IRC log of dnt on 2012-06-22
Timestamps are in UTC.
- 00:00:27 [rigo]
- hwest: misperception: is not about individual profile about a person, but only aggregate result
- 00:00:42 [rigo]
- alex: brought up segregation of data bases
- 00:01:45 [npdoty]
- alex: is there agreement or disagreement about segregation of data?
- 00:01:59 [schunter]
- schunter has joined #dnt
- 00:02:09 [wheeler]
- however, 1st party sites like http://health.yahoo.net will be able to target across their network - so that issue doesn't go away
- 00:02:28 [rigo]
- aleecia: we don't keep separate databases, privacy advocates said ok, unless there is scope creep. Aggregation is a feeling of scope creep
- 00:02:52 [bilcorry]
- bilcorry has joined #dnt
- 00:03:19 [hwest]
- I think we need to reframe this from "use the security data for X" to "use the data collected for the permitted use of A, B, C, and security"
- 00:03:26 [bryan]
- q+
- 00:03:35 [hwest]
- With appropriate technical controls and mechanisms
- 00:03:42 [fielding]
- q+
- 00:04:26 [rigo]
- ... want to understand who can not live with the aggregation out of security data for the lifetime of the security data?
- 00:04:37 [rigo]
- -> clarifications
- 00:04:40 [jmayer]
- +q
- 00:04:47 [fielding]
- ack bryan
- 00:05:10 [rigo]
- ack fielding
- 00:05:15 [bryan]
- q-
- 00:05:31 [rigo]
- fielding: part of aggregate is that you know what you have
- 00:06:13 [rigo]
- rvaneijk: one of the deep packet inspection is that you can do that on life traffic and put things in buckets
- 00:06:45 [jmayer]
- q-
- 00:07:15 [rigo]
- cultural split: mostly european hands up (around 6)
- 00:07:17 [jmayer]
- +q
- 00:09:26 [efelten]
- efelten has left #dnt
- 00:09:33 [rigo]
- jmayer: this is related to the scope creep, no need to remove data, suddenly more collection and more retention
- 00:09:51 [felten]
- felten has joined #dnt
- 00:09:51 [npdoty]
- jmayer: a probable of perverse incentives, you will have much less of a reason to collect less data for security as it's an input to market research
- 00:10:01 [rigo]
- aleecia: business saying, we have data, why shouldn't we use it for aggregation?
- 00:10:31 [npdoty]
- s/a probable/a problem/
- 00:10:37 [erikn]
- ack jmayer
- 00:10:38 [jmayer]
- My argument: allowing aggregate analysis creates perverse incentives for additional collection and retention. We have enough problems as is checking for "reasonable" collection and retention.
- 00:11:05 [jmayer]
- Another problem: concerned there's a slippery slope to weaker protections on this data once more ordinary business purposes are allowed.
- 00:11:26 [npdoty]
- q+
- 00:11:31 [npdoty]
- q+ WileyS
- 00:11:55 [bryan]
- q+
- 00:12:52 [bryan]
- q-
- 00:12:57 [npdoty]
- ack WileyS
- 00:13:00 [rigo]
- Sean: not saying toys are there, let's play.. For purposes of aggregation that is unlinkable
- 00:13:19 [jmayer]
- +q
- 00:13:24 [justin]
- Rigo, they haven't promised anything yet. I imagine Google's privacy policy would say "We keep data for security for 1 years and finacial reporting for 4 years. For data we keep for these two purposes, we also reserve the right to use this data for aggregate reporting purposes."
- 00:13:48 [jmayer]
- I disagree that unlinkable data is out of scope. I don't believe we've agreed to that.
- 00:14:00 [jmayer]
- And, at any rate, the process of making data unlinkable is plainly within scope.
- 00:14:44 [justin]
- q?
- 00:15:27 [rigo]
- aleecia: who can't live with the fact that we cannot use security for aggregation?
- 00:15:31 [WileyS]
- +q
- 00:15:33 [rigo]
- -> clarifications
- 00:15:58 [jmayer]
- To be clear, this discussion of seven-year retention of all sorts of data is a thought experiment. We assuredly do not have consensus that it's allowed.
- 00:16:04 [hwest]
- Are we really saying that you cannot take identifiable data and making it unidentifiable? That just doesn't make sense to me.
- 00:16:34 [justin]
- jmayer, yes, we have not agreed that the data is going to be lying around for seven years always for financial reporting . . .
- 00:16:50 [jmayer]
- justin, "always" -> "ever"
- 00:17:12 [justin]
- jmayer, I would be happy to get there.
- 00:17:58 [ifette]
- q+
- 00:18:03 [meme]
- q+
- 00:19:28 [bryan]
- q+
- 00:19:36 [WileyS]
- jmayer - agree the process of unlinkability is within scope but once there it is out of scope. Thought we had agreement on that perspective (dependant on the definition of course)
- 00:19:47 [jeffwilson]
- q
- 00:20:03 [felten]
- q+ jeffwilson
- 00:20:26 [rigo]
- ack npdoty
- 00:20:33 [jmayer]
- There's agreement that once data is unlinkable, the limits on it are almost entirely relaxed. That's not out of scope, of course. And there's still some disagreement on the definition of "unlinkable."
- 00:20:47 [rigo]
- npdoty: should think about alternatives
- 00:21:37 [rigo]
- ... why I think there is trouble. some believe that we should not collect data others said you just have to be transparent about it and collect
- 00:21:52 [rigo]
- ... what we need to talk about is the alternative
- 00:22:26 [justin]
- ack jmayer
- 00:22:27 [rigo]
- ack jmayer
- 00:22:30 [justin]
- ack WileyS
- 00:22:33 [jmayer]
- q- later
- 00:22:52 [jmayer]
- hwest, Yes, really, for at least three reasons: 1) legal compliance, 2) perverse incentives, and 3) a slippery scope on siloing.
- 00:22:55 [Chapell]
- q?
- 00:22:56 [justin]
- Q+
- 00:22:59 [hwest]
- q+
- 00:23:04 [Chapell]
- q+ adrianba
- 00:23:10 [susanisrael]
- +q
- 00:23:40 [susanisrael]
- would you really have communicated to the user that you are keeping the data only for security purposes
- 00:24:06 [rigo]
- Aleecia: strong opposition against data re-use with purpose transgression
- 00:24:14 [susanisrael]
- -q
- 00:24:17 [robsherman]
- +q
- 00:24:40 [egrant]
- egrant has joined #dnt
- 00:24:52 [jmayer]
- The group agrees: companies MUST NOT violate the FTC Act. Progress!
- 00:25:13 [Chapell]
- JM - ok, that was pretty funny (:
- 00:25:19 [rigo]
- dwainberg: you keep your promises. but people erase their data by agregating them
- 00:25:31 [alex]
- alex has joined #dnt
- 00:26:38 [npdoty]
- ack ifette
- 00:26:47 [hwest]
- q-
- 00:26:59 [rigo]
- ifette: aggregate data has separate promises. Minimum period of aggregation. Wanted to circumvent that problem of maximum period for aggregation
- 00:27:04 [rigo]
- ack meme
- 00:28:00 [npdoty]
- ifette: we could instead have the debate over how long you can keep data for aggregate reporting/market research purposes, not sure we want to have that separate debate which might be just as tricky
- 00:28:17 [rigo]
- meme: if we want to come out on which devices were there 7 years ago.
- 00:28:22 [fwagner]
- q+
- 00:28:25 [npdoty]
- ack bryan
- 00:28:32 [rigo]
- ... too much angst on what we try to aggregate
- 00:28:55 [rigo]
- bryan: if access to security team, only those
- 00:29:04 [npdoty]
- q- jeffwilson
- 00:29:04 [rigo]
- ack jeffwilson
- 00:29:10 [rigo]
- acj jmayer
- 00:29:14 [npdoty]
- ack jmayer
- 00:29:20 [bryan]
- q-
- 00:29:32 [rigo]
- ack justin
- 00:29:33 [npdoty]
- ack justin
- 00:29:35 [justin]
- q-
- 00:29:48 [rigo]
- ack adrianba
- 00:30:48 [rigo]
- adrianba, agree with ifette, am I right that people will keep raw data for some period of time, should there be a specified period of time
- 00:31:20 [erikn]
- +q
- 00:31:37 [WileyS]
- q?
- 00:31:37 [rigo]
- ... if we have to keep for some period of time. Why not keep that data for that aggregation
- 00:32:01 [rigo]
- ifette: you get x years for these uses and y for aggregate
- 00:32:26 [erikn]
- -q
- 00:32:27 [npdoty]
- ack robsherman
- 00:32:32 [rigo]
- ack fwagner
- 00:32:37 [npdoty]
- ack fwagner
- 00:33:00 [justin]
- q+
- 00:33:09 [npdoty]
- adrianba: just collect data for a different period of time for aggregate reporting, and debate and justify that amount of time the same way that we do for all other permitted uses
- 00:33:40 [rigo]
- if we collect data for a certain period for a defined purpose, at the end you aggregate. You can use that aggregate data.
- 00:34:12 [fielding]
- q+
- 00:34:23 [ifette]
- Frank, I'm not sure I understand what you're saying. I think what I just heard is that you can keep security data for 7 years. At the end of 7 years, I can dump it, or only keep it in an unlinkable form. That sounds like "At the end of 7 years you're allowed to aggregate the data." But I couldn't aggregate it at year 6?
- 00:35:14 [npdoty]
- Zakim, queue =
- 00:35:14 [Zakim]
- I don't understand 'queue =', npdoty
- 00:35:17 [npdoty]
- Zakim, clear queue
- 00:35:17 [Zakim]
- I don't understand 'clear queue', npdoty
- 00:35:29 [npdoty]
- q- justin
- 00:35:32 [npdoty]
- q- fielding
- 00:36:03 [rigo]
- Aleecia: consensus of the group: It is ok to have one copy of the data
- 00:36:06 [npdoty]
- I am hearing that it is okay to have one copy of the data, not multiple copies for different permitted uses
- 00:36:15 [npdoty]
- can have access controls for siloing data
- 00:36:16 [rigo]
- ... it is ok ot have controls on that like Access control
- 00:36:29 [randomwalker]
- randomwalker has joined #dnt
- 00:36:46 [rigo]
- ... it is not ok to have 4 permitted uses and use the data for aggregation for the longest retention time
- 00:36:47 [npdoty]
- it is not okay to have aggregate reporting automatically/iimplicitly being the maximum of data timeframes for other permitted uses
- 00:36:52 [justin]
- Rigo, if the privacy policy says "We keep data for security for 1 years and finacial reporting for 4 years. For data we keep for these two purposes, we also reserve the right to use this data for aggregate reporting purposes." does that address your concerns?
- 00:37:38 [rigo]
- justin: In fact you say: We keep data for 4 years and make analysis
- 00:38:12 [justin]
- rigo, Fine, but that would be OK with you?
- 00:39:21 [fielding]
- I clarified that the restrictions only apply to those records marked as DNT:1, meaning that aggregate reports can be created if they are only sourcing the non-DNT records.
- 00:39:47 [rigo]
- Aleecia: time period discussion for aggregation
- 00:40:16 [rigo]
- .... take the approaches of the groups and integrate into the document and then have a discussion on the wording
- 00:41:09 [rigo]
- no new items except for really new facts
- 00:41:13 [jmayer]
- Is the consensus accurately captured?
- 00:42:02 [jmayer]
- Want to make sure this is down: we agree that siloing will not require more than one copy of data. ACLs can be sufficient.
- 00:42:16 [rigo]
- ifette: once the time is up (one copy) you cannot keep that data in linkable form. After that time period must be unlinkable and we need to define that unlinkability
- 00:42:27 [jmayer]
- +q
- 00:42:31 [rigo]
- tlr: erase identifier from data base?
- 00:42:46 [rigo]
- ifette: or other measures
- 00:43:19 [rigo]
- jmayer: notion to get rid of data may be different from making unlinkable because of the incentives that it creates
- 00:43:43 [rigo]
- aleecia: what would mean 'get rid off" for you?
- 00:43:45 [npdoty]
- ack jmayer
- 00:43:58 [rigo]
- jmayer: do not have a copy of that anymore
- 00:44:13 [jmayer]
- Proposal: be reasonably certain you don't have a copy of the data.
- 00:44:31 [rigo]
- WileyS: aggregation is one way to get there?
- 00:44:41 [jmayer]
- What Ian and Shane propose bleeds disposal into unlinkability and re-use—which the group clearly doesn't have agreement on.
- 00:44:45 [rigo]
- q?
- 00:44:50 [ifette]
- q+
- 00:45:10 [rigo]
- tlr: trying to understand whether there is a difference between postion.
- 00:46:04 [rigo]
- ... throw away all identifiers, could jmayer agree there? Or even throughing even the unidentifiable data away?
- 00:46:16 [ifette]
- Proposal: "Once the time period for retention for all permitted uses has passed, you may only retain a subset of the data, or a transformation of the data, that meets the group's definition of 'unlinkable data'.
- 00:47:12 [jmayer]
- +q
- 00:49:02 [ifette]
- I.e. as part of dumping my security data, I can create an aggregate "last 7 years of security data" but not a "here's the growth of tablets over the last 7 years" report
- 00:49:07 [rigo]
- ack ifette
- 00:49:10 [npdoty]
- 'That unlinkable data must only be used for the permitted use for which it was retained.'
- 00:49:43 [ifette]
- and by last 7 years of security data I mean "last 7 years of security threats etc"
- 00:50:04 [dwainberg]
- ... Unless you had previously disclosed that you would be aggregating for other uses at 7 years. Right?
- 00:50:27 [vinay]
- Question -- what if the stated retention period for aggregate reporting is for 7 years?
- 00:50:46 [rigo]
- q?
- 00:51:32 [WileyS]
- +q
- 00:51:39 [rigo]
- ack jmayer
- 00:51:43 [WileyS]
- -q
- 00:53:49 [rvaneijk]
- q+
- 00:53:57 [rigo]
- ack rvaneijk
- 00:54:09 [rvaneijk]
- q-
- 00:54:23 [rigo]
- Aleecia: Victory!
- 00:54:44 [jmayer]
- My understanding: We haven't agreed what you can collect. We haven't agreed how long you can retain it. We haven't agreed how you can use it. But if there's something you're allowed to collect/retain/use for some particular purpose, at the end of the allowed retention period, you can make an unlinkable dataset for the particular purpose.
- 00:55:14 [rvaneijk]
- we havn't agreed that aggregate reporting is an excepted use
- 00:55:59 [npdoty]
- aleecia: feeling much better after today than yesterday
- 00:56:06 [npdoty]
- ... thank you for staying engaged, this is a lot of work
- 00:56:19 [justin]
- rvaneijk, agreed. I was arguing for treating it as a quasi-excepted use, but I hear that that has not been approved by the group.
