Tracking Protection Working Group Teleconference

06 Aug 2014

See also: IRC log


npdoty, Jack_Hobaugh, Fielding, vincent, RichardWeaver, eberkower, justin, +1.646.840.aaaa, moneill2, vinay, Wendy, MECallahan, dsinger, Jeff, AliceL, adrianba, Brooks, +1.310.292.aabb, [FTC], johnsimpson, hefferjr, WileyS, kulick
cargill, chrispedigo, kulick


<trackbot> Date: 06 August 2014

<vincent> zakim mute me

<eberkower> no

<eberkower> I wear a brace on my wrist

<eberkower> sorry

<Richard_comScore> sorry - I can't

<jeff_> scribenick: Jeff

<jeff_> JB: 4 issues

<jeff_> ... deidentification

<jeff_> ... personalization

<jeff_> ... audience measurement

<jeff_> ... (reminder we are off next week)

<jeff_> ... rework compliance doc to include definition of tracking (Roy's proposal)


<jeff_> ... 3 proposals

<justin> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Deidentification

<jeff_> ... NAI (internal linkages), safe harbor which could be re-identified but not in production

<jeff_> ... Roy's proposal. straightforward w/o details

<jeff_> ... Vincent (article 29). Accomplish Roy's ideas with prescription

<jeff_> ... and a 4th proposal

<jeff_> ... David's need also to promise not to reidentify

<jeff_> ... David, we've discussed this on the list - do you have a specific proposal?

<jeff_> David: We need to capture the idea. Don't have specific text proposal.

<jeff_> ... Issues (e.g.) with public release

<jeff_> ... maybe drop the word "contractually" from my text

<jeff_> Justin: If you say you only release deidentified data and are wrong you are already on the hook.

<npdoty> regard to "contractually", if you release the data publicly, it seems like you're not prohibiting anyone from trying to reidentify

<jeff_> David: Yes, so just drop the word contractually.

<johnsimpson> zakim aabb is johnsimpson

<jeff_> JB: Do you need proviso for aggregate statistics

<jeff_> DS: Not needed if you are totally confident you are OK.

<jeff_> JB: So how do you characterize that idea?

<jeff_> DS: Yes, I'm working on it.

<jeff_> ... open to proposal from the group

<jeff_> JB: Fair idea. FTC has that requirement as well.

<jeff_> ... Let's iterate on the list for a day or two then move to CfO.

<jeff_> David: Can I change contractually prohibits to restricts?

<jeff_> JB: Sure

<npdoty> dsinger, fielding, would "aggregate and anonymous" work as the additional category?

<jeff_> JB: [thinking out loud about Nick's input]

<jeff_> ... Nick, help David with the language.

<jeff_> ... let's iterate

<npdoty> yeah, use of "anonymous" has often been confusing in the past. I'll follow up on the email thread.

<jeff_> ... so that would then be the fourth proposal and then we move to CfO.

Roy's document

<justin> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-i203.html

<jeff_> JB: Kudos to Roy for input

<jeff_> ... restate compliance obligations to take into account new definition of tracking

<jeff_> RF: Overview

<jeff_> ... take advantage of defn of tracking

<dsinger> (I did the edit to the wiki, help appreciated)

<jeff_> ... so compliance is series of statements by server

<jeff_> ... defines (e.g.) what it means when server says it is not tracking, etc.

<jeff_> ... used Nick's version - we require minimal level of compliance in order to reference spec

<jeff_> ... beyond that, the rewrite discusses document scope (sec 1); section 2 (removed definitions that were in TPE)

<npdoty> for what it's worth, you could still use the TPE without a compliance indicator to indicate to the user that you're tracking but not limiting to any particular set of permitted uses

<jeff_> ... dropped 1st and 3rd party

<jeff_> ... Section 3: Goes through all the cases of a server response to a DNT request

<jeff_> ... reqts on what they must do

<jeff_> ... server should state exactly what they are doing

<jeff_> ... use defn of tracking; not distinctions between 1st and 3rd party

<jeff_> ... those distinctions are still there

<jeff_> ... not tracking to follow users in own sites

<jeff_> ... data collector, collecting within own site and not referral info from other sites would say they are not tracking

<jeff_> ... (defined in 3.3)

<jeff_> ... below that is defn of tracking in DNT 0, 1, not enabled

<jeff_> ... This doc much smaller than TCS

<jeff_> ... could have dropped some other sections that are not needed - but I was not going to make those changes.

