W3C

- DRAFT -

Privacy Interest Group Teleconference

02 Nov 2017

Attendees

Present
npdoty, weiler, jnovak, keiji, NigelMegitt, runnegar, tara, Pierre-AnthonyLemieux, LCPolan, Alexander_Shalamov, mary, jason
Regrets
Chair
SV_MEETING_CHAIR
Scribe
christine

Contents


hi. I seem to have trouble joining Webex.

password issue apparently

thanks

<tara> We're trying to work it out, thanks folks...

e' voila! thanks

<tara> Hm my browser is giving me trouble, back shortly...

<nigel> IMSC 1.1 FPWD

update of an existing spec - a profile of the time text markup language - scoped for subtitles and captions for web mdeia

media

IMSC1 is already a rec

recently updated privacy and security considerations

doc format and specifies processor format

text profile (text to be rendered) and image profile (refers to offline resources to be fetched, images

that scope is important - no scripting is involved

biggested area of possible privacy considerations - the very fact that the document has been requested - hint/guess that user has difficulties hearing audio

but could be translation subtitles - so could conclude a language user does not understand

fetching images - could hint about user's consumption of that media

some constraints with XML

<Zakim> npdoty, you wanted to comment on purpose of images for subtitles

nick - thanks for overview - see external images mentioned in privacy and security considerations section

what is the purpose of downloading external images for subtitles?

answer - when client-side rendering could not achieve goal - allows server-side rendering - introduced in IMSC 1 - for foreign languages with complex rendering

not just for fonts and styles that might exist - where precise authorial control is needed, eg. subtitles in Avatar that speaks the language - need image based subtitles

recommendation is to have a back-up text tracker every time an image based is made available

maps to HLS or DASH - manifest with multiple alternative tracks for a language

client decides what to pick

nick - in security and privacy section - some user agents that do not enforce cross-origin policies - not sure what that refers to

answer - not all IMSC agents are user agents as defined by W3C, e.g. TV with embedded processor - unknown whether they have same or different seucrity policies

use case might be - create a subtitle track for distribution by a third party, a netizen, eg. distribute out by did not realise makes image requests to another unkonwn party who is collecting inof about consumption based on requedst

nick - can see privacy issue - not sure how cross-origin serves here

answer - ... cross-origin issue

nick - are there user agents that would refuse to load images from different origins

answ - I believe the answer is yes

nick - interesting, new info for us

ans - thought that was standard behaviour

nick - a little more detailed - most websites today include images from other origins, web browsers support that without specifying cross-origin to get images

details about whether javascript on original site can access what was loaded cross-origin, maybe someone who knows COSP better could say

yes, a privacy issue what you have described

with CSP could say doesn't include - browser should only load images from this origin

maybe we need to document what is expected to happen with CSP if it prohibited loading those images

do you want to specify that in the spec?

answer - we don't mandate anything to do with fetching at the moment - would be a whole new area for the spec - merely a reference

nick - maybe clarify language in the privacy and security considerations section - will have to think about that more

answer - UA that do inforce user cross origin security policy may prevent images being loaded, maybe could add something

may be any reasons why images do not load (note)

may be many reasons

tara - do you have what you need?

answer - i think so

tara - deadlines?

<npdoty> nigel or pierre, is there a mailing list or github issue list where we could iterate on text suggestions?

answer - just published as a public working draft, still have quite a bit of work, time to make comments

correction - in CR - want to move as quickly as possible

(yesterday, if something blocking)

<nigel> IMSC Github Repo

git repo

ask for nick to file that issue

nick - sure

thanks nigel and pierre

agenda item 2 - sensors

tara - lots of sensors review - may go through to TPAC on that

alexander

<keiji> scribe: christine

one request for review is related to security and privacy - defined some security mitigation strategies and attack vectors we consider important to address

<shalamov> https://w3c.github.io/sensors/#security-and-privacy

answered security and privacy questionnnaure

<tara> https://github.com/w3c/sensors/blob/master/security-questionnaire.md

(see links above)

