IRC log of dnt on 2014-12-10

Timestamps are in UTC.

16:51:51 [RRSAgent]

RRSAgent has joined #dnt

16:51:51 [RRSAgent]

logging to http://www.w3.org/2014/12/10-dnt-irc

16:51:53 [trackbot]

RRSAgent, make logs world

16:51:55 [trackbot]

Zakim, this will be TRACK

16:51:55 [Zakim]

ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 9 minutes

16:51:56 [trackbot]

Meeting: Tracking Protection Working Group Teleconference

16:51:56 [trackbot]

Date: 10 December 2014

16:52:00 [npdoty]

chair: justin

16:52:05 [npdoty]

regrets+ schunter, cargill

16:53:48 [moneill2]

moneill2 has joined #dnt

16:57:45 [Zakim]

T&S_Track(dnt)12:00PM has now started

16:57:52 [Zakim]

+npdoty

16:58:55 [dsinger]

dsinger has joined #dnt

16:59:12 [WaltMichel]

WaltMichel has joined #DNT

16:59:47 [Zakim]

+[Apple]

16:59:54 [dsinger]

zakim, [apple] has dsinger

16:59:54 [Zakim]

+dsinger; got it

17:00:01 [fielding]

fielding has joined #dnt

17:00:21 [Zakim]

+[FTC]

17:00:35 [Zakim]

+Fielding

17:00:43 [ChrisPedigoDCN]

ChrisPedigoDCN has joined #dnt

17:00:50 [Zakim]

+WaltMichel

17:01:19 [Zakim]

+[IPcaller]

17:01:39 [moneill2]

zakim,iIPCaller] is me

17:01:39 [Zakim]

sorry, moneill2, I do not recognize a party named 'iIPCaller]'

17:01:41 [Zakim]

+ChrisPedigoOPA

17:01:52 [moneill2]

zakim, [IPCaller] is me

17:01:52 [Zakim]

+moneill2; got it

17:02:19 [justin]

justin has joined #dnt

17:02:29 [npdoty]

Zakim, clear agenda

17:02:30 [Zakim]

agenda cleared

17:02:36 [npdoty]

agenda+ TPE Last Call issues

17:02:39 [npdoty]

agenda+ Compliance

17:02:41 [vincent]

vincent has joined #dnt

17:02:42 [npdoty]

agenda+ AOB

17:02:48 [kulick]

kulick has joined #dnt

17:02:59 [Zakim]

+justin

17:03:00 [Zakim]

+kulick

17:03:50 [Zakim]

+vincent

17:04:11 [npdoty]

scribenick: moneill2

17:04:31 [npdoty]

Zakim, take up agendum 1

17:04:31 [Zakim]

agendum 1. "TPE Last Call issues" taken up [from npdoty]

17:04:38 [moneill2]

justin: issue 262 roys proposal

17:04:50 [npdoty]

issue-262?

17:04:50 [trackbot]

issue-262 -- guidance regarding server responses and timing -- pending review

17:04:50 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/262

17:04:51 [npdoty]

https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Regarding_gateways_and_exchanges

17:04:52 [WileyS]

WileyS has joined #dnt

17:05:22 [Zakim]

+WileyS

17:05:41 [moneill2]

fielding: tpe provides g response indicating server acting for multiple parties respone get back will be in header field

17:06:29 [moneill2]

fielding: only is tsr, not in header. If all recipients respond with N gateway responds with n

17:06:59 [moneill2]

fielding: contractual agreement that recipients could not receive tracking data

17:07:14 [vincent]

q+

17:07:18 [justin]

ack vincent

17:07:23 [npdoty]

q+

17:07:39 [fielding]

http://lists.w3.org/Archives/Public/public-tracking/2014Dec/0013.html

17:07:41 [justin]

q+ vincent

17:07:48 [justin]

ack npd

17:07:53 [moneill2]

justin: cant hear vincent

17:08:10 [Zakim]

-vincent

17:08:28 [vincent]

trying to dial back, in case my wuestion was about the third paragrpah

17:08:44 [moneill2]

npdoty: thanks to roy, main question do we need extra requirements, must be service provider?

