08:37:39 RRSAgent has joined #privacyws 08:37:39 logging to http://www.w3.org/2014/11/21-privacyws-irc 08:37:53 rrsagent, please set log public 08:37:58 scribe:Chaals 08:38:03 scribenick:chaals 08:37:53 Meeting:W3C Workshop on Privacy and User–Centric Controls 08:37:53 Agenda:http://www.w3.org/2014/privacyws/agenda.html 08:37:53 Chair: FrederickHirsch MatthiasSchunter 07:51:38 present+ rigo GökhanBal MatthiasSchunter FrederickBorgesius MeikoJensen DominicBattré 08:06:19 present+ FrankWagner Chaals FrederickHirsch SebastianAmorim 08:06:19 present+ VolkerBirk ChristosPerentis ChristianFuhrhop RobertBrauer 08:06:19 present+ SebastianAmorim AxelNennker JörgHeuer AndreasKuehne 08:06:19 present+ ChristineRunnegar KarimaBoudaoud FrederikBraun MartinKurze 08:06:19 present+ JohannesLandstorfer EroBalsa ReubenBinns DavidSinger SörenPreibusch 08:06:19 present+ MartaPiekarska MarkusTschersich AlinaHua IstvanLajtos 08:06:19 present+ HaakonBratsberg SigbjørnVik AngeloReale Carlos 08:06:19 regrets+ Ninja Marnau 08:06:19 Topic: GSMA Privacy Guidelines 08:37:43 … Looking at what it would mean for Operators to provide identity management etc. 08:38:04 … among other things we need to do. 08:38:09 haakonfb has joined #privacyws 08:38:49 … Mobile privacy: it's complicated (we can say that now facebook joined). 08:39:03 alina has joined #privacyws 08:39:23 … Since 2010 we have made some good progress. 08:40:19 … Main points [slide] basically looking for a baseline. 08:41:13 .oO( privacy is nothing you can add to your system – it's data sparingness in the first place ) 08:43:28 q+ to ask about international applicability... 08:43:54 schunter has joined #privacyws 08:43:59 … One challenge is the number of guidelines being developed around the world - it is a pretty fragmented space. 08:44:17 … Weare trying to get our members to adopt our guidelines - with some success. 08:44:42 Q? 08:45:36 … [less than half the users who are worried about privacy say they will do something about it if they are unsure what will happen to their information] 08:45:41 q? 08:45:41 q+ 08:46:03 q+ RobVanEik 08:46:14 chaals: if you do international guidelines. To what extend do you respect national restrictions 08:46:25 kboudaou has joined #privacyws 08:46:25 christine has joined #privacyws 08:46:29 ack chaals 08:46:29 q? 08:46:29 chaals, you wanted to ask about international applicability... 08:46:29 +q 08:47:04 Ack p 08:47:07 Istvan: That's the challenge. We look for the lowest common denominator across different jurisdictions, and draw a line there. Above it is good, below it is clearly bad. 08:47:16 Soren: Do you come with a carrot or stick or? 08:47:25 q+ (Gökhan) 08:47:32 Frederik-Amsterdam has joined #privacyws 08:47:47 Istvan: This is a guideline, not a standard. It's a set of Recommendations. We have seen fragmentation as operators try to follow the minimum standard. 08:48:01 Soren: You have a stick… you can block things… 08:48:06 DominicB has joined #privacyws 08:48:07 Istvan: Not really. 08:48:13 … we can make recommendations. 08:48:20 angeloreale has joined #privacyws 08:48:32 Matthias: No enforcement power? 08:48:37 Istvan: Not really. 08:48:44 ack R 08:48:59 kristina-nk has joined #privacyws 08:49:02 RobVE: What is the scope? If developers use a framework for ads, is that addressed? 08:49:35 Istvan: Implicitly. It's difficult to pick it out, and is mentioned in guidelines e.g. in use cases and examples. 08:49:47 RVE: Does that trigger developers to understand it? 08:49:56 q+ to ask about conformance procedures 08:49:58 … It's a stretch... 08:50:03 Istvan: Right. 08:50:03 ach c 08:50:07 ack c 08:50:10 s/ach c// 08:50:33 Christine: Guidelines have been there for 2 years. Do you have examples of how practice has changed in response? 08:50:42 s/2/4/ 08:51:03 fwagner has joined #privacyws 08:51:16 Istvan: No. I'll take the question away. We have operators who have worked on developing communities and follow things. Our biggest challenge is to work with platform vendors and handset manufacturers. 08:51:37 … I've only been in this area for 6 months, I need to talk to people who are closer and can answer the question. 08:51:40 ack gö 08:51:43 ack ( 08:51:52 Gökhan: Do you have feedback from app developers on adoption? 08:52:09 Istvan: Challenge we are facing is that we don't have direct contact with developers. 08:52:17 Q+ martin 08:52:30 ack ri 08:52:30 rigo, you wanted to ask about conformance procedures 08:52:30 … We work through our members to reach their communities of developers. 08:53:16 Rigo: If the guidelines are not as precise as a specification, they can be complemented by an in- or outhouse procedure to check if someone claiming compliance really is compliant. 08:53:41 … do you have such procedures, or are you just in the encouragement phase? 08:53:46 Istvan: The latter. 08:53:46 Ack m 08:53:53 + q I want to ask for examples of requirements that are different from country to country. Is EU always the strictest? 08:54:07 Martin: Did you talk to carriers and OEMs about including your guidelines in their requirements etc? 08:54:11 Istvan: Yes 08:54:20 q+ frederik-Ams 08:54:37 s/+ q I want to ask for examples of requirements that are different from country to country. Is EU always the strictest?// 08:54:37 erobalsa has joined #privacyws 08:54:51 Istvan: This is the way we are trying to promote the guidelines in practice 08:55:26 Martin: In DT we are inserting privacy requirements in our terminal requirements that manufacturers need to meet. Then things might get to app developers. 08:55:34 q+ 08:55:42 DT_Martin has joined #privacyws 08:56:10 Istvan: We're working in that way now. Other opportunity is to work with W3C to promote the work - we're interested in looking at the opportunities. 08:56:56 Istvan: Don't think there is any plan to collate requirements globally. 08:57:12 Martin: So privacy depends on the country? 08:57:17 Istvan: Yes. 08:57:31 It's a different requirement. 08:58:10 [rathole on what operator requirements are and how much they matter] 08:58:43 q+ 08:58:55 Martin: GSMA requirements effectively provide the lowest common denominator - the intersection of requirements. 08:59:07 q- 08:59:09 ack fre 08:59:50 q+ to say that OEM guidelines and GSMA guidelines should provide the hooks for the interface 09:00:02 Frederik-AMS: Saw this map with different requirements in different parts of the world. I've spoken to US companies who say "we comply with EU law, and then we're good everywhere". Can you give examples where that isn't true? 09:00:13 Istvan: That's not really my department, but… 09:00:31 Ack p 09:00:35 … There are minimum requirements that are common everywhere, but there is a lot of fragmentation. I could dig out some details if you're interested. 09:01:33 Soren: I thought your requirements are on the software side. But thinking of operator hardware requirements, if there is a pre-installed app that doesn't require consent and you say that won't meet requirements, OEM can't put things on the device. 09:01:50 Istvan: Yeah. But there ar only recommendations, I cannot force this to be followed. 09:01:54 Ack r 09:01:54 rigo, you wanted to say that OEM guidelines and GSMA guidelines should provide the hooks for the interface 09:02:10 rrsagent, generate minutes 09:02:10 I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html fjh 09:02:47 + 09:03:01 Rigo: The relation between OEM requirements and what we do here, the device gives an interface, and that's where you can do things. The device has to give the interface to understand what happens. So the GSMA role could be to coordinate with Telcos to put things in OEM guidelines 09:03:14 Q? 09:03:28 … We don't have unification to the point where we have everything already, do we? 09:03:44 Istvan: Right. We want to have guidelines for the industry to start at. 09:03:55 Rigo: I am looking for concrete leverage. 09:04:25 fwagner: We have internal requirements for app development, aligned with GSMA guidelines, a bit more detailed on a company / country level. 09:05:10 … Thinking about addressing privacy requirements in OEM requirements, on a more generic level, for example we might only want to get handsets that support privacy setup for the user. 09:05:14 Soren: Great. 09:06:18 Topic: Standardised privacy policies. Post-mortem, promising developments. 09:06:53 RB: A few reasons to be negative about previous attempts and why they failed, and why it might be possible to do it right. 09:07:22 … Example company policy. We started trying to standardise this in 1997 with P3P. 09:07:55 … The individual incentives aren't sufficient - standards work when they are adopted throughout the ecosystem. 09:08:22 … but we all want to use our own. 09:08:27 q+ to question tranlating legalese 09:08:46 q- 09:08:50 … Moving from legalese to human readable to machine readable is a big challenge - it is hard to do it accurately. 