IRC log of dnt on 2014-09-03

Timestamps are in UTC.

15:56:58 [RRSAgent]

RRSAgent has joined #dnt

15:56:58 [RRSAgent]

logging to http://www.w3.org/2014/09/03-dnt-irc

15:57:00 [trackbot]

RRSAgent, make logs world

15:57:02 [trackbot]

Zakim, this will be TRACK

15:57:02 [Zakim]

ok, trackbot, I see T&S_Track(dnt)12:00PM already started

15:57:03 [trackbot]

Meeting: Tracking Protection Working Group Teleconference

15:57:03 [trackbot]

Date: 03 September 2014

15:57:13 [fielding]

fielding has joined #dnt

15:57:36 [npdoty]

regrets+ schunter

15:57:51 [Zakim]

+Fielding

15:57:59 [JackHobaugh]

JackHobaugh has joined #dnt

15:58:13 [npdoty]

Zakim, who is on the phone?

15:58:13 [Zakim]

On the phone I see ??P2, Fielding

15:58:37 [Zakim]

+ +1.408.260.aaaa

15:58:43 [sidstamm]

Zakim aaaa is me

15:58:58 [sidstamm]

Zakim, aaaa is sidstamm

15:58:58 [Zakim]

+sidstamm; got it

15:59:03 [Zakim]

+Jack_Hobaugh

15:59:06 [Zakim]

+npdoty

15:59:17 [Zakim]

+RichardWeaver

15:59:40 [Richard_comScore]

Richard_comScore has joined #dnt

15:59:45 [Zakim]

+[FTC]

15:59:59 [rvaneijk]

Nick, I am not identified yet, calling through skype

16:00:02 [Zakim]

+[IPcaller]

16:00:10 [walter]

zakim, IPcaller is me

16:00:10 [Zakim]

+walter; got it

16:00:18 [npdoty]

Zakim, ??p2 is rvaneijk

16:00:18 [Zakim]

+rvaneijk; got it

16:00:55 [Zakim]

+hefferjr

16:00:59 [jeff]

jeff has joined #dnt

16:01:10 [npdoty]

volunteer to scribe?

16:01:38 [WileyS]

WileyS has joined #dnt

16:01:42 [ChrisPedigoOPA]

ChrisPedigoOPA has joined #dnt

16:01:49 [dsinger]

dsinger has joined #dnt

16:01:58 [justin]

justin has joined #dnt

16:02:03 [Zakim]

+Carl_Cargill

16:02:11 [justin]

zakim, who is on the phone?

16:02:11 [Zakim]

On the phone I see rvaneijk, Fielding, sidstamm, Jack_Hobaugh, npdoty, RichardWeaver, [FTC], walter, hefferjr, Carl_Cargill

16:02:13 [Zakim]

+Jeff

16:02:19 [Zakim]

+[Apple]

16:02:22 [Zakim]

+WileyS

16:02:24 [dsinger]

zakim, [apple] has dsinger

16:02:24 [Zakim]

+dsinger; got it

16:03:03 [Zakim]

+ChrisPedigoOPA

16:03:05 [Zakim]

+justin

16:03:12 [npdoty]

agenda+ TPE Last Call comments

16:03:20 [npdoty]

Zakim, clear agenda

16:03:20 [Zakim]

agenda cleared

16:03:24 [npdoty]

agenda+ TPE Last Call comments

16:03:29 [vinay]

vinay has joined #dnt

16:03:36 [Carl_Cargill]

Carl_Cargill has joined #dnt

16:03:36 [Richard_comScore]

Sorry - I can't

16:03:38 [Zakim]

+ +1.917.934.aabb

16:03:47 [npdoty]

agenda+ Deidentification

16:03:49 [walter]

npdoty: I'm on Skype

16:03:51 [vinay]

zakim, aabb is vinay

16:03:51 [Zakim]

+vinay; got it

16:03:55 [walter]

npdoty: that usually isn't good enough to be scribing

16:03:56 [npdoty]

agenda+ issue-203

16:04:04 [npdoty]

agenda+ Personalization

16:04:09 [npdoty]

agenda+ Audience Measurement

16:04:39 [npdoty]

scribenick: npdoty

16:04:54 [npdoty]

justin: Roy will walk us through a series of Last Call comments so far

16:05:05 [justin]

https://www.w3.org/2011/tracking-protection/track/products/6

16:05:05 [npdoty]

