W3C

- DRAFT -

SV_MEETING_TITLE

10 May 2018

Agenda

Attendees

Present
npdoty, tara, shivan, wseltzer, chaals, weiler, jnovak
Regrets
Chair
SV_MEETING_CHAIR
Scribe
tara

Contents

Giving people a few moments to join/reconnect

Sorry chaals!


. Request Privacy review of HTML5.3

https://lists.w3.org/Archives/Public/public-privacy/2018AprJun/0026.html

"We would appreciate your feedback no later than Friday 25th May 2018. "

<npdoty> GDPR Day?

christine: is it premature to do review at this stage - WHATWG in parallel?

chaals: no, from my view, it's not premature
... is advantageous to get views from privacy group

<christine> ack chaals, thanks

<npdoty> the ping attribute is back again?

chaals: yes it is

<christine> question re particular aspects we should look at in spec

<christine> thanks chaals

chaals: yes, going through history would be helpful. Tried to mark issues for privacy.

<wseltzer> [there will be lots of discussion of how W3C and WHATWG work together at next week's Advisory Committee meeting.]

<chaals> ✓&q=is%3Aissue+label%3Aprivacy+ privacy related issues for HTML

<Zakim> chaals, you wanted to discuss from perspective of an HTML chair

<npdoty> I actually think Github issues labeled privacy can be tracked fairly easily across the organization

<npdoty> wseltzer: premature to review as it would be most useful to figure out a unified version or review content that will be present in both, and some unified work process is under discussion

christine: suggests we restart summaries of calls; will send out request to review issues in the spec

<npdoty> christine: group is looking for privacy review of the spec, with particular issues to be looked at, like the ping attribute

christine: npdoty noted the ping attribute was back, for example

<npdoty> ... might be worthwhile, npdoty, to at least raise any questions about the ping attribute

<chaals> [That seems like a sensible approach]

npdoty: seems like that would not be wasted work

Proposed Charter for the Devices and Sensors Working Group (Call for Review)

https://w3c.github.io/dap-charter/DeviceAPICharter.html

sweiler: sensors have been a challenge for privacy

This draft doesn't have low-level/raw protocols

If you want to comment on scoping, now would be a good time to give input

christine: ideally, would be good to standardize if we can agree on APIs.

Trick is to find way to help group to include privacy in their design

weiler: if there are words to put in charter that could be helpful...suggestions would be good

npdoty: I can't imagine we would say work *can't* be in scope?

<christine> also question re geolocation

weiler: some of these might end up being discussed in Permissions workshop

how do we prompt/remind users; updated threat landscape

chaals: not a question about what we put into charter, has standard lang including privacy

But more useful to have privacy person keeping an eye on things as they progress

We know the APIs are already out there and running, so getting early discussion seems valuable

christine: where are we on geolocation?

<npdoty> "simple and consensual APIs" -- what makes an API consensual?

Last year (?) there was some discussion about geoloc API and whether to make second version of spec

That included a requirement to transmit geoloc info encrypted

<npdoty> that the API be available only in Secure Contexts

But this wasn't adopted b/c of concerns of existing implementations

npdoty: I think that new API says "Secure Contexts" only
... unsure whether old API would be deprecated or not

Comments by 25 May

Status: WD: Pointer Events Level 2 (Call for Wide Review)

https://www.w3.org/TR/pointerevents2/

novak: in review of the spec, one or two issues to highlight
... identifiers for pointer events/structure & lifetime not well-defined

item that was resolved/flagged -- some of the devices that send pointer events send highly-granular data

Might be able to detect things like assistive tech; can de-res data for privacy but need to balance utility

Similar to sensors work -- earlier engagement better, but we ended up in good place

npdoty: did we get mitigations?

novak: let me take a look through the thread; there may be mitigations not included in spec

Will go back through chain to confirm

<npdoty> I do see one sentence on mitigation in the editor's draft

christine: first - thanks to Jason for looking at this, moving it forward

<npdoty> +1, cheers to jnovak

Yup, +1

`Accept-CH` header

https://lists.w3.org/Archives/Public/public-privacy/2018AprJun/0004.html

Client-Hints draft

https://github.com/w3ctag/design-reviews/issues/206#issuecomment-379422513

npdoty: maybe we should be looking at different type of Client Hints in *different* specs, not just this one

<chaals> navigator.cpu proposal in WICG

Specs that include things like memory on device, CPU -- device details -- that may be sensitive

<jnovak> re: pointer events, it looks like the S&P consideration section got dropped between the April 4th and May 10th versions of the doc; I'll follow up with them on emial

<npdoty> https://wicg.github.io/netinfo/

<npdoty> https://w3c.github.io/device-memory/

christine - will reach out to npdoty to try to get folks to take on review work

Web privacy research presentations 6. AOB

Planning to get some research presentations going as a series

Have contacted Princeton lab; looking for suggestions always!

Will invite others to attend - is open to community

npdoty: can we have at in-person?

Tara supports this whenever it would work well

<chaals> [FWIW a personal perspective on TPAC is that if you did something there that was a presentation of research, I would read the minutes in preference to attending. But I have a lot of things to get done at TPAC, I am not sure if that is the case for most people]

AOB?

<jnovak> some possible sources for talks in addition to Princeton: https://seclab.cs.washington.edu (they did the AdInt work while back), Mike West to talk about deprecating non securely delivered cookies https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/r0UBdUAyrLk

<npdoty> PLSC is May 31st, but otherwise I have no conflicts

<npdoty> June 7?

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2018/05/10 16:47:49 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/is deprecated/would be deprecated/
Present: npdoty tara shivan wseltzer chaals weiler jnovak
No ScribeNick specified.  Guessing ScribeNick: tara
Inferring Scribes: tara

WARNING: No "Topic:" lines found.


WARNING: No meeting title found!
You should specify the meeting title like this:
<dbooth> Meeting: Weekly Baking Club Meeting

Agenda: https://lists.w3.org/Archives/Public/public-privacy/2018AprJun/0029.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]