<jeff_> JB: You said this sets "base level of compliance". How does that relate to "send disregard"?

<jeff_> RF: There was a description of reqts for disregard signal

<jeff_> ... I put it in the bottom of compliance (needs to be consistent with reqts of TPE)

<jeff_> ... bottom of 3.3

<jeff_> JB: 1st party and 3rd party. Is this David's notion of tunnel vision.

<jeff_> ... frequence capping not need to be permitted use (already within context)

<dsinger> ok, tunnel vision was by party

<jeff_> RF: Yes. But tunnel vision was only within a domain; here we use within a context

<jeff_> DS: I'm aligned.

<jeff_> RF: Our objective is to restrict knowledge outside of "here"

<jeff_> DS: Dropping 1st and 3rd party is a huge advantage.

<vincent> dsinger, cause of the referrer issue I guess

<vincent> first party can no longer know from where the traffic comes

<jeff_> ND: Concern about tunnel vision before was we said - "Maybe we don't need permitted uses".

<jeff_> ... but we found we could not do it.

<jeff_> ... billing, incoming referrals

<jeff_> ... so 1st and 3rd party approach helped us talk about the distinctions.

<jeff_> JB: So you are saying tunnel vision is not better; but are you saying it is worse?

<jeff_> ND: David's notion that it is machine testable is not actually true.

<moneill2> +q

<jeff_> ... It was just a decision we made

<jeff_> ... Based on user understanding

<dsinger> OK, but practically we cannot stop data flowing within a party.

<jeff_> JB: So with tunnel vision, embedded 3rd parties could pull out more?

<vincent> dsinger, as I understand you can not keep the referrer with the "tunnel vision" right?

<jeff_> ... An ad network can pop up and collect ads - what data are you worried about?

<jeff_> ND: Either approach requires permitted uses

<jeff_> JB: So 1st and 3rd party distinction matters.

<dsinger> vincent, in my proposal, right, you cannot keep data that associates the user with any other party. referer headers, other party’s URLs, and so on

<jeff_> ... with tunnel vision still pretty limited

<jeff_> ... so what is the privacy delta?

<jeff_> ND: First I was explaining the history

<vincent> dsinger, I think that's why it was not adopted, publisher were afraid that they could no longer know which keyword drvie more traffic to their website

<jeff_> ... if the group wants to change the direction we will address issues

<jeff_> ... e.g. if the user meant for their data to be remembered.

<jeff_> ... previously we used first part context.

<dsinger> vincent, not sure I follow, we should pursue this in email

<jeff_> JB: Here, a widget on my screen could remember my interactions

<jeff_> Mike: I like this. A lot cleaner. Elegant.

<jeff_> ... how do we define 1st and 3rd parties?

<jeff_> ... should be machine testable

<jeff_> ... no less machine testable.

<jeff_> ... for permitted use - we were going to drop some anyways.

<jeff_> ... if data within one domain.

<jeff_> ... Still have: can we limit UIDs?

<jeff_> ... cache header approach?

<jeff_> RF: Testability

<jeff_> ... main thing is conformance testing

<jeff_> ... not testable by third parties

<jeff_> ... regulators apply that type of test

<dsinger> agree with Roy, if someone’s data gets leaked, and we find records that link users to other parties, we have a clear prima facie violation

<jeff_> JB: How does this treat headers for what we called 1st parties?

<jeff_> ... web sites log where people come from, even if tracking is turned off

<jeff_> ... would that impact tunnel vision approach?

<jeff_> RF: Yes, it is affected.

<jeff_> ... permitted uses for financial logging, added a phrase.