- 00:56:20 [npdoty]
- McCormick & Schmick's Seafood & Steaks
- 00:56:20 [sidstamm]
- sidstamm has left #dnt
- 00:56:40 [rigo]
- Resolution: Aggregation can be done for the purpose within the period of retention for that purpose
- 00:57:08 [rigo]
- In the lincoln building: McCormick & Smith
- 00:57:11 [rvaneijk]
- rigo: NO, need discussion on that
- 01:32:43 [ifette]
- ifette has joined #dnt
- 02:17:20 [tedleung]
- tedleung has joined #dnt
- 03:06:23 [tedleung]
- tedleung has joined #dnt
- 03:39:01 [asoltani]
-
- 03:48:39 [Zakim]
- Zakim has left #dnt
- 04:28:22 [tl]
- tl has joined #dnt
- 05:18:23 [dwainberg]
- dwainberg has joined #dnt
- 05:18:58 [dwainber_]
- dwainber_ has joined #dnt
- 05:29:12 [hwest]
- hwest has joined #dnt
- 05:45:58 [fielding]
- fielding has joined #dnt
- 05:51:16 [dwainberg]
- dwainberg has joined #dnt
- 06:04:57 [fwagner]
- fwagner has joined #dnt
- 06:09:56 [schunter]
- schunter has joined #dnt
- 06:39:49 [dwainberg]
- dwainberg has joined #dnt
- 06:45:23 [fielding_]
- fielding_ has joined #dnt
- 07:07:25 [fielding_]
- fielding_ has joined #dnt
- 07:13:58 [fielding_]
- fielding_ has joined #dnt
- 07:16:20 [fielding__]
- fielding__ has joined #dnt
- 07:37:08 [fielding__]
- fielding__ has joined #dnt
- 07:47:33 [fielding_]
- fielding_ has joined #dnt
- 08:51:07 [mischat]
- mischat has joined #dnt
- 10:18:36 [mischat_]
- mischat_ has joined #dnt
- 11:15:44 [felten]
- felten has joined #dnt
- 12:05:38 [tlr]
- tlr has joined #dnt
- 12:18:33 [fwagner]
- fwagner has joined #dnt
- 12:22:57 [mischat]
- mischat has joined #dnt
- 12:56:31 [fwagner]
- fwagner has joined #dnt
- 13:04:20 [schunter]
- schunter has joined #dnt
- 13:05:35 [mischat]
- mischat has joined #dnt
- 13:05:44 [mischat]
- mischat has joined #dnt
- 13:28:46 [fwagner]
- fwagner has joined #dnt
- 13:51:34 [fwagner]
- fwagner has joined #dnt
- 13:54:56 [dwainberg]
- dwainberg has joined #dnt
- 13:59:53 [tedleung]
- tedleung has joined #dnt
- 14:28:45 [fwagner]
- fwagner has joined #dnt
- 14:40:35 [alev]
- alev has joined #dnt
- 14:54:27 [CraigSpiezle]
- CraigSpiezle has joined #dnt
- 14:55:38 [tlr]
- tlr has joined #dnt
- 15:19:19 [fielding]
- fielding has joined #dnt
- 15:23:20 [felten]
- felten has joined #dnt
- 15:23:33 [fwagner]
- fwagner has joined #dnt
- 15:23:43 [hwest]
- hwest has joined #dnt
- 15:23:45 [tedleung]
- tedleung has joined #dnt
- 15:37:27 [Chris_IAB]
- Chris_IAB has joined #dnt
- 15:43:33 [vincent]
- vincent has joined #dnt
- 15:44:58 [sidstamm]
- sidstamm has joined #dnt
- 15:54:20 [ifette]
- ifette has joined #dnt
- 15:54:28 [Ionel]
- Ionel has joined #dnt
- 15:54:40 [Chapell]
- Chapell has joined #DNT
- 15:58:05 [dwainberg]
- dwainberg has joined #dnt
- 15:59:39 [James]
- James has joined #dnt
- 16:01:05 [tl]
- tl has joined #dnt
- 16:01:31 [jeffwilson]
- jeffwilson has joined #dnt
- 16:02:36 [adrianba]
- adrianba has joined #dnt
- 16:02:43 [Joanne]
- Joanne has joined #DNT
- 16:03:11 [npdoty]
- npdoty has joined #dnt
- 16:03:22 [npdoty]
- rrsagent, pointer?
- 16:03:22 [RRSAgent]
- See http://www.w3.org/2012/06/22-dnt-irc#T16-03-22
- 16:03:29 [npdoty]
- scribenick: npdoty
- 16:03:36 [npdoty]
- schunter: today the topic will change, a lot
- 16:03:43 [bryan]
- bryan has joined #dnt
- 16:03:47 [npdoty]
- ... look at protocol messages between the browser and the server
- 16:03:56 [npdoty]
- ... TPE doc, edited by fielding and dsinger
- 16:04:07 [npdoty]
- ... since everyone has read and memorized the spec, we can jump right into it ;)
- 16:04:09 [aleecia]
- aleecia has joined #dnt
- 16:04:23 [felten]
- felten has joined #dnt
- 16:04:32 [bryan]
- present+ Bryan_Sullivan
- 16:04:39 [npdoty]
- ... quick intro / tutorial, clarifying questions only please
- 16:04:50 [amyc]
- amyc has joined #dnt
- 16:05:21 [npdoty]
- ... look at the spec, unresolved issues, and a few areas to discuss (user-granted exception, server responses, non-compliant UAs)
- 16:05:47 [aleecia]
- (Nick, thank you. We'll make sure we get scribes for the rest of the day)
- 16:06:07 [npdoty]
- Topic: TPE Overview
- 16:06:19 [npdoty]
- http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html
- 16:06:22 [suegl]
- suegl has joined #dnt
- 16:06:30 [npdoty]
- What is the Tracking Preference Expression about?
- 16:06:31 [robsherman]
- robsherman has joined #dnt
- 16:06:54 [npdoty]
- 1. Communicating a user preference (request headers) -- largely stable
- 16:06:57 [aleecia]
- q?
- 16:07:02 [Zakim]
- Zakim has joined #dnt
- 16:07:05 [npdoty]
- q?
- 16:07:26 [npdoty]
- 2. Communicating a tracking status (response header and URI) -- stable idea, details have been drafted
- 16:07:43 [npdoty]
- 3. User-Granted Exceptions (JS API + out-of-band mechanisms)
- 16:08:27 [npdoty]
- schunter: at this point, we still agree -- today a day of agreement
- 16:09:04 [npdoty]
- ... unset by default (no headers sent at all), as an initial state
- 16:09:31 [npdoty]
- ... user can switch DNT to 1 or 0, on or off
- 16:09:57 [npdoty]
- ... changing the state represents the preference of the user
- 16:10:12 [npdoty]
- ... interacted with the user and confident of their preference, can change the state and reflect it in the headers
- 16:10:16 [RobGratchner]
- RobGratchner has joined #dnt
- 16:10:29 [npdoty]
- ... a general purpose tool shouldn't be shipped with a fixed [?] preference
- 16:10:52 [npdoty]
- ... for a site, it's important that when a site receives the signal, it's an expression of the user rather than an intermediary
- 16:11:11 [npdoty]
- ... at the user's discretion, can change between these three states?
- 16:11:19 [egrant]
- egrant has joined #dnt
- 16:11:46 [npdoty]
- craig: you said "general purpose tool", can you clarify distinction from a privacy-specific tool?
- 16:11:53 [WileyS]
- WileyS has joined #DNT
- 16:11:57 [bryan]
- q+
- 16:12:05 [justin_]
- justin_ has joined #dnt
- 16:12:08 [aleecia]
- q?
- 16:12:24 [rigo]
- rigo has joined #dnt
- 16:12:38 [npdoty]
- schunter: we don't say how the user preference is collected. but for a tool that just turns on Do Not Track, just installing it can turn on DNT:1
- 16:13:05 [rigo]
- q?
- 16:13:06 [npdoty]
- ... some gray areas, like an anti-virus tool, is that primarily a privacy tool? I would say no
- 16:13:08 [rigo]
- q+
- 16:13:10 [aleecia]
- ack bryan
- 16:13:10 [Brooks]
- Brooks has joined #dnt
- 16:13:37 [aleecia]
- ack rigo
- 16:13:38 [npdoty]
- aleecia: exact language here may change in the Compliance spec, but schunter has captured the idea
- 16:13:49 [npdoty]
- byran: the user also has the option to switch back to unset, right? -- yes.
- 16:14:11 [CraigSpiezle]
- CraigSpiezle has joined #dnt
- 16:14:12 [JC]
- JC has joined #DNT
- 16:14:22 [vinay]
- vinay has joined #dnt
- 16:14:23 [npdoty]
- rigo: rather than "on" and "off" (DNT:0 being explicit means something other than just "off")
- 16:14:25 [aleecia]
- Suggest Roy/David change from "on" "off" in the spec to "1 is set" or "0 is set"
- 16:14:28 [vinay]
- q+ roy
- 16:14:33 [npdoty]
- felten: just call them "1" and "0"
- 16:14:45 [aleecia]
- Suggest Heather/Justin/Sean do a pass through as well
- 16:14:58 [npdoty]
- schunter: I agree, shouldn't just use "off"
- 16:15:29 [npdoty]
- schunter: we consider all the inputs and then make a decision
- 16:15:38 [aleecia]
- We will write nice letters to reply to the comments
- 16:15:44 [fielding]
- fielding has joined #dnt
- 16:15:44 [npdoty]
- ... these inputs are very valuable (including letters from governmental actors) but may or may not change the spec
- 16:15:45 [aleecia]
- And thank them for their interest
- 16:15:47 [rvaneijk]
- rvaneijk has joined #dnt
- 16:16:06 [fielding]
- action item on fielding to change text around DNT on/off
- 16:16:06 [trackbot]
- Sorry, couldn't find user - item
- 16:16:15 [npdoty]
- schunter: the compromise was, rather than 1 or 0, to ship with no setting by default
- 16:16:30 [fielding]
- action on fielding to change text around DNT on/off
- 16:16:30 [trackbot]
- Sorry, couldn't find user - on
- 16:16:32 [npdoty]
- action: fielding to change text around DNT "on"/"off"/
- 16:16:32 [trackbot]
- Created ACTION-217 - Change text around DNT "on"/"off"/ [on Roy Fielding - due 2012-06-29].
- 16:16:33 [rvaneijk]
- rvaneijk has joined #dnt
- 16:16:42 [aleecia]
- Open issue on language there in compliance spec
- 16:16:50 [aleecia]
- We'll work it through.
- 16:17:02 [npdoty]
- Chris_IAB: depends what you mean by "confident" when determining the user's preference with confidence
- 16:17:11 [BerinSzoka]
- BerinSzoka has joined #DNT
- 16:17:14 [aleecia]
- That had been on the agenda for Tuesday, but we didn't get through half the things I hoped to take on.
- 16:17:24 [aleecia]
- q?
- 16:17:25 [npdoty]
- schunter: has to be an expression of preference by a user, rather than a tool provider
- 16:17:38 [npdoty]
- Chris_IAB: in that case, need to define "explicit"
- 16:17:46 [CraigSpiezle]
- user interation, but also respect an orgnization (company, govt agency) who may set it 1 or 2 by default
- 16:17:49 [fielding]
- q-
- 16:17:51 [CraigSpiezle]
- q
- 16:17:53 [npdoty]
- q- roy
- 16:18:02 [erikn]
- erikn has joined #dnt
- 16:18:24 [meme]
- meme has joined #dnt
- 16:18:26 [jmayer]
- jmayer has joined #dnt
- 16:18:28 [jmayer]
- +q
- 16:18:38 [npdoty]
- jchester: you're not suggesting that the spec would punish a browser vendor that wanted to develop a tool with privacy-by-design
- 16:18:40 [CraigSpiezle]
- q+
- 16:18:45 [jmayer]
- -q
- 16:18:46 [johnsimpson]
- johnsimpson has joined #dnt
- 16:19:01 [npdoty]
- ack CraigSpiezle
- 16:19:05 [johnsimpson]
- q?
- 16:19:08 [Marc]
- Marc has joined #dnt
- 16:19:21 [npdoty]
- CraigSpiezle: there are situations where companies or government agencies might configure settings for their employees
- 16:19:42 [npdoty]
- tl: should read into the spec on that
- 16:19:46 [rigo]
- q?
- 16:20:21 [npdoty]
- <returning to the overview>
- 16:20:33 [npdoty]
- schunter: site responses
- 16:21:04 [npdoty]
- ... to what extent and how does it honor DNT:1, or it can request an exception
- 16:21:14 [npdoty]
- ... double arrow because it might be some kind of negotiation, multiple messages
- 16:21:21 [npdoty]
- ... some other information, we'll look at the fields later in more detail
- 16:21:24 [vinay_]
- vinay_ has joined #dnt
- 16:21:52 [npdoty]
- amyc: interaction between response header and well-known URI -- we'll discuss later.
- 16:22:25 [aleecia]
- For new(er) folks, the spec we are discussing right now is fairly well baked. I strongly suggest reading it. If things don't make sense to you, please speak up: it needs to be readable by many types of people.
- 16:22:39 [npdoty]
- schunter: a site might also want to ask for an exception
- 16:22:50 [npdoty]
- ... have a JavaScript API including:
- 16:23:00 [npdoty]
- ... Web-wide, like a social networking widget
- 16:23:20 [npdoty]
- ... site-wide, all resources on this site should have an exception
- 16:23:42 [npdoty]
- ... explicit, site can specify which domains to request an exception
- 16:24:10 [npdoty]
- ... some discussion on the "explicit" piece, concern that with hundreds of parties it wouldn't be meaningful to a user
- 16:24:23 [aleecia]
- If you are an observer, haven't had time to read the spec, and have a question, you might find it productive to put it in IRC. Someone can answer you here without derailing the rest of the discussion -- or tell you we do not yet have an answer and we should discuss more
- 16:24:30 [aleecia]
- q?
- 16:24:34 [tl]
- +q
- 16:24:52 [npdoty]
- @@: we're not envisioning that a third-party can call the API itself, are we?
- 16:25:14 [npdoty]
- schunter: any resource could make this request as is.
- 16:25:29 [Chapell]
- q+
- 16:25:30 [aleecia]
- q?
- 16:25:35 [npdoty]
- @@: I have a problem with that, our members don't want lots of pop-ups to appear on their site
- 16:27:09 [npdoty]
- ack tl
- 16:27:15 [npdoty]
- ack Chapell
- 16:27:28 [npdoty]
- tl: can do it, but it wouldn't be a good idea
- 16:27:32 [vincent]
- s/@@/ChrisPedigo/
- 16:27:47 [npdoty]
- Chapell: third party companies would just be shut down, publishers would stop it within an hour, or certainly that day
- 16:27:59 [aleecia]
- q?
- 16:28:05 [alex]
- alex has joined #dnt
- 16:28:52 [npdoty]
- npd: I thought we had an agreement that we would prohibit 3rd-parties calling the API, even though they could via JS
- 16:29:08 [ChrisPedigoOPA]
- ChrisPedigoOPA has joined #dnt
- 16:29:13 [npdoty]
- schunter: volunteers to scribe, to replace nick?
- 16:29:21 [aleecia]
- thank you, Alan
- 16:29:22 [rigo]
- zakim, pick a victim?
- 16:29:22 [Zakim]
- I don't understand your question, rigo.
