IRC log of privacyws on 2014-11-21

Timestamps are in UTC.

08:37:39 [RRSAgent]
RRSAgent has joined #privacyws
08:37:39 [RRSAgent]
logging to http://www.w3.org/2014/11/21-privacyws-irc
08:37:43 [chaals]
… Looking at what it would mean for Operators to provide identity management etc.
08:37:53 [rigo]
rrsagent, please set log public
08:37:58 [rigo]
scribe:chaals
08:38:03 [rigo]
scribenick: chaals
08:38:04 [chaals]
… among other things we need to do.
08:38:09 [haakonfb]
haakonfb has joined #privacyws
08:38:49 [chaals]
… Mobile privacy: it's complicated (we can say that now facebook joined).
08:39:03 [alina]
alina has joined #privacyws
08:39:23 [chaals]
… Since 2010 we have made some good progress.
08:40:19 [chaals]
… Main points [slide] basically looking for a baseline.
08:41:13 [Volker]
.oO( privacy is nothing you can add to your system – it's data sparingness in the first place )
08:43:28 [chaals]
q+ to ask about international applicability...
08:43:54 [schunter]
schunter has joined #privacyws
08:43:59 [chaals]
… One challenge is the number of guidelines being developed around the world - it is a pretty fragmented space.
08:44:17 [chaals]
… Weare trying to get our members to adopt our guidelines - with some success.
08:44:42 [schunter]
Q?
08:45:36 [chaals]
… [less than half the users who are worried about privacy say they will do something about it if they are unsure what will happen to their information]
08:45:41 [fjh]
q?
08:45:41 [Preibusch]
q+
08:46:03 [Preibusch]
q+ RobVanEik
08:46:14 [rigo]
chaals: if you do international guidelines. To what extend do you respect national restrictions
08:46:25 [kboudaou]
kboudaou has joined #privacyws
08:46:25 [christine]
christine has joined #privacyws
08:46:29 [fjh]
ack chaals
08:46:29 [fjh]
q?
08:46:29 [Zakim]
chaals, you wanted to ask about international applicability...
08:46:29 [christine]
+q
08:47:04 [schunter]
Ack p
08:47:07 [chaals]
Istvan: That's the challenge. We look for the lowest common denominator across different jurisdictions, and draw a line there. Above it is good, below it is clearly bad.
08:47:16 [chaals]
Soren: Do you come with a carrot or stick or?
08:47:25 [gbal]
q+ (Gökhan)
08:47:32 [Frederik-Amsterdam]
Frederik-Amsterdam has joined #privacyws
08:47:47 [chaals]
Istvan: This is a guideline, not a standard. It's a set of Recommendations. We have seen fragmentation as operators try to follow the minimum standard.
08:48:01 [chaals]
Soren: You have a stick… you can block things…
08:48:06 [DominicB]
DominicB has joined #privacyws
08:48:07 [chaals]
Istvan: Not really.
08:48:13 [chaals]
… we can make recommendations.
08:48:20 [angeloreale]
angeloreale has joined #privacyws
08:48:32 [chaals]
Matthias: No enforcement power?
08:48:37 [chaals]
Istvan: Not really.
08:48:44 [Preibusch]
ack R
08:48:59 [kristina-nk]
kristina-nk has joined #privacyws
08:49:02 [chaals]
RobVE: What is the scope? If developers use a framework for ads, is that addressed?
08:49:35 [chaals]
Istvan: Implicitly. It's difficult to pick it out, and is mentioned in guidelines e.g. in use cases and examples.
08:49:47 [chaals]
RVE: Does that trigger developers to understand it?
08:49:56 [rigo]
q+ to ask about conformance procedures
08:49:58 [chaals]
… It's a stretch...
08:50:03 [chaals]
Istvan: Right.
08:50:03 [Preibusch]
ach c
08:50:07 [Preibusch]
ack c
08:50:10 [chaals]
s/ach c//
08:50:33 [chaals]
Christine: Guidelines have been there for 2 years. Do you have examples of how practice has changed in response?
08:50:42 [Preibusch]
s/2/4/
08:51:03 [fwagner]
fwagner has joined #privacyws
08:51:16 [chaals]
Istvan: No. I'll take the question away. We have operators who have worked on developing communities and follow things. Our biggest challenge is to work with platform vendors and handset manufacturers.
08:51:37 [chaals]
… I've only been in this area for 6 months, I need to talk to people who are closer and can answer the question.
08:51:40 [rigo]
ack gö
08:51:43 [Preibusch]
ack (
08:51:52 [chaals]
Gökhan: Do you have feedback from app developers on adoption?
08:52:09 [chaals]
Istvan: Challenge we are facing is that we don't have direct contact with developers.
08:52:17 [schunter]
Q+ martin
08:52:30 [rigo]
ack ri
08:52:30 [Zakim]
rigo, you wanted to ask about conformance procedures
08:52:30 [chaals]
… We work through our members to reach their communities of developers.
08:53:16 [chaals]
Rigo: If the guidelines are not as precise as a specification, they can be complemented by an in- or outhouse procedure to check if someone claiming compliance really is compliant.
08:53:41 [chaals]
… do you have such procedures, or are you just in the encouragement phase?
08:53:46 [chaals]
Istvan: The latter.
08:53:46 [schunter]
Ack m
08:53:53 [Frederik-Amsterdam]
+ q I want to ask for examples of requirements that are different from country to country. Is EU always the strictest?
08:54:07 [chaals]
Martin: Did you talk to carriers and OEMs about including your guidelines in their requirements etc?
08:54:11 [chaals]
Istvan: Yes
08:54:20 [chaals]
q+ frederik-Ams
08:54:37 [chaals]
s/+ q I want to ask for examples of requirements that are different from country to country. Is EU always the strictest?//
08:54:37 [erobalsa]
erobalsa has joined #privacyws
08:54:51 [chaals]
Istvan: This is the way we are trying to promote the guidelines in practice
08:55:26 [chaals]
Martin: In DT we are inserting privacy requirements in our terminal requirements that manufacturers need to meet. Then things might get to app developers.
08:55:34 [Preibusch]
q+
08:55:42 [DT_Martin]
DT_Martin has joined #privacyws
08:56:10 [chaals]
Istvan: We're working in that way now. Other opportunity is to work with W3C to promote the work - we're interested in looking at the opportunities.
08:56:56 [chaals]
Istvan: Don't think there is any plan to collate requirements globally.
08:57:12 [chaals]
Martin: So privacy depends on the country?
08:57:17 [chaals]
Istvan: Yes.
08:57:31 [Preibusch]
It's a different requirement.
08:58:10 [chaals]
[rathole on what operator requirements are and how much they matter]
08:58:43 [rigo]
q+
08:58:55 [chaals]
Martin: GSMA requirements effectively provide the lowest common denominator - the intersection of requirements.
08:59:07 [rigo]
q-
08:59:09 [chaals]
ack fre
08:59:50 [rigo]
q+ to say that OEM guidelines and GSMA guidelines should provide the hooks for the interface
09:00:02 [chaals]
Frederik-AMS: Saw this map with different requirements in different parts of the world. I've spoken to US companies who say "we comply with EU law, and then we're good everywhere". Can you give examples where that isn't true?
09:00:13 [chaals]
Istvan: That's not really my department, but…
09:00:31 [schunter]
Ack p
09:00:35 [chaals]
… There are minimum requirements that are common everywhere, but there is a lot of fragmentation. I could dig out some details if you're interested.
09:01:33 [chaals]
Soren: I thought your requirements are on the software side. But thinking of operator hardware requirements, if there is a pre-installed app that doesn't require consent and you say that won't meet requirements, OEM can't put things on the device.
09:01:50 [chaals]
Istvan: Yeah. But there ar only recommendations, I cannot force this to be followed.
09:01:54 [schunter]
Ack r
09:01:54 [Zakim]
rigo, you wanted to say that OEM guidelines and GSMA guidelines should provide the hooks for the interface
09:02:10 [fjh]
rrsagent, generate minutes
09:02:10 [RRSAgent]
I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html fjh
09:02:47 [fwagner]
+
09:03:01 [chaals]
Rigo: The relation between OEM requirements and what we do here, the device gives an interface, and that's where you can do things. The device has to give the interface to understand what happens. So the GSMA role could be to coordinate with Telcos to put things in OEM guidelines
09:03:14 [schunter]
Q?
09:03:28 [chaals]
… We don't have unification to the point where we have everything already, do we?
09:03:44 [chaals]
Istvan: Right. We want to have guidelines for the industry to start at.
09:03:55 [chaals]
Rigo: I am looking for concrete leverage.
09:04:25 [chaals]
fwagner: We have internal requirements for app development, aligned with GSMA guidelines, a bit more detailed on a company / country level.
09:05:10 [chaals]
… Thinking about addressing privacy requirements in OEM requirements, on a more generic level, for example we might only want to get handsets that support privacy setup for the user.
09:05:14 [chaals]
Soren: Great.
09:06:18 [chaals]
Topic: Reuben Binns - standardised privacy policies. Post-mortem, promising developments.
09:06:53 [chaals]
RB: A few reasons to be negative about previous attempts and why they failed, and why it might be possible to do it right.
09:07:22 [chaals]
… Example company policy. We started trying to standardise this in 1997 with P3P.
09:07:55 [chaals]
… The individual incentives aren't sufficient - standards work when they are adopted throughout the ecosystem.
09:08:22 [chaals]
… but we all want to use our own.
09:08:27 [fjh]
q+ to question tranlating legalese
09:08:46 [fjh]
q-
09:08:50 [chaals]
… Moving from legalese to human readable to machine readable is a big challenge - it is hard to do it accurately.
09:09:01 [chaals]
s/… but we all want to use our own.//
09:09:09 [Preibusch]
If the privacy policy reflects the actual process, as engineered, no translation from legalese to machine-readable format is necessary.
09:09:19 [fjh]
q+ to ask about legalese
09:09:20 [chaals]
… The combination of skills required are actually quite rare
09:09:44 [chaals]
[http://xkcd.com/927 in text form]
09:09:58 [chaals]
RB: So why keep trying, what will make this work?
