IRC log of dnt on 2017-05-01
Timestamps are in UTC.
- 16:01:19 [RRSAgent]
- RRSAgent has joined #dnt
- 16:01:19 [RRSAgent]
- logging to http://www.w3.org/2017/05/01-dnt-irc
- 16:01:21 [trackbot]
- RRSAgent, make logs world
- 16:01:21 [Zakim]
- Zakim has joined #dnt
- 16:01:23 [trackbot]
- Zakim, this will be TRACK
- 16:01:23 [Zakim]
- ok, trackbot
- 16:01:24 [trackbot]
- Meeting: Tracking Protection Working Group Teleconference
- 16:01:24 [trackbot]
- Date: 01 May 2017
- 16:01:36 [mikeoneill]
- present+
- 16:01:46 [fielding]
- present+
- 16:01:59 [fwagner]
- fwagner has joined #dnt
- 16:02:08 [walter]
- present+
- 16:02:30 [fielding]
- present+ schunter
- 16:02:54 [walter]
- fwagner: you may want to mute
- 16:03:23 [fwagner]
- now better ?
- 16:03:41 [schunter]
- https://github.com/w3c/dnt/issues?q=is%3Aopen+is%3Aissue+milestone%3ATPE-CR-April-2017
- 16:03:43 [walter]
- now it's fielding's turn to be noisy :-)
- 16:03:53 [fwagner]
- :-)
- 16:04:30 [wileys]
- wileys has joined #dnt
- 16:04:55 [schunter]
- https://github.com/w3c/dnt/issues/13
- 16:05:46 [fielding]
- talking about "doNotTrack property should be derived from EventTarget"
- 16:06:19 [at]
- at has joined #dnt
- 16:06:43 [fielding]
- q+
- 16:06:56 [schunter]
- ack f
- 16:10:34 [walter]
- in Javascript every variable is mutable...
- 16:11:06 [fielding]
- I don't have a strong push for a function -- just a question on which is more appropriate
- 16:12:21 [dsinger]
- present+ dsinger
- 16:12:36 [schunter]
- Since the function has no parameters it indeed does not seem to make a big different.
- 16:14:09 [fielding]
- I would prefer that we have one attribute for the global default DNT setting and a separate method to retrieve the current DNT string for this document origin.
- 16:16:02 [fielding]
- dsinger: concerned about the temporal scope for the DNT value: how often do you need to check the value?
- 16:17:10 [schunter]
- q+
- 16:17:41 [wileys]
- It won’t be possible. We’ll only honor the original signal coming in the header
- 16:17:55 [wileys]
- Too difficult to continual check back and then change processing mid-stream on a page load
- 16:18:48 [fielding]
- yes, designing these features for the sake of an extension manager is different from designing them for the sake of sites trying to comply
- 16:20:04 [walter]
- The thing is, from a purely legalistic viewpoint, consent has to be withdrawable at any time
- 16:20:16 [walter]
- from a practical point, I think it is worth cutting some corners here
- 16:20:37 [wileys]
- I believe you can fairly defend completing a page load if the original header said DNT:0 and honor the DNT1 change on the next page load
- 16:20:59 [walter]
- wileys: and the other way around
- 16:21:00 [walter]
- ?
- 16:21:11 [wileys]
- Agreed
- 16:21:25 [dsinger]
- right, I can see a lifetime that lasts for the time a page is open.
- 16:21:26 [wileys]
- But trying to change mid-page seems very dificult
- 16:21:28 [walter]
- but yes, I would consider that a defensible position for web pages. For web-services it's more complicated.
- 16:22:06 [wileys]
- And we have OS controls for Apps so this isn’t needed there
- 16:22:15 [wileys]
- Just close the browser
- 16:22:34 [wileys]
- +q
- 16:23:37 [walter]
- I would support that answer
- 16:23:51 [walter]
- if you do recurring interactions through a persistent process
- 16:24:12 [walter]
- it is reasonable to check for changes in the DNT with the same frequency you have those interactions
- 16:24:25 [schunter]
- Proposal: DNT;0 lasts as long as the page lasts. If some processes have a longer life-time, they have to regularily check the DNT status and need to be able to change their behavior if the DNT value has changed.
- 16:25:20 [wileys]
- Agreed in either direct DNT 0 or 1 - basically the initial value holds true throughout the lifespan of the UA interaction with the end user
- 16:25:41 [walter]
- schunter: How about: if you do polling for web helper processes, AJAX-calls, what have you, you must poll for DNT changes too?
- 16:25:57 [fielding]
- q+
- 16:27:01 [schunter]
- ackschutner
- 16:27:03 [schunter]
- ack sch
- 16:27:22 [wileys]
- q-
- 16:27:28 [schunter]
- ack fi
- 16:27:47 [schunter]
- Corner cases: Polyfill? Web-workers?
- 16:28:44 [Brendan]
- +1 they're edge cases
- 16:29:09 [walter]
- Brendan: they're not edge cases for apps etc, but I can live with it being pushed to a later revision
- 16:29:41 [walter]
- the basic question to me is, how much of a change is it to have an event handler or a variable for that?
