17:05:28 <RRSAgent> RRSAgent has joined #dnt
17:05:28 <RRSAgent> logging to http://www.w3.org/2017/03/06-dnt-irc
17:05:30 <trackbot> RRSAgent, make logs world
17:05:30 <Zakim> Zakim has joined #dnt
17:05:32 <trackbot> Zakim, this will be TRACK
17:05:32 <Zakim> ok, trackbot
17:05:33 <trackbot> Meeting: Tracking Protection Working Group Teleconference
17:05:33 <trackbot> Date: 06 March 2017
17:05:45 <Bert> present+
17:05:53 <Bert> present+ moneill2
17:06:45 <dsinger> present+ dsinger
17:07:19 <fielding> present+ fielding
17:08:59 <Bert> scribenick: bert
17:09:52 <Bert> schunter: I presented to @@
17:10:14 <Bert> shane: matthias did an awesome job
17:10:21 <Bert> topic: timeline
17:10:39 <vincent__> @@ is Future of Privacy Forum
17:10:43 <Bert> schunter: We have to find a procedure. my proposal is in agenda.
17:11:08 <Bert> ... open issues addressed.
17:11:18 <Bert> ... spec freeze in apil, spec in may
17:11:28 <Bert> ... probably need weekly telcons
17:11:39 <Bert> ... bcause we have some 20 issues.
17:11:52 <Bert> ... May need to do another version later.
17:11:58 <moneill2> q+
17:12:03 <Bert> ... But I want to stick to the charter.
17:12:05 <walter> present+
17:12:31 <Bert> moneill2: CR in May? end of May? and after that?
17:12:37 <rvaneijk> Timeline is fine with me. Issues may pop up as ePriv Regulation proposal becomes solid
17:12:49 <Bert> schunter: CR freezes the spec, maybe with features "at risk"
17:13:03 <Bert> ... once we have implems we may remove the "at risk" features
17:13:11 <fielding> Today's agenda is at https://lists.w3.org/Archives/Public/public-tracking/2017Mar/0000.html
17:13:53 <Bert> ... but apart from that, it will be the final Rec.
17:14:16 <Bert> moneill2: Would we need a new charter if not?
17:14:19 <dsinger> q+
17:14:22 <wileys> Use will be driven by what features we’re able to get into this version
17:14:37 <wileys> And if web browsers build user granted exceptions support
17:14:59 <Bert> ... My propsosal for site-specific consent, would that be a versio-2 project?
17:15:15 <Bert> schunter: We would have to decide at the end of the charter.
17:15:28 <Bert> ... If there is enoughg traction, enough adoption.
17:15:51 <Bert> dsinger: We can also publish the omitted "at risk" feats as a Note
17:16:06 <Bert> ... and if they start getting traction, W3C could recharter a WG.
17:16:21 <Bert> schunter: Everything is possible in W3C with sufficient traction.
17:16:48 <fielding> q+
17:16:51 <Bert> rvaneijk: The negotations on privacy directive sitill ongoing.
17:17:04 <Bert> ... May lead to use having to add new features.
17:17:12 <Bert> ... We should not exclude that.
17:17:27 <Bert> ... Inform & Consent imnportant topics.
17:17:50 <Bert> ... Article 29 opinion and ENISA work on guidelines on DNT.
17:17:53 <wileys> Rob - informed consent will be based on the statements the publisher makes to the user outside of DNT.  The publisher then executes the user granted exception API to record the user’s consent.
17:18:09 <wileys> +q
17:18:15 <Bert> ... There is also a more generic opinion of Art 29 in thw works.
17:18:40 <Bert> ... I want to make sure that whatever new attributes come out of this are known in this group.
17:18:47 <moneill2> q+
17:18:52 <Bert> ... And that we have anought hooks to deal with those.
17:18:58 <dsinger> q-
17:19:01 <Bert> schunter: What should we do?
17:19:10 <Bert> rvaneijk: Should keep t the striuct timeline.