09:10:37 [chaals]
… Lots of small companies are trying to do this. There are databases of legal clauses that are the kind of standardisation we want to see - we got the lawyers out of the equation
09:10:57 [chaals]
s/lawyers/need for individual lawyers each time we want to do something/
09:11:02 [Preibusch]
q+
09:11:27 [chaals]
… People are making legal compliance tools
09:11:38 [Istvan]
Istvan has joined #privacyws
09:11:44 [chaals]
[Terms of Service: Didn't read]
09:12:28 [chaals]
… You don't need to ask permission, you just go around explaining what other people are doing until they decide to do it right. If you succeed you get companies coming forward to ask how to get it right.
09:12:42 [Preibusch]
q+ RobVanEijk
09:12:46 [rigo]
q+ to ask about policies as a source for input into the metrics machine
09:13:01 [chaals]
… promising, but will only be a subset of what's out there - how do you scale it?
09:13:16 [chaals]
… Would it be possible to use this data to train machine learning on policies?
09:13:48 [chaals]
… e.g. Legalsifter has a bit of a look through freelance contracts that way. Natural Language processing.
09:14:06 [chaals]
… I've been looking at whether there are clauses we can detect easily and match to things we know.
09:14:30 [chaals]
… Important to be clear that something was done on best-guess statistics based on a human model, not an actual assessment by a real brain.
09:15:22 [chaals]
… Carnegie-Mellon are working on a similar question - can you find policies and determine automatically whether they are transparent? Some success. Can you delete your account? Couldn't figure it out.
09:15:37 [schunter]
Q?
09:15:38 [chaals]
… You need data to feed whatever user interface you decide to work on.
09:15:46 [chaals]
… These are ways to deal with a large corpus.
09:15:53 [schunter]
Ack f
09:15:53 [Zakim]
fjh, you wanted to ask about legalese
09:16:18 [Frederik-Amsterdam]
+ q
09:16:40 [chaals]
FJH: It's futile to translate a privacy policy into english. Lawyers are careful to deal with ambiguity. But interesting to see the simplification. Is it possible the policies get simpler and the nuances addressing corporate risk get thrown out?
09:16:46 [chaals]
s/+ q//
09:16:54 [chaals]
q+ frederic
09:17:25 [chaals]
RB: The question is whether they need to collect what they want? What's the business case - is there one?
09:17:33 [chaals]
FJH: You want to keep the doors open.
09:17:51 [schunter]
Ack p
09:17:55 [chaals]
RB: OK. But if you provide pressure, you might get people to close off opportunities they think are unlikely
09:18:27 [chaals]
SP: I think the idea of turning a privacy policy into something simple is flawed. It is meant to describe what we do, rather than a lawyer write rules and engineers go code them.
09:18:28 [dsinger]
q+
09:18:36 [fwagner]
q+
09:19:09 [chaals]
… There is a reason why the policies are so long. It is better to make them specific to the website at hand. Just cobbling clauses together you get a simplistic policy - "we collect stuff and use it". And it is accurate.
09:19:40 [Volker]
.oO( a text which is long and complicated is usually being writting not to be understood )
09:20:07 [chaals]
RB: You could go looking at full legalese content and rate something, without simplifying. Or you could make a simpler explanation of what happens. I don't think every policy is long and covers everything. There are real differences in place. If we can uncover them, that is meaningful progress.
09:20:20 [schunter]
Ack r
09:20:20 [Zakim]
rigo, you wanted to ask about policies as a source for input into the metrics machine
09:20:20 [chaals]
… Agree there is a danger in over-simplifying legal text.
09:20:36 [rigo]
q+ to ask about policies as a source for input into the metrics machine
09:20:41 [schunter]
Q+ rigo
09:20:43 [rigo]
ack Ro
09:20:44 [chaals]
Rob: You showed some projects. Many are no longer active. Which of these would you pick as worthy of attention?
09:20:47 [schunter]
Ack ro
09:21:21 [marta]
marta has joined #privacyws
09:21:37 [Volker]
s/writting/written/
09:21:57 [chaals]
RB: I would say ToS:DR is the most promising. Doesn't require anyone to agree in order to rate them. Although there are possiblities for abuse. But it is open, ergo transparent.
09:22:14 [chaals]
… They are making it easier to submit things.
09:22:20 [Preibusch]
ack r
09:22:20 [Zakim]
rigo, you wanted to ask about policies as a source for input into the metrics machine and to
09:22:23 [schunter]
Ack ri
09:22:44 [chaals]
Rigo: When we did P3P, we had a policy generator before it was even finished.
09:23:04 [chaals]
… questionnaire led to human- and machine-readable policy.
09:23:59 [chaals]
… We haven't looked at privacy policies in W3C for 10 years except in PRIME-LIFE, which was inconclusive. I think policies merit their own workshop. But here, what can we draw from our interfaces from such policies
09:24:03 [Preibusch]
Rigo calls for a Workshop dedicated to privacy policies.
09:24:39 [chaals]
… Most promising new approach is from Raggett. Let's throw away stuff that didn't work in P3P, and use a javascript library to connect to a Primelife form.
09:24:44 [fjh]
q+
09:24:56 [chaals]
… [position paper, 2010 W3C privacy workshop]
09:25:20 [chaals]
RB: I'm not addressing the controls, but what goes intothem.
09:25:32 [schunter]
Ack fred
09:25:39 [chaals]
Rigo: DNT has policy - what we do...
09:26:27 [angeloreale]
q+
09:26:30 [chaals]
Frederic: Don't see an easy solution, but reason for complexity of privacy policies is that they are kind of a contract, and american law makes that painful (while european law is of course far superior, designed to help people not lawyers).
09:26:44 [chaals]
… If you only had to have a EuropeWideWeb things would be a lot easier
09:26:47 [rigo]
Paper from Dave Raggett: http://www.w3.org/2010/09/raggett-fresh-take-on-p3p/
09:26:50 [Preibusch]
s/PRIME-LIFE/PrimeLife/
09:27:04 [chaals]
RB: In ToS:DR there is a tension between "what do they do" and "what are my rights"
09:27:14 [schunter]
Ack ds
09:27:35 [chaals]
DSinger: Problem - lawyers write policies so they could do more than they can. Because if they don't set the envelope wider, they are worried about getting caught out later.
09:28:02 [chaals]
… Some projects tried to explore the idea of making a library of common clauses.
09:28:05 [MarkusT]
q+
09:28:10 [rigo]
framework: http://www.w3.org/2010/policy-ws/
09:28:24 [chaals]
… Do you think that approach has any viability? Like Creative Commons?
09:28:39 [chaals]
Rigo: Short Notices - P3P for people who don't have a computer.
09:29:00 [chaals]
DS: Yes, a lego approach to privacy policies. Might help comprehensibility. Is that possible?
09:29:16 [Preibusch]
Wider privacy policies allow for changes in the product functionality and service features. Otherwise, costly changes to the privacy policy would need to happen more often.
09:29:20 [schunter]
Ack fw
09:29:31 [chaals]
RB: You can see a convergence where crowd-sourcing pushes, but I don't see a lego approach working.
09:29:59 [chaals]
Rigo: Short notices didn't allow for edge cases companies wanted to keep open, so companies didn't go with it.
09:30:13 [schunter]
Q+ operaguy
09:30:24 [chaals]
RB: It's an inefficient process if you try to get some icons and get lawyers to match them.
09:30:32 [chaals]
Soren: You always need lawyers
09:30:34 [Volker]
.oO( but a Lego approach is the only way to make people understand legal texts, so this probably concludes to “it will never work” )
09:30:36 [chaals]
RB: Not neessarily.
09:30:38 [rigo]
q- operaguy
09:30:54 [chaals]
fwagner: Who is reading actual privacy policies? Lawyers, privacy nerds, and nobody else.
09:31:08 [rigo]
q+ Sigbjørn
09:31:09 [chaals]
… so who are they for? users, or contract requirements?
09:31:23 [Preibusch]
s/privacy nerds/privacy advocates/
09:31:43 [chaals]
… When users come to privacy policies, they have concrete quetions. Why can't we write them in form of FAQ?
09:31:44 [fjh]
nuance is essential to law
09:31:48 [DT_Martin]
q+
09:31:50 [fjh]
is that true?
09:32:21 [chaals]
RB: They are written for lawyers, privacy advocates, and for regulators.
09:32:30 [chaals]
… would like to see the information collect to be shared
09:32:33 [angeloreale]
Q?
09:32:43 [chaals]
zakim, close the queue
09:32:43 [Zakim]
ok, chaals, the speaker queue is closed
09:32:47 [schunter]
Zakim, close the queue
09:32:47 [Zakim]
ok, schunter, the speaker queue is closed
09:32:52 [schunter]
Q?
09:33:08 [Volker]
.oO( the idea of a contract was two parties are agreeing on certain points at one point in time – if one party even does not understand, we shouldn't see that as a contract at all )
09:33:15 [chaals]
fjh: I think rigo said that we got a useful vocab out of P3P, a JS library would make them useful. Maybe Schema.org would be appropriate to that.
09:33:31 [chaals]
[as the only guy in the room who is part of schema.org directly, I'll notice it]
09:33:43 [schunter]
Ack fj
09:33:51 [chaals]
RB: That's the approach Creative Commons took. Didn't work out, but similar path.
09:34:10 [fjh]
JSON-LD would also bring the privacy vocabularity into linked data etc
09:34:38 [schunter]
Ack ang
09:34:39 [fjh]
sounds like a great idea to me
09:34:55 [chaals]
Angelo: Suggest building on convergence. Would be interesting to gnerate multimedia output from each paragraph - animation, audio, flashing lights…
09:35:03 [rigo]
you wanted to say, sounds like a great semantic web project
09:35:12 [chaals]
ACTION: chaals to talk to schema.org about privacy policies.
09:35:30 [fjh]
no, JSON-LD means nobody knows about semantic web but mechanisms can work
09:35:37 [Preibusch]
Q+
09:35:46 [chaals]
… devise a sequence hierarchy to generate videos for an entire contract - build-your-own Contract: The Movie
09:35:48 [fjh]
a beautiful thing
09:35:58 [fjh]
q?
09:36:00 [chaals]
RB: There have been a lot of intersting approaches to do that.
09:36:22 [rigo]
ack MarkusT
09:36:50 [chaals]
Markus: 1/3 of apps analysed in a project actually have a privacy policy. The reading level required is very high to understand it. Important to reduce complexity, and provide enforcement of the requirement that everyone has a policy.
09:37:00 [chaals]
… App stores should enforce that.
09:37:09 [chaals]
RB: Maybe GSMA could enforce that…
09:37:10 [schunter]
Ack si
09:37:37 [chaals]
Sigbjørn: Most apps either get sold, or go bankrupt (and are required to sell their user data in liquidation). Can you avoid this in any way?
