<wseltzer> [Pedro Alvarado]
<scribe> Scribe: Karen
Wendy: Looking at agenda
we have WebID
scribe: Turtledove and FloC
... and Chrome extension access to cohort identifiers
... and just before the call
... request from James to hear about partnership for
addressable media
... look at highlights from issue dashboard
... Key question for these topics
... do we have people prepared to give overview of the
materials
... Do we need to put out some calls for discussion at a later
time?
... Do we have somebody who would be able to tell us about
WebID?
Michael: We don't have a Google
person deeply involved in WebID on the call today
... we could try to have someone attend a future session; would
be helpful to have questions in advance
... August timing with vacations could be slow
... There is work on WebID happening within other W3C
groups
... I think it's under WICG
... but there are dedicated meetings and calls
... Might be a better place to move that discussion
Wendy: If we have Julie on the
call
... we could get more of what she was hoping to ask about
WebID
Julie: Thanks, Wendy
... and thanks for letting us know who is on call today
... also having challeges with reception
... Trying to understand the goals of WebID
... and how it affects first party relationships with their
useres
... and their logins
... and time selection of information
... Get some more specific questions together
... The way it's described in the explainer touches on some
policy issues
[cannot hear Julie]
<wseltzer> Julie's email re WebID
<kevinG> +present
scribe: might be difficult to do
that over issues in GitHub
... if you could please explore having someone come in
... doesn't have to be August; understand difficulty
there
... but let's have a conversation about it
Wendy: Thanks, Julie
... we'll look to see when we can get the right participants
from the Google proposal team
... and see whether WICG has calls
... or if we want to schedule that for a future call here
Julie: If anybody has specific questions they would like to have discussed, please send them my way via email
Kris: Add to what Michael was
saying
... the discussion has moved to WICG
... impact on protocols, privacy and security
considerations
... I think it would be. a worthwhile topic to dive into
<wseltzer> WICG WebID repo
Kris: I think people not building
IDs themselves might have trouble following the technical
conversations, so a business conversation would be
suitable
... I would love for Google to join, but also would like to ask
the Mozilla folks
... they were working on a pre-curser to WebIG
s/WebID
scribe: looking at cross-site
tracking
... not just Google, but ask Mozilla as well
Wendy: The business cases to tee
up here
... is one of the goals of this group
Michael: What I was trying to say
originally
... as we discussed a week or two ago
<aschlosser> I meant IDP == Identity Providers
Michael: a reasonable way for the
AdvBG to interact with relevant or tangential parts of
W3C
... was to appoint somebody to be the go-between
representative
... to bring questions from this group to the WICG
discussion
... and then bring answers back
... or keep this BG updated on progress
... this might be a good opportunity to put this into
action
... seems this might be good way
... rather than everyone all come to the one-hour meetings
Wendy: I think some of the
questions seem to help help this group gain shared
understanding
... anyone is free to interact in WICG
... and if anyone would like to take on a more representative
role, and report back and forth, that could help to focus the
interaction
... Thanks, we have a few ideas of ways to go forward
... There is lots of material already in the repository
... Sounds like Julie will collect quetsions
... and figure out if those are best addressed by inviting
people here, or by bringing those questions into the WICG
discussions
... Thank you, Julie
Wendy: I think we have the same
question about Turtledove and FloC, Chrome Extension Access to
Cohort Identifiers
... Do we have the right people on the call to address
that?
kleber: I can try to speak to
some of those questions
... I am not an expert on browser extensions, but we can have
some of the discussion
Wendy: Pedro, would you like to introduce the question?
<wseltzer> https://lists.w3.org/Archives/Public/public-web-adv/2020Aug/0000.html
Pedro: Our question stands from
consumer study world with controlled group of people who agree
to answer questions about them
... usually there is a Chrome extension available
... it would be interesting to know how this group thinks about
Turtledove and FloCs
... and if there is access to Cohort identifier
... and if access to consumer studies
... is this something...when we think about access; is this a
venue the browsers are thinking about making available
... are there impediments to do this?
