16:05:15 RRSAgent has joined #dnt 16:05:15 logging to http://www.w3.org/2017/03/20-dnt-irc 16:05:17 RRSAgent, make logs world 16:05:17 Zakim has joined #dnt 16:05:19 Zakim, this will be TRACK 16:05:19 ok, trackbot 16:05:20 Meeting: Tracking Protection Working Group Teleconference 16:05:20 Date: 20 March 2017 16:05:38 Any suggestions what 2 topics to promote from "new" to "under discussion"? 16:06:05 fielding has joined #dnt 16:06:09 wileys has joined #dnt 16:06:29 me too 16:06:32 My webex just ended. 16:06:39 Or crashed 16:07:04 Same as Rob - on WebEx but no Host 16:07:57 unable to access webx. not accept pw....is the call in number working for anyone? 16:08:23 at has joined #dnt 16:08:25 present+ 16:08:29 vincent_ has joined #dnt 16:08:36 present+ 16:08:49 present+ 16:09:38 aleecia has joined #dnt 16:12:49 vincent__ has joined #dnt 16:13:29 present 16:13:33 as in, about to dial in 16:13:51 https://github.com/w3c/dnt/issues/13 16:14:04 mcshunter: today we discuss issue 13, issue 2 16:14:06 https://github.com/w3c/dnt/issues/2 16:14:36 mschunter: one conclusion last week, if using JS API about collecting content, should publish in tracking status resource what you actually do 16:14:44 … issue 19, waiting for text 16:14:54 … is Walter on the call? 16:15:01 rob: trying to call in, not there yet 16:15:15 mschunter: is Mike here? (yes) issue 13 16:15:24 mschunter: I am trying to call in 16:15:32 does mschunter actually pay attention to IRC? 16:15:41 mikeoneill: similar to promises, DNT asynch and DNT property in JS 16:15:57 … it’s what it was when the session was enabled, it normally doesn’t change, 16:16:12 … if you had an event, if would be more efficient. could have a DNT change event. 16:16:41 … listen for event, do a call back when the event occurs, which is the DNT value either changed or became valid (couldn’t determine header value initially) 16:16:56 mschunter: if you start with DNT:0, you keep it for lifetime of session? 16:16:57 yes 16:17:33 You’ll receive a new DNT header with every single page load so I’m not sure where the “lifetime of the session” comes in from that perspective. 16:17:39 mikeoneill: determine it’s valid inside the callback for the event but not be for other times. this is for JS in a library, there could be better implementations from browsers 16:18:20 mikeoneill: no way to amend or vary that property in a reliable fashion, and in many circumstances doesn’t matter, but could. if there’s a DNT change event, in the callback we can confirm the DNT value is valid 16:18:35 mschunter: have JS property, 16:18:45 … value can be 0 or 1, maybe it changes 16:18:53 mikeoneill: normally doesn’t change 16:19:27 mschunter: JS call for 0 or 1, if someone revokes consent, i call again and get a different value. 16:19:31 [cross talk] 16:19:51 q+ 16:19:56 mikeoneill: can do it inside a time out, a set time interval, but the reason we introduced promises is then we have an artificial delay 16:20:11 … if an event, you know it’s changed. it might change from unknown to known the first time. 16:20:37 mschunter: the point is instead of a variable to poll, you get notified if it changes 16:21:05 DNT-updated event in addition to DNT property. 16:21:08 mikeoneill: if you have an event you can pass the property in the callback. I’m not saying to remove the property. Just that the value is valid guarentted inside that callback 16:21:19 ack fiel 16:21:41 fielding: don’t see a need for this. parameter is there for JS to check before it does something. not an event that occurs later in the future. 16:21:55 … doesn’t happen on a running page, with ads waiting for value to change 16:22:22 mikeoneill: iFrame, could happen. ad exchange asking for consent and user gives consent. 16:22:40 … get out of the mindset that it’s client-server. code could be operating within the client 16:22:57 … consent can be initiated by top-level context or an iFrame nested within that context 16:23:04 … DNT value that applies could change 16:23:04 MTS: Only relevant if DNT info if 0/1 is cached elsewhere and needs updating for consistency. 