IRC log of privacy on 2014-01-30

Timestamps are in UTC.

16:49:40 [RRSAgent]

RRSAgent has joined #privacy

16:49:40 [RRSAgent]

logging to http://www.w3.org/2014/01/30-privacy-irc

16:49:42 [trackbot]

RRSAgent, make logs 263

16:49:44 [trackbot]

Zakim, this will be

16:49:44 [Zakim]

I don't understand 'this will be', trackbot

16:49:45 [trackbot]

Meeting: Privacy Interest Group Teleconference

16:49:45 [trackbot]

Date: 30 January 2014

16:49:51 [npdoty]

rrsagent, make logs public

16:52:02 [tara]

tara has joined #privacy

16:52:50 [rigo]

zakim, this will be ping

16:52:50 [Zakim]

ok, rigo; I see Team_(privacy)16:49Z scheduled to start 3 minutes ago

16:55:21 [Zakim]

Team_(privacy)16:49Z has now started

16:55:28 [Zakim]

+[Apple]

16:55:36 [rigo]

rigo has changed the topic to: Agenda 30 Jan http://lists.w3.org/Archives/Public/public-privacy/2014JanMar/0009.html

16:57:09 [christine]

christine has joined #privacy

16:57:21 [richt]

richt has joined #privacy

16:57:42 [Zakim]

+[IPcaller]

16:57:43 [Zakim]

-[IPcaller]

16:57:57 [christine]

Zakim, [IPcaller] is me

16:57:57 [Zakim]

sorry, christine, I do not recognize a party named '[IPcaller]'

16:58:22 [christine]

Zakim, IPcaller is me

16:58:22 [Zakim]

sorry, christine, I do not recognize a party named 'IPcaller'

16:58:40 [fjh]

zakim, who is here?

16:58:40 [Zakim]

On the phone I see [Apple]

16:58:41 [Zakim]

On IRC I see richt, christine, tara, RRSAgent, Zakim, npdoty, rigo, glenn, fjh, TallTed, wseltzer, trackbot

16:59:13 [Zakim]

+npdoty

16:59:34 [Zakim]

+[IPcaller]

16:59:49 [npdoty]

Zakim, [Apple] has tara

16:59:49 [Zakim]

+tara; got it

17:00:06 [npdoty]

Zakim, [IPcaller] is richt

17:00:06 [Zakim]

+richt; got it

17:00:42 [Zakim]

+karima

17:00:48 [Karima]

Karima has joined #privacy

17:01:14 [Ashok_Malhotra]

Ashok_Malhotra has joined #privacy

17:01:15 [tara]

Hi everyone. Waiting for a few more folks to join.

17:01:18 [Zakim]

+[IPcaller]

17:01:35 [christine]

Zakim, IPcaller is me

17:01:35 [Zakim]

+christine; got it

17:01:51 [Zakim]

+[IPcaller]

17:01:54 [fjh]

zakim, IPcaller is me

17:01:54 [Zakim]

+fjh; got it

17:02:12 [fjh]

zakim, who is here?

17:02:12 [Zakim]

On the phone I see [Apple], npdoty, richt, karima, christine, fjh

17:02:13 [Zakim]

[Apple] has tara

17:02:13 [Zakim]

On IRC I see Ashok_Malhotra, Karima, richt, christine, tara, RRSAgent, Zakim, npdoty, rigo, glenn, fjh, TallTed, wseltzer, trackbot

17:02:21 [Zakim]

+[CDT]

17:02:46 [Zakim]

+Ashok_Malhotra

17:03:43 [JoeHallCDT]

JoeHallCDT has joined #privacy

17:04:08 [Zakim]

+ +1.469.242.aaaa

17:04:18 [npdoty]

scribenick: npdoty

17:04:21 [JoeHallCDT]

alas, I cannot scribe today but promise next time

17:04:43 [npdoty]

Zakim, aaaa is FrankDawson

17:04:43 [Zakim]

+FrankDawson; got it

17:05:10 [Zakim]

