Meeting minutes
<wseltzer> https://
<wseltzer> https://
<wseltzer> https://
<nics> present
Agenda-curation, introductions
Issues and Pull Requests in the web-adv repo
<wseltzer> https://
Wendy: We wondered whether we had thoughts from those working with the document
… whether that is a direction you want to go or not?
… Discussion on the pull request hasn't moved much
AramZS: I don't know if James is on the call today? He could talk us through the changes? It's a large diff and difficult to parse
Wendy: James, are you available to respond to that?
… I agree that the diff is difficult to look at
Wendy: you can scroll through the documents
… in this one community repo
<wseltzer> https://
AramZS: I see James has queued up
James: You are discussing the pull request in relation to the use cases document
AramZS: Could you please walk us through?
James: previsouly we had a table with four columns; use case name, Google's approach, Safari approach and community approach
… that made sense when there was only one community approacy
… Aram I think said if we put all the different community approaches into a single column...that was a concern regarding the layout
<wseltzer> [example, https://
James: So I have separated each use case into a separate table
… a row for each use case
… Let's say a use case with 20 different proposals against
… also added a third column with proposer name, link to proposal and third column for percentage fit to evaluate against one another
… I have found editing tables in markdown was difficult
… I used writage(?)
… community proposals, it's purely the layout change
… I intended to address Aram's point with that change
… does that make sense?
Aram: yes
Kris: I was going to mention on a related note
<eriktaubeneck> it's a bit easier to look at the rendered version here: https://
Kris: I sent Ben a related draft we used at SF for mapping browser proposals to current support as well
… Same type of table format
… I generally think we need a system that is not a table per se
… It is very difficult to see online
… I would also pay for something where you could use filters
… Other comment
… We look at SF
… larger than number on this proposal
… Looking at impact on load balancing, security and other situations that are not directly adv related but will have an impact
… that's it
Erik: First, feedback from mic
… I just posted in irc
… easier to see it rendered
… and also I'm not convinced that the percentage is one, clear to someone who just shows up; and two, if we want to include in this document
… not sure this group could come to consensus on a percentage fit
<joshua_koran> Instead of %, what about Full Support, Partial Support, No Support?
Erik: Good to list out the use cases and how impacted by these proposals
… Maybe worth calling out specific areas they don't cover
… or pros and cons
… not sure we can get to a numerical number that will work for everyone in this group
… A very diverse set of participants who would come up with different numbers if forced to come up with a number
Wendy: I would note first
… I don't think we have Ben Savage on the call
… the initial editor of this document
… invite his input
<GarrettJohnson> Sorry everyone. I thought I was muted. Thanks for flagging Erik!
Wendy: and to Erik's point
… I think it's great if we can make it clear
<eriktaubeneck> I can relay this to Ben to jump in on the PR
Wendy: what the elements represent
… If each proponent of a project
… makes indications of its responsiveness
… or those who proposed a use case say how well supported the proposals meet their use cases
… where are the opinions coming from
… it will be difficult to get agreement, but we can pull together facts and agreements
James: I will take out the percentages
… I thought it would be useful to see if there was agreement on the format
… don't want to end up in merge hell
… best I could come up using markdown
… but if another tool to use, that's great
AramZS: I wonder if
… the goal for this should be to avoid the comment area being as detailed as it currently is
… simply say this is being addressed by this
… I think linking to a more detailed discussion page for each of these use cases
… I have been working on thinking through if it weren't in this scrolling document
… need for filtering on it
… if you need more details
… or maybe you do need that level of detail; wonder what people think
James: I did not change the content; just the layout
… maybe we accept this one and come back to it as a separate point?
Wendy: I tried to close the queue to move discussion back to the Github issue
<AramZS> @kris_chapman I'd love to see it as well
Wendy: and see if we can come to resolution there
… quick comments please
Kris: the version I sent over to Ben, is along those lines
… just purely use case and proposals
… there are multiple proposals that can be applied to use cases
… It's not about acceptance or how well supported
… it's about how it applies to use cases
… I will submit...
… see what proposals might impact different use cases
Wendell: I'll try to be short
… we have used this material in a summary form to teach our executives
… there is some reticence to learn all this
… 20 slides...100 slides...more it gets into something that fits onto a page
… that would be great
… the rest of us will have to weigh in and look at the details
Wendy: thanks, James for adding this detail, and others for comments on how it is being used
… Let's see if we can conclude in Github discussion around the pull request
… and whether this change is helpful and should be applied even as we produce other documents
… or if there is a better way to capture this information
… Our goal is to help display the information more effectively; so thanks
Demo, Kitten Cluster (previously Feathered Serpent)
Wendy: See if we can conclude that in the next week
… Feathered Serpent is next up
… Michael, you have given us hints about a demo
… the floor is yours
Michael Lysak: Can everyone hear?
