then we'll be
done
... at some point the editors will need to implement the
decisions that were made, and we'll be checking whether the
result has errors or other questions we need to consider
... so if you see things that need pre-LC discussion, please
raise ASAP
Chris_IAB: trying to catch up...there were some CfO call recently. Can you update? In one case the group was split, I think. Decisions?
<npdoty> I think ninja is keeping the home page up to date with http://www.w3.org/2011/tracking-protection/ links to decisions, explanations
chris_IAB: really want to know decisions, before I put input on further CfOs and issues
justin: any one in partic?
chris_IAB: all
<schunter> Nina: Do you have a summary/list of open CfOs?
justin: add-ons is due next week, and the requirement on exceptions after that
chris_IAB: what's the making of sausages like?
<ninja> schunter, Chris_IAB, Regarding Network interaction the chairs have determined Option B as group consensus - the written decision will go out this week
justin: we discuss, we cover
multiple time zones, we have other jobs, and we want to make
sure we follow all the lines of argument etc.
... on network transaction, we did make a decision, objections
were less strong to (B), (The Roy definition), email later
today
... we hear that you'd like answers sooner rather than later,
tho we're not sure we see strong dependency
chris_IAB: on every decision and
CfO we all need to check that we're consistent, and it takes
time for us too.
... we feel left in w whirlwind sometimes!
justin: I hear you, I want to get these done. One will be sent out later today, and we'll have the other we hope this week, and we'll have answres on the call next week
chris_IAB: thx
ninja: to add to Justin: the last two CfOs, esp. the requirement to handle exceptions, is a tough decision, and we also reached out to the web accessibility WG to check on the use of Javascript. So, given strong objections, the chairs give it careful consideration
chris_IAB: whoa, reached out to anothe rparty to help you make a determination? shouldn't we know?
wendy: given the W3C has an accessibility group, when someone raises an accessibility concern in comments, we ask 'is this something you want to take up?' and if they said so, we would have brought it back to the group. the response was that current screen readers can deal with JS so it was not a blocking issue, or we would have brought it back
justin: Mike has a couple of issues identified
moneill2: First: the idea, the
cross-domain, single-origin problem. A site with multi domains
(Yahoo and Yimg for example). Also the situation Roy alluded
to, such as P&G with a single data controller but multiple
brands. It's silly to have to ask the user multiple times
(perhaps) if the user already thought they gave consent.
... the thought that it had to reflect the user's thought 'at
the time' may be too restrictive. May want to re-arrange words
to allow for that situation.
... also read that Shane warned not to use european legal words
(data controller)
justin: making sure we don't say something we don't mean to say.
<npdoty> thanks for bringing this up, mike, even if I don't 100% understand it yet
justin: hopefully folks will look
at the language and see what can be improved. Maybe editors can
help? We may well find contentious
... the second is a new proposal, IMHO
moneill2: second: the whole issue of trust between sites and users. we have the WKR. Other data controllers can use it.
<npdoty> email from moneill2: http://lists.w3.org/Archives/Public/public-tracking/2014Feb/0009.html
justin: basically to allow sites
that have Tracking behavior, to allow users to request deletion
of past records to the extent possible
... we previously agreed that DNT did not apply to old records
that are retained, only going forward
<npdoty> I could see it more promising as a separate initiative
<kulick> +1 on moving to version 2... this is a big issue and would require much discussion
<npdoty> ... particularly if servers are interested in a standard mechanism
justin: Shane responded that
maybe this is a version 2 question. It does sound like a 'heavy
lift' and hesitate to intro something so groundbreaking
now
... mor on Mike's 2nd proposal?
... AOB?
... OK, we'll try to move to consensus or CfO on these two
soon,
... then the CfO texts will be due, and the edits due, and we
move to last-call status
... with that, thank you. We adjourn.
This is scribe.perl Revision: 1.138 of Date: 2013-04-25 13:59:11 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/matthias, CfO/matthias: CfO/ Succeeded: s/matthias, can/matthias: can/ Succeeded: s/define/defined/ Found ScribeNick: dsinger Found ScribeNick: moneill2 Found ScribeNick: dsinger Found ScribeNick: dsinger Inferring Scribes: dsinger, moneill2 Scribes: dsinger, moneill2 ScribeNicks: dsinger, moneill2 WARNING: No "Present: ... " found! Possibly Present: Apple Ari Ari_ Brooks Bryan_Sullivan CDT Carl_Cargill Chapell ChrisPedigoOPA Chris_Pedigo DNT FTC GSHans IPcaller Jack JackHobaugh Jeff Justin Microsoft Mozilla Nina Ninja P10 P9 Peder_Magee Susan_Israel WaltMichel Wendy aaaa adrianba bryan cOlsen carlcargill chris chris_IAB chrispedigo dsinger dwainberg eberkower fielding hefferjr hober https inserted kj kulick kullick matthias matthis mecallahan moneill2 mschunbter mschunter npdoty robsherman schunter scribenick sidstamm susanisrael trackbot vinay wseltzer You can indicate people for the Present list like this: <dbooth> Present: dbooth jonathan mary <dbooth> Present+ amy Regrets: ShaneWiley LeeTien JohnSimpson WaltervanHolst WileyS walter johnsimpson Found Date: 05 Feb 2014 Guessing minutes URL: http://www.w3.org/2014/02/05-dnt-minutes.html People with action items: doty dsinger[End of scribe.perl diagnostic output]