+bblfish

17:05:26 [npdoty]

richt: Rich Tibbet from Opera, patches for Chromium/blink and work in standards, Network Services Discovery

17:05:38 [bblfish]

bblfish has joined #privacy

17:05:42 [bblfish]

hi

17:05:45 [npdoty]

Topic: Network Service Discovery

17:05:48 [christine]

http://www.w3.org/TR/discovery-api/

17:06:14 [npdoty]

richt: at a high level, connecting to devices / services on your network

17:06:27 [npdoty]

... UPNP/Zeroconf, which you may know as Bonjour

17:06:35 [npdoty]

... these protocols expose endpoint urls that speak http

17:06:56 [Zakim]

-FrankDawson

17:06:57 [npdoty]

... tried to get to a point where a developer can request a well-known service type so they can communicate with services on different devices

17:07:11 [npdoty]

... layered on top of HTTP, can use XHR

17:07:40 [npdoty]

... 1.5 years in; lots of feedback from implementer mailing lists, like from Mozilla / Chromium

17:07:53 [npdoty]

... some concerns about privacy and security, worry about exposing unsafe devices

17:08:04 [npdoty]

... extremely wide range of different devices and services

17:08:12 [Zakim]

+Clarke

17:08:24 [npdoty]

... change volume on your speaker, but also can change configuration of your router

17:08:43 [npdoty]

... in terms of security, added a requirement to the specification that services that want to be exposed, need to implement CORS

17:08:51 [Clarke]

Clarke has joined #privacy

17:08:59 [npdoty]

... expose HTTP headers that those services have been audited/cleared for sharing with web pages

17:09:14 [npdoty]

... that's the main mechanism for security

17:09:25 [npdoty]

... the other major part is how the user interacts

17:09:36 [Clarke]

Clarke Stevens from CableLabs just joined. I'm on the phone too.

17:09:45 [npdoty]

... a permissioning prompt where the user selects the services they want to share, like how we do geolocation

17:09:57 [npdoty]

... a certain degree of privacy and security, but looking for more input

17:10:20 [npdoty]

... any other ideas of what we can do, and an audit of how it works or whether anyone considers it unsafe

17:10:36 [npdoty]

... happy to answer questions

17:10:43 [fjh]

Present+ Frederick_Hirsch

17:10:52 [tara]

q?

17:10:53 [npdoty]

http://www.w3.org/TR/discovery-api/

17:10:53 [christine]

+q

17:10:53 [Clarke]

Present+ Clarke_Stevens

17:11:04 [npdoty]

ack christine

17:11:11 [wseltzer]

regrets+ wseltzer

17:11:12 [fjh]

q+

17:11:29 [yrlesru]

yrlesru has joined #privacy

17:11:35 [npdoty]

christine: appreciate your taking the time. forgive my introductory questions

17:12:06 [npdoty]

... permission prompt point -- what's the granularity or persistence of those permissions?

17:12:30 [npdoty]

richt: have a prototype, but haven't actually built the UI; have some experience with WebRTC and Geolocation previously

17:13:07 [npdoty]

... site requests a particular type of service, browser searches for a list of candidates, candidates are displayed to the user and can click share

17:13:33 [npdoty]

... specification describes longevity, that permissions have to be asked again after next loading of a page

17:13:47 [npdoty]

q+ to ask about persistence

17:14:35 [npdoty]

ack fjh

17:14:53 [npdoty]

fjh: for CORS, how do you know which origin corresponds to what?

17:15:27 [npdoty]

richt: look for the existence of CORS headers, looking for wildcard matching

17:15:49 [npdoty]

... no particularly good way for CORS to specify a local IP address which you don't know ahead of time

17:16:02 [npdoty]

q+ to ask if that's how CORS is intended

17:16:17 [npdoty]

... indicate to browsers in a general way that they're web-ready

17:16:51 [npdoty]

... as a user you could whitelist certain device types in your browser

17:17:09 [npdoty]

... in that case you could connect to legacy devices and services

17:17:19 [npdoty]

... likely to be an advanced option for users

17:17:38 [npdoty]

... or browsers could blacklist certain services, like routers, even if the user tries to whitelist them

17:17:58 [npdoty]

... a remedy for browser-makers to ensure user security

17:18:08 [npdoty]

fjh: how would you blacklist a router? what do you need to know?