09:09:01 s/… but we all want to use our own.// 09:09:09 If the privacy policy reflects the actual process, as engineered, no translation from legalese to machine-readable format is necessary. 09:09:19 q+ to ask about legalese 09:09:20 … The combination of skills required are actually quite rare 09:09:44 [http://xkcd.com/927 in text form] 09:09:58 RB: So why keep trying, what will make this work? 09:10:37 … Lots of small companies are trying to do this. There are databases of legal clauses that are the kind of standardisation we want to see - we got the lawyers out of the equation 09:10:57 s/lawyers/need for individual lawyers each time we want to do something/ 09:11:02 q+ 09:11:27 … People are making legal compliance tools 09:11:38 Istvan has joined #privacyws 09:11:44 [Terms of Service: Didn't read] 09:12:28 … You don't need to ask permission, you just go around explaining what other people are doing until they decide to do it right. If you succeed you get companies coming forward to ask how to get it right. 09:12:42 q+ RobVanEijk 09:12:46 q+ to ask about policies as a source for input into the metrics machine 09:13:01 … promising, but will only be a subset of what's out there - how do you scale it? 09:13:16 … Would it be possible to use this data to train machine learning on policies? 09:13:48 … e.g. Legalsifter has a bit of a look through freelance contracts that way. Natural Language processing. 09:14:06 … I've been looking at whether there are clauses we can detect easily and match to things we know. 09:14:30 … Important to be clear that something was done on best-guess statistics based on a human model, not an actual assessment by a real brain. 09:15:22 … Carnegie-Mellon are working on a similar question - can you find policies and determine automatically whether they are transparent? Some success. Can you delete your account? Couldn't figure it out. 09:15:37 Q? 09:15:38 … You need data to feed whatever user interface you decide to work on. 09:15:46 … These are ways to deal with a large corpus. 09:15:53 Ack f 09:15:53 fjh, you wanted to ask about legalese 09:16:18 + q 09:16:40 FJH: It's futile to translate a privacy policy into english. Lawyers are careful to deal with ambiguity. But interesting to see the simplification. Is it possible the policies get simpler and the nuances addressing corporate risk get thrown out? 09:16:46 s/+ q// 09:16:54 q+ frederic 09:17:25 RB: The question is whether they need to collect what they want? What's the business case - is there one? 09:17:33 FJH: You want to keep the doors open. 09:17:51 Ack p 09:17:55 RB: OK. But if you provide pressure, you might get people to close off opportunities they think are unlikely 09:18:27 SP: I think the idea of turning a privacy policy into something simple is flawed. It is meant to describe what we do, rather than a lawyer write rules and engineers go code them. 09:18:28 q+ 09:18:36 q+ 09:19:09 … There is a reason why the policies are so long. It is better to make them specific to the website at hand. Just cobbling clauses together you get a simplistic policy - "we collect stuff and use it". And it is accurate. 09:19:40 .oO( a text which is long and complicated is usually being writting not to be understood ) 09:20:07 RB: You could go looking at full legalese content and rate something, without simplifying. Or you could make a simpler explanation of what happens. I don't think every policy is long and covers everything. There are real differences in place. If we can uncover them, that is meaningful progress. 09:20:20 Ack r 09:20:20 rigo, you wanted to ask about policies as a source for input into the metrics machine 09:20:20 … Agree there is a danger in over-simplifying legal text. 09:20:36 q+ to ask about policies as a source for input into the metrics machine 09:20:41 Q+ rigo 09:20:43 ack Ro 09:20:44 Rob: You showed some projects. Many are no longer active. Which of these would you pick as worthy of attention? 09:20:47 Ack ro 09:21:21 marta has joined #privacyws 09:21:37 s/writting/written/ 09:21:57 RB: I would say ToS:DR is the most promising. Doesn't require anyone to agree in order to rate them. Although there are possiblities for abuse. But it is open, ergo transparent. 09:22:14 … They are making it easier to submit things. 09:22:20 ack r 09:22:20 rigo, you wanted to ask about policies as a source for input into the metrics machine and to 09:22:23 Ack ri 09:22:44 Rigo: When we did P3P, we had a policy generator before it was even finished. 09:23:04 … questionnaire led to human- and machine-readable policy. 09:23:59 … We haven't looked at privacy policies in W3C for 10 years except in PRIME-LIFE, which was inconclusive. I think policies merit their own workshop. But here, what can we draw from our interfaces from such policies 09:24:03 Rigo calls for a Workshop dedicated to privacy policies. 09:24:39 … Most promising new approach is from Raggett. Let's throw away stuff that didn't work in P3P, and use a javascript library to connect to a Primelife form. 09:24:44 q+ 09:24:56 … [position paper, 2010 W3C privacy workshop] 09:25:20 RB: I'm not addressing the controls, but what goes intothem. 09:25:32 Ack fred 09:25:39 Rigo: DNT has policy - what we do... 09:26:27 q+ 09:26:30 Frederic: Don't see an easy solution, but reason for complexity of privacy policies is that they are kind of a contract, and american law makes that painful. In EU law, privacy policies are not contracts but serve another function: transparency. EU law requires firms, in short, to describe the goals for which it uses personal data, and other information that's required to ensure fairness. 09:26:44 … If you only had to have a EuropeWideWeb things would be a lot easier 09:26:47 Paper from Dave Raggett: http://www.w3.org/2010/09/raggett-fresh-take-on-p3p/ 09:26:50 s/PRIME-LIFE/PrimeLife/ 09:27:04 RB: In ToS:DR there is a tension between "what do they do" and "what are my rights" 09:27:14 Ack ds 09:27:35 DSinger: Problem - lawyers write policies so they could do more than they can. Because if they don't set the envelope wider, they are worried about getting caught out later. 09:28:02 … Some projects tried to explore the idea of making a library of common clauses. 09:28:05 q+ 09:28:10 framework: http://www.w3.org/2010/policy-ws/ 09:28:24 … Do you think that approach has any viability? Like Creative Commons? 09:28:39 Rigo: Short Notices - P3P for people who don't have a computer. 09:29:00 DS: Yes, a lego approach to privacy policies. Might help comprehensibility. Is that possible? 09:29:16 Wider privacy policies allow for changes in the product functionality and service features. Otherwise, costly changes to the privacy policy would need to happen more often. 09:29:20 Ack fw 09:29:31 RB: You can see a convergence where crowd-sourcing pushes, but I don't see a lego approach working. 09:29:59 Rigo: Short notices didn't allow for edge cases companies wanted to keep open, so companies didn't go with it. 09:30:13 Q+ operaguy 09:30:24 RB: It's an inefficient process if you try to get some icons and get lawyers to match them. 09:30:32 Soren: You always need lawyers 09:30:34 .oO( but a Lego approach is the only way to make people understand legal texts, so this probably concludes to “it will never work” ) 09:30:36 RB: Not neessarily. 09:30:38 q- operaguy 09:30:54 fwagner: Who is reading actual privacy policies? Lawyers, privacy nerds, and nobody else. 09:31:08 q+ Sigbjørn 09:31:09 … so who are they for? users, or contract requirements? 09:31:23 s/privacy nerds/privacy advocates/ 09:31:43 … When users come to privacy policies, they have concrete quetions. Why can't we write them in form of FAQ? 09:31:44 nuance is essential to law 09:31:48 q+ 09:31:50 is that true? 09:32:21 RB: They are written for lawyers, privacy advocates, and for regulators. 09:32:30 … would like to see the information collect to be shared 09:32:33 Q? 09:32:43 zakim, close the queue 09:32:43 ok, chaals, the speaker queue is closed 09:32:47 Zakim, close the queue 09:32:47 ok, schunter, the speaker queue is closed 09:32:52 Q? 09:33:08 .oO( the idea of a contract was two parties are agreeing on certain points at one point in time – if one party even does not understand, we shouldn't see that as a contract at all ) 09:33:15 fjh: I think rigo said that we got a useful vocab out of P3P, a JS library would make them useful. Maybe Schema.org would be appropriate to that. 09:33:31 [as the only guy in the room who is part of schema.org directly, I'll notice it] 09:33:43 Ack fj 09:33:51 RB: That's the approach Creative Commons took. Didn't work out, but similar path. 09:34:10 JSON-LD would also bring the privacy vocabularity into linked data etc 09:34:38 Ack ang 09:34:39 sounds like a great idea to me 09:34:55 Angelo: Suggest building on convergence. Would be interesting to gnerate multimedia output from each paragraph - animation, audio, flashing lights… 09:35:03 you wanted to say, sounds like a great semantic web project 09:35:12 ACTION: chaals to talk to schema.org about privacy policies. 