<fielding> This may include counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, tracking referrals and conversion to the extent necessary to account for an agreed bounty program, and auditing compliance with this and other standards.

<jeff_> ... I made that explicit for actual financial transaction

<jeff_> ... also for general web page analytics

<jeff_> ... should be OK to track referral links to a page if not tied to user

<jeff_> ... folks that do analytics will be terribly upset for this suggestion

<WileyS> Aggregation vs. user level tracking. Issue is that you need to start with the raw log file with user specific elements to ensure you double count the same user for the same referrer.

<jeff_> ... user that does not want to be tracked does not want to be tracked between adjacent as much as 3 different sites.

<npdoty> I'm not sure why web analytics is a less common case than paid referrals for advertising

<jeff_> ... shouldn't have exception for web analytics.

<jeff_> ... should dissasociate refered data from user.

<WileyS> Roy - you can't remove the user until aggregation has occurred.

<jeff_> ... can't track individual user (if not for financial reasons)

<dsinger> agree with Roy. “I get 2,000 visitors a day from IBM” and “Roy was here yesterday”, but they are distinct records

<WileyS> +q

<jeff_> JB: How quickly would I need to deidentify

<dsinger> justin, that sounds like a raw data exception

<jeff_> RF: That is a separate issue.

<jeff_> JB: No, I am tracking a user short term. Does that violate definition?

<jeff_> RF: You can use information to customize page. But not in a log file for a while.

<jeff_> ... we talked about it. Did we make a decision?

<jeff_> JB: We walked away from it.

<jeff_> SW: Retention issue.

<jeff_> ... If all first parties globally need to look at all inbound refers

<jeff_> ... minimal level of retention to allow aggregation

<jeff_> ... will need user context

<jeff_> ... that is a wrong direction

<jeff_> ... if every website must implement this, DNT will fail quickly

<jeff_> ... go back to core tenets - 1st v 3rd party.

<moneill2> first-party is all in one context

<jeff_> ... we are getting far afield

<jeff_> ... it will cause the demise of DNT

<jeff_> RF: From the perspective of "adoption" it helps to have a spec they can adopt.

<jeff_> ... I appreciate that we want compliance from day 1.

<jeff_> ... but it does no good to have people say they adopted DNT - but they are still tracking.

<WileyS> Based on Roy's conception of "Tracking" - far too broad at this point based on where we started as a group in my opinion.

<jeff_> ... my preference is that immediate referral data is allowed.

<jeff_> ... based on what we want to achieve - we have a protocol that can communicate the options.

<jeff_> ... we won't get instant adoption

<jeff_> ... this won't prevent them

<WileyS> If no one adopts there is no value to adoption for others. Same issue for P3P - if we don't all adopt then there is no motivation for anyone to adopt.

<dsinger> I was merely going to note that we still need a short-term retention definition (the ‘roach motel’ with only 3 exits)

<jeff_> DS: @@@ sounds muffled

<vincent> WileyS, it would be enough for web analytics provider to adapt to DNT, website publishers would not have much to do (if anything)

<WileyS> Short-term? How short? Monthly and quarterly aggregate roll-ups?

<Zakim> npdoty, you wanted to ask about defining requirements (1st/3rd; or additional requirements on the definition of tracking)

<dsinger> to WileyS, not that this deals with your issue

<wseltzer> WileyS, on the other hand, there's a question what the signal communicates, whether or not it's listened to

<jeff_> Nick: Trying to get around the concern

<jeff_> ... Now we want to limit our scope on tracking - but then we state here is how you comply as a 1st or 3rd party.

<dsinger> notes that we might not expect many ‘first parties’ to try to or claim compliance, and maybe users are OK with that as an initial state

<fielding> right, we could exclude "immediate referral data" (which includes headers and URI tokens) from the notion of tracking, but it would be much harder to defend

<jeff_> ... Roy's approach goes back to definition of tracking

<WileyS> Vincent, those that use 3rd parties (like Adobe), I agree. Anyone who uses their own tracking packages or internal reporting schemes from logs won't be helped.