17:08:47 [moneill2]

+q

17:08:55 [Zakim]

+vincent

17:09:16 [Zakim]

+hefferjr

17:09:35 [moneill2]

fielding: question better addressed for shane

17:09:52 [fielding]

http://lists.w3.org/Archives/Public/public-tracking/2014Dec/0013.html

17:09:52 [moneill2]

justin: can shane take a look at rules for g

17:10:06 [npdoty]

WileyS, we’re looking at Roy’s language here: http://lists.w3.org/Archives/Public/public-tracking/2014Dec/0013.html and I was unsure whether the service provider concept will work for the common exchange implementations

17:10:15 [justin]

https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Regarding_gateways_and_exchanges

17:10:32 [justin]

ack vincent

17:12:02 [moneill2]

vincent: my suggestion mabe covered by Roys? Will gateway either sends N or T (q to Roy) what about permitted uses, user cannot tell

17:12:37 [moneill2]

justin: is concern about G sending N or T

17:12:44 [npdoty]

I think Roy’s proposal suggests that the gateway sends T if it or its bidders is known to be tracking

17:12:51 [moneill2]

justin: when gateway replies N

17:13:35 [moneill2]

vincent: bidders may reply with C if they think they have consent

17:13:37 [npdoty]

if the winning bidder felt it had out of band consent, then it would send back “C” in the Tk header

17:14:04 [moneill2]

fielding: site might say it tracks in general,

17:14:51 [npdoty]

right, G is a dynamic response (like ?), so it makes sense for cases where it might be N or might be C

17:14:56 [moneill2]

fielding: if gateway has set of requirements that bidders dont track then it reasonable to respond N, otherwise G

17:15:25 [vincent]

not really, it's not dynamic, the gateway send either N or T or G

17:15:38 [moneill2]

fielding: it replies T if it know non selected bidders are tracking

17:16:42 [moneill2]

fielding: needs to be an indication if tracking is going on

17:16:50 [npdoty]

should respond with a dynamic response (G, for example) if the Tk header will provide more information. otherwise, should follow the existing rules for T and N.

17:17:11 [moneill2]

vincent: does gateway send T or G or N

17:17:17 [dsinger]

q+ for a minor question

17:17:26 [WileyS]

fair - bid losers are not able to "retain" user level data but we do allow aggregate/anonymized retention to enhance bidding algorithms so other permitted uses should remain in place regardless - fair?

17:17:40 [eberkower]

eberkower has joined #dnt

17:17:47 [npdoty]

and if the gateway sends G, it must transmit a more informative value in the Tk response header (from the selected party, for example)

17:18:06 [moneill2]

vincent: why not say only G response (others confuse users)

17:18:45 [justin]

q?

17:18:57 [justin]

ack mo

17:19:01 [npdoty]

scribenick: npdoty

17:19:08 [npdoty]

moneill2: 3 things

17:19:13 [Zakim]

+eberkower

17:19:25 [eberkower]

Zakim, mute me please

17:19:25 [Zakim]

eberkower should now be muted

17:19:27 [justin]

WileyS, if it's really deidentified, the data is out of scope

17:19:47 [npdoty]

… on service provider, the gateway is saying it’s a service provider of the bidders. it needs kind of reciprocal agreement about not keeping data in some cases. so not exactly the same as service providers we’ve discussed before.

17:19:53 [justin]

WileyS, TPE is clear about that.

17:20:00 [WileyS]

Justin - I agree but if its not deidentified but only used for analytical purposes it should still be protected by a permitted use as well, correct?

17:20:09 [vincent]

WileyS, it's not teh same when only one party receive the information and you know which one it is and when mulitple parties receive the request and you're not aware of it. Users should be able to see difference

17:20:28 [npdoty]

… if the general preference is DNT:1, then you can’t utilize consent. [@@scribe may have missed@@]

17:21:00 [amyc]

amyc has joined #dnt

17:21:01 [WileyS]

Vincent - as long as there is no tracking occurring I'm not seeing the issue

17:21:03 [npdoty]

… a whole range of bidders that may or may not be collecting data, need a way for the gateway to report that, because otherwise the user/agent won’t know who they are

17:21:10 [justin]

WileyS, well, there's no "analytical purposes" permitted use, even in TCS :) But none at all for TPE, if you're retaining data at all, you need to say "T" and can provide information in WKR around what you use tracking data for.

