IRC log of privacy on 2016-07-28
Timestamps are in UTC.
- 15:54:41 [RRSAgent]
- RRSAgent has joined #privacy
- 15:54:41 [RRSAgent]
- logging to http://www.w3.org/2016/07/28-privacy-irc
- 15:55:58 [Zakim]
- Zakim has joined #privacy
- 15:56:01 [wseltzer]
- present+ wseltzer
- 15:56:21 [weiler]
- weiler has joined #privacy
- 15:56:24 [wseltzer]
- present+ tara
- 15:56:26 [weiler]
- present+
- 15:57:16 [npdoty]
- npdoty has joined #privacy
- 15:57:53 [christine]
- christine has joined #privacy
- 15:57:58 [wseltzer]
- Meeting: Privacy Interest Group
- 15:58:05 [wseltzer]
- Chairs: Tara and Christine
- 15:58:42 [wseltzer]
- present+ christine
- 16:00:15 [yoav]
- yoav has joined #privacy
- 16:00:23 [tharindi]
- tharindi has joined #privacy
- 16:00:30 [barryleiba]
- barryleiba has joined #privacy
- 16:00:37 [Andrey_Logvinov]
- Present+ Andrey_Logvinov
- 16:01:03 [barryleiba]
- present+ Barry_Leiba
- 16:01:33 [weiler]
- Zakim, who is here?
- 16:01:33 [Zakim]
- Present: wseltzer, tara, weiler, christine, Andrey_Logvinov, Barry_Leiba
- 16:01:36 [Zakim]
- On IRC I see barryleiba, tharindi, yoav, christine, npdoty, weiler, Zakim, RRSAgent, Andrey_Logvinov, tara, shepazu_, ln5_, schuki, dveditz, mkwst, terri, Mek_, dustinm,
- 16:01:36 [Zakim]
- ... hadleybeeman, mounir, wseltzer, trackbot, plinss
- 16:01:39 [tara]
- agenda +Welcome and introductions
- 16:01:45 [tara]
- agenda +Wake Lock API privacy considerations
- 16:01:51 [weiler]
- scribe: weiler
- 16:02:18 [weiler]
- scribenick: weiler
- 16:02:42 [wseltzer]
- rrsagent, pointer?
- 16:02:42 [RRSAgent]
- See http://www.w3.org/2016/07/28-privacy-irc#T16-02-42
- 16:03:20 [weiler]
- tara: newcomers, please introduce yourselves.
- 16:03:41 [tara]
- agenda +Updated privacy and security considerations of the Vibration API
- 16:03:45 [weiler]
- Barry Leiba: work for Huawei; IETF veteran.
- 16:03:48 [npdoty]
- agenda here: https://lists.w3.org/Archives/Public/public-privacy/2016JulSep/0010.html
- 16:04:05 [weiler]
- Andrey_Logvinov:
- 16:04:29 [weiler]
- Craig Spiezle: <inaudible>
- 16:04:48 [wseltzer]
- s/Logvinov:/Logvinov: Yandex, working on wake lock API
- 16:05:11 [weiler]
- Mike: wants to talk re: an issue in webappsec
- 16:05:37 [wseltzer]
- zakim, take up agendum 2
- 16:05:37 [Zakim]
- agendum 2. "Wake Lock API privacy considerations" taken up [from tara]
- 16:06:06 [weiler]
- tara: introduced Andrey to talk about wake lock API
- 16:06:18 [tara]
- https://www.w3.org/TR/wake-lock/
- 16:07:25 [weiler]
- andrey: concern that lock and keep screen awake and burn battery. other things (video) do this, too.
- 16:07:33 [weiler]
- barry: what's the privacy issue?
- 16:07:34 [npdoty]
- presumably the hidden video hack is a bug, not functionality to maintain
- 16:08:04 [tara]
- https://github.com/w3c/wake-lock/issues/78
- 16:08:05 [weiler]
- andrey: no privacy issue. but another device could see that the device is awake. could create a side channel. Not sure if danger is real.