- 16:29:27 [npdoty]
- scribenick: Chapell
- 16:29:29 [rigo]
- zakim, pick a victim
- 16:29:29 [Zakim]
- sorry, rigo, I don't know what conference this is
- 16:29:35 [aleecia]
- zakim, this is dnt
- 16:29:35 [Zakim]
- sorry, aleecia, I do not see a conference named 'dnt' in progress or scheduled at this time
- 16:29:47 [tlr]
- tlr has joined #dnt
- 16:29:57 [aleecia]
- zakim doesn't know us
- 16:29:59 [npdoty]
- "I'm a rarity in this group that I only speak when I have something to say" —unattributed
- 16:30:04 [wheeler]
- wheeler has joined #dnt
- 16:30:32 [aleecia]
- Nick, how do we tell Zakim we are dnt?
- 16:30:34 [Chapell]
- placing diagrams into the spec can be helpful
- 16:30:46 [aleecia]
- and that Alan is scribing?
- 16:30:46 [Chapell]
- looking for input from group(?)
- 16:30:55 [npdoty]
- scribenick: Chapell
- 16:31:08 [Chapell]
- issue 112 - site specific exceptions
- 16:31:12 [npdoty]
- issue-112?
- 16:31:12 [trackbot]
- ISSUE-112 -- How are sub-domains handled for site-specific exceptions? -- open
- 16:31:12 [trackbot]
- http://www.w3.org/2011/tracking-protection/track/issues/112
- 16:31:26 [Chapell]
- need volunteers for proposals
- 16:32:01 [Chapell]
- nick volunteers for issue 112 proposal
- 16:32:18 [tl]
- +q
- 16:32:22 [ifette]
- q+
- 16:32:36 [jmayer]
- +q
- 16:32:40 [Chapell]
- roy: right now sub-domains are not included in the exception. and they should be included (if we have exceptions at all)
- 16:32:43 [aleecia]
- ack tl
- 16:33:02 [aleecia]
- ack ifette
- 16:33:18 [Chapell]
- Ian: we all have other subdomains mail.google.com
- 16:33:43 [Chapell]
- IAn: ICANN complicates things --
- 16:33:49 [aleecia]
- ack jmayer
- 16:33:59 [Chapell]
- Ian: full origin domains
- 16:34:15 [ifette]
- s/full origin domains/fully qualified domain names/
- 16:34:20 [fwagner]
- q?
- 16:34:24 [npdoty]
- ifette: I prefer we use origin (that is scheme, host, port)
- 16:34:42 [hober]
- hober: alternative to using origin is to reply on the public suffix list ( http://publicsuffix.org )
- 16:34:45 [CraigSpiezle]
- concern on abuse on 3P exceptiions and how it could be both abused and create conflict with publishers. Perhaps the spec state that 3P Must not not ask for exceptions, without the approval of the 1P site.
- 16:35:03 [Chapell]
- TLR: concern about over engineering this piece
- 16:35:09 [aleecia]
- q?
- 16:35:15 [adrianba]
- q+
- 16:35:16 [npdoty]
- tlr: safest and simplest granularity is do this by origin
- 16:35:23 [susanisrael]
- susanisrael has joined #dnt
- 16:35:29 [Chapell]
- TLR: keep it simple, stick to concepts that work elsewhere and stick with origns
- 16:35:52 [aleecia]
- ack adrianba
- 16:36:01 [npdoty]
- lots of people like origins?
- 16:36:02 [Chapell]
- Adrianba: Agrees with Ian and TL: start simple and enhance as needed in the future
- 16:36:03 [hober]
- s/reply/rely/
- 16:36:24 [Chapell]
- Nick will create proposal around origins
- 16:36:35 [aleecia]
- issue-116?
- 16:36:35 [trackbot]
- ISSUE-116 -- How can we build a JS DOM property which doesn't allow inline JS to receive mixed signals? -- pending review
- 16:36:35 [trackbot]
- http://www.w3.org/2011/tracking-protection/track/issues/116
- 16:36:38 [npdoty]
- action: doty to write up proposal on issue-112 that we do exceptions based on origin
- 16:36:38 [trackbot]
- Created ACTION-218 - Write up proposal on issue-112 that we do exceptions based on origin [on Nick Doty - due 2012-06-29].
- 16:37:06 [aleecia]
- q?
- 16:37:12 [npdoty]
- issue-116, action-180, my proposal: http://lists.w3.org/Archives/Public/public-tracking/2012May/0313.html
- 16:37:15 [jmayer]
- My suggestion was the cookie approach that allows for optionally including subdomains (e.g. google.com vs. .google.com).
- 16:37:45 [fielding]
- I am not aware of any outstanding text to be added -- perhaps David Singer is handling he JS API text
- 16:38:05 [fielding]
- s/ he / the /
- 16:38:38 [npdoty]
- q?
- 16:38:57 [tl]
- +q
- 16:39:11 [Chapell]
- Brooks: re: 144 hard to discuss what a user agent should do unless we define what a User agent is
- 16:39:11 [WileyS]
- +q
- 16:39:32 [WileyS]
- 143 is missing - we decided it should be placed on the list
- 16:39:34 [hober]
- ack tl
- 16:39:37 [npdoty]
- Brooks, is there anything particular in issue-144 that would behave differently for a different definition of UA?
- 16:40:04 [Chapell]
- LT: User agent was defined on day 2 - if we want to revisit, we should (but only if the current definition is breaking things)
- 16:40:11 [hober]
- Our current definition of UA is http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#terminology
- 16:40:30 [rigo]
- q?
- 16:40:39 [Chapell]
- Aleecia: there are many things that are not UA that do change settings - which may impact the definition and rule set
- 16:40:55 [felten]
- Doesn't that definition come directly from the HTTP standard?
- 16:41:06 [aleecia]
- Yes, yes it does
- 16:41:13 [aleecia]
- q?
- 16:41:26 [aleecia]
- ack WileyS
- 16:41:28 [npdoty]
- q+ fielding
- 16:42:01 [Chapell]
- Shane: Missing Issue 143 -- we had agreed to adress in TPE (re: whomever sets DNT 1 flag identifies in the header request)
- 16:42:19 [rigo]
- q+
- 16:42:26 [ifette_]
- ifette_ has joined #dnt
- 16:42:28 [hober]
- ISSUE-143?
- 16:42:28 [trackbot]
- ISSUE-143 -- Activating a Tracking Preference must require explicit, informed consent from a user -- raised
- 16:42:28 [trackbot]
- http://www.w3.org/2011/tracking-protection/track/issues/143
- 16:42:33 [aleecia]
- ack fielding
- 16:42:56 [Chapell]
- Roy: current definition might be insufficient -- its not a UA issue, its an add on issue (issue 143)
- 16:43:06 [aleecia]
- q?
- 16:43:12 [aleecia]
- ack rigo
- 16:43:24 [Brooks]
- avg is not a plugin and can't be a UA
- 16:43:31 [aleecia]
- this is the issue I want to discuss before 143
- 16:43:41 [dwainberg]
- q+
- 16:43:43 [aleecia]
- I think it will simplify a few things to talk about that first
- 16:43:54 [felten]
- Brooks, why do you say AVG does not use an add-on?
- 16:44:01 [Chapell]
- Rigo: if we want DNT to be a US tool as well as a worldwide tool, it must be able to handle exceptions as a consent mechanism
- 16:44:31 [npdoty]
- fielding, do we have a separate issue around extensions/add-ons?
- 16:44:53 [fielding]
- npdoty, it is the AVG issue IIRC
- 16:45:01 [Brooks]
- let me rephrase... it doesn't have to. There are many ways (notepad included) of changing a FF config file to enable DNT that wouldn't meet the definition of UA
- 16:45:13 [Chapell]
- Mattias: currently, anyone may request an exception for anyone else
- 16:45:17 [aleecia]
- q?
- 16:45:22 [aleecia]
- ack dwainberg
- 16:45:25 [npdoty]
- rigo is talking about issue-151
- 16:45:34 [Chapell]
- Mattias - the marketplace will sort this issue out (Re: 151)
- 16:45:45 [hober]
- ISSUE-151?
- 16:45:45 [trackbot]
- ISSUE-151 -- User Agent Requirement: Be able to handle an exception request -- raised
- 16:45:45 [trackbot]
- http://www.w3.org/2011/tracking-protection/track/issues/151
- 16:45:53 [aleecia]
- Brooks, Rigo made an interesting suggestion in issue-151, which was that we limit UAs to only those that can accept exceptions
- 16:45:55 [npdoty]
- fielding, I see 153 that we recently raised, but don't know which issue is the "AVG issue"
- 16:46:19 [fielding]
- yes, 153 is the new (more specific issue)
- 16:46:33 [rigo]
- you can fix the AVG issue with resolving issue-151
- 16:46:34 [Chapell]
- Mattias: 3 step structure
- 16:46:35 [aleecia]
- That would change the Notepad issue iff we talk through Rigo's proposal and adopt it
- 16:46:50 [fielding]
- I was thinking of 149
- 16:46:55 [npdoty]
- rigo, depending on how we resolve 151
- 16:47:03 [aleecia]
- We should talk through that and see where we are before we get much further along in other issues
- 16:47:14 [aleecia]
- (again, one of the things that I thought we'd get to on Tuesday)
- 16:47:15 [Brooks]
- So if we take Rigo's change what limitiations does this place on non-UAs? none?
- 16:47:17 [Chapell]
- Mattias: 1. Well known URL (WKL), 2. [maybe] + header, and 3. [Maybe] + further informaiton
- 16:47:17 [tl]
- +q
- 16:47:49 [rigo]
- if the AVG plugin integrates well in a browser that is able to handle the exception mechanism, fine. If the only thing it can do is sending DNT:1 then not fine
- 16:48:04 [aleecia]
- ack tl
- 16:48:41 [aleecia]
- Note that we have not talked this through. We may or may not adopt Rigo's proposal. But we should know which way we're going before we open up the rest, since it changes the discussion quite a bit (potentially)
- 16:48:43 [Chapell]
- TL: User agent must hit the well known URI requesting a site - if response includes no header, you are done
- 16:48:46 [npdoty]
- rigo, I don't think we should add such a requirement, although I expect most users to have user agents with exception-handling mechanisms
- 16:49:00 [aleecia]
- we'll talk it through
- 16:49:10 [tl]
- Not quite what I said.
- 16:49:23 [Chapell]
- TL: can you rephrase?
- 16:49:29 [aleecia]
- we have two choices, no doubt there will be at least three opinions :-)
- 16:49:38 [Brooks]
- very good. glad you see the potential scope of the complication
- 16:50:01 [tl]
- tl: there are required fields, and the UA would only know that they are missing after going through all three steps (if applicable).
- 16:50:34 [vincent]
- npdoty, I think a way to handle exception might be to refuse (or accept ) them systematically
- 16:50:42 [aleecia]
- q?
- 16:50:50 [vincent]
- in such case that might be a very lightweight requriement
- 16:50:56 [Chapell]
- Roy: these requests are only made by a client looking to know about tracking status - many clients will not need to go through these steps
- 16:51:19 [Chapell]
- Group agrees
- 16:51:31 [rigo]
- npdoty: :) it would be more enlightening, if you could tell why such a requirement would be harmful. Harmful to what and harmful to whom?
- 16:51:49 [aleecia]
- we'll talk it through
- 16:51:58 [aleecia]
- we're not going to figure it out in IRC right now
- 16:52:35 [aleecia]
- what I was aiming for was to explain the order of issues we'll be talking about
- 16:52:46 [npdoty]
- q+ to ask whether all servers can always determine the status via URI
- 16:53:32 [aleecia]
- ack npdoty
- 16:53:32 [Zakim]
- npdoty, you wanted to ask whether all servers can always determine the status via URI
- 16:53:36 [Chapell]
- Mattias: need to discuss what happens when you get the request via all three mechanism?
- 16:54:05 [tl]
- +q
- 16:54:29 [ssilberman]
- ssilberman has joined #dnt
- 16:54:41 [jeffwilson]
- q
- 16:54:53 [djm]
- djm has joined #dnt
- 16:54:54 [Chapell]
- Mattias: Roy says Posting all info on the well known URL solves this issue. Ian may disagree
- 16:54:55 [aleecia]
- ack tl
- 16:55:07 [aleecia]
- jeff, you may want q+ or q?
- 16:55:26 [Chapell]
- TL: Need to add a component to the root well known URL
- 16:55:28 [rigo]
- q?
- 16:55:43 [jeffwilson]
- q?
- 16:55:46 [amyc]
- q+
- 16:55:47 [felten]
- You can add yourself to the queue by saying q+
- 16:55:52 [jeffwilson]
- q+
- 16:56:19 [Chapell]
- Roy: There is already a way to indicate that there is no need for further headers
- 16:56:26 [KevinT]
- KevinT has joined #dnt
- 16:56:50 [npdoty]
- just to clarify, do we need to explicitly say that the "more information" header overrides the root URI status?
- 16:57:32 [Chapell]
- disagreement between Roy and TL on approach
- 16:58:30 [Chapell]
- JeffW: What is the user agent to rely upon?
- 16:58:40 [Chapell]
- TL: The most recent message they receive
- 16:59:08 [npdoty]
- tl: have we eliminated the path-based URIs? fielding: yes. tl: done.
- 17:00:19 [aleecia]
- best summary yet
- 17:00:28 [Chapell]
- MATTIAS: keep it simple: the only thing that needs to be communicated is- I'm a "XXX" party and I comply with the spec
- 17:00:39 [npdoty]
- fielding, are we sure that path-based URIs are gone? "A user agent may check the tracking status for a given resource URI by making a retrieval request for the well-known address /.well-known/dnt relative to that URI."
- 17:01:48 [Chapell]
- Amy: For those who might be a first party or third party, can they simply say "if i'm a first party, I'll do XX and if I'm a 3rd party, I'll do YYY?
- 17:02:29 [fielding]
- npdoty, that is relateive to the real request URI
- 17:02:57 [fielding]
- i.e, same domain for absolute path
- 17:03:02 [Chapell]
- Mattias: seperate distinction and communication needed for times when acting as 1st party vs 3rd party
- 17:03:50 [npdoty]
- fielding, right, does a browser that wants to do verification load /.well-known/dnt/rest/of/path? what about those servers that aren't using that technique, but need to use headers to specific more information policies? /cc tl
- 17:04:00 [aleecia]
- q?
- 17:04:04 [aleecia]
- ack amyc
- 17:04:04 [Chapell]
- Mattias: this allows the user agent to detect a first party element in the middle of the page
- 17:04:21 [aleecia]
- s / Mattias / Matthias
- 17:04:48 [ifette]
- q+
- 17:04:57 [npdoty]
- ack jeffwilson
- 17:04:59 [npdoty]
- ack ifette
- 17:05:06 [aleecia]
- ack ifette
- 17:05:16 [aleecia]
- q?
- 17:05:21 [Chapell]
- Ifette: will Matthias' suggestion enable a cheap way of conducting third party content blocking?
- 17:05:37 [Chapell]
- TL: Isn't already easy to do third party content blocking?
- 17:06:54 [Chapell]
- Roy: it can dynamically switch
- 17:07:20 [aleecia]
- q?