17:18:24 [npdoty]

richt: there are well-known service types (defined by upnp), well-known strings

17:18:40 [npdoty]

ack npdoty

17:18:40 [Zakim]

npdoty, you wanted to ask about persistence and to ask if that's how CORS is intended

17:18:43 [richt]

please refer to the editor's draft: https://dvcs.w3.org/hg/dap/raw-file/tip/discovery-api/Overview.html

17:19:07 [richt]

The CORS mechanism has not yet been published in the TR version.

17:19:34 [fjh]

ndoty: is asking for permissions repeatedly intended usage of CORS

17:19:46 [fjh]

s/ndoty/npdoty/

17:19:47 [Zakim]

+ +1.214.566.aabb

17:20:13 [fjh]

richt: this approach is necessary, e.g. don't want automatic connection after a delay, e.g. 30 days

17:20:43 [fjh]

npdoty: another question, is this intended use of CORS header or are you just taking advantage of it

17:20:59 [yrlesru]

zakim aabb is yrlesru

17:21:19 [fjh]

richt: once have service endpoint URL it is a resource, so CORS is appropriate, browser enforces CORS mechanism

17:21:26 [fjh]

… using as specified

17:21:53 [fjh]

… but in discovery sending HTTP OPTIONS request, using response to see if CORS supported and has headers

17:22:00 [fjh]

… not changing CORS

17:22:22 [fjh]

… potential issue with CORS regarding limit of exposure to local IP addresses, using wildcards

17:22:54 [yrlesru]

zakim, ??aabb is me

17:22:54 [Zakim]

sorry, yrlesru, I do not recognize a party named '??aabb'

17:23:04 [fjh]

… when searching, knowing requesting web page and origin, check that in service responses so wildcard not needed alwasy

17:23:25 [fjh]

… but sub domains might be an issue (???)

17:23:25 [yrlesru]

zakim, aabb is me

17:23:25 [Zakim]

+yrlesru; got it

17:23:33 [fjh]

s/alwasy/always

17:23:42 [npdoty]

scribenick: npdoty

17:23:53 [npdoty]

tara: any points that haven't been asked about yet?

17:24:10 [npdoty]

richt: CORS, user-whitelisting or ua-blacklisting

17:24:37 [npdoty]

... different ways we could approach this problem -- building on top of existing APIs like XHR and WebSockets

17:24:50 [npdoty]

... powerful, but low-level

17:24:57 [npdoty]

q+ to ask about identifiers

17:25:30 [npdoty]

... right now talking XML, but could next be JSON or WebSocket -- not very specific to UPNP, for example

17:26:10 [fjh]

npdoty: common issue is unique identifiers can be used to correlate activity or re-identify user in unexpected manner

17:26:22 [fjh]

… is identifier being given to endpoint

17:26:31 [fjh]

… can two web services correlate activity?

17:26:48 [fjh]

richt: spec does not deal with this, open DAP issue

17:27:12 [fjh]

… endpoint URL likely to have numeric component, exposing and leaking local IP configuration

17:27:18 [fjh]

… this is a concern

17:27:37 [fjh]

… discussing how to obfuscate local IP addresses, would appreciate PING feedback on this

17:27:44 [fjh]

… might be also an issue in WebRTC?

17:27:52 [fjh]

… probably not a good practice.

