 There it is and we're live and we're on. Oh excellent. Okay. Oh and we need a speaker and so let me get the white board It does I think that's I think that's mark Okay, I was gonna say Do we here at MIT have a Audio audio like the plug I have one. Oh, it's great Because this speaker sucks Yes Oh, it might work. Oh, no, you're right. So Yeah, we should just play through this so there's a speaker up there in the ceiling or something Okay, so I'm going to HDMI through this thing. So this might not work. Oh, okay. Oh, perfect. He's got one Excellent. I would expect the CTO to be carrying a Oh I know and then you can use it and then you can use it. Look at it. I have one. So Jim, you guys actually need to talk about it kind of. You know it's not that Jim, you just thought it would come up on the internet. Sorry, what's your name? I'm Des, I'm a great question. So all of the scientists here are in Medi-la. What's your name? I'm Des, I'm a scientist here in Medi-la. What's your name? I'm Des, I'm a scientist here in Medi-la. What's your name? D-A-C-Z-A. That's a nice name. Thank you. Okay. I'm on my console. Okay, it's pretty good. So I'm going to go back. So I need to be able to hear these people. Oh, I just haven't been saying anything. Can you hear me now? We can hear you now. Okay. Okay. Okay. Am I muted, Sharon? Okay. I'm going to go to full screen. How do I go to full screen? Let's see. We'll start by maximizing the browsers. Yeah, I'll talk to you there. That's fine. It's pretty good. Sean Bowman is used to be there. The weird thing about it is that it's only software in the 90s. Exactly. It's either one or two. It's like, whoa, two guys. Two guys still exist? I know. Or two guys. I never heard of two guys. Are you the starter? I got that one. Are you the starter? What are you doing? We had coffee here that I was going to buy, but instead, Adrian did, so I told him. Sorry, did you make that name? Bill? I don't know. I don't know what to say. Realistic guys, you're supposed to know. That's right. Adrian. Yes. You're close enough for me to sit with. Yeah. Should we have what? Have the remote people talk rather than you. Okay. Okay. Yeah. Okay. Remote people of the earth. Remote people of the internet. We just did a quick round of introductions in the room when we were getting to the setup, and maybe you could introduce yourselves as well. I'll just do a couple of things in the order that I see your faces on the little person bar at the bottom. And so Elizabeth, if you would be so kind as to come off mute and introduce yourself, that would be great. It's a little loud where I am, but I am a technology privacy lawyer who has been focusing on privacy and emerging tech for about eight years now. I am a partner at a boutique law practice in Washington, DC and focuses on blockchain AI machine learning. I'm also a global policy counsel to Evernim, which is building self-sovereign identity in part through sovereign technology. Great. And we have another person who's working on Indie in the room as well. So we know. There he is. Great. And Mark Lazar, you're the next face that appears. Can you introduce yourself? Hi, Mark Lazar. I'm CEO and co-founder of Open Consents. And I passed the chair of the Consent Receipt specification with Canterra. So I worked a bit with Mary on Consent Receipts and been following this topic for a really long time. So yeah, I really like the idea of consent cookies. We're looking forward to today. All the keys. Welcome back, Mark. And now Mary Potter is the next in line. Hey, Delta. Hey. Okay, so introduction. I don't know. I'm on the Customer Commons Board with Doc and have been working on various things around privacy and some kind of technology development for, I don't know, the past 15 years off and on and really want to build something in this space that actually changes things. So I was excited about today on the topic. Great. Welcome back, Mary. And it looks like Sam is the next person in the lineup. Yep. So Sam Curran, I've been a, not the longest but a long-time IW attendee and have ended up dabbling here and there in browser extra modifying user experience. So I'm also a contractor for Evernom. And so, go ahead. Great. All right. So that's everybody that we have online at this point. Do you want to get us into the meat of the day, Doc? Yes. So a little more background for the people who showed us since we started. We're not at the beginning of this. There's a workshop, well the Internet Identity Workshop is put on twice a year at the Computer History Museum in Silicon Valley. And it's an unconference of topics or whatever anybody wants to bring up. And there was a session there, there are actually a series of sessions, but the last session, which is on the last one, the three days of the workshop, was on what we called, the title was GDPR Consent Cookie. Over the prior two days, people in both the advertising business and in our general cabal agreed that there's an opportunity right now to jump ahead of the GDPR on the user side, on our side, with a, it was a wonderful word that I had for you yesterday, a technical capability, a technical capability that will have the effect of taking down the consent walls that are sure to go up in front of every website. The way that the advertising industry is dealing with a feminine spirit of the GDPR, but not the letter of it, in other words, an irritant to the letter of it, is to put us all through the same kind of consent exercise that we see right now in European sites. This site uses cookies, and it's just an irritant, but they want to have a larger irritant that has more consents on it that basically say, we can track you to the ends of the earth. So, and now you've consented, and they are now, I guess, in little terms safe, there's something like that from the EU. Since the spirit of the GDPR, there's somebody with a letter and somebody said, resettles 29 or something, and perhaps Elizabeth, or somebody else who's talked to us about this, can bring this up. The, I'm just going to skip that part. I'm just going to go straight to, what we want to do is provide a hack that will take those walls down and tell them we're not consenting, we're consenting to not being tracked by third parties on your site. We are consenting to original cookies of the original kind, which we want to lead design, which are to remember state. In other words, we don't want to turn off our shopping carts, we don't want to turn off being remembered by the site. We do want to turn off being tracked off the site, which is the whole idea behind the GDPR. Now, as I understand it, there are to a cookie spec something like 40 different bits that can be flipped or something, and I'm moving into a technical territory that, actually, Sam, can you take over on this? What is it in the cookie that has variables in it that leave open us sticking something in there that expresses our form of consent? Let me explain the basic mode of this thing. The idea is that when you go to a site, you'll be on the belt, throw up a consent wall, and you go express your consent, and then that consent will be recorded in the form of a cookie that's crafted in a very particular way. And then that cookie, on subsequent revisits, can be read and they can avoid throwing up the same, just use the values of the cookie. And our opportunity here, is rather than, since they've published the spec on how the cookie is actually created, and there's also some JavaScript options as well that we have, but the short answer is since they've published how this is created, we have the opportunity of empowering the user to create their own cookie that represents what they want. And then having it be already in place by the time you go to a site or rapidly thereafter so that their consent wall is not the consent wall you get, but rather a user experience that we have the opportunity of crafting and basically impersonating their cookie and sort of subvert