IRC log of privacy on 2015-08-13

Timestamps are in UTC.

15:54:57 [RRSAgent]

RRSAgent has joined #privacy

15:54:57 [RRSAgent]

logging to http://www.w3.org/2015/08/13-privacy-irc

15:54:59 [trackbot]

RRSAgent, make logs 263

15:54:59 [Zakim]

Zakim has joined #privacy

15:55:01 [trackbot]

Zakim, this will be

15:55:01 [Zakim]

I don't understand 'this will be', trackbot

15:55:02 [trackbot]

Meeting: Privacy Interest Group Teleconference

15:55:02 [trackbot]

Date: 13 August 2015

15:55:04 [npdoty]

rrsagent, make logs public

15:56:04 [npdoty]

present+ npdoty, MikeONeill, tara, christine

15:59:50 [mfoltzgoogle]

mfoltzgoogle has joined #privacy

16:01:20 [wseltzer]

present+ Wseltzer

16:01:44 [npdoty]

present+ gregnorcie

16:01:49 [npdoty]

present+ anssi

16:02:00 [npdoty]

present+ frankwagner

16:02:04 [JoeHallCDT]

JoeHallCDT has joined #privacy

16:02:10 [npdoty]

present+ lakepolan

16:02:24 [gnorcie]

gnorcie has joined #privacy

16:02:29 [LCPolan]

LCPolan has joined #privacy

16:02:30 [gnorcie]

testing

16:02:51 [anssik]

anssik has joined #privacy

16:03:06 [anssik]

Present+ Anssi_Kostiainen

16:03:07 [npdoty]

present+ markschultz

16:03:48 [anssik]

s/present+ markschultz/present+ Mark_Foltz/

16:04:16 [npdoty]

any volunteers to scribe?

16:04:54 [npdoty]

gnorcie or JoeHallCDT, can you scribe to start? then MikeONeill will take over halfway through?

16:05:15 [JoeHallCDT]

I cannot

16:05:17 [JoeHallCDT]

sorry

16:05:23 [JoeHallCDT]

distracted and have to leave early :/

16:05:37 [npdoty]

MikeONeill, why don't you start and we'll help you out when you need to stop?

16:05:43 [MikeONeill]

OK

16:05:49 [npdoty]

scribenick: MikeONeill

16:06:02 [npdoty]

present+ katiehs

16:06:05 [tara]

Thanks!

16:06:18 [avayvod]

avayvod has joined #privacy

16:07:10 [MikeONeill]

Christine askinf for intros

16:07:10 [tara]

1. Welcome and introductions

16:07:48 [MikeONeill]

ansik intoduces hmself

16:07:53 [tara]

(Anssi Kostiainen)

16:08:35 [MikeONeill]

Mark Foltz

16:09:10 [MikeONeill]

didnt catch name

16:09:31 [npdoty]

Anton and Mounir, Google London

16:10:39 [MikeONeill]

geolocation still working on use cases, postponing our discussion till next ca

16:10:48 [npdoty]

Topic: Presentation API

16:10:49 [MikeONeill]

Now presentation API

16:11:11 [tara]

Anssi Kostiainen and Mark Foltz are from the Second Screen Presentation Working Group

16:12:02 [keiji]

Presentation API WD http://www.w3.org/TR/presentation-api/

16:12:27 [christine]

Email from the Second Screen WG - https://lists.w3.org/Archives/Public/public-secondscreen/2015Jul/0010.html

16:12:29 [MikeONeill]

Mark Foltz is starting presentation

16:12:55 [MikeONeill]

Basic use case to allow web app use secondary displays

16:13:01 [terri]

Present+ terri

16:13:19 [MikeONeill]

essentiall display other piece of content that what use is viewing

16:14:18 [tara]

(If you are not speaking, please mute! Thanks.)

16:14:23 [MikeONeill]

app can send url to display

16:14:33 [mounir]

mounir has joined #privacy

16:14:40 [MikeONeill]

other option is for browser to send video straem

16:15:24 [anssik]

https://github.com/w3c/presentation-api/blob/gh-pages/uc-req.md

16:15:31 [anssik]

[use cases document]

16:16:20 [MikeONeill]

webcoferencing, can use home TV, gaming all use cases

16:16:34 [MikeONeill]

+q

16:16:44 [MikeONeill]

tara thanks

16:17:16 [npdoty]

q+ on differences from postMessage or from full-screen api

16:18:16 [anssik]

q?

16:18:37 [anssik]

1. Private mode browsing for the presenting context

16:18:50 [MikeONeill]

Anssi walk through privacy aspects

16:18:59 [christine]

The four issues are here: https://lists.w3.org/Archives/Public/public-secondscreen/2015Jul/0010.html

16:19:11 [anssik]

https://github.com/w3c/presentation-api/issues/45

16:19:23 [MikeONeill]

Anssi we use GitHub for tracking issues

16:19:42 [MikeONeill]

privacy issue 1) privacy mode what happens?

16:20:40 [MikeONeill]

Anssi second device shared by multiple users. How to protect privacy in that situation. Should we require "private mode browsing" context?