- 16:08:32 [weiler]
- s/that lock and/that lock can/
- 16:09:00 [npdoty]
- q+
- 16:09:23 [wseltzer]
- ack np
- 16:09:54 [tara]
- agenda + Fingerprinting Guidance for Web Specification Authors
- 16:10:06 [tara]
- agenda +Privacy questionnaire
- 16:10:10 [mikeoneill]
- mikeoneill has joined #privacy
- 16:10:17 [tara]
- agenda +EME
- 16:10:22 [weiler]
- npdoty: other APIs have some limitation re: "only applicable when the screen is on", so as to prevent surreptitious / background abuse.... geolocation, camera/microphone.
- 16:10:23 [wseltzer]
- q+ to ask about secure contexts
- 16:10:30 [tara]
- agenda +WebRTC
- 16:10:36 [weiler]
- ... if they can keep screen on w/o user realizing it, could have implications for these other APIs
- 16:10:58 [tara]
- agenda +TPAC
- 16:11:10 [tara]
- agenda +WebAppSec
- 16:11:11 [christine]
- q+
- 16:11:29 [marta]
- marta has joined #privacy
- 16:11:58 [weiler]
- andrey: is is correct that APIs should not be allowed to wake device/screen -- they just prevent locking, they don't enable wake. right?
- 16:12:25 [weiler]
- npdoty: @@
- 16:12:49 [weiler]
- s/is is/ is it/
- 16:13:44 [npdoty]
- s/@@/my concern is that keeping a wake lock that keeps the screen on might make it easier to extend other API capabilities in unexpected ways
- 16:13:47 [wseltzer]
- -> https://www.w3.org/TR/secure-contexts/ Secure Contexts
- 16:13:57 [weiler]
- wendy: is this a feature that should be available only in secure contexts?
- 16:14:05 [weiler]
- andrey: maybe
- 16:14:50 [yoav]
- yoav has joined #privacy
- 16:14:58 [npdoty]
- christine++
- 16:15:35 [tara]
- q?
- 16:15:38 [tara]
- ack ws
- 16:15:38 [Zakim]
- wseltzer, you wanted to ask about secure contexts
- 16:15:43 [tara]
- ack ch
- 16:16:07 [weiler]
- christine: latest version of spec talk basically re: battery. need to thing about nick's concern... there are privacy implications. users may not be aware of background tasks e.g. tracking location because wake lock has been enabled for other applications. need to think re: wendy's Q.
- 16:16:21 [weiler]
- ... cross-origin linking: not sure if that's a risk or not. should look at it.
- 16:16:36 [tara]
- q?
- 16:16:44 [weiler]
- andrey: something we should consider.
- 16:17:23 [weiler]
- tara: to andrey: any other questions for the group? looking for comments by end of Aug?
- 16:17:27 [marta]
- can you resend the link please?
- 16:17:41 [npdoty]
- do you have any particular questions for us?
- 16:17:55 [npdoty]
- Wake Lock API editor's draft is here: https://w3c.github.io/wake-lock/
- 16:18:01 [christine]
- q+
- 16:18:20 [weiler]
- Andrey: no further Q. (no comment on deadline.)
- 16:18:49 [marta]
- I can do it
- 16:18:51 [weiler]
- christine: would someone on call take task to compile PING's feedback to group re: privacy considerations?
- 16:19:16 [wseltzer]
- present+ marta
- 16:20:20 [npdoty]
- can we get the deadline for comments in the minutes?
- 16:21:31 [weiler]
- tara: vibration API - deferred.
- 16:22:22 [npdoty]
- https://lists.w3.org/Archives/Public/public-privacy/2016JulSep/0016.html
- 16:22:25 [weiler]
- npdoty: made some updates on fingerprinting guidance doc over the last month.
- 16:23:13 [weiler]
- ... big changes, trying to address comments received: title [is that such a big change?], added examples,
- 16:23:17 [tara]
- Re: Wake lock - email list said "We would appreciate to receive your feedback before the end of August"
- 16:23:24 [tara]
- "the preferred method for feedback is to file issues in our github repository: https://github.com/w3c/wake-lock/issues"
- 16:24:24 [weiler]
- ... (e.g. re: battery status, sensors, proximity, flash plugins, ...), updated research section.
- 16:24:33 [npdoty]
- https://github.com/w3c/fingerprinting-guidance/issues
- 16:24:41 [weiler]
- ... everything else was clarification/wording.
- 16:25:06 [weiler]
- ... seven open issues. edits to date address five. need input on two. asked TAG for input on their comments.