their own internal process and the cookies just aren't there to be provided. Okay, that's good. Is everybody clear on what Sam just said? I'm not clear. Okay. Okay, we have two fun clears here. Hey, tell me why you're trying to fill in the gaps. Can you say it again, I guess, more slowly and then slightly differently with like synonyms? No. Come on, let's steal that one. I could try and steal an accent, but I'm terrible at that. I don't do that. So, okay. So, more technical, less technical? More like high level and what exactly are you doing? Yeah, make it a little more high level, a little bit less technical and then let us drill down to the technical when we have an understanding of what you're saying. Okay, so these are chunks of information. It's usually a string that are presented by websites to the browser and the browser can save that and then represent it to the website on subsequent visits. This is why you go to a website, add something to your shopping cart even without logging in and then you come back like the next day, it's probably still in your cart because you were given like a shopping cart identifier and a cookie, then they're going to use to give you the same shopping cart back. So, cookies are typically presented, they're given to a browser by the server you're visiting and then they're just transferred back without modification. So, that's the internationalizing, the IAB, right, International Advertising Board, whatever. It's called Interactive Advertising Bureau. It's basically an international... So, the interactive... they have this standard that they've created on how their own servers that are participating are going to be creating this cookie and passing it to users' browsers after they go through a consent wall. And what I mean by consent wall is a series of questions that they have to ask yes or no questions on all the different types of things they consent for because of the GDPR. So, the sneaky part is that with a browser extension, we can actually encourage the site to make a cookie of our own design. So, rather than forcing you the consent wall that the IAB is planning, we can simply craft the... according to these preferences, we can craft a cookie which follows the same format as the one that they would be handing out. But it already represents what they want to happen. And that means the... we can plant the cookie, it will get read by the relevant sites, and then the... is that we're very much in line with the spirit of what they're trying to do, but we're sort of verting and doing it differently than they had originally planned on this happen. So, yeah. That implies that the cookie is not signed by anybody. I was just thinking about it. So, according to their current spec, it's not signed or anything in any way? We can change that. It's just basically a format of what the contents of the cookie are. Why would they not introduce a signature? I'm not questioning this. We're just going to... I think they would have done that really quickly. Yeah. I think the individual or its self-solving provider would be the signatory of that cookie, right? No, no, no. I'm saying... What you're saying is if you create your own cookie, the next step is that they will sign their cookies and then it will... our cookies will not be accepted because they're not signed. Right? Hopefully, we can embarrass them and just sign them. I mean, I think that... I mean, if that's the routine... Well, they would have to be signed in our cookie. Or not. So, nothing about cookies actually has to be signed and it appears because of their spec that they're not signed. Sure. Which means if they actually signed it, it would be harder for us to craft our own and replace them. Okay. Not signing it makes our job easier. Yeah. But also if they add signatures to the... if they sign their cookies, that changes their spec, does it not? It does. There's the cookie specification and there's also apparently a JavaScript library that is in play that we also might be able to interact with that's independent of the cookie per se. But yes, it appears then that this is kind of the approach that they've taken which gives us the opportunity that we have. I guess... Do we have a hypothesis as to why either they can't sign the cookie or they don't want to sign the cookie? Well, they don't know anything about this yet, I suppose. So, a question, I guess... possibly my question, Sam, is one, can we as individuals generate our own cookie that they're going to respect? B, do they have to sign it or not? Is that even an option? Is that something they can technically record on their side? It's something we talked about at the last session. They might present a cookie that we could say in a grease-monkey way and rewrite. Is that on the table as well? Well, it's signed. That's a question for you, Sam. Dave's on, too. Oh, Dave's on, too. Is the same... Sam, are you still... Yeah, I am. Okay, so the process of planting a cookie... browsers don't provide APIs for you to directly interact with the cookie store. So we would use the grease-monkey technique that Doc mentioned where you inject a user script with a browser extension onto the page where the domains are that you actually want to plant the cookie from, then the JavaScript that plants the cookie. And we can both read cookies that way and we can write cookies that way. And there's nothing that prevents us from overriding a cookie that they had previously sent. Right. So, Hong here, I have a question. What is the wild card for this cookie? Will it be read by any domain and written off? What's the real settings? So, there's only two real ways to read a cookie. One is to be the server that set the cookie and there's rules about domains and how they set them. The other way is if you're on the user agent, if you're at the browser, which we can do with an extension, then you can actually read the cookies. No one else really can. So, we had hoped that Privacy Badger would be in this conversation. Dave Huesby was on the line, used to work in Mozilla and communicated with Cooper Quinton, who was still a maintainer for Privacy Badger. Nothing's happened on the Privacy Badger front so far, but it doesn't mean it can't. It just hasn't happened so far. They're an obvious case because they're not an ad blocker. And this could be a real nice hack on them because right now, as Adrian said at the last session, for a muggle or even a smart wizard looking at the Privacy Badger interface, when it gives you a list of all the different trackers there might be there, it's pretty obscure. It's pretty hard to tell what's going on. So, it would be a fun thing for this just to be a cool default that Privacy Badger has. That's a way of telling a site not to track. There's another side of this, or maybe Davey might want to unpack a little, which is that the way the IABE, IABE Europe has this set up, they want to record these consents in a single domain that has a number of subdomains for each advertising intermediary that can all be opted into or out. Their fantasy is that you're going to say yes to Google, yes to Facebook, and yes to Oath, and maybe no to all the other ad tech guys because they've never heard of them. I mean, I think that's possibly what they're thinking. But it doesn't matter, but there's this domain side to it which is there's a domain and there's a subdomain. All things can be recorded down in this subdomain. But Sam, a point that you made in the last session was that you could have this cascade from one to the other to the other to the other as you go from site to site to site. I don't know how that works. Do you want to refresh us on that? So this is one of the technical things that I'm not entirely sure of. When you load resources on a single webpage from let's say example.com, but you from a.com and b.com and c.com, the resources that load from a.com have the opportunity to set their own cookies. And this is the trick being