... divided into issues, between David and Roy

16:05:56 [npdoty]

... Roy had at my urging spent some time at Compliance, but now want to spend more time on TPE Last Call comments

16:06:02 [hober]

hober has joined #dnt

16:06:04 [npdoty]

... could go to Candidate Recommendation separately

16:06:26 [npdoty]

... in particularly, seeing some implementations, like EFF Privacy Badger and Disconnect.me extension

16:06:32 [Zakim]

+kulick

16:06:41 [kj]

kj has joined #dnt

16:06:43 [npdoty]

... had heard from advertising industry about their own definitions of Do Not Track

16:06:53 [vincent]

vincent has joined #dnt

16:06:59 [npdoty]

... interest in experimenting with their own, good idea to prioritize TPE Last Call comments

16:07:36 [npdoty]

... Roy has sent his initial responses to maybe half of the Last Call comments so far

16:07:57 [Zakim]

+vincent

16:08:21 [npdoty]

... let's talk them over on the call, if no disagreements, send an email to the list with an announcement about any objections to Roy's or David's responses

16:08:35 [adrianba]

adrianba has joined #dnt

16:09:13 [fielding]

Basically, an email response with a link to the issue tracker which explains the WG decision regarding their comment.

16:09:24 [npdoty]

npdoty: WG just needs to respond (email is fine) to the commenter, and hopefully that resolves the commenter's issue

16:09:27 [dsinger]

apologizes for his lateness but has been studying the comments and will have a proposal for some/most/all of them soon

16:09:46 [npdoty]

fielding: a reply from the WG rather than a reply from me

16:10:14 [Zakim]

+[Microsoft]

16:10:22 [adrianba]

zakim, [Microsoft] is me

16:10:24 [Zakim]

+adrianba; got it

16:10:38 [npdoty]

justin: walk through rationales for each issue, and then people can raise feedback on the call as necessary

16:10:45 [npdoty]

fielding: +1

16:10:47 [npdoty]

Zakim, take up agendum 1

16:10:47 [Zakim]

agendum 1. "TPE Last Call comments" taken up [from npdoty]

16:10:49 [fielding]

https://www.w3.org/2011/tracking-protection/track/issues/244

16:11:27 [npdoty]

fielding: comment from Article 29 working party about not overriding regulation

16:11:30 [pmagee]

pmagee has joined #dnt

16:11:57 [npdoty]

fielding: obviously, this standard can't overturn regulatory language or regulation

16:12:03 [justin]

q?

16:12:12 [npdoty]

... understandable, but not the kind of thing we put in standards

16:12:21 [npdoty]

q+

16:12:32 [justin]

ack npd

16:13:11 [rvaneijk]

q+

16:13:20 [npdoty]

npdoty: we have a relevant section in Compliance, would that be sufficient to address the comment?

16:13:36 [npdoty]

fielding: no harm in it in TCS

16:14:06 [justin]

ack rva

16:14:38 [npdoty]

rvaneijk: doesn't matter whether clarifying text ends up in TPE or TCS, but want to avoid view of a data controller that ePrivacy Directive or other requirements are satisfied

16:14:56 [npdoty]

... could be confusion about how a data controller should respond technically

16:15:13 [npdoty]

... if it's a different issue on the TCS, maybe we should raise a separate issue and link it

16:15:50 [npdoty]

justin: also a FAQ sort of page we'd talked about, dsinger has done a lot of work, that might be the logical place for it to reside

16:15:56 [sidstamm]

is the ask for an advisory note? "By the way, this doesn't mean you satisfy any laws"? I can see how it would be helpful to implementors, but I'm not convinced anyone would rely only on TPE to satisfy any regulations (or any spec implementation for that)

16:16:28 [sidstamm]

but +1 to adding this to a FAQ

16:16:30 [npdoty]

... as with self-regulatory schemes

16:16:33 [sidstamm]

don't think it should be in TPE

16:16:38 [justin]

q?