- 17:07:31 [tl]
- +q
- 17:07:58 [Chapell]
- Roy: The resopnse comes back from the server - the server rarely has control of how the individual page elements exist on the page
- 17:08:23 [Chapell]
- Roy: The intention here is allow Google to say "because I know this request comes from Google, then I know its a first party"
- 17:08:29 [aleecia]
- ack tl
- 17:08:47 [Chapell]
- Roy: Conversely, when I know its not from Google, then I know i need to adhere to the 3rd party rules
- 17:09:13 [npdoty]
- ifette, does fielding's last comment address your concern? you couldn't correctly figure out by resource whether a URI is reliably a 3rd-party
- 17:09:24 [aleecia]
- q?
- 17:09:53 [fielding]
- s/not from Google/not from an embedded request on a Google site/
- 17:10:07 [Chapell]
- Rigo: this is too compliacated. We already have the possibility to declare. Take it outside, folks (:
- 17:10:32 [Chapell]
- TL / Ifette to discuss later - but not in the spec
- 17:10:37 [npdoty]
- schunter: "naturally, everybody is free to discuss whatever they like"
- 17:10:41 [Chapell]
- not necessarily in the spec
- 17:11:10 [Chapell]
- Next Issue -- Data Tranmitted Via URL
- 17:11:19 [tl]
- tl & ifette agree not to discuss it later.
- 17:11:28 [Chapell]
- What data should be conveyed by servers?
- 17:12:27 [tl]
- +q
- 17:13:03 [npdoty]
- "p" currently indicates "prior consent", but I think in the compliance doc we refer to "out-of-band consent"
- 17:13:25 [aleecia]
- We will certainly need an editing pass to get it all uniform
- 17:13:28 [robsherman]
- q+
- 17:13:43 [aleecia]
- One plan: the editors will swap documents for an editing pass
- 17:13:56 [aleecia]
- ack tl
- 17:14:09 [susanisrael]
- susanisrael has joined #dnt
- 17:14:21 [Chapell]
- TL: what goes in the tracking status field? No changes to tracking status field
- 17:14:28 [aleecia]
- ack robsherman
- 17:14:59 [Chapell]
- Matthias: wants to make a sub-group to discuss later
- 17:15:29 [Brooks]
- q+
- 17:15:44 [fielding]
- q+
- 17:15:45 [npdoty]
- q+ to ask whether first/third party is required by the current language
- 17:16:44 [Chapell]
- RobSherman: we should figure out the right wording. Tracking / Not-Tracking is problematic
- 17:16:45 [tl]
- +q
- 17:17:37 [Chapell]
- TL: response will be "true" those who don't collect any data may return as "false"
- 17:18:10 [Chapell]
- Matthias: need a sub-group to iron our disagreements
- 17:18:25 [rigo]
- ack Brooks
- 17:19:10 [aleecia]
- ack fielding
- 17:19:14 [Chapell]
- Brooks: Does control have a different meaning in a 1st party vs a 3rd party context? TL: Yes
- 17:19:45 [rigo]
- ack fielding
- 17:19:50 [aleecia]
- ack npdoty
- 17:19:50 [Zakim]
- npdoty, you wanted to ask whether first/third party is required by the current language
- 17:20:31 [aleecia]
- ack tl
- 17:20:49 [Chapell]
- TL: why delegate to a sub-group when we could just discuss this now?
- 17:21:02 [aleecia]
- q?
- 17:21:16 [amyc]
- Thinks Brooks also asked whether same party principles applied to both first and third parties, and Matthias answer was yes
- 17:21:22 [Chapell]
- Matthias: first, a smaller group an reach consensu better... second, we may want two subgroups
- 17:21:29 [npdoty]
- <discussion of Solomon and splitting people>
- 17:21:31 [aleecia]
- +1
- 17:22:47 [npdoty]
- fielding: 1/3 is optional only because you might not be tracking at all. npdoty: so 1/3 is required if the first character is "t". fielding: yes.
- 17:22:51 [Chapell]
- Next Issue: Data Minimization Survey
- 17:23:22 [tl]
- +q
- 17:23:28 [aleecia]
- (I agree with TL that we had consensus around Ninja's text, but readily admit I do not follow TPE issues as closely as Compliance. However, I thought we had this done. And we probably should use a different word other than "tracking" since that's not capturing the idea)
- 17:23:30 [npdoty]
- q+ WileyS
- 17:23:35 [aleecia]
- q?
- 17:23:36 [rigo]
- q+
- 17:24:05 [Chapell]
- Fieds: Mandatory -- I like I can't live with I can't live without
- 17:24:30 [npdoty]
- ack WileyS
- 17:25:02 [npdoty]
- ack tl
- 17:25:03 [Chapell]
- TL: Likes all of these fields - maybe we add audit field and others down the road
- 17:25:20 [Chapell]
- Shane and TL agree - next, the Cubs win the series
- 17:25:23 [aleecia]
- So close
- 17:25:23 [Joanne]
- +1 to optional audit field
- 17:25:25 [npdoty]
- +1 on audit/auditors
- 17:25:36 [aleecia]
- +1
- 17:25:48 [aleecia]
- We had agreed it would be an array of URIs
- 17:26:01 [Chapell]
- Rigo: believes its vital to have a pointer to a P3P
- 17:26:25 [jmayer]
- Yep. Haven't heard any objection to an optional audit field.
- 17:26:27 [npdoty]
- not sure Rigo was saying it was vital, just that it would be nice to have an optional field for pointing to a P3P policy
- 17:27:04 [sean]
- sean has joined #dnt
- 17:27:08 [Chapell]
- Shane - we are discussing the elements, but not the specifics of what goes into each field
- 17:27:28 [Joanne]
- how about a optional pointer to a machine readable policy tather than perscribing that it be P3P policy
- 17:27:32 [Chapell]
- Rigo: Doesn't like header + code being optional
- 17:27:39 [npdoty]
- s/ - we/: we/
- 17:28:07 [fielding]
- http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#status-representation
- 17:28:25 [fielding]
- "The content of such a policy document is beyond the scope of this protocol and only supplemental to what is described by this machine-readable tracking status representation. "
- 17:28:41 [jmayer]
- The policy field is intended as a pointer to a human-readable policy, not a P3P policy.
- 17:28:52 [aleecia]
- q?
- 17:28:56 [rigo]
- ack rig
- 17:29:03 [Chapell]
- Matthias: anything missing from the list?
- 17:29:05 [npdoty]
- fielding, rigo, does "supplementable" mean that it doesn't contradict?
- 17:29:18 [Chapell]
- Aleecia: an optional audit field would be helpful
- 17:29:56 [npdoty]
- any objections to an audit field?
- 17:30:06 [aleecia]
- Awesome
- 17:30:14 [aleecia]
- q?
- 17:30:27 [npdoty]
- no objections to the audit field.
- 17:30:52 [aleecia]
- Resolved: Roy to add audit field as an optional multiple URI field
- 17:30:55 [fielding]
- action on fielding to add audit field
- 17:30:55 [trackbot]
- Sorry, couldn't find user - on
- 17:31:16 [Chapell]
- Truste pinky swears us that this won't create additional complications and uncertainty in the marketplace (:
- 17:31:29 [rigo]
- for the record, I'm opposed to the policy field as it may contradict. At least we should have language that it can't contradict the semantics of the compliance specification
- 17:31:30 [Joanne]
- :)
- 17:31:36 [npdoty]
- action: fielding to add optional audit field array
- 17:31:36 [trackbot]
- Created ACTION-219 - Add optional audit field array [on Roy Fielding - due 2012-06-29].
- 17:32:12 [fielding]
- rigo, the language is already in the spec and quoted above
- 17:32:19 [aleecia]
- I don't wish to kill puppies. We're fine.
- 17:32:40 [rigo]
- fielding: I'm scrolling and scrolling and not finding
- 17:32:48 [Chapell]
- Next Issue: User-granted Exceptions
- 17:32:51 [npdoty]
- I think rigo wants to make it clear that having sent a link to the policy in the response status does not imply that the user agent has accepted all the details of that policy (which could even contradict other claims about DNT)
- 17:32:51 [fielding]
- 10:28am
- 17:33:02 [tl]
- +q
- 17:33:16 [npdoty]
- "The content of such a policy document is beyond the scope of this protocol and only supplemental to what is described by this machine-readable tracking status representation." rigo, fielding is talking about this sentence in the optional field's paragraph.
- 17:33:17 [jmayer]
- +q
- 17:33:20 [Chapell]
- Agreement to allow site-wide and web-wide exceptions
- 17:33:26 [Chapell]
- Any opposed?
- 17:33:41 [fielding]
- q+
- 17:33:48 [Chapell]
- TL: Top bullet point should be conditional on the bottom bullet
- 17:34:02 [rigo]
- ok, but why should we mandate "human readable" could be also a P3P policy. Just say URI
- 17:34:06 [npdoty]
- tl: we should have site-wide exceptions only if we also have site/site exceptions
- 17:34:14 [Chapell]
- Roy: Doesn't see a need for an exception framework
- 17:34:15 [rigo]
- and "supplemental" is not really the semantics we mean
- 17:34:56 [hwest]
- Exception framework accomplishes different and helpful things that OOBC doesn't
- 17:35:03 [Chapell]
- Roy: Wants sites to keep their existing consent mechansisms
- 17:35:18 [hwest]
- Much easier for users, as long as we use exceptions that can be UI-d well
- 17:35:27 [jmayer]
- How about we reserve the EU compliance discussion for later?
- 17:35:33 [aleecia]
- q?
- 17:35:39 [jmayer]
- The question here is which forms of exception we'll allow.
- 17:35:47 [aleecia]
- ack fielding
- 17:35:47 [hwest]
- q+
- 17:35:51 [Chapell]
- Roy: Sites don't trust browsers, so having a browser manage your legally required consent mechanism is problematic
- 17:35:55 [tl]
- -q
- 17:36:14 [Chapell]
- Roy: Sites will have to use cookies anyway
- 17:36:34 [rigo]
- I think it must state that "in case of conflict, the DNT-header semantics will prevail".
- 17:36:36 [rigo]
- q+
- 17:36:37 [adrianba]
- q+
- 17:36:44 [Chapell]
- Roy: The exception mechanism provides very little value to site owners and adds some complications
- 17:36:49 [WileyS]
- q+
- 17:36:57 [rigo]
- q+ npdoty
- 17:37:03 [Chapell]
- Jmayer: What is topic? EU compliance or Exception framework?
- 17:37:04 [aleecia]
- ack jmayer
- 17:37:04 [dwainberg]
- q+
- 17:37:13 [Chapell]
- JMayer: Deal with EU later.....
- 17:37:54 [aleecia]
- (sorry, Nick)
- 17:38:25 [Chapell]
- JMayer: don't constrain browsers or sites - give options
- 17:38:36 [npdoty]
- ack hwest
- 17:38:52 [Chapell]
- HWest: having this programatic browser based mgt tool will be helpful -
- 17:39:07 [aleecia]
- q?
- 17:39:27 [Chapell]
- Hwest: having exceptions will be helpful with implimentation and user experience
- 17:39:36 [aleecia]
- ack rigo
- 17:39:36 [jmayer]
- Google doesn't think it can present a good explicit/explicit UI, Mozilla does. Why constrain browser UI innovation with the API?
- 17:40:09 [ifette]
- q+
- 17:40:10 [Chapell]
- Rigo: How do you revert user consent without providing multiple channels
- 17:40:19 [hwest]
- Because it expands complexity for other entities for no good reason
- 17:40:37 [aleecia]
- zakim, close queue
- 17:40:37 [Zakim]
- ok, aleecia, the speaker queue is closed
- 17:40:40 [Chapell]
- Roy: If this implementation adds six months to process, then that is bad - and there are no implementations of this features yet
- 17:40:40 [aleecia]
- q?
- 17:40:45 [aleecia]
- zakim, open queue
- 17:40:45 [Zakim]
- ok, aleecia, the speaker queue is open
- 17:40:54 [aleecia]
- going once...
- 17:41:01 [aleecia]
- going twice...
- 17:41:06 [aleecia]
- zakim, close queue
- 17:41:06 [Zakim]
- ok, aleecia, the speaker queue is closed
- 17:41:06 [BerinSzoka]
- +q
- 17:41:14 [aleecia]
- zakim, open queue
- 17:41:14 [Zakim]
- ok, aleecia, the speaker queue is open
- 17:41:23 [aleecia]
- q+ BerinSzoka
- 17:41:29 [aleecia]
- close queue
- 17:41:30 [jmayer]
- +q
- 17:41:33 [Chapell]
- Adrianba: sympathetic to Roy's position. Many pubs would not want this generated on their pages. There would be a need for 1st and 3rd parties to agree. Also questions whether there will be demand.
- 17:41:36 [npdoty]
- Zakim, close queue
- 17:41:36 [Zakim]
- ok, npdoty, the speaker queue is closed
- 17:41:49 [Chapell]
- Adrianba: if we agree that the mechanism should be provided, then lets start simply
- 17:42:05 [aleecia]
- ack adrianba
- 17:42:09 [aleecia]
- ack WileyS
- 17:42:30 [npdoty]
- q-
- 17:42:40 [adrianba]
- s/start simply/start simply and add more sophistication later if required/
- 17:42:52 [npdoty]
- thx WileyS for as expected making my arguments redundant
- 17:43:04 [Chapell]
- Shane: Without exceptions, this moves us to an out-of band consent world. this provides users with a centralized place to make their choices
- 17:43:39 [aleecia]
- ack dwainberg
- 17:43:40 [Chapell]
- Shane: re: Eprivacy.... The consent bound with site-wide or web-wide COULD meet eprivacy
- 17:44:24 [aleecia]
- ack ifette
- 17:44:27 [Chapell]
- DWainberg: Durability of user choice is imporant. Choice to allow tracking should also be durable. Having this in there will help implementability.
- 17:44:51 [Chapell]
- Dwainberg: The idea that we leave out important parts of this spec based upon time is problematic: better to get it right than to do it fast
- 17:45:23 [Chapell]
- Ifette: Not sure how one does out-of band conent in a safari browser that blocks 3rd party cookies
- 17:45:43 [Chapell]
- Roy: In Safari, first party may pass to third parties
- 17:45:47 [aleecia]
- ack BerinSzoka
- 17:46:04 [Chapell]
- Ifette: However, thatt still makes web wide exceptions impossible in Safari
- 17:46:20 [npdoty]
- it would also be a pain for first parties to always have to relay on remembered out-of-band consent to each third party
- 17:46:59 [npdoty]
- BerinSzoka: lowers transaction costs for negotiating and remembering/managing
- 17:47:06 [Chapell]
- Berin: With significant adoption of DNT: User preferences may actually be frustrated without exceptions. Without a tool, you create a mechanism that significantly changes the equilibrium in the ecosystem
- 17:47:27 [aleecia]
- ack jmayer
- 17:47:32 [Chapell]
- Berin: If the point of DNT is to enable privacy choices, why not spend time on this?
- 17:47:52 [Chapell]
- JMayer: alot of the concern has been with the alignment of EU law.
- 17:48:00 [npdoty]
- is there anyone other than fielding that wants to drop exceptions altogether? can fielding live with the exception mechanism?
- 17:48:18 [aleecia]
- q?