- 16:25:34 [tara]
- q?
- 16:25:39 [mikeoneill]
- q
- 16:25:41 [christine]
- q-
- 16:25:49 [mikeoneill]
- q+
- 16:25:54 [weiler]
- ... if this group agrees on the "pending review" items, we can close them.
- 16:26:14 [wseltzer]
- zakim, who is here?
- 16:26:14 [Zakim]
- Present: wseltzer, tara, weiler, christine, Andrey_Logvinov, Barry_Leiba, marta
- 16:26:17 [Zakim]
- On IRC I see marta, mikeoneill, barryleiba, tharindi, christine, npdoty, weiler, Zakim, RRSAgent, Andrey_Logvinov, tara, shepazu_, ln5_, schuki, dveditz, mkwst, terri, Mek_,
- 16:26:17 [Zakim]
- ... dustinm, hadleybeeman, mounir, wseltzer, trackbot, plinss
- 16:26:17 [wseltzer]
- present+ mikeoneill
- 16:26:44 [tara]
- ack mi
- 16:27:28 [weiler]
- mikeoneill: @@ ... protocol has a header origin policy. server says "random", and client bounces it back. spec says that rules of third party header should follow cookies
- 16:28:45 [weiler]
- ... if interested in this, looks at webappsec. does this need to be talked about? e.g. should there be an API so user can see if fingerprinting is happening?
- 16:28:52 [npdoty]
- http://w3c.github.io/fingerprinting-guidance/#clearing-all-local-state
- 16:29:48 [weiler]
- npdoty: this keeps coming up. might be moved to a different doc. heard two suggestions: #1 should avoid unnecessary new mechanisms. #2 enable clearing at the same time as cookies
- 16:29:52 [terri]
- present+ terri
- 16:30:02 [weiler]
- ... don't think users care re: difference
- 16:30:50 [weiler]
- mikeoneill: info should be there for browsers to offer privacy add-ons. @@ .. if recommendation comes out for a a new API re: fingerprinting risks, it should covered by permissions API.
- 16:31:16 [weiler]
- npdoty: you can control your user agent w/o an API
- 16:32:00 [tara]
- q?
- 16:32:29 [weiler]
- npdoty: could you review this section of the doc? it's not making UI suggestions now; maybe it should.
- 16:32:37 [weiler]
- mikeoneill: I'll look over the weekend.
- 16:33:05 [weiler]
- tara: recap: you're waiting for comments on a couple of issues, and want us to review the rest.
- 16:34:09 [wseltzer]
- agenda?
- 16:34:16 [weiler]
- tara: privacy questionnaire.
- 16:34:17 [wseltzer]
- zakim, take up agendum 5
- 16:34:17 [Zakim]
- agendum 5. "Privacy questionnaire" taken up [from tara]
- 16:34:49 [weiler]
- ... christine not answering, so moving on.
- 16:34:56 [weiler]
- zakim, take up agendum 6
- 16:34:56 [Zakim]
- agendum 6. "EME" taken up [from tara]
- 16:35:01 [christine]
- christine has joined #privacy
- 16:35:07 [tara]
- https://github.com/w3c/encrypted-media/issues/221#issuecomment-233498615
- 16:35:15 [wseltzer]
- i|https://lists.w3.org/Archives/Public/public-privacy/2016JulSep/0016.html|Topic: Fingerprinting Guidance for Web Specification Authors
- 16:35:17 [tara]
- https://w3c.github.io/encrypted-media/#privacy
- 16:35:20 [christine]
- apologies all - computer crashed
- 16:35:42 [weiler]
- tara: joe hall says that EME is going to PR in a few weeks. privacy section has been fleshed out. they'd like some review. if you missed that, I'm sure they'd appreciate comments - don't want to joe to ask.
- 16:35:53 [weiler]
- s/want/wait/
- 16:36:30 [npdoty]
- EME has a very lengthy priv/sec considerations section, which looks interesting and will take some effort to review
- 16:36:41 [weiler]
- zakim, take up agendum 4
- 16:36:41 [Zakim]
- agendum 4. "Fingerprinting Guidance for Web Specification Authors" taken up [from tara]
- 16:36:56 [weiler]
- chrisinte: we asked the IAB if they'd like to give up any feedback
- 16:37:00 [weiler]
- zakim, take up agendum 5
- 16:37:00 [Zakim]
- agendum 5. "Privacy questionnaire" taken up [from tara]
- 16:37:47 [weiler]
- christine: I'm hoping things will be quieter in august, so I'm going to try to shepherd our work on this (which is not the same as the TAG's self-review questionnaire). Nick/Greg had input. Wendy moved the draft to github.
