<weiler> preset=
<weiler> present=
<weiler> webex is at: https://www.w3.org/2018/08/ping-webex.html
<jnovak> scribenick: jnovak
<tara> scribenick: tara
Update on questionnaire:
Version live on canonical URL is up to date with all edits
2019: some cleanup, might split into new sections
weiler: deprecate old items? Shall we discuss this or shall I proceed to do that?
jnovak: you can go ahead; everything we want to preserve was merged
christine: don't deprecate fingerprinting note
npdoty: are you waiting on
anything for your fingerprinting note or can we publish?
... I think we had list of open issues - would like someone
else to review to see if they are properly handled
... then it's good to go...note is iterative, living
document
christine: will remind folks of open issues
<scribe> scribenick: jnovak
christine: user-agent is next agenda
npdoty: hearing discussions in a
variety of places about freezing / reducing UA
... especially for fingerprinting risks / info disclosure
... specific proposal that prompted email was Mike West's
client-hint proposal
... freeze the UA and the server could then prompt the UA for
specific pieces of information based on a series of round
trips
... would be a similar amount of information but only sent to
sites specifically looking for this information
... similar discussions in UA freezes in Safari
... variety of discussions means we should talk about limits we
can put on headers etc.
... heard some feedback off list but worth talking about
<tara> jnovak: three separate discussions
<tara> [scribe lost first part]
jnovak: 1. Entropy of user-agent
/ freezing user-agent; 2. Client hints; 3. All other headers
and the privacy impact thereof
... if you split them up, then can do things like discuss
privacy impact of headers like accept-languages separate from
others as there may be other wins there
... and what safari did was in fall? 2017 in safari technology
preview, was freeze entire UA
<tara> runnegar: can extend discussion of this in January
jnovak: in response to web dev community feedback where there were compatibility issues raised decided to unfreeze parts of the UA (Safari + OS version) in the Spring Safari releases
npdoty: think that it would be
good to discuss what the goals are
... perhaps in each of the three cases
... and perhaps document what each of the use cases are /
information sent is
... there's a lot of issues where there's vague use cases --
e.g. debugging -- used to justify but more details maybe
helpful
christine: with the discussion of client hints that's been occurring, has there been any documentation
<tara> jnovak: based on TPAC - breakout session called "client hints & privacy " (?)
<tara> mostly trying to assuage fears about client hints
<npdoty> what would we like to accomplish by limitations on header data? and what are the primary uses of User-Agent data and other analytics/debugging-related headers?
<tara> there are many desirable things to be exposed earlier in flow so server can determine what types of assets it will send to client
<tara> example: you are in area with lesser infra, slower connex, instead of using JS, server could send header: "please send me client hint"
<tara> client could send network quality info; server would know to send lightweight version of page
<tara> there are two pieces: 1. mechanism of client hints (roundtrip header mechanism + only sent on TLS connex + only sent to origins that asked for it, which can delegate")
<tara> 2. content sent on client hints
christine: helpful overview, anything else we should discuss?
<tara> jnovak: representing Pete on this
<tara> Pete responded to thread asking for input - another call needed before writing?
<tara> He is going to proceed since no one asked for anther call
<tara> Early 2019, can expect to see something to discuss
christine: Pete should start writing
<tara> christine: we tried to accommodate more folks on second call; we will try again in January, but don't let that hold up Pete
christine: webrtc asked to move
to 2019 as they are going to add additional use cases
... may have more privacy impact
... also put in the agenda that there's a new geolocation
sensor draft
... see email with agenda for additional links
... perf wg wants to discuss timing, can do so on Jan 10th, so
propose having the call then
jnovak: should we discuss move of
Edge to Chromium
... and privacy impact
... can punt to 2019 to get bigger quorum / put on angenda
christine: will put on agenda for
2019
... next call is Jan 10, usual time
... probably another private browsing call that is more
amenable to APAC
This is scribe.perl Revision: 1.154 of Date: 2018/09/25 16:35:56 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/olyy/only/ Succeeded: s/linsk/links/ Present: jnovak weiler tara wseltzer Hannah shivan npdoty terri Found ScribeNick: jnovak WARNING: No scribe lines found matching ScribeNick pattern: <jnovak> ... Found ScribeNick: tara Found ScribeNick: jnovak Inferring Scribes: jnovak, tara Scribes: jnovak, tara ScribeNicks: jnovak, tara WARNING: No "Topic:" lines found. Agenda: https://lists.w3.org/Archives/Public/public-privacy/2018OctDec/0046.html WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 20 Dec 2018 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]