16:16:38 [dsinger]

given that TPE is a protocol, it

16:16:50 [fielding]

https://www.w3.org/2011/tracking-protection/track/issues/245

16:16:52 [dsinger]

is hardly likely to conform to laws. TCS (if anywhere) is the right place

16:17:00 [npdoty]

npd: +1 to adding explanation to FAQ

16:17:03 [sidstamm]

exactly dsinger

16:17:21 [rvaneijk]

prefer adding to TCS instead of FAQ.

16:17:46 [npdoty]

fielding: true (about not discriminating), but we don't define a user interface

16:18:05 [npdoty]

... if it were, we should reference the W3C's guidelines on user interface/acessibility (WCAG)

16:18:16 [npdoty]

... don't know of a place in the TPE where that reference/addition would be appropriate

16:18:16 [justin]

rvaneijk, Yes, since there is already language in TCS, could easily be revised to expand a bit.

16:18:49 [justin]

q?

16:19:27 [npdoty]

justin: is this the same concern about not being excused from local law requirements?

16:19:57 [npdoty]

rvaneijk: consultation was done when status of TCS was uncertain, answer written in that context

16:19:57 [sidstamm]

it's up to the user agent to determine how to best interact with users given their environment's constraints, right? Accessibility is something software makers must take on no matter the protocol behind it (TPE)

16:20:07 [npdoty]

... that some users may need special assistance is a generic comment

16:20:30 [npdoty]

npd: I would think section 4 of TPE is more relevant than 7.7

16:20:56 [npdoty]

rvaneijk: I could see TCS being appropriate, but this is a normative suggestion, not just an explanatory comment

16:21:18 [dnt]

dnt has joined #dnt

16:21:33 [justin]

q?

16:21:39 [npdoty]

justin: sounds like people are okay with revisiting section 7 of TCS regarding legal requirements

16:22:00 [fielding]

https://www.w3.org/2011/tracking-protection/track/issues/246

16:22:14 [kulick]

kulick has joined #dnt

16:22:46 [moneill2]

moneill2 has joined #dnt

16:22:51 [npdoty]

fielding: comment from Mike, actually discussed before Last Call

16:23:02 [Zakim]

+[IPcaller]

16:23:07 [npdoty]

... response we heard from IE team that this was already implemented/shipped

16:23:22 [moneill2]

zakim, [IPCaller] is me

16:23:22 [Zakim]

+moneill2; got it

16:23:23 [rvaneijk]

npdoty, we could redraft to make it non-normative. The standard would gain a lot in my view if users with special needs get accommodated.

16:23:30 [justin]

q?

16:23:36 [npdoty]

... don't have a particular concern about the terminology, but already have implementation

16:23:40 [dsinger]

this is a long-standing frustration; I guess we should check, apart from the implementation issue, WOULD the WG like to change the names?

16:23:44 [dsinger]

q+

16:24:13 [npdoty]

q+

16:24:22 [justin]

ack ds

16:24:35 [justin]

ack npd

16:24:37 [adrianba]

q+

16:25:01 [justin]

ack adria

16:25:15 [npdoty]

fielding: already heard concerns from Adrian beforehand

16:25:19 [dsinger]

ok, so we can respond that we agree but we feel it’s too late to change

16:25:27 [npdoty]

npdoty: +1

16:25:48 [npdoty]

adrianba: might have a slight preference for "permission" terminology, but only slight, and had been using this name and this implementation for some time

16:25:58 [WileyS]

I'm in the same spot - I like "permission" over "exception" but its been SOOOO long it would difficult to make the change now.

16:26:34 [justin]

q?

16:26:40 [npdoty]

justin: sounds like momentum is similar, that we shouldn't change it at this point, even if there's a slight difference in preference over terminology

16:26:59 [npdoty]

moneill2: stick with what we've got now

16:27:16 [npdoty]

issue-247?

16:27:16 [trackbot]

issue-247 -- update HTTP draft references (httpbis) -- pending review

16:27:16 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/247

16:27:41 [justin]

q?

16:27:44 [npdoty]

fielding: needed to update the HTTP draft references in the spec, and yes, I did that

16:27:48 [npdoty]

issue-248?

16:27:48 [trackbot]

issue-248 -- using Unicode notation in ABNF -- pending review

16:27:48 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/248

16:28:29 [justin]

q?

