IRC log of dnt on 2017-05-01

Timestamps are in UTC.

16:01:19 [RRSAgent]
RRSAgent has joined #dnt
16:01:19 [RRSAgent]
logging to http://www.w3.org/2017/05/01-dnt-irc
16:01:21 [trackbot]
RRSAgent, make logs world
16:01:21 [Zakim]
Zakim has joined #dnt
16:01:23 [trackbot]
Zakim, this will be TRACK
16:01:23 [Zakim]
ok, trackbot
16:01:24 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
16:01:24 [trackbot]
Date: 01 May 2017
16:01:36 [mikeoneill]
present+
16:01:46 [fielding]
present+
16:01:59 [fwagner]
fwagner has joined #dnt
16:02:08 [walter]
present+
16:02:30 [fielding]
present+ schunter
16:02:54 [walter]
fwagner: you may want to mute
16:03:23 [fwagner]
now better ?
16:03:41 [schunter]
https://github.com/w3c/dnt/issues?q=is%3Aopen+is%3Aissue+milestone%3ATPE-CR-April-2017
16:03:43 [walter]
now it's fielding's turn to be noisy :-)
16:03:53 [fwagner]
:-)
16:04:30 [wileys]
wileys has joined #dnt
16:04:55 [schunter]
https://github.com/w3c/dnt/issues/13
16:05:46 [fielding]
talking about "doNotTrack property should be derived from EventTarget"
16:06:19 [at]
at has joined #dnt
16:06:43 [fielding]
q+
16:06:56 [schunter]
ack f
16:10:34 [walter]
in Javascript every variable is mutable...
16:11:06 [fielding]
I don't have a strong push for a function -- just a question on which is more appropriate
16:12:21 [dsinger]
present+ dsinger
16:12:36 [schunter]
Since the function has no parameters it indeed does not seem to make a big different.
16:14:09 [fielding]
I would prefer that we have one attribute for the global default DNT setting and a separate method to retrieve the current DNT string for this document origin.
16:16:02 [fielding]
dsinger: concerned about the temporal scope for the DNT value: how often do you need to check the value?
16:17:10 [schunter]
q+
16:17:41 [wileys]
It won’t be possible. We’ll only honor the original signal coming in the header
16:17:55 [wileys]
Too difficult to continual check back and then change processing mid-stream on a page load
16:18:48 [fielding]
yes, designing these features for the sake of an extension manager is different from designing them for the sake of sites trying to comply
16:20:04 [walter]
The thing is, from a purely legalistic viewpoint, consent has to be withdrawable at any time
16:20:16 [walter]
from a practical point, I think it is worth cutting some corners here
16:20:37 [wileys]
I believe you can fairly defend completing a page load if the original header said DNT:0 and honor the DNT1 change on the next page load
16:20:59 [walter]
wileys: and the other way around
16:21:00 [walter]
?
16:21:11 [wileys]
Agreed
16:21:25 [dsinger]
right, I can see a lifetime that lasts for the time a page is open.
16:21:26 [wileys]
But trying to change mid-page seems very dificult
16:21:28 [walter]
but yes, I would consider that a defensible position for web pages. For web-services it's more complicated.
16:22:06 [wileys]
And we have OS controls for Apps so this isn’t needed there
16:22:15 [wileys]
Just close the browser
16:22:34 [wileys]
+q
16:23:37 [walter]
I would support that answer
16:23:51 [walter]
if you do recurring interactions through a persistent process
16:24:12 [walter]
it is reasonable to check for changes in the DNT with the same frequency you have those interactions
16:24:25 [schunter]
Proposal: DNT;0 lasts as long as the page lasts. If some processes have a longer life-time, they have to regularily check the DNT status and need to be able to change their behavior if the DNT value has changed.
16:25:20 [wileys]
Agreed in either direct DNT 0 or 1 - basically the initial value holds true throughout the lifespan of the UA interaction with the end user
16:25:41 [walter]
schunter: How about: if you do polling for web helper processes, AJAX-calls, what have you, you must poll for DNT changes too?
16:25:57 [fielding]
q+
16:27:01 [schunter]
ackschutner
16:27:03 [schunter]
ack sch
16:27:22 [wileys]
q-
16:27:28 [schunter]
ack fi
16:27:47 [schunter]
Corner cases: Polyfill? Web-workers?
16:28:44 [Brendan]
+1 they're edge cases
16:29:09 [walter]
Brendan: they're not edge cases for apps etc, but I can live with it being pushed to a later revision
16:29:41 [walter]
the basic question to me is, how much of a change is it to have an event handler or a variable for that?