16:23:40 … mobile devices are disconnected, could have a web app still running but different origins with JS code opperating in combination to implement a web application 16:23:50 q+ 16:24:10 fielding: app operates fine, trigger a refresh, communicate with other iFrames. having them all look for an event isn’t — cut off 16:24:44 mikeoneill: you could do it that way but why not a general purpose event, or hang off another event like a message event, or a set time out event 16:24:54 fielding: or just check the value! 16:25:12 mikeoneill: might trigger from timeout or message event 16:25:38 … they might not have been triggered, if they want to know then the only way to determine is to have an arbitrary time out 16:25:46 mschunter: we’re talking across each other 16:26:11 … call the value now, and call it again later [sorry missing this ] 16:26:41 [audio poor] 16:27:15 rvaneijk: you are hard to understand 16:27:20 rvanejik: want to understand. if something is loading you want to check to see if it’s finished, with DNT a session can take a long time. 16:27:26 … user can change consent to another status 16:27:46 vincent_ has joined #dnt 16:27:54 … trying to understand if there’s a benefit to using an event listener rather than checking DNT status property. doesn’t it make any difference in costs per round trip? 16:28:18 mikeoneill: could do a time out, check every 500 ms and check the value. problem with that, how long is the time out and it’s just annoying. 16:28:42 … have an event, have a callback, you know it’s valid. it’s just a nicer way to do things. and you can guarentee the value is valid. 16:29:29 … trying to come up with a DNT library to implement the API or something like it if the browser isn’t supported. be able to respond with ad iFrames also respond, and implement even if the API isn’t there. but how do you know when it’s valid or not? that’s what i’m trying to solve. 16:29:53 … can write up the use case. if people liek it we go with it, if not, drop it 16:29:57 … can define the use case more 16:30:15 fielding: with an event, browser needs to know which listeners to notify, complicated 16:30:26 mikeoneill: just your origin 16:30:37 fielding: browser has to track this, could be each iFrame 16:30:52 ack rv 16:30:55 mikeoneill: it sets the event and knows where DNT was sent 16:31:19 mschunter: seems nice to have, unless wanted we’ll push it out [for the next version] 16:31:44 Mike's proposal seems logical to me, i.e., dnthaschanged.eventlistener: function() {} etc. 16:31:50 mikeoneill: agree, just like to say — will write thoughts and get people to read it, make up minds next time. 16:32:04 (fwiw, sounds good to me but for next version) 16:32:18 fielding: other things to deal with 16:32:26 MArtin__Telekom has joined #dnt 16:32:26 … so ok to wait a week to see text 16:32:49 rvaneijk: would be helpful to see it written, give Mike another week 16:33:00 s/rvaneijk/walter/ 16:33:03 sorry 16:33:20 We need to reopen some last call issues that were closed because they would require a change to the API 16:33:32 didn't quite get the name of the last speaker 16:33:32 Welcome MArtin__Telekom ! 16:33:43 mschunter: issue 13, pushed one more week 16:33:57 could someone else scribe? 16:34:21 mschunter: introductions please 16:35:00 MArtin_Telekom: [getting a few words only] working with Mike to implement it for — ? 16:35:31 mschunter: Martin is the first round, was Frank, partially taking over. 16:35:43 MArtin_Telekom: well alligned with Frank 16:36:07 mschunter: one goal Martin has is content management [really unclear phone line] 16:37:14 at: eff, work on privacy badger, been following for 6-8 weeks. started work migrating features into privacy badger to make it more compatible with TPE. focused on tracking status resource and the API 16:37:32 … privacy badger checks to see if there’s a hashed version of EFF’s policy at our own well known url 16:37:43 … also check tracking status resource moving forward 16:37:55 … depends on resolution of outsanding questions in the working group 16:38:11 … our devs are working on this and won’t have a prototype for a little while 16:38:48 … will also implement consent API. users can today white list sites they’re visiting. the consent API gives us another way to deal with that, but there are still WG issues open so we’re looking for a clear spec, but we’ve started work 16:38:54 … will report back as we make progress 16:39:13 mschunter: implementors please give feedback and share ideas 16:39:44 at: understand there’s an enthusiasm to lock it down, so is the feedback all that interesting or just an implementation report? 