16:28:31 [npdoty]

fielding: had been using %31 and %30 in quotes, but really don't think it's necessary

16:28:52 [fielding]

fielding has left #dnt

16:29:02 [npdoty]

... also don't need additional Unicode representation of it, no ambiguity

16:29:02 [fielding]

fielding has joined #dnt

16:29:05 [justin]

q?

16:29:15 [npdoty]

justin: not sure of the details, but sounds like an editorial decision

16:29:30 [npdoty]

issue-249?

16:29:30 [trackbot]

issue-249 -- DNT-extension excludes should spell out control, space, double quote (or use Unicode code points) -- pending review

16:29:30 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/249

16:30:20 [dsinger]

see http://tools.ietf.org/html/rfc5234#appendix-B.1

16:30:21 [npdoty]

fielding: similarly, a comment about where we exclude control characters, but using ABNF

16:30:34 [justin]

q?

16:31:04 [npdoty]

npdoty: do we have a reference to the ABNF / RFC?

16:31:06 [npdoty]

fielding: yes.

16:31:11 [npdoty]

issue-250?

16:31:11 [trackbot]

issue-250 -- Non-ASCII not permitted in extensions -- pending review

16:31:11 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/250

16:31:14 [dsinger]

yes http://www.w3.org/TR/tracking-dnt/#bib-ABNF

16:32:06 [npdoty]

fielding: limited to ASCII, intentionally to discourage human-readable text

16:32:20 [npdoty]

... comment from Addison was about using Unicode, assuming that it's human readable text

16:32:41 [npdoty]

justin: why don't we want human-readable?

16:33:13 [npdoty]

fielding: extension syntax, things that would be added to every outgoing HTTP request in the header

16:33:24 [npdoty]

... not sure we need the extension syntax at all

16:33:46 [npdoty]

... the design intention was to use a minimal number of characters

16:33:53 [npdoty]

... simple characters, rather than names

16:34:05 [dsinger]

I think we’re fine where we are…and I think we should say what the requirements are on extensions or explicitly forbid them, and that’s a change

16:34:24 [dsinger]

we could mark as ‘at risk’ as unused/unimplemented

16:34:44 [npdoty]

fielding: should decide whether we want this at all, discussed at very first meeting in cambridge

16:34:49 [npdoty]

npd: +1 for "at risk"

16:35:09 [npdoty]

fielding: currently we don't really mention the extensions at all

16:35:27 [npdoty]

q+

16:36:10 [npdoty]

q-

16:36:13 [sidstamm]

if nobody implements extensions during CR, we drop it from the spec

16:36:49 [justin]

q?

16:37:03 [fielding]

issue-251?

16:37:03 [trackbot]

issue-251 -- Section title for 6.2.7 doesn't match earlier description -- pending review

16:37:03 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/251

16:37:12 [npdoty]

npdoty: "at risk" is a decision that we make about features that might or might not be implemented, that they would be dropped if the CR / Call for Implementations phase doesn't see any implementations of the feature

16:37:16 [Zakim]

-vincent

16:37:19 [npdoty]

justin: all okay with "at risk"?

16:37:21 [npdoty]

fielding: sure.

16:38:13 [npdoty]

fielding: "Potential Consent" title versus the description "tracking only if consented"

16:38:20 [npdoty]

... I don't think they need to be the same. seems editorial

16:38:29 [justin]

q?

16:38:39 [fielding]

https://www.w3.org/2011/tracking-protection/track/issues/252

16:39:11 [npdoty]

fielding: status id to reference a resource-specific tracking status resource

16:39:26 [npdoty]

... need a small number of characters to fit inside a URL

16:39:46 [npdoty]

... comment was about internationalization, to include an IRI path in that value

16:40:00 [justin]

q?

16:40:11 [npdoty]

... not a name connection, besides an origin server root

16:40:16 [justin]

q?

16:40:21 [npdoty]

q+

16:40:27 [justin]

ack np

16:42:06 [justin]

q?

16:42:19 [justin]

issue-253?

16:42:19 [trackbot]

issue-253 -- Section 6.4.2: restriction to "URI-safe characters" -- pending review

16:42:19 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/253

16:42:20 [npdoty]

npdoty: would that prevent a server administrator only using non-ascii character set paths from redirecting to them?