09:35:30 no, JSON-LD means nobody knows about semantic web but mechanisms can work 09:35:37 Q+ 09:35:46 … devise a sequence hierarchy to generate videos for an entire contract - build-your-own Contract: The Movie 09:35:48 a beautiful thing 09:35:58 q? 09:36:00 RB: There have been a lot of intersting approaches to do that. 09:36:22 ack MarkusT 09:36:50 Markus: 1/3 of apps analysed in a project actually have a privacy policy. The reading level required is very high to understand it. Important to reduce complexity, and provide enforcement of the requirement that everyone has a policy. 09:37:00 … App stores should enforce that. 09:37:09 RB: Maybe GSMA could enforce that… 09:37:10 Ack si 09:37:37 Sigbjørn: Most apps either get sold, or go bankrupt (and are required to sell their user data in liquidation). Can you avoid this in any way? 09:37:51 RB: There are some ToS that deal with liquidation. But not generally. 09:37:57 Link to the publication: http://jamia.bmj.com/content/early/2014/08/21/amiajnl-2013-002605.abstract 09:38:23 are contracts void upon bankruptcy ? 09:38:25 Ack dt 09:38:36 A good example I've seen recently is McAfee's (Intel) privacy policy: the full notice or a cartoon-style walkthrough that explains the most important concepts: http://www.mcafee.com/common/privacy/english/index.htm 09:38:56 Martin: Apps can provide 2 kinds of policy. The full legal document, and a simple non-legally-binding but legible version. 09:39:16 RB: Right. 09:39:56 Zakim, please open the queue. 09:39:56 ok, Preibusch, the speaker queue is open 09:40:07 Topic: Empowerment and Protection 09:40:19 FB: I'm a legal researcher, not a computer scientist. 09:40:34 … In law you can empower people, or protect them. 09:40:48 … (to defend privacy). 09:41:22 … e.g. every law I know requires data holders to keep it secure. Whatever users do. 09:41:47 … An example of empowerment is food labeling requirements. 09:42:18 … Example of protection is banning certain ingredients. Or requiring safety standards in cars. 09:43:19 … Some of the problems might not be best solved by empowerment. On a website for debt problems, every social media site knows I was looking, and zillions of general trackng sites. 09:43:51 … I am not sure this CAN be made transparent enough to allow empowerment to be useful. We should consider protection here. 09:44:08 … But then, I also don't think protection alone is going to solve our problems. 09:44:39 q+ to talk about automatically securing 09:44:47 … How do we translate this? We want transparency and informed consent. But what about actually securing communications authomatically? 09:45:04 Q? 09:45:06 … Services that are frugal with data and don't store it mitigate risk. 09:45:23 q+ 09:45:59 q+ 09:46:09 Rigo: Auto-secured data - we have seen interfaces using metrics to display a colour or icon. You can use them to trigger a reaction of the browser - switch off javascript when things look shaky. 09:46:37 … I suggested making data protection a function of the entropy of data. And it got the response I deserved as a person, rather than what the idea deserved. 09:46:43 q+ 09:46:50 q+ 09:46:55 … You can be wrong in calculating risk, but it isn't obviously destined to fail. 09:46:55 Ack ri 09:46:55 rigo, you wanted to talk about automatically securing 09:46:57 ack rig 09:47:03 Ack vo 09:47:33 Volker: Basic problem with protection is that the custodians have no way to enforce the rules. 09:48:01 … if people ignore the law, there are no consequences. So protection is chimerical. Can we change that? 09:48:21 my suggestion is to take the metrics we saw in the opera presentation, use those metrics to calculate the level of risk and make the software react on the threat - level by switching off functionality selectively 09:48:38 FB: Important remark. There is hope in Europe that a new regulation will introduce serious penalties. 09:48:55 … We'll have to see how that plays out. 09:49:05 q+ 09:49:31 … We could look at building class-action systems for teh case where the individual damage is low but the overall damage is high. 09:49:38 … (probably for lawyers, not W3C) 09:50:59 VB: Don't agree on kicking away the legal idea. Empowerment is not failing because people don't *want* privacy, nor because people are stupid, but because people are unaware that they have to think before they act about privacy. 09:51:20 I suggest people have greater trust on online activities based on trust on physical activities due to consumer protection laws 09:51:24 … With icons or something similar, you can raise awareness. 09:51:43 DominicB has joined #privacyws 09:51:45 … What can be done in empowerment to create awareness in the actual situation of users? 09:51:47 rigo, there are equivalents of "class action". For instance, Verbandsklagerecht in Germany 09:51:53 s/suggest/hypothesize/ 09:52:31 q- 09:52:36 FB: Agree people care, but it is hard to act according to your preferences. Analagously I am against child labour, but don't know how to act effectively on that. 09:52:59 … We haven't *seriously* tried empowerment - we still accept that nobody will read a privacy policy. 09:53:11 q+ 09:53:20 Ack ang 09:54:08 FB: At some point lawyers say "no, we are just going to ban things, whatever the user does". 09:54:13 … maybe something like that works. 09:54:18 Q? 09:54:43 Angelo: Important to facilitate display of metrics, but also encourage companies to protect by default. 09:55:00 … prompting user first time is common, but simplify updating of settings. 09:55:03 FB: Agree. 09:55:38 q+ 09:55:48 Soren: Follow suggestion to make software more aware of the environment, to support the user make good privacy choices. I am sceptical that software has all the information to make the optimal choice, but we can go in that direction to have a big 80/20 impact. 09:56:33 … This is where security and privacy can go hand in hand, especially with personal devices like mobiles. We could have a privacy-aware personal assistant based on machine learning… 09:56:52 ack p 09:57:07 Markus: You talk about defending privacy. So there is a need for regulation. EU is working in this area. 09:57:09 q+ 09:57:24 … there are companies not willing to accept regulation. So what is the basis for policymakers? 09:57:45 s/policymakers/making policies?/ 09:58:16 FB: Fundamental rights are important, and another good reason is market failure. There is a clear market failure to protect user privacy, transparency requirements are not working. 09:58:44 … If there is a market failure and no market-based answer, we use protection. 09:59:51 Markus: The good guys say "we have a decntralised architecture, the bad guys have a centralised one. But the bad guys are winning in the market. Why should regulators push the market to do privacy if peopleare not choosing the privacy-friendly providers anyway? 09:59:55 s/protection/market intervention/ 10:00:26 FB: Hope privacy becomes a competitive argument, but information asymmetry means there is no need to actually compete 10:00:29 fwagner_ has joined #privacyws 10:00:46 [why information asymmetry breaks markets…] 10:00:57 … the way to solve that is through regulation 10:01:08 .oO( Critical mass: if your friends are all on Facebook, you'll join in wether you find another SN ways better or not ) 10:01:17 [volker - right] 10:01:34 q? 10:01:36 FB: If the market solves the problem, the regulator should stay out. But otherwise... 10:02:19 Volker: not necessarily, if some of your best friends are on a better SN you might find it more interesting 10:02:34 angeloreale: if 10:02:35 FJH: Agree that the answer may be regulation to improve things. Food regulation means people trust it. People have transferred that trust to the internet, where the same principles don't apply. 10:03:11 [repeating what rigo was suggesting] 10:03:36 Ack dom 10:04:11 Dominic: About icons. Google is criticised for sharing anonymised 3rd-party data. How can I get rid of that criticism from Chrome? 10:04:45 s/from Chrome/in the context of the Chrome product/ 10:04:59 … users who opt into metrics share anonymised aggregated information about the web that is shared with the community to help develop the web, or to detect malware and warn others. 10:05:22 lynXintl has joined #privacyws 10:05:31 … Both of these are good for the world, but we get criticised. 10:05:41 … What do I do? 10:05:55 CMN: Go to ToSDR, and argue your case. 10:06:00 Ack dom 10:06:06 makes sense to come to the irc chan 1.2 days late ;) hi everyone 10:06:09 RB: Was there a negative judgement? 