- 17:48:41 [Chapell]
- Matthias: anyone violently oppose the API?
- 17:49:09 [Chapell]
- Roy: Doesn't like it, and not sure he can live with Expicit-Explicit pairs.... next topic
- 17:49:20 [npdoty]
- I agree that it's easy. :)
- 17:49:24 [jmayer]
- My point: The API could allow for plain-text explanation and a read more link. That would facilitate EU law compliance.
- 17:49:33 [Chapell]
- Thanks JM
- 17:49:42 [npdoty]
- jmayer, yes, we already have those optional parameters in the API
- 17:50:11 [Chapell]
- Matthias: enumerate all parties on the site.
- 17:50:22 [Chapell]
- Matthias: a first party may not know all the parties on the site
- 17:50:51 [aleecia]
- side conversations are becoming problematic… there are side rooms around us if you want to step out for five minutes
- 17:51:34 [jmayer]
- +q
- 17:51:40 [aleecia]
- zakim, open queue
- 17:51:40 [Zakim]
- ok, aleecia, the speaker queue is open
- 17:51:44 [aleecia]
- q+ jmayer
- 17:52:02 [KevinT]
- KevinT has joined #dnt
- 17:53:02 [npdoty]
- q+
- 17:53:02 [aleecia]
- ack jmayer
- 17:53:03 [adrianba]
- q+
- 17:53:04 [tl]
- +q
- 17:53:17 [fielding]
- q+
- 17:53:20 [Chapell]
- JMayer: is this the same proposal re: taking a snapshot? Matthias: YES
- 17:53:27 [aleecia]
- ack npdoty
- 17:53:30 [meme]
- meme has joined #dnt
- 17:53:59 [Chapell]
- NDoty: What is the intent of the partners field? All partners or only partners needed an exception?
- 17:54:00 [jmayer]
- As David Singer and I explained on the mailing list, this seems a counter-intuitive, difficult-to-deploy version of an explicit-explicit exception API.
- 17:55:00 [aleecia]
- ack adrianba
- 17:55:02 [ifette]
- q+
- 17:55:10 [rigo]
- I don't understand. Just declare nothing and then its site wide
- 17:55:12 [Chapell]
- Ndoty: not sure this solves the problem
- 17:55:24 [rigo]
- q+
- 17:55:43 [aleecia]
- ack tl
- 17:55:52 [Chapell]
- Matthias: If User has consented to say, 3 parties, NEW parties are not lincluded
- 17:55:53 [npdoty]
- as I understand it, it's always site-wide, it's always an explicit list of every party or an implicit list of every party
- 17:56:11 [Chapell]
- Adrianba: How do I get additional third parties into the exception?
- 17:56:20 [npdoty]
- but you still don't have the advantage of being able to ask for a subset of parties, and now you have the complexity of updates to the partner list
- 17:56:32 [amyc]
- how does "delegate further" work -- would this be as service provider
- 17:56:57 [Chapell]
- Matthias: Need to call the API repeatedly so the User Agent can say that the number of partners has changed
- 17:57:00 [aleecia]
- (sorry for early ack, Tom.)
- 17:57:17 [npdoty]
- I think we should also be concerned about "delegate further" if you can just re-direct to a potentially limitless number of other parties
- 17:57:22 [vinay_]
- Amy - I believe its the transitive party. So, if I get consent for AppNexus since that's the party the site contracts with, the consent is transferred over to the ad networks serving ads thru AppNexus
- 17:57:25 [aleecia]
- q?
- 17:57:37 [Chapell]
- TL: This doesn't give users the info that they need? I don't know which 3rd parties I'm giving consent to track me
- 17:57:43 [vinay_]
- Which is why I don't think this actually helps consumers
- 17:57:46 [aleecia]
- ack fielding
- 17:57:51 [npdoty]
- q+ chester
- 17:58:25 [Chapell]
- Roy: Its not reasonable to require java script API's to make all of this information -- its more efficient for the java scrtip to KNOW what partners are on its list
- 17:58:27 [johnsimpson]
- q?
- 17:58:28 [aleecia]
- ack ifette
- 17:58:41 [Chapell]
- Roy: Its not reasonable to require java script API's to make all of this information -- its more efficient for the java scrtip to KNOW what partners are on its list
- 17:58:58 [npdoty]
- fielding: had removed the list of partners from the spec because I don't want JavaScript APIs to require initiating another HTTP request
- 17:59:05 [jmayer]
- +
- 17:59:08 [jmayer]
- +q
- 17:59:20 [Chapell]
- IFette: the pointer to the list of parties was helpful for auditing from regulators and others
- 17:59:22 [aleecia]
- zakim close queue
- 17:59:31 [npdoty]
- Zakim, close queue
- 17:59:31 [Zakim]
- ok, npdoty, the speaker queue is closed
- 18:00:03 [npdoty]
- the same as a site-wide exception in that it simply is a site-wide exception
- 18:00:05 [Joanne]
- can consent be delegated to the first party?
- 18:00:10 [Chapell]
- Matthias: by putting this info in the partners space, you can't have user agent innovations
- 18:00:29 [tl]
- +q
- 18:00:31 [aleecia]
- ack rigo
- 18:01:07 [Chapell]
- Rigo: May want to descriminate against certain third parties.
- 18:01:48 [aleecia]
- ack chester
- 18:01:52 [ifette]
- s/can't have user/can have user/
- 18:02:22 [Chapell]
- JeffChester: Agrees with TL. Users need to know who the partners are. And if they have said they don't want to be tracked by XXX, then we need to accomodate this
- 18:02:26 [aleecia]
- ack jmayer
- 18:02:39 [Chapell]
- JMayer: This is optional API with a strange design --- low implimentation.
- 18:02:58 [hwest]
- hwest has joined #dnt
- 18:03:00 [npdoty]
- jchester: need to know who wins the bid in an ad exchange for example, who's actually tracking them
- 18:03:37 [Chapell]
- Matthias: Who objects to Explicit / Explicit?
- 18:03:47 [Chapell]
- TL: Doesn't like E/E design
- 18:04:04 [npdoty]
- scribing has just missed something
- 18:04:07 [jmayer]
- My proposal: let's discuss an (optional?) explicit-explicit JS API instead of this weird, backwards design.
- 18:04:13 [jmayer]
- +q
- 18:04:17 [aleecia]
- I can cut off the queue but not my co-chair
- 18:04:26 [npdoty]
- schunter: who objects to this particular handling/implementation of explicit exceptions?
- 18:04:30 [npdoty]
- tl: don't like this design.
- 18:04:38 [aleecia]
- tl, +1
- 18:05:19 [jmayer]
- I think this technical design is *really* bad.
- 18:05:29 [rigo]
- jeff, how can you know who takes the market in a bid? You can't know who will take the market. Having all partners known beforehand is just not possible with auctions. So it would just prohibit auctions
- 18:05:53 [rigo]
- and the smart alternative is to make those responsible who create the legal framework for those auction systems
- 18:06:03 [rigo]
- and cater to the system
- 18:06:15 [rigo]
- aka the third parties directly contacted
- 18:06:21 [npdoty]
- continue in large group after the break
- 18:06:30 [jmayer]
- Asking browsers to snapshot a JSON resource and handle versioning on it = lolwut.
- 18:08:52 [robsherman]
- robsherman has joined #dnt
- 18:20:11 [felten]
- felten has joined #dnt
- 18:21:16 [johnsimpson]
- johnsimpson has joined #dnt
- 18:37:20 [jeffwilson]
- jeffwilson has joined #dnt
- 18:39:50 [sean]
- sean has joined #dnt
- 18:40:28 [Joanne]
- Joanne has joined #DNT
- 18:41:20 [vincent]
- vincent has joined #dnt
- 18:41:20 [npdoty]
- <welcome back from break>
- 18:41:27 [hwest_]
- hwest_ has joined #dnt
- 18:41:34 [npdoty]
- schunter: some people continued this discussion, perhaps with a proposed solution
- 18:41:53 [dwainberg]
- dwainberg has joined #dnt
- 18:41:58 [susanisrael]
- susanisrael has joined #dnt
- 18:42:08 [npdoty]
- scribenick: jmayer
- 18:42:14 [npdoty]
- sidstamm to back up
- 18:42:18 [npdoty]
- q?
- 18:42:27 [robsherman]
- robsherman has joined #dnt
- 18:42:44 [npdoty]
- Topic: Post-Break, more exceptions
- 18:42:47 [aleecia]
- tl, two use cases for explicit, explicit can be solved:
- 18:42:59 [aleecia]
- tl, partners field in URI avail to UA
- 18:43:08 [fielding]
- in resource
- 18:43:18 [jmayer]
- tl: two challenges
- 18:43:24 [aleecia]
- …, 2nd, if want DNT:1 nearly all the time but send DNT:0 except for evil corp
- 18:43:25 [jmayer]
- ... 1) transparency in third parties
- 18:43:29 [RobGratchner]
- RobGratchner has joined #dnt
- 18:43:33 [jmayer]
- ... accomplish with partners field
- 18:43:58 [jmayer]
- ... 2) exceptions to site-wide exceptions (e.g. all ok but EvilCorp)
- 18:44:21 [jmayer]
- ... "i accept your exception except"
- 18:44:34 [jmayer]
- +q
- 18:44:39 [npdoty]
- Zakim, open queue
- 18:44:39 [Zakim]
- ok, npdoty, the speaker queue is open
- 18:44:46 [fielding]
- and by that tl means that evilcorp will continue to receive DNT:1
- 18:45:03 [sidstamm]
- jmayer: few different cases where explicit-explicit might be involved
- 18:45:16 [aleecia]
- we will really need to find a way to figure out how to talk about this that isn't just insane
- 18:45:17 [sidstamm]
- ... transparency about third parties, exceptions to site-wide, and a third use-case
- 18:45:34 [sidstamm]
- ... what about when a first party wants to request exceptions for third parties (a subset of third parties on their site)
- 18:45:59 [sidstamm]
- Matthias: clarify, please, in your proposal do you allow UAs to snapshot partners list or can they ignore?
- 18:46:04 [sidstamm]
- tl: partners list is informational
- 18:46:16 [jmayer]
- tl: in my proposal, the partners list is optional
- 18:46:21 [npdoty]
- aleecia, this doesn't feel insane to me
- 18:46:26 [rigo]
- rigo has joined #dnt
- 18:46:28 [dwainberg]
- q+
- 18:46:30 [jmayer]
- ... user agents doesn't have to look at list of partners
- 18:46:36 [jmayer]
- ... but if it wants to, it can
- 18:46:38 [jmayer]
- +q
- 18:46:48 [susanisrael]
- Is the site responsible for passing that preference to evilcorp or does evilcorp receive it directly?
- 18:46:54 [aleecia]
- no it's not, but talking about exceptions to exceptions is non-trivial for comprehension. We'll need better wording is all
- 18:47:02 [egrant]
- +q
- 18:47:02 [sidstamm]
- Matthias: would like to include language calling out that UAs can use the partner info
- 18:47:07 [sidstamm]
- tl: I don't think we need to specify it
- 18:47:15 [sidstamm]
- Matthias: <disagrees with tl>
- 18:47:18 [jmayer]
- matthias: want to see language about how UA may downscope exception (i.e. send DNT: 0 to certain sites)
- 18:47:25 [npdoty]
- susanisrael, in all of these exception examples so far, the signal is sent directly on each request (e.g. directly to evilcorp)
- 18:47:26 [aleecia]
- ack dwainberg
- 18:47:37 [susanisrael]
- nick, thanks
- 18:47:37 [jmayer]
- tl: why do we need language on browser innovation?
- 18:47:59 [jmayer]
- dwainberg: how does the browser implement something like an exclusion list?
- 18:48:00 [fwagner]
- fwagner has joined #dnt
- 18:48:17 [jmayer]
- tl: up to user agent, user choice
- 18:48:29 [ifette]
- q+
- 18:48:39 [WileyS]
- +q
- 18:48:39 [ifette]
- q-
- 18:48:41 [npdoty]
- tl: could share lists, or otherwise configure your browser
- 18:48:44 [jmayer]
- dwainberg: what if a third party wants ask the user for consent?
- 18:48:55 [jmayer]
- matthias: it can ask for out-of-band consent
- 18:49:04 [jmayer]
- dwainberg: concerned with how this works
- 18:49:05 [aleecia]
- q?
- 18:49:17 [jmayer]
- matthias: can ask the API again, too
- 18:49:38 [jmayer]
- tl: it's the user's choice, a site can ask politely
- 18:49:49 [npdoty]
- dwainberg: how can a third party ask the user to re-consider their opt-out determination
- 18:49:58 [sidstamm]
- jmayer: sounds like there's not agreement on language about browsers downscoping site-wide exceptions
- 18:50:06 [sidstamm]
- ... but there's substance agreement
- 18:50:20 [sidstamm]
- ... but we've backed ourselves into a "super-jankety" explicit-explicit api
- 18:50:31 [sidstamm]
- ... might make sense to have an explicit-explicit api that's optional for UAs
- 18:50:44 [wheeler]
- q+
- 18:50:54 [npdoty]
- ack jmayer
- 18:50:57 [jmayer]
- scribenick: jmayer
- 18:51:24 [jmayer]
- s/on language/on explicit "MAY" language/
- 18:51:26 [meme]
- meme has joined #dnt
- 18:51:29 [aleecia]
- ack egrant
- 18:51:34 [jmayer]
- tl: did you just volunteer to write this matthias?
- 18:51:47 [jmayer]
- matthias: sure, i'll capture the view
- 18:52:09 [npdoty]
- action: schunter to write up tl/matthias sub-group agreement on exception approach
- 18:52:09 [trackbot]
- Sorry, amibiguous username (more than one match) - schunter
- 18:52:09 [trackbot]
- Try using a different identifier, such as family name or username (eg. mschunte2, mschunte)
- 18:52:12 [jmayer]
- egrant: many companies operate services that are both first party and third party
- 18:52:15 [aleecia]
- q?
- 18:52:16 [jmayer]
- tl: follow the rules
- 18:52:24 [jmayer]
- ... about first party and third party sharing
- 18:52:28 [npdoty]
- action: mschunte2 to write up tl/matthias sub-group agreement on exception approach
- 18:52:28 [trackbot]
- Created ACTION-220 - Write up tl/matthias sub-group agreement on exception approach [on Matthias Schunter - due 2012-06-29].
- 18:52:52 [aleecia]
- q?
- 18:52:57 [aleecia]
- ack WileyS
- 18:53:17 [jmayer]
- WileyS: Understand how user agent might be configured to auto-reject certain exception requests.
- 18:53:25 [jmayer]
- ... How would the flow for exceptions work?
- 18:53:39 [jmayer]
- tl: Use the existing APIs.
- 18:53:45 [ifette]
- q+
- 18:53:49 [jmayer]
- +q
- 18:55:00 [jmayer]
- ifette: Not as bad as Shane says. In a site-wide exception response, there might be some exclusions. Get to decide how to respond to that. Might not care (e.g. social widget), might care and message the user, do things.
- 18:55:10 [CraigSpiezle]
- CraigSpiezle has joined #dnt
- 18:55:47 [jmayer]
- WileyS: What about when a user overrides with an out-of-band consent?