... any context would be helpful
... Understand how this new privacy aspect fits into this
world
... thank you
Michael: I can give a high-level
answer; and happy to hear others' answers
... Seems to me that FloC and Turtledove would have different
answers
... seems that Chrome extensions would have access to a
person's FloC
... cluster person is grouped into
... person can get access through HTTP request as HTTP
header
... seems like extensions could get it also
... if convenient to get it without HTTP connection, that seems
reasonable
... this is deliberately
... browser lets be joined with third party information of
user
... no new privacy consideration there
... Turtledove IG seem trickier to me
... IG stored in browser....might be something one company has
and doesn't want another company to see
... If Foo.com web site doesn't want to see data
... or stored in this heightened sense
... and if only accessible through auctions mechanism
... we can certainly discuss how extensions might
interact
... seems like an area we need to work carefully to respect
everyone's interests
Pedro: I think that makes
sense
... Interseting in your comment, the way some of this
... companies and consumers were starting to use Chrome
extension and the data capture
... they were capturing information the users have explicity
granted access
... rich permission model
... let them know what Chrome extension is tapping into
... Interesting way to describe....how an ad network is
... versus user granting access to cohorts they belong to
... Interesting to understand if it's perhaps
... a better interpretation
... on how this could work
... to give consumers control
... and who has access to the groups they belong to
... understanding some differences behind the scenes for
advertising purposes
... FloC as header available make sense
... I think that perhaps making the API
... that makes access to that explicit could be useful
... and maybe GitHub with corresponding use cases would be way
to continue that conversation
Ben: Pedro, I am trying to
understand the use case you are trying to support?
... you want to create an offline panel for people who have
consented to cross-site tracking
... and you are wondering if it's possible to build in a post
cookie world?
<Joshua_Koran> I thought Pedro's question was whether the Chrome team would override an individual's consent to cross-publisher tracking
Pedro: Want to understand the
cohorts that a panelist belongs to
... where user logs into the extension
... so there is association between someone who answers these
questions
... in context of controlled surveys
... the industry standard of how things work
... go as far as hitting the middle of the network stack to
capture more information
... sometimes people get paid to provide answers to
questions
Ben: to summarize
... you are talking about paid participants
... not talking about cross-site tracking, but looking to see
if Chrome can do this
Pedro: Give you link [talking too
fast]
... whether these proposals; these patterns still hold
... the information
... that is provided can be interesting to understand consumers
in the context of studies
Bleparmentier: I understand that
we don't want cross-site tracker
... by don't understand why if person expressly asks for
it
... surprised there is an issue here
... reaction of user is quite complex
... if clear, why is that an issue
... and extension that I can click off
... maybe some Chrome extension
... to track themselves to see what is going on
... as a legitimate use case
... if it requires an extension
... seems to me; not sure why it is an issue
... we don't want cross-site tracking by default
... but if it is installing an application and it says beware
it is doing cross-site tracking; I want to understand you point
of view
Michael: So again, maybe we would
have a better discussion
... if we had someone in the room
... with a lot of knowedge of extension permissions
... extensions can do a wide range of things
... some merely log into and view browser activity across all
sites
... you could opt into that cross-site tracking
... and there are more powerful extension capabilities to
access data across all sites
... I trust this so much to use same credentials to log into my
bank account
... Extensions can do many things; some are disruptive; some
require trust
... What level of access would you need to give to an extension
to do things we're talking about
... and not have it steal money from BitCoin or bank
account
Aram: none of the discussions
I've seen so far
... have discussed changing the priviledged status of browser
extentions
... that a web site cannot
... because they operate at level of a browser
... if you can get someone to agree to download an
extension
... could have its own storage access
... relative to extension
... am I mistaken in my assumption?
... Correct that none of proposals change that structure for
browser extensions
Michael: That's right
... we don't have any proposals that talk about browser
extension permissions
Aram: that answers my
question
... who other question about extension permissions
... thanks
... not sure we want that here
Valentino: Can someone make
assumption
... or say Chrome doesn't have anything against an extension
that can be used to assume or use explicit consesnt
... and use as federation of publishers that deal with identity
among themselves
... and deal with identity tracking
... or would Chrome actively try to defeat?
Michael: I don't have an answer to question of what Chrome extensions can do in future
Valentino: Do you think it's a
viable, interesting area of discussion among us
... or find another venue for advertising interests, or is it
something you don't suggest going down?
