W3C

- DRAFT -

Improving Web Advertising BG
04 Aug 2020

Agenda

Attendees

Present
jeff_burkett_Gannett, Karen_, wseltzer, ajknox, aschlosser, cwilso, weiler, jrosewell, mlerra, Joshua_Koran, KrisChapman, wbaker__, dialtone, marguin, kleber, pl_mrcy, hober, bleparmentier, joelstach, arnoldrw, AramZS, ErikAnderson, Paul_Bannister, br-rtbhouse, ddabbs, imeyers, Mike_Pisula, bmilekic, btsavage, seanbedford, palvarado
Regrets
Chair
SV_MEETING_CHAIR
Scribe
Karen

Contents

<wseltzer> [Pedro Alvarado]

<scribe> Scribe: Karen

Agenda-curation, introductions

Wendy: Looking at agenda

we have WebID

scribe: Turtledove and FloC
... and Chrome extension access to cohort identifiers
... and just before the call
... request from James to hear about partnership for addressable media
... look at highlights from issue dashboard
... Key question for these topics
... do we have people prepared to give overview of the materials
... Do we need to put out some calls for discussion at a later time?
... Do we have somebody who would be able to tell us about WebID?

Michael: We don't have a Google person deeply involved in WebID on the call today
... we could try to have someone attend a future session; would be helpful to have questions in advance
... August timing with vacations could be slow
... There is work on WebID happening within other W3C groups
... I think it's under WICG
... but there are dedicated meetings and calls
... Might be a better place to move that discussion

Wendy: If we have Julie on the call
... we could get more of what she was hoping to ask about WebID

Julie: Thanks, Wendy
... and thanks for letting us know who is on call today
... also having challeges with reception
... Trying to understand the goals of WebID
... and how it affects first party relationships with their useres
... and their logins
... and time selection of information
... Get some more specific questions together
... The way it's described in the explainer touches on some policy issues

[cannot hear Julie]

<wseltzer> Julie's email re WebID

<kevinG> +present

scribe: might be difficult to do that over issues in GitHub
... if you could please explore having someone come in
... doesn't have to be August; understand difficulty there
... but let's have a conversation about it

Wendy: Thanks, Julie
... we'll look to see when we can get the right participants from the Google proposal team
... and see whether WICG has calls
... or if we want to schedule that for a future call here

Julie: If anybody has specific questions they would like to have discussed, please send them my way via email

Kris: Add to what Michael was saying
... the discussion has moved to WICG
... impact on protocols, privacy and security considerations
... I think it would be. a worthwhile topic to dive into

<wseltzer> WICG WebID repo

Kris: I think people not building IDs themselves might have trouble following the technical conversations, so a business conversation would be suitable
... I would love for Google to join, but also would like to ask the Mozilla folks
... they were working on a pre-curser to WebIG

s/WebID

scribe: looking at cross-site tracking
... not just Google, but ask Mozilla as well

Wendy: The business cases to tee up here
... is one of the goals of this group

Michael: What I was trying to say originally
... as we discussed a week or two ago

<aschlosser> I meant IDP == Identity Providers

Michael: a reasonable way for the AdvBG to interact with relevant or tangential parts of W3C
... was to appoint somebody to be the go-between representative
... to bring questions from this group to the WICG discussion
... and then bring answers back
... or keep this BG updated on progress
... this might be a good opportunity to put this into action
... seems this might be good way
... rather than everyone all come to the one-hour meetings

Wendy: I think some of the questions seem to help help this group gain shared understanding
... anyone is free to interact in WICG
... and if anyone would like to take on a more representative role, and report back and forth, that could help to focus the interaction
... Thanks, we have a few ideas of ways to go forward
... There is lots of material already in the repository
... Sounds like Julie will collect quetsions
... and figure out if those are best addressed by inviting people here, or by bringing those questions into the WICG discussions
... Thank you, Julie

Turtledove and FloC - Chrome Extension Access to Cohort Identifiers

Wendy: I think we have the same question about Turtledove and FloC, Chrome Extension Access to Cohort Identifiers
... Do we have the right people on the call to address that?

kleber: I can try to speak to some of those questions
... I am not an expert on browser extensions, but we can have some of the discussion

Wendy: Pedro, would you like to introduce the question?