16:21:12 [MikeONeill]

Anssi privacy mode not standardised

16:21:27 [anssik]

q?

16:21:35 [npdoty]

q+ on private browsing mode and whose privacy

16:21:39 [anssik]

q?

16:22:30 [MikeONeill]

Nick, is idea we dont want to show logged in or private video?

16:23:22 [MikeONeill]

Mark Foltz, one possible modes send url or stream

16:24:44 [MikeONeill]

Mark Foltz, device should not have access to cookie hjars, other data

16:26:27 [tara]

ack np

16:26:27 [Zakim]

npdoty, you wanted to comment on differences from postMessage or from full-screen api and to comment on private browsing mode and whose privacy

16:26:41 [npdoty]

I think there are some interesting challenges regarding how private this presentation mode should be

16:27:16 [npdoty]

for example, will the URL also send state (like in query parameters)? will postMessage send private information that shouldn't be shared?

16:27:54 [npdoty]

does the presentation screen allow for any interaction (which in a public context could be worrisome if I'm logged in)?

16:28:45 [npdoty]

any communication between the presenting and the controlling side must be confidential

16:28:48 [npdoty]

ack MikeONeill

16:29:11 [npdoty]

MikeONeill: different technologies could be used for actual showing the video (eg webrtc) Mark: yes.

16:29:27 [npdoty]

MikeONeill: should the user be alerted in some way that there in a privacy mode?

16:30:02 [npdoty]

mfoltzgoogle: user doesn't have to choose or be aware, the user should just know that when the presentation is over, you're not leaving any private state behind

16:30:12 [anssik]

2. Fingerprinting and screen availability monitoring

16:30:54 [MikeONeill]

Anssi 2nd privacy issue. Fingerprinting. to supply good experience the website needs to now whether there are secondary screens

16:31:17 [tara]

(for a good user experience)

16:31:22 [MikeONeill]

Ansii doing this we reaveal one bit of fingerprinting info (presense of othe screens)

16:31:37 [christine]

q+

16:31:39 [MikeONeill]

+q

16:32:05 [anssik]

https://github.com/w3c/presentation-api/issues/9

16:32:10 [anssik]

q?

16:33:24 [MikeONeill]

Chritstine, what info about presention devices

16:33:50 [MikeONeill]

Ansii, only one bit to in=dicate if presentations are prsesent

16:34:49 [anssik]

s/Ansii/Anssi/

16:35:00 [anssik]

q?

16:35:21 [npdoty]

ack christine

16:35:48 [Luke]

Luke has joined #privacy

16:36:33 [fwagner]

fwagner has joined #privacy

16:36:48 [tara]

MikeONeill: there was a unique GUID in the Media Stream, so was concerned about "drive-by fingerprinting" -- others might use it as convenient API for fingerprinting. Would not like this sort of precedent to be set.

16:36:54 [fwagner]

fwagner has left #privacy

16:37:14 [npdoty]

I would be less concerned about a single boolean than something with much more detail, and it would be more straightforwardly detectable. but it would be worth determining whether there was any alternative way to implement it

16:37:23 [anssik]

3. Security and privacy considerations

16:37:28 [tara]

Anssik: We are only providing Boolean - "screens or no screens" and that's all.

16:37:37 [fwagner]

fwagner has joined #privacy

16:37:40 [tara]

ack mi

16:37:58 [MikeONeill]

Ansii, 3: should be a section on privacy and security consideration - asking for guidance on that section

16:38:01 [anssik]

https://github.com/w3c/presentation-api/issues/45

16:38:38 [npdoty]

q+

16:39:21 [MikeONeill]

Nick, grat to see questionaire use. asking for meta level feedback back

16:39:34 [fwagner]

q?

16:39:40 [tara]

Nick: is the questionnaire working well? Suggestions?

16:39:43 [npdoty]

q-

16:40:00 [anssik]

https://w3ctag.github.io/security-questionnaire/

16:40:14 [MikeONeill]

Ansii, pasting links to other questionaires

16:40:36 [fwagner]

fwagner has left #privacy

16:40:41 [fwagner]

fwagner has joined #privacy

16:41:17 [mfoltzgoogle]

+q

16:41:35 [mfoltzgoogle]

q+

16:41:45 [fwagner]

fwagner has joined #privacy

16:41:54 [tara]

Questionnaire helped to anticipate issues early in the process.

16:42:15 [tara]

Unclear where these documents fit into the process -- could use guidance.

16:42:29 [anssik]

q?

16:43:11 [MikeONeill]

Mark Foltz: comments happy to provide feedback on questionaire

16:43:14 [JoeHallCDT]

regrets, I need to leave the call early

16:43:21 [JoeHallCDT]

JoeHallCDT has left #privacy

16:43:37 [anssik]

https://w3c.github.io/fingerprinting-guidance/

16:43:43 [anssik]

https://w3c.github.io/privacy-considerations/

16:44:00 [anssik]

4. Rejecting the Promise when user cancels the screen selection

16:44:16 [npdoty]

I think the latter of those is less up-to-date, but hopefully the fingerprinting doc (also undergoing revisions) will be helpful

16:45:00 [MikeONeill]

Ansii: issue 4- rejecting promise - if use gets prompt to choose screen if click cancel, currently webpage get to know that

16:45:33 [MikeONeill]

Ansii with specific error code, app knows the user has rejected presentation screen

16:46:05 [npdoty]

q+

16:46:31 [mfoltzgoogle]

q-

16:46:37 [MikeONeill]

need to think about it

16:47:11 [avayvod]

Have to go, sorry.