- 16:38:00 [wseltzer]
- https://github.com/w3c/ping
- 16:38:34 [weiler]
- ... expect to hear gentle encouragement next week. thanks to barry, Kathleen(?), Joe Hall for volunteering to be maintainers for self-review questionnaire.
- 16:38:43 [tara]
- q?
- 16:38:44 [weiler]
- .. will use github for that.
- 16:39:00 [npdoty]
- sorry, is that github repo to be used for multiple documents?
- 16:39:15 [wseltzer]
- -> https://github.com/w3ctag/security-questionnaire The TAG Privacy/Security Self Review
- 16:39:20 [weiler]
- zakim, take up agendum 7
- 16:39:20 [Zakim]
- agendum 7. "WebRTC" taken up [from tara]
- 16:39:42 [tara]
- 1] https://github.com/w3c/webrtc-pc/issues/687
- 16:39:50 [tara]
- https://github.com/w3c/webrtc-pc/issues/688
- 16:39:54 [weiler]
- tara: Stefan from WebRTC has added some responses to our comments.
- 16:39:55 [tara]
- https://github.com/w3c/webrtc-pc/issues/689
- 16:40:00 [tara]
- https://github.com/w3c/webrtc-pc/issues/690
- 16:40:03 [weiler]
- ... four issues that they'd like for us to look at.
- 16:41:03 [tara]
- q?
- 16:41:06 [weiler]
- ... this hasn't gone to the group yet.
- 16:41:13 [christine]
- q+
- 16:41:36 [weiler]
- christine: volunteer to respond to these?
- 16:41:37 [npdoty]
- q+
- 16:41:37 [christine]
- q_
- 16:41:44 [weiler]
- ack ch
- 16:41:46 [christine]
- q-
- 16:42:11 [weiler]
- nopoty: confused: are these things we already raised?
- 16:42:26 [weiler]
- tara: they responded to two of our issues w/ suggestions and others are Q to us.
- 16:42:34 [weiler]
- mike: deadline?
- 16:42:43 [weiler]
- ... I'll look over the next week
- 16:42:59 [tara]
- q?
- 16:43:00 [weiler]
- .. what happened over media streams (fingerprinting issue)?
- 16:43:32 [tara]
- ack np
- 16:43:32 [weiler]
- npdoty: this doc is now separate from media streams doc. at least a couple of these issues are more relevant to media stress so have been closed on this doc.
- 16:44:04 [weiler]
- zakim, take up agendum 8
- 16:44:04 [Zakim]
- agendum 8. "TPAC" taken up [from tara]
- 16:44:13 [npdoty]
- it looks like gnorcie was already involved in many of these threads, so joe and greg may be able to handle further discussion on those
- 16:44:21 [wseltzer]
- https://www.w3.org/2016/09/TPAC/
- 16:44:25 [weiler]
- tara: we have a mtg on 20 Sept; it does not overall with webappsec this time.
- 16:44:28 [wseltzer]
- remember to register!
- 16:45:14 [weiler]
- christine: we need to plot our agenda. I will not be there. If we work on privacy questionnaire before then, could make progress there.
- 16:45:35 [npdoty]
- is remote participation feasible for that meeting?
- 16:45:43 [christine]
- q+ AOB
- 16:45:52 [weiler]
- tara: welcome agenda suggestions. want to use our time effectively.
- 16:46:42 [npdoty]
- +1 for webex/phone at TPAC, thanks
- 16:47:32 [wseltzer]
- ack nex
- 16:47:37 [wseltzer]
- ack next
- 16:47:53 [weiler]
- christine: @@ asked if we could change the time of our call.
- 16:48:09 [weiler]
- ... proposal is 1400UTC
- 16:48:14 [wseltzer]
- s/@@/Kepeng/
- 16:48:53 [npdoty]
- what about 9 hours earlier, rather than 2 hours earlier?