<jeff_> ... but then - what about things that are out of scope

<jeff_> ... refers header, link where user came from

<jeff_> ... easier way is to look at other examples for different contexts

<jeff_> ... alternative - look at Roy's new text for 3.3 - elaboration for definition of tracking

<fielding> yep

<jeff_> ... requirements on defn of tracking

<vincent> WileyS, I don't think there are a lot of publishers who use internal tools, most use existing tools (Adobe, GA, ...)

<jeff_> JB: So compliance obligations would be written to make exceptions for what people do?

<moneill2> +q

<jeff_> ... Roy is saying that we are telling 1st parties not to accept refer headers.

<jeff_> ... You are suggesting that 1st parties can't say "no tracking" because they accept refer headers - but can rely on definition of tracking. Nick?

<WileyS> Vincent, I don't believe that's true. I'll try to dig up an analytics survey from last year - showed a much higher number (relative percentage) of "self-serve" models in play than you may imagine.

<jeff_> Nick: That's one approach.

<jeff_> ... but there are other approaches

<jeff_> JB: Noone today can respond with an N.

<jeff_> DS: We can have a 3rd party permitted use "I claim to be the first party"

<jeff_> ... or have a note that we don't expect 3rd parties to adopt at same rate

<jeff_> ... Understand Shane's concerns - but we should still explore this.

<jeff_> ... "I'm clean. I'm not tracking you"

<WileyS> Note - only 19 participants on today's call. 1 of those being a co-chair and 2 being editors. If we see this dramatic of a drop in attention to this standard, why do we think developing a standard that all web servers globally would need to implement would be adopted?

<jeff_> ... we can soften 1st party problem

<vincent> WileyS, if you could share the survey result that'd be great

<jeff_> JB: It may be OK for first parties not to change their practies short term

<wseltzer> WileyS, it's also August

<WileyS> Vincent - I'll try to find it again - over a year ago. if you could dig up metrics to back up your statement that only 3rd party tools are used that would be helpful as well.

<jeff_> Mike: Not just refer headers. But I agree w David. Add special cases.

<fielding> I think it is a legitimate concern that "all websites" do some amount of "tracking" if we include immediate referral data as tracking data. However, that doesn't make it easier to explain to a user that doesn't want tracking. Is referral data okay for the DNT:1 user?

<Zakim> wseltzer, you wanted to comment on use cases/audiences

<WileyS> Oops - forgot to mention 2 of those are staff - so really only 14 participants in total. If August is considered such a low participation period perhaps we shouldn't be meeting righ tnow.

<jeff_> Wendy: Voice to IRC chat

<jeff_> ... keep in mind various audiences and use cases

<jeff_> ... adoption by servers, users and communication to users

<jeff_> Shane, we have 3 staff ;)

<WileyS> I never said that

<dsinger> to Wileys, on participation, yes, I would be cautious about making ‘decisions’ in a low period, on the other hand, I am appreciating the quality of interaction on this call and the amount of inteliigence and light being shed (by you and others)

<fielding> WileyS, there is nothing in our specs that requires all servers to implement. They only need to implement if they say they do.

<Zakim> npdoty, you wanted to comment on first party / machine-readable

<WileyS> Roy, but if very few servers ever adopt a standard then it fades quickly - much like P3P. Standards only work when there is high adoption - otherwise why have a standard.

<jeff_> Nick: Machine-readable - your statement is that user agent might not expect DNT from 1st party

<jeff_> ... so less important

<jeff_> ... but not easy to see in practice

<jeff_> ... so we are getting away from it

<jeff_> ... We expect sites to interact with users on their sites.

<jeff_> ... easy to implement DNT

<wseltzer> [I've never liked the 1st/3d party distinction]

<jeff_> ... referals, data append, setting preferences - more complicated

<fielding> WileyS, in that case, you don't need to concern yourself about what that non-standard said.

<jeff_> JB: Where in Roy's spec is data append prohibited?

<WileyS> Roy, fair, if we want to build a standard that no one will adopt then there is no need to be concerned with that standard.

