W3C

- DRAFT -

Privacy Interest Group Teleconference

20 Dec 2018

Agenda

Attendees

Present
jnovak, weiler, tara, wseltzer, Hannah, shivan, npdoty, terri
Regrets
Chair
SV_MEETING_CHAIR
Scribe
jnovak, tara

Contents


<weiler> preset=

<weiler> present=

<weiler> webex is at: https://www.w3.org/2018/08/ping-webex.html

<jnovak> scribenick: jnovak

<tara> scribenick: tara

Update on questionnaire:

Version live on canonical URL is up to date with all edits

2019: some cleanup, might split into new sections

weiler: deprecate old items? Shall we discuss this or shall I proceed to do that?

jnovak: you can go ahead; everything we want to preserve was merged

christine: don't deprecate fingerprinting note

npdoty: are you waiting on anything for your fingerprinting note or can we publish?
... I think we had list of open issues - would like someone else to review to see if they are properly handled
... then it's good to go...note is iterative, living document

christine: will remind folks of open issues

<scribe> scribenick: jnovak

christine: user-agent is next agenda

npdoty: hearing discussions in a variety of places about freezing / reducing UA
... especially for fingerprinting risks / info disclosure
... specific proposal that prompted email was Mike West's client-hint proposal
... freeze the UA and the server could then prompt the UA for specific pieces of information based on a series of round trips
... would be a similar amount of information but only sent to sites specifically looking for this information
... similar discussions in UA freezes in Safari
... variety of discussions means we should talk about limits we can put on headers etc.
... heard some feedback off list but worth talking about

<tara> jnovak: three separate discussions

<tara> [scribe lost first part]

jnovak: 1. Entropy of user-agent / freezing user-agent; 2. Client hints; 3. All other headers and the privacy impact thereof
... if you split them up, then can do things like discuss privacy impact of headers like accept-languages separate from others as there may be other wins there
... and what safari did was in fall? 2017 in safari technology preview, was freeze entire UA

<tara> runnegar: can extend discussion of this in January

jnovak: in response to web dev community feedback where there were compatibility issues raised decided to unfreeze parts of the UA (Safari + OS version) in the Spring Safari releases

npdoty: think that it would be good to discuss what the goals are
... perhaps in each of the three cases
... and perhaps document what each of the use cases are / information sent is
... there's a lot of issues where there's vague use cases -- e.g. debugging -- used to justify but more details maybe helpful

christine: with the discussion of client hints that's been occurring, has there been any documentation

<tara> jnovak: based on TPAC - breakout session called "client hints & privacy " (?)

<tara> mostly trying to assuage fears about client hints

<npdoty> what would we like to accomplish by limitations on header data? and what are the primary uses of User-Agent data and other analytics/debugging-related headers?

<tara> there are many desirable things to be exposed earlier in flow so server can determine what types of assets it will send to client

<tara> example: you are in area with lesser infra, slower connex, instead of using JS, server could send header: "please send me client hint"

<tara> client could send network quality info; server would know to send lightweight version of page

<tara> there are two pieces: 1. mechanism of client hints (roundtrip header mechanism + only sent on TLS connex + only sent to origins that asked for it, which can delegate")

<tara> 2. content sent on client hints

christine: helpful overview, anything else we should discuss?

<tara> jnovak: representing Pete on this

<tara> Pete responded to thread asking for input - another call needed before writing?

<tara> He is going to proceed since no one asked for anther call

<tara> Early 2019, can expect to see something to discuss

christine: Pete should start writing

<tara> christine: we tried to accommodate more folks on second call; we will try again in January, but don't let that hold up Pete

christine: webrtc asked to move to 2019 as they are going to add additional use cases
... may have more privacy impact
... also put in the agenda that there's a new geolocation sensor draft
... see email with agenda for additional links
... perf wg wants to discuss timing, can do so on Jan 10th, so propose having the call then

jnovak: should we discuss move of Edge to Chromium
... and privacy impact
... can punt to 2019 to get bigger quorum / put on angenda

christine: will put on agenda for 2019
... next call is Jan 10, usual time
... probably another private browsing call that is more amenable to APAC

Summary of Action Items

Summary of Resolutions

[End of minutes]

Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version 1.154 (CVS log)
$Date: 2018/12/20 17:25:54 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.154  of Date: 2018/09/25 16:35:56  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/olyy/only/
Succeeded: s/linsk/links/
Present: jnovak weiler tara wseltzer Hannah shivan npdoty terri
Found ScribeNick: jnovak
WARNING: No scribe lines found matching ScribeNick pattern: <jnovak> ...
Found ScribeNick: tara
Found ScribeNick: jnovak
Inferring Scribes: jnovak, tara
Scribes: jnovak, tara
ScribeNicks: jnovak, tara

WARNING: No "Topic:" lines found.

Agenda: https://lists.w3.org/Archives/Public/public-privacy/2018OctDec/0046.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 20 Dec 2018
People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)


[End of scribe.perl diagnostic output]