16:29:48 [schunter]
Points I like to get a text proposal for:
16:29:51 [walter]
if it is a lot, push it to a later revision
16:30:11 [walter]
I can also live with it being a variable for now, and it become an event handler at a later stage
16:30:14 [schunter]
1. the initial value holds true throughout the lifespan of the UA interaction with the end user
16:30:18 [walter]
that is survivable change-wise
16:30:22 [schunter]
2. Event API is fine
16:30:44 [schunter]
3. If anything lasts longer than the UA interaction/page, it need to regularily check the DNT status
16:32:41 [fielding]
https://github.com/w3c/dnt/issues/9
16:34:51 [fielding]
but then we have to spend a year trying to reach agreement on those definitions
16:35:59 [wileys]
Why is this needed?
16:36:36 [wileys]
+q
16:36:49 [rvaneijk]
Google Analytics could go under Same Party, if the processor agreement was signed
16:37:18 [fielding]
q+
16:39:44 [schunter]
ack wil
16:40:32 [fielding]
what is the user going to do with the information "this call you just made thinks you were in a first party context" given that the browser has NO IDEA whether it is making a first party or third party request. Remember, "first party" is defined by ownership and control, not domain name
16:40:42 [schunter]
Parties say T or N or C
16:40:47 [schunter]
Scenario 1: Widget
16:40:58 [schunter]
Site says T (because 1st party)
16:41:08 [schunter]
Third party says T (because it has no consent)
16:41:21 [schunter]
Widget says C (because it has a direct relationship)
16:41:43 [schunter]
Scenario 2: Google (1st party) was misused as a third party
16:41:53 [schunter]
- Google says T (it believes it is 1st party)
16:42:06 [schunter]
- Site says T because it believes it is 1st parties
16:43:02 [schunter]
q?
16:43:07 [schunter]
ack fi
16:45:30 [schunter]
q+
16:47:56 [schunter]
ack sch
16:50:58 [fielding]
https://lists.w3.org/Archives/Public/public-tracking/2017Apr/0053.html
16:51:10 [fielding]
Shane is talking about the above message
16:51:43 [walter]
q+
16:53:40 [mikeoneill]
q+
16:55:00 [schunter]
ack w
16:55:01 [fielding]
Thinking of this from the site implementation perspective (AEM), I think it is very unlikely that enterprises want browsers to differ in their processing of site elements based on an invisible list found within the TSR of a live site.
16:55:54 [wileys]
Again - this conversation is outside the scope of the DNT signal (Privacy Badger, AdBlock Plus, etc.)
16:55:54 [schunter]
Requirement 1 "truthful reporting": If a user-granted exception is present, then browsers should tell the site what third parties received DNT;1 (or were blocked or otherwise hindered).
16:56:31 [fielding]
Keep in mind that tools like AEM already contain management of links that prevent unintended subresources being inserted in any page.
16:56:35 [schunter]
Requirement 2 "blocking unauthorized third parties": Blocking all third parties not in the list.
16:57:11 [schunter]
Discussion: If a publisher has a site-wide exception, is the UA allowed to send some third parties DNT;1
16:59:35 [wileys]
The tech spec already defines what a site-wide exception means
16:59:45 [fielding]
I don't understand. We don't have "reciprocal transparency" now, nor are we likely to get it soon given that browsers would consider it to be a privacy violation.
17:00:16 [schunter]
q?
17:00:19 [schunter]
ack mi
17:00:52 [wileys]
Says the person who just interrupted the conversation
17:01:20 [wileys]
Disagree - we’re discussing UGE - not OOBC
17:01:54 [wileys]
This should not change
17:02:23 [wileys]
Next week it is…
17:02:33 [wileys]
wileys has left #dnt
17:02:34 [walter]
wileys: sorry if that went too far
17:03:26 [fielding]
Zakim, list attendees
17:03:26 [Zakim]
As of this point the attendees have been mikeoneill, fielding, walter, schunter, dsinger
17:04:08 [fielding]
present+ wileys
17:05:01 [fielding]
present+ rvaneijk
17:06:27 [fielding]
present+ fwagner, Brendan
17:06:33 [fielding]
Zakim, list attendees
17:06:33 [Zakim]
As of this point the attendees have been mikeoneill, fielding, walter, schunter, dsinger, wileys, rvaneijk, fwagner, Brendan
17:07:14 [fielding]
trackbot, end meeting
17:07:14 [trackbot]
Zakim, list attendees
17:07:14 [Zakim]
As of this point the attendees have been mikeoneill, fielding, walter, schunter, dsinger, wileys, rvaneijk, fwagner, Brendan
17:07:22 [trackbot]
RRSAgent, please draft minutes
17:07:22 [RRSAgent]
I have made the request to generate http://www.w3.org/2017/05/01-dnt-minutes.html trackbot
17:07:23 [trackbot]
RRSAgent, bye
17:07:23 [RRSAgent]
I see no action items