17:19:29 <Bert> ... More concrete means people can more easily give feedback.
17:20:00 <Bert> ... There will be a small groups which is not known beforhand and which may need features such as the JS API.
17:20:20 <Bert> ... If the API becomes at risk before we know it will be a req, our timeliens will be out of sync.
17:20:38 <wileys> Disagree on the DNT “Lite” - no value for the marketplace
17:20:39 <Bert> ... But a DNT-light would already be good.
17:20:50 <Bert> ... As long as the limitations are clear to everybody.
17:21:17 <Bert> ... Already clear se need more metadata in the well-known resource.
17:21:27 <Bert> ... *Free, informed and specific*
17:21:40 <wileys> How should the well known resource be structured?  We had not defined a formal structure at this point.
17:21:49 <Bert> ... (I've been ill a bit, but will make an issue on github)
17:21:54 <wileys> Human readable vs. machine readable?
17:22:08 <Bert> moneill2: Can we move this timeline by a week or so?
17:22:19 <Bert> schunter: Not set in stone, a week is OK
17:22:44 <fielding> well, we defined it to be a JSON object, so that's a bit of structure ;-)
17:22:46 <Bert> ... I wouldn't want to wait on Art 29 or ENISA, but if you alreadyhave input, raise the issue.
17:22:48 <walter> moneill2: ENISA is the EU-wide NCSC
17:22:55 <fielding> q?
17:23:03 <fielding> ack moneill
17:23:48 <Bert> moneill2: DNT extensions. Would like to specify in the API, maybe with dnt:1
17:24:00 <walter> q+
17:24:03 <wileys> We need baseline browser support before we go too far on considering extension libraries for 3rd party tools
17:24:12 <Bert> ... E.g., for Qualified consent, or site-specirfic consent.
17:24:17 <rvaneijk> wileys, machine readable as in browsers being able to retreive the information and present it to the user, if needed. UI is out of scope.
17:24:26 <Bert> schunter: So if we push my timeline by one week, everybody is OK?
17:24:39 <wileys> Rob - great - just meaning they can display a text page, correct?
17:24:53 <Bert> fielding: Don't close the issue list, maybe just cloise it for a specific draft.
17:24:55 <dsinger> q+
17:25:05 <rvaneijk> yes, and/or provide links to deeper layers of information.
17:25:08 <wileys> ack fielding
17:25:08 <Bert> ... Keep opportunity for people to tell us we screwed up.
17:25:36 <Bert> schunter: Issues can continue to come it, we just say they will be off our list for this release.
17:25:37 <fielding> ack wileys
17:25:57 <Bert> shane: disagree with DNT-light.
17:26:15 <Bert> ... Main driver is EU priv regulation.
17:26:54 <Bert> ... So if we mobilize DNT as a consent mechanism [@@@]
17:26:57 <moneill2> +q
17:27:01 <rvaneijk> wileys, slightly disagree, because profiling is ruled by the GDPR
17:27:19 <Bert> ... We can discuss more the conceot of expiry now.
17:27:40 <Bert> ... draft regualtion ha sore of reminder, up to 6 months user is reminded of their consent.
17:27:49 <Bert> ... Hoping we can integrate that.
17:27:51 <rvaneijk> wileys, on user granted exceptions, the concept of expiry and the ability to revoke consent are two important elements.
17:28:00 <dsinger> q?
17:28:03 <schunter> q?
17:28:09 <schunter> ack wal
17:28:23 <schunter> q+
17:28:30 <wileys> Rob - agreed on expiry and revocation
17:28:30 <Bert> walter: Support Mike's issue for a more interesting set of features for dnt:0
17:28:40 <moneill2> walter, thanks
17:29:05 <Bert> dsinger: Back to Roy's saying: Every CR & PR should have a link to where to report issues and a link to reports.
17:29:10 <rvaneijk> wileys, great :)
17:29:15 <Bert> ... Mailing lists no longer adequete.