<wseltzer> https://lists.w3.org/Archives/Public/public-web-adv/2020Aug/0000.html

Pedro: Our question stands from consumer study world with controlled group of people who agree to answer questions about them
... usually there is a Chrome extension available
... it would be interesting to know how this group thinks about Turtledove and FloCs
... and if there is access to Cohort identifier
... and if access to consumer studies
... is this something...when we think about access; is this a venue the browsers are thinking about making available
... are there impediments to do this?
... any context would be helpful
... Understand how this new privacy aspect fits into this world
... thank you

Michael: I can give a high-level answer; and happy to hear others' answers
... Seems to me that FloC and Turtledove would have different answers
... seems that Chrome extensions would have access to a person's FloC
... cluster person is grouped into
... person can get access through HTTP request as HTTP header
... seems like extensions could get it also
... if convenient to get it without HTTP connection, that seems reasonable
... this is deliberately
... browser lets be joined with third party information of user
... no new privacy consideration there
... Turtledove IG seem trickier to me
... IG stored in browser....might be something one company has and doesn't want another company to see
... If Foo.com web site doesn't want to see data
... or stored in this heightened sense
... and if only accessible through auctions mechanism
... we can certainly discuss how extensions might interact
... seems like an area we need to work carefully to respect everyone's interests

Pedro: I think that makes sense
... Interseting in your comment, the way some of this
... companies and consumers were starting to use Chrome extension and the data capture
... they were capturing information the users have explicity granted access
... rich permission model
... let them know what Chrome extension is tapping into
... Interesting way to describe....how an ad network is
... versus user granting access to cohorts they belong to
... Interesting to understand if it's perhaps
... a better interpretation
... on how this could work
... to give consumers control
... and who has access to the groups they belong to
... understanding some differences behind the scenes for advertising purposes
... FloC as header available make sense
... I think that perhaps making the API
... that makes access to that explicit could be useful
... and maybe GitHub with corresponding use cases would be way to continue that conversation

Ben: Pedro, I am trying to understand the use case you are trying to support?
... you want to create an offline panel for people who have consented to cross-site tracking
... and you are wondering if it's possible to build in a post cookie world?

<Joshua_Koran> I thought Pedro's question was whether the Chrome team would override an individual's consent to cross-publisher tracking

Pedro: Want to understand the cohorts that a panelist belongs to
... where user logs into the extension
... so there is association between someone who answers these questions
... in context of controlled surveys
... the industry standard of how things work
... go as far as hitting the middle of the network stack to capture more information
... sometimes people get paid to provide answers to questions

Ben: to summarize
... you are talking about paid participants
... not talking about cross-site tracking, but looking to see if Chrome can do this

Pedro: Give you link [talking too fast]
... whether these proposals; these patterns still hold
... the information
... that is provided can be interesting to understand consumers in the context of studies

Bleparmentier: I understand that we don't want cross-site tracker
... by don't understand why if person expressly asks for it
... surprised there is an issue here
... reaction of user is quite complex
... if clear, why is that an issue
... and extension that I can click off
... maybe some Chrome extension
... to track themselves to see what is going on
... as a legitimate use case
... if it requires an extension
... seems to me; not sure why it is an issue
... we don't want cross-site tracking by default
... but if it is installing an application and it says beware it is doing cross-site tracking; I want to understand you point of view

Michael: So again, maybe we would have a better discussion
... if we had someone in the room
... with a lot of knowedge of extension permissions
... extensions can do a wide range of things
... some merely log into and view browser activity across all sites
... you could opt into that cross-site tracking
... and there are more powerful extension capabilities to access data across all sites
... I trust this so much to use same credentials to log into my bank account
... Extensions can do many things; some are disruptive; some require trust
... What level of access would you need to give to an extension to do things we're talking about
... and not have it steal money from BitCoin or bank account

Aram: none of the discussions I've seen so far
... have discussed changing the priviledged status of browser extentions
... that a web site cannot
... because they operate at level of a browser
... if you can get someone to agree to download an extension
... could have its own storage access
... relative to extension
... am I mistaken in my assumption?
... Correct that none of proposals change that structure for browser extensions

Michael: That's right
... we don't have any proposals that talk about browser extension permissions

Aram: that answers my question
... who other question about extension permissions
... thanks
... not sure we want that here

Valentino: Can someone make assumption
... or say Chrome doesn't have anything against an extension that can be used to assume or use explicit consesnt
... and use as federation of publishers that deal with identity among themselves
... and deal with identity tracking
... or would Chrome actively try to defeat?

