W3C

- DRAFT -

Privacy Interest Group Teleconference

06 Dec 2018

Attendees

Present
plh, weiler, npdoty, tara, moneill, christine, pranjal, jnovak, brentz, SergeyKanzhelev, DavidC, PeteSnyder, wseltzer, pes, BennettCyphers, StevenEnglehardt, Arthur, runnegar, Hannah
Regrets
Chair
SV_MEETING_CHAIR
Scribe
tara

Contents


<weiler> present=

Update from pes:

Status from last priv mode call: general agreement on having doc for standard "priv browsing mode"

Ques: should this be advertised explicitly (like DNT) or better to be passivelty learnable based on how endpoints behave

Adv for publishing: could give guidance on expectations for what priv browsing mode might be

Common subset of behaviors across browsers

Webdev could target things for PrivBrowMode

No document yet, is planning

weiler: this group likely in support of notion of publishing this; we can start it within PING

(No objections from group)

Text writers?

moneill; pes;

<moneill> +q

moneill: I argue against broadcasting this mode; I don't think there should be a header signal -- encourages sites to go out of that mode on the site

(e.g.. Boston Globe)

<npdoty> those existing examples are cases where there isn’t a header signal, but the sites are already choosing to detect and respond

moneill: no inhibiting of tracking in that case

novak: I think plan is not to standardize PrivMode behavior itself
... more to say "there is a thing called PrivBrow -- browsers may change what they do in that mode"
... from last call: sites already have detection for this today; given the set of tradeoffs...browsers will change behavior of APIs..shouldn't sites know that so they can respond accordingly

moneill: but what if they do not respond appropriately? I would like to see "privacy mode" be a thing people could use (e.g., time-limited cookies)

novak: when I say "sites respond", I don't mean changing cookie policy, etc. Maybe this should be called "API breakage mode"

Browser is changing from usual mode, trying to communicate this

pes: sounds right, need some discussion of what the goals are for API

<wseltzer> +1 to punt on the signaling of mode

pes: we can likely punt this

<npdoty> +1 to documenting the arguments and moving on

<weiler> a?

pes: we are not trying to define what browsers do in PrivBrowMode
... goal: all browsers have this mode; users have privacy goals; browsers may do this differently
... browsers could have common subset of behaviors; web developers could break fewer things in that mode

weiler: might want to wait on any kind of signal -- first need to look at the space

<Zakim> npdoty, you wanted to look at interaction with controls that aren’t all-or-nothing private mode

npdoty: I agree that the signal is not the most important bit
... are we talking about singular mode? Might not be binary -- in mode or out of it.

But there may be other modes: in mode all the time; container mode; change according to user's threat model

Users might want privacy from network, or on device, or from specific site...

There is going to be a lot of interaction with other specs to take into account

<moneill> +q

User might want different controls at different times -- see mnot's document

Not one mode for all privacy

moneill: too many things being rolled into one concept. Difference between knowing devices-specific activity & web tracking is large.
... we might try to get consensus about what we are talking about

<npdoty> draft doc from mnot, regarding site data controls, local data controls and network data controls https://gist.github.com/mnot/96440a5ca74fcf328d23

weiler: what do you think about different modes?

(for pes)

pes: splitting it out makes it hard to standardize; would like to punt on the flag for now

<npdoty> Firefox Containers is not binary, for what it’s worth, and the binary modes of other browsers all do different things from one another

<pes> +q

runnegar: pes said currently implementations are binary now -- people from public interest community might be interested in testing these ideas in the wild

There was a DuckDuckGo study recently

<wseltzer> https://spreadprivacy.com/google-filter-bubble-study/

Pes: goal is not to say "this is what browsers should do in PBM" -- it is to say that browsers have a mode and here is how one should respond to it

<wseltzer> ^ DuckDuckGo study

<pes> +q

weiler: we need not include public interest community testing in the doc; they can play with it anyhow
... restating scope: want to document roughly what PBM is, without standardizing it, so other specs can suggest how they could operate differently when browser in is that mode which may be different.

We are not mandating a signal, not ruling it out but not leading on that either.

moneill: so, write down what we have at the moment, what browsers do (by and large)?

pes: no -- not what I think, that's documented.
... my goal: browsers want to protect privacy in different ways, but there isn't much commonality
... want doc -- saying users want privacy, some modes break standards/functionality to provide this

<moneill> +q

pes: so can we find a way to address this

weiler: so, maybe we need to see this written down?

(for clarity)

moneill: I am opposed to the idea that users have to initiate/take effort to go into private mode
... but there are special characteristics of the mode, which someone might decide they want is "extra" beyond baseline

<npdoty> whether it’s a mode or not, it might be useful for specs to be able to handle behavior when data is ephemeral or cross-origin communication is limited

moneill: such as prematurely-aged cookies. Am worried that this sets things up as "privacy as exception"

wseltzer: on my Internet, privacy is not expected! But want to allow this as possibility for users, what they can attain.

(not expected as default)

Philosophical discussion (cultural differences, etc) not likely to be resolved here, don't need to to progress this effort

weiler: want to encourage folks to go and write

pes: I am happy to write up first version of this; this is not first effort, from what I can tell
... any links that I can use?

(mnot link in IRC)

moneill: would be good to have doc to use to start debate

<scribe> New folks?

Bennett: I wanted to listen; planning to attend more regularly

Org? From EFF, developer on Privacy Badger

Hannah: with CDT, working with Joe Hall, new to calls, planning to be regular attendee

Steve E: from Mozilla, seemed like interesting topic, will figure out how to contribute

weiler: next call is Dec 20. Often we do privacy reviews on calls, as group; everybody here welcome to participate

<Zakim> christine, you wanted to discuss scheduling a call for people in different time zone (e.g. Mark N)

Let us know how we can help you!

runnegar: would like mnot to also participate but timezone was impossible; can we find a good time?

Mike/Pete/Jason might like to talk to mnot early on; good time is AU time..

Christine can help coordinate this

Plan: have a call and then start writing

Also might want to try to include Hadley (UK time)

So...we will convene on Dec 20 as large group

scribe: meeting adjourned

<weiler> rrsagent+ draft mintues

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2018/12/06 17:38:02 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/to punt/to punt on the signaling of mode/
Present: plh weiler npdoty tara moneill christine pranjal jnovak brentz SergeyKanzhelev DavidC PeteSnyder wseltzer pes BennettCyphers StevenEnglehardt Arthur runnegar Hannah
No ScribeNick specified.  Guessing ScribeNick: tara
Inferring Scribes: tara

WARNING: No "Topic:" lines found.


WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 06 Dec 2018
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.


WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)


[End of scribe.perl diagnostic output]