- 16:29:48 [schunter]
- Points I like to get a text proposal for:
- 16:29:51 [walter]
- if it is a lot, push it to a later revision
- 16:30:11 [walter]
- I can also live with it being a variable for now, and it become an event handler at a later stage
- 16:30:14 [schunter]
- 1. the initial value holds true throughout the lifespan of the UA interaction with the end user
- 16:30:18 [walter]
- that is survivable change-wise
- 16:30:22 [schunter]
- 2. Event API is fine
- 16:30:44 [schunter]
- 3. If anything lasts longer than the UA interaction/page, it need to regularily check the DNT status
- 16:32:41 [fielding]
- https://github.com/w3c/dnt/issues/9
- 16:34:51 [fielding]
- but then we have to spend a year trying to reach agreement on those definitions
- 16:35:59 [wileys]
- Why is this needed?
- 16:36:36 [wileys]
- +q
- 16:36:49 [rvaneijk]
- Google Analytics could go under Same Party, if the processor agreement was signed
- 16:37:18 [fielding]
- q+
- 16:39:44 [schunter]
- ack wil
- 16:40:32 [fielding]
- what is the user going to do with the information "this call you just made thinks you were in a first party context" given that the browser has NO IDEA whether it is making a first party or third party request. Remember, "first party" is defined by ownership and control, not domain name
- 16:40:42 [schunter]
- Parties say T or N or C
- 16:40:47 [schunter]
- Scenario 1: Widget
- 16:40:58 [schunter]
- Site says T (because 1st party)
- 16:41:08 [schunter]
- Third party says T (because it has no consent)
- 16:41:21 [schunter]
- Widget says C (because it has a direct relationship)
- 16:41:43 [schunter]
- Scenario 2: Google (1st party) was misused as a third party
- 16:41:53 [schunter]
- - Google says T (it believes it is 1st party)
- 16:42:06 [schunter]
- - Site says T because it believes it is 1st parties
- 16:43:02 [schunter]
- q?
- 16:43:07 [schunter]
- ack fi
- 16:45:30 [schunter]
- q+
- 16:47:56 [schunter]
- ack sch
- 16:50:58 [fielding]
- https://lists.w3.org/Archives/Public/public-tracking/2017Apr/0053.html
- 16:51:10 [fielding]
- Shane is talking about the above message
- 16:51:43 [walter]
- q+
- 16:53:40 [mikeoneill]
- q+
- 16:55:00 [schunter]
- ack w
- 16:55:01 [fielding]
- Thinking of this from the site implementation perspective (AEM), I think it is very unlikely that enterprises want browsers to differ in their processing of site elements based on an invisible list found within the TSR of a live site.
- 16:55:54 [wileys]
- Again - this conversation is outside the scope of the DNT signal (Privacy Badger, AdBlock Plus, etc.)
- 16:55:54 [schunter]
- Requirement 1 "truthful reporting": If a user-granted exception is present, then browsers should tell the site what third parties received DNT;1 (or were blocked or otherwise hindered).
- 16:56:31 [fielding]
- Keep in mind that tools like AEM already contain management of links that prevent unintended subresources being inserted in any page.
- 16:56:35 [schunter]
- Requirement 2 "blocking unauthorized third parties": Blocking all third parties not in the list.
- 16:57:11 [schunter]
- Discussion: If a publisher has a site-wide exception, is the UA allowed to send some third parties DNT;1
- 16:59:35 [wileys]
- The tech spec already defines what a site-wide exception means
- 16:59:45 [fielding]
- I don't understand. We don't have "reciprocal transparency" now, nor are we likely to get it soon given that browsers would consider it to be a privacy violation.
- 17:00:16 [schunter]
- q?
- 17:00:19 [schunter]
- ack mi
- 17:00:52 [wileys]
- Says the person who just interrupted the conversation
- 17:01:20 [wileys]
- Disagree - we’re discussing UGE - not OOBC
- 17:01:54 [wileys]
- This should not change
- 17:02:23 [wileys]
- Next week it is…
- 17:02:33 [wileys]
- wileys has left #dnt
- 17:02:34 [walter]
- wileys: sorry if that went too far
- 17:03:26 [fielding]
- Zakim, list attendees
- 17:03:26 [Zakim]
- As of this point the attendees have been mikeoneill, fielding, walter, schunter, dsinger
- 17:04:08 [fielding]
- present+ wileys
- 17:05:01 [fielding]
- present+ rvaneijk
- 17:06:27 [fielding]
- present+ fwagner, Brendan
- 17:06:33 [fielding]
- Zakim, list attendees
- 17:06:33 [Zakim]
- As of this point the attendees have been mikeoneill, fielding, walter, schunter, dsinger, wileys, rvaneijk, fwagner, Brendan
- 17:07:14 [fielding]
- trackbot, end meeting
- 17:07:14 [trackbot]
- Zakim, list attendees
- 17:07:14 [Zakim]
- As of this point the attendees have been mikeoneill, fielding, walter, schunter, dsinger, wileys, rvaneijk, fwagner, Brendan
- 17:07:22 [trackbot]
- RRSAgent, please draft minutes
- 17:07:22 [RRSAgent]
- I have made the request to generate http://www.w3.org/2017/05/01-dnt-minutes.html trackbot
- 17:07:23 [trackbot]
- RRSAgent, bye
- 17:07:23 [RRSAgent]
- I see no action items