Michael: I don't have an answer to question of what Chrome extensions can do in future

Valentino: Do you think it's a viable, interesting area of discussion among us
... or find another venue for advertising interests, or is it something you don't suggest going down?
... Is it a safe area to do development on effectively?

Wendy: I will say
... it could be, from what I am hearing
... could be interesting area to develop a proposal and then ask across the community if it's consistent with the Web Platform

Valentino: I would imagine if there were a viable alternative to tracking
... publishers could create a browser extension that would allow them to show free content
... because they have a browser extension with certain permissions to show identity and allow cross-site tracking
... If this is not a viable approach, one would not spend money to do so

Michael: I don't think I can answer that
... to take Wendell Baker's phrasing
... the sorts of things we have been proposing in the privacy sandbox are things that are safe; "safe harbor ideas" that don't enable tracking

<wbaker__> :-) +1 Kleber :-)

Michael: when you ask questions about very general capabilities of all the things that extensions might do
... or maybe use for purposes people or intend or do not intend
... something that steal people's BitCoins and did not expect the outcome
... when talking about very powerful permissions on the web, it's subject to all kinds of abuse
... no way I can commit to some future abuse Chrome would take action on

Valentino: See from publishers...ability to
... discover if paywall is discoverable or not without forcing user to login
... it is arguably less safe than with a browser extension with the user consent
... that is where I am coming from

Michael: Maybe it's safer for people to log into all sites
... and may be the WebID topic

<Joshua_Koran> +1 Valentino - it seems a better user experience to provide a true cross-publisher pseudonymous ID to fund publishers who need to provide marketers frequency capping and attribution

Michael: and that is a great place to have this dicussion
... for people to log in when they explicitly intend to do so

Wendy: A couple more on this topic

Basile: let's assume

you have an extension called "cookie for tracking"

<wseltzer> s/"cookie for tracking"/

scribe: this would be used to track across web sites
... very clear stet up
... if user did decide to install
... have access to more news article

<jrosewell> @joshua_Koran: how many people install or know about extensions? If it's not many then it won't be a widely used solution unless it is presented to people at the point of installation or setup.

scribe: user might be fine with
... extension has right to track across web sites
... may think it's good for him
... my question, do you agree on that?
... Let's assume the user is aware and everything is transparent
... Do you think this is something to do or not?
... Extension takes some time to do

<Joshua_Koran> @jrosewell - I think technology implementation aside, the question is whether we believe people can opt-into cross-publisher tracking without which will have negative impacts to smaller publisher's revenue

scribe: some danger; be explicit
... would it be possible to do so, should it be ok, as long as user understood; it is complicated to install
... make sure he is aware of what he is doing
... is it something you want to prevent or not?

Michael: I understand your question, but I cannot answer it
... asking about Chrome's policy for future browser extensions
... I cannot make any forward-looking statements about

Wendy: I hear echos of some of this conversation about permissions policy in the WiCG and Web Security Wg
... there is lots of on-going user research on user understandings of the permissions and dialogues
... where all of that, too, could influence policy and technical choices

Aram: I think the question
... is an interesting one
... I understand the perspective on the other side
... My question, an expansion of that
... if we want a use case, a proposed architecture for how an extension might work for an ad functions
... and how permissions might work
... give user the ability to specify what I want v ability to enter into the page
... and we want to write that proposal
... is that something the Chrome team would be interested in considering
... is it within the spectrum of proposals that Chrome sandbox wants to encourage

Michael: Should there be browser permissions
... those are browser specific questions, not W3C style spec questions
... different browsers might well do differently and make different choices in how extensions, prompts and permissions work
... I am not the right person to talk about the details of browser-specific permissions questions

Aram: Ok, thanks

Wendy: James, you mentioned partnership for responsible, addressable media

James: I am not in a position to talk about it
... but thought it would be relevant reading about it this morning

<alextcone> Michael, the reason to not let that be browser by browser decision making is that it yet again makes privacy controls more fragmented for users. Fragmented privacy / data protection experiences surely cannot be the goal.

Wendy: Thank you. Is there someone here who would like to share anything about the partnership for addressable media?