16:47:14 [MikeONeill]

Nick: geolocation did have a way but implementations rejected that

16:47:54 [MikeONeill]

Nick: not so concerned, but apps need to handle case when user just ignores it, so why have it

16:48:27 [npdoty]

you definitely would want to know whether there was an error somewhere

16:48:41 [npdoty]

but I'm not sure the difference between "user rejected the request" and "user ignored the request"

16:48:46 [anssik]

some details in https://github.com/w3c/presentation-api/issues/20

16:49:09 [MikeONeill]

Mark, gist was sitees may ant to pause video, then resume if user accepts

16:49:43 [fwagner]

Sorry I have to drop of earlier, but have hardly conducted to participate more often than in the past....

16:49:43 [fwagner]

16:49:51 [MikeONeill]

Ansii, open to PING making recomendations

16:50:05 [anssik]

q?

16:50:08 [npdoty]

q-

16:51:19 [anssik]

https://lists.w3.org/Archives/Public/public-secondscreen/2015Jul/0010.html

16:51:24 [anssik]

summary of the issues

16:51:26 [MikeONeill]

Ansii, inviting comments on list or github,

16:51:38 [npdoty]

timeline for feedback?

16:51:45 [tara]

Thanks very much!

16:51:52 [fwagner]

Sorry, I have to drop of, but promise to participate more often than in the past....

16:52:06 [MikeONeill]

Christine, very impressed, covered privacy issues etc.

16:52:31 [MikeONeill]

Christine, time frame for feedback?

16:52:42 [npdoty]

+1, great to see a group very interested in the topic and lots of privacy/security thoughts already

16:52:51 [mfoltzgoogle]

q+

16:52:57 [MikeONeill]

Anssi, not at reveur stage yet. Whatever works for PING

16:53:07 [npdoty]

s/revuer/wide review/

16:53:43 [MikeONeill]

Christine, it varies a lot of specs needs inputs, we need to shepherd, encourage others to contribute

16:53:58 [npdoty]

next month or two?

16:54:14 [MikeONeill]

Christine: next PING call Sept 17

16:54:47 [MikeONeill]

Anssi, chime in on issues, no need to do whole thing in one go

16:54:50 [christine]

Does anyone now want to step up as a shepherd for the review of this spec?

16:54:57 [npdoty]

cool, thanks.

16:56:00 [gnorcie]

I could possibly, let me discuss w/ Joe

16:56:00 [MikeONeill]

Anssi, within 1 month if we have name would be good

16:56:27 [MikeONeill]

thanks ANsii & Mark great presentation

16:56:40 [npdoty]

Topic: Draft TAG security and privacy questionnaire

16:57:00 [mfoltzgoogle]

Just wanted to suggest that any feedback in advance of TPAC at the end of October would be very helpful. The Second Screen Working Group will be meeting F2F there.

16:57:09 [mfoltzgoogle]

q-

16:57:22 [npdoty]

thanks, mfoltzgoogle, that's useful

16:58:07 [MikeONeill]

Christine, mentions wiki, being shipped to gitub

16:58:18 [npdoty]

gnorcie, do you have an update on that? when should we send that feedback to tag or move to github?

16:59:10 [MikeONeill]

gnorcie: next step maybe we should strip out security bits, rather than have one doc

17:01:01 [MikeONeill]

chritine, lets concentrate on privacy first, w

17:01:07 [tara]

(Thanks, Wendy!)

17:01:36 [MikeONeill]

gnorcie, we need to try using the questionaire on new spec see how it works

17:02:07 [MikeONeill]

Christine, presentation API or geofencing talking about next month

17:02:18 [npdoty]

q+

17:03:21 [npdoty]

ack npdoty

17:03:25 [MikeONeill]

Christine, if no objection we could publish as draft note, lets see this published

17:03:40 [tara]

Nick will do updates on the fingerprinting docs, circulate, and we'll publish as draft PING note.

17:03:49 [tara]

Sept 17 for next call.

17:03:52 [npdoty]

thanks

17:03:59 [MikeONeill]

next call on geofencing

17:04:20 [MikeONeill]

thanks

17:04:25 [LCPolan]

LCPolan has left #privacy

17:04:35 [npdoty]

trackbot, end meeting

17:04:35 [trackbot]

Zakim, list attendees

17:04:35 [Zakim]

sorry, trackbot, I don't know what conference this is

17:04:43 [trackbot]

RRSAgent, please draft minutes

17:04:43 [RRSAgent]

I have made the request to generate http://www.w3.org/2015/08/13-privacy-minutes.html trackbot

17:04:44 [trackbot]

RRSAgent, bye

17:04:44 [RRSAgent]

I see no action items