10:06:40 DB: The icons incentivise poor decisions - stop helping the web, to make ourselves look better? 10:06:43 Ack cha 10:06:44 i haven't ever heard the room laugh because of a joke on irc… or maybe i was distracted? 10:06:53 Volker: true, but sometimes the critical mass premise keeps people from believing / investing or devising better solutions for SNing when it shouldn't be seen as definitive. Markets are not bound to fb for eternity and even though it's not easy (i.e. g+) there might be some technological / philosophical (privacy and security?) upgrades that shall retake their market. (I personally wouldn't... 10:06:55 ...think twice to leave fb if I would know at least 1 friend is using a SN that feels better by using it) 10:07:17 Q? 10:07:31 angeloreale: my personal hope is that teenagers don't wanna use what their parents use. 10:07:37 chaals: legal protecion is important , relates to expectations 10:07:45 chaals: Why Rigo's technology idea is important. In some countries, changing regulation is difficult. Working for Yandex, I can say that technology could help where the law cannot be changed for the befit of the user. 10:08:06 s/protecion/protection/ 10:08:06 i love how this debate is obsoleting many of my slides… because i have 20 for 20 minutes, so i can skip at least 6 or 7 10:08:57 yes i am afraid… i hope your upload channels are still fresh and open :) 10:09:14 chaals: "Let's build systems that can support users that can support users". Protection can be combined with empowerment when thresholds are user-adjustable. 10:10:08 convenience convenience eonvenience 10:10:10 DominicB has joined #privacyws 10:10:20 s/convenience convenience eonvenience// 10:10:26 diaspora doesn't scale 10:10:36 otherwise it would have had its chance 10:10:37 convenience vs privacy discussion 10:10:48 chaals: Positive network effects amongst social network users work against migration to alternative networks. 10:17:57 erobalsa has joined #privacyws 10:31:12 reuben has joined #privacyws 10:33:57 scribenick: reuben 10:33:57 scribe: ReubenBinns 10:33:57 Topic: A Web in Respect of the Constitution is Possible 10:40:39 MarkusT has joined #privacyws 10:41:06 DominicB has joined #privacyws 10:42:06 fjh has joined #privacyws 10:42:22 s/Positive network effects amongst social network users work against migration to alternative networks/People care about privacy, but it isn't a binary proposition. They will generally trade it for convenience (see yesterday's discussion about the difficulty of predicting long-term cumulative consequences of immediate atomic decisions)/ 10:42:34 fwagner has joined #privacyws 10:45:05 MarkusT has joined #privacyws 10:45:38 marta has joined #privacyws 10:47:25 https://en.wikipedia.org/wiki/HBGary#Astroturfing 10:48:03 [do you want to send a packet back from an intermediate transit point?] 10:48:26 q+ 10:48:34 Zakim, please open the queue. 10:48:34 ok, Preibusch, the speaker queue is open 10:48:36 zakim, open the queue please 10:48:36 ok, chaals, the speaker queue is open 10:48:37 q+ 10:59:05 Frederik-Amsterdam has joined #privacyws 11:00:03 q+ 11:01:15 BTW, Facebook has an .onion address now. 11:01:27 [yeah, a nice one...] 11:01:30 p≡p is based on GnuNet 11:02:23 kristina-nk has joined #privacyws 11:02:41 q+ 11:05:43 erobalsa has joined #privacyws 11:05:49 Q? 11:06:21 rigo: micropayments are actually possible with cryptocurrencies, that's why I'm waiting if someone starts doing 11:06:23 Ack pr 11:06:44 Volker: 2015 will be the year of micropayments 11:07:01 Soren: Just because you can do something doesn't mean you should. I'm somewhat sympathetic to radical innovation, but much disruption of the web has given has come from market forces. There's low chance of working against the market forces 11:07:01 Volker: or 2115. 11:07:10 s/Volker/rigo/ 11:07:19 Q? 11:07:28 Carlo: The idea is to fix the protocols, and then allow the marketplace to return on this new playing field (with users protected) 11:07:31 rrsagent, please draft minutes 11:07:31 I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html rigo 11:07:35 q+ 11:07:38 rrsagent, pointer 11:07:38 See http://www.w3.org/2014/11/21-privacyws-irc#T11-07-38 11:07:46 q- 11:08:02 Carlo: we have to offer an alternative approach - an internet that respects rights and privacies, and on top of that companies can compete 11:08:21 Frederik(K): Public keys can be identified...? 11:08:28 Ack fj 11:09:00 Carlos: But everyone can have multiple public keys. A new one generated every time a user has a new interaction with a company 11:09:10 Ack ch 11:09:42 chaals: the more p2p you use, the more you pay. How do you transfer that cost? 11:10:16 s/Frederick(k):/fjh:/ 11:10:24 lynXintl: networks will need more relay nodes than ever seen with Tor. We'd need data centres in every city with relay nodes, providing a back-end. 11:10:37 chaals: How do you build them - they're not free. 11:10:46 Q? 11:11:05 lynXintl: Telecoms will be incentivised because they will be paid. Oriented towards charging by use 11:11:18 chaals: If telco's can't predict there income, they won't invest 11:11:25 https://gnunet.org/compare 11:11:30 rvaneijk has joined #privacyws 11:11:39 q+ 11:11:41 lynXintl: the political will is needed 11:12:26 chaals: Is the government going to pay for it? 11:12:45 q+ 11:13:00 lynXintl: the first step is political decision, and general consciousness is that 'we can't continue without seatbelts'. 11:13:01 q+ 11:13:05 Ack pre 11:13:27 Preibusch: Telco is 15% of workforce in tech. 11:13:51 lynXintl: We change architecture, and we create slightly different jobs - software on devices. 11:14:11 Ack ma 11:14:21 marta: Open hardware or free hardware? 11:14:27 s/Preibusch: Telco is 15% of workforce in tech.// 11:14:29 lynXintl: free as in Stallman 11:14:36 re hardware, pointer to http://wiki.cryptech.is/ 11:14:52 marta: you're not talking about baseband and simcards - the basement is not open. 11:15:06 lynXintl: that closed hardware would be history 11:15:19 marta: also concerns about security - you need a very good design 11:15:34 lynXintl: it doesn't matter because we'll design it from scratch 11:15:36 "GSM? Sins of the past!" 11:15:51 Istvan: GSM dead in 10 years? 11:16:25 q+ to ask about "on top" 11:16:28 Istvan: i don't believe it's just going to dissapear like that 11:16:50 lynXintl: there is plan to allow GSM to work alongside for compatibility 11:17:07 Istvan: 2 million machine-to-machine devices which won't go away 11:17:17 Istvan: I'm talking about long timescale here 11:17:56 marta: 3g requires connection to chip? there are huge bugs in the design of the basband e.g. qualcom chips - very easy to hack into it if open source 11:18:10 lynXintl: security by obscurity not good... 11:18:18 Ack ch 11:18:26 .oO( security by obscurity never worx and is a Chimera ) 11:18:29 s/Istvan lynXintl 11:19:09 chaals: if this happens, people will go and keep on using the big company services - how do you stop them from re-aggregating the data 11:19:30 lynXintl: this proposal has seen cryptographers, lawyers, policymakers involved 11:19:43 Q? 11:20:11 lynXintl: the internet itself stops being a product and more of a common good for everyone - products happen over it. if you try to monopolise, it wouldn't work or it would be illegal 11:20:25 Ack ri 11:20:25 rigo, you wanted to ask about "on top" 11:20:37 s/2 million/2 billion/ 11:20:47 q? 11:20:48 fwagner_ has joined #privacyws 11:21:13 rigo: can you imagie a gateway between the alternative internet and the existing 'evil' internet? e.g. public key routing could be tried in a university context. we could have an ipv4/6 gateway... 11:21:21 [Actually, security by obscurity works a lot, if you apply it with a certain tolerance for failure] 11:21:24 lynXintl: i2p already does public key routing 11:21:40 [And most real people have a certain tolerance for security failure] 11:21:52 rigo: the problem with those technologies - even as a fundamentalist i find them too slow - a quarter of my usual output 11:22:18 lynXintl: but e.g. tor's speed has increased dramatically recently, you can change tor settings. I use it for everything. 