used by the European branch of the IAB to be able to pose on how that actually happens. So if you just have a.com, then there's rules on, it's pretty easy and most browsers currently block what's called as third party cookies that way. So the trick is to have an a.example or like an IAB.example.com that's a sub main of example.com that can point to the IAB servers and that's where the cookie is actually set. And so one of the tricky parts of doing the grease monkey trick is how we can actually set a cookie on a very specific subdomain instead of the main domain that the page is coming back from. And that's one of the open questions on our specific approach. To be clear, what we're talking about is somewhat of an arms race in that they're going to do this. And we can co-opt it and it works really well until they decide to change it. If they change it thoroughly and do a good job, it would make it very difficult. The thing that's working to our benefit is that these people are not known for their technical prowess in developing technologies and it's a large organization which means that they're going to be unlikely to change things week to week to week because of the organization which means that it's a little bit easier for interested parties like us to keep up with what we desire. That was one of my questions. Does this seem more as a bit of an arms race adversarial attack on this or is it more like a here's another suggested way of doing things and maybe that'll help you be better and they might also hop on board with, I don't know, maybe they see a couple of these user-generated companies and they're like, oh, we never thought of it that way. And have that more as drive key or more just like this, go on arms race. We are taking it all a branch approach to this. We don't want it to, it's very tempting and possibly very effective to take a head on. What we talked about in the last session was there are carrots and sticks here and there are actually more carrots than there are sticks and by consenting not to be tracked offsite by third parties, we are not saying, don't show me ads. What it leaves open is the kind of advertising we had for the eternity until they started tracking us about 10 years ago. So just to put this in a Bertman fellow sense, I was at the fellow session in 07 when Chris Sagoyan who is now with the ACLU said, hey, there's such a thing as do not call, why don't we do this thing called do not track. And he got together with the guy's name, I forget, like Dan Kaminsky was one and the other was a guy at Mozilla to come up with your original do not track. And the IAB decided after Mozilla when Dave was there said, we're going to turn on do not track by default because that's really what people want. And the IAB waged a $100 million campaign to crush Mozilla. And so none of the other browser make a spell in behind it because they wanted Mozilla dead or whatever and Mozilla backed off. But that gave us all of ad blocking because the history of ad blocking has gone up exactly in track with that. So what but what we want to do is make clear that in our PR on this which there will be in my other one of my other cats editor-in-chief in Linux Journal and is that we want the advertising business to succeed. We don't want to equate the success of the web or the commercial web to tracking based advertising which is the IAB does. They think, oh if you're not we're not tracking you you're just so screwed you'll never get anything but you got plenty if long before they ever came along. So this is false. As part of this we this is Mary Joyce and I are three members of the customer comments board and customer comments now has the courtesy of the cyber law clinic at Berkman and Harbour Law the our first user side term first party where they near the first party individuals the first party that says go ahead and show me as I base on tracking and having that as a clear then this isn't a matter of consent this is a matter of contract this is like we're proffering a term and you accept that and there's a protocol called J-Link that some of us in this cabal are involved with that that's currently imagined through whether that's ready by the 25th or not is an open question but that's on the table as well I think for our purposes here and being able to hack something by the 25th of May the thing we're paying most attention to is what kind of thing can we do with this cookie Adrian it seems that we might consider a two phase strategy phase one maybe simultaneously phase one is how do we display to the customer what the cookie that they place represents in our way of doing it rather than whatever was offered by whatever site set the cookie and that would effectively introduce standardization of privacy policies which is a huge step to be allowed customer comments for instance can be keeper of the standardized privacy policy interpretation rather than it being scattered amongst all of the lawyers and IEPP and then phase two in parallel possibly is to offer the olive branch of well if you let us now click on something on the customer comments interface to modify the cookie whether we sign it or whether you don't sign yours or you know the olive branch obviously includes that that's separate but they can't do anything about phase one as far as I can tell I mean I guess they could encrypt the cookie but that is a different kind of arms race because then what they're basically saying is you can't see the cookie and you know all hell would influence so just I know I'm trying to join you too so I can share screen join okay but I'm a different person other than this I think the same you might be the same but you're not on the stream and so we can't share that you know I'm a different person I'm sorry I don't know and here's a you can do my alright but I'm not gonna share the screen yet I want to be able to yeah so that's terrific I know you put that really well because we have to we have the side of this and the Joyce talks about this we have a lot of incentives and we have to do that out of the game so the incentive on I have a way of, I now have the universal privacy policy, now we could live because of our comments. In effect, what we do is put in our own personal privacy policy, kind of the letter in the spirit of the GDPR. The GDPR is kind of a small privacy policy right now. The GDPR is kind of like created a privacy policy for us as our proxy. And now we can come out with one and say, thank you GDPR for putting this out there. Here's our privacy policy. It's because of our comments. It says, or this privacy policy A says, go ahead, I mean don't track me, but go ahead and give me anything else and we'll do things like we did up until 2006. Privacy policy B could say this, if Don Martin was here he would be pointing this out. There are some people who do want to be tracked, but some people who do want to live in that world and collect coupons. Adrienne Yeah, I think you, that's not what I meant to say. What I meant to say is to separate what the privacy policy is, whether it's the sites or customer comments or GDPRs and how it's rendered. And I am a big fan of regardless what the policy is presenting it to the customer in a standardized way. And I always use the example of apartment rental agreements in most cities where the landlord is very much discouraged, maybe by law, but I don't know, from creating their own rental agreement. The renter expects to see a standardized form of the rental agreement with red lines initialized for the things that are different in that particular situation. So nobody is forced to go through the boilerplate that was created by, as I put it, the IAPP lawyer. And that is a very different thing from what the privacy policy actually is, whether it's we ascribe it to GDPR or to the site itself or anybody in between. So I just wanted to make that clarification. Okay, what would be the implications? So if today we build something or