W3C

- DRAFT -

Tracking Protection Working Group Teleconference

12 Nov 2014

See also: IRC log

Attendees

Present
npdoty, +1.202.370.aaaa, WaltMichel, kulick, ChrisPedigoOPA, vincent, moneill2, justin, WileyS, rvaneijk, eberkower, +1.949.573.aabb, fielding, Carl_Cargill, dsinger, Wendy, hefferjr, moneill2_
Regrets
Chair
SV_MEETING_CHAIR
Scribe
vincent

Contents


<trackbot> Date: 12 November 2014

<rvaneijk> ok

<eberkower> yes

<WileyS> Yes

yes

<moneill2> yes

<kulick> y

<justin> scribe please???

<npdoty> Walt_Michel, are you able to scribe today?

ok

<npdoty> scribenick: vincent

<justin> scribenick: vincent

justin: few issues left, dsinger sent an email about the last issues he had, quick summary

<npdoty> http://www.w3.org/mid/8942F161-22AB-4C9B-84F3-376492EF0083@apple.com

dsinger: several issues from Anne van Kesteren but not prefered alternative proposed

moneill2: detected script origin is similar to the origin
... you can change the detected script origin (missed the rest)

<npdoty> agree with dsinger about the intended scope, but I guess I'm not sure the exact terminology

dsinger: issues unresolved cause we don't want the library provider to be the origin but the user
... issue unresolved at this point

<moneill2> http://www.w3.org/TR/2011/WD-html5-20110525/origin-0.html#origin

justin: what the best approach?

fielding: most of the comments that are left are along lines things that are no longer considered good practice by the browser folks, but nevertheless okay if that is the use case we want

dsinger: I intend to follow the cookie model
... one question; why does= not the lsit return ta promess
... we've tweaked thte model for it to be synchronous

<WileyS> The server will simply claim an OOBC since they've already asked the user. The browser attempting to get in the middle of this will further harm the standard.

dsinger: at the time of call you can assume that the exception has been registred and you only need to confirm during next visit

<WileyS> +1 to Nick

<fielding> yes, I think improving the text around why the call is synchronous is sufficient

npdoty: it's probable that the UA should not check the confirm API and assume it has consent when regetering an exception

justin: no opposition

<npdoty> ACTION: singer to write improved informative text around the synchronous api [recorded in http://www.w3.org/2014/11/12-dnt-minutes.html#action01]

<trackbot> Created ACTION-464 - Write improved informative text around the synchronous api [on David Singer - due 2014-11-19].

<moneill2> dsinger, i put a link to the def of effective script origin on irc

<Zakim> npdoty, you wanted to ask someone at w3c

npdoty: we may need more help on cross site, maybe we would check with other person at W3C

<justin> issue-266?

<trackbot> issue-266 -- automatic expiration of a tracking preference exception via API parameter -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/266

<npdoty> will contact an editor on the w3c team, which I think should be sufficient, though we could also talk to some other wg

justin: we a general agreement, moneill2 have volontary to proposed text on site wide and webwide exception

moneill2: text has been sent last night

<fielding> http://lists.w3.org/Archives/Public/public-tracking/2014Oct/0089.html

moneill2: the language covert both sitewide and webwide excpetion

<npdoty> dsinger, are you doing the integration of moneill2's proposal into the draft?

dsinger: reviewed but not in detail, seems right

<dsinger> sorry, we need to reach resolution on the siteName and explanationString

justin: the open issue wanted to know if it was marked at risk, anyone suggest not marking it at risk
... all on the same page on this one

dsinger: what the resolution on sitename explanationString

several people pointed out that we should delete them, something presented after the fact could be worst cause you may not remember but npdoty is pushing back

npdoty: they are not harmful, we are not exposing new resources, if the site really want to see the user they can ignore the signal
... it could be helpful, we need a context about the permission request

<WileyS> That's for regulators to deal with - not the standard

dsinger: there is a difference with a status that diresgard DNT is different than a site pretending to respect DNT and not respecting it

<fielding> my intuition (no real experience here) is that siteName might be misleading since the domain is what matters, but explanation might be useful for the user

<WileyS> We already have an eco-system to help identify bad actors

justin: anyone else has a feeling about this?

dsinger: we could find a middleground and they how they should be presented if they are presented to the user

<WileyS> I believe we should keep them - thank you.

justin: let's go with that, we'll send the proposal to the list

<npdoty> we can send that as a response and if we get more detailed pushback, maybe others will convince us that we're wrong about it

issue 262?

<npdoty> issue-262?

<trackbot> issue-262 -- guidance regarding server responses and timing -- pending review

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/262

issue-262 ?