17:21:44 [Zakim]

+[Microsoft]

17:21:49 [npdoty]

… Nick, you changed a reference from “first party” to “that party”, which is actually quite a significant difference

17:21:53 [fielding]

remember that tracking data is about a particular user across multiple sites

17:21:55 [WileyS]

Justin - okay, as long as data in aggregated/de-identified we're good. I think that should cover us.

17:22:03 [npdoty]

q+ to respond separately to mike’s question

17:22:15 [justin]

ack ds

17:22:15 [Zakim]

dsinger, you wanted to discuss a minor question

17:22:19 [npdoty]

justin: moneill2, good if you can send some of that in email

17:22:27 [moneill2]

ok

17:22:55 [npdoty]

dsinger: why not just report any single tracking status response, not just N? could work for T as well, say

17:22:56 [WileyS]

I don't believe any of the exchanges will be able to respond in that manner today - will take time - if it ever happens at all.

17:22:59 [npdoty]

justin: +1

17:23:13 [moneill2]

dsinger: missed it

17:23:15 [npdoty]

dsinger: I’m not sure about how the gateway should respond about its own tracking

17:23:35 [fielding]

q+

17:23:37 [npdoty]

… what happens if the gateway has an exception, or the other sites don’t, or vice versa?

17:23:41 [npdoty]

q- later

17:23:41 [moneill2]

dsinger: gateway tracking - missed a load of that my phone died

17:23:42 [vincent]

WileyS, if there are multiple recipients I'd like to know when information about me is collected/used by multiple parties

17:24:02 [WileyS]

The gateway will only tracking for operational purposes: security, financial, and reporting - not profiling

17:24:03 [justin]

ack fieldi

17:24:15 [npdoty]

fielding: the service provider requirement was to handle the gateway tracking issue

17:24:18 [WileyS]

Vincent - doesn't the "G" response tell you that?

17:24:29 [justin]

WileyS, right but that's still tracking for TPE

17:24:31 [npdoty]

… in that case, you can’t do tracking other than just for the recipient that you’re a service provider for

17:24:44 [moneill2]

fielding: service provider requirement ... my phone died again .

17:24:57 [npdoty]

… if the user-granted exceptions apply to the particular request, to the entire exchange

17:25:01 [moneill2]

can anybody else scribe my phone keeps fading out

17:25:05 [WileyS]

Justin - I disagree, we should only have to respond with "T" if actual tracking is occurring, not only a permitted use

17:25:18 [WileyS]

Justin - permitted uses are permitted uses for a reason

17:25:20 [moneill2]

npdity: phew

17:25:22 [vincent]

WileyS, if I have a G yes and that's ok with me. But if I have a N I'll guess that only one party received data about me and that's clearly not the case

17:25:48 [npdoty]

fielding: transitive in the sense that the exchange can do with it what it wants, including with other parties

17:25:50 [justin]

WileyS, there are no permitted uses in TPE. That's in TCS. In which case you respond T and link to TCS to explain the limitations on the tracking you're doing.

17:25:58 [justin]

q?

17:26:02 [WileyS]

Vincent, I don't believe the "N" will realistically occur in the Gateway/Exchange scenario - not for a long time if at all

17:26:34 [justin]

ack npd

17:26:34 [Zakim]

npdoty, you wanted to respond separately to mike’s question

17:26:35 [npdoty]

fielding: other responses might inspire the user to ask for more information about the data collector, which is why I suggested that the only common response to send back is N

17:26:39 [WileyS]

Justin, agreed - but "T" is only required when you meet the definition of tracking which the TCS states permitted uses are not considered tracking.

17:27:08 [npdoty]

fielding: added requirements to make it more palatable, but if advocates feel it’s not useful, no objection to changing

17:27:19 [justin]

WileyS, I think "permitted uses" are still technically tracking, they're just permissible tracking (as defined by TCS).

17:27:20 [fielding]

q-

17:27:49 [moneill2]

that party could be either party

17:28:05 [WileyS]

Justin, I don't believe that's correct then - as we should only need to respond with "T" when actual cross-site tracking is occurring for a non-permitted use.