start to build more than one approach to implement the idea, what would be the implication of this distinction? Like would we change the scope of what we build or would we have to recognize that there's some drift between the policy and the cookie? Or what should we do? Well, for one thing, as I mentioned, is it defines the role of customer comments here. And it doesn't have to be customer comments. It can be patient privacy rights and health care, which is my organization. But it doesn't matter. It basically introduces an independent party. It could be EFF. It introduces an independent party that doesn't set policy. It is not a governance organization in a particular way, but it sort of acts on the side of the customer. Is there a way how you can possibly proxy it? You can say, hey, I'm going to set this as anything that EFF says is okay. I'm going to agree with. Is that too tricky? Or like EFF? What I'm doing is I'm separating. You inherit policies from the EFF. Yes, exactly. Or from customer comments. But separately from that, you render those policies in a standardized way, no matter where you inherit them. Yes, I like it. So we have this idea that I often talk about, I split you choose. The kids' game, how do you split a pie? Well, they do it with other stuff. Exactly. Okay. So I want to surface something in terms of describing what the idea is in a way that's engineerable. And that is implied, or you can, the observation is that there ought to be a syntax and a method for delegation of some kind to another party. And that is to say, my terms are whatever the then current terms are at some end point or something like that. So there's a bit of a legal instrument or some sort of vocabulary that is needed in order to express my terms aren't what are in this JSON file right here, like do not read them like a robot.txp file. But it's like one level slightly more sophisticated, which is incorporating by reference terms elsewhere. And some authorization I think doesn't want to. Am I getting you right? Well, you're mentioning you're now entering the domain of Uma, where that is if we're keeping a list, I would call this item number three. So item number one is what is the policy? Item number two is do we have a standardized way of rendering the policy separate from the people who create the policy? And item number three, which is what you just mentioned, is how is the policy encoded? And then item zero is what does the policy do, which in this case it expresses, do you not track I think? Well, the policy is whatever the cookie, whatever IAP thinks this cookie is good for is we're not necessarily changing that. So item number zero is what's the intent of IAB? And, you know, I would assume that they're smart and they'll eventually figure it out. So, you know, that's that's the hypothesis we're making here with the olive branch or whatever. So one zero is IAB's intent. So I just, I'm sorry. Yeah. And one is, what is the policy itself? Whether it's the, you know, whoever would have set the cookie based on this intent has a particular policy. You know, 27 out of the 40 bits, somebody decided to set that. So it's kind of a content. And then what's the second one? The second one is how is the policy rendered independently of whoever created it. So in other words, right now, everybody presents me with different boilerplate, a different rental contract, if you would, you know, it means the same thing. So as a way of obscuring this, and you know, Facebook is famous for this, you know, and has been written up by people that targeted Latinas lab for doing this over the years, she actually published on this. Is it one more, how is it actually used as opposed to content? Yeah, no, no, Bob, just asking you, right? So, so if you have, you have an intent, and then you look at this work. Well, just what three is before you respond to that? Three was how is the policy coded? Oh, okay. So that's technically mean. Yeah. In other words, what does big number three mean? It's not coded. So what's the number two rendered means? What is the rendered for the user like display? Yes. Okay, Bob, I'm sorry to interrupt. No, no, it's okay. So I think this is, I like the idea which fits the set. And so, so in the policy, the content will cover for a particular purpose a number of bits, right? I mean, so that, and then basically that is, then we would like for those bits, whatever they are, those purposes we rendered in a recently consistent way. So then it's easy for people to cover. Yeah, well, not just consistent, it's separate from the people who set them. Right. Right. Yeah, just sure. Now the question becomes actually, do I as the customer decide to choose whether the rendering is from EFF or from customer comments? And that gets into this substitutability that drives self sovereignty and it's another kind, it's another aspect of the standard stack that we deal with in, you know, rebooting web of trust context and all of this, because you want to have substitutability at the layers that impact the customer as much as possible. You don't want to bake in EFF or customer comments. No, exactly. Yeah. Right. You want to come there to withdraw your consent that I'm telling you. Yeah, just like to choose how to order. Right, exactly. If you want those to be swabbled, you can use one or the other. Two things. One is for those of you on the chat, I put it to the document that the IABE has and the page that we were talking about last time, page 27 and a statement there, I'm not going to go into it, but it's there, I put it in quotes. The other is if anybody has an Android with a charging port, with the old micro USB, I want to plug it in with a speaker to solve it. Where does this mind you to come to chat this week, right? Because zero, there's an impact. One, there's a policy. At that point, do you have like whether or not the world is now disorbitant in my browser, when I go to the university, one of them, I forget, the one that's TOVR, basically pops up and says, this website's policies are uneven or something. So it just flashes as a notification as soon as it's connected to the website. Sorry, I have a quick question. Is it an idea to have a shared, I don't know, Googlebot or something like that? But yeah, then we can have shared notes. Because nobody, I think this is too small to really make up this, and I'm putting it. Okay, I can email it to everybody. I'll put it on the game upside. Sure. I think that's the event site that's linked from the event rights on other websites. Okay. Take a look at that. Yeah, that's it. It's making the noise. It's a magical, magical half. Perfect. I have another question. I don't know where this fits in. So people are talking about grease monkey? Yes. They're doing a grease monkey script. Do we limit ourselves to a large degree? It's people that explicitly install that. Isn't it better if we can set it centrally from the site? Absolutely. Posted by EFF or whatever? Absolutely. Well, you can just go there and say, yeah, this is what I can say to go, rather than I need to now install an extension or a plug-in. There's a technical difference. Without the plug-in, we can't actually do the magic that we want without cooperation from these other parties. So if we're trying to do the independent of their agreement, we've got to have something like an extension. Unless it's baked into Firefox. That's a possibility here, is we could take whatever, an outcome of this could be something we take to Firefox and say, you guys can do this at a fairly short time. So it starts out as a grease monkey script and what lines have it written? It's one thing we can do is a grease monkey script and then take it to Firefox to see you can. This is what this does. You guys ought to have it inside the browser for that matter. Take it to anybody else. Yeah. Yeah. Okay. It's a question that I had to add. A Chrome has conflicting interests, obviously, but they also have things