09:37:51 [chaals]
RB: There are some ToS that deal with liquidation. But not generally.
09:37:57 [MarkusT]
Link to the publication: http://jamia.bmj.com/content/early/2014/08/21/amiajnl-2013-002605.abstract
09:38:23 [fjh]
are contracts void upon bankruptcy ?
09:38:25 [schunter]
Ack dt
09:38:36 [Preibusch]
A good example I've seen recently is McAfee's (Intel) privacy policy: the full notice or a cartoon-style walkthrough that explains the most important concepts: http://www.mcafee.com/common/privacy/english/index.htm
09:38:56 [chaals]
Martin: Apps can provide 2 kinds of policy. The full legal document, and a simple non-legally-binding but legible version.
09:39:16 [chaals]
RB: Right.
09:39:56 [Preibusch]
Zakim, please open the queue.
09:39:56 [Zakim]
ok, Preibusch, the speaker queue is open
09:40:07 [chaals]
Topic: Frederic Borgesius.
09:40:19 [chaals]
FB: I'm a legal researcher, not a computer scientist.
09:40:34 [chaals]
… In law you can empower people, or protect them.
09:40:48 [chaals]
… (to defend privacy).
09:41:22 [chaals]
… e.g. every law I know requires data holders to keep it secure. Whatever users do.
09:41:47 [chaals]
… An example of empowerment is food labeling requirements.
09:42:18 [chaals]
… Example of protection is banning certain ingredients. Or requiring safety standards in cars.
09:43:19 [chaals]
… Some of the problems might not be best solved by empowerment. On a website for debt problems, every social media site knows I was looking, and zillions of general trackng sites.
09:43:51 [chaals]
… I am not sure this CAN be made transparent enough to allow empowerment to be useful. We should consider protection here.
09:44:08 [chaals]
… But then, I also don't think protection alone is going to solve our problems.
09:44:39 [rigo]
q+ to talk about automatically securing
09:44:47 [chaals]
… How do we translate this? We want transparency and informed consent. But what about actually securing communications authomatically?
09:45:04 [schunter]
Q?
09:45:06 [chaals]
… Services that are frugal with data and don't store it mitigate risk.
09:45:23 [Volker]
q+
09:45:59 [angeloreale]
q+
09:46:09 [chaals]
Rigo: Auto-secured data - we have seen interfaces using metrics to display a colour or icon. You can use them to trigger a reaction of the browser - switch off javascript when things look shaky.
09:46:37 [chaals]
… I suggested making data protection a function of the entropy of data. And it got the response I deserved as a person, rather than what the idea deserved.
09:46:43 [fwagner]
q+
09:46:50 [Preibusch]
q+
09:46:55 [chaals]
… You can be wrong in calculating risk, but it isn't obviously destined to fail.
09:46:55 [schunter]
Ack ri
09:46:55 [Zakim]
rigo, you wanted to talk about automatically securing
09:46:57 [rigo]
ack rig
09:47:03 [schunter]
Ack vo
09:47:33 [chaals]
Volker: Basic problem with protection is that the custodians have no way to enforce the rules.
09:48:01 [chaals]
… if people ignore the law, there are no consequences. So protection is chimerical. Can we change that?
09:48:21 [rigo]
my suggestion is to take the metrics we saw in the opera presentation, use those metrics to calculate the level of risk and make the software react on the threat - level by switching off functionality selectively
09:48:38 [chaals]
FB: Important remark. There is hope in Europe that a new regulation will introduce serious penalties.
09:48:55 [chaals]
… We'll have to see how that plays out.
09:49:05 [MarkusT]
q+
09:49:31 [chaals]
… We could look at building class-action systems for teh case where the individual damage is low but the overall damage is high.
09:49:38 [chaals]
… (probably for lawyers, not W3C)
09:50:59 [chaals]
VB: Don't agree on kicking away the legal idea. Empowerment is not failing because people don't *want* privacy, nor because people are stupid, but because people are unaware that they have to think before they act about privacy.
09:51:20 [fjh]
I suggest people have greater trust on online activities based on trust on physical activities due to consumer protection laws
09:51:24 [chaals]
… With icons or something similar, you can raise awareness.
09:51:43 [DominicB]
DominicB has joined #privacyws
09:51:45 [chaals]
… What can be done in empowerment to create awareness in the actual situation of users?
09:51:47 [Preibusch]
\me Rigo, there are equivalents of "class action". For instance, Verbandsklagerecht in Germany
09:51:53 [fjh]
s/suggest/hypothesize/
09:52:31 [fwagner]
q-
09:52:36 [chaals]
FB: Agree people care, but it is hard to act according to your preferences. Analagously I am against child labour, but don't know how to act effectively on that.
09:52:59 [chaals]
… We haven't *seriously* tried empowerment - we still accept that nobody will read a privacy policy.
09:53:11 [fjh]
q+
09:53:20 [schunter]
Ack ang
09:54:08 [chaals]
FB: At some point lawyers say "no, we are just going to ban things, whatever the user does".
09:54:13 [chaals]
… maybe something like that works.
09:54:18 [schunter]
Q?
09:54:43 [chaals]
Angelo: Important to facilitate display of metrics, but also encourage companies to protect by default.
09:55:00 [chaals]
… prompting user first time is common, but simplify updating of settings.
09:55:03 [chaals]
FB: Agree.
09:55:38 [DominicB]
q+
09:55:48 [chaals]
Soren: Follow suggestion to make software more aware of the environment, to support the user make good privacy choices. I am sceptical that software has all the information to make the optimal choice, but we can go in that direction to have a big 80/20 impact.
09:56:33 [chaals]
… This is where security and privacy can go hand in hand, especially with personal devices like mobiles. We could have a privacy-aware personal assistant based on machine learning…
09:56:52 [Preibusch]
ack p
09:57:07 [chaals]
Markus: You talk about defending privacy. So there is a need for regulation. EU is working in this area.
09:57:09 [chaals]
q+
09:57:24 [chaals]
… there are companies not willing to accept regulation. So what is the basis for policymakers?
09:57:45 [chaals]
s/policymakers/making policies?/
09:58:16 [chaals]
FB: Fundamental rights are important, and another good reason is market failure. There is a clear market failure to protect user privacy, transparency requirements are not working.
09:58:44 [chaals]
… If there is a market failure and no market-based answer, we use protection.
09:59:51 [chaals]
Markus: The good guys say "we have a decntralised architecture, the bad guys have a centralised one. But the bad guys are winning in the market. Why should regulators push the market to do privacy if peopleare not choosing the privacy-friendly providers anyway?
09:59:55 [Preibusch]
s/protection/market intervention/
10:00:26 [chaals]
FB: Hope privacy becomes a competitive argument, but information asymmetry means there is no need to actually compete
10:00:29 [fwagner_]
fwagner_ has joined #privacyws
10:00:46 [chaals]
[why information asymmetry breaks markets…]
10:00:57 [chaals]
… the way to solve that is through regulation
10:01:08 [Volker]
.oO( Critical mass: if your friends are all on Facebook, you'll join in wether you find another SN ways better or not )
10:01:17 [chaals]
[volker - right]
10:01:34 [fjh]
q?
10:01:36 [chaals]
FB: If the market solves the problem, the regulator should stay out. But otherwise...
10:02:19 [angeloreale]
Volker: not necessarily, if some of your best friends are on a better SN you might find it more interesting
10:02:34 [Volker]
angeloreale: if
10:02:35 [chaals]
FJH: Agree that the answer may be regulation to improve things. Food regulation means people trust it. People have transferred that trust to the internet, where the same principles don't apply.
10:03:11 [chaals]
[repeating what rigo was suggesting]
10:03:36 [schunter]
Ack dom
10:04:11 [chaals]
Dominic: About icons. Google is criticised for sharing anonymised 3rd-party data. How can I get rid of that criticism from Chrome?
10:04:45 [Preibusch]
s/from Chrome/in the context of the Chrome product/
10:04:59 [chaals]
… users who opt into metrics share anonymised aggregated information about the web that is shared with the community to help develop the web, or to detect malware and warn others.
10:05:22 [lynXintl]
lynXintl has joined #privacyws
10:05:31 [chaals]
… Both of these are good for the world, but we get criticised.
10:05:41 [chaals]
… What do I do?
10:05:55 [chaals]
CMN: Go to ToSDR, and argue your case.
10:06:00 [schunter]
Ack dom
10:06:06 [lynXintl]
makes sense to come to the irc chan 1.2 days late ;) hi everyone
10:06:09 [chaals]
RB: Was there a negative judgement?
10:06:40 [chaals]
DB: The icons incentivise poor decisions - stop helping the web, to make ourselves look better?
10:06:43 [schunter]
Ack cha
10:06:44 [lynXintl]
i haven't ever heard the room laugh because of a joke on irc… or maybe i was distracted?
10:06:53 [angeloreale]
Volker: true, but sometimes the critical mass premise keeps people from believing / investing or devising better solutions for SNing when it shouldn't be seen as definitive. Markets are not bound to fb for eternity and even though it's not easy (i.e. g+) there might be some technological / philosophical (privacy and security?) upgrades that shall retake their market. (I personally wouldn't...
10:06:55 [angeloreale]
...think twice to leave fb if I would know at least 1 friend is using a SN that feels better by using it)
10:07:17 [schunter]
Q?
10:07:31 [Volker]
angeloreale: my personal hope is that teenagers don't wanna use what their parents use.
10:07:37 [fjh]
chaals: legal protecion is important , relates to expectations
10:07:45 [Preibusch]
chaals: Why Rigo's technology idea is important. In some countries, changing regulation is difficult. Working for Yandex, I can say that technology could help where the law cannot be changed for the befit of the user.
10:08:06 [fjh]
s/protecion/protection/
10:08:06 [lynXintl]
i love how this debate is obsoleting many of my slides… because i have 20 for 20 minutes, so i can skip at least 6 or 7
10:08:57 [lynXintl]
yes i am afraid… i hope your upload channels are still fresh and open :)
10:09:14 [Preibusch]
chaals: "Let's build systems that can support users that can support users". Protection can be combined with empowerment when thresholds are user-adjustable.
