Privacy Monthly January 2017 -- 19 Jan 2017

<npdoty> (how many pieces of software does WebEx require you to install these days?)

<tara> more than 9000

<barryleiba> Billions and billions.

<tara> Giving a moment for folks to join...

agenda item 1: privacy review requests

<tara> Remote Playback API

<tara> http://w3c.github.io/remote-playback/

until Jan 30 for review

<tara> WebRTC Statistics API

also for Web RTC

<tara> https://www.w3.org/TR/2016/WD-webrtc-stats-20161214/

short time frame - looking for comments

<tara> Screen Orientation API

<tara> https://www.w3.org/TR/screen-orientation/

3rd request is screen orientation API

<tara> https://www.w3.org/TR/security-privacy-questionnaire/

<tara> https://github.com/w3c/screen-orientation/issues

they used the draft questionnaire

<tara> IndexedDB API

4th request

<tara> https://www.w3.org/TR/IndexedDB-2/

<tara> https://github.com/w3c/IndexedDB/issues/

they were looking for comments, PING did not provide comments in timeframe - Tara asked if comments are still welcome

Wendy mentioned that there might be some concerns

deadline for the 3rd request is 12 Feb

time to make comments

<mikeoneill> +q

tara asking for volunteers

mike looked at indexDB, might say something over the weekend - the basic privacy danger is that the third party could use indexdb to track you - like you can with local storage to re-enliven cookies

mike: issue of third parties having access to storage in browsers - is the broader issue
... relevant is the ePrivacy directive

browsers are obliged under the proposal to guard access by third parties of storage within browsers

mike continued - we should have a general discussion about Web RTC

local IP address issues

<tara> Christine - the exposure of local IP address in WebRTC has been an ongoing issue for W3C and IETF specs

<tara> Christine: we're in a better position now; Nick?

<tara> Nick: suggestion was for different modes; default mode would expose only RFC 1918 local IP addr (auto-config, not one hidden behind VPN)

tara to send a call to list for volunteers for reviews

agenda item 2: I-D ACTION: draft-ietf-httpbis-client-hints-03.txt

<tara> https://datatracker.ietf.org/doc/draft-ietf-httpbis-client-hints/

<tara> https://tools.ietf.org/html/draft-ietf-httpbis-client-hints-03

for indicating preferences ... discussion around identifiability

as a result of 'hints'

<npdoty> mikeoneill: I think this might be the right one https://www.ietf.org/id/draft-ietf-rtcweb-ip-handling-03.txt

mark n and nick replied on list

mike: did you get a reply to your comment? (asking Nick)

nick: I think so, he had some questions or request, have some follow-up to do

<npdoty> Mark replied on Christmas day: https://lists.w3.org/Archives/Public/public-privacy/2016OctDec/0065.html

tara: is anyone here following the work in IETF (from PING)?

Barry is following HTTP group in general but not everything they are doing, will take a quick look at the doc

nick: might be useful, it made me wonder what other specs might be doing other things

barry: we should look at what the group is putting out, will put on my queue - mark is on group and liasion to IETF, so presume he is alert - he sent this one (for example)

agenda item 3 - ePrivacy directive

<tara> http://www.politico.eu/wp-content/uploads/2016/12/POLITICO-e-privacy-directive-review-draft-december.pdf

<mikeoneill> https://baycloud.com/blog/do-not-track-the-key-to-compliance-with-the-eprivacy-and-general-data-protection-regulations

tara: some items more relevant for tracking protection wg, perhaps

<npdoty> christine: on my list as well, question: brought up in the Tracking Protection WG, but does anyone know what they plan to do?

<npdoty> mikeoneill: haven't discussed it yet, though it's on the tpwg mailing list

mike: we need to monitor
... browsers would have a legal obligation to protect personal data of the user
... because they have to ask and register consent
... see what I have written (link above)
... potentially a big legal obligation
... quite important and ties to our work here

tara: thanks to the link to the analysis

<tara> ach mik

<tara> Privacy questionnaire

agenda item 4 - privacy questionnaire

<tara> Christine renewing effort in new year to address questionnaire

<tara> Will be done in chunks of work instead of one lot of work

<npdoty> +1, I like the idea of working on particular pieces

agenda item 5 - summary of security IG call

tara: fairly short call, core participants

charter was updated and renewed

<npdoty> https://www.w3.org/2011/07/security-ig-charter.html

thinking about how to manage the security reviews

need people with the right amount of expertise and how to do that

manage workload

question around the development of the questionnaires

interested in knowing how PING work on questionnaire proceeds

update security wiki

relevant issues in the press, who does reviews, etc

sam: biggest // is around reviews

nick: curious about the size of the group and the reviews q

if smaller than this group and both struggling to get reviews, wonder if we should combine?

sam: you are on the right track

should combine where we can

<tara> Christine: we should renew the practice of inviting a rep from the group

<tara> For a robust discussion of issues

<tara> We could also invite the security IG rep at that time

<tara> And then we get one combined discussion

nick: enough overlap to do collaboration

tara: heads-up one in the planning

mike: re WebRTC statistics thing, maybe we could meet with Security IG
... will look into over the next week or so
... ask WebRTC people to give a presentation

tara: Web payments looking to talk to us in Feb
... choose a time for the next call

<npdoty> 16 February?

16 Feb?

RSA conflict

9 Feb?

tara: propose 16 Feb

sam: reminder to give early notice to all include web sec

<Marc> Goodbye

<npdoty> weiler, can we make the minutes public?

- DRAFT -

Privacy Monthly January 2017
19 Jan 2017

Attendees

Contents

Summary of Action Items

Summary of Resolutions

Scribe.perl diagnostic output