11:22:25 Q? 11:22:33 fjh: is it easy to configure / tune 11:22:38 will try 11:23:00 lynXintl: i'm not advocating tor for this project, but is a prototype - not necessarily what we need to runa telephone network 11:23:31 s/will try// 11:23:55 s;is it easy to configure / tune;; 11:30:00 Volker: if the packet is encrypted for a certain public key, it shouldnt be visible which public key sent it…by not putting the source we reduce the necessity for onion routing because any packet forward helps anonymize the communication 11:31:25 q+ 11:31:27 Preibusch: IPv6 does not fix most of the problems we are facing 11:32:03 chaals: how does something get easier to inspect for NSA? 11:32:33 Preibusch: eye-tracking is welcome, but it needs to go through the defender chip ;) 11:36:19 Preibusch: in total i expect less need for relay nodes than the absurd number of servers that are bored by their job to accept one useful mail and 70 spam mails an hour 11:36:35 btw, in the GNU internet spam is no longer possible… sorry for that business model going downhill 11:36:39 Meiko has joined #privacyws 11:38:21 horse correct battery staple 11:39:06 for earlier: GSMA Privacy guidelines http://www.gsma.com/publicpolicy/mobile-and-privacy/gsma-mobile-privacy-initiative 11:39:32 erobalsa has joined #privacyws 11:40:14 AndChat|281441 has joined #privacyws 11:40:58 erobalsa has joined #privacyws 11:43:50 Topic: p≡p position paper 11:41:16 Q? 11:41:21 Volker notes theme of privacy by default 11:42:32 Ack s 11:42:42 Ack pr 11:42:51 q+ to ask whether we can apply this to web crypto 11:43:01 q+ to nitpick on interfaces 11:43:10 Preibusch: I support the pragmatism of working with existing infrastructure. A comment: there is a the simplysecure foundation that are trying to make platforms more secure 11:43:29 q- later 11:43:50 Volker: I tried to to speak to them, but they didn't respond. 11:43:57 q- later 11:43:59 Ack ch 11:43:59 chaals, you wanted to nitpick on interfaces 11:44:23 chaals: little buttons that are all the same apart from colors is not a good UI. 11:45:43 https://simplysecure.org/what-we-do/ 11:45:53 Volker: we are working on icons, including for those who are colorblind. I agree, but we need more time to work on this. I could get 30 design people, but have no funding. We won't move to silicon valley for funding, in my experience there ain't no [expletive] VC in Europe. 11:46:05 q+ 11:46:16 Ack ri 11:46:16 rigo, you wanted to ask whether we can apply this to web crypto 11:46:17 Volker: we have some fortune 500 companies interested, this may enable us to earn some revenue 11:46:56 rigo: i agree that the CA system is borken. We have the web crypto thing going on. Could the things you are doing here lead to an e2e encryption of web pages? 11:47:16 Volker: yes you could use http 11:47:55 s/borken/broken/ 11:47:58 could use safe roots in combination with web crypto 11:48:00 Volker: I think we can merge pEp and secushare into a single project… :) 11:48:30 q+ 11:48:35 Ack pr 11:48:42 Volker: we support the web of trust for compatibility reasons, use gpg, otr etc. But you could use safe routes too. the database of P=P stores trust info, we move trust from key to key if we can guarantee that makes sense. if keys are renewed trust is transfered - unless you lost of compromised your keys 11:48:53 q+ 11:49:05 Preibusch: outsourcing? 11:49:11 btw, that was me talking to Volker, not Volker saying that.. there has been some quoting on this channel which collides with IRC addressing culture 11:49:21 Volker: the idea was to allow in the LAN a box that will implement P=P 11:49:29 rvaneijk has joined #privacyws 11:49:32 Preibusch: can you P=P in the cloud? 11:49:37 Volker: yes 11:49:44 Ack fr 11:49:52 Ack fj 11:50:03 fjh: revocation is not a problem here because you manage your own keys, is that right? 11:50:29 Volker: yes 11:50:31 Ack ero 11:50:31 q? 11:50:52 ??: how to synchronise across devices? 11:50:55 Zakim, close the queue 11:50:55 ok, schunter, the speaker queue is closed 11:51:11 q+ 11:51:34 Volker: we send what changed as a diff SQL insert in an attachement in an email. 11:51:38 s/yes/well revocation is still necessary, but simplified in operation and supported in pEp/ 11:52:36 Volker: if you have a new device P=P automatically notices 11:52:55 Volker: with that trick we're doing the organisation of device groups 11:53:02 erobalsa: there is no recovery? 11:54:12 Volker: there is, you put a device in a device group, sends mesage to others, then a private key sent to the new one, then the user acepts whether or not it is a safe group, then the private key is replicated on every device. if you lose your device, we recommend encryption e.g. truecrypt 11:55:14 scribenick: cf 11:55:14 scribe: ChristianFuhrhop 11:55:45 Topic: Ero Balsa - Why can't online networks encrypt? 11:56:21 p≡p unfortunately cannot recommend TrueCrypt any more, so we're waiting how this develops 11:56:49 Volker: what about implementing pep on a web level? or ist only meant for device / browser implementation 11:56:50 It is an issue for consumer versions of Windows only, because all other systems have ready made solutions for device encryption and we're recommending them 11:57:07 angeloreale: it is meant to be on web level, too. 11:57:26 Zakim, open the queue 11:57:26 ok, schunter, the speaker queue is open 11:57:29 angeloreale: unfortunately, my budget is 0 + my own time. So feature by feature by feature ;-) 11:57:41 AndChat|281441 has joined #privacyws 11:58:07 Volker: i could use s/pep/p≡p to fetch all bunch of sources for messaging in one service? 11:59:01 Volker: later 11:59:26 is it stalin to the right? 11:59:48 lynXintl: leutenant Uhura communicating with Stalin 11:59:55 lol perfect 12:00:00 lynXintl: because she is communication officer 12:00:09 lol 12:00:11 she's got that thing in the ear 12:00:16 .oO( Stalin was a Klingon 12:00:17 ) 12:00:25 she's a traitor then 12:00:46 then again, who knows.. the federation may be communist 12:01:42 there's no money in the federation ... so, they are cloae to communism ;) 12:01:52 Model 1 is no end-to-end encryption 12:03:52 Model 2 requires client side software, so it might as well be p≡p 12:05:58 Model 3, OSN can MITM easily unless the UI is provided by the add-on rather than the web page 12:06:10 as long as the cleartext appears in the facebook page, it is unsafe 12:06:37 q+ ;) 12:06:56 ack ; 12:07:03 q+ lynXintl 12:07:21 oh sorry, didnt know it's a bot :D 12:07:40 hi Zakim hows it going? 12:08:54 it uses /me – so my work wasn't all useless ;) 12:09:16 ^_^ 12:10:06 Q? 12:10:33 ack lynXintl 12:10:38 Ack ly 12:10:41 lynXintl: Some tools for end-to-end encryption already exist. 12:10:53 Some of them are based on Jabber 12:11:00 Q? 12:11:06 There are also some end-to-end add-ons. 12:11:22 Problem with that approach - the moment you have clear text on web page, 12:11:37 it can be stolen/copied unless it is only shown in the UI of the 12:11:47 kristina-nk has left #privacyws 12:11:48 add-on, which is ugly and unpopolar. 12:12:09 Is there a new idea that is different from what I enumerated? 12:12:14 W3C could offer “clear text field”, which is accessable by ECMAScript by handle only, and can be given to a crypto plugin 12:12:38 use post 12:12:45 Ero: yes, some tools have lots of UI problems. They need to, 12:12:56 but can be improved, but main issue behind is key management. 12:13:17 lznXintl: But that clashes with web architecture. 12:13:20 cf: that's why p≡p started as a keymanagement project 12:13:24 Q? 12:13:25 cf: agree 12:13:48 cf: see proposal two lines above 12:14:00 Everyone is hungry, so the discussion ends... 12:14:11 RRSAgent, please draft minutes 12:14:11 I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html rigo 12:44:59 DominicB has joined #privacyws 12:46:41 DominicB has joined #privacyws 12:51:05 fjh has joined #privacyws 13:11:45 DominicB has joined #privacyws 13:12:44 scribenick: haakonfb 13:12:44 scribe: HaakonBratsberg 13:13:14 reuben has joined #privacyws 13:14:29 MarkusT has joined #privacyws 13:14:51 schunter: welcome back to last afternoon session - chairs has collected issues. 13:14:53 Meiko has joined #privacyws 13:15:07 rvaneijk has joined #privacyws 13:15:10 Topic: Discussion 13:15:16 … Frederik will walk us through the questions 13:15:28 … we have to plan some actions - what needs to be done by whom? 13:15:41 … identifying concrete next steps 13:16:11 MarkusT has joined #privacyws 13:17:04 Frederik: introduction - break into groups and discuss user control, metrics and architecture 13:17:12 … report from groups 13:17:38 … user centric controls - what do we mean when we say that the user is in control 13:17:45 … is it consent or is it choice 13:17:59 Preibusch has joined #privacyws 13:18:12 … is it more than control? 13:18:49 … can we use the approach that is in Firefox - if you don't consent it just goes away 13:18:57 marta has joined #privacyws 13:18:59 … how to control privacy 13:19:10 kboudaou has joined #privacyws 13:19:32 … Google privacy settings - but what if you want to agree to the privacy policy - can you control the settings while being anonymous 13:19:52 … Architecture: Can one address systematic issues one step at a time? 13:20:11 … business models and privacy at the same time? Is it possible 13:20:17 Volker: a write-only textarea would actually still not be safe since there is no guarantee the server delivers such html 13:20:51 … Awareness and metrics: Interest in developing common metrics. Server side - visibility into sharing, re-use etc 13:20:57 lynXintl: but this would guarantee that server will deliver what user types or something completely different 13:21:07 … is it possible to have metrics for privacy policies. 