17:28:19 [fjh]

… obfuscating may create issue with responses containing IP addresses for media resources etc, so some thought required

17:28:30 [fjh]

… please give feedback on importance of issue and approaches

17:28:34 [fjh]

npdoty: will think about it

17:28:39 [npdoty]

scribenick: npdoty

17:28:54 [npdoty]

tara: may all need a bit more reflection over material from today

17:29:18 [fjh]

q+

17:29:19 [npdoty]

richt: we've concisely covered our issues. leaking IP address configuration is a key issue for feedback

17:29:22 [npdoty]

q-

17:29:23 [christine]

+q

17:29:33 [npdoty]

... editors' draft best for review (includes CORS)

17:29:37 [npdoty]

https://dvcs.w3.org/hg/dap/raw-file/tip/discovery-api/Overview.html

17:29:53 [yrlesru]

Would an alternative to persistent local IP address be capability for renewal of the identifier at user control?

17:30:04 [npdoty]

richt: any improvements for user privacy or security would be great

17:30:05 [fjh]

q?

17:30:08 [fjh]

ack fjh

17:30:14 [npdoty]

fjh: what's the schedule for review?

17:30:44 [npdoty]

richt: as long as it's not multiple months; blocker on implementation and want to calm concerns about security

17:31:09 [npdoty]

... privacy and security review takes as long as it takes and implementation is blocked until it's finished

17:31:33 [npdoty]

christine: the sooner the better but not overly demanding schedule

17:31:54 [npdoty]

... mentioned discussions of IP address leakage and obfuscation within DAP group

17:32:14 [npdoty]

... could you share the different possible mitigations?

17:32:45 [yrlesru]

2nd time to express my thoughts. Would an alternative to obfuscation of IP address be ability for user, on demand, to renew their identifier.

17:32:46 [npdoty]

richt: can obfuscate the endpoint URL easily, like a transparent proxy; the hard part is intercepting and rewriting the HTTP responses

17:33:20 [npdoty]

... any alternatives would be helpful

17:33:47 [fjh]

thanks rich for an excellent overview

17:34:18 [npdoty]

richt: thanks all for the discussion and ongoing review

17:34:32 [bblfish]

hi

17:34:34 [npdoty]

Topic: WebID

17:34:35 [christine]

+q

17:34:36 [richt]

thank you everyone.

17:34:51 [npdoty]

q+ bblfish

17:34:53 [npdoty]

ack christine

17:34:56 [bblfish]

np :-)

17:35:19 [npdoty]

christine: question about group status.

17:35:42 [bblfish]

https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index.html

17:35:44 [npdoty]

bblfish: was Incubator, now working as a Community Group

17:35:55 [fjh]

is there a link for the CG, participants?

17:36:05 [npdoty]

bblfish: would like to finish, publish specs hopefully by the summer

17:36:17 [richt]

would like to bring https://2x.io/read/security-by-obscurity to the attention of this group. RE: exposing local IP addresses to web pages in WebRTC (as I mentioned earlier on this call).

17:37:11 [christine]

Thanks for the clarification Nick

17:37:16 [christine]

No more from me

17:38:00 [npdoty]

bblfish: would like to push this up to the next stage, five years of work altogether

17:38:22 [npdoty]

... two specifications and an ontology

17:38:52 [npdoty]

... Web Identity and, separately, how do you communicate with WebID over TLS

17:39:04 [fjh]

q+ to ask about web id correlation

17:39:16 [npdoty]

... and then prototypes, for example, using access control for a wiki

17:39:26 [npdoty]

... using Linked Data

17:40:00 [npdoty]

... have added Privacy/Security Considerations sections to the two specs

17:40:05 [npdoty]

... new since we last talked here

17:40:18 [npdoty]

... looking for feedback on those sections

17:41:10 [npdoty]

... authentication over TLS, rather frequently implemented/used in browsers

17:41:13 [npdoty]

ack fjh

17:41:13 [Zakim]

fjh, you wanted to ask about web id correlation

17:41:21 [npdoty]

q- bblfish

17:41:40 [npdoty]

fjh: what the requirements are; is there an issue here of correlation which would need obfuscation

17:42:17 [npdoty]

bblfish: WebID does make it easy to link profiles, it is meant for that specifically to support a decentralized Social Web