17:29:31 <Bert> ... Maybe Bert can help with github or bugzilla.
17:29:33 <fielding> we could add a link to the issues list, sure.
17:29:43 <walter> +!
17:29:46 <walter> eh, +1
17:29:54 <Bert> ... Something that says report bugs here and see other bugs here.
17:29:59 <wileys> UGE revocation was always expected to managed by the browser UX - other than saying that this should be a browser feature is there anything else the standard should say here to meet the “as easy to remove as it is to set”?
17:30:18 <schunter> q?
17:30:19 <moneill2> great
17:30:29 <schunter> ack ds
17:30:30 <Bert> fielding: I can more drafts to github and then open it up for the issues.
17:30:38 <aleecia> aleecia has joined #dnt
17:30:41 <Bert> moneill2: About first using cookies:
17:30:44 <wileys> Cookies would be messy
17:30:46 <fielding> s/more/move/
17:30:57 <wileys> DNT UGEs are superior
17:31:19 <wileys> There are ways to do it but they are complex (see industry opt-out pages for example)
17:31:22 <Bert> ... In terms of generalized system that would be verificable anbd extensibel, you'd need to escape the same-origine. That's where API come sin.
17:31:23 <fielding> q?
17:31:32 <fielding> ack mon
17:31:34 <Bert> schunter: Want to counter Shane's argument:
17:31:38 <fielding> ack sch
17:31:49 <Bert> ... Iwant to get the doc out, follow our charter.
17:31:57 <wileys> I’m not against pushing a CR now
17:32:05 <wileys> Just don’t want us to stop at that point
17:32:27 <Bert> ... Then if we see after that thet we need more features, we can decide to delay.
17:33:10 <Bert> shane: Not against a CR now. Just don't want us to stop after that.
17:33:53 <Bert> schunter: So if there is more info or feedback, otherwise proceed.
17:33:56 <aleecia> +1 agree with Shane — CR now, expect a 1.1 shortly after based on feedback (if no feedback presumably we go home)
17:34:02 <wileys> Agreed - go for CR now - and once new information comes into the group perhaps refresh the CR if needed
17:34:29 <wileys> Time is against us… :-(
17:34:35 <Bert> schunter: Encourage everyone to bring implementers into the room.
17:34:47 <Bert> Topic: Implementation/validation strategy
17:35:38 <Bert> schunter: We have three proposals: a) plugins, b) browser implem, c) adapt ourselves to existing IE/Edge
17:36:06 <Bert> ... Question is can we reacch REC with just plugins?
17:36:23 <Bert> moneill2: We need to have a UA
17:36:35 <schunter> q?
17:36:59 <Bert> schunter: We are likely to chnage the spec, but MS is not likely to implement the new things.
17:37:08 <aleecia> +1
17:37:20 <aleecia> +q
17:37:22 <aleecia> (sigh)
17:37:27 <Bert> ... So if we want a UA, we need a browser to join, or we need to spec what MS already does.
17:37:45 <Bert> ... Other option is to rely on the plugins.
17:37:56 <Bert> moneill2: What's happening in Firefox?
17:37:57 <schunter> q?
17:38:22 <Bert> shane: FF is meeting internally to see if they should join.
17:38:42 <schunter> q+
17:38:46 <aleecia> what does yahoo implement for DNT (for FF) — pointer to a doc on that would be great
17:38:47 <Bert> ... It's the largest impl, but it's a simple one.
17:38:51 <schunter> ack ale
17:39:05 <Bert> aleecia: Q for W3C staff:
17:39:19 <walter> +1
17:39:42 <Bert> ... Prefer to go with UAs. Seems they hold off becase we still change spec.
17:40:12 <Bert> schunter: You mean UA with a plugin?
17:40:17 <Bert> aleecia: Yes
17:40:51 <Bert> schunter: I think best option is UAs, 2nd is FF with plugins.