... Is it a safe area to do development on effectively?
Wendy: I will say
... it could be, from what I am hearing
... could be interesting area to develop a proposal and then
ask across the community if it's consistent with the Web
Platform
Valentino: I would imagine if
there were a viable alternative to tracking
... publishers could create a browser extension that would
allow them to show free content
... because they have a browser extension with certain
permissions to show identity and allow cross-site
tracking
... If this is not a viable approach, one would not spend money
to do so
Michael: I don't think I can
answer that
... to take Wendell Baker's phrasing
... the sorts of things we have been proposing in the privacy
sandbox are things that are safe; "safe harbor ideas" that
don't enable tracking
<wbaker__> :-) +1 Kleber :-)
Michael: when you ask questions
about very general capabilities of all the things that
extensions might do
... or maybe use for purposes people or intend or do not
intend
... something that steal people's BitCoins and did not expect
the outcome
... when talking about very powerful permissions on the web,
it's subject to all kinds of abuse
... no way I can commit to some future abuse Chrome would take
action on
Valentino: See from
publishers...ability to
... discover if paywall is discoverable or not without forcing
user to login
... it is arguably less safe than with a browser extension with
the user consent
... that is where I am coming from
Michael: Maybe it's safer for
people to log into all sites
... and may be the WebID topic
<Joshua_Koran> +1 Valentino - it seems a better user experience to provide a true cross-publisher pseudonymous ID to fund publishers who need to provide marketers frequency capping and attribution
Michael: and that is a great
place to have this dicussion
... for people to log in when they explicitly intend to do
so
Wendy: A couple more on this topic
Basile: let's assume
you have an extension called "cookie for tracking"
<wseltzer> s/"cookie for tracking"/
scribe: this would be used to
track across web sites
... very clear stet up
... if user did decide to install
... have access to more news article
<jrosewell> @joshua_Koran: how many people install or know about extensions? If it's not many then it won't be a widely used solution unless it is presented to people at the point of installation or setup.
scribe: user might be fine
with
... extension has right to track across web sites
... may think it's good for him
... my question, do you agree on that?
... Let's assume the user is aware and everything is
transparent
... Do you think this is something to do or not?
... Extension takes some time to do
<Joshua_Koran> @jrosewell - I think technology implementation aside, the question is whether we believe people can opt-into cross-publisher tracking without which will have negative impacts to smaller publisher's revenue
scribe: some danger; be
explicit
... would it be possible to do so, should it be ok, as long as
user understood; it is complicated to install
... make sure he is aware of what he is doing
... is it something you want to prevent or not?
Michael: I understand your
question, but I cannot answer it
... asking about Chrome's policy for future browser
extensions
... I cannot make any forward-looking statements about
Wendy: I hear echos of some of
this conversation about permissions policy in the WiCG and Web
Security Wg
... there is lots of on-going user research on user
understandings of the permissions and dialogues
... where all of that, too, could influence policy and
technical choices
Aram: I think the question
... is an interesting one
... I understand the perspective on the other side
... My question, an expansion of that
... if we want a use case, a proposed architecture for how an
extension might work for an ad functions
... and how permissions might work
... give user the ability to specify what I want v ability to
enter into the page
... and we want to write that proposal
... is that something the Chrome team would be interested in
considering
... is it within the spectrum of proposals that Chrome sandbox
wants to encourage
Michael: Should there be browser
permissions
... those are browser specific questions, not W3C style spec
questions
... different browsers might well do differently and make
different choices in how extensions, prompts and permissions
work
... I am not the right person to talk about the details of
browser-specific permissions questions
Aram: Ok, thanks
Wendy: James, you mentioned partnership for responsible, addressable media
James: I am not in a position to
talk about it
... but thought it would be relevant reading about it this
morning
<alextcone> Michael, the reason to not let that be browser by browser decision making is that it yet again makes privacy controls more fragmented for users. Fragmented privacy / data protection experiences surely cannot be the goal.
Wendy: Thank you. Is there someone here who would like to share anything about the partnership for addressable media?