10:10:08 [fjh]
convenience convenience eonvenience
10:10:10 [DominicB]
DominicB has joined #privacyws
10:10:20 [fjh]
s/convenience convenience eonvenience//
10:10:26 [lynXintl]
diaspora doesn't scale
10:10:36 [lynXintl]
otherwise it would have had its chance
10:10:37 [rigo]
convenience vs privacy discussion
10:10:48 [Preibusch]
chaals: Positive network effects amongst social network users work against migration to alternative networks.
10:17:57 [erobalsa]
erobalsa has joined #privacyws
10:31:12 [reuben]
reuben has joined #privacyws
10:33:57 [reuben]
scribenick: reuben
10:40:39 [MarkusT]
MarkusT has joined #privacyws
10:41:06 [DominicB]
DominicB has joined #privacyws
10:42:06 [fjh]
fjh has joined #privacyws
10:42:22 [chaals]
s/Positive network effects amongst social network users work against migration to alternative networks/People care about privacy, but it isn't a binary proposition. They will generally trade it for convenience (see yesterday's discussion about the difficulty of predicting long-term cumulative consequences of immediate atomic decisions)/
10:42:34 [fwagner]
fwagner has joined #privacyws
10:45:05 [MarkusT]
MarkusT has joined #privacyws
10:45:38 [marta]
marta has joined #privacyws
10:47:25 [Volker]
https://en.wikipedia.org/wiki/HBGary#Astroturfing
10:48:03 [chaals]
[do you want to send a packet back from an intermediate transit point?]
10:48:26 [Preibusch]
q+
10:48:34 [Preibusch]
Zakim, please open the queue.
10:48:34 [Zakim]
ok, Preibusch, the speaker queue is open
10:48:36 [chaals]
zakim, open the queue please
10:48:36 [Zakim]
ok, chaals, the speaker queue is open
10:48:37 [Preibusch]
q+
10:59:05 [Frederik-Amsterdam]
Frederik-Amsterdam has joined #privacyws
11:00:03 [fjh]
q+
11:01:15 [Preibusch]
BTW, Facebook has an .onion address now.
11:01:27 [chaals]
[yeah, a nice one...]
11:01:30 [Volker]
p≡p is based on GnuNet
11:02:23 [kristina-nk]
kristina-nk has joined #privacyws
11:02:41 [chaals]
q+
11:05:43 [erobalsa]
erobalsa has joined #privacyws
11:05:49 [schunter]
Q?
11:06:21 [Volker]
rigo: micropayments are actually possible with cryptocurrencies, that's why I'm waiting if someone starts doing
11:06:23 [schunter]
Ack pr
11:06:44 [rigo]
Volker: 2015 will be the year of micropayments
11:07:01 [reuben]
Soren: Just because you can do something doesn't mean you should. I'm somewhat sympathetic to radical innovation, but much disruption of the web has given has come from market forces. There's low chance of working against the market forces
11:07:01 [Volker]
Volker: or 2115.
11:07:10 [Volker]
s/Volker/rigo/
11:07:19 [schunter]
Q?
11:07:28 [reuben]
Carlo: The idea is to fix the protocols, and then allow the marketplace to return on this new playing field (with users protected)
11:07:31 [rigo]
rrsagent, please draft minutes
11:07:31 [RRSAgent]
I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html rigo
11:07:35 [Volker]
q+
11:07:38 [rigo]
rrsagent, pointer
11:07:38 [RRSAgent]
See http://www.w3.org/2014/11/21-privacyws-irc#T11-07-38
11:07:46 [Volker]
q-
11:08:02 [reuben]
Carlo: we have to offer an alternative approach - an internet that respects rights and privacies, and on top of that companies can compete
11:08:21 [reuben]
Frederik(K): Public keys can be identified...?
11:08:28 [schunter]
Ack fj
11:09:00 [reuben]
Carlos: But everyone can have multiple public keys. A new one generated every time a user has a new interaction with a company
11:09:10 [schunter]
Ack ch
11:09:42 [reuben]
chaals: the more p2p you use, the more you pay. How do you transfer that cost?
11:10:16 [fjh]
s/Frederick(k):/fjh:/
11:10:24 [reuben]
lynXintl: networks will need more relay nodes than ever seen with Tor. We'd need data centres in every city with relay nodes, providing a back-end.
11:10:37 [reuben]
chaals: How do you build them - they're not free.
11:10:46 [schunter]
Q?
11:11:05 [reuben]
lynXintl: Telecoms will be incentivised because they will be paid. Oriented towards charging by use
11:11:18 [reuben]
chaals: If telco's can't predict there income, they won't invest
11:11:25 [Volker]
https://gnunet.org/compare
11:11:30 [rvaneijk]
rvaneijk has joined #privacyws
11:11:39 [Preibusch]
q+
11:11:41 [reuben]
lynXintl: the political will is needed
11:12:26 [reuben]
chaals: Is the government going to pay for it?
11:12:45 [marta]
q+
11:13:00 [reuben]
lynXintl: the first step is political decision, and general consciousness is that 'we can't continue without seatbelts'.
11:13:01 [chaals]
q+
11:13:05 [schunter]
Ack pre
11:13:27 [reuben]
Preibusch: Telco is 15% of workforce in tech.
11:13:51 [reuben]
lynXintl: We change architecture, and we create slightly different jobs - software on devices.
11:14:11 [schunter]
Ack ma
11:14:21 [reuben]
marta: Open hardware or free hardware?
11:14:27 [Preibusch]
s/Preibusch: Telco is 15% of workforce in tech.//
11:14:29 [reuben]
lynXintl: free as in Stallman
11:14:36 [christine]
re hardware, pointer to http://wiki.cryptech.is/
11:14:52 [reuben]
marta: you're not talking about baseband and simcards - the basement is not open.
11:15:06 [reuben]
lynXintl: that closed hardware would be history
11:15:19 [reuben]
marta: also concerns about security - you need a very good design
11:15:34 [reuben]
lynXintl: it doesn't matter because we'll design it from scratch
11:15:36 [Preibusch]
"GSM? Sins of the past!"
11:15:51 [reuben]
Istvan: GSM dead in 10 years?
11:16:25 [rigo]
q+ to ask about "on top"
11:16:28 [reuben]
Istvan: i don't believe it's just going to dissapear like that
11:16:50 [reuben]
lynXintl: there is plan to allow GSM to work alongside for compatibility
11:17:07 [reuben]
Istvan: 2 million machine-to-machine devices which won't go away
11:17:17 [reuben]
Istvan: I'm talking about long timescale here
11:17:56 [reuben]
marta: 3g requires connection to chip? there are huge bugs in the design of the basband e.g. qualcom chips - very easy to hack into it if open source
11:18:10 [reuben]
lynXintl: security by obscurity not good...
11:18:18 [schunter]
Ack ch
11:18:26 [Volker]
.oO( security by obscurity never worx and is a Chimera )
11:18:29 [reuben]
s/Istvan lynXintl
11:19:09 [reuben]
chaals: if this happens, people will go and keep on using the big company services - how do you stop them from re-aggregating the data
11:19:30 [reuben]
lynXintl: this proposal has seen cryptographers, lawyers, policymakers involved
11:19:43 [schunter]
Q?
11:20:11 [reuben]
lynXintl: the internet itself stops being a product and more of a common good for everyone - products happen over it. if you try to monopolise, it wouldn't work or it would be illegal
11:20:25 [schunter]
Ack ri
11:20:25 [Zakim]
rigo, you wanted to ask about "on top"
11:20:37 [cf]
s/2 million/2 billion/
11:20:47 [rvaneijk]
q?
11:20:48 [fwagner_]
fwagner_ has joined #privacyws
11:21:13 [reuben]
rigo: can you imagie a gateway between the alternative internet and the existing 'evil' internet? e.g. public key routing could be tried in a university context. we could have an ipv4/6 gateway...
11:21:21 [chaals]
[Actually, security by obscurity works a lot, if you apply it with a certain tolerance for failure]
11:21:24 [reuben]
lynXintl: i2p already does public key routing
11:21:40 [chaals]
[And most real people have a certain tolerance for security failure]
11:21:52 [reuben]
rigo: the problem with those technologies - even as a fundamentalist i find them too slow - a quarter of my usual output
11:22:18 [reuben]
lynXintl: but e.g. tor's speed has increased dramatically recently, you can change tor settings. I use it for everything.
11:22:25 [schunter]
Q?
11:22:33 [reuben]
fjh: is it easy to configure / tune
11:22:38 [fjh]
will try
11:23:00 [reuben]
lynXintl: i'm not advocating tor for this project, but is a prototype - not necessarily what we need to runa telephone network
11:23:31 [fjh]
s/will try//
11:23:55 [fjh]
s;is it easy to configure / tune;;
11:30:00 [lynXintl]
Volker: if the packet is encrypted for a certain public key, it shouldnt be visible which public key sent it…by not putting the source we reduce the necessity for onion routing because any packet forward helps anonymize the communication
11:31:25 [Preibusch]
q+
11:31:27 [lynXintl]
Preibusch: IPv6 does not fix most of the problems we are facing
11:32:03 [lynXintl]
chaals: how does something get easier to inspect for NSA?
11:32:33 [lynXintl]
Preibusch: eye-tracking is welcome, but it needs to go through the defender chip ;)
11:36:19 [lynXintl]
Preibusch: in total i expect less need for relay nodes than the absurd number of servers that are bored by their job to accept one useful mail and 70 spam mails an hour
11:36:35 [lynXintl]
btw, in the GNU internet spam is no longer possible… sorry for that business model going downhill
11:36:39 [Meiko]
Meiko has joined #privacyws
11:38:21 [lynXintl]
horse correct battery staple
11:39:06 [rigo]
for earlier: GSMA Privacy guidelines http://www.gsma.com/publicpolicy/mobile-and-privacy/gsma-mobile-privacy-initiative
11:39:32 [erobalsa]
erobalsa has joined #privacyws
11:40:14 [AndChat|281441]
AndChat|281441 has joined #privacyws
11:40:58 [erobalsa]
erobalsa has joined #privacyws
11:41:16 [schunter]
Q?
11:41:21 [fjh]
Volker notes theme of privacy by default
11:42:32 [schunter]
Ack s
11:42:42 [schunter]
Ack pr
11:42:51 [rigo]
q+ to ask whether we can apply this to web crypto
11:43:01 [chaals]
q+ to nitpick on interfaces
11:43:10 [reuben]
Preibusch: I support the pragmatism of working with existing infrastructure. A comment: there is a the simplysecure foundation that are trying to make platforms more secure
11:43:29 [rigo]
q- later
11:43:50 [reuben]
Volker: I tried to to speak to them, but they didn't respond.