17:42:39 [npdoty]

... can create p2p social networks over HTTP, reduces centralization which is advantageous, but leakage of links/URIs

17:43:26 [npdoty]

... costs are weighed against the benefit of that decentralized social networking

17:43:30 [yrlesru]

Was this the reference to use cases and requirements? , https://dvcs.w3.org/hg/ldpwg/raw-file/default/ldp-ucr.html#maintaining-social-contact-information

17:43:47 [npdoty]

... communicating over SSL can prevent eavesdropping

17:43:55 [npdoty]

fjh: just important to make the tradeoff clear

17:44:24 [npdoty]

tara: timeline?

17:44:44 [fjh]

thanks for clarifying the potential tradeoff between decentralization and potential for Service provider (web application) correlation based on ids

17:44:45 [npdoty]

bblfish: not a great hurry, but quick review of privacy and security sections would be helpful

17:45:21 [npdoty]

Topic: documents in progress

17:45:41 [npdoty]

tara: various documents in different stages of status

17:45:44 [npdoty]

... fingerprinting?

17:46:35 [fjh]

npdoty: regarding fingerprinting, made an update before the last call, had questions about feasibility of addressing the concern

17:46:46 [fjh]

… have some ideas but have not had a chance to write up yet

17:47:28 [fjh]

… would like some help with reviewing

17:47:29 [christine]

Thank you fjh - that would be helpful

17:47:57 [npdoty]

scribenick: npdoty

17:48:01 [christine]

yes, I realised that too late, sorry

17:48:15 [npdoty]

tara: comments elicited for EME and getUserMedia

17:48:46 [npdoty]

JoeHallCDT: I sent some notes late last year, a very well-considered document already

17:49:05 [npdoty]

... lacked a more systematic way of doing a review in a reputable process

17:49:36 [christine]

+q

17:49:46 [npdoty]

... if we want to do privacy reviews in a more standardized way, happy to do that (have more help inside CDT now)

17:49:53 [npdoty]

ack christine

17:50:49 [npdoty]

christine: pleased to hear your ability to participate

17:51:00 [bblfish]

yrlesru, thanks for the pointer to the WebId use case ( catching up on IRC )

17:51:24 [yrlesru]

ISO/IEC 29100:2011 Information technology -- Security techniques -- Privacy framework Is now publicly available at no cost at http://standards.iso.org/ittf/PubliclyAvailableStandards/c045123_ISO_IEC_29100_2011.zip

17:51:25 [npdoty]

JoeHallCDT: hoping to have more chance to engage, that PING would be a good place to have those discussions

17:51:53 [npdoty]

christine: current status on EME?

17:52:28 [yrlesru]

If Nick Doty can note this in minutes. This standard provides a standard privacy framework (terminology, roles, responsibilities, principles, etc) for privacy that is aligned with proposed EU DP Regulation in many ways.

17:52:57 [christine]

Thanks for the update re status on EME

17:52:59 [npdoty]

JoeHallCDT: a lot of tension, html media group very interested in closing down issues but still quite a bit of principled concern

17:53:24 [npdoty]

... also a separate alternative proposal in WHATWG

17:53:42 [npdoty]

... need some guidance

17:54:16 [npdoty]

... had already done a good job thinking about privacy, in the UA and in the CDMs

17:54:38 [yrlesru]

Joe, I would be available for a workshop on the subject during week of CDT Gala and IAPP in DC.

17:54:47 [npdoty]

... settle on a coordinated systematic way for doing a privacy review when someone comes up to PING

17:55:02 [npdoty]

... can't wrap it up without knowing what the framework should be

17:55:12 [yrlesru]

q+

17:55:14 [npdoty]

q+ to ask about learnings from EME

17:55:24 [christine]

+q

17:55:41 [npdoty]

... is "already looks good" an appropriate response?