Jordan: I can take that
... There was an announcement of a number of trade
organizations and private companies coming together
... announcement was this morning
... They are coming together to address the issues of
identifiers
... a lot of influential orgs, mostly buy-side folks
... who have been under-represented
... how does this relate to project rearc
... how to bring members together
... and provide input on business and policy side into the
technical standards setting process
... Project was launched earlier this year to look at
addressability in advertising
... partnership represents other key orgs looking at business,
policy implications and feeding that into technical standards
orgs
... we'll continue moving forward
... partnership will build on work of project rearc; remain
focused on technical aspects of addressability
<scribe> ...continued focus on privacy for consumers
UNKNOWN_SPEAKER: this does
expands
... as project rearc has done
... outside scope of web and privacy sandbox in Chrome arena to
multi-channel and multiple situations
... scenarios when there is not access to identity
... how to use responsibly
... when they rely on third party vendors
... a new set of orgs coming together to support similar
objectives
Wendy: Thanks, Jordan
... for the pieces that deal with the web, it's good to have
interaction between the groups
... sounds like you can help to bring ideas back and forth
<jrosewell> @Jordon: thank you
Wendy: and perhaps others are
participants in both venues
... and share web needs and goals
... with the partners there
Jordan: yes, we certainly intend
to do so
... when we have an ask for browsers to support
interoperably
... that is where we see W3C venue being influential
... privacy for consumers and interoperability for those who
provide content
Wendy: Sounds like a good set of
shared goals
... other questions?
Wendy: We might get to the issues
dashboard
... this is a growing collection of issues and questions from
repositories
... a lot of proposals, some with their own issue
trackers
... some with homes in WICG or Privacy CG
... if there is an issue under discussion that would benefit
from a synchronous conversation; or highlight an interesting
area for group conversation?
<dialtone> that's similar to the summary/digest thing I was talking about last week
Wendy: if issues are getting good discussion in asynchronous conversations via GitHub, then encourage continued discussions and put on agenda when questions come up
B: small question
... is there attention in W3C
... to this new organization?
... or something that will be done outside of W3C and we have
to look at other meetings?
... Will it be this forum, or another one?
Wendy: Sounds like a question for Jordan
Jordan: Please, could you repeat the question?
B: Does this new organization, intend to publish in W3C, or is there another forum, or do we go somewhere else to get the information?
Jordan: I will paste the
announcement into the irc window
... they have announced the formation of the group
... it is not an organizational entity, but more of an
initiative with a governing group
... Association of National Advertisers is leading the
initiative
... there will be more information about where to go for
involvement and information
Wendy: Coordination where there
is an ask for the web
... we would welcome communications to W3C and
discusisons
... for how these needs may interact
Jordan: Agreed
Wendy: Any other business for
this call?
... I encourage people to share agenda requests early
... and I can do more
... in trying to coordinate with folks on the other end to find
out who wants to be available to participate in those
conversations
... in the mean time
... lots of good conversation continues on GitHub
<Jordan> Go here for more information about the Partnership for Responsible Addressable Media ... http://www.responsibleaddressablemedia.com/
Wendy: I sent around an email
about a side conversation on Success Criteria
... Dates don't work for James, so I will send new dates for
that conversation
... Thank you all for joining the call this morning
... in spite of the full swing of summer
... See you next week
... Adjourned
<wseltzer> [adjourned]
<kleber> Thank you Karen!
This is scribe.perl Revision of Date Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) WARNING: Bad s/// command: s/WebID Succeeded: s/@/kleber/ Succeeded: s/@/Cohort identifier/ Succeeded: s/andy/any/ Succeeded: s/Aram/Basile/ FAILED: s/"cookie for tracking"// Succeeded: s/@/"cookie for tracking"/ Present: jeff_burkett_Gannett Karen_ wseltzer ajknox aschlosser cwilso weiler jrosewell mlerra Joshua_Koran KrisChapman wbaker__ dialtone marguin kleber pl_mrcy hober bleparmentier joelstach arnoldrw AramZS ErikAnderson Paul_Bannister br-rtbhouse ddabbs imeyers Mike_Pisula bmilekic btsavage seanbedford palvarado No ScribeNick specified. Guessing ScribeNick: Karen_ Found Scribe: Karen Agenda: https://lists.w3.org/Archives/Public/public-web-adv/2020Aug/0001.html WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]