- 16:48:57 [weiler]
- barry: the people with the issue may not be on the call. fine with me.
- 16:50:16 [weiler]
- wseltzer: hard to accommodate global participation. but Kepeng did cite time.
- 16:50:36 [weiler]
- craig: I'm west coast and don't mind 7am. some of my WGs alternate timezones.
- 16:50:54 [weiler]
- ... 3/4pm west coast, sometimes. we have people in australia.
- 16:51:17 [wseltzer]
- s/participation/participation in conference calls, but we try/
- 16:51:24 [npdoty]
- 7am Pacific Time is rough for me; I would typically prefer a midnight call, but alternating seems like one possible compromise
- 16:51:24 [weiler]
- q+
- 16:52:20 [wseltzer]
- https://lists.w3.org/Archives/Public/public-privacy/2016JulSep/0018.html
- 16:52:32 [weiler]
- christime: nothing to report from IETF. sent out a summary; it had some suggestions of things we could do as a group. e.g. 2x calls/months: one for reviews/docs, one for information sharing. could try to get researchers to give seminars
- 16:52:34 [wseltzer]
- ^ notes from PING@IETF
- 16:52:53 [weiler]
- ... could extend invites more broadly. could have a PING blog.
- 16:53:13 [weiler]
- ... should we form a task force to standardize incognito/private browsing mode?
- 16:54:18 [npdoty]
- these sounds like cool activities, if we have enough active interest/participation in doing them
- 16:55:06 [weiler]
- mikeoneill: we could take a more active role in giving input to APIs in earlier stages of their development
- 16:55:20 [wseltzer]
- ack weiler
- 16:56:12 [weiler]
- weiler: (back to mtg time) we could try an experiment. seems to be some support for alternating.
- 16:56:23 [christine]
- 25 Aug works for me
- 16:56:41 [npdoty]
- 25 August works for me too
- 16:56:56 [weiler]
- tara: next call on Aug 25
- 16:56:58 [npdoty]
- (if we want to start alternating or fortnightly calls, should we look for mid August or mid September?)
- 16:57:00 [barryleiba]
- Thanks, everyone
- 16:57:11 [weiler]
- Zakim, list participants
- 16:57:11 [Zakim]
- As of this point the attendees have been wseltzer, tara, weiler, christine, Andrey_Logvinov, Barry_Leiba, marta, mikeoneill, terri
- 16:57:30 [weiler]
- ... may look at 2nd call starting in September
- 16:57:42 [weiler]
- ... probably not change time this time, but will consider and announce it.
- 16:57:59 [weiler]
- RRSAgent, make log public
- 16:58:06 [weiler]
- RRSAgent, generate minutes
- 16:58:06 [RRSAgent]
- I have made the request to generate http://www.w3.org/2016/07/28-privacy-minutes.html weiler
- 16:58:48 [npdoty]
- how much US east coast participation do we usually have?
- 16:59:09 [npdoty]
- what about a call at 12am Pacific, 9am Central European?
- 16:59:21 [weiler]
- ouch.
- 17:00:12 [npdoty]
- do other West Coasters not like midnight phone calls?
- 17:05:16 [weiler]
- (I don't like midnight calls...)
- 17:29:57 [barryleiba]
- barryleiba has left #privacy
- 17:37:36 [TallTed]
- TallTed has joined #privacy
- 18:16:41 [yoav]
- yoav has joined #privacy
- 18:26:14 [chaals]
- chaals has joined #privacy
- 18:27:03 [chaals1]
- chaals1 has joined #privacy
- 18:27:44 [shepazu_]
- shepazu_ has joined #privacy
- 19:05:34 [weiler]
- weiler has joined #privacy
- 19:17:20 [yoav]
- yoav has joined #privacy
- 19:24:42 [weiler]
- weiler has joined #privacy
- 19:51:16 [yoav]
- yoav has joined #privacy
- 20:01:48 [npdoty]
- npdoty has joined #privacy
- 21:00:17 [chaals]
- chaals has joined #privacy
- 21:01:49 [chaals1]
- chaals1 has joined #privacy
- 21:14:02 [chaals]
- chaals has joined #privacy
- 22:06:52 [chaals]
- chaals has joined #privacy