16:40:26 mschunter: depends how serious the comments are. “this feature doesn’t work with that feature” or use cases that need new JS all valuable information about shortcomings. we’d discuss fix v. postpone. 16:40:56 … wouldn’t constrain yourself, but the smaller the change the more likely it gets into the next release. big issues are still useful, we see what we can do 16:41:01 at: right 16:41:43 q+ 16:41:44 speaker unclear: Alan and Martin are not official group members, we might make them so 16:41:51 (maybe that was Bert?) 16:42:01 … give me email address, will contact. 16:42:08 Martin Kurze (Deutsche telekom), working on DNT 16:42:08 [cross talk] 16:42:15 martin.kurze@telekom.de 16:42:47 at@eff.org 16:43:32 MArtin_Telekor: will work on joining the dlist 16:43:52 (of note, directions are on the home page for the WG) 16:44:04 for EFF, Cory has to tag Alan 16:44:19 fielding: could we do this another time and have a meeting? 16:44:20 :-) 16:44:29 mschunter: issue 2 16:44:51 walter: what will it take for an alternative compliance that piggybacks on TPE 16:45:08 … as long as the URI is an optional part of the spec, it’s forseeable there will be trouble for alt spec 16:45:41 … we have promises for certain behavior in compliance, and if the promise is an optional flag, then the promise may get ignored or 16:45:51 … would like more info to be manditory about compliance 16:46:04 Walter, I think this would work: "compliance": [ "http://wetten.overheid.nl/BWBR0009950#Hoofdstuk11_Paragraaf11.1_Artikel11.7a", "http://wetten.overheid.nl/BWBR0011468/2016-01-01", "https://www.w3.org/TR/tracking-dnt/" } 16:46:08 … would like every party to express their understanding of their role, e.g. “I’m a third party" 16:46:25 mschunter: party has to be manditory? 16:46:59 vincent__ has joined #dnt 16:47:03 … couldn’t you make the flag mandiroty by the compliance to use same party field? 16:47:11 +q 16:47:13 That would be up to the specific compliance standard the site is using 16:47:32 I would think any compliance standard can go above and beyond the TPE on what is and is not mandatory 16:47:36 walter: is it appropriate that some flags are manditory in some compliance contexts? 16:47:39 https://github.com/w3c/dnt/issues/2 16:47:47 A compliance standard would NOT be able to go lower than the TPE 16:48:10 Wileys, agreed :) 16:48:15 mschunter: not all compliance specs require all fields, but specific “if EFF, then field 5 is not optional, now required as part of EFF” 16:48:30 mikeoneill: not sure what Walter is asking about, same party array? 16:48:58 walter: several ways together. if for example the URI with the compliance spec is not manditory, how does the UA know which compliance spec is in play? 16:48:59 same party could be e.g. "same-party": [ "natuurlijkehaarkleuring.nl", "www.natuurlijkehaarkleuring.nl", "natuurlijkehaarkleuring.nl.s3-website.eu-central-1.amazonaws.com", "d3789f38w6809i.cloudfront.net" ] 16:49:13 Which is not the same as a distinction between data controller and processor... 16:49:18 … if the same party is not in use, the UA may have a different understanding of roles and causes issues 16:49:41 mikeoneill: so same party array, something the server is declairing? 