17:41:08 <Bert> aleecia: I'm supportive of that.
17:41:19 <schunter> q?
17:41:22 <schunter> ack sch
17:41:24 <wileys> Catch-22
17:41:34 <Bert> ... If MS wants to implement only after the spec is done, we can't blame them.
17:42:47 <Bert> ACTION: Bert: work with schunter on requirements for CR exit: UAs, plugins, Edge...?
17:42:48 <trackbot> Created ACTION-473 - Work with schunter on requirements for cr exit: uas, plugins, edge...? [on Bert Bos - due 2017-03-13].
17:43:24 <Bert> Topic: Usability for hosted sites
17:43:59 <Bert> fielding: We had been discussion whether to include http-equiv in the spec to indicate tracking status.
17:44:13 <walter> wileys: your sound is breaking up at times
17:44:17 <wileys> That is not me!
17:44:23 <wileys> I’m on mute!
17:44:42 <aleecia> aleecia has joined #dnt
17:44:44 <Bert> ... We discussed on the call if that was useful in respect to well-known resource.
17:45:21 <Bert> ... We are currently only sending responses udner certain cases, to make caching possible.
17:46:05 <Bert> ... If the UA is parsing the HTML for the tracking status, they need more. Hence the idea to add trk.
17:46:30 <Bert> ... My idea was add in a script attacjhed to document object.
17:46:43 <Bert> ... But it could also be a <meta> element.
17:47:11 <Bert> moneill2: Issue is with hosting with thousands of sites.
17:47:49 <Bert> ... So http-equiv (or <meta content>) is logictically easier at the moment.
17:48:01 <Bert> ... Not saying it is a better mechanism than well-known resource.
17:48:14 <Bert> schunter: But the well-known resource will stay as well?
17:48:16 <Bert> moneill2: Yes.
17:48:36 <walter> Bert: so we're now still using the bugzilla next to the github issue tracker?
17:48:38 <aleecia> aleecia has joined #dnt
17:48:38 <Bert> moneill2: Include the stringified JSON
17:49:16 <Bert> ... The aim is to make it easier for sites.
17:49:23 <dsinger> q?
17:49:28 <Bert> schunter: But it removes the transparency.
17:49:45 <Bert> fielding: If there is a well-known resource, it overrides everything.
17:50:05 <rvaneijk> hmm, I thought the problem was not being able to set the HTTP-headers.
17:50:19 <Bert> schunter: But if I'm hosted and promise to be nice, and my hosting company doesn't...
17:50:26 <rvaneijk> Posting the .well-know-resource looks the easy bit to me.
17:51:04 <wileys> And the Publishing Platform has no legal requirement to support any DNT disclosures (outside of stating whether they support it or not in CA).  Allowing sites sitting on a publishing platform should not be able to speak to DNT outside of collaboration with the publishing platform
17:51:07 <Bert> dsinger: I don't understand how you can say you are not tracking when you don't even have control ovber the well-known resurce
17:51:12 <schunter> q?
17:51:42 <wileys> +q
17:51:50 <Bert> schunter: It's the case when you have comntrol over content, but cannot deal with all the hosting.
17:51:58 <wileys> We must require collaboration between the publishing platform and the publisher
17:52:01 <wileys> MUST
17:52:24 <Bert> ... You may be thinking you are not tracking, but your hoster is.
17:52:25 <fielding> I agree with the concerns and don't have any need for this feature, but given that it only exists when the publisher doesn't support DNT sitewide ... it's okay.
17:52:28 <schunter> q+
17:52:29 <aleecia> (response to dsinger;: the context was if you are publishing on a hosted platform, like a WordPress publisher. You might know what you’re doing but not have full control)
17:52:41 <schunter> q?ack wil
17:52:50 <schunter> ack wil
17:53:29 <walter> q+
17:53:34 <Bert> shane: In this scenario, we should be prescriptive that a platform must cooperate with a publisher.
17:53:55 <Bert> ... As a publisher you need to be informed what your platform supports.