17:28:33 [npdoty]

npdoty: on moneill2’s separate question, I didn’t intend to make a major change, was just trying to make smoother language. email me and I’ll fix it

17:28:40 [npdoty]

justin: thanks fielding for putting this together

17:28:50 [npdoty]

… there might be some questions that are challenging to deal with it

17:28:56 [justin]

q?

17:29:03 [fielding]

T is for tracking, including for a permitted use. Tracking itself is only for cross-party data collection.

17:29:14 [npdoty]

… let’s try to gather together on that

17:29:21 [npdoty]

justin: I’ll follow up on the list today

17:29:49 [npdoty]

action-465?

17:29:49 [trackbot]

action-465 -- Roy Fielding to Respond to issue-260 regarding validating dnt signal -- due 2014-11-26 -- OPEN

17:29:49 [trackbot]

http://www.w3.org/2011/tracking-protection/track/actions/465

17:30:07 [npdoty]

fielding: didn’t get to it. <illness>

17:30:30 [npdoty]

justin: fielding, any comments to nick’s proposed edits regarding yours, David’s and his language?

17:30:57 [npdoty]

fielding: nick made additional edits which may have addressed my concerns

17:31:04 [npdoty]

Zakim, take up agendum 2

17:31:05 [Zakim]

agendum 2. "Compliance" taken up [from npdoty]

17:31:21 [npdoty]

http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html

17:31:26 [justin]

scribenick: justin

17:31:42 [justin]

npdoty: I've been making editorial changes to TCS, tried to document with comments.

17:32:07 [justin]

npdoty: Two primary reasons: one was issue-203, how to use tracking in the TCS, how to indicate what you think you are, how to indicate compliance.

17:32:37 [justin]

... Updated Section 3 on how to respond, and indications to other sections.

17:33:20 [justin]

... Also updated scope and substantive section to make clear that what you're purporting to comply with is what you comply with.

17:33:45 [justin]

... Also, made editorial changes just to clarify. Didn't try to change substance, but if you disagree, please let me know.

17:34:09 [justin]

... Also updating scope section, lots of other proposals most of which are out of date. Tried to accomodate, lmk what you think.

17:34:28 [justin]

q?

17:34:50 [npdoty]

scribenick: npdoty

17:35:02 [npdoty]

justin: nick will continue to clean up Compliance doc

17:35:15 [npdoty]

… hope to get to agreement on the particular issue-203

17:35:27 [dsinger]

issue-262?

17:35:27 [trackbot]

issue-262 -- guidance regarding server responses and timing -- pending review

17:35:27 [trackbot]

http://www.w3.org/2011/tracking-protection/track/issues/262

17:35:28 [npdoty]

… sounds like the hardest thing we have left to do is issue-262

17:35:45 [fielding]

q+

17:35:52 [npdoty]

… I think after 262 and 260, then I think we’re pretty close to done

17:36:17 [npdoty]

fielding: suggest that we publish nick’s document as a Working Draft this week or next week

17:36:29 [dsinger]

q+

17:36:37 [justin]

ack fielding

17:36:57 [justin]

ack ds

17:37:00 [npdoty]

npdoty: did publish a Working Draft just before thanksgiving

17:37:08 [npdoty]

q+

17:37:13 [justin]

ack npd

17:38:00 [npdoty]

dsinger: which process?

17:38:20 [npdoty]

npdoty: following existing 2005 process. definitely good to ask for comments early

17:38:30 [justin]

q?

17:38:32 [npdoty]

dsinger: good to reach out to stakeholders, maybe PING

17:38:33 [moneill2]

webapps security

17:40:06 [npdoty]

npdoty: still making editorial changes now, so might be better to do another snapshot and ask for a wider review in a week or two

17:40:07 [justin]

q?