11:43:57 [chaals]
q- later
11:43:59 [schunter]
Ack ch
11:43:59 [Zakim]
chaals, you wanted to nitpick on interfaces
11:44:23 [reuben]
chaals: little buttons that are all the same apart from colors is not a good UI.
11:45:43 [Preibusch]
https://simplysecure.org/what-we-do/
11:45:53 [reuben]
Volker: we are working on icons, including for those who are colorblind. I agree, but we need more time to work on this. I could get 30 design people, but have no funding. We won't move to silicon valley for funding, in my experience there ain't no [expletive] VC in Europe.
11:46:05 [Preibusch]
q+
11:46:16 [schunter]
Ack ri
11:46:16 [Zakim]
rigo, you wanted to ask whether we can apply this to web crypto
11:46:17 [reuben]
Volker: we have some fortune 500 companies interested, this may enable us to earn some revenue
11:46:56 [reuben]
rigo: i agree that the CA system is borken. We have the web crypto thing going on. Could the things you are doing here lead to an e2e encryption of web pages?
11:47:16 [reuben]
Volker: yes you could use http
11:47:55 [fjh]
s/borken/broken/
11:47:58 [rigo]
could use safe roots in combination with web crypto
11:48:00 [lynXintl]
Volker: I think we can merge pEp and secushare into a single project… :)
11:48:30 [fjh]
q+
11:48:35 [schunter]
Ack pr
11:48:42 [reuben]
Volker: we support the web of trust for compatibility reasons, use gpg, otr etc. But you could use safe routes too. the database of P=P stores trust info, we move trust from key to key if we can guarantee that makes sense. if keys are renewed trust is transfered - unless you lost of compromised your keys
11:48:53 [erobalsa]
q+
11:49:05 [reuben]
Preibusch: outsourcing?
11:49:11 [lynXintl]
btw, that was me talking to Volker, not Volker saying that.. there has been some quoting on this channel which collides with IRC addressing culture
11:49:21 [reuben]
Volker: the idea was to allow in the LAN a box that will implement P=P
11:49:29 [rvaneijk]
rvaneijk has joined #privacyws
11:49:32 [reuben]
Preibusch: can you P=P in the cloud?
11:49:37 [reuben]
Volker: yes
11:49:44 [schunter]
Ack fr
11:49:52 [schunter]
Ack fj
11:50:03 [reuben]
fjh: revocation is not a problem here because you manage your own keys, is that right?
11:50:29 [reuben]
Volker: yes
11:50:31 [schunter]
Ack ero
11:50:31 [angeloreale]
q?
11:50:52 [reuben]
??: how to synchronise across devices?
11:50:55 [schunter]
Zakim, close the queue
11:50:55 [Zakim]
ok, schunter, the speaker queue is closed
11:51:11 [angeloreale]
q+
11:51:34 [reuben]
Volker: we send what changed as a diff SQL insert in an attachement in an email.
11:51:38 [fjh]
s/yes/well revocation is still necessary, but simplified in operation and supported in pEp/
11:52:36 [reuben]
Volker: if you have a new device P=P automatically notices
11:52:55 [reuben]
Volker: with that trick we're doing the organisation of device groups
11:53:02 [reuben]
erobalsa: there is no recovery?
11:54:12 [reuben]
Volker: there is, you put a device in a device group, sends mesage to others, then a private key sent to the new one, then the user acepts whether or not it is a safe group, then the private key is replicated on every device. if you lose your device, we recommend encryption e.g. truecrypt
11:55:14 [cf]
scribenick: cf
11:55:45 [cf]
Presentation: Ero Balsa - Why can't online networks encrypt?
11:56:21 [Volker]
p≡p unfortunately cannot recommend TrueCrypt any more, so we're waiting how this develops
11:56:49 [angeloreale]
Volker: what about implementing pep on a web level? or ist only meant for device / browser implementation
11:56:50 [Volker]
It is an issue for consumer versions of Windows only, because all other systems have ready made solutions for device encryption and we're recommending them
11:57:07 [Volker]
angeloreale: it is meant to be on web level, too.
11:57:26 [schunter]
Zakim, open the queue
11:57:26 [Zakim]
ok, schunter, the speaker queue is open
11:57:29 [Volker]
angeloreale: unfortunately, my budget is 0 + my own time. So feature by feature by feature ;-)
11:57:41 [AndChat|281441]
AndChat|281441 has joined #privacyws
11:58:07 [angeloreale]
Volker: i could use s/pep/p≡p to fetch all bunch of sources for messaging in one service?
11:59:01 [angeloreale]
Volker: later
11:59:26 [lynXintl]
is it stalin to the right?
11:59:48 [Volker]
lynXintl: leutenant Uhura communicating with Stalin
11:59:55 [lynXintl]
lol perfect
12:00:00 [Volker]
lynXintl: because she is communication officer
12:00:09 [angeloreale]
lol
12:00:11 [lynXintl]
she's got that thing in the ear
12:00:16 [Volker]
.oO( Stalin was a Klingon
12:00:17 [Volker]
)
12:00:25 [lynXintl]
she's a traitor then
12:00:46 [lynXintl]
then again, who knows.. the federation may be communist
12:01:42 [MarkusT]
there's no money in the federation ... so, they are cloae to communism ;)
12:01:52 [lynXintl]
Model 1 is no end-to-end encryption
12:03:52 [lynXintl]
Model 2 requires client side software, so it might as well be p≡p
12:05:58 [lynXintl]
Model 3, OSN can MITM easily unless the UI is provided by the add-on rather than the web page
12:06:10 [lynXintl]
as long as the cleartext appears in the facebook page, it is unsafe
12:06:37 [lynXintl]
q+ ;)
12:06:56 [rigo]
ack ;
12:07:03 [rigo]
q+ lynXintl
12:07:21 [lynXintl]
oh sorry, didnt know it's a bot :D
12:07:40 [angeloreale]
hi Zakim hows it going?
12:08:54 [lynXintl]
it uses /me – so my work wasn't all useless ;)
12:09:16 [angeloreale]
^_^
12:10:06 [schunter]
Q?
12:10:33 [rigo]
ack lynXintl
12:10:38 [schunter]
Ack ly
12:10:41 [cf]
lynXintl: Some tools for end-to-end encryption already exist.
12:10:53 [cf]
Some of them are based on Jabber
12:11:00 [schunter]
Q?
12:11:06 [cf]
There are also some end-to-end add-ons.
12:11:22 [cf]
Problem with that approach - the moment you have clear text on web page,
12:11:37 [cf]
it can be stolen/copied unless it is only shown in the UI of the
12:11:47 [kristina-nk]
kristina-nk has left #privacyws
12:11:48 [cf]
add-on, which is ugly and unpopolar.
12:12:09 [cf]
Is there a new idea that is different from what I enumerated?
12:12:14 [Volker]
W3C could offer “clear text field”, which is accessable by ECMAScript by handle only, and can be given to a crypto plugin
12:12:38 [rigo]
use post
12:12:45 [cf]
Ero: yes, some tools have lots of UI problems. They need to,
12:12:56 [cf]
but can be improved, but main issue behind is key management.
12:13:17 [cf]
lznXintl: But that clashes with web architecture.
12:13:20 [Volker]
cf: that's why p≡p started as a keymanagement project
12:13:24 [schunter]
Q?
12:13:25 [Volker]
cf: agree
12:13:48 [Volker]
cf: see proposal two lines above
12:14:00 [cf]
Everyone is hungry, so the discussion ends...
12:14:11 [rigo]
RRSAgent, please draft minutes
12:14:11 [RRSAgent]
I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html rigo
12:44:59 [DominicB]
DominicB has joined #privacyws
12:46:41 [DominicB]
DominicB has joined #privacyws
12:51:05 [fjh]
fjh has joined #privacyws
13:11:22 [haakonfb]
scribe:haakonfb
13:11:37 [haakonfb]
s/scribe:haakonfb/scribe: haakonfb/
13:11:45 [DominicB]
DominicB has joined #privacyws
13:12:44 [haakonfb]
scribenick: haakonfb
13:13:14 [reuben]
reuben has joined #privacyws
13:14:29 [MarkusT]
MarkusT has joined #privacyws
13:14:51 [haakonfb]
schunter: welcome back to last afternoon session - chairs has collected issues.
13:14:53 [Meiko]
Meiko has joined #privacyws
13:15:07 [rvaneijk]
rvaneijk has joined #privacyws
13:15:10 [rigo]
Topic: Discussion
13:15:16 [haakonfb]
… Frederik will walk us through the questions
13:15:28 [haakonfb]
… we have to plan some actions - what needs to be done by whom?
13:15:41 [haakonfb]
… identifying concrete next steps
13:16:11 [MarkusT]
MarkusT has joined #privacyws
13:17:04 [haakonfb]
Frederik: introduction - break into groups and discuss user control, metrics and architecture
13:17:12 [haakonfb]
… report from groups
13:17:38 [haakonfb]
… user centric controls - what do we mean when we say that the user is in control
13:17:45 [haakonfb]
… is it consent or is it choice
13:17:59 [Preibusch]
Preibusch has joined #privacyws
13:18:12 [haakonfb]
… is it more than control?
13:18:49 [haakonfb]
… can we use the approach that is in Firefox - if you don't consent it just goes away
13:18:57 [marta]
marta has joined #privacyws
13:18:59 [haakonfb]
… how to control privacy
13:19:10 [kboudaou]
kboudaou has joined #privacyws
13:19:32 [haakonfb]
… Google privacy settings - but what if you want to agree to the privacy policy - can you control the settings while being anonymous
13:19:52 [haakonfb]
… Architecture: Can one address systematic issues one step at a time?
13:20:11 [haakonfb]
… business models and privacy at the same time? Is it possible
13:20:17 [lynXintl]
Volker: a write-only textarea would actually still not be safe since there is no guarantee the server delivers such html
13:20:51 [haakonfb]
… Awareness and metrics: Interest in developing common metrics. Server side - visibility into sharing, re-use etc
13:20:57 [Volker]
lynXintl: but this would guarantee that server will deliver what user types or something completely different
13:21:07 [haakonfb]
… is it possible to have metrics for privacy policies.
13:21:36 [Volker]
lynXintl: so the attack vectors of compromizing confidentially as well as slighter manipulations could be closed with that
13:21:58 [haakonfb]
schunter: Three topics - awareness, architecture and control - three groups?