13:21:36 lynXintl: so the attack vectors of compromizing confidentially as well as slighter manipulations could be closed with that 13:21:58 schunter: Three topics - awareness, architecture and control - three groups? 13:22:41 … it seems like we have three groups (after raise of hands) 13:23:48 dsinger: do we need to split up? 13:23:58 volker, i don't see how you can integrate input/output controls in a web page that could be at any time replaced with tradtional server-centric html 13:24:14 schunter: We have 15 minutes per topic 13:24:34 … big issue - should we do something or not - if do, then something concrete 13:24:46 frederik: not deep dive into conclusions 13:25:00 schunter: pin-point some next steps 13:25:19 christine has joined #privacyws 13:25:41 dsinger, it is dangerous to make false promises… 13:26:01 i mean.. to the masses they would start using the stuff expecting it to be safe 13:26:01 q+ to remind Volker on how this works 13:26:04 q- 13:26:21 Re topic 1: There has been discussion in the W3C (e.g. in the Web and Mobile IG - http://www.w3.org/2013/07/webmobile-ig-charter.html - exploring the possibility of a "nice" Permissions API 13:26:26 and bulk surveillance is still technically possible… whenever somebody in charge decides it has to happen 13:26:37 q+ to “bring user into control” means identify all things which can be automated, and asking questions ONLY for things where user decision is necessary (default: private) 13:27:20 Karima: two important aspects 13:27:37 … we all agree from traditional technology to user-centric approaches 13:27:41 no, we don't agree 13:27:48 … 1) education and 2) UI design 13:28:04 Q+ for testing 13:28:05 q+ to Show consequences of Privacy by Default 13:28:15 Ack sch 13:28:15 schunter, you wanted to discuss testing 13:28:17 (it may sometimes be the wrong way to go… sometimes) 13:28:23 … we have tried to educate - but it is important to continue to educate people, the next generation. their behaviour is different from us 13:28:24 alina has joined #privacyws 13:28:56 … must be optimistic about educating people. We can't make people responsible without teaching them 13:29:00 fwagner has joined #privacyws 13:29:16 .oO( don't educate people not requesting that, it never works ) 13:29:37 q+ 13:29:48 … UI design. People don't really understand privacy. They need simple UI, but after Snowden they want to learn more. 13:29:57 to awareness: first time in history of FsA demonstration, Berlin, we nowhere heared again “I have nothing to hide”. 13:30:19 … must take into account two groups: 1) don't know much - need simple UI and 2) who want to know more - different UI needs 13:30:32 … it is important to listen and adapt 13:30:54 yes, we made progress… we moved from "i have nothing to hide" to "but what can i do?" which is something we can work with 13:31:00 q? 13:31:04 Frederik: Like to structure the discussion - let's go to the que 13:31:10 ack Vol 13:31:10 Volker, you wanted to “bring user into control” means identify all things which can be automated, and asking questions ONLY for things where user decision is necessary 13:31:14 Ack vo 13:31:14 ... (default: private) 13:31:50 angeloreale has joined #privacyws 13:32:18 Volker: I want to remark that getting user control is identifying where the control is relevant. if you have a lot of options - does not bring user into control 13:32:31 … must reduce to one or two questions 13:32:37 Ack mar 13:32:37 MarkusT, you wanted to Show consequences of Privacy by Default 13:32:57 MarkusT: What are the consequences by privacy by default? 13:33:18 Volker: want to have most situative things done by algorithms and only ask the user where the user can add value 13:33:29 … study of effect of default settings - restrictive vs permissive 13:33:34 Frederik-Amsterdam has joined #privacyws 13:33:42 q+ Regarding privacy: What do the W3C (or computer scientists generally) need (i) from lawmakers or from (ii) legal researchers, if anything? 13:34:03 q+ to Regarding privacy: What do the W3C (or computer scientists generally) need (i) from lawmakers or from (ii) legal researchers, if anything? 13:34:05 … what you can learn: people tend to keep default settings. This is good if privacy by default 13:34:35 … the service provider has to make it attractive + consequences and risks to get users' permission 13:34:44 rigo, it's less about adding value than deciding the important big picture. I have to recommend apples solution in “Security Settings” on MacOS X as a positive example 13:34:52 schunter: Your comment is that privacy by default is good. 13:35:16 .oO( privacy must be the new default ) 13:35:20 schunter: you mean you want to encourage people and companies to use privacy friendly controls 13:35:27 Ack fjh 13:35:30 frederik: should we talk about how to give users more control? 13:35:31 q? 13:35:40 ack Fred 13:35:40 Frederik-Amsterdam, you wanted to Regarding privacy: What do the W3C (or computer scientists generally) need (i) from lawmakers or from (ii) legal researchers, if anything? 13:35:43 erobalsa has joined #privacyws 13:35:45 re question - mechanisms which allow the user to express preference are useful 13:35:58 Frederik-Amsterdam: Can the lawmakers or legal researchers be of any help? 13:35:59 q+ to respond to Frederik 13:36:00 Ack fre 13:36:46 rigo: What we need in the european context is to make room technical innovation and a process that allows us, once we have made an enhancement, to get supported by the legal system 13:36:51 Q+ fjh 13:37:06 q+ 13:37:23 … technical spec like DNT the DPAs can approve the spec so everyone who uses it are in compliance 13:37:46 Ack ds 13:37:46 dsinger, you wanted to respond to Frederik 13:38:14 dsinger: we have the ugly situation that regulators and politicians try to regulate something they don't understand 13:38:47 … technologists thinks about philosophical issues. Both sides are bad at it 13:38:51 q+ 13:39:06 Ack fw 13:39:12 … we lack a definition of what we mean by "online privacy" 13:40:00 ???: The user is confused by the law and the collecting practices. Is there room for a standard or recommendations. It is difficult to bring legal, tech and user perspectives together 13:40:01 Ack f 13:40:08 s/???/Frank/ 13:40:10 q+ to common ground / standards 13:40:11 q+ to ask Does anyone know if there even is a study on what people define privacy? Maybe that is the first step? 13:40:13 q+ to suggest that actually "privacy" is about finding out it got "violated", and work out what you can do 13:40:43 q+ to talk about controls and suggest controls 13:40:55 Fredrik: What can people who are interessted in control issue - what should we do next? 13:41:01 ack chaa 13:41:01 chaals, you wanted to suggest that actually "privacy" is about finding out it got "violated", and work out what you can do 13:41:09 q? 13:41:17 chaals: one of the things we can do is look at what controls users use effectively. 13:41:41 … best practice sort of guideline 13:41:45 chaals: guidelines & best practices for user controls and name dead ends to avoid 13:42:01 christine: WAI people may have good ideas too 13:42:54 marta: Study about what people understand about privacy? How do people want to protect it? 13:43:06 q+ 13:43:12 q+ to learn by doing, make incremental progress 13:43:39 q+ Zuckerberg 13:43:41 chaals: People's real definition is that someone knows someone knows something about me and I don't like it 13:43:49 … I know it then I loose it 13:44:05 q? 13:44:05 s/then/when/ 13:44:16 … lost control of their information. Is there a way to bring it back under their control 13:44:19 s/loose/lose/ 13:44:47 q? 13:45:05 Frederik: how much interest to standardise UI for controls in the browsers? 13:45:12 @Marta There are a lot of studies from the IS field about what users expect from privacy. A common problem is the Privacy Paradox 13:45:26 s/Zuckerberg/GeorgeDanezis/ 13:45:31 q- 13:45:36 q- 13:45:41 chaals: Best practice is more realistic 13:45:49 Zakim, close the queue 13:45:49 ok, schunter, the speaker queue is closed 13:45:56 Q? 13:46:02 ack ri 13:46:02 rigo, you wanted to talk about controls and suggest controls 13:46:03 dsinger: what does the sites I visit need to know about me? Not directly UI 13:46:13 q- 13:46:19 [agree with soren - it is hard to understand when you lost control given the invisibilty of data that is merged "server-side", until you see some clear consequence of that process] 13:46:22 rigo: certain controls can not be the way they are 13:46:41 … panic button 13:47:04 … control is not about privacy. in that case we need to read Westin 13:47:05 lol 13:47:24 q? 13:47:25 Q? 13:47:44 Ack ds 13:47:44 dsinger, you wanted to learn by doing, make incremental progress 13:48:06 ???: Should not standardise because we don't know what works 13:48:17 David, Preipusch: Privacy, Anonymity, and Information Control – PANIC 13:48:19 s/???