15:54:57 RRSAgent has joined #privacy 15:54:57 logging to http://www.w3.org/2015/08/13-privacy-irc 15:54:59 RRSAgent, make logs 263 15:54:59 Zakim has joined #privacy 15:55:01 Zakim, this will be 15:55:01 I don't understand 'this will be', trackbot 15:55:02 Meeting: Privacy Interest Group Teleconference 15:55:02 Date: 13 August 2015 15:55:04 rrsagent, make logs public 15:56:04 present+ npdoty, MikeONeill, tara, christine 15:59:50 mfoltzgoogle has joined #privacy 16:01:20 present+ Wseltzer 16:01:44 present+ gregnorcie 16:01:49 present+ anssi 16:02:00 present+ frankwagner 16:02:04 JoeHallCDT has joined #privacy 16:02:10 present+ lakepolan 16:02:24 gnorcie has joined #privacy 16:02:29 LCPolan has joined #privacy 16:02:30 testing 16:02:51 anssik has joined #privacy 16:03:06 Present+ Anssi_Kostiainen 16:03:07 present+ markschultz 16:03:48 s/present+ markschultz/present+ Mark_Foltz/ 16:04:16 any volunteers to scribe? 16:04:54 gnorcie or JoeHallCDT, can you scribe to start? then MikeONeill will take over halfway through? 16:05:15 I cannot 16:05:17 sorry 16:05:23 distracted and have to leave early :/ 16:05:37 MikeONeill, why don't you start and we'll help you out when you need to stop? 16:05:43 OK 16:05:49 scribenick: MikeONeill 16:06:02 present+ katiehs 16:06:05 Thanks! 16:06:18 avayvod has joined #privacy 16:07:10 Christine askinf for intros 16:07:10 1. Welcome and introductions 16:07:48 ansik intoduces hmself 16:07:53 (Anssi Kostiainen) 16:08:35 Mark Foltz 16:09:10 didnt catch name 16:09:31 Anton and Mounir, Google London 16:10:39 geolocation still working on use cases, postponing our discussion till next ca 16:10:48 Topic: Presentation API 16:10:49 Now presentation API 16:11:11 Anssi Kostiainen and Mark Foltz are from the Second Screen Presentation Working Group 16:12:02 Presentation API WD http://www.w3.org/TR/presentation-api/ 16:12:27 Email from the Second Screen WG - https://lists.w3.org/Archives/Public/public-secondscreen/2015Jul/0010.html 16:12:29 Mark Foltz is starting presentation 16:12:55 Basic use case to allow web app use secondary displays 16:13:01 Present+ terri 16:13:19 essentiall display other piece of content that what use is viewing 16:14:18 (If you are not speaking, please mute! Thanks.) 16:14:23 app can send url to display 16:14:33 mounir has joined #privacy 16:14:40 other option is for browser to send video straem 16:15:24 https://github.com/w3c/presentation-api/blob/gh-pages/uc-req.md 16:15:31 [use cases document] 16:16:20 webcoferencing, can use home TV, gaming all use cases 16:16:34 +q 16:16:44 tara thanks 16:17:16 q+ on differences from postMessage or from full-screen api 16:18:16 q? 16:18:37 1. Private mode browsing for the presenting context 16:18:50 Anssi walk through privacy aspects 16:18:59 The four issues are here: https://lists.w3.org/Archives/Public/public-secondscreen/2015Jul/0010.html 16:19:11 https://github.com/w3c/presentation-api/issues/45 16:19:23 Anssi we use GitHub for tracking issues 16:19:42 privacy issue 1) privacy mode what happens? 16:20:40 Anssi second device shared by multiple users. How to protect privacy in that situation. Should we require "private mode browsing" context? 16:21:12 Anssi privacy mode not standardised 16:21:27 q? 16:21:35 q+ on private browsing mode and whose privacy 16:21:39 q? 16:22:30 Nick, is idea we dont want to show logged in or private video? 16:23:22 Mark Foltz, one possible modes send url or stream 16:24:44 Mark Foltz, device should not have access to cookie hjars, other data 16:26:27 ack np 16:26:27 npdoty, you wanted to comment on differences from postMessage or from full-screen api and to comment on private browsing mode and whose privacy 16:26:41 I think there are some interesting challenges regarding how private this presentation mode should be 16:27:16 for example, will the URL also send state (like in query parameters)? will postMessage send private information that shouldn't be shared? 16:27:54 does the presentation screen allow for any interaction (which in a public context could be worrisome if I'm logged in)? 16:28:45 any communication between the presenting and the controlling side must be confidential 16:28:48 ack MikeONeill 16:29:11 MikeONeill: different technologies could be used for actual showing the video (eg webrtc) Mark: yes. 16:29:27 MikeONeill: should the user be alerted in some way that there in a privacy mode? 16:30:02 mfoltzgoogle: user doesn't have to choose or be aware, the user should just know that when the presentation is over, you're not leaving any private state behind 16:30:12 2. Fingerprinting and screen availability monitoring 16:30:54 Anssi 2nd privacy issue. Fingerprinting. to supply good experience the website needs to now whether there are secondary screens 16:31:17 (for a good user experience) 16:31:22 Ansii doing this we reaveal one bit of fingerprinting info (presense of othe screens) 16:31:37 q+ 16:31:39 +q 16:32:05 https://github.com/w3c/presentation-api/issues/9 16:32:10 q? 16:33:24 Chritstine, what info about presention devices 16:33:50 Ansii, only one bit to in=dicate if presentations are prsesent 16:34:49 s/Ansii/Anssi/ 16:35:00 q? 16:35:21 ack christine 16:35:48 Luke has joined #privacy 16:36:33 fwagner has joined #privacy 16:36:48 MikeONeill: there was a unique GUID in the Media Stream, so was concerned about "drive-by fingerprinting" -- others might use it as convenient API for fingerprinting. Would not