13:22:41 [haakonfb]
… it seems like we have three groups (after raise of hands)
13:23:48 [haakonfb]
dsinger: do we need to split up?
13:23:58 [lynXintl]
volker, i don't see how you can integrate input/output controls in a web page that could be at any time replaced with tradtional server-centric html
13:24:14 [haakonfb]
schunter: We have 15 minutes per topic
13:24:34 [haakonfb]
… big issue - should we do something or not - if do, then something concrete
13:24:46 [haakonfb]
frederik: not deep dive into conclusions
13:25:00 [haakonfb]
schunter: pin-point some next steps
13:25:19 [christine]
christine has joined #privacyws
13:25:41 [lynXintl]
dsinger, it is dangerous to make false promises…
13:26:01 [lynXintl]
i mean.. to the masses they would start using the stuff expecting it to be safe
13:26:01 [Preibusch]
q+ to remind Volker on how this works
13:26:04 [Preibusch]
q-
13:26:21 [christine]
Re topic 1: There has been discussion in the W3C (e.g. in the Web and Mobile IG - http://www.w3.org/2013/07/webmobile-ig-charter.html - exploring the possibility of a "nice" Permissions API
13:26:26 [lynXintl]
and bulk surveillance is still technically possible… whenever somebody in charge decides it has to happen
13:26:37 [Volker]
q+ to “bring user into control” means identify all things which can be automated, and asking questions ONLY for things where user decision is necessary (default: private)
13:27:20 [haakonfb]
Karima: two important aspects
13:27:37 [haakonfb]
… we all agree from traditional technology to user-centric approaches
13:27:41 [lynXintl]
no, we don't agree
13:27:48 [haakonfb]
… 1) education and 2) UI design
13:28:04 [schunter]
Q+ for testing
13:28:05 [MarkusT]
q+ to Show consequences of Privacy by Default
13:28:15 [schunter]
Ack sch
13:28:15 [Zakim]
schunter, you wanted to discuss testing
13:28:17 [lynXintl]
(it may sometimes be the wrong way to go… sometimes)
13:28:23 [haakonfb]
… we have tried to educate - but it is important to continue to educate people, the next generation. their behaviour is different from us
13:28:24 [alina]
alina has joined #privacyws
13:28:56 [haakonfb]
… must be optimistic about educating people. We can't make people responsible without teaching them
13:29:00 [fwagner]
fwagner has joined #privacyws
13:29:16 [Volker]
.oO( don't educate people not requesting that, it never works )
13:29:37 [fjh]
q+
13:29:48 [haakonfb]
… UI design. People don't really understand privacy. They need simple UI, but after Snowden they want to learn more.
13:29:57 [Volker]
to awareness: first time in history of FsA demonstration, Berlin, we nowhere heared again “I have nothing to hide”.
13:30:19 [haakonfb]
… must take into account two groups: 1) don't know much - need simple UI and 2) who want to know more - different UI needs
13:30:32 [haakonfb]
… it is important to listen and adapt
13:30:54 [lynXintl]
yes, we made progress… we moved from "i have nothing to hide" to "but what can i do?" which is something we can work with
13:31:00 [rigo]
q?
13:31:04 [haakonfb]
Frederik: Like to structure the discussion - let's go to the que
13:31:10 [rigo]
ack Vol
13:31:10 [Zakim]
Volker, you wanted to “bring user into control” means identify all things which can be automated, and asking questions ONLY for things where user decision is necessary
13:31:14 [schunter]
Ack vo
13:31:14 [Zakim]
... (default: private)
13:31:50 [angeloreale]
angeloreale has joined #privacyws
13:32:18 [haakonfb]
Volker: I want to remark that getting user control is identifying where the control is relevant. if you have a lot of options - does not bring user into control
13:32:31 [haakonfb]
… must reduce to one or two questions
13:32:37 [schunter]
Ack mar
13:32:37 [Zakim]
MarkusT, you wanted to Show consequences of Privacy by Default
13:32:57 [haakonfb]
MarkusT: What are the consequences by privacy by default?
13:33:18 [rigo]
Volker: want to have most situative things done by algorithms and only ask the user where the user can add value
13:33:29 [haakonfb]
… study of effect of default settings - restrictive vs permissive
13:33:34 [Frederik-Amsterdam]
Frederik-Amsterdam has joined #privacyws
13:33:42 [Frederik-Amsterdam]
q+ Regarding privacy: What do the W3C (or computer scientists generally) need (i) from lawmakers or from (ii) legal researchers, if anything?
13:34:03 [Frederik-Amsterdam]
q+ to Regarding privacy: What do the W3C (or computer scientists generally) need (i) from lawmakers or from (ii) legal researchers, if anything?
13:34:05 [haakonfb]
… what you can learn: people tend to keep default settings. This is good if privacy by default
13:34:35 [haakonfb]
… the service provider has to make it attractive + consequences and risks to get users' permission
13:34:44 [Volker]
rigo, it's less about adding value than deciding the important big picture. I have to recommend apples solution in “Security Settings” on MacOS X as a positive example
13:34:52 [haakonfb]
schunter: Your comment is that privacy by default is good.
13:35:16 [Volker]
.oO( privacy must be the new default )
13:35:20 [rigo]
schunter: you mean you want to encourage people and companies to use privacy friendly controls
13:35:27 [schunter]
Ack fjh
13:35:30 [haakonfb]
frederik: should we talk about how to give users more control?
13:35:31 [dsinger]
q?
13:35:40 [rigo]
ack Fred
13:35:40 [Zakim]
Frederik-Amsterdam, you wanted to Regarding privacy: What do the W3C (or computer scientists generally) need (i) from lawmakers or from (ii) legal researchers, if anything?
13:35:43 [erobalsa]
erobalsa has joined #privacyws
13:35:45 [christine]
re question - mechanisms which allow the user to express preference are useful
13:35:58 [haakonfb]
Frederik-Amsterdam: Can the lawmakers or legal researchers be of any help?
13:35:59 [dsinger]
q+ to respond to Frederik
13:36:00 [schunter]
Ack fre
13:36:46 [haakonfb]
rigo: What we need in the european context is to make room technical innovation and a process that allows us, once we have made an enhancement, to get supported by the legal system
13:36:51 [schunter]
Q+ fjh
13:37:06 [fwagner]
q+
13:37:23 [haakonfb]
… technical spec like DNT the DPAs can approve the spec so everyone who uses it are in compliance
13:37:46 [schunter]
Ack ds
13:37:46 [Zakim]
dsinger, you wanted to respond to Frederik
13:38:14 [haakonfb]
dsinger: we have the ugly situation that regulators and politicians try to regulate something they don't understand
13:38:47 [haakonfb]
… technologists thinks about philosophical issues. Both sides are bad at it
13:38:51 [chaals]
q+
13:39:06 [schunter]
Ack fw
13:39:12 [haakonfb]
… we lack a definition of what we mean by "online privacy"
13:40:00 [haakonfb]
???: The user is confused by the law and the collecting practices. Is there room for a standard or recommendations. It is difficult to bring legal, tech and user perspectives together
13:40:01 [schunter]
Ack f
13:40:08 [rigo]
s/???/Frank/
13:40:10 [angeloreale]
q+ to common ground / standards
13:40:11 [marta]
q+ to ask Does anyone know if there even is a study on what people define privacy? Maybe that is the first step?
13:40:13 [chaals]
q+ to suggest that actually "privacy" is about finding out it got "violated", and work out what you can do
13:40:43 [rigo]
q+ to talk about controls and suggest controls
13:40:55 [haakonfb]
Fredrik: What can people who are interessted in control issue - what should we do next?
13:41:01 [rigo]
ack chaa
13:41:01 [Zakim]
chaals, you wanted to suggest that actually "privacy" is about finding out it got "violated", and work out what you can do
13:41:09 [dsinger]
q?
13:41:17 [haakonfb]
chaals: one of the things we can do is look at what controls users use effectively.
13:41:41 [haakonfb]
… best practice sort of guideline
13:41:45 [rigo]
chaals: guidelines & best practices for user controls and name dead ends to avoid
13:42:01 [rigo]
christine: WAI people may have good ideas too
13:42:54 [haakonfb]
marta: Study about what people understand about privacy? How do people want to protect it?
13:43:06 [fwagner]
q+
13:43:12 [dsinger]
q+ to learn by doing, make incremental progress
13:43:39 [lynXintl]
q+ Zuckerberg
13:43:41 [haakonfb]
chaals: People's real definition is that someone knows someone knows something about me and I don't like it
13:43:49 [haakonfb]
… I know it then I loose it
13:44:05 [Volker]
q?
13:44:05 [dsinger]
s/then/when/
13:44:16 [haakonfb]
… lost control of their information. Is there a way to bring it back under their control
13:44:19 [cf]
s/loose/lose/
13:44:47 [dsinger]
q?
13:45:05 [haakonfb]
Frederik: how much interest to standardise UI for controls in the browsers?
13:45:12 [MarkusT]
@Marta There are a lot of studies from the IS field about what users expect from privacy. A common problem is the Privacy Paradox
13:45:26 [lynXintl]
s/Zuckerberg/GeorgeDanezis/
13:45:31 [angeloreale]
q-
13:45:36 [marta]
q-
13:45:41 [haakonfb]
chaals: Best practice is more realistic
13:45:49 [schunter]
Zakim, close the queue
13:45:49 [Zakim]
ok, schunter, the speaker queue is closed
13:45:56 [schunter]
Q?
13:46:02 [rigo]
ack ri
13:46:02 [Zakim]
rigo, you wanted to talk about controls and suggest controls
13:46:03 [haakonfb]
dsinger: what does the sites I visit need to know about me? Not directly UI
13:46:13 [fwagner]
q-
13:46:19 [chaals]
[agree with soren - it is hard to understand when you lost control given the invisibilty of data that is merged "server-side", until you see some clear consequence of that process]
13:46:22 [haakonfb]
rigo: certain controls can not be the way they are
13:46:41 [haakonfb]
… panic button
13:47:04 [haakonfb]
… control is not about privacy. in that case we need to read Westin
13:47:05 [angeloreale]
lol
13:47:24 [rigo]
q?
13:47:25 [schunter]
Q?