17:40:15 [npdoty]

justin: sounds reasonable, we still have TPE to work through

17:40:53 [npdoty]

dsinger: an update on the JavaScript issues

17:41:01 [npdoty]

… made those changes to the draft last night

17:41:09 [npdoty]

… links to formal definitions, uncontroversial

17:41:19 [npdoty]

… we decided to keep the cookie-processing model, as discussed

17:41:33 [npdoty]

… move the status to navigator from window, we agreed

17:41:48 [npdoty]

… can’t switch to an enumerator, since there are possible extensions, keep a string

17:42:08 [npdoty]

… exposes in Service Workers now

17:42:52 [npdoty]

… not returning a Promise from the exceptions calls, because these are synchronous from the point of the view of the page

17:43:05 [npdoty]

… the site has already got consent

17:43:22 [npdoty]

… only seems like an edge case

17:43:29 [npdoty]

… changed the advisory note to regard to other visits

17:43:46 [npdoty]

… sticking with URI instead of URL

17:44:10 [npdoty]

… delete explanationString and siteName? just insert a note about how the UA presents them

17:44:18 [moneill2]

yay, will do

17:44:21 [npdoty]

… integrates Mike’s expiry parameters, I believe verbatim

17:44:21 [dsinger]

http://lists.w3.org/Archives/Public/public-tracking/2014Dec/0016.html

17:44:25 [npdoty]

… Mike, please check

17:44:28 [npdoty]

… summarized in email

17:44:43 [npdoty]

justin: thanks dsinger for working through all those

17:44:50 [npdoty]

… everyone, please take a look at that

17:45:14 [npdoty]

dsinger: does anything need to be marked at risk?

17:45:49 [justin]

q?

17:45:54 [npdoty]

justin: concern about european regulatory requirements regarding marking expiry at risk

17:46:07 [npdoty]

… think the group all came around to that, but send replies to the list as appropriate

17:46:21 [npdoty]

q+

17:47:15 [npdoty]

dsinger: CR early next year?

17:47:19 [npdoty]

justin: yeah

17:47:26 [npdoty]

fielding: unless we think another last call is merited

17:47:30 [justin]

ack npd

17:48:20 [npdoty]

npdoty: just to confirm, will we plan to talk on December 24 or 31?

17:48:22 [dsinger]

looks like the editors should do a diff from the previous last-call document, but I don’t think anything we made major technical changes in TPE

17:48:44 [dsinger]

suggest weekly calls until we get to LC on Compliance?

17:48:45 [npdoty]

justin: no. and not clear we need regular weekly calls in January either, depending on when it’s needed

17:49:21 [fielding]

I will be on vacation Dec 20 through Jan 4.

17:49:38 [npdoty]

justin: will discuss with other chairs about how much time we need to take up going forward

17:49:41 [Zakim]

-[FTC]

17:49:44 [npdoty]

… talk again next week

17:49:49 [Zakim]

-ChrisPedigoOPA

17:49:50 [Zakim]

-kulick

17:49:50 [Zakim]

-WaltMichel

17:49:51 [Zakim]

-[Microsoft]

17:49:51 [Zakim]

-justin

17:49:52 [Zakim]

-eberkower

17:49:52 [Zakim]

-vincent

17:49:53 [Zakim]

-[Apple]

17:49:53 [Zakim]

-hefferjr

17:49:55 [Zakim]

-npdoty

17:49:55 [Zakim]

-Fielding

17:49:56 [npdoty]

trackbot, end meeting

17:49:56 [trackbot]

Zakim, list attendees

17:49:56 [Zakim]

As of this point the attendees have been npdoty, dsinger, [FTC], Fielding, WaltMichel, ChrisPedigoOPA, moneill2, justin, kulick, vincent, WileyS, hefferjr, eberkower, [Microsoft]

17:50:01 [Zakim]

-WileyS

17:50:02 [Zakim]

-moneill2

17:50:02 [Zakim]

T&S_Track(dnt)12:00PM has ended

17:50:03 [Zakim]

Attendees were npdoty, dsinger, [FTC], Fielding, WaltMichel, ChrisPedigoOPA, moneill2, justin, kulick, vincent, WileyS, hefferjr, eberkower, [Microsoft]

17:50:04 [trackbot]

RRSAgent, please draft minutes

17:50:04 [RRSAgent]

I have made the request to generate http://www.w3.org/2014/12/10-dnt-minutes.html trackbot

17:50:05 [trackbot]

RRSAgent, bye

17:50:05 [RRSAgent]

I see no action items