16:42:48 [npdoty]

fielding: only applies to after /.well-known/dnt; so not to other pages on the site

16:43:01 [npdoty]

issue-259?

16:43:01 [trackbot]

issue-259 -- require public-facing statement of server response policy -- pending review

16:43:01 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/259

16:44:22 [npdoty]

fielding: comment from EFF was about privacy-policy explanations of the tracking status values in response

16:44:40 [npdoty]

... but actually the tracking status values are defined terms in this specification already

16:44:49 [justin]

q?

16:44:53 [ChrisPedigoOPA]

+q

16:45:20 [npdoty]

justin: thought might be about a mischievous server that would use "C" inappropriately, say

16:45:20 [justin]

ack chris

16:45:45 [npdoty]

ChrisPedigoOPA: California law requires sites to explain whether or how they respond to Do Not Track

16:46:02 [npdoty]

... we generally want to make privacy policies shorter

16:47:27 [npdoty]

justin: regarding California law, many sites seem to be linking/referring to self-regulatory page explanations

16:47:37 [justin]

q?

16:47:46 [npdoty]

... doesn't seem that this would conflict with the Californian law, might actually be along the same lines

16:48:19 [npdoty]

fielding: if the FTC needs such a regulatory hook, they could add it themselves

16:48:24 [rvaneijk]

http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140AB370

16:49:06 [npdoty]

justin: could perhaps make the argument that an omission is unfair or deceptive

16:49:31 [npdoty]

... will follow up with Lee to see if he has comments on the list

16:49:43 [npdoty]

npd: I'm not sure we have an entirely accurate reading of the FTC/enforcement hook issue

16:49:45 [dsinger]

issue-262?

16:49:45 [trackbot]

issue-262 -- guidance regarding server responses and timing -- pending review

16:49:45 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/262

16:49:57 [npdoty]

... given the results with nonsense P3P CPs

16:50:26 [npdoty]

fielding: timing regarding ad bidding process

16:50:29 [dsinger]

oh, is there a deadlock issue here?

16:51:22 [npdoty]

... only at the time of the winning bid does the bidding server know which server will be connected

16:52:01 [rvaneijk]

q+

16:52:02 [npdoty]

fielding: UAs are not required to check tracking status resource, DNT signal will just be sent to any resource that's loaded

16:52:49 [npdoty]

... so the UA can actively verify before making the request, if it's configured to do so, which would be uncommon

16:52:53 [justin]

ack rva

16:52:54 [dsinger]

q+

16:53:00 [npdoty]

... but covered by existing language in the spec already

16:53:01 [justin]

q+

16:53:36 [npdoty]

rvaneijk: if the bidding server operates differently from the site that wins the bid

16:54:18 [npdoty]

fielding: there may be regulatory regimes that apply to different sites that make the bid, but doesn't change how the spec applies

16:55:10 [fielding]

What I included in my response was: " Note that the tracking status

16:55:11 [fielding]

of the bid winner is separate from the tracking status of the bidding

16:55:12 [fielding]

process if they are separate HTTP requests; if the market acts as a

16:55:14 [fielding]

gateway and provides the bid winning response itself, then the market

16:55:15 [fielding]

is responsible for the tracking status of itself and all downstream

16:55:15 [fielding]

recipients (those it shared the request data with)."

16:55:20 [npdoty]

rvaneijk: not sure how it plays out down the advertising bidding chain

16:55:37 [npdoty]

... conveyance of the restrictions of DNT:1

16:55:46 [WileyS]

I want to jump in on this one but have run out of time. Could we touch on this one again?

16:55:52 [Zakim]

-WileyS

16:57:13 [justin]

ack ds

16:57:17 [npdoty]

fielding: if the bidding server is the only server that responds to the request, then it needs to respond for itself and all the downstream servers; if it redirects, then each server can respond individually

16:58:43 [justin]

ack ju

16:59:00 [npdoty]

dsinger: if a UA checks tracking status resource for new sites before it loads them, but the ad server doesn't respond to the tracking status resource until it knows the winner of the ad bidding process

17:00:25 [justin]

q?

17:00:27 [npdoty]

justin: how would ad bidding server respond if it didn't know at the time?