/DominicB/ 13:48:21 s/???/dsinger/ 13:48:31 dsinger: incremental steps. Perfect must not stand in the way of good 13:48:37 Zakim, open the queue 13:48:37 ok, schunter, the speaker queue is open 13:48:43 Q+ 13:49:02 ack zuck 13:49:12 q+ to say - we should come up with the same "good practices" for designing the system 13:49:20 Preibusch: I wonder whether a standard slows down improvements and experiments. 13:49:21 lynXintl: Share picture with friend - the bad that happens is outside user expectations 13:49:43 q+ 13:49:47 Frederik-Amsterdam: refers to the design principle - no sneaky stuff 13:50:35 Bal: Privacy should only be discussed in context - find concrete issues and look into these uses cases/scenarios. How to improve things in context 13:50:39 DominicB: standards are one way of pooling empirical evidence and lessons learnt. Another way would be published peer-reviewed papers. Some experiments are obviously confidential and proprietary. 13:51:32 lynXintl: People just sees these machines, and don't expect that people can see whats inside 13:51:39 privacy as default, privacy as default, … (mantra) 13:52:33 CMN: a major constraint - any solution has to allow for what people actually want to do (e.g. sending naked pictures to their partner), otherwise people will ignore it. 13:52:34 ????: Best practises and guidelines - need to bring in the users, but don't know if it is possible 13:52:50 s/????/Karima/ 13:53:04 marta: combine this: good practices for design 13:53:22 +1 to Karima: Best practice have to respect the understanding of users 13:53:27 … good practices for system design would be really useful 13:53:40 [Use cases - what do people do, when do things go wrong, what would they like to do then?] 13:53:53 Privacy by Design at least offers design principles 13:54:03 www.privacybydesign.ca 13:54:07 MarkusT: agree, i.e. data sparingness 13:54:21 yes 13:54:34 +1 to Karima too 13:54:34 @MarkusT yes, but it doesn't give simple design principles, should be worked on 13:54:35 and do not forget ISO/IEC 29000 framework and 13:54:41 rigo: additional point (I didn't get Frederik's three points) - heard people say it was good to see what other people do 13:54:54 … W3C can host a workshop in a year 13:55:11 Frederik: Architecture: Can we do things incrementally? 13:55:26 … it is work going on. 13:55:45 q+ 13:55:45 @marta not simple enough for end users, but PbD and ISO/IEC 29001 is general enough for developers and system engineers 13:55:48 … how could the community of W3C work on this or help the other communities 13:55:56 q? 13:55:58 … what is the right question to ask to here? 13:56:13 Q- 13:56:13 q- 13:56:16 ????: Privacy is a business model 13:56:37 q+ battre to explain the idea behind RAPPOR 13:56:46 Ack cha 13:56:48 chaals: yes, it is a business model - but need to do be relevant for current business models to get support? 13:56:54 q+ 13:56:59 @MarkusT well, if it is simple and good enough why doesn't anyone take it into account? 13:57:03 s/????/CNM/ 13:57:05 q+ 13:57:11 s/CNM/CMN/ 13:57:18 s/????/Preibusch/ 13:57:28 Dominic: differential privacy 13:57:42 ????: RAPPOR technology - only results about populations and not individuals 13:57:56 s/????/Dominic/ 13:57:57 https://github.com/google/rappor 13:58:14 rrsagent, please draft minutes 13:58:14 I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html rigo 13:58:25 … each data point looks like random data 13:58:31 @marta I don't think complexity is the obstacle - it is the consequence for their business model 13:58:47 @Marta, MarkusT: because PbD does not contain the user perspective in the meaning of understanding what is behind a setting or functionality, the aspect „educate the user is not direct part of PbD 13:58:59 … are there more architectures in the area of differential privacy 13:59:14 q- 13:59:16 q+ 13:59:19 Q? 13:59:23 q- 13:59:25 q- battre 13:59:34 @fwagner Isnt transparency part of Pbd? 14:00:05 lynXintl: if W3C thinks it is a good idea to research architectures, then W3C could help people who does it 14:00:14 … e.g. tell who in Brussel one should talk to 14:00:19 @fwagner, I absolutely agree with you. That's why I said it needs reworking. It is a good starting point, but since it was created, we have learned a bit 14:00:20 … write endorsments 14:00:35 chaals: this won't fly with W3C 14:00:52 rigo: W3C is limited to the web 14:01:19 … as soon as you go into reinvent the Internet it is out of scope for W3C 14:01:24 [That said, you can always ask W3C individuals about people who you should talk to…] 14:02:20 q? 14:02:22 q- 14:02:22 @MarkusT: right, but how is this done: Privacy Policies, User Controls which are not beeing understood by the poor user…. 14:02:38 q+ 14:02:54 ack lynXintl 14:03:16 q+ to set to simple outputs for policies 14:03:17 @fwagner @marta - to be clear, you're referring to PbD as 'privacy by default'? this is confused with 'privacy by design' which does include transparency. 14:03:35 Q? 14:03:56 @alina, I am talkig about privacy by design. It does not really include a user-centric model 14:04:00 @alina PbD = Privacy by Design, PbDef = Privacy by Default 14:04:07 @alina: PbD= privacy by design IMHO 14:04:29 Volker: using web over all kinds of privacy protocols, even over GnuNet 14:04:34 scribenick: rigo 14:04:34 scribe: Rigo 14:04:44 @marta it is not the purpose of PbD to have concrete model 14:04:51 q+ to ask about ‘threat models’ and ‘does the control/advice get to the right place?’ 14:04:58 @marta it raise the issue to think about it 14:05:25 fjh: Volker, please share your information with the Technical Architecture Group (TAG) 14:05:29 Ack mar 14:05:33 for reference, Privacy by Design principles: http://www.privacybydesign.ca/index.php/about-pbd/7-foundational-principles/ 14:05:43 s/Fredrik/fjh/ 14:05:46 MarkusT: policy recommendation workshops from EC for architectures 14:05:46 [group list is www-tag@w3.org - see http://www.w3.org/2001/tag/ for more] 14:06:07 ... business models, end users and some B2C, and there are policy makers 14:06:27 ... for business models, what is my service models, to end users? to governments? 14:06:42 fjh: what is the action? 14:07:10 MarkusT: product to users directly or want to serve government? 14:07:20 q+ Martin 14:07:32 chaals: action is to survey the business models and how privacy fits in 14:07:55 ... also for W3C, think this fits W3C 14:08:09 @alina, MarkusT : the problem for me is lack of some better definition. How do I do user-centric privacy, how do I realize transparency. If I am a developer/designer what are the points I have to take into account? 14:08:22 q? 14:08:57 Ack mei 14:09:56 Meiko: public gives us a lot of traction, we have an opportunity to get something going now 14:10:17 Information about RAPPOR: https://github.com/google/rappor 14:10:26 [Rappor: http://googleresearch.blogspot.de/2014/10/learning-statistics-with-privacy-aided.html] 14:10:49 ... how do we funnel it into action? We don't know about controls? We have seen many of them, we could standardize some of them, display the interaction model (like lightbeam), creating a community that works on this 14:10:57 Q? 14:11:04 Ack ang 14:11:04 angeloreale, you wanted to set to simple outputs for policies 14:11:05 q+ karima 14:11:07 ack angeloreale 14:11:07 @marta IMHO PbD and ISO/IEC 29001 even more concrete gives the answer what fields to think about. The questions how to do it concrete is to context-driven to build general "rules". One can build a bouquet of PETs provers can choose from to fullfil the "rules" 14:11:13 Q+ fjh 14:11:42 q+ 14:12:00 angeloreale: encourage use the P3P model to create user friendly policies, simplify terms, make it easy for SMEs to address privacy 14:12:05 [+1 to angelo - this is actually a concrete action that has real potential for use, and should be considered seriously] 14:12:17 +1 here, too 14:12:19 q+ 14:12:27 ... unified form to fill and generate multimedia file generated 14:12:45 consider user friendliness but also risk exposure for companies 14:12:48 @ MarkusT maybe we should simply design a privacy API the way we designed a crypto API? (although I know that privacy is much more vague then crypto, but I mean it as an inspiration) 14:12:54 Ack ds 14:12:54 dsinger, you wanted to ask about ‘threat models’ and ‘does the control/advice get to the right place?’ 