Wendy: Yes
Michael_L: First order of business, Feathered Serpent
… pets are the new bird
… not a bird, so I have renamed it
… name it will go by
… The problem we are trying to solve
… Fallacy of equivocation where words take on multiple meanings
… for example, sky is blue. What is blue is not happy, thus sky is sad.
… Privacy...the word has begun to lose meaning in our conversations
… we end up detracting
… not clear what each proposal is trying to solve
… it leads to the "Motte and Bailey" discussion
… where ambiguity on a word creates general confusion on a discussion
… for example, we should put Internet into a safe
… says person A; person B, says no, it's about preventing a user's information from leaking
… discussions devolve into lack of understanding; issue stays unresolved
… There is a second problem
… Second one is there is no home for complex issues, alternative issues, diversity of opinions on privacy
… so it's "off topic"
… someone comments, "it's off topic" and creates this confusion
… It was not clear to me where we should have these discussions
… on the proposal itself; hold it in another group
… where do we have these discussions; issues that span proposals
… two problems: lack of clear definitions of privacy, and lack of home for these debatable concerns
… have caused stagnation on a number of GitHub issues
… Goal of Kitten Cluster is to help with definitions, consistency of analysis
… asks each proposer to put together their definition of Privacy
… so doesn't matter if you disagree, but definition puts in context
… but not clear what prosal is about
… Unity analysis
… try to make itself as good as possible
… but could be combined with other proposals
… need to look for big picture
… and find home for it
… Contrary proposals
… we incubate many contrary proposals at the same time
… an impossible situation; how do we weigh one v other
… if you disagree that is not going anywhere
… we need a way to have these discussions
… First tool in the Kitten Cluster is the privacy definition
… not meant to define privacy within Kitten Cluster
… we leave definition to the proposer of each proposals
… In W3C you have likely read multiple proposals on privacy
… so why do we need this?
… Current explainers are not doing the job
… talking about technical, philosophical discussions; but what is the cause
… explainers use big language...don't specify data types, or transport layers
… not HTTP
… my first name as personal information
… define my first name leaving browser and going to server as improper transport
… this information is missing or unclear or leaves room for a number of threat models that Kitten Cluster tries to make clear
… also don't treat language neutrally
… can have a back door into privacy
… Kitten Cluster provides more rigorous set for privacy guidelines
… so we have a technical means of communicating about a philosophical problem
… create a technical spec on which to discuss it
… KC doesn't define privacy, but provides guidelines
… Overarching definition and proposal defnition
… Examples
… a light definition
… idea is that "Aweseome Corp" has a red background proposal
… color red is chosen to indicate contradiction
… overarching definition
<kris_chapman> I would say the privacy definitions are really defined in the privacy threat model. Just wondering if that's not the common view?
<jrosewell> Re: use cases - PR updated with the % column removed.
[reads fast the text on slide]
… uses fair language and provides a technical standard that can be discussed
… you understand color red is metric of privacy and understand how to describe it
… red pixels on screen v. don't agree with it philosophically
… Proposal definition
… ties into final state of Web
… state if want to accomplish; leads towards a greater state
… Looking at another example of red example
… Look at Beta Corp
… don't have to have same proposers, but they believe in same final state of Internet of privacy
… seek to replace pages with red....[reads too fast]
… Cicada proposal...seeks to replace all backgrounds with color blue
… We can have privacy definitions that use tech language
… against same goal
… Let's look at how to use these privacy definitions
… how they facilitate communications
… Now that we have a privacy definition
… we can look at the filing of "snakes" of privacy threats
… threat may stem from proposal, or contradicts; but that is not a self-consistency analysis
… for the self consistency analysis, we only focus on what the proposer thinks is correct
… we operate from assumption that red percentage of view is privacy
… outside of privacy definition, in the details of how to achieve
… it may restrict background of viewport to 40% at all times
… that is inconsistent, so you could file a comment
… this safeguard doesn't follow the definition
… or state the snake is inconsistent with itself
… or if proposal increased blueness
… or you believed this would be the case; increase in red backgrounds would prompt web sites to have blue backgrounds
… it's debatable what might happen
… so may not be viable to file...use Kitten Cluster
<AramZS> Wait... are you proposing filing issues with a proposal on a repo other than the proposal? I don't understand why?
Michael_L: continuing
… Solution three, the overarching unity analysis
… if we combine Awesome Corp's red background proposal and Beta Corp's red text proposal?