13:47:44 [schunter]
Ack ds
13:47:44 [Zakim]
dsinger, you wanted to learn by doing, make incremental progress
13:48:06 [haakonfb]
???: Should not standardise because we don't know what works
13:48:17 [Volker]
David, Preipusch: Privacy, Anonymity, and Information Control – PANIC
13:48:19 [DominicB]
s/???/DominicB/
13:48:21 [rigo]
s/???/dsinger/
13:48:31 [haakonfb]
dsinger: incremental steps. Perfect must not stand in the way of good
13:48:37 [schunter]
Zakim, open the queue
13:48:37 [Zakim]
ok, schunter, the speaker queue is open
13:48:43 [schunter]
Q+
13:49:02 [rigo]
ack zuck
13:49:12 [marta]
q+ to say - we should come up with the same "good practices" for designing the system
13:49:20 [DominicB]
Preibusch: I wonder whether a standard slows down improvements and experiments.
13:49:21 [haakonfb]
lynXintl: Share picture with friend - the bad that happens is outside user expectations
13:49:43 [chaals]
q+
13:49:47 [haakonfb]
Frederik-Amsterdam: refers to the design principle - no sneaky stuff
13:50:35 [haakonfb]
Bal: Privacy should only be discussed in context - find concrete issues and look into these uses cases/scenarios. How to improve things in context
13:50:39 [Preibusch]
DominicB: standards are one way of pooling empirical evidence and lessons learnt. Another way would be published peer-reviewed papers. Some experiments are obviously confidential and proprietary.
13:51:32 [haakonfb]
lynXintl: People just sees these machines, and don't expect that people can see whats inside
13:51:39 [Volker]
privacy as default, privacy as default, … (mantra)
13:52:33 [chaals]
CMN: a major constraint - any solution has to allow for what people actually want to do (e.g. sending naked pictures to their partner), otherwise people will ignore it.
13:52:34 [haakonfb]
????: Best practises and guidelines - need to bring in the users, but don't know if it is possible
13:52:50 [rigo]
s/????/Karima/
13:53:04 [haakonfb]
marta: combine this: good practices for design
13:53:22 [fwagner]
+1 to Karima: Best practice have to respect the understanding of users
13:53:27 [haakonfb]
… good practices for system design would be really useful
13:53:40 [chaals]
[Use cases - what do people do, when do things go wrong, what would they like to do then?]
13:53:53 [MarkusT]
Privacy by Design at least offers design principles
13:54:03 [MarkusT]
www.privacybydesign.ca
13:54:07 [Volker]
MarkusT: agree, i.e. data sparingness
13:54:21 [MarkusT]
yes
13:54:34 [chaals]
+1 to Karima too
13:54:34 [marta]
@MarkusT yes, but it doesn't give simple design principles, should be worked on
13:54:35 [MarkusT]
and do not forget ISO/IEC 29000 framework and
13:54:41 [haakonfb]
rigo: additional point (I didn't get Frederik's three points) - heard people say it was good to see what other people do
13:54:54 [haakonfb]
… W3C can host a workshop in a year
13:55:11 [haakonfb]
Frederik: Architecture: Can we do things incrementally?
13:55:26 [haakonfb]
… it is work going on.
13:55:45 [Preibusch]
q+
13:55:45 [MarkusT]
@marta not simple enough for end users, but PbD and ISO/IEC 29001 is general enough for developers and system engineers
13:55:48 [haakonfb]
… how could the community of W3C work on this or help the other communities
13:55:56 [dsinger]
q?
13:55:58 [haakonfb]
… what is the right question to ask to here?
13:56:13 [schunter]
Q-
13:56:13 [marta]
q-
13:56:16 [haakonfb]
????: Privacy is a business model
13:56:37 [DominicB]
q+ battre to explain the idea behind RAPPOR
13:56:46 [schunter]
Ack cha
13:56:48 [haakonfb]
chaals: yes, it is a business model - but need to do be relevant for current business models to get support?
13:56:54 [lynXintl]
q+
13:56:59 [marta]
@MarkusT well, if it is simple and good enough why doesn't anyone take it into account?
13:57:03 [rigo]
s/????/CNM/
13:57:05 [MarkusT]
q+
13:57:11 [chaals]
s/CNM/CMN/
13:57:18 [Preibusch]
s/????/Preibusch/
13:57:28 [rigo]
Dominic: differential privacy
13:57:42 [haakonfb]
????: RAPPOR technology - only results about populations and not individuals
13:57:56 [rigo]
s/????/Dominic/
13:57:57 [haakonfb]
https://github.com/google/rappor
13:58:14 [rigo]
rrsagent, please draft minutes
13:58:14 [RRSAgent]
I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html rigo
13:58:25 [haakonfb]
… each data point looks like random data
13:58:31 [MarkusT]
@marta I don't think complexity is the obstacle - it is the consequence for their business model
13:58:47 [fwagner]
@Marta, MarkusT: because PbD does not contain the user perspective in the meaning of understanding what is behind a setting or functionality, the aspect „educate the user is not direct part of PbD
13:58:59 [haakonfb]
… are there more architectures in the area of differential privacy
13:59:14 [DominicB]
q-
13:59:16 [erobalsa]
q+
13:59:19 [schunter]
Q?
13:59:23 [Preibusch]
q-
13:59:25 [DominicB]
q- battre
13:59:34 [MarkusT]
@fwagner Isnt transparency part of Pbd?
14:00:05 [haakonfb]
lynXintl: if W3C thinks it is a good idea to research architectures, then W3C could help people who does it
14:00:14 [haakonfb]
… e.g. tell who in Brussel one should talk to
14:00:19 [marta]
@fwagner, I absolutely agree with you. That's why I said it needs reworking. It is a good starting point, but since it was created, we have learned a bit
14:00:20 [haakonfb]
… write endorsments
14:00:35 [haakonfb]
chaals: this won't fly with W3C
14:00:52 [haakonfb]
rigo: W3C is limited to the web
14:01:19 [haakonfb]
… as soon as you go into reinvent the Internet it is out of scope for W3C
14:01:24 [chaals]
[That said, you can always ask W3C individuals about people who you should talk to…]
14:02:20 [Meiko]
q?
14:02:22 [erobalsa]
q-
14:02:22 [fwagner]
@MarkusT: right, but how is this done: Privacy Policies, User Controls which are not beeing understood by the poor user….
14:02:38 [Meiko]
q+
14:02:54 [rigo]
ack lynXintl
14:03:16 [angeloreale]
q+ to set to simple outputs for policies
14:03:17 [alina]
@fwagner @marta - to be clear, you're referring to PbD as 'privacy by default'? this is confused with 'privacy by design' which does include transparency.
14:03:35 [schunter]
Q?
14:03:56 [marta]
@alina, I am talkig about privacy by design. It does not really include a user-centric model
14:04:00 [MarkusT]
@alina PbD = Privacy by Design, PbDef = Privacy by Default
14:04:07 [fwagner]
@alina: PbD= privacy by design IMHO
14:04:29 [rigo]
Volker: using web over all kinds of privacy protocols, even over GnuNet
14:04:34 [rigo]
scribenick: rigo
14:04:44 [MarkusT]
@marta it is not the purpose of PbD to have concrete model
14:04:51 [dsinger]
q+ to ask about ‘threat models’ and ‘does the control/advice get to the right place?’
14:04:58 [MarkusT]
@marta it raise the issue to think about it
14:05:25 [rigo]
fjh: Volker, please share your information with the Technical Architecture Group (TAG)
14:05:29 [schunter]
Ack mar
14:05:33 [alina]
for reference, Privacy by Design principles: http://www.privacybydesign.ca/index.php/about-pbd/7-foundational-principles/
14:05:43 [haakonfb]
s/Fredrik/fjh/
14:05:46 [rigo]
MarkusT: policy recommendation workshops from EC for architectures
14:05:46 [chaals]
[group list is www-tag@w3.org - see http://www.w3.org/2001/tag/ for more]
14:06:07 [rigo]
... business models, end users and some B2C, and there are policy makers
14:06:27 [rigo]
... for business models, what is my service models, to end users? to governments?
14:06:42 [rigo]
fjh: what is the action?
14:07:10 [rigo]
MarkusT: product to users directly or want to serve government?
14:07:20 [fwagner]
q+ Martin
14:07:32 [rigo]
chaals: action is to survey the business models and how privacy fits in
14:07:55 [rigo]
... also for W3C, think this fits W3C
14:08:09 [marta]
@alina, MarkusT : the problem for me is lack of some better definition. How do I do user-centric privacy, how do I realize transparency. If I am a developer/designer what are the points I have to take into account?
14:08:22 [dsinger]
q?
14:08:57 [schunter]
Ack mei
14:09:56 [rigo]
Meiko: public gives us a lot of traction, we have an opportunity to get something going now
14:10:17 [DominicB]
Information about RAPPOR: https://github.com/google/rappor
14:10:26 [haakonfb]
[Rappor: http://googleresearch.blogspot.de/2014/10/learning-statistics-with-privacy-aided.html]
14:10:49 [rigo]
... how do we funnel it into action? We don't know about controls? We have seen many of them, we could standardize some of them, display the interaction model (like lightbeam), creating a community that works on this
14:10:57 [schunter]
Q?
14:11:04 [schunter]
Ack ang
14:11:04 [Zakim]
angeloreale, you wanted to set to simple outputs for policies
14:11:05 [chaals]
q+ karima
14:11:07 [rigo]
ack angeloreale
14:11:07 [MarkusT]
@marta IMHO PbD and ISO/IEC 29001 even more concrete gives the answer what fields to think about. The questions how to do it concrete is to context-driven to build general "rules". One can build a bouquet of PETs provers can choose from to fullfil the "rules"
14:11:13 [schunter]
Q+ fjh
14:11:42 [rvaneijk]
q+
14:12:00 [rigo]
angeloreale: encourage use the P3P model to create user friendly policies, simplify terms, make it easy for SMEs to address privacy
14:12:05 [chaals]
[+1 to angelo - this is actually a concrete action that has real potential for use, and should be considered seriously]
14:12:17 [Meiko]
+1 here, too
14:12:19 [Preibusch]
q+
14:12:27 [rigo]
... unified form to fill and generate multimedia file generated
14:12:45 [DominicB]
consider user friendliness but also risk exposure for companies
14:12:48 [marta]
@ MarkusT maybe we should simply design a privacy API the way we designed a crypto API? (although I know that privacy is much more vague then crypto, but I mean it as an inspiration)
14:12:54 [schunter]
Ack ds
14:12:54 [Zakim]
dsinger, you wanted to ask about ‘threat models’ and ‘does the control/advice get to the right place?’