<shalamov> https://docs.google.com/document/d/1Ml65ZdW5AgIsZTszk4mD_ohr40pcrdVFOIf0ZtWxDv0/edit#heading=h.lmg4m6asf9b4

<shalamov> https://docs.google.com/document/d/1XThujZ2VJm0z0Gon1zbFkYhYo6K8nMxJjxNJ3wk9KHo/edit#heading=h.8ohbmnslykp8

looking for privacy feedback and improvements - in WD - developers are trying and giving feedback

open to questions

api to give access to sensors

data is security and privacy sensitive information (e.g. could be used to skim pin codes)

also to identify whether male or female speaker, and some parts of the conversation

user location

some mitigations, reducing accuracy of data, constraints of context, ... if click outside the website or outside iframe, stop sensors

integrations api for permissions

(scribe apologies, line quality not optimal)

scribe: details of mitigations

nick - thanks for the overview - you mentioned the permissions API and the feature policy spec

potentially a lot of things could be included in those references - what feature policy or permissions for sensors

answer - for V2 - features policy integration planned

some use iframe - use motion sensors - for those use cases, plan to use features policy

nick - for permissions API, a requirement for explicit permission for each sensor, or?

answer - UA must use permissions API - but UI is not specified anywhere - in Chrome given by default for gryo, acc, ..

still under discussion

nick - UA decide on a case by case basis?

answer - right now not clearly defined, still in progress

nick - a little harder to assess the privacy implcations of the sensors if not specified if user is involved in granting permission

answer - something beyond asking users to grant, e.g. for ambient light if reduce accuracy less can probably safely expose and privacy implications reduced

maybe in that case don't need to show any pop-ups, but maybe for other data it is required

nick - will those requirements be in the spec?

answer - should be handle by research team - what are safe limits for the sensors

nick - thanks for the context

<Zakim> weiler, you wanted to announce permissions breakout session at TPAC

<npdoty> I think there are going to be real questions about interoperability, user expectations when permissions for sensors can be implemented in such variable and unspecified ways

sam - breakout session at TPAC on Wed - on permissions and user consent - looking at these sorts of questions

<npdoty> +1, it would definitely benefit from some breakout conversation

tara - continue next week

<npdoty> will the WG be meeting at TPAC? or discuss at the PING meeting?

alexander - unfortunately cannot go to TPAC, but other will be there and could discuss these areas

tara - thanks for joining us and looking forward to future collaboration

agenda item 3 - TPAC

tara - agenda is in the processing of being finalised - several open reviews

trying to coordination with availability of other WGs

meeting on Thursday - SING is not meeting - open invitation from that group to join PING

net info api?

nick - not sure if group is meeting at TPAC, or discuss at PING

tara - ongoing work from automotive

also possibility of adding that in as well

webappssec - currently don't have any particular item, but waiting to hear

will not be short of things to do!

invitation to add agenda items to TPAC

nick - time to visit other groups in their own scheduled meeting times, either to discuss privacy or learn about their specs

has someone had a chance to go through the schedules?

will try to drop into other groups

tara - share thoughts on mailing list

sam - webauthentication is still working on agenda but they have some interesting privacy challenges

try joint meeting (1/2 hour)

christine will not be able to be at TPAC

tara - see everyone at TPAC

will be remote participation and IRC

thanks, all for agenda today

keiji - a request from verifiable claim WG - want input from PING

(reminder)

at TPAC

<npdoty> Web Payments has privacy-specific agenda items for Tuesday at TPAC

tara - ack

<npdoty> what is Verifiable Claims?

not available friday

(tara)

AOB?

<weiler> thank you!

see everyone at TPAC, ciao

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/11/02 17:01:46 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/hostkey; 830222//
Succeeded: s/PINGMM//
Present: npdoty weiler jnovak keiji NigelMegitt runnegar tara Pierre-AnthonyLemieux LCPolan Alexander_Shalamov mary jason
Found Scribe: christine
Inferring ScribeNick: christine

WARNING: No "Topic:" lines found.


WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 02 Nov 2017
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)


[End of scribe.perl diagnostic output]