… you don't want to talk about red text; but problem obviously if they are combined
… Internet stops working; inherent problem of combining these two proposals
… this Kitten Cluster analysis looks at same proposals and looks at impacts of combinations
… to easily find and identify these problems
… One of benefits for this
… if both proposals left incubation and went onto standards track and went to standards, text would not be readable on the web
… where would we flag that?
… Kitten Cluster provides a place to do that
… Contrary Proposal Analysis
… if we combine Awesome Corp's red background and Cicada Corp's blue background
… cannot do this
… they don't agree; cannot bring up on each other's proposals
… out of scope of each's definition of privacy
… if you think it should be blue, it's out of scope if you believe it should be red
… clearly analyszed that they cannot comment on each other's proposals
… but they can come to KC and mark that these proposals were contradictory
… there should be discussion that these two proposals disagree with opposing POV
… and not lose the POV
… and become a race for incubation while there is a contrary or competing proposal in progress
… Main method is with a directory structure
… W3 can use structure to ID contrary proposals, when to view side by side
… and note not all proposals are contrary; could want to achieve different states
… we ask the proposer to specifically label proposals that are contrary
… Take a look at the directory structure
… The overarching definitions files
… see the definitions and subdefinitions
… they may exist in multiple places, e.g. PING, Privacy CG
… Go into Red background proposal file
… see proposal was created in own words
… consistency snakes regarding its own definition of privacy
… and any snakes that this proposal may have on inconsistency
… Overarch folder
… copied over in proposer's own words
… proposer may not make a privacy definitoin
… should be clearly stated, clear where it came from
… to reflect the proposers ideology
… should show unity snakes
… whereas combining red...
… if either becomes a standard, we might want to flag
… don't put forth the red background proposal because we don't work together
… they may want to make that argument
… or perhaps these two proposals are not in contradiction
… but a third party may view it as a web state not sustainable
… that could be valid objection here
… types of snakes...privacy violations
… trust violations
… special treatment; privacy loopholes or back doors
… as a way to describe effectively
… or a lack of clarity violation
… by specifying these things we could root out loopholes for privacy being violated in any state
… How do we resolve snakes?
… That is a bigger tastk
… perhaps in W3C discussion
… if this were to be adopted
… W3C could provide guidance on where these 'snake issues' could be discussed or debated
… What about PING as a home for this?
… happy to speak further
… so far PING's analysis process has been going on with one definition of privacy
… a graphics API killed finger printing
… that is an assumption in one of them
… other definitions of privacy might not be at home there
… Understand how PING responds to multiple definitions of privacy, not sure if that's the right home
… An example snake that relates to proposals and issues
… at this point ask if there are any questions
Wendy: Thank you
… Look forward to seeing a link to the slides
<Michael_L> https://
ErikT: thanks for putting this all together
… I understand the problem
… is often difficult to analyze these proposals when they don't have a strong privacy statement
… and to do an analysis of that
… My advice would be
… there are tools that exist
… in cryptography and privacy space
… that we should try to lean on
<AramZS> @Michael_L that link is not public
ErikT: a Security analysis, we would want to do proper threat modeling and see if our proposals fit into them
… point to Chrome attribution reporting API
… in terms of being non-colluding, non-trusted servers
… that is a start
… Most of these proposals fit under differential privacy
… having discussion about budgeting privacy system
… K anonymity which FLoC uses
… one could argue it's K anonymity light
… there are tools existing to analyze this
… that can be a lot of work
… get something off quicker
… and get feedback before going through all the work
… Finally, I think we have some alignment on definition of privacy
… you mentioned PING and privacy threat models
… that is where that discussion takes place; not sure WebAdv is right place
… come at it rigorously the right way
… In this group we have come to an understanding of browser vendors to not have cross-site recognition
… that is the working assumption I have when I look at these proposals
… I don't see dramatically different definitions
… stems from need for unwanted cross-site definitions
Michael: I have had people tell me removing @
… and stricter or less strict definitions...is part of problem
… some people have some aversion of some definition of privacy
… lack of definition is causing some interesting things to be hidden away
… You mentioned PING threat model
… I did bring it up there
… but wonder if PING had its own definition that disagreed with other's defintions
… one of main benefits of doing these definitions will make it clearer where we agree or disagree
… I don't think PING is looking at the big picture, but rather one proposal
… haven't seen as many privacy reviews from independent publisher perspectives
… I know there are some, but some agree and disagree
… I think there is room to state different defintions we have
<kris_chapman> that's not true
Erik: Definition will come from PING
Michael: I think you are mistaken
… if W3C's entire definition comes from PING, we are in trouble
… that doc is two years old, written by one person, and has a debatable stance
… has language that is concerning
… when Samuel asked for updates and I volunteered
… to act on the threat model doc
… from comments I have read, some members of PING may want it to analyze from only one defintion
… what do we do about other definitions that disagree
… and if one definition doesn't agree, where do dissenting definitions go
<AramZS> Can we advance in the queue plz?