16:50:08 walter: server doesn’t declare, 1st party contracts to another party to collect user data and only for the 1st party, perfectly fine in EU ePriv regs. 16:50:24 … but the UA doesn’t understand the first party role of the other party, because there is no array being used 16:50:44 mikeoneill: it’s transparency info and the UA isn’t required to look at it anyway 16:51:10 walter: even in the tech spec we say 1st and 3rd parties distinct. but your understanding of your own role is an optional party array 16:51:19 mikeoneill: issue 22 or something? 16:51:22 walter: overlaps 16:51:33 mikeoneill: example of what we want for issue 22? 16:51:51 … discuss that first? 16:52:01 … tell a server if a thrid party or not, seperate issue 16:52:04 The UA has no need to to look. The compliance requirement is on the server complying to them, not on the user agent, and might not even apply until long after the communication occurs. 16:52:36 at: under the EFF policy, more info is always better, but in terms of how we work 1st party is held responsible for ensuring compliance of their 3rd parties 16:52:58 … either technically, legally, or by design the 1st party ensures the 3rd parties are in compliance with EFF’s 16:53:13 … not that important to us what the other embedded resources believe their role to be 16:53:30 walter: merge with 22 and carry on from there? 16:54:45 mschunter: would be useful. current TPE distinguishes but if there’s no way to find out 1st or 3rd party that’s potentially dangerous. the other issue is how flexible requiring fields per compliance approach. any compliance approach can make a field manditory but not make it optional, 16:54:52 request: let’s write that into the spec then… 16:55:07 mschunter: writing use cases is a good idea, thanks for volunteering 16:55:15 … which issues next time for the agenda? 16:55:22 q+ 16:55:26 q- 16:55:32 … have 5 open issues we haven’t started, send preferences to M 16:55:44 https://github.com/w3c/dnt/issues 16:55:51 … if no feedback, chair will pick about three 16:56:29 discussion of formatting of docs on github; Roy’s working on it 16:58:28 fielding: we had comments in last call to change to shorter names but MSFT had implemented. will send a proposal to the dlist during the week 16:58:37 mschunter: need a new issue number for that 16:58:46 mikeoneill: just the names or the arch? 16:58:51 https://www.w3.org/2011/tracking-protection/track/issues/256 16:58:58 fielding: interface names only. 16:59:22 … if david is able to, maybe there are things we can cull (summarized) 16:59:38 mschunter: do we agree to do this work based on last call comments? 16:59:49 fielding: also changes to promises 16:59:57 … response to issue 256 17:00:08 mschunter: ok, on you to propose updates 17:00:13 fielding: ok 17:00:22 adjourned 17:01:04 wileys has left #dnt 17:08:07 s/martin.kurze@telekom.de// 17:08:16 s/at@eff.org// 17:08:53 scribeoptions: -final 17:09:02 RRSAgent, make minutes v2 17:09:02 I have made the request to generate http://www.w3.org/2017/03/20-dnt-minutes.html Bert 17:31:25 scribeoptions: -draft -noEmbed 17:31:27 RRSAgent, make minutes v2 17:31:27 I have made the request to generate http://www.w3.org/2017/03/20-dnt-minutes.html Bert 17:32:30 previous meeting: http://www.w3.org/2017/03/13-dnt-minutes.html 17:32:33 RRSAgent, make minutes v2 17:32:33 I have made the request to generate http://www.w3.org/2017/03/20-dnt-minutes.html Bert 18:29:29 zakim, bye 18:29:29 leaving. As of this point the attendees have been Bert, mikeoneill, fielding 18:29:29 Zakim has left #dnt 18:35:55 present+ Matthias (mschunter), Brendan, Alan Toner (at), Vincent, Rob, Shane, Aleecia, Walter, Martin Kurze 18:36:16 s/mcshunter/mschunter 18:36:20 RRSAgent, make minutes v2 18:36:20 I have made the request to generate http://www.w3.org/2017/03/20-dnt-minutes.html Bert 18:37:47 s/speaker unclear/Bert/ 18:38:07 s/(maybe that was Bert?)// 18:38:11 RRSAgent, make minutes v2 18:38:11 I have made the request to generate http://www.w3.org/2017/03/20-dnt-minutes.html Bert 18:52:07 s/mandiroty/mandatory/ 18:52:21 s/manditory/mandatory/ 18:52:23 RRSAgent, make minutes v2 18:52:23 I have made the request to generate http://www.w3.org/2017/03/20-dnt-minutes.html Bert 18:53:20 at_ has joined #dnt 19:48:21 RRSAgent, bye 19:48:21 I see no action items