- 18:55:51 [jmayer]
- tl: Same, again.
- 18:56:08 [aleecia]
- ack wheeler
- 18:56:20 [jmayer]
- WileyS: Makes life harder for first parties, can't just look at DNT header
- 18:56:40 [ifette]
- q-
- 18:56:42 [erikn]
- q?
- 18:56:51 [kimon]
- kimon has joined #dnt
- 18:57:08 [jmayer]
- matthias: Have to do careful reasoning about third parties with/without exceptions anyways.
- 18:57:22 [npdoty]
- I think we may need to help WileyS whether we have these web-wide opt-outs or not
- 18:58:13 [jmayer]
- wheeler: What happens when there's a site-wide exception?
- 18:58:29 [jmayer]
- tl: They don't have to comply with the restrictions of DNT.
- 18:58:31 [aleecia]
- ack jmayer
- 18:58:54 [schunter]
- schunter has joined #dnt
- 18:59:17 [sidstamm]
- jmayer: not discusing whether first party can get exceptions for third parties, rather we're discussing whether or not all third parties on the site need to get exceptions
- 18:59:41 [jmayer]
- -q
- 18:59:43 [sidstamm]
- ... the question is, can we select which third parties get exceptions
- 19:00:22 [jmayer]
- scribenick: jmayer
- 19:00:27 [jmayer]
- (was sidstamm)
- 19:00:39 [jmayer]
- matthias: moving on to out-of-band consent
- 19:01:16 [jmayer]
- ... question is, should we have a mechanism for storing out-of-band consent in the browser?
- 19:01:27 [jmayer]
- s/mechanism/dedicated mechnism/
- 19:01:31 [npdoty]
- action: mayer to draft optional version of explicit/explicit exception api
- 19:01:31 [trackbot]
- Created ACTION-221 - Draft optional version of explicit/explicit exception api [on Jonathan Mayer - due 2012-06-29].
- 19:02:03 [tl]
- +q
- 19:02:09 [npdoty]
- q+ ifette
- 19:02:11 [ifette]
- q+
- 19:02:14 [jmayer]
- ... idea: javascript api that a site can use to flag out-of-band consent
- 19:02:16 [aleecia]
- ack tl
- 19:02:20 [npdoty]
- q+
- 19:02:20 [jmayer]
- tl: isn't this covered in the response headeR?
- 19:02:30 [jmayer]
- s/headeR/header/
- 19:02:32 [aleecia]
- ack ifette
- 19:03:12 [dwainberg]
- q+
- 19:03:17 [rigo]
- q+
- 19:03:20 [jmayer]
- q+
- 19:03:33 [jmayer]
- ifette: Good to be able to store out-of-band consent in the browser because of third-party cookie blocking (?). But let's suppose there's a place to edit the out-of-band consent. How does the site make sure it's getting the latest, correct version?
- 19:03:51 [jmayer]
- tl: If content is removed from storage, the site knows, right?
- 19:04:19 [fielding]
- This would be an in-band way to store out-of-band consent?
- 19:04:23 [jmayer]
- ifette: Setting up potential for conflict.
- 19:04:31 [dwainberg]
- q?
- 19:04:38 [jmayer]
- matthias: If out-of-band is in browser, you get DNT: 0.
- 19:04:50 [tl]
- +q
- 19:04:51 [jmayer]
- rigo: <???>
- 19:05:07 [jmayer]
- ifette: once again, potential for conflicts
- 19:05:11 [WileyS]
- +q
- 19:05:30 [jmayer]
- rigo: no, there's a misunderstanding, an out-of-band answer is a contract independent of DNT, this is just convenience in the browser
- 19:05:38 [jmayer]
- ... change in storage doesn't change legal implications
- 19:06:14 [aleecia]
- ack npdoty
- 19:06:17 [WileyS]
- Roy, yes - allows the Server as a tool to store perhaps a broader permission consent and/or control the UI for consent flow
- 19:06:27 [jmayer]
- matthias: think rigo is saying this is about independent mechanism overriding other mechanisms
- 19:06:35 [ifette]
- q+
- 19:06:41 [jmayer]
- <general confusion>
- 19:06:52 [ifette]
- q+ to say oob provides a URL where you can edit your out of band stuff, the browser should just direct the user there
- 19:06:56 [jmayer]
- tl: If there's an out-of-band exception, why store it?
- 19:07:03 [aleecia]
- ack dwainberg
- 19:07:09 [tlr]
- tlr has joined #dnt
- 19:07:14 [WileyS]
- Ian, good idea - that can work
- 19:07:16 [jmayer]
- dwainberg: This isn't a control mechanism, it's a storage mechanism.
- 19:07:30 [jmayer]
- matthias: Purely informational for the user agent.
- 19:07:35 [aleecia]
- ack rigo
- 19:07:41 [jmayer]
- tl: If that's what it is, why implement it?
- 19:07:43 [felten]
- q+
- 19:08:32 [sidstamm]
- scribenick: jmayer
- 19:08:34 [aleecia]
- ack jmayer
- 19:08:35 [tl]
- +q sidstamm
- 19:08:36 [npdoty]
- ack jmayer
- 19:08:55 [jeffwilson]
- q+
- 19:08:59 [sidstamm]
- jmayer: so practiaclly, you get the storage, but the browser doesn't intermediate the ui
- 19:09:12 [sidstamm]
- ... I thought the point was that the UI in the browser was consistent and provided a central point of control
- 19:09:24 [sidstamm]
- ... and that the UA makers could pick UI that are best for the users
- 19:09:44 [sidstamm]
- jmayer: prefers if the browser UI was for intermediating
- 19:09:50 [jmayer]
- scribenick: jmayer
- 19:09:55 [aleecia]
- ack WileyS
- 19:09:57 [jmayer]
- WileyS: The alternative is harmful to the user.
- 19:09:58 [jmayer]
- +q
- 19:10:06 [aleecia]
- …and I skipped Tom, oops
- 19:10:08 [aleecia]
- sorry
- 19:10:21 [jmayer]
- ... If the browser has a bad user interface, won't use it.
- 19:10:36 [aleecia]
- tl
- 19:10:36 [rigo]
- the storage of out of band consent in the browser is only positive. It allows the storage of all the consents a user has and an overview of all that information, may be even store a URI where one can manage the out of band consent
- 19:10:38 [felten]
- -q
- 19:10:42 [npdoty]
- in that case, I'm not sure we need a JS api for this
- 19:10:43 [aleecia]
- ack tl
- 19:10:43 [jmayer]
- ... At least give the user some centralized control here.
- 19:10:44 [dwainberg]
- q+
- 19:10:47 [dwainberg]
- q?
- 19:10:58 [jmayer]
- ... For example, must provide URL for control.
- 19:11:17 [npdoty]
- q+ to don't we already have that just by using the response headers?
- 19:11:18 [jmayer]
- tl: Would you be OK with any site that uses this putting a control element in the well-known URI?
- 19:11:22 [jmayer]
- WileyS: Yes.
- 19:11:27 [rigo]
- q+
- 19:11:38 [aleecia]
- that's a great solution, IMHO
- 19:11:55 [aleecia]
- and gets to the point that users be able to change their minds multiple times a lot better than we had before
- 19:11:58 [sidstamm]
- yes, +1
- 19:12:00 [jeffwilson]
- q-
- 19:12:05 [rigo]
- -1
- 19:12:16 [aleecia]
- ack ifette
- 19:12:16 [Zakim]
- ifette, you wanted to say oob provides a URL where you can edit your out of band stuff, the browser should just direct the user there
- 19:12:20 [sidstamm]
- out-of-band exceptions should be controlled out of band
- 19:12:22 [rigo]
- it just kills your wallet where you store your agreements
- 19:12:25 [npdoty]
- "DNT cookies" in case a user has blocked cookies
- 19:12:30 [jmayer]
- matthias: To be clear: if you want to use the out-of-band consent storage in the browser, fine, but you need to give a control URL such that the browser can put in a button for control.
- 19:12:35 [jmayer]
- tl: Yep.
- 19:12:38 [jmayer]
- WileyS: Yep.
- 19:13:07 [jmayer]
- ifette: Need some place to store consent, might not have third-party cookies.
- 19:13:20 [aleecia]
- ack sidstamm
- 19:13:22 [felten]
- Sudden outbreak of good engineering.
- 19:13:32 [jmayer]
- ... Rigo's inconsistency problem only comes from where browser isn't aligned with site preferences.
- 19:13:36 [jmayer]
- ... This fixes it.
- 19:13:42 [tl]
- sidstamm: +1 to Ian
- 19:13:55 [npdoty]
- ack npdoty
- 19:13:55 [Zakim]
- npdoty, you wanted to don't we already have that just by using the response headers?
- 19:13:56 [aleecia]
- ack jmayer
- 19:14:00 [aleecia]
- ack dwainberg
- 19:14:02 [sidstamm]
- yes, was on the queue to agree with him and how to avoid putting the browser in an "inconsistent" state
- 19:14:03 [aleecia]
- ack npdoty
- 19:14:21 [WileyS]
- Q?
- 19:14:57 [aleecia]
- ack rigo
- 19:15:05 [tl]
- +q
- 19:15:11 [aleecia]
- the odds of people who block cookies and have DNT are a bit higher
- 19:15:15 [ifette]
- q+
- 19:15:29 [jmayer]
- npdoty: some problems of third-party cookie blocking, maybe, but those users might not want to be tracked
- 19:16:03 [npdoty]
- npdoty: and we have most of this functionality (for users) just by browsers optionally remembering when they see an opt-back-in message and including a control link
- 19:16:32 [aleecia]
- ack tl
- 19:16:42 [npdoty]
- "no. what?"
- 19:17:17 [jmayer]
- rigo: should there be a control location in the browser?
- 19:17:20 [WileyS]
- +q
- 19:17:23 [tl]
- +q
- 19:17:26 [aleecia]
- ack ifette
- 19:17:37 [aleecia]
- zakim, close queue
- 19:17:37 [Zakim]
- ok, aleecia, the speaker queue is closed
- 19:17:48 [rigo]
- q?
- 19:17:50 [aleecia]
- ack WileyS
- 19:17:50 [jmayer]
- ifette: don't understand rigo, think he wants the control URL to be optional, why?
- 19:18:07 [sidstamm]
- if there's no control URI, how do users properly revoke it?
- 19:18:09 [aleecia]
- q?
- 19:18:16 [aleecia]
- ack tl
- 19:18:34 [rigo]
- rigo wants simply that the UA can store all out of band consents, whether managed or not
- 19:18:45 [jmayer]
- WileyS: Seems reasonable, in some cases control directly in browser, in some cases follow control link.
- 19:18:51 [jmayer]
- matthias: Any opposition?
- 19:18:54 [sidstamm]
- works for me
- 19:18:55 [ifette]
- ACTION: ifette to document out-of-band js api
- 19:18:55 [trackbot]
- Created ACTION-222 - Document out-of-band js api [on Ian Fette - due 2012-06-29].
- 19:19:00 [jmayer]
- npdoty: Want to see text.
- 19:19:06 [aleecia]
- shhhh
- 19:20:10 [rigo]
- I think though that is covered by the possibility to convey information also by other means. But the js api shouldn't prohibit to just convey information without control - URI
- 19:20:20 [WileyS]
- +q
- 19:20:21 [tl]
- +q
- 19:20:26 [jmayer]
- matthias: possible discussions are non-compliant user agents and tracking status resources
- 19:20:37 [WileyS]
- =q
- 19:20:42 [WileyS]
- q-
- 19:20:42 [jmayer]
- ... going to focus on tracking status resource
- 19:20:52 [aleecia]
- zakim, open queue
- 19:20:52 [Zakim]
- ok, aleecia, the speaker queue is open
- 19:21:00 [tl]
- +q
- 19:21:14 [jmayer]
- ... working from tom's brussels proposals
- 19:21:37 [jmayer]
- <explaining tom's proposals>
- 19:21:45 [tl]
- Tom would like to do this.
- 19:21:55 [tl]
- And actually, use his DC proposal.
- 19:22:21 [npdoty]
- we don't have a service-provider code in the Response Value section at the moment
- 19:22:31 [rigo]
- q+
- 19:22:44 [aleecia]
- let's let Matthias talk through first if we can
- 19:22:59 [jmayer]
- ... notion is a reasonable degree of transparency in practices
- 19:23:12 [aleecia]
- ack tl
- 19:23:14 [jmayer]
- ... roy has a proposal with more fields
- 19:23:41 [jmayer]
- tl: why use my abbreviated brussels proposal instead of my more recent washington proposal?
- 19:25:08 [jmayer]
- tl: <explaining latest proposal>
- 19:25:19 [robsherman]
- q+
- 19:25:53 [jmayer]
- matthias: question for roy - fundamentally different?
- 19:26:01 [jmayer]
- roy: similar, but treat service provider as first party
- 19:26:04 [aleecia]
- ack rigo
- 19:26:22 [jmayer]
- matthias: save this small difference, the same
- 19:27:03 [npdoty]
- tl has a "c" for consent and roy has a "p" for prior consent
- 19:27:26 [npdoty]
- tl: existence of the response is the indicator that you comply with the user's preference
- 19:27:55 [jmayer]
- <frustrated cross-talk>
- 19:28:17 [amyc]
- amyc has joined #dnt
- 19:28:17 [jmayer]
- tl: response header is a commitment to follow the DNT specification, indicates applicable parts
- 19:28:20 [npdoty]
- rigo: if I send a DNT signal to a wall, it won't comply
- 19:28:24 [felten]
- q?
- 19:29:14 [jmayer]
- <more frustrated cross-talk>
- 19:29:31 [amyc]
- amyc wants to ask whether this header is optional, as we decided before break?
- 19:30:01 [npdoty]
- amyc, this response will also appear in the well-known URI, I believe
- 19:30:08 [rigo]
- my point is that the current text is not really ok for creating matching declarations to create consent
- 19:30:21 [rigo]
- if we have consent + additional information, fine
- 19:30:40 [WileyS]
- +q
- 19:30:49 [jmayer]
- tl: this is a short way for a website to explain what it's doing
- 19:30:50 [aleecia]
- ack robsherman
- 19:31:06 [rigo]
- but if we say, see I only promise to honor this part of the specification we may have a dissent between the user and the service
- 19:31:08 [jmayer]
- matthias: ok, yes, a commitment to follow the spec and possibly additional information
- 19:31:39 [jmayer]
- rob: can't commit to track or not track when there's no clear definition
- 19:31:46 [aleecia]
- we could use different names, yes
- 19:31:55 [amyc]
- q+
- 19:32:18 [jmayer]
- tl: this is about "definitely-not-tracking" - where a (very unusual) site collects essentially no information
- 19:32:19 [fielding]
- q+
- 19:32:25 [npdoty]
- ninja's definition of "absolutely not tracking": http://www.w3.org/mid/4F3935E4.4030101@datenschutzzentrum.de
- 19:32:27 [jmayer]
- ... information that is entirely arvind-proof
- 19:32:40 [npdoty]
- (some people don't think we should define that at all, or rather that we shouldn't use that name)
- 19:32:41 [alex_]
- alex_ has joined #dnt
- 19:32:54 [jmayer]
- matthias: most enterprises will not use this
- 19:33:06 [alex_]
- q+
- 19:33:28 [jmayer]
- rob: don't like use of the term without more clarity
- 19:33:48 [aleecia]
- q?