Michael: is it privacy in general, or does it go to Kitten Cluster
<warren_elson_> Can someone copy/paste the github link again, I just joined this chat and can't see the history. It doesn't show here: https://
<eriktaubeneck> https://
<jrosewell> https://
<eriktaubeneck> it's likely still a private repo
Michael: I believe there is going to be a discussion on different threat models
… your questions seem to be leading to other questions...let's get to the rest of queue
Wendy: yes, we only have five minutes left
James: Thank you
… since we met last week
<wseltzer> Michael_L, it looks as though you need to make that repo public if you want us to see it
James: the UK's information office did a joint statement on these matters which I find interesting
… UK speaks for G7
… seems to be some alignment
… if I understand, membership needs to vote on it
<Michael_L> Ah, I thought I did! Will try to resolve
<Michael_L> after this call
James: for a long time, I have been keen to get a single definition of privacy on which everyone can agree
… I like Michael's proposal for different definitions
… for PING, I don't think it can speak for all constituents for the web
… I would like to see Sam W. look at these different definitions
… perhaps use Kitten Cluster
… there is merit in what you have proposed
… the use of color is a nice way to simplify problems I have also recognized
… what happens if Cicada Corp implements browser used by 70% of web
<wbaker> I think the carbonmp github link is not yet public. It's there and visible to hte owner, but not to us.
Michael: Wendy suggested I use a simple example of how KC can be used
AramZS: thank you for this presentation and levels of details
… there is concern with moderation of proposals, which is what James has been working on
… perhaps it belongs there
… challenged by issue that there will be members of Adtech that will define privacy differently from users
… not sure why that would not be on the issue itself
… this may add extra confusion
<jrosewell> I disagree that "there are members of the advertising technology industry that would define privacy differently" - that is not my experience and speaks to the problems we have in debate
AramZS: not sure how this works with review policies
… and when policies get unified; as we are seeing with click measurement
… with Apple and Google coming together
… I see James disagrees with me
… there are bad actors in the adtech industry to be blunt
… not saying that is a solvable problem in our context
<jrosewell> There are also bad actors in the publishing industry - anyone remember the phone hacking scandal?
AramZS: but we need to state that anything we propose has the potential to be hijacked by bad actors
Michael: I agree there are likely to be bad actors
… I tried to raise these issues on those proposals, and was told by chairs they should not be raised on the proposals
… so that is why I proposed KC
… not assume W3 duty, but facilitate communication on proposals
… the potential existence of bad actors
… is another reason why we need to nail down why, what
<gendler> I would like to disagree with James' earlier point on the ICO/CMA report. While hugely important and we should all be well aware of what's happening there, I don't believe they can 'speak for the g7'
<jrosewell> We can not make progress if we characterize an entire group based on some bad actors within that group.
<AramZS> got it, still not sure this is the right process relative to our existing processes! Something to discuss in PRs. Let's advance.
Michael: if someone is trying to implement something untowards, then we can discuss it
… hopefully we only address unintentional miscommunication concerns, but that is a concern, yes
Wendy: Thank you for the presentation
… there are still folks on the queue
… we are at the end of time
<kris_chapman> even without bad actors, I would say it would be difficult to agree on what privacy actually means
<jrosewell> gendler - https://
Wendy: please let us know when repo is published
… and we can bring back question of where in W3C does this meta work continue
… and where can you find the best home in attempt to structure discussion
… Apologies to Mark for Sandpiper discussion which returns to next time
Michael: Could I quickly go through the remaining slides?
… a good example of where we field these concerns
Wendy: We will do that and get to remaining questions next time
… thanks all for your time
<gendler> jrosewell - Yes, I'm aware of the agreement to work closer together, I still don't think your characterization is accurate to say that they speak for the g7.
Michael: Thank you very much
<robin> what I was going to say is this: I appreciate the attempt to develop a metaframework for communication, however I don't think that that is the way that we can reach consensus. This is essentially a proposal to "teach the controversy". However, I think it more productive to try to iterate towards consensus on a definition of privacy that works and is up to date with today's research rather than try to revisit views long discredited, eg. that co
<robin> nsent is somehow generally good for privacy.
<warren_elson_> Michael, can we get the slides elsewhere while the repo is still private. I would really like to share them with my team.