Jordan: I can take that
... There was an announcement of a number of trade organizations and private companies coming together
... announcement was this morning
... They are coming together to address the issues of identifiers
... a lot of influential orgs, mostly buy-side folks
... who have been under-represented
... how does this relate to project rearc
... how to bring members together
... and provide input on business and policy side into the technical standards setting process
... Project was launched earlier this year to look at addressability in advertising
... partnership represents other key orgs looking at business, policy implications and feeding that into technical standards orgs
... we'll continue moving forward
... partnership will build on work of project rearc; remain focused on technical aspects of addressability

<scribe> ...continued focus on privacy for consumers

UNKNOWN_SPEAKER: this does expands
... as project rearc has done
... outside scope of web and privacy sandbox in Chrome arena to multi-channel and multiple situations
... scenarios when there is not access to identity
... how to use responsibly
... when they rely on third party vendors
... a new set of orgs coming together to support similar objectives

Wendy: Thanks, Jordan
... for the pieces that deal with the web, it's good to have interaction between the groups
... sounds like you can help to bring ideas back and forth

<jrosewell> @Jordon: thank you

Wendy: and perhaps others are participants in both venues
... and share web needs and goals
... with the partners there

Jordan: yes, we certainly intend to do so
... when we have an ask for browsers to support interoperably
... that is where we see W3C venue being influential
... privacy for consumers and interoperability for those who provide content

Wendy: Sounds like a good set of shared goals
... other questions?

Dashboard highlights https://w3c.github.io/web-advertising/dashboard/

Wendy: We might get to the issues dashboard
... this is a growing collection of issues and questions from repositories
... a lot of proposals, some with their own issue trackers
... some with homes in WICG or Privacy CG
... if there is an issue under discussion that would benefit from a synchronous conversation; or highlight an interesting area for group conversation?

<dialtone> that's similar to the summary/digest thing I was talking about last week

Wendy: if issues are getting good discussion in asynchronous conversations via GitHub, then encourage continued discussions and put on agenda when questions come up

B: small question
... is there attention in W3C
... to this new organization?
... or something that will be done outside of W3C and we have to look at other meetings?
... Will it be this forum, or another one?

Wendy: Sounds like a question for Jordan

Jordan: Please, could you repeat the question?

B: Does this new organization, intend to publish in W3C, or is there another forum, or do we go somewhere else to get the information?

Jordan: I will paste the announcement into the irc window
... they have announced the formation of the group
... it is not an organizational entity, but more of an initiative with a governing group
... Association of National Advertisers is leading the initiative
... there will be more information about where to go for involvement and information

Wendy: Coordination where there is an ask for the web
... we would welcome communications to W3C and discusisons
... for how these needs may interact

Jordan: Agreed

Wendy: Any other business for this call?
... I encourage people to share agenda requests early
... and I can do more
... in trying to coordinate with folks on the other end to find out who wants to be available to participate in those conversations
... in the mean time
... lots of good conversation continues on GitHub

<Jordan> Go here for more information about the Partnership for Responsible Addressable Media ... http://www.responsibleaddressablemedia.com/

Wendy: I sent around an email about a side conversation on Success Criteria
... Dates don't work for James, so I will send new dates for that conversation
... Thank you all for joining the call this morning
... in spite of the full swing of summer
... See you next week
... Adjourned

<wseltzer> [adjourned]

<kleber> Thank you Karen!

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes manually created (not a transcript), formatted by David Booth's scribe.perl version (CVS log)
$Date: 2020/08/04 15:56:46 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision of Date 
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

WARNING: Bad s/// command: s/WebID
Succeeded: s/@/kleber/
Succeeded: s/@/Cohort identifier/
Succeeded: s/andy/any/
Succeeded: s/Aram/Basile/
FAILED: s/"cookie for tracking"//
Succeeded: s/@/"cookie for tracking"/
Present: jeff_burkett_Gannett Karen_ wseltzer ajknox aschlosser cwilso weiler jrosewell mlerra Joshua_Koran KrisChapman wbaker__ dialtone marguin kleber pl_mrcy hober bleparmentier joelstach arnoldrw AramZS ErikAnderson Paul_Bannister br-rtbhouse ddabbs imeyers Mike_Pisula bmilekic btsavage seanbedford palvarado
No ScribeNick specified.  Guessing ScribeNick: Karen_
Found Scribe: Karen
Agenda: https://lists.w3.org/Archives/Public/public-web-adv/2020Aug/0001.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth


WARNING: No date found!  Assuming today.  (Hint: Specify
the W3C IRC log URL, and the date will be determined from that.)
Or specify the date like this:
<dbooth> Date: 12 Sep 2002

People with action items: 

WARNING: IRC log location not specified!  (You can ignore this 
warning if you do not want the generated minutes to contain 
a link to the original IRC log.)
[End of scribe.perl diagnostic output]