EPUB 3 Working Group Telco — Minutes

Date: 2022-07-21

See also the Agenda and the IRC Log


Present: Matthew Chan, Matt Garrish, Brady Duga, Masakazu Kitahara, Shinya Takami (高見真也), Toshiaki Koike, Murata Makoto



Chair: Brady Duga

Scribe(s): Matthew Chan


Brady Duga: welcome everyone. It’s been a few weeks. Wendy and Dave are unavailable today, so I am guest chairing.

1. Information exposure and fingerprintability.

See github issue epub-specs#1872.

Brady Duga: adding the name and version number to the epubReadingSystem object in js exposes additional information, which allows authors of epubs to gather more information about the user than the user may expect.
… there’s been discussion about removing the object entirely, or specific attributes of the object.
… also, whether the epubReadingSystem object really exposes more information than navigator.UserAgent.
… i feel is is dangerous for RS to allow access to network + scripting anyway.
… does anyone use this information if you are publisher of scripted epub content?.

Murata Makoto: Hard to believe so.

Matt Garrish: Dave said that he had figured out that an epub was being read on an Apple device, but that was the only practical example of it being used.

Brady Duga: happy to make it disappear, but we have a backwards compatibility issue maybe?.

Shinya Takami (高見真也): I will address our JP members in Japanese now.
… [in Japanese].
… okay JP RS vendor, Voyager, says that their plan is to omit the epubReadingSystem object, but that this has not been done yet.

Brady Duga: do they expose the name and version number attributes?.

Shinya Takami (高見真也): this is controlled by the browser, they say?.

Brady Duga: no, we’re referring specifically to the epubReadingSystem object, not the browser UserAgent object.
… but all of this is “should” territory, because it is not clear that everyone who supports scripting supports the epubReadingSystem object (even though the spec says they should).

Brady Duga: See navigator.epubReadingSystem.name: Thorium.

Shinya Takami (高見真也): so the epubReadingSystem object is provided by the RS, not by the browser?.

Brady Duga: yes, specifically the epubReadingSystem object added by the RS.

Shinya Takami (高見真也): [in Japanese…].
… maybe Thorium uses this object, but Voyager does not support it.

Murata Makoto: Great!.

Brady Duga: okay, good news then? Because there is no objection to deprecating it then.

Matt Garrish: epubcheck doesn’t detect this object right now, so whether or not we deprecate it probably won’t majorly affect the landscape.

Brady Duga: and we’re talking here specifically about deprecating the name and version attributes, yes?.

Matt Garrish: yes.

Brady Duga: are we concerned that newer RS that omit these attributes could be fingerprinted by their absence?.
… i’d be happy to go ahead with deprecation still.

Proposed resolution: Deprecate name and version properties on the epubReadingSystem object. (Brady Duga)

Brady Duga: +1.

Matt Garrish: +1.

Matthew Chan: +1.

Shinya Takami (高見真也): +1.

Toshiaki Koike: +1.

Masakazu Kitahara: +1.

Resolution #1: Deprecate name and version properties on the epubReadingSystem object.

2. Content Signing and Theft.

Brady Duga: not 100% clear what this topic meant. I don’t think we really mean ‘theft’ here, its probably not accurate. Assuming that this is just about content signing, does anyone have comments?.

Shinya Takami (高見真也): at the last Publishing group meeting, the issue was raised that with DRM being imperfect, we may want to think about digital signing to authenticate content.
… the purpose is to generally share ideas before we take this up with other related WG.

Shinya Takami (高見真也): for example: https://iscc.codes.

Brady Duga: i’m interested in content signing for purposes of verifying the publishers, so users can tell provenance of content. I’m wary about addressing the topic of piracy.
… barring any other comments, i’m happy to take this up with the Business Group.

Shinya Takami (高見真也): the link above is a summary of our discussion of this topic 2-3 weeks ago.
… do we think some discussion about this sort of technology belongs in the epub spec?.

Matt Garrish: I think this also came up through npd. #2265 was about an authenticity check.
… probably something we can address longer term, but maybe not in epub 3.3.

See github issue epub-specs#2265.

Brady Duga: right, using signing to determine if the claimed author of epub is actually who they say they are.
… but i don’t think we can resolve anything on this issue at this meeting.

3. AOB?.

Matt Garrish: anyone who has not responded to the use of the epub properties survey, please do so. We don’t want to unnecessarily mark things as under-implemented..
… please get the word out. This needs to be done to get out of CR.

Shinya Takami (高見真也): can you post a URL for this questionnaire?.

Matt Garrish: https://lists.w3.org/Archives/Public/public-epub-wg/2022Jun/0013.html.

Matt Garrish: it was actually circulated via email. I can try to pull something up.
… see link above.

Brady Duga: You can register for TPAC and get early bird pricing now.
… okay thank you everyone, see you all next time!.

Shinya Takami (高見真也): and thank you duga for volunteering to be special guest chair.

4. Resolutions