17:01:11 [npdoty]

fielding: server can respond that it doesn't respect DNT, or that it does respect DNT with the TCS compliance, but up to the server to confirm that that status is correct

17:01:41 [justin]

q?

17:01:47 [npdoty]

npd: sounds like a server that handles down-stream server-to-server communication, would need to respond with the union of possible statuses

17:02:02 [npdoty]

justin: will follow up in email

17:02:26 [Zakim]

+vincent

17:02:42 [npdoty]

justin: timing for discussing the next batch of responses?

17:02:48 [rvaneijk]

q+

17:02:49 [dsinger]

I can discuss 243, 255, 256 next week

17:03:10 [npdoty]

dsinger: can discuss exceptions API issues for next week

17:03:11 [justin]

next week ok

17:03:13 [npdoty]

ack rvan

17:03:25 [npdoty]

rvaneijk: any rough answers on TCS going to Last Call and scheduling?

17:03:48 [npdoty]

justin: some open issues in the document, but not many left. close out the few remaining issues in the next month or two

17:04:13 [npdoty]

... because there's been concern about implementation, take it to the group about proceeding to Last Call or not

17:04:27 [rvaneijk]

ok, tnx

17:04:49 [dsinger]

issue-243?

17:04:49 [trackbot]

issue-243 -- origin/browsing context terminology -- raised

17:04:49 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/243

17:05:08 [Zakim]

-vinay

17:05:18 [npdoty]

dsinger: I thought I had aligned, but experts assure me that I didn't sufficiently align with existing definitions

17:05:21 [Zakim]

-walter

17:05:29 [npdoty]

... intend for it to be editorial, just making the correct references

17:05:36 [justin]

q?

17:05:38 [dsinger]

issue-255?

17:05:38 [trackbot]

issue-255 -- comments on doNotTrack property -- raised

17:05:38 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/255

17:05:39 [npdoty]

... would welcome any help with that from experts on origin

17:06:09 [sidstamm]

dsinger, anne vk might be willing to help with the browsing context stuff (I think he was the origin of the comment for issue 243)

17:06:10 [npdoty]

dsinger: on 255, people I've talked to agree about navigator, rather than window

17:06:29 [npdoty]

... shouldn't have a mixed enumeration

17:06:38 [npdoty]

q+

17:06:49 [npdoty]

... should have an unspecified string

17:06:52 [justin]

ack npd

17:07:04 [fielding]

q+

17:07:42 [adrianba]

q+

17:08:02 [justin]

ack fie

17:08:32 [npdoty]

npdoty: we discussed window v navigator already, and even though we'd had concerns about window, saw that there were exceptions that might make the value different (and so navigator could be misleading)

17:08:36 [dsinger]

OK, on the one hand we have the exceptions; on the other, window is a bad place for new properties, and navigator is automatically exposed in workers

17:08:44 [npdoty]

dsinger: concern about polluting the window namespace, and about workers

17:08:51 [npdoty]

npd: workers was a new issue to me

17:09:14 [npdoty]

fielding: dev will in any case need to check that the value is defined

17:09:37 [npdoty]

... null is used here whether the UA hasn't implemented DNT or has implemented DNT but no expressed preference

17:09:53 [justin]

ack adr

17:10:38 [npdoty]

adrianba: torn about this one. agree that we talked about the issue earlier and that commenters weren't aware of the WG decision

17:11:01 [npdoty]

... despite pollution of window, the value may vary by window and navigator value isn't consistent across the browser

17:11:20 [npdoty]

... one piece of new information in mail thread was that there other things on navigator that vary by context

17:11:49 [npdoty]

... we changed our implementation to match the spec when implemented exceptions

17:11:56 [fielding]

issue-255?

17:11:56 [trackbot]

issue-255 -- comments on doNotTrack property -- raised

17:11:56 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/255

17:12:02 [dsinger]

issue-256?

