Privacy Interest Group Teleconference

27 Jul 2017

See also: IRC log


npdoty, weiler, Nigel, tara, keiji, chaals, christine, wseltzer, MarkOblad, terri


<keiji> I think it opened already.

<weiler> still not working for me.

<weiler> others?

<keiji> https://mit.webex.com/mit/j.php?MTID=meda7c1b71d647aefa4377d4610c67648

<tara> Sorry, Nigel -- I had a problem this morning also.

<christine> hi are we talking about webex?

<keiji> Does this link work?

<tara> Sorry about that; I copied it from an earlier agenda but clearly something went wrong.

<christine> link?

<tara> Good to hear!

<keiji> https://mit.webex.com/mit/j.php?MTID=meda7c1b71d647aefa4377d4610c67648

<keiji> Meeting number: 648 986 475

<tara> Welcome, Nigel!

<christine> hi, joined webex

<christine> thanks nigel

<scribe> scribenick: npdoty

tara: introductions

<christine> thank you Nick!

Nigel Megitt, BBC, Chair of TTWG

<tara> Timed Text Markup Language 2 (TTML2)

<tara> Working draft: https://www.w3.org/TR/2017/WD-ttml2-20170630/

nigel: update to TTML 2, currently in Working Draft, hoping to be last working draft before Candidate Rec, seeking wide review


<nigel> TTML2 Security and Privacy section

<nigel> Draft self-review questionnaire re security and privacy

nigel: reviewed the self-review questionnaire from the TAG, not a lot of privacy issues, but does have a privacy considerations section
... external resources can be loaded (images, audio, etc.)
... unlikely to reveal anything that isn't available through some other mechanism
... merely downloading a TTML document could reveal that the person needs the information in it, likely for subtitles or captions, which provides a hint as to the user's hearing ability
... because a document format rather than API, not many privacy or security issues

<Zakim> chaals-o, you wanted to note that it reveals to the server which users appear to be using captions.

chaals-o: downloading reveals that you're using captions at all

nigel: if origin wants to track viewing habits of particular users, can do that already with different methods based on how the media is being distributed

chaals-o: how much does it really expose that the user asked for the captions file?

nigel: not very much
... not included in privacy considerations section currently

<nigel> IMSC 1.0.1 profile of TTML1

nigel: might make sense to update privacy and preference and external images to include comments from TTML1 in TTML2

chaals-o: caching might limit the amount of information revealed here

nigel: typically there is some Javascript for the control (like the subtitles button)

<Zakim> npdoty, you wanted to ask, does it reveal more than just wants-captions?

<tara> npdoty: the fact that the user hit the button at all -- reveals that they are using captions for example

<tara> npdoty: but are there other things revealed? e.g., language prefs?

<tara> npdoty: are there conditional things, like audio if I can't read, or load Russian lang version if that's my preferred lang?

<tara> NIgel: yes and no - conditionals define semantic inclusion of that content as used for presentation

<tara> Nigel: implementation *could* only load the things that it needs - if there are external resources referenced at all

<tara> Nigel: could be done on demand, or up-front. Document defines, for example, five language tracks -- implementation could fetch all of them

<tara> Nigel: or could only fetch as required

<tara> npdoty: trying to consider the potential better or worse implementations - so, on-demand, for example, would reveal more information

<tara> Npdoty: so we would highlight this as an area of privacy consideration.

<tara> nigel: we could add a note to say there is an effect depending on whether or not you use on-demand approach

<chaals-o> [By an large I think this work is good to go...]

<tara> npdoty: in TTML 1 - there is discussion of cross-origin policy; TTML 2 says this is out of scope? Is this addressed elsewhere?

<tara> npdoty: there are security considerations

<tara> Nigel: embedded content - things can be referenced or included as binary; no, looks like there is nothing about fetch semantics at all

<tara> npdoty - mostly concerned about fetching external resources

<tara> Nigel - mostly talks about *impact* of CORS rejection but not about implementation; does this need to be part of the spec or "somebody else's problem"?

<tara> npdoty: I think that other doc markup specs are being specific about how content is fetched, primarily due to these security concerns, so should work here.

<tara> npdoty: if different implementation do different things, there may be false assumptions about what is in place (like following CORS)

<tara> nigel: that is an impact of preventing loading the resource, which *is* mentioned

<tara> nigel: because there is no specified way to get the TTML doc, you can't relate to any of the resources *in* it (URIs) - seem a bit separated?

<tara> nigel: there is nothing about origin of TTML doc so how do you enforce CORS?

<Zakim> npdoty, you wanted to ask about fetch and CORS


<tara> npdoty: may want to review the fetch spec (see link) to see if relevant

<tara> npdoty: this also considers things like service workers, etc that are relevant to sec & priv

nick: mixed content might also be relevant for privacy/security

<christine> yes, thanks

nigel: completed self-review questionnaire, should we send that to anyone?

tara: mostly just useful for review

<tara> Item: PING F2F at IETF 99


christine: small group at ietf, talked about ways to improve level of engagement in Interest Group, helping other groups to do privacy reviews
... related efforts on improving security reviews
... most effective way for this group is to have these discussions with editors/chairs
... thanks for being persistent in asking group to send someone

<tara> Thanks, Sam, for your efforts!

christine: getting up to speed on Github, to do more work on privacy questionnaire
... use the mailing list for general discussion of web privacy issues that are coming up in research or news
... put together in one place the privacy considerations in current specifications, catalog of what's been done
... Niels from Article 19 expressed some interest in tools for doing that
... at next IETF, could have a web privacy hackathon, as was done last time for HTTP Status 451
... what are the privacy implications and considerations of the standard?

weiler: for IETF get-together, things that could use input from the masses, or just document work
... privacy issues in the @@ spec via device identifiers
... Web Authentication is a topic we should pay attention to

<weiler> a/@@/Web Authentication/

weiler: web privacy hackathon/meetup suggested for IETF 101 in London, March 2018 (not the next IETF, which is Singapore in November)
... TPAC, book your hotel room now!

<Zakim> weiler, you wanted to discuss other specs that may need or want privacy reviews

tara: potential meeting conflicts at TPAC

weiler: trying to recruit security reviewers based on specific requests to Web Security Interest Group
... Input Events?

npdoty: I think we did talk to Input Events

chaals: will follow up

<tara> https://www.w3.org/TR/push-api/

chaals: I think the editor already considered that feedback

<tara> https://w3c.github.io/push-api/security-privacy-questionnaire.md

<tara> https://github.com/w3c/push-api/issues/

chaals-o: we discussed Push API at a recent meeting, there were some open questions where we expected them to come back to us, but they haven't yet - as noted in a message to us a couple of days ago

npdoty: it sounds like they are waiting for feedback from us, but we're also waiting for something from Push API editors

chaals-o: do we have a way to track past reviews/feedback?

christine: if we start a good practice today, we can go back and add others

<wseltzer> PING git repository


wseltzer: other groups (like i18n) have used cross-linking of issues in github, so that other groups can see issues and discussion in progress during a review

christine: will try to learn how to do that!

August 24th for next meeting

<tara> Arbitrarily picking Aug 24

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/07/27 16:54:36 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/haven't/haven't yet - as noted in a message to us a couple of days ago/
Default Present: npdoty, weiler, Nigel, tara, keiji, chaals, christine, wseltzer, MarkOblad, terri
Present: npdoty weiler Nigel tara keiji chaals christine wseltzer MarkOblad terri
Regrets: leiba
Found ScribeNick: npdoty
Inferring Scribes: npdoty

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 27 Jul 2017
Guessing minutes URL: http://www.w3.org/2017/07/27-privacy-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]