to say they care about this kind of stuff. So it's also something you can take to Chrome and say, hey, similarly to make a part of Chrome as well. I don't know, probably not. Start with Firefox. Start with Firefox. Yeah. Yeah, so Brave uses the open source code base in Chrome as a Chromium. And they might be able to do it, too, to do it with Brave. That's the case where we can talk right at the top of the company and they can have it if he's interested. You can't think he would do it, actually. Okay. Is anybody here use TOSDR.org in their browser? I have used it before, but a long time. There was TOSDR and I was in your TLD. Yeah, okay. It's a crowd-sourced version of what I suggested customer comments could be doing. By the way, I have friends saying that the link on Hangouts that's posted on the site doesn't work. That site listed on the site. Oh, we're going to change it on the site. Okay, which site? The Eventbrite site? Yeah, TOSDR says that one. I was in the midst of changing that, actually. So I'll do that right now. I'll continue to do that. Because people want to join the Hangout and you can let us know the Gmail address somehow. Okay. Oh, because you're limiting... Oh, you need to acknowledge Hangout is invitation-based. Yeah, thank you. So you have to invite the Gmail address to tell us. Oh, okay. So there's no public thing that they can knock on the door and then... It works for you? I don't think anyone can join. So it'd be a disinformation... Yeah, however, we're using the Media Lab service that I just go to YouTube Live and also directly to YouTube Archive. And it runs on the Media Lab service. Oh, are we also doing YouTube Live and are people seeing this? Yes. Yeah. So everybody can see it. Okay. And that one's from Johnathan Asken. Oh, so this is also going... Okay. So people can just join YouTube. They can watch it and they can join it. They can give us a Gmail to talk about. Okay. And they can relive the moments forever on the Archive. And that's exactly why we're able to open Hangouts, actually. There's a way to have open Hangout not go to YouTube. To have that go to YouTube Live. So you can get an archive of the events. I would see that instead. Right. I'm going to... Oh, and there's a video about Hangouts. Yeah. Okay. So here's a video about... What... So one quick thing is if you go to the event site, which is that github.io forward slash Media Lab site that's on the... That's right back there. Yeah. Then you can... There's a link there to a hack.md page. There we go. And I'm just broadcasting it now. And this is an open shared notes site called hack.md. And so if anybody could log into this and kind of hack along with us. And so just to get us started, I put in the three points that... You know, the room kind of sort of starting with the most functional requirements or something or functional aspects. But it seems like there's more stuff, too. When you get to hack that on the event site itself, I put a link to the shared notes. So if you go to github.io forward slash github.io forward slash github.io that's hack.md, you'll see. I'll just demonstrate it, I guess. And let's see the cursor. Oh, there it is. And the mouse. So funny to do it backward. Whoa. So if you go to anybody that's trying to come in. So do you see the live notes there? If they don't get that right, the links are correct now. And here's the link to live notes. Kind of click that and ring, bang, boom. In you go. Yep, that's it. And then it will sign in with the github or Google or github or github. And you can hack along with us. Okay, so if I'm going to put this on the, if I were to tweet this, what would I tweet it? I would tweet the media lab github.io site that we said, okay, which has links to the YouTube live. And it also has links to our shared notes. We have a hashtag? We should have a hashtag. This should be cool. Good. Consent day. Consent app day. Consent app day is fine. Okay. Press go change. Consent, gdvr, hashtag gdvr, hashtag consent. So the remote people are seeing this, right? Now they are broadcasting it. All right. So do you want to, so on the agenda, it says that we'd be looking for food around now. And also just a suggestion. Just going to be good timing to look at the, what it is that you wanted to build and see if it's, if it's been stated in a way yet that some of it's buildable. And then there's so maybe like who is going to hack along. They could break into teams or something and to produce technical people. How was there some legal stuff to do? But like, so if you kind of look forward to five o'clock and imagine at that point as I look back on what the outputs would be, like we can start to define those and see how we do that together with the people online and in the room. What kind of users are we targeting? Is it more like anyone, whether or not they have any type of ability or people who know I could think about privacy at all times in the future? I see three or four different constituencies. I think we start with our friends. Okay. And that includes the Berkman friends list. Everybody, the 11,000 people who are attached to Linux Journal. EFF, everything that Corey Doctorow and others can tweet. Bearing in mind, as Mark and Griesen put it to me about why the browser took off, because after he wrote it, all technology tried to start with technologists. That was his almost tautological statement, but I think it's true. However, study after study, even though the advertising world will deny it, show that people do care about their privacy when they wear clothes. And most people do. And so I think we can get, we start with the wizards and let it spread to the mothers. But we can, like for example, Nellie, what's the other thing with the New York Times? Bowls. Okay. She wants to cover this. She started, she did a story on this a few weeks ago that started with my name and she wants another story. Then she sees the GDPR hitting as being my story. She did a story on this a few weeks ago that started with my name and she wants another story. Then she sees the GDPR hitting as being my story. Okay. Maybe I'm not on mute right here. Who was that that you spoke? That was me. Saying exactly what you just said. There's Mark. Oh, okay. But I'm on mute here. It's an apartment, a repetition apartment. Somebody on the phone turned off their mute and it was a delayed thing. Who knows? By the miracle of metastasis, there it was. Anyway, yeah, I think we could PR this thing really well and I think that if we have something simple that Nellie couldn't talk about, it'll be, it'll happen. Yeah. Can we ask is this a correct statement? I'm sure it's not, but the idea is that we did a thing with the cookies that the result would be that we provided individuals an easy to use method for expressing that they don't consent to add tracking as part of what they're providing consent to the service. I don't think you're providing consent to the service. You're basically like the website is giving the service anyway, right? But, you know, we're basically, I assume we're not consenting to third party anything. Is that, is that a broad enough statement? You still there, Sam? I am sorry. My wife distracted me briefly. Yeah, the question. Okay, was it? Oh, we're, the consent will basically turn off all third party things or just the ad tech part that has to do with these sub domains. Just be the cookies and we can craft the cookie to the handful of flags you can set and we can make a decision about which flags we actually want to set. That's independent of getting the cookie set is the what we want the cookie to actually say according to what they have designed into their standard. But we don't know what they're designing. They've got it in the spec. I'd have to look it up. It's deep in the document. But yeah, I think there's, I think they reserved 40 bits of information, but they're only currently using eight. So whatever that means, we'd have eight different