17:54:41 <Bert> ... But example of Unilever, large org with many departments, I think they *can* work together.
17:55:17 <Bert> schunter: Hosting provider has to have a tracking status resource that allows the content owner to fill in the blanks.
17:55:46 <Bert> moneill2: Some propertiues in well-known loc and other properties defined in content.
17:56:02 <aleecia> presumably there’s a default that if publishers say nothing, we assume they’re tracking (legacy sites unchanged for a decade or something)
17:56:07 <Bert> schunter: But that requires trustbetween content provider and platform.
17:56:38 <Bert> walter: Two scenarios:
17:57:08 <Bert> ... Platform that just honers what content provider wants.
17:57:25 <Bert> ... Would need some flag the platform does no tracking at all, but content owner may.
17:57:48 <Bert> ... Other scenario is that content provider says he's not tracking more than what the platform does.
17:58:12 <Bert> ... If you dont' have that control, DNT is not a good fit for you anyway.
17:58:27 <schunter> q?
17:58:53 <Bert> ... But this might be for a version 2.
17:59:19 <Bert> schunter: Platform can only leave blanks if it is not itself tracking.
17:59:33 <fielding> I think we should focus on what the user needs communicated rather than splitting the communication among hosting and content. After all, none of this is hard for the platform to implement support.
17:59:34 <Bert> walter: I don;'t want to make this a blocking issue for current spec.
17:59:39 <wileys> Please drop it
17:59:49 <wileys> HTTP Equiv causes more problems than it solves
18:00:04 <Bert> moneill2: Agree, I think it would help, but let's not block on having the feature.
18:00:22 <aleecia> Yikes.
18:00:36 <Bert> schunter: Close it? or push to next spec?
18:00:38 <walter> aleecia: ?
18:00:40 <Bert> moneill2: Just close it.
18:00:41 <wileys> Cleaner implementations
18:00:53 <Bert> schunter: Conclusions:
18:00:58 <Bert> ... We have a timeline
18:01:13 <Bert> ... We have solved an issue.
18:01:21 <aleecia> noted
18:01:26 <Bert> ... I propose we start weekly telcons now.
18:01:35 <wileys> wileys has left #dnt
18:01:39 <walter> bye!
18:01:40 <Bert> ... See you next week!
18:01:47 <vincent__> bye
18:14:14 <walter> Bert: I got an email telling me that an issue in Bugzilla had been updated
18:14:39 <walter> Bert: someone assigned an action to you
18:15:24 <Bert> Then I guess I need to take a look...
18:18:48 <Bert> Ah yes, that's tracker. It listens to IRC. I don't think we actually have a public bugzilla for this group.
18:23:24 <Bert> I think this group isn't actually using Tracker anymore, so it probably should stop listening to IRC.
18:28:31 <Bert> zakim, list participants
18:28:31 <Zakim> As of this point the attendees have been Bert, moneill2, dsinger, fielding, walter, !
18:28:42 <Bert> rrsagent, make minutes v2
18:28:42 <RRSAgent> I have made the request to generate http://www.w3.org/2017/03/06-dnt-minutes.html Bert
18:51:45 <Bert> s/@@/Future of Privacy Forum/
18:52:03 <Bert> s/ apil / April /
18:52:19 <Bert> s/in may/in May/
18:53:02 <Bert> agenda: https://‌lists.w3.org/‌Archives/‌Public/‌public-tracking/‌2017Mar/‌0000.html
19:04:35 <Bert> s/versio-2/version-2/
19:04:44 <Bert> s/enoughg/enough/
19:05:12 <Bert> s/use having/us having/
19:05:23 <Bert> s/imnportant/important/
19:24:26 <dsinger> dsinger has joined #dnt
19:26:23 <Bert> rrsagent, make minutes v2
19:26:23 <RRSAgent> I have made the request to generate http://www.w3.org/2017/03/06-dnt-minutes.html Bert