like this sort of precedent to be set. 16:36:54 fwagner has left #privacy 16:37:14 I would be less concerned about a single boolean than something with much more detail, and it would be more straightforwardly detectable. but it would be worth determining whether there was any alternative way to implement it 16:37:23 3. Security and privacy considerations 16:37:28 Anssik: We are only providing Boolean - "screens or no screens" and that's all. 16:37:37 fwagner has joined #privacy 16:37:40 ack mi 16:37:58 Ansii, 3: should be a section on privacy and security consideration - asking for guidance on that section 16:38:01 https://github.com/w3c/presentation-api/issues/45 16:38:38 q+ 16:39:21 Nick, grat to see questionaire use. asking for meta level feedback back 16:39:34 q? 16:39:40 Nick: is the questionnaire working well? Suggestions? 16:39:43 q- 16:40:00 https://w3ctag.github.io/security-questionnaire/ 16:40:14 Ansii, pasting links to other questionaires 16:40:36 fwagner has left #privacy 16:40:41 fwagner has joined #privacy 16:41:17 +q 16:41:35 q+ 16:41:45 fwagner has joined #privacy 16:41:54 Questionnaire helped to anticipate issues early in the process. 16:42:15 Unclear where these documents fit into the process -- could use guidance. 16:42:29 q? 16:43:11 Mark Foltz: comments happy to provide feedback on questionaire 16:43:14 regrets, I need to leave the call early 16:43:21 JoeHallCDT has left #privacy 16:43:37 https://w3c.github.io/fingerprinting-guidance/ 16:43:43 https://w3c.github.io/privacy-considerations/ 16:44:00 4. Rejecting the Promise when user cancels the screen selection 16:44:16 I think the latter of those is less up-to-date, but hopefully the fingerprinting doc (also undergoing revisions) will be helpful 16:45:00 Ansii: issue 4- rejecting promise - if use gets prompt to choose screen if click cancel, currently webpage get to know that 16:45:33 Ansii with specific error code, app knows the user has rejected presentation screen 16:46:05 q+ 16:46:31 q- 16:46:37 need to think about it 16:47:11 Have to go, sorry. 16:47:14 Nick: geolocation did have a way but implementations rejected that 16:47:54 Nick: not so concerned, but apps need to handle case when user just ignores it, so why have it 16:48:27 you definitely would want to know whether there was an error somewhere 16:48:41 but I'm not sure the difference between "user rejected the request" and "user ignored the request" 16:48:46 some details in https://github.com/w3c/presentation-api/issues/20 16:49:09 Mark, gist was sitees may ant to pause video, then resume if user accepts 16:49:43 Sorry I have to drop of earlier, but have hardly conducted to participate more often than in the past.... 16:49:43 16:49:51 Ansii, open to PING making recomendations 16:50:05 q? 16:50:08 q- 16:51:19 https://lists.w3.org/Archives/Public/public-secondscreen/2015Jul/0010.html 16:51:24 summary of the issues 16:51:26 Ansii, inviting comments on list or github, 16:51:38 timeline for feedback? 16:51:45 Thanks very much! 16:51:52 Sorry, I have to drop of, but promise to participate more often than in the past.... 16:52:06 Christine, very impressed, covered privacy issues etc. 16:52:31 Christine, time frame for feedback? 16:52:42 +1, great to see a group very interested in the topic and lots of privacy/security thoughts already 16:52:51 q+ 16:52:57 Anssi, not at reveur stage yet. Whatever works for PING 16:53:07 s/revuer/wide review/ 16:53:43 Christine, it varies a lot of specs needs inputs, we need to shepherd, encourage others to contribute 16:53:58 next month or two? 16:54:14 Christine: next PING call Sept 17 16:54:47 Anssi, chime in on issues, no need to do whole thing in one go 16:54:50 Does anyone now want to step up as a shepherd for the review of this spec? 16:54:57 cool, thanks. 16:56:00 I could possibly, let me discuss w/ Joe 16:56:00 Anssi, within 1 month if we have name would be good 16:56:27 thanks ANsii & Mark great presentation 16:56:40 Topic: Draft TAG security and privacy questionnaire 16:57:00 Just wanted to suggest that any feedback in advance of TPAC at the end of October would be very helpful. The Second Screen Working Group will be meeting F2F there. 16:57:09 q- 16:57:22 thanks, mfoltzgoogle, that's useful 16:58:07 Christine, mentions wiki, being shipped to gitub 16:58:18 gnorcie, do you have an update on that? when should we send that feedback to tag or move to github? 16:59:10 gnorcie: next step maybe we should strip out security bits, rather than have one doc 17:01:01 chritine, lets concentrate on privacy first, w 17:01:07 (Thanks, Wendy!) 17:01:36 gnorcie, we need to try using the questionaire on new spec see how it works 17:02:07 Christine, presentation API or geofencing talking about next month 17:02:18 q+ 17:03:21 ack npdoty 17:03:25 Christine, if no objection we could publish as draft note, lets see this published 17:03:40 Nick will do updates on the fingerprinting docs, circulate, and we'll publish as draft PING note. 17:03:49 Sept 17 for next call. 17:03:52 thanks 17:03:59 next call on geofencing 17:04:20 thanks 17:04:25 LCPolan has left #privacy 17:04:35 trackbot, end meeting 17:04:35 Zakim, list attendees 17:04:35 sorry, trackbot, I don't know what conference this is 17:04:43 RRSAgent, please draft minutes 17:04:43 I have made the request to generate http://www.w3.org/2015/08/13-privacy-minutes.html trackbot 17:04:44 RRSAgent, bye 17:04:44 I see no action items