- 19:33:56 [jmayer]
- roy: without defining tracking, this violates http semantics. good luck disagreeing with me on that.
- 19:34:10 [jmayer]
- tl: We can define compliance. That's fine.
- 19:34:31 [aleecia]
- q?
- 19:34:33 [jmayer]
- s/compliance/compliance and tokens/
- 19:35:08 [jmayer]
- <cross-talk>
- 19:35:09 [felten]
- Is anyone arguing that these fields should NOT have defined meanings?
- 19:35:11 [npdoty]
- is the only objection that these tokens point to defined terms? everyone agrees we should define terms
- 19:35:11 [aleecia]
- +1
- 19:35:19 [rigo]
- +1 to mts
- 19:35:29 [dwainberg]
- q+
- 19:35:32 [dwainberg]
- q?
- 19:35:32 [aleecia]
- ack WileyS
- 19:36:00 [npdoty]
- q+ to suggest the consent response to address WileyS's use case
- 19:36:03 [jmayer]
- +q
- 19:36:13 [rigo]
- I want the letter F
- 19:36:14 [jmayer]
- matthias: proposal <unclear>
- 19:36:26 [jmayer]
- WileyS: Let's talk about how to respond to non-compliant user agents.
- 19:36:57 [aleecia]
- q?
- 19:37:00 [jmayer]
- matthias: Not quite what we're working on.
- 19:37:03 [hober]
- rigo++
- 19:37:09 [npdoty]
- tl: have an extra token for "reject" or "not complying with the spec on this request"
- 19:37:18 [jmayer]
- aleecia: Still an open issue, have to give it the time it deserves.
- 19:37:31 [npdoty]
- ack amyc
- 19:37:47 [rigo]
- hober :)
- 19:37:52 [jmayer]
- s/have/could have/
- 19:37:56 [aleecia]
- ack amyc
- 19:38:13 [jmayer]
- amyc: could use out-of-band mechanisms for conveying they're super-privacy-preserving
- 19:38:13 [rigo]
- hober, I could also live with fy
- 19:38:37 [aleecia]
- ack fielding
- 19:38:38 [jmayer]
- tl: some companies want to make stronger claims about what they do
- 19:38:52 [npdoty]
- q-
- 19:38:58 [rigo]
- q?
- 19:39:00 [aleecia]
- ack alex_
- 19:39:27 [aleecia]
- ack dwainberg
- 19:39:31 [jmayer]
- alex_: Where's the consensus proposal?
- 19:39:39 [jmayer]
- Did someone claim this was consensus?
- 19:39:57 [npdoty]
- will paste in Ninja's email again: http://www.w3.org/mid/4F3935E4.4030101@datenschutzzentrum.de
- 19:40:14 [jmayer]
- dwainberg: Ok if this is an "I think I'm not covered"
- 19:40:25 [npdoty]
- dwainberg, what would "not covered" mean?
- 19:40:34 [jmayer]
- tl: That's not what this is. "n" is a stronger statement than "3"
- 19:40:47 [jmayer]
- matthias: A third class of compliance, super-compliance.
- 19:41:09 [jmayer]
- -q
- 19:41:21 [hober]
- ScribeNick: erikn
- 19:41:39 [jmayer]
- matthias: Any objections to the 1/3/n compliance approach?
- 19:41:52 [jmayer]
- s/compliance/compliance expression/
- 19:41:58 [erikn]
- WileyS: I think there will be a fifth
- 19:42:14 [erikn]
- matthias: agreed that there are *at least* 4: u, 1, 3, n.
- 19:42:14 [hwest]
- So, we will need to outline at least one more state for the compliance doc?
- 19:42:19 [jmayer]
- CONSENSUS: There will be, at minimum, these four values.
- 19:42:28 [erikn]
- … this is in the header field
- 19:42:37 [npdoty]
- everyone can live with at least u/1/3/n in the response header field (and probably similar in the well-known uri)
- 19:42:40 [aleecia]
- Agreed: first character of u, 1, 3, n (obviously new issues could add to this later)
- 19:42:48 [erikn]
- … and is a guiding input for our WKL
- 19:42:56 [WileyS]
- Aleecia - are you going to discuss the next face-to-face soon? Many folks are leaving at 1pm.
- 19:43:08 [erikn]
- … so now let's talk about the next part of that field
- 19:43:13 [aleecia]
- Good point. Short answer:
- 19:43:20 [aleecia]
- We're not done...
- 19:43:20 [erikn]
- … should it be possible to distinguish between a service provider for the first party and others?
- 19:43:29 [WileyS]
- LOL - fairly obvious
- 19:43:30 [tl]
- +q
- 19:43:42 [erikn]
- … maybe we don't need to do that here. expose internal details like that. Doesn't matter if it follows all the requirements
- 19:43:54 [aleecia]
- and the next meeting should likely not be before September since finding time over the summer without running into vacations
- 19:43:58 [rigo]
- hober, I think U+1F4A9 is the think we MUST use
- 19:44:11 [jmayer]
- +q
- 19:44:12 [erikn]
- tl: in the cases where abobe.com (for example) is run by amazon.com, there's a difficulty for the user. not clear what party is guarding their data
- 19:44:15 [alex]
- alex has joined #dnt
- 19:44:26 [aleecia]
- Which, as you might guess, kind of kills me to admit. But.
- 19:44:46 [erikn]
- … say I have some analytics company that runs analytics off their domain, and has a service provider relationship. I (user) might think it is a first party, as opposed to "in the shoes of" the first party
- 19:44:46 [aleecia]
- If anyone can volunteer to host in Europe, that would be most welcome
- 19:44:48 [rigo]
- q?
- 19:44:52 [rigo]
- q+
- 19:44:56 [aleecia]
- ack tl
- 19:45:03 [erikn]
- matthias: if they both comply and tell you "1", why do you care?
- 19:45:22 [erikn]
- tl: amazon isn't the same party as adobe. Visiting amazon.com doesn't involved adobe.
- 19:45:26 [hwest]
- q+
- 19:45:32 [erikn]
- Roy: only because you defined party in a way that doesn't make sense to users
- 19:45:35 [aleecia]
- ack jmayer
- 19:45:50 [erikn]
- jmayer: where do we land outsourcing in the spec? Doesn't have to be here.
- 19:46:09 [npdoty]
- a lot of people don't care which particular section we put it in -- +1
- 19:46:24 [erikn]
- … that's one issue. Separate issue: when the user gets a response, can determine if it is an "ordinary" first party versus an entity that's doing outsourcing stuff
- 19:46:32 [Chesterj2]
- Chesterj2 has joined #dnt
- 19:46:42 [aleecia]
- Shane, does that answer what you were looking for?
- 19:46:45 [erikn]
- … I think we should be able to distinguish, in part due to the risk of claiming outsourcing to stretch the 1st-party definition
- 19:46:50 [Chesterj2]
- +q
- 19:47:07 [aleecia]
- ack rigo
- 19:47:08 [npdoty]
- jmayer: I think it's important to have transparency, given how some have suggested using the outsourcing exception
- 19:47:08 [erikn]
- … again, this is separate from if there is a different token in this header field to distinguish this
- 19:48:26 [erikn]
- rigo: we try with our definitions to explain relationships (like one processes data on behalf of another), then we might end up describing all relationships like who hosts this server's cloud data
- 19:48:31 [felten]
- q?
- 19:48:31 [aleecia]
- ack hwest
- 19:48:35 [erikn]
- … the header field is not the right location to do that
- 19:48:49 [felten]
- q+
- 19:48:51 [tl]
- +q
- 19:49:01 [erikn]
- hwest: can decide we want to pack a lot of data into this header, but that isn't realistic. What is actionable knowing this is a service provider?
- 19:49:02 [jmayer]
- +q
- 19:49:09 [aleecia]
- ack Chesterj
- 19:49:16 [rigo]
- perhaps you want more information on service providers and explicit third parties and what they do, but that shouldn't go into the header
- 19:49:26 [rigo]
- q+
- 19:49:30 [fielding]
- q+
- 19:49:36 [aleecia]
- ack felten
- 19:49:40 [erikn]
- Chesterj: I think transparency is important. Users will make decisions as they learn about the process based on practices of service providers
- 19:49:42 [jmayer]
- hwest, see my earlier comment about transparency into how the outsourcing exception is used. Want to be sure it's not getting stretched.
- 19:50:02 [erikn]
- hwest: if my 3rd party is Amazon, you don't have a choice to not interact with them if you want to use my website
- 19:50:15 [aleecia]
- ack felten
- 19:50:15 [erikn]
- Chesterj2: right, I can choose not to interact with you
- 19:50:56 [aleecia]
- ack tl
- 19:50:56 [erikn]
- felten: say I go to a.com and it uses sp.com. I might care if sp.com is a service provider or a first party, because it changes their ability to share data
- 19:51:15 [aleecia]
- ack jmayer
- 19:51:41 [erikn]
- jmayer: … agreeing with the preceding
- 19:51:44 [dwainberg]
- q+
- 19:52:13 [erikn]
- … there are benefits even to the DNT ecosystem, outside of any individual user. research, regulatory, and other interests
- 19:52:14 [aleecia]
- ack rigo
- 19:52:31 [aleecia]
- going once...
- 19:52:41 [aleecia]
- zakim, close queue
- 19:52:41 [Zakim]
- ok, aleecia, the speaker queue is closed
- 19:53:03 [rvaneijk]
- "For the EU, the outsourcing scenario is clearly regulated. In the current EU Directive 95/46/EC, but also in the suggested regulation reforming the data protection regime, an entity using or processing data is subject to data protection law. A First Party (EU: data controller) is an entity or multiple entities (EU: joint data controller) who determines the purposes, conditions and means of...
- 19:53:05 [rvaneijk]
- ...the data processing will be the data controller. A service provider (EU: data processor) is an entity with a legal contractual relation to the Data Controller. The Service Provider does determine the purposes, conditions and means of the data processing, but processes data on behalf of the controller. The data processor acts on behalf of the data controller and is a separate legal entity....
- 19:53:06 [rvaneijk]
- ...An entity acting as a first party and contracting services of another party is responsible for the overall processing. A third party is an entity with no contractual relation to the Data Controller and no specific legitimacy or authorization in processing personal data. If the third party has own rights and privileges concerning the processing of the data collected by the first party, it...
- 19:53:09 [rvaneijk]
- ...isn't a data processor anymore and thus not covered by exemptions. This third party is then considered as a second data controller with all duties attached to that status. As the pretensions of users are based on law, they apply to first and third party alike unless the third party acts as a mere data processor."
- 19:53:11 [erikn]
- rigo: this conclusion is only valid under a certain definition of service provider. If it is the EU "data processor" can only process data on behalf of the first party. In this case, it can't share.
- 19:53:40 [erikn]
- … we don't have any data bleed then. Just an extension of a first party. Might be informational to distinguish, but then don't overload the header
- 19:53:40 [hober]
- q?
- 19:53:46 [hober]
- ack fielding
- 19:53:48 [aleecia]
- ack fielding
- 19:53:55 [felten]
- q+
- 19:54:14 [erikn]
- fielding: agree with Rigo that his service provider definition agrees with that, in disagreement with felten's scenario
- 19:54:36 [erikn]
- … like employees. I don't have a right to know which employees at Microsoft have access to my Microsoft data
- 19:54:44 [jmayer]
- My three rationales for drawing the first-party vs. service provider distinction in response/well-known URI: 1) different sharing boundaries for information (users might care), 2) different use direction for information (users might care), 3) ability to check application of outsourcing exception (researchers/advocates/policymakers might care).
- 19:54:45 [npdoty]
- it may be that we're not quite sure what "service provider" will ultimately mean
- 19:54:58 [hober]
- ack dwainberg
- 19:55:12 [erikn]
- dwainberg: Rigo and Roy made my points. This is a choice mechanism, not a transparency mechanism.
- 19:55:25 [erikn]
- … there will be friction to small publishers and small companies more impacted
- 19:56:15 [erikn]
- felten: go to a.com, redirecting me to sp.com, acting as a service provider to a.com. Data can be shared within a.com, but not within sp.com (I might have that backward). Point being where data can be shared is still impacted
- 19:56:28 [erikn]
- fielding: this does not replace the privacy policy, which tells users these things
- 19:56:54 [erikn]
- matthias: suggest we move this out of the header field
- 19:57:00 [erikn]
- … can put that in the WKL
- 19:57:00 [felten]
- Privacy policy doesn't tell me who is a first party vs. service provider in a specific interaction.
- 19:57:14 [erikn]
- tl: objects
- 19:57:41 [erikn]
- … if I can't tell if Amazon is a first party (Amazon) or a service provider, I don't know where my data can go. Without the s token, I can't distinguish this.
- 19:58:05 [erikn]
- … these cases are manifoldly different, so we cannot remove this token and still have a user understand
- 19:58:19 [erikn]
- matthias: let's try the reverse approach. who can't live with exposing this information?
- 19:58:29 [WileyS]
- Aleecia, that makes sense. We need to first find a host and THEN we can announce the 8 week timeframe. Any chance we can go back to DG Info / EU Commission again to host us?
- 19:58:47 [Chesterj2]
- we need time to sum up where we are, were we go.
- 19:58:53 [erikn]
- fielding: there can be 20-30 service providers in a single response. can't put that in an "s"
- 19:58:56 [aleecia]
- zakim, open the queue
- 19:58:56 [Zakim]
- ok, aleecia, the speaker queue is open
- 19:59:02 [erikn]
- felten: not talking about a.com using infrastructure from others
- 19:59:25 [erikn]
- … if the UA sees a.com as where it's going, as opposed to being sent to a domain that's different
- 19:59:26 [aleecia]
- We can have the EC host, but we can also go elsewhere if we can find a host
- 19:59:31 [erikn]
- … can have infrastructure that's not visible to the UA
- 19:59:36 [npdoty]
- I think felten is pointing out that you can't distinguish the service-provider relationship from the multiple-first-party example
- 19:59:45 [WileyS]
- Yahoo's office in Brussels is tiny so I'm not helpful for Brussels.
- 19:59:50 [aleecia]
- We fall back to EC if needed but - know anyone with an office building in Paris, Rome, Florence?
- 19:59:54 [jmayer]
- +q
- 20:00:05 [erikn]
- … this doesn't touch a lot of the service provider cases
- 20:00:13 [aleecia]
- ack jmayer
- 20:00:24 [hwest]
- …Isn't hidden infrastructure more of a problem than exposed service providers?
- 20:00:25 [erikn]
- jmayer: this maybe needs much longer discussion.
- 20:00:38 [WileyS]
- Aleecia, I believe our Barcelona office may be large enough, I'll check (est 70 people, fair?)
- 20:00:49 [aleecia]
- q?
- 20:00:55 [felten]
- Ed says X != FTC says X
- 20:01:02 [aleecia]
- Lovely! Thank you!