options to set. So Sam, so one thing that would be very handy is if you could identify, if you could dig around a little bit while we're doing this today and find the reference and then put a link to it and maybe like a little copy and paste into our shared hack doc, that would be one very useful thing to do. Work backwards from that, you know, stable point. I will grab that. There's the links were shared in the original thing, but I'll steal them and put them in the hack thing and we'll make that happen. Okay, thanks. And then the other thing that I wanted to clarify is when you spin doc, that we foresee a world imminently, I think it's already emerging, where we'll have a new like balance of like consent walls that people have to go through because that's how donkeys are responding to GDPR. Mike, was the reason why the publishers are, yeah, but I think social networks too. So with this, is the idea that this would be like in total independent of that or were to occur somehow in the context of those consents that people are giving? I think it's both. I think we're posing something that's independent of what they're doing that I think could apply whether they're putting up a consent wall or not. However, a user experience effect we would like to see is that consent wall comes down because we have this cookie of our own that they'll take. That makes sense. I think so, to state it functionally, would that mean that like the use case would be the ad publishing network has consent wall and rule, there's a rule that triggers or something it says if user has a VRM kind of cookie with the right settings that that's an alternative to the consent wall, is that kind of what you're thinking? Yeah, yeah. Okay, it's less alternative than it takes the wall down because the wall, yeah. Sorry, it didn't mean to derail your... No, no, no, please. I like it derail. Two points. Two short points. The substitutability should be in two separate categories. Substitutability for where, in both cases, the choice of the user to substitute. Eat where you inherit policies from is one class of substitutability and where you get the rendering step number two. So in other words is another class of substitutability and to the extent that one and two are separate, they need to be ideally separately substitutable in the stack that we designed. The other thing, the other comment is I would put somewhere on here as a heading a way where we're going to track the relationship between what we're doing and GDPR because whatever else we do, we would want to document where we're touching GDPR explicitly again as a sales tool going forward. One thing that came up in a session at IAW with Dr. and Searls and Elizabeth from Arizona and another guy was that in a GDPR setting where you had a company that was going through a consent process, that this could be part of a consent protocol that basically achieved a record of a user consent to their terms and achieved a record of the vendor consent to the user terms all as part of the consent to use the service and somehow wrap those together and sort of like attach or logically associate them as one instrument. Right, so I would certainly put a link to that with a short one sentence, a one line explanation. I would also put a link to the session that Eve and I ran at IAW around outsourcing GDPR using UMA because it's in the same category and there's at least a white board and yeah we're probably going to come up with four or five or six of these sorts of things that are part of this heading. Yeah and I think it's important. No, I would have a separate high-level heading for the GDPR sales. I wouldn't put it as a yeah you know GDPR connection as a way of explaining or selling what we're doing. And I think we need to be clear that consents watch six things right and it's not so when you're talking about GDPR this is a subset. That's what I mean. So to make it to be clear the purpose that we're talking about is the consent purpose here not the public safety or whatever. Any of them. No, what I would say is as we do this or after we do this we would look at what we've done and fill in this GDPR sales section with whatever parts of GDPR we've touched. Sure, right but not only the ones we've touched. Right, right. Jeff, let's say a thing during the after-the-back as opposed to my time to do it before, I completely agree. Yeah, this is not going to be yet. Of course my train, my own train of thought that I completely do it. So what do we want to do on the pipeline? I want to organize. Okay, so I'd like, I mean, here's it, go ahead. So you were talking earlier about that there are more carrots than sticks. How are there more carrots than sticks? Because from my perspective, what are the carrots for the after-sizing industry? For the after-sizing industry. One of them is you can still be programmatic. You just don't have to base your programmatic on tracking people. Another is you're getting a clear signal of intent from the individual side that could be expanded to include what we call intent casting, which is where the individual actually says what they're looking for. In other words, the individual can also advertise. We start creating the much better signaling paths between real supply and real demand rather than the way that the advertising industry sees it. Better signal. Better signaling in both directions. You get actually a better programmatic framework because you have the endpoint involved in the programmatic system. And it cuts down fraud. It eliminates fraud. It picks malware out. It basically allows many, it picks out the entire four-dimensional shell game that ad tech has become where nobody knows what's going on and there's no accountability. We can start bringing in forms of accountability. And maybe if Dave wants to jump on this, I'd like to do the hyper ledger angle on it. We talked at the last session about hyper ledger Indian and Sean has stepped out. He's involved in that where you basically record agreements when they're made on a blockchain or even the fact that something happened on a blockchain in the, which is an open source, the open source base of sovereign which Joyce is involved in and ever known which employs Sean and which already has one Canadian province and two US or three US states plus all the big operators in credit unions wanting to participate in. All of those things have an interest in having interactions with individuals recorded on a blockchain in a way that they could be audited under. They could be found later. And if we have legal agreements that are involved in this, if we have first to second party agreements, those can also be recorded on a distributed ledger. They don't tend to use it to our blockchain. Yeah. No, okay. And I think all of that's under sort of an umbrella of increasing operational efficiencies for people when they're operating in a world where it's at play, right? So right now, if you try to do this, it's awkward, right? It's cumbersome. And so we're not only increasing the effectiveness from a user perspective, but we're actually increasing the operational effectiveness from everybody who's involved in it. It's a political audit time. So I would imagine that with GDPR and with the fines and the new regulatory oversight apparatus, the ability to quickly respond to an audit and it would report. We're going to put together all the consents and all the logging and everything to be very economically efficient. Well, that is two things. That's a risk production as well as an operational efficiency. Yeah, both things, by the certain clients. The fact that you're doing this makes you less likely to be looked at closely by a regulator. And if you are looked at closely by the regulator, then your ability to have demonstrated operational privacy for logging better term is what is going to really sort of help reduce the risk of negative finding. So to be clear, my first priority is not the ad industry. First