14:13:26 fjh: look into new P3P and make a new approach with jsonLD 14:13:36 @marta sounds applicable 14:13:53 [W3C is not going to make decent videos and icons. But they are a good place to sift through the policy pieces that you want to collect, so you can build videos on top] 14:14:11 dsinger: incremental architecture discussion, in PING, criticize and discover mistakes. We have to create privacy threat models like security attack models 14:14:54 ... 20% of people thought they were not tracked in private browsing mode 14:14:59 @ david - TAG is looking a private browsing mode 14:15:28 Ack mar 14:15:37 about proposal to tell webserver that user is in private mode: keep in mind that this information may be used to discriminate against users 14:15:48 ... should standardize private browsing and extend perhaps to remote private browsing 14:16:14 DT_Martin: revealing private browsing will reveal more information about me 14:16:24 DominicB: mainstream browsers tell addons (= local) and explicitly do not tell Websites and prevent Websites from sniffing private browsing 14:16:27 ... we also have no business model to make privacy 14:16:33 q? 14:16:42 ... our approach is to have strategy discussion 14:17:00 ... business models is not destroying privacy, but helping 14:17:12 ack kar 14:17:14 Ack kar 14:17:24 [My experience in WAI (who spent a lot of time trying to explain business models for accessibility) is that W3C is not a good place to develop and promote business models. They have work to do just to understand business models people actually use] 14:17:52 kboudaou: standardizing interface, if we standardize interface now, would be against, becasue no feedback from user 14:17:56 Zakim, close the queue 14:17:56 ok, schunter, the speaker queue is closed 14:18:03 Ack f 14:18:40 fjh: problem is you need buy in to create a WG. Concerned that people say its premature. 14:18:41 [Working groups that say "other people should…" fail.] 14:18:52 Q? 14:19:12 forming a WG before the general direction of the specification is evident is a recipe for frustration 14:19:14 Zakim, please close queue 14:19:14 ok, Preibusch, the speaker queue is closed 14:19:39 Ack rv 14:19:40 ack r 14:19:48 ... business models, privacy is not something that you go and buy, it is something you expect, losses, it is not the happy one where you show revenue 14:20:13 rvaneijk: how ot get more people on board, in a community group 14:20:23 Ack p 14:21:05 q? 14:21:07 Preibusch: standardizing UI, some would fit into DAP, best practices on controls. Do you feel like you exhausted what was possible 14:21:24 fjh: it was a narrow case 14:21:35 [I suspect pEp would do better in RFC track, although it isn't necessarily wrong to try and do stuff in a community group] 14:21:52 zakim, open the queue 14:21:52 ok, dsinger, the speaker queue is open 14:21:52 q += 7 14:21:55 Topic: Metrics 14:22:10 q? 14:22:16 [DAP looked closely at a very limited question, so could not have exhausted the general topic] 14:22:38 fjh: presenting Awareness and Metrics 14:22:40 q+ 14:23:04 q+ 14:23:09 ack ri 14:23:11 ack r 14:23:16 q? 14:23:24 q+ 14:24:38 Q+ to suggest terms, metrics, and principles 14:25:02 ack chaals 14:25:25 rigo: start use cases, make requirements and identify streams of informations that controls and metrics need 14:25:59 q? 14:26:36 recommending depth of quad-tree for “blurring level of geographical information” 14:26:59 metric 14:27:33 Q? 14:28:09 MT has joined #privacyws 14:28:42 q+ to propose users to expose their concerns by prividing means of engagement that is meaningful for research 14:28:43 chaals: it is useful to collect the information we have in front of us. But you will need the use cases to identify the information streams that are helpful for metrices 14:28:49 MT has joined #privacyws 14:29:29 Ack vo 14:29:37 Volker: not new in implementing; came up with metrics on location blur. finding metrics is also talking to people who have done it already. 14:30:04 Q + to add something about problems and solutions. "Meaningful control and transparency for users about use of information regarding them" could be a rough, high-level, design goal. Almost every privacy problem entails a lack of control. 14:30:06 ... in PEP ratings goes beyond commercial CAs 14:30:09 q+ 14:30:10 ack dsinger 14:30:11 dsinger, you wanted to suggest terms, metrics, and principles 14:30:13 Ack ds 14:30:15 q+ Frederik-Amsterdam 14:30:33 q+ Frederik-Amsterdam to add something about problems and solutions. "Meaningful control and transparency for users about use of information regarding them" could be a rough, high-level, design goal. Almost every privacy problem entails a lack of control. 14:30:34 dsinger: common terms, definitions, living document. We need common words 14:30:42 s/Q + to add something about problems and solutions. "Meaningful control and transparency for users about use of information regarding them" could be a rough, high-level, design goal. Almost every privacy problem entails a lack of control.// 14:31:01 Ack ang 14:31:02 angeloreale, you wanted to propose users to expose their concerns by prividing means of engagement that is meaningful for research 14:31:27 angeloreale: important to propose that services who are privacy friendly have means to engage with the users 14:31:39 ... services surveying hte users 14:31:44 ack fjh 14:31:45 i actually liked that background picture… 14:31:48 Ack f 14:31:48 Frederik-Amsterdam, you wanted to add something about problems and solutions. "Meaningful control and transparency for users about use of information regarding them" could be a 14:31:51 ... rough, high-level, design goal. Almost every privacy problem entails a lack of control. 14:33:00 did we decide not to do the 3 break out groups? :( 14:33:20 Frederik-Amsterdam: we have no idea what users what, but all we have discussed last two days was about lack of transparency and user control 14:33:59 Q? 14:34:58 RRSAgent, pointer? 14:34:58 See http://www.w3.org/2014/11/21-privacyws-irc#T14-34-58 14:35:15 ACTION: fjh to remember that we need to keep the statement "Meaningful control and transparency for users about use of information regarding them" could be a rough, high-level, design goal. Almost every privacy problem entails a lack of control." 14:36:16 dsinger: we can continue the discussion in PING, the Privacy Interest Group 14:36:23 links to ping? 14:36:30 @dsinger So, PING is not the Music SNS from Apple ;) 14:36:34 See http://www.w3.org/Privacy/ - join this group, charter, etc 14:36:36 how do I join PING? 14:36:47 @ chaals thx 14:36:49 marta: ^^^^^ 14:37:29 join PING using https://www.w3.org/2004/01/pp-impl/52497/join 14:38:21 rigo: authentication required (which I don't have) 14:38:23 http://www.w3.org/Consortium/application 14:39:47 You MIGHT be able to join the mailing list by using subscribe to public-privacy at http://lists.w3.org 14:40:22 Joining PInG: If you work for a W3C member, then you should ask you W3C "AC" representative to sign you in using https://www.w3.org/2004/01/pp-impl/52497/join 14:40:33 If you are not in a W3C member org, I suspect the chairs would be happy to have invited experts 14:41:17 … If you do not work for a W3C member, I believe you can join the mailing list by sending an email to public-privacy-request@w3.org with the subject "subscribe" 14:41:31 RRSAgent, please draft minutes 14:41:31 I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html rigo 14:42:52 "Participation in the Privacy Interest Group is open to the public." 14:44:42 [If you want to contribute to the work of the group concretely, you will be asked to become an invited expert. Which is a 3 minute painless process] 14:44:43 Q? 14:44:50 I don't find the Ping Mailinglist 14:45:18 http://lists.w3.org/Archives/Public/public-privacy/ 14:45:19 it is public-privacy@w3.org - archives at http://lists.w3.org/Archives/Public/public-privacy/ 14:45:36 MT, see Î 14:46:32 MT_ has joined #privacyws 14:47:17 MT_ has joined #privacyws 14:49:09 RRSAgent, please draft minutes 14:49:09 I have made the request to generate http://www.w3.org/2014/11/21-privacyws-minutes.html rigo 14:49:20 RRSAgent, bye 14:49:20 I see 2 open action items saved in http://www.w3.org/2014/11/21-privacyws-actions.rdf : 14:49:20 ACTION: chaals to talk to schema.org about privacy policies. [1] 14:49:20 recorded in http://www.w3.org/2014/11/21-privacyws-irc#T09-35-12 14:49:20 ACTION: fjh to remember that we need to keep the statement "Meaningful control and transparency for users about use of information regarding them" could be a rough, high-level, design goal. Almost every privacy problem entails a lack of control." [2] 14:49:20 recorded in http://www.w3.org/2014/11/21-privacyws-irc#T14-35-15 14:49:24 zakim, bye 14:49:24 Zakim has left #privacyws 14:49:25 MT_ has joined #privacyws