17:55:55 [npdoty]

yrlesru: tried offline to start reviewing a number of specs

17:56:20 [npdoty]

... a number of framework approaches you can take -- classically, look at the data flows from the applicable privacy principles

17:56:32 [npdoty]

... or look at collection/storage/transfer/processing/

17:56:56 [npdoty]

... Hannes had proposed an approach that was a standard list of principles and threats, a potential checklist

17:57:45 [npdoty]

... 1) people come to us after the fact, a checkbox so that they can go to the next phase of implementation

17:58:23 [npdoty]

... or 2) talk to people earlier during the design alternatives phase, where we think through systematically the different ways we could think through

17:58:40 [npdoty]

... an ISO standard on privacy principles is now publicly available and may be useful

17:58:52 [npdoty]

http://standards.iso.org/ittf/PubliclyAvailableStandards/c045123_ISO_IEC_29100_2011.zip

17:59:20 [npdoty]

yrlesru: if we want to meet up in person around CDT event and try with a whiteboard, would work for me

17:59:34 [npdoty]

JoeHallCDT: can talk offline; IETF is a potential conflict

18:00:17 [npdoty]

tara: running out of time at this point, wrapping up comments

18:00:38 [christine]

quick point Tara before you close

18:00:40 [npdoty]

yrlesru: one problem that's come up: do we have a clear understanding of what the use cases are for an API?

18:00:42 [npdoty]

q-

18:00:48 [npdoty]

ack yrlesru

18:01:00 [npdoty]

... have seen that same problem crop up on other specs

18:01:02 [npdoty]

ack christine

18:01:15 [bblfish]

cool please let me know what questions we need to look at, answer :-)

18:01:20 [npdoty]

christine: really appreciate the enthusiasm to work out a structured way for PING to do privacy reviews

18:01:40 [npdoty]

... a key goal is to develop guidance and to develop the system for reviews

18:01:58 [npdoty]

... what we've been doing is having informal privacy reviews even while we're in process for developing guidance

18:02:40 [npdoty]

next call -- March 13th?

18:02:49 [npdoty]

(later than the first week of March, because of the IETF conflict)

18:02:51 [Zakim]

-Ashok_Malhotra

18:02:56 [Zakim]

-Clarke

18:02:56 [christine]

I'll also suggest a PING meeting at IETF on the mailing list

18:02:57 [bblfish]

thanks a lot

18:03:00 [Zakim]

-[CDT]

18:03:01 [Zakim]

-yrlesru

18:03:02 [Zakim]

-fjh

18:03:03 [Zakim]

-richt

18:03:04 [npdoty]

tara: thanks all

18:03:04 [Zakim]

-npdoty

18:03:06 [Zakim]

-christine

18:03:07 [Zakim]

-karima

18:03:07 [npdoty]

chair: tara

18:03:08 [Zakim]

-[Apple]

18:03:11 [Zakim]

-bblfish

18:03:12 [Zakim]

Team_(privacy)16:49Z has ended

18:03:12 [Zakim]

Attendees were npdoty, tara, richt, karima, christine, fjh, [CDT], Ashok_Malhotra, +1.469.242.aaaa, FrankDawson, bblfish, Clarke, +1.214.566.aabb, yrlesru

18:03:18 [npdoty]

rrsagent, please draft the minutes

18:03:18 [RRSAgent]

I have made the request to generate http://www.w3.org/2014/01/30-privacy-minutes.html npdoty

18:20:22 [JoeHallCDT]

JoeHallCDT has joined #privacy

18:36:33 [JoeHallCDT]

JoeHallCDT has joined #privacy

18:40:00 [richt]

richt has joined #privacy

18:45:40 [JoeHallCDT]

JoeHallCDT has left #privacy

19:32:43 [Karima]

Karima has joined #privacy

20:17:53 [Zakim]

Zakim has left #privacy

20:35:11 [richt]

richt has joined #privacy

20:36:40 [richt_]

richt_ has joined #privacy

20:49:30 [Karima]

Karima has joined #privacy

22:02:03 [richt]

richt has joined #privacy