priority is not the ad industry, he said. No, it's not the ad industry. But if we want to, what did you say, extend it all off branch and not go head to head with them, then we should make that clear. So here's another thing. And this came up at one of the several sessions I listened to again this morning, which is that it can speed up the load time on a web page. Right now, the load time, if you go to, say, the LA Times and it's loading 50 or 60 different trackers, and then as you go down the page is loading 50 or 60 more, and your entire experience is slowed to nothing, that's an issue. So if you're cutting out all of those things, which are all vectors for fraud and malware as well, and with the user has no idea what all those things are as well, this is, it just makes the entire experience much more efficient, simply by bringing it back to what it was likely in the first place. So, so a question about, so for the indie, delicious people here, as are the hydrologists, is there any capability of, of indie that would be a good fit for this? So this week, so Sean comes back, he's going to be office call at 12. Okay, great. And Sean is our indie guy. And they too, but he seems to be quiet so he's probably just gonna, oh. He said he would try again. I guess he's not. Oh, I have to get to school. All right, so, um, so talk. Okay, so what I'm, what I'm thinking is, what I'd like us to do is actually go around and see where each of us is with this right now, what we might be able to do. Because what I want to see happen coming out of this is, you know, what is it that, that customer comments can do, sovereign might do, whims a goal, two cows, sales, business, whatever you do. Open consent, right? Open consent. The rest of us, and then see, see if we want to break out, even if it's just the opposite ends of the table here, or one of some of us go out there and that's actually a nice little spot. If we want to break out, because that makes this point that the center is easier to have a small conversation with a bunch of people. Like some of us may get together over legal. I don't know if Elizabeth is still on the line. She's coming back. She's coming back. But we might want to get, you know, forgetting her name, forget Robert, Robert, and Elizabeth on a computer and talking, you know, and then forget her name too. And she's, oh, she's back. I'm trying to remember your name now. That's a different person. Different yellow person. You said it. I mean, I'm looking at kids for a while, and they're all over my life. Give me a break. Wow. Wow. Kidding. I have so many awesome jokes that I'm shoving into my mind. And then, and then there's the great me too over in here. And then I'll be talking to Charlie Rose next week. So I'll just take for really bad jokes for that. Yeah. So yeah. Hi. I'm Stephanie Nguyen. I am a product designer researcher. Previously, you worked at the U.S. Central Service in the White House. Now I'm doing a lot of design work in privacy, and it's specific to healthcare and genomics and all that stuff. Yes. I know Kathy. Cheryl? Stephanie, yes. Close. Sorry. Oh, I'm currently a fellow at the Center for Public Leadership at Harvard Kennedy School, and I'm a particular master's in public policy. So I'm over there. You're over there. There is. There are many there. There's a lot of theirs. Yeah. Yeah. Good. So we're, well, maybe just go around into different people here to sort of say where they're at right now. And why don't we? Did you guys want to do this? Because I don't want to. No, no. We didn't do this part. We did intros. So this is where we want to go from the point of view. Right. So you have to like put your hand up and say what you're going to do. Yeah. We did that an hour and a half ago for the rest of this, but you could also put a brief intro and then talk about what we wanted you to do. Well, you're going to introduce yourself. So, yeah. Okay. We'll start with to your left to your right. Let's start with Robert. Since he's drinking coffee, yeah. I don't know. I feel like I'm the least experienced of the bunch. He's the least experienced. Yeah. As a matter of fact, I worked at a law firm in 2016 in the summer right after this came out. And they asked me to write a summary for like a 20 page summary, kind of like what you would need to take into account. And it was like, I didn't invest all that much time. But if I had any expertise, it would be like on the legal side of things. Okay, good. So and there are legal pieces here, Bill. Can I pass them back? Yeah, Adrian, because I know Adrian. I am going to work during the hacking phase and pay attention to how what is being done interacts with the self sovereign technology stack standards that you know that I deal with. In other words, I don't have a horse in the hack itself. Okay. So I'd like to drill down on the cookie itself. Okay, great. And I would like to try to get a little better understanding of what the IAG has in terms of their concept. And then see what we might come up with as a strategy to put forward one, which has both carrots and sticks and bricks. And the important point to bring up is that there are two IAVs at least that we're talking about here. And there's three if we include their lab. Okay. So and Sean needs to hear this because he'll appreciate it. First, there's the big IAV that's run by Randall Rothenberg that played Godzilla versus Dan B with Mozilla back in 2012. And Mozilla said they're going to make that track happen and effectively squashed and then caused the whole ad blocking thing to happen. They are not in the room for this. What is in the road is the IAV Europe, which I found out from Brendan Hyphenate. Okay, so we met with them earlier this week. Brendan Reardon Butterworth is employed by IAV Lab and he told us both IAV Lab and IAV Europe actually licensed the name IAV from the big IAV and are not yet and can operate independently. IAV Europe is taking the lead on this and that's the document that we're looking at. You're another one struggling. And I think that they're going to be friendly. I hope so anyway. And Brendan, when we first met him at a Mozilla thing that Sean was at, it was a dinner. And I said, and he asked who here or somebody said who's blocking ads, I said I am. And he said, you're stealing from children. And he's as a bellwether, I think that the IAV is there on, as we said at the last meeting, they're kind of there on their hind foot on this whole thing at this point. They're defensive rather than offensive. They're standing in what's going to be a crater after the EU does whatever it does after the 25th of May. But the IAV is the one that we're caring about. And that's all the documents we're looking at are theirs. And the drill down, I don't know where it is, but there's the 40 bits that you put right there. So which one? We've got the two links in the bottom. So for Sal especially, and I want to look at that too. Is that one of the links that there's both links that Sean was providing? So it's what we said. So we're going around talking about what we want to do. And just so I think, did you say you wanted to do a 20-page paper? No, I did a 20-page paper like right after GDPR came out for a law firm that tried to summarize the legal consequences for companies in the EU. And so I tried to kind of think about the legal side of things. So by that, I'm trying to add value. So you think you might be willing to maybe extract the stuff and then apply it to this path? I can try. I don't have ownership of this document. We could write something fresh like I could maybe help you. Absolutely, yeah. On this particular topic, the best thing I've ever seen written is the nightmare letter from Pricewaterhouse Hoopers. Because instead of it being legalese, it's done in the form of one of the 11 things that the data officer, the privacy officer of the company, is going to be presented as a denial of service attack when people send them