<jeff_> Nick: In 3.3 where he elaborates on defn of tracking

<moneill2> using data collected about another context

<npdoty> An origin server that sends a TSV of N (not tracking) MUST NOT engage tracking if a similar request is made to the designated resource while that tracking status remains fresh. In other words, the party MUST NOT knowingly collect, retain, use, or share data from a network interaction with the designated resource that would allow that party to associate the same user with tracking data it has previously obtained from user activity in other contexts, MUST NOT retain,

<npdoty> use, or share data derived from this user activity outside the context in which this activity occurred, and MUST NOT tailor or personalize the response from the designated resource based on data derived from this user's activity in other contexts (aside from contextual data provided by the user in the current request).

<jeff_> ... first paragraph

<jeff_> RF: Yes.

<jeff_> JB: I thought for CfO for data append you said no!

<jeff_> RF: This is about using the information in responding to request.

<WileyS> Can someone provide an example of data append where they user has not given consent and/or its not public data?

<jeff_> ... If user has DNT=1, they would not get data about their interactions at other sites mixed in at this site.

<jeff_> JB: But if I send NYT my Yahoo address with DNT=1 with that prohibit searching email address for data broker?

<jeff_> RF: Yes, that is a strict translation of defn of tracking.

<jeff_> JB: OK. We had CfO and that issue is closed.

<jeff_> ... let's not revisit.

<WileyS> 1st party / 3rd party context really does come to the root of the issues we initially were attempting to solve. Expanding the scope so broadly now is only going to cause more confusion and difficulty in implementation.

Data minimization

<jeff_> JB: Language has been revised

<jeff_> ... rationale?

<jeff_> RF: I don't remember a consensus

<jeff_> ... minimization already says that you can only collect if for permitted use.

<npdoty> it might be helpful if we narrowed this proposal down to those things related to issue-203

<jeff_> ... so language is redundant.

<jeff_> ... can go back in if there is a consensus

<jeff_> JB: OK, so it is editorial


<jeff_> JB: Language was deleted.

<jeff_> ... Rationale?

<jeff_> RF: You asked us to delete it.

<npdoty> I understand it can be difficult to write a narrow proposal when you're working on elaborating a general idea

<jeff_> JB: I said made sense to delete on frequency capping. Not more broadly.

<jeff_> RF: OK.

<jeff_> ... It's just a proposal.

<jeff_> Justin: What should we do with this proposal?

<jeff_> ... Chairs and staff should discuss.

<jeff_> ... Thanks, ROy.

<jeff_> ... very thoughtful

<dsinger> suggest we dig up the ‘tunnel vision’ discussion from the archives, but I don’t recall it being very helpful

<jeff_> ... some reluctance

<jeff_> ... Chris P and Rob could have some significant concerns.

<jeff_> ... keep talking

<jeff_> RF: Purpose of proposal was to address comments about 1st party v 3rd party.

<jeff_> ... Nick could look through proposal and see what language he wants to use for main TCS; even if just adopting some of the editorial changes.

<jeff_> ... see if worth discussing

<jeff_> ... editorial pass

<jeff_> JB: I've heard the complaint that this favors first party.

<jeff_> ... this does not prevent FB from showing up on the NYT showing what people did on FB

<jeff_> RF: FB can be either 1st party, 3rd party, or talk about their own data

<jeff_> ... FB should be able to track if they have consent to do so.

<moneill2> and they can get consent easier than the others

<jeff_> JB: They can't use behavioral data.

<jeff_> ... but the concern is whether they can use their information on the NYT.

<jeff_> ... Does this allow?

<jeff_> RF: Yes.

<npdoty> hmm... I thought this i203 proposal was written to explicitly define that activity as tracking

<jeff_> RF: Concern was not about FB showing data. It was about networks of large users can customize ads better

<jeff_> ... does not address that at all.

<Zakim> npdoty, you wanted to comment on minimal proposal

<moneill2> to use the data they need to identify the user on a anotehr context (site)

<jeff_> .. but gets 1st and 3rd party out of spec

<jeff_> Nick: Pragmatic suggestion.

