See also: IRC log
<trackbot> Date: 28 May 2014
<janina> trackbot, start meeting
<trackbot> Meeting: Independent User Interface Task Force Teleconference
<trackbot> Date: 28 May 2014
<christine> Hi. There seems to be an audio issue at my end. I don't think you can hear me. I tried rejoining.
<christine> Christine Runnegar, from PING
<christine> You still can't hear me. I can hear you well.
<christine> I'll try.
<janina> Meeting: IndieUI Task Force Teleconference
<MichaelC> scribe: jasonjgw
<scribe> scribe: jasonjgw
<christine> http://lists.w3.org/Archives/Public/public-privacy/2014AprJun/0009.html
Participants introduce themselves.
Jason notes that he has joined the architecture list of the GPII project and that there is interest in the work of IndieUI on User Context.
Janina: there isn't much news; the calendar is expected to be made public soon.
Janina: this group is chartered for two deliverables. (1) An Events specification to generalize the events that users can generate when interacting with content, to make it easier for authors to create content without concern for the mechanism used (by the user) to provide the input.
(2) User Context module: Web sites can make content more accessible if they know what the user needs. If we communicate users' requirements to the server, then extra work can be done to customize what it delivers for that user. Clearly, this is where privacy concerns emerge, as users are revealing facts about themselves. There are concerns that the data could be used in ways that users haven't expected or contemplated.
James: application of these technologies is not restricted to the needs of users with disabilities. The physical events (a touch gesture for example) are abstracted, e.g., as the action of scrolling the display by a certain amount.
We don't foresee privacy implications of the Events module.
User Context has a large privacy section in the draft. It's partly similar to location preferences in that prompts are used.
Unlike the geolocation API, User Context proposes to provide the Web author with a mechanism to explain why the preferences prompted for are being requested by the application.
There are certain preferences, such as foreground/background colours, that need not be prompted for, but other categories require prompting.
All of this happens on the client side; whether the Web application stores/transfers this information to the server depends on the application itself. There should be advice given to authors as to when and how to do this appropriately.
James summarizes the types of preferences currently supported in the draft.
<jcraig> https://dvcs.w3.org/hg/IndieUI/raw-file/default/src/indie-ui-context.html
Janina notes that the second working draft of Events is about to be published; we are fairly close to the first public working draft of User Context.
<jcraig> https://dvcs.w3.org/hg/IndieUI/raw-file/default/src/indie-ui-context.html#privacy-model
Christine: appreciates the explanation and the mutual interest in privacy. The SPA document is in draft form; it's currently under discussion and the privacy interest group is considering something simpler.
The group has started performing informal privacy reviews of specifications. Principally this relies on approaches from chairs/editors.
James: has posted a link to the privacy section of the spec.
Christine will encourage privacy interest group participants to review this section before the call.
The privacy interest group includes a combination of people with privacy and technical backgrounds.
Christine notes the serious privacy implications of the User Context specification. There is a question of how much guidance should be given to decisions made at the deployment stage. Even where requirements can't be given in the spec, guidance can be given regarding
the deployment stage, including what to do with the data once collected.
Christine notes that the permissions are origin-specific, and it is important to avoid potential for tracking across sites.
James notes that there is a similar domain origin policy to cookies, and there is a question of whether to allow scripts from a different domain to access the preferences.
More stringent restrictions can create deployment difficulties on the server side.
Christine notes that geolocation doesn't give reasons for its requests.
James clarifies that such explanations, if they can be provided by authors, can inform the user's decision as to whether to grant permission.
In response to a question, Janina clarifies that the Events spec involves extracting the action that the user has taken, such that a variety of different inputs (on different devices) can generate the same abstract action.
Christine notes that ambient light and proximity sensing has privacy implications.
James notes that the Events spec recognizes point-of-regard - the equivalent of focus for the user's main modality - mouse, screen reader, eye tracking etc.
This is not in the draft yet.
James notes luminosity in CSS, which is related to User Context.
Christine notes the need to reach a balance between functionality and privacy.
James notes that we have indeed been considering privacy implications carefully, acknowledging Katie's contributions to the discussion in particular.
Katie inquires whether the privacy interest group is typically requiring TLS for HTTP transfers involving privacy-sensitive data.
Christine notes that the privacy interest group champions privacy within the W3C, which is sometimes challenging given the balance between privacy and functionality.
James notes early community reaction to the screen reader settings - screen reader (on/off) and screen reader typing echo (whether letters or words should be echoed as the user types).
There are modern Web applications that employ complex text editing interfaces, the accessibility support for which is provided by creating self-voicing functionality within the application.
In order to do this adequately, the application needs to determine whether a screen reader is active, and whether typing echo is preferred.
this has raised community concern even prior to the publication of the first public working draft.
People within the disability community are wary of settings that would reveal anything about a user's disability.
This is an API feature that could be misused. James notes a lack of precedent for misuse, but it could occur.
There is a legitimate need (in order to provide a better experience in certain complex applications).
Christine acknowledges the importance of concerns regarding sharing personal data and the potential for Web sites to treat users differently based on data they collect.
There are precedents for misusing operating system/user agent identification and geolocation information.
Responding to a question from Katie, James notes the ease of identifying users and the corresponding difficulty of making the user anonymous (in order to reduce the effect of revealing preferences, e.g., screen reader settings).
Janina notes that we will need to enter into these details, but we should consider the general issues first, before discussing specific features of the spec.
It is agreed to continue the discussion in the privacy interest group call tomorrow, and, as required, in future meetings.
Responding to a question from Janina, Michael notes progress on publication of the heartbeat draft.
This is scribe.perl Revision: 1.138 of Date: 2013-04-25 13:59:11 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found Scribe: jasonjgw Inferring ScribeNick: jasonjgw Found Scribe: jasonjgw Inferring ScribeNick: jasonjgw Default Present: Michael_Cooper, kurosawa, jcraig, Janina, Jason_White, Christine_Runnegar, Katie_Haritos-Shea Present: Michael_Cooper kurosawa jcraig Janina Jason_White Christine_Runnegar Katie_Haritos-Shea Found Date: 28 May 2014 Guessing minutes URL: http://www.w3.org/2014/05/28-indie-ui-minutes.html People with action items: WARNING: Possible internal error: join/leave lines remaining: <scribe> Jason notes that he has joined the architecture list of the GPII project and that there is interest in the work of IndieUI on User Context. WARNING: Possible internal error: join/leave lines remaining: <scribe> Jason notes that he has joined the architecture list of the GPII project and that there is interest in the work of IndieUI on User Context. WARNING: Input appears to use implicit continuation lines. You may need the "-implicitContinuations" option.[End of scribe.perl diagnostic output]