- 20:01:15 [erikn]
- fielding: there are many service providers in that chain. there are limitations on what you can share
- 20:01:24 [aleecia]
- Estimate of 70 sounds right to me
- 20:01:26 [erikn]
- tl: it doesn't appear you are communicating with them
- 20:02:21 [aleecia]
- We clearly need to end the meeting so people can watch the game
- 20:02:32 [erikn]
- … go to x.com. I use rackspace, but you don't know that. If you go to x.rackspace.com, if they send you a response that says "1" in the header, you don't know if it's x or rackspace. If it's rackspace, it can share that in themselves
- 20:02:46 [aleecia]
- q?
- 20:02:52 [erikn]
- … if they are a SP for me, they can't use it for their own malarky. Otherwise they can
- 20:02:55 [hwest]
- Proposal: duke this out at some later date!
- 20:03:03 [erikn]
- npdoty: or multiple on one page
- 20:03:23 [aleecia]
- +1 heather
- 20:03:35 [erikn]
- matthias: evilempire.com … with an s flag, you know it's okay, but with a 1 flag you should be afraid. Isn't this Tom's point?
- 20:03:45 [erikn]
- fielding: go to the WKL and see who it is
- 20:03:51 [erikn]
- tl: no
- 20:03:52 [sidstamm]
- q+
- 20:03:58 [aleecia]
- thank you sid
- 20:04:15 [erikn]
- matthias: if they user has blacklisted evilempire, maybe only if it's itself and not acting as a service provider
- 20:04:31 [aleecia]
- ack sidstamm
- 20:04:33 [erikn]
- sidstamm: alternate rephrasing
- 20:05:10 [erikn]
- … there are SPs who have multiple customers. If they silo, they are acting kind of like 1P. If they are acting like a 3P, they could be sharing
- 20:05:32 [erikn]
- … in a SP context, would only share the data with the 1P acting on behalf of
- 20:05:44 [erikn]
- matthias: seem to have strong support for the s flag
- 20:05:52 [erikn]
- … so we'll create text for it in the next draft
- 20:06:33 [erikn]
- tl: in the next modification of the rec, it will have s, and then we will reconfirm the consensus to the draft?
- 20:06:38 [erikn]
- matthias: yes
- 20:06:41 [aleecia]
- Agreed: adding s to next draft, will review text
- 20:07:48 [npdoty]
- tl, it's not in the editor's draft right now
- 20:07:53 [erikn]
- ACTION: Matthias to update text based on tl's proposal, due 6/29/2012
- 20:07:53 [trackbot]
- Sorry, amibiguous username (more than one match) - Matthias
- 20:07:53 [trackbot]
- Try using a different identifier, such as family name or username (eg. mschunte2, mschunte)
- 20:08:09 [aleecia]
- thank you Erik
- 20:08:11 [tl]
- +q
- 20:08:26 [npdoty]
- ACTION: mschunte2 to update text based on tl's proposal, due 6/29/2012
- 20:08:26 [trackbot]
- Created ACTION-223 - Update text based on tl's proposal, due 6/29/2012 [on Matthias Schunter - due 2012-06-29].
- 20:09:19 [aleecia]
- shane & tom agree
- 20:09:20 [erikn]
- WileyS: why look for such a short response header and pressing very hard for brevity? The response content will far exceed the header.
- 20:09:27 [erikn]
- matthias: reduce complexity as much as possible
- 20:09:44 [erikn]
- … are all the tokens essential?
- 20:09:52 [erikn]
- <tokens displayed on screen>
- 20:10:08 [dwainberg]
- q+
- 20:10:22 [erikn]
- fielding: meaning of tokens is to say the site is tracking, but only doing so for this particular exception or another
- 20:10:27 [erikn]
- … not a list of all permitted uses
- 20:10:54 [erikn]
- http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#status-response-value
- 20:10:55 [ifette]
- Are we still making progress? or would this be a good place to break...
- 20:11:54 [ifette]
- hober, by "break" i meant stop this subject, wrap up, and call it a day
- 20:12:00 [erikn]
- npdoty: is this not 1:1 with permitted uses?
- 20:12:03 [erikn]
- fielding: yes
- 20:12:04 [tl]
- q?
- 20:12:05 [aleecia]
- q?
- 20:12:16 [erikn]
- matthias: intent is to explain
- 20:12:21 [felten]
- 1-1 with permitted uses, plus one more for prior consent
- 20:12:28 [ifette]
- s/ifette:/ifette,/
- 20:12:41 [ifette]
- s/ifette:/ifette,/
- 20:12:43 [aleecia]
- ack tl
- 20:12:46 [hwest]
- q+
- 20:12:48 [ifette]
- s/ifette:/ifette,/
- 20:12:59 [erikn]
- tl: almost all to line up with permitted uses. Will be slightly out of sync as we revise
- 20:13:06 [erikn]
- … p is the exception to that.
- 20:13:18 [erikn]
- … p is not a narrow use; not on the list of permitted uses
- 20:13:20 [jeffwilson]
- q+
- 20:13:31 [aleecia]
- ack dwainberg
- 20:13:34 [erikn]
- matthias: is this needed?
- 20:13:45 [felten]
- How much do users and UAs care?
- 20:13:47 [erikn]
- dwainberg: p is valuable. everything else adds complexity
- 20:13:58 [erikn]
- … and doesn't provide a lot of value
- 20:14:15 [WileyS]
- Tom, who would ever not implement all of them? Use case?
- 20:14:17 [aleecia]
- ack hwest
- 20:14:18 [erikn]
- … have to parse, understand the spec, make decisions. Easier for engineers than lawyers and others
- 20:14:25 [WileyS]
- Or add an "all"
- 20:14:25 [erikn]
- hwest: agree with dwainberg
- 20:14:33 [tl]
- WileyS: I might.
- 20:14:37 [aleecia]
- ack jeffwilson
- 20:14:42 [erikn]
- … if we want this field, we should just have the permitted uses
- 20:14:47 [WileyS]
- Build an entire spec on one web sites use?
- 20:14:53 [tl]
- +q
- 20:15:04 [erikn]
- matthias: assume that except for p that they are aligned with the permitted uses
- 20:15:10 [WileyS]
- +q
- 20:15:16 [dwainberg]
- q+
- 20:15:28 [aleecia]
- (I asked him early, he is right)
- 20:15:29 [erikn]
- jeffwilson: it seems like p needs to be a response code
- 20:15:35 [hwest]
- hwest: there is no reason to add complexity with this
- 20:15:45 [aleecia]
- (auto correct for the lose)
- 20:15:49 [erikn]
- matthias: should there be a signal for prior consent?
- 20:15:54 [erikn]
- group: yes
- 20:16:11 [hwest]
- q+
- 20:16:13 [amyc]
- +1 hwest
- 20:16:18 [aleecia]
- ack tl
- 20:16:46 [erikn]
- tl: if you think most people will use all the tokens, then they can be optional. None == all, but if you say some, you have to mean just that
- 20:16:56 [erikn]
- … specifying that I do one and not others is a use case
- 20:16:58 [aleecia]
- ack WileyS
- 20:16:59 [felten]
- How much do users and UAs care about these tokens?
- 20:17:14 [aleecia]
- How do we answer that yet?
- 20:17:18 [erikn]
- matthias: do we want to communicate the different permitted uses?
- 20:17:29 [aleecia]
- I'd suggest we implement this and see
- 20:17:34 [erikn]
- … do we agree to spell them out?
- 20:17:38 [hwest]
- I would phrase it as "I see no reason to add this complexity"
- 20:17:45 [sidstamm]
- it would be nice for me as a user to know who is protecting me from fraud (for example)
- 20:17:45 [vinay_]
- q+ meme
- 20:17:54 [erikn]
- WileyS: agree there is little value, is weight and complexity
- 20:18:01 [erikn]
- … shouldn't design for just a few sites
- 20:18:11 [aleecia]
- q+
- 20:18:14 [tl]
- +q
- 20:18:30 [aleecia]
- ack dwainberg
- 20:18:32 [erikn]
- … for sites that want to show their DNT compliance is better, can specify that outside the standard
- 20:18:38 [hwest]
- -q
- 20:18:54 [sidstamm]
- q+
- 20:18:55 [erikn]
- dwainberg: should leave it all out. Especially "L" (local constraints)
- 20:18:57 [aleecia]
- ack meme
- 20:19:09 [erikn]
- tl: happy to remove "L"
- 20:19:18 [erikn]
- meme: for DNT, less is more if we want adoption
- 20:19:21 [tl]
- -q
- 20:19:22 [tl]
- +q
- 20:19:29 [erikn]
- … we should offer "compliant" or "not compliant"
- 20:19:31 [aleecia]
- ack aleecia
- 20:19:35 [erikn]
- … otherwise it will be complex and not get used
- 20:19:54 [erikn]
- aleecia: question to EU side. Does it matter for compliance if they specify or not?
- 20:20:00 [erikn]
- group: no
- 20:20:02 [aleecia]
- ack sidstamm
- 20:20:24 [rigo]
- q+
- 20:20:32 [aleecia]
- ack tl
- 20:20:34 [erikn]
- sidstamm: we should think about people using UAs. This could be beneficial to them. I'd like to know what sites are protecting me from fraud. That would be kind of cool.
- 20:20:41 [WileyS]
- Read their privacy policy or follow the "Pointer"
- 20:20:48 [WileyS]
- Q+
- 20:20:50 [fielding]
- q+
- 20:20:58 [aleecia]
- ack rigo
- 20:21:36 [aleecia]
- ack WileyS
- 20:21:41 [erikn]
- rigo: has long said it is worth giving users this kind of information. But it's being shoehorned into the wrong tool.
- 20:21:42 [sidstamm]
- q+
- 20:21:52 [aleecia]
- has the web changed at all in 10 years?
- 20:22:06 [erikn]
- WileyS: can we use the Pointer to provide these kinds of details? Optional and can individuate permitted uses there.
- 20:22:13 [aleecia]
- ack fielding
- 20:22:26 [aleecia]
- ack sidstamm
- 20:22:34 [tl]
- +q
- 20:22:35 [erikn]
- fielding: fine with not having these values. Was trying to cover all use cases, but if the group decides not sufficient, that's fine
- 20:22:38 [aleecia]
- zakim close queue
- 20:22:58 [erikn]
- sidstamm: there is value to users
- 20:23:02 [hober]
- ack tl
- 20:23:12 [erikn]
- tl: these can be in the tracking status resource, not in the header
- 20:23:37 [erikn]
- matthias: we have consensus to remove the tokens except for p
- 20:23:54 [erikn]
- tl: and make it optional in the status resource?
- 20:24:25 [erikn]
- tl: does anyone object?
- 20:24:41 [aleecia]
- AGREED: fields become part of optional URI
- 20:25:21 [fielding]
- s/optional URI/optional member of tracking status resource/
- 20:25:28 [aleecia]
- …except for p, which remains
- 20:25:36 [johnsimpson]
- johnsimpson has left #dnt
- 20:26:04 [erikn]
- aleecia: changing gears. next F2F
- 20:26:25 [erikn]
- … practically, not worth meeting before Sept due to schedules
- 20:26:31 [erikn]
- … looking for a host
- 20:26:42 [erikn]
- … straw man compliance draft coming out soon, to be taken up in calls
- 20:26:52 [rigo]
- I know that the European Commission is keen on hosting
- 20:26:55 [erikn]
- … we made progress in this meeting
- 20:27:09 [erikn]
- … thank you to everyone for your efforts, particularly Nick and Thomas
- 20:27:19 [erikn]
- … a huge thank you to Rigo
- 20:27:29 [erikn]
- … and also JC for coordination
- 20:27:37 [tedleung]
- tedleung has joined #dnt
- 20:27:42 [erikn]
- JC: and to those who provided food (missed the list)
- 20:27:53 [erikn]
- aleecia: and to Matthias for chairing this last session
- 20:28:10 [erikn]
- npdoty: and thanks to Aleecia!
- 20:28:18 [robsherman]
- robsherman has left #dnt
- 20:28:21 [hober]
- RRSAgent, generate minutes
- 20:28:21 [RRSAgent]
- I have made the request to generate http://www.w3.org/2012/06/22-dnt-minutes.html hober
- 20:29:13 [adrianba]
- adrianba has left #dnt
- 20:37:06 [fielding]
- rrsagent, list attendees
- 20:37:06 [RRSAgent]
- I'm logging. I don't understand 'list attendees', fielding. Try /msg RRSAgent help
- 20:37:32 [fielding]
- zakim, who is here
- 20:37:32 [Zakim]
- fielding, you need to end that query with '?'
- 20:37:53 [fielding]
- zakim, who is here?
- 20:37:53 [Zakim]
- sorry, fielding, I don't know what conference this is
- 20:40:41 [npdoty]
- npdoty has joined #dnt
- 20:42:04 [npdoty]
- rrsagent, bye
- 20:42:04 [RRSAgent]
- I see 12 open action items saved in http://www.w3.org/2012/06/20-dnt-actions.rdf :
- 20:42:04 [RRSAgent]
- ACTION: aleecia to issue a call for objections on symmetry/minimum number of choices [1]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/20-dnt-irc#T21-16-22
- 20:42:04 [RRSAgent]
- ACTION: rigo to send Nick photos from whiteboard to include in minutes [2]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/21-dnt-irc#T23-15-23
- 20:42:04 [RRSAgent]
- ACTION: brooks to draft tentative agreement on financial reporting breakout discussion [3]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/21-dnt-irc#T23-17-17
- 20:42:04 [RRSAgent]
- ACTION: fielding to change text around DNT "on"/"off"/ [4]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/22-dnt-irc#T16-16-32
- 20:42:04 [RRSAgent]
- ACTION: doty to write up proposal on issue-112 that we do exceptions based on origin [5]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/22-dnt-irc#T16-36-38
- 20:42:04 [RRSAgent]
- ACTION: fielding to add optional audit field array [6]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/22-dnt-irc#T17-31-36
- 20:42:04 [RRSAgent]
- ACTION: schunter to write up tl/matthias sub-group agreement on exception approach [7]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/22-dnt-irc#T18-52-09
- 20:42:04 [RRSAgent]
- ACTION: mschunte2 to write up tl/matthias sub-group agreement on exception approach [8]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/22-dnt-irc#T18-52-28
- 20:42:04 [RRSAgent]
- ACTION: mayer to draft optional version of explicit/explicit exception api [9]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/22-dnt-irc#T19-01-31
- 20:42:04 [RRSAgent]
- ACTION: ifette to document out-of-band js api [10]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/22-dnt-irc#T19-18-55
- 20:42:04 [RRSAgent]
- ACTION: Matthias to update text based on tl's proposal, due 6/29/2012 [11]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/22-dnt-irc#T20-07-53
- 20:42:04 [RRSAgent]
- ACTION: mschunte2 to update text based on tl's proposal, due 6/29/2012 [12]
- 20:42:04 [RRSAgent]
- recorded in http://www.w3.org/2012/06/22-dnt-irc#T20-08-26
- 20:42:22 [npdoty]
- trackbot, bye
- 20:42:22 [trackbot]
- trackbot has left #dnt
- 20:42:28 [npdoty]
- Zakim, bye
- 20:42:28 [Zakim]
- Zakim has left #dnt