Giving people a few moments to join/reconnect
Sorry chaals!
https://lists.w3.org/Archives/Public/public-privacy/2018AprJun/0026.html
"We would appreciate your feedback no later than Friday 25th May 2018. "
<npdoty> GDPR Day?
christine: is it premature to do review at this stage - WHATWG in parallel?
chaals: no, from my view, it's
not premature
... is advantageous to get views from privacy group
<christine> ack chaals, thanks
<npdoty> the ping attribute is back again?
chaals: yes it is
<christine> question re particular aspects we should look at in spec
<christine> thanks chaals
chaals: yes, going through history would be helpful. Tried to mark issues for privacy.
<wseltzer> [there will be lots of discussion of how W3C and WHATWG work together at next week's Advisory Committee meeting.]
<chaals> ✓&q=is%3Aissue+label%3Aprivacy+ privacy related issues for HTML
<Zakim> chaals, you wanted to discuss from perspective of an HTML chair
<npdoty> I actually think Github issues labeled privacy can be tracked fairly easily across the organization
<npdoty> wseltzer: premature to review as it would be most useful to figure out a unified version or review content that will be present in both, and some unified work process is under discussion
christine: suggests we restart summaries of calls; will send out request to review issues in the spec
<npdoty> christine: group is looking for privacy review of the spec, with particular issues to be looked at, like the ping attribute
christine: npdoty noted the ping attribute was back, for example
<npdoty> ... might be worthwhile, npdoty, to at least raise any questions about the ping attribute
<chaals> [That seems like a sensible approach]
npdoty: seems like that would not be wasted work
Proposed Charter for the Devices and Sensors Working Group (Call for Review)
https://w3c.github.io/dap-charter/DeviceAPICharter.html
sweiler: sensors have been a challenge for privacy
This draft doesn't have low-level/raw protocols
If you want to comment on scoping, now would be a good time to give input
christine: ideally, would be good to standardize if we can agree on APIs.
Trick is to find way to help group to include privacy in their design
weiler: if there are words to put in charter that could be helpful...suggestions would be good
npdoty: I can't imagine we would say work *can't* be in scope?
<christine> also question re geolocation
weiler: some of these might end up being discussed in Permissions workshop
how do we prompt/remind users; updated threat landscape
chaals: not a question about what we put into charter, has standard lang including privacy
But more useful to have privacy person keeping an eye on things as they progress
We know the APIs are already out there and running, so getting early discussion seems valuable
christine: where are we on geolocation?
<npdoty> "simple and consensual APIs" -- what makes an API consensual?
Last year (?) there was some discussion about geoloc API and whether to make second version of spec
That included a requirement to transmit geoloc info encrypted
<npdoty> that the API be available only in Secure Contexts
But this wasn't adopted b/c of concerns of existing implementations
npdoty: I think that new API says
"Secure Contexts" only
... unsure whether old API would be deprecated or not
Comments by 25 May
Status: WD: Pointer Events Level 2 (Call for Wide Review)
https://www.w3.org/TR/pointerevents2/
novak: in review of the spec, one
or two issues to highlight
... identifiers for pointer events/structure & lifetime not
well-defined
item that was resolved/flagged -- some of the devices that send pointer events send highly-granular data
Might be able to detect things like assistive tech; can de-res data for privacy but need to balance utility
Similar to sensors work -- earlier engagement better, but we ended up in good place
npdoty: did we get mitigations?
novak: let me take a look through the thread; there may be mitigations not included in spec
Will go back through chain to confirm
<npdoty> I do see one sentence on mitigation in the editor's draft
christine: first - thanks to Jason for looking at this, moving it forward
<npdoty> +1, cheers to jnovak
Yup, +1
`Accept-CH` header
https://lists.w3.org/Archives/Public/public-privacy/2018AprJun/0004.html
Client-Hints draft
https://github.com/w3ctag/design-reviews/issues/206#issuecomment-379422513
npdoty: maybe we should be looking at different type of Client Hints in *different* specs, not just this one
<chaals> navigator.cpu proposal in WICG
Specs that include things like memory on device, CPU -- device details -- that may be sensitive
<jnovak> re: pointer events, it looks like the S&P consideration section got dropped between the April 4th and May 10th versions of the doc; I'll follow up with them on emial
<npdoty> https://wicg.github.io/netinfo/
<npdoty> https://w3c.github.io/device-memory/
christine - will reach out to npdoty to try to get folks to take on review work
Web privacy research presentations 6. AOB
Planning to get some research presentations going as a series
Have contacted Princeton lab; looking for suggestions always!
Will invite others to attend - is open to community
npdoty: can we have at in-person?
Tara supports this whenever it would work well
<chaals> [FWIW a personal perspective on TPAC is that if you did something there that was a presentation of research, I would read the minutes in preference to attending. But I have a lot of things to get done at TPAC, I am not sure if that is the case for most people]
AOB?
<jnovak> some possible sources for talks in addition to Princeton: https://seclab.cs.washington.edu (they did the AdInt work while back), Mike West to talk about deprecating non securely delivered cookies https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/r0UBdUAyrLk
<npdoty> PLSC is May 31st, but otherwise I have no conflicts
<npdoty> June 7?
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/is deprecated/would be deprecated/ Present: npdoty tara shivan wseltzer chaals weiler jnovak No ScribeNick specified. Guessing ScribeNick: tara Inferring Scribes: tara WARNING: No "Topic:" lines found. WARNING: No meeting title found! You should specify the meeting title like this: <dbooth> Meeting: Weekly Baking Club Meeting Agenda: https://lists.w3.org/Archives/Public/public-privacy/2018AprJun/0029.html WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option. WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]