<jeff_> ... let's go through the proposal. Which are truly addressing 203?

<jeff_> JB: Who does the work?

<jeff_> Nick: Me.

<jeff_> ... with Roy's help

<jeff_> RF: Vacation next week.

<Zakim> dsinger, you wanted to talk about parties and their size

<jeff_> ... take it up in 2 weeks

<jeff_> DS: Large companies are benefited by the amount of data that can flow within them.

<jeff_> ... DNT wrong rule to control that.

<jeff_> ... out of our scope

<npdoty> I think I can take a pass at looking through Roy's text for editorial changes or other issues and Roy can help us pull out the issue-203-specific proposal

<jeff_> JB: Gets to personalization and user expectation

<jeff_> ... this will all go to CfO.

Audience measurement

<npdoty> https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Audience_Measurement

<jeff_> JB: Old issue. Start it this week. Continue next meeting.

<jeff_> ... Kathy Joe set of requirements limit what they can collect

<jeff_> ... others suggested a more global exception

<jeff_> ... Google's DNT for Android has a broad exception

<jeff_> ... Apple's IOS has not audience measurement exception

<WileyS> +q

<jeff_> ... interested in proposals

<jeff_> Shane: My understanding for mobile OS's is that analytics is supported by both IOS and Android.

<jeff_> ... opt outs allow analytics

<jeff_> ... why do you think there is a disconnect?

<jeff_> JB: I could be wrong...

<fielding> npdoty, quick editorial improvements would be to adopt section 1 and section 2 (but add links for defn of first party and third party), and then adopt the organization of section 3 (3.1, 3.2, 3.5, and 3.6 can be used verbatim)

<jeff_> ... but my understanding is that limited tracking was very limited to attribution

<npdoty> dsinger, do you have iOS folks at Apple that would be interested in talking about this?

<jeff_> ... not general analytics.

<jeff_> Shane: Use Apple developer terms

<jeff_> ... 3.1.11 and 3.1.13

<jeff_> ... developer guidelines

<jeff_> ... 3 questions when submitted to iStore

<jeff_> ... allows analytical perspective

<jeff_> JB: That was my basis

<jeff_> ... Android says measurement is fine

<jeff_> ... IOS more limited

<jeff_> ... but I could be wrong

<jeff_> DS: I'll look for some help.

<jeff_> SW: Thanks, David.

<jeff_> ... Also, Android is inconsistent

<moneill2> is there a call next week?

<npdoty> moneill2, no call next week (August 13). next call August 20.

<jeff_> ... just advertising or advertising plus analytics

<moneill2> npdoty, thanks

<npdoty> maybe we should check in with Heather or other Google folks as well

<jeff_> ... press has been asking

<jeff_> ... Apple has not been that clear

<fielding> poke Thomas ;-)

<jeff_> [adjourned until 20 August]

<npdoty> trackbot, end meeting

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.138 (CVS log)
$Date: 2014-08-06 17:17:35 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/scpe/spec/
Found ScribeNick: Jeff
WARNING: No scribe lines found matching ScribeNick pattern: <Jeff> ...
Inferring Scribes: Jeff

WARNING: 0 scribe lines found (out of 486 total lines.)
Are you sure you specified a correct ScribeNick?

Default Present: npdoty, Jack_Hobaugh, Fielding, vincent, RichardWeaver, eberkower, justin, +1.646.840.aaaa, moneill2, vinay, Wendy, MECallahan, dsinger, Jeff, AliceL, adrianba, Brooks, +1.310.292.aabb, [FTC], johnsimpson, hefferjr, WileyS, kulick
Present: npdoty Jack_Hobaugh Fielding vincent RichardWeaver eberkower justin +1.646.840.aaaa moneill2 vinay Wendy MECallahan dsinger Jeff AliceL adrianba Brooks +1.310.292.aabb [FTC] johnsimpson hefferjr WileyS kulick
Regrets: cargill chrispedigo kulick

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 06 Aug 2014
Guessing minutes URL: http://www.w3.org/2014/08/06-dnt-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]