14:13:26 [rigo]
fjh: look into new P3P and make a new approach with jsonLD
14:13:36 [MarkusT]
@marta sounds applicable
14:13:53 [chaals]
[W3C is not going to make decent videos and icons. But they are a good place to sift through the policy pieces that you want to collect, so you can build videos on top]
14:14:11 [rigo]
dsinger: incremental architecture discussion, in PING, criticize and discover mistakes. We have to create privacy threat models like security attack models
14:14:54 [rigo]
... 20% of people thought they were not tracked in private browsing mode
14:14:59 [christine]
@ david - TAG is looking a private browsing mode
14:15:28 [schunter]
Ack mar
14:15:37 [DominicB]
about proposal to tell webserver that user is in private mode: keep in mind that this information may be used to discriminate against users
14:15:48 [rigo]
... should standardize private browsing and extend perhaps to remote private browsing
14:16:14 [rigo]
DT_Martin: revealing private browsing will reveal more information about me
14:16:24 [Preibusch]
DominicB: mainstream browsers tell addons (= local) and explicitly do not tell Websites and prevent Websites from sniffing private browsing
14:16:27 [rigo]
... we also have no business model to make privacy
14:16:33 [Meiko]
q?
14:16:42 [rigo]
... our approach is to have strategy discussion
14:17:00 [rigo]
... business models is not destroying privacy, but helping
14:17:12 [rigo]
ack kar
14:17:14 [schunter]
Ack kar
14:17:24 [chaals]
[My experience in WAI (who spent a lot of time trying to explain business models for accessibility) is that W3C is not a good place to develop and promote business models. They have work to do just to understand business models people actually use]
14:17:52 [rigo]
kboudaou: standardizing interface, if we standardize interface now, would be against, becasue no feedback from user
14:17:56 [schunter]
Zakim, close the queue
14:17:56 [Zakim]
ok, schunter, the speaker queue is closed
14:18:03 [schunter]
Ack f
14:18:40 [rigo]
fjh: problem is you need buy in to create a WG. Concerned that people say its premature.
14:18:41 [chaals]
[Working groups that say "other people should…" fail.]
14:18:52 [schunter]
Q?
14:19:12 [dsinger]
forming a WG before the general direction of the specification is evident is a recipe for frustration
14:19:14 [Preibusch]
Zakim, please close queue
14:19:14 [Zakim]
ok, Preibusch, the speaker queue is closed
14:19:39 [schunter]
Ack rv
14:19:40 [Preibusch]
ack r
14:19:48 [rigo]
... business models, privacy is not something that you go and buy, it is something you expect, losses, it is not the happy one where you show revenue
14:20:13 [rigo]
rvaneijk: how ot get more people on board, in a community group
14:20:23 [schunter]
Ack p
14:21:05 [dsinger]
q?
14:21:07 [rigo]
Preibusch: standardizing UI, some would fit into DAP, best practices on controls. Do you feel like you exhausted what was possible
14:21:24 [rigo]
fjh: it was a narrow case
14:21:35 [chaals]
[I suspect pEp would do better in RFC track, although it isn't necessarily wrong to try and do stuff in a community group]
14:21:52 [dsinger]
zakim, open the queue
14:21:52 [Zakim]
ok, dsinger, the speaker queue is open
14:21:52 [lynXintl]
q += 7
14:21:55 [rigo]
Topic: Metrics
14:22:10 [rigo]
q?
14:22:16 [chaals]
[DAP looked closely at a very limited question, so could not have exhausted the general topic]
14:22:38 [rigo]
fjh: presenting Awareness and Metrics
14:22:40 [rigo]
q+
14:23:04 [chaals]
q+
14:23:09 [rigo]
ack ri
14:23:11 [Preibusch]
ack r
14:23:16 [Volker]
q?
14:23:24 [Volker]
q+
14:24:38 [dsinger]
Q+ to suggest terms, metrics, and principles
14:25:02 [dsinger]
ack chaals
14:25:25 [rigo]
rigo: start use cases, make requirements and identify streams of informations that controls and metrics need
14:25:59 [schunter]
q?
14:26:36 [Volker]
recommending depth of quad-tree for “blurring level of geographical information”
14:26:59 [Volker]
metric
14:27:33 [schunter]
Q?
14:28:09 [MT]
MT has joined #privacyws
14:28:42 [angeloreale]
q+ to propose users to expose their concerns by prividing means of engagement that is meaningful for research
14:28:43 [rigo]
chaals: it is useful to collect the information we have in front of us. But you will need the use cases to identify the information streams that are helpful for metrices
14:28:49 [MT]
MT has joined #privacyws
14:29:29 [schunter]
Ack vo
14:29:37 [rigo]
Volker: not new in implementing; came up with metrics on location blur. finding metrics is also talking to people who have done it already.
14:30:04 [Frederik-Amsterdam]
Q + to add something about problems and solutions. "Meaningful control and transparency for users about use of information regarding them" could be a rough, high-level, design goal. Almost every privacy problem entails a lack of control.
14:30:06 [rigo]
... in PEP ratings goes beyond commercial CAs
14:30:09 [fjh]
q+
14:30:10 [rigo]
ack dsinger
14:30:11 [Zakim]
dsinger, you wanted to suggest terms, metrics, and principles
14:30:13 [schunter]
Ack ds
14:30:15 [chaals]
q+ Frederik-Amsterdam
14:30:33 [chaals]
q+ Frederik-Amsterdam to add something about problems and solutions. "Meaningful control and transparency for users about use of information regarding them" could be a rough, high-level, design goal. Almost every privacy problem entails a lack of control.
14:30:34 [rigo]
dsinger: common terms, definitions, living document. We need common words
14:30:42 [chaals]
s/Q + to add something about problems and solutions. "Meaningful control and transparency for users about use of information regarding them" could be a rough, high-level, design goal. Almost every privacy problem entails a lack of control.//
14:31:01 [schunter]
Ack ang
14:31:02 [Zakim]
angeloreale, you wanted to propose users to expose their concerns by prividing means of engagement that is meaningful for research
14:31:27 [rigo]
angeloreale: important to propose that services who are privacy friendly have means to engage with the users
14:31:39 [rigo]
... services surveying hte users
14:31:44 [rigo]
ack fjh
14:31:45 [lynXintl]
i actually liked that background picture…
14:31:48 [schunter]
Ack f
14:31:48 [Zakim]
Frederik-Amsterdam, you wanted to add something about problems and solutions. "Meaningful control and transparency for users about use of information regarding them" could be a
14:31:51 [Zakim]
... rough, high-level, design goal. Almost every privacy problem entails a lack of control.
14:33:00 [lynXintl]
did we decide not to do the 3 break out groups? :(
14:33:20 [rigo]
Frederik-Amsterdam: we have no idea what users what, but all we have discussed last two days was about lack of transparency and user control
14:33:59 [schunter]
Q?
14:34:58 [rigo]
RRSAgent, pointer?
14:34:58 [RRSAgent]
See http://www.w3.org/2014/11/21-privacyws-irc#T14-34-58
14:35:15 [chaals]
ACTION: fjh to remember that we need to keep the statement "Meaningful control and transparency for users about use of information regarding them" could be a rough, high-level, design goal. Almost every privacy problem entails a lack of control."
14:36:16 [rigo]
dsinger: we can continue the discussion in PING, the Privacy Interest Group
14:36:23 [angeloreale]
links to ping?
14:36:30 [MT]
@dsinger So, PING is not the Music SNS from Apple ;)
14:36:34 [chaals]
See http://www.w3.org/Privacy/ - join this group, charter, etc
14:36:36 [marta]
how do I join PING?
14:36:47 [marta]
@ chaals thx
14:36:49 [chaals]
marta: ^^^^^
14:37:29 [rigo]
join PING using https://www.w3.org/2004/01/pp-impl/52497/join
14:38:21 [Volker]
rigo: authentication required (which I don't have)
14:38:23 [angeloreale]
http://www.w3.org/Consortium/application
14:39:47 [dsinger]
You MIGHT be able to join the mailing list by using subscribe to public-privacy at http://lists.w3.org
14:40:22 [chaals]
Joining PInG: If you work for a W3C member, then you should ask you W3C "AC" representative to sign you in using https://www.w3.org/2004/01/pp-impl/52497/join
14:40:33 [dsinger]
If you are not in a W3C member org, I suspect the chairs would be happy to have invited experts
14:41:17 [chaals]
… If you do not work for a W3C member, I believe you can join the mailing list by sending an email to public-privacy-request@w3.org with the subject "subscribe"
14:41:31 [rigo]
RRSAgent, please draft minutes
14:41:31 [RRSAgent]
I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html rigo
14:42:52 [chaals]
"Participation in the Privacy Interest Group is open to the public."
14:44:42 [chaals]
[If you want to contribute to the work of the group concretely, you will be asked to become an invited expert. Which is a 3 minute painless process]
14:44:43 [schunter]
Q?
14:44:50 [MT]
I don't find the Ping Mailinglist
14:45:18 [rigo]
http://lists.w3.org/Archives/Public/public-privacy/
14:45:19 [chaals]
it is public-privacy@w3.org - archives at http://lists.w3.org/Archives/Public/public-privacy/
14:45:36 [rigo]
MT, see Î
14:46:32 [MT_]
MT_ has joined #privacyws
14:47:17 [MT_]
MT_ has joined #privacyws
14:49:09 [rigo]
RRSAgent, please draft minutes
14:49:09 [RRSAgent]
I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html rigo
14:49:20 [rigo]
RRSAgent, bye
14:49:20 [RRSAgent]
I see 2 open action items saved in http://www.w3.org/2014/11/21-privacyws-actions.rdf :
14:49:20 [RRSAgent]
ACTION: chaals to talk to schema.org about privacy policies. [1]
14:49:20 [RRSAgent]
recorded in http://www.w3.org/2014/11/21-privacyws-irc#T09-35-12
14:49:20 [RRSAgent]
ACTION: fjh to remember that we need to keep the statement "Meaningful control and transparency for users about use of information regarding them" could be a rough, high-level, design goal. Almost every privacy problem entails a lack of control." [2]
14:49:20 [RRSAgent]
recorded in http://www.w3.org/2014/11/21-privacyws-irc#T14-35-15
14:49:24 [rigo]
zakim, bye
14:49:24 [Zakim]
Zakim has left #privacyws
14:49:25 [MT_]
MT_ has joined #privacyws