<trackbot> issue-262 -- guidance regarding server responses and timing -- pending review

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/262

<npdoty> yay for long flights

fielding: I expect to work on that on the flight back

<npdoty> action-463 due Friday

<trackbot> Set action-463 to draft a g response for exchanges due date to 2014-11-14.

justin: anyone else want to provide an alternative? WileyS language was more orthogonal

<WileyS> We added a few conditions last week

<WileyS> +q

WileyS: we added a few conditions last week, first only the bid winner can make the claim, all bid loosers have to de-identify the informaiton
... the bid winner will verify the exception of the domain

<npdoty> can someone write that up if we need a text change?

WileyS: bid losers get rid of everything, bid winners confirm during the next interactions

rvaneijk: We should propose text on the wiki to compare the different proposal
... several proposals are considered

justin: we will do that and put proposal on the wiki and we could add more
... let's wait for fielding's porposal and see if we have an agreement
... any other TPE issues?

<justin> issue-235?

<trackbot> issue-235 -- Auditability requirement in Reasonable Security section -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/235

<npdoty> http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Remove_auditable_security_requirement

<WileyS> Let's please drop this.

justin: people are reading this requirement differently, we may move to a call for objection on this issue
... walter wated to make the argument that it is not as scary as many understood

<WileyS> If industry insiders are nervous about this language, can you imagine how non-insider regulators will interpret the language?

justin: we discuss on email one last time and then move to cfo

npdoty: on issue 235, we could do some clean-up to make the issue easier to understand

justin: issue about the definition of DNT:0, is there anything still standing on that issue?

npdoty: no, that's just an artifact

<justin> issue-24?

<trackbot> issue-24 -- Possible exemption for fraud detection and defense -- pending review

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/24

<WileyS> I have not - how did I miss that email?

<npdoty> will double-check on DNT:0 to make sure I did the actual implementation. apologies if I left that on the agenda due to bad copy/paste

justin: npdoty merge the proposal that WileyS and dsinger put together

<justin> http://lists.w3.org/Archives/Public/public-tracking/2014Nov/0025.html

npdoty: we had a text a lot of people agreed on and WileyS had specific concern about graduate response and data minimzation
... tried to move examples to examples instead of definition, we integrated the examples and remove the definition

<WileyS> Looks good to me

<fielding> npdoty, did you look at http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance-i203b.html#security

<WileyS> I've read it - I like the bi-directional examples (ramp-up, ramp-down)

<npdoty> should I put that in the draft and if people have objections on the list, then we can change it?

justin: we can discuss that a little bit on the list but it seems we're good on that

<npdoty> fielding, I think the proposal is similar to that

justin: dicussing definition of party proposed by fielding

<fielding> yes, +1 to the graduated response proposal

npdoty: if we think it's just clarifying then I'll work on the edits

justin: any other TPE or TCS issue to discuss?

<WileyS> Can we cancel our meeting the week of Thanksgiving?

justin: on the cfo on audience measurement, the objection result is that the calbration of the audience measurement is stronger argument that the argument against

<fielding> that would be November 26

<npdoty> right, no call on Wednesday, November 26, the day before Thanksgiving

<WileyS> Thank you Justin...

<rvaneijk> bye

<npdoty> trackbot, end meeting

Summary of Action Items

[NEW] ACTION: singer to write improved informative text around the synchronous api [recorded in http://www.w3.org/2014/11/12-dnt-minutes.html#action01]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2014-11-12 17:36:45 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/Anna Voncrasten bu/Anne van Kesteren but/
Succeeded: s/no longer approved/no longer considered good practice by the browser folks, but nevertheless okay if that is the use case we want/
Succeeded: s/armful/harmful/
Found ScribeNick: vincent
Found ScribeNick: vincent
Inferring Scribes: vincent

WARNING: No "Topic:" lines found.

Default Present: npdoty, +1.202.370.aaaa, WaltMichel, kulick, ChrisPedigoOPA, vincent, moneill2, justin, WileyS, rvaneijk, eberkower, +1.949.573.aabb, fielding, Carl_Cargill, dsinger, Wendy, hefferjr, moneill2_
Present: npdoty +1.202.370.aaaa WaltMichel kulick ChrisPedigoOPA vincent moneill2 justin WileyS rvaneijk eberkower +1.949.573.aabb fielding Carl_Cargill dsinger Wendy hefferjr moneill2_

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 12 Nov 2014
Guessing minutes URL: http://www.w3.org/2014/11/12-dnt-minutes.html
People with action items: singer

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


[End of scribe.perl diagnostic output]