17:12:02 [trackbot]

issue-256 -- comments on exception APIs (asynchronous/promise/parameter names) -- raised

17:12:02 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/256

17:12:30 [npdoty]

dsinger: comment was about returning a promise

17:12:33 [adrianba]

q+

17:12:34 [npdoty]

q+

17:12:53 [npdoty]

... currently we return nothing

17:13:06 [justin]

ack adr

17:13:18 [npdoty]

... could be an improvement to let the site know that the UA finally got an answer from the user

17:13:39 [npdoty]

adrianba: core of the feedback is that this should be asynchronous API, and to do that you should use a promise

17:14:13 [npdoty]

... when we changed the design of the exceptions, expect UI to be rare and didn't want to deal with event callbacks

17:14:30 [npdoty]

... user might also approve and later (even immediately) revoke it

17:14:51 [npdoty]

... don't preclude the use of the UI, but don't expect it to be typically implemented

17:15:15 [npdoty]

q-

17:15:25 [npdoty]

npd: was going to make the same explanation that Adrian just did

17:15:30 [fielding]

http://lists.w3.org/Archives/Public/public-tracking-comments/2014Apr/0001.html

17:15:50 [npdoty]

dsinger: concerned about phishing uses of the explanation string

17:16:19 [justin]

q?

17:16:21 [npdoty]

q+

17:16:26 [justin]

ack npd

17:17:14 [moneill2]

+q

17:17:21 [adrianba]

q+

17:17:27 [justin]

ack mon

17:18:07 [npdoty]

npdoty: discussed the misleading/phishing issue previously, but this typically won't be used in interactive UIs, and phishing would be much less of a concern with retrospective review of a list of exceptions, for example

17:18:20 [justin]

ack adr

17:18:22 [npdoty]

moneill2: would you need some way to explain to the user what the site/operator actually is?

17:18:46 [npdoty]

adrianba: figure out the right balance between utility of having a string that can be recorded in the exceptions database for future auditing

17:19:03 [npdoty]

... against the risk of a misleading string that could cause confusion to the user and the possible effects

17:19:29 [npdoty]

... could add informative guidance that calls out the potential risk, not present the text to the user in a way that could lead to that confusion

17:19:30 [npdoty]

+1

17:19:35 [dsinger]

sure, don’t present the text as definitive but “the site claims that…”

17:20:06 [sidstamm]

we've seen attacks in the browser's download pop-ups... some bad guys name files things like "INSTALL THIS ANTIVIRUS OR YOU WILL LOSE YOUR MONEY.exe"

17:20:13 [npdoty]

npd: dsinger, or don't present the text for interactive decision-making, but only informative after-the-fact?

17:20:28 [npdoty]

justin: timing?

17:20:46 [npdoty]

fielding: some activity in HTTP, but still expect another batch ready by next week

17:21:03 [npdoty]

justin: thank you all, especially to roy and david. keep pushing through these and have a similar call next week

17:21:08 [Zakim]

-rvaneijk

17:21:09 [Zakim]

-adrianba

17:21:10 [Zakim]

-ChrisPedigoOPA

17:21:11 [Zakim]

-hefferjr

17:21:16 [Zakim]

-RichardWeaver

17:21:18 [Zakim]

-vincent

17:21:19 [Zakim]

-moneill2

17:21:24 [Zakim]

-Jack_Hobaugh

17:21:25 [npdoty]

... will send out an email about TCS issues

17:21:30 [Zakim]

-[FTC]

17:21:37 [npdoty]

... thanks for staying a little late

17:21:37 [Zakim]

-justin

17:21:40 [Zakim]

-kulick

17:21:43 [Zakim]

-Fielding

17:21:46 [Zakim]

-Carl_Cargill

17:21:49 [Zakim]

-[Apple]

17:21:53 [Zakim]

-Jeff

17:21:56 [Zakim]

-npdoty

17:21:58 [npdoty]

Zakim, list attendees

17:21:58 [Zakim]

As of this point the attendees have been Fielding, +1.408.260.aaaa, sidstamm, Jack_Hobaugh, npdoty, RichardWeaver, [FTC], walter, rvaneijk, hefferjr, Carl_Cargill, Jeff, WileyS,

17:22:02 [Zakim]

... dsinger, ChrisPedigoOPA, justin, +1.917.934.aabb, vinay, kulick, vincent, adrianba, moneill2

17:22:08 [npdoty]

rrsagent, please draft the minutes

17:22:08 [RRSAgent]

I have made the request to generate http://www.w3.org/2014/09/03-dnt-minutes.html npdoty

17:22:34 [npdoty]

rrsagent, bye

17:22:34 [RRSAgent]

I see no action items