a request for their rights under GDPR. And so rather than having to parse it from the point of view of interpreting the law in a 20-page thing, you can actually just look at a three-page letter that makes it clear, hey, you're going to have to be, you're, as a company, going to have to respond to these 11 or six requests in the nightmare letter. And there are 11 or 12 things in there. Six of them are generic and five of them are specific to the individual. The generic ones can just be posted on the website. The five specific ones require actual coding around the database or portals or whatever, exactly. And that is a much easier now. I'm not an expert, I'm not, you know, in GDPR. So I don't know how complete it is, but I think that's a much more workable thing to start with. Actually, the webcast we got last week, literally, this is, this is Privacy Denial Service. If you don't mind, Adri, because I was busy tweeting for us what you just said. What I said was that rather than working from a document... I have a link to the... Oh, it's up there? Oh, okay, the nightmare letter. Oh, there you go. Oh, you got that, great. So I'm not looking at the nightmare letter, but I'm not on the page either. It's got the best name. So how do I get to that page? What's the shortcut to that page? Well, go to any of the event pages, and then I'll show you a link. Okay, all right. That's our series. So, so far, so we'll do some kind of legal prose that rips off the nightmare letter. It turns into like an easy treat. The other side of it is we talked about tracking kind of what we're doing versus GDPR and seeing where the overlaps are. And we could try like the cell side kind of aspect. And we could think about that as well. I mean, we talked about kind of standardizing things. There's a ton about icons in GDPR. Maybe there's overlap there, kind of things like that. You know, easy things we could hit that would help us say, okay, we're really in the spirit of this new regulation. Okay, maybe we can start along with Elizabeth Burnera. And if Electra comes, Electra is an advertisement this year, and she is a UK lawyer with GDPX expertise. So she was, she signed up, so she write on this app. So it's called like legal, legal, legal tiger team. Okay, so that's legal tiger team. And then Bill took a pass. Was it? I can come back if you want. No, I just want double check. And then Adrian took kind of a pass, but believe like, oh, you didn't. I was going to learn on where people are hacking a while, because I don't have a horse in what the terms are, race. Right, okay. And then Sal is going to do a deep dive meeting with Sean, and I might split the time with that, too, into what's actually going on with the cookie, how do we hack it? All right. God bless you, Sal. Yeah, I mean, that's the best. I'm here for two things. I want to understand what the what the best way would be to do this, technically, to actually get it done. I have three development teams working on GDP. There are related stuff back in Toronto, some of them know JavaScript and Python, whatnot. So I could put them in a work stream and then we could get it done. Like Sean, Sal and you. Yeah, so I would like to see if that's interesting or suitable or like, I just want to try to first understand again what it is that there was a conversation with them. Make sure you guys have a whiteboard. Yeah, and I think through what kind of story. How about H8NNL? H8NNL. Okay, thanks. I think from both sides and the developers. Yeah. Nothing about the specific purpose that they've seen. Maybe, maybe in a related some Indian stuff. I don't know what's the plan. Well, I think my my fantasy is that Whimsical's Walt is where a bunch of stuff will live. So to put this one of the terms that was used by it was Andrew Hughes, who helped organize the last section, is that we should all have a privacy dashboard. And behind that privacy dashboard is a bunch of things. One of those could be here's, here's around keeping links to our actual sensitive data, which is what you've got. Because that may be phrased out a different way. Sure. Maybe what everybody needs is a privacy dashboard in the lack of, you know, pick the certificate or go daddy or whoever you want that provider to be in their control panel. Right. So what I think, I think what we want is to move control from where it's outside of the policy setting in the beginning of this workflow into the very beginning of the creation of those. So then it follows all the way through. Okay. So let me throw another thing in here that actually may have a Walt indication here at the end of today and tomorrow. By the way, we want to continue this tomorrow if anybody's hanging out. Okay. So we have a rule. So we can continue this tomorrow. It's different. Thank you. Thank you. Who's miracle worker on this thing. Is is Nitin Bajati and Nitin is also on the customer comments board. And he is, he worked for many years for Oracle. He actually worked for Oracle three times each time by acquisition. Or the never hired. We have a daughter who did the same thing with the gap. She did the gap. Anyway, he is back yet corporate. But anyway, so he is now working for a company called Service Now. Service Now is one of the largest companies you haven't heard of. But they are behind a lot of the call centers and all the service side of companies. So there is a sign to this that is also one of the standard ways once we start building out the consequences of what we're starting here, that are the persistent ways that we in a standard way can relate to many different service organizations. Right now, as one of our Vera and Cabal put it, if your sales force has one great big backend cloud and it has 100,000 corporate customers that are implementing that cloud in a way that give customers actual B2C customers 100,000 totally different income here and experiences of service. Or of doing anything. We could unify that. We could have the standard way that we call for support. We don't have to go to call up direct TV and have to go through 10 things that say our thing has changed and all that shit. But rather, this is what a service call looks like. This is what a request for updates looks like. This is what, I mean, with this thing last night, if I had that, I could have told Apple, I have this new computer, which has this serial number. I'm trying to get it, you know, everything pulled over from this computer, which has this serial number. And I wouldn't have to go through the several hours of shit that I went through last night because they don't have it, which is, I have to put an update this operating system to that one, right? That's the kind of thing that is doable if I can send the right signals. So, there's a bunch of records that we can have in a vault. Which means not just a cookie, but watch that cookie. Oh, God, no. Oh, no, no, no. This is the long term vision. We're not, we're not. Yeah, I mean, in some ways, this cookie is the camel's, it's the customer's camel's nose. Under the tent of all of business. That's actually friendly, right? It's not like we're coming in here to mess everything up. We're going to get, we're here to tell you, you know what, your guesswork system where you're trying to know us so well with your, with AI and ML and all that. Are you drawing a camel? Put that over there. We're going to actually give you our intentions. Hi, I actually am a direct TV customer. Here's what my thing looks like. I also have a Samsung TV and I have this DVR and I have relationships with these other companies. We can fill in a whole lot of blanks this way. I just changed my email address. I'm letting you and everybody else know in one move. That's the kind of stuff that a vault can make happen, right? So, this cookie thing is just what we're trying to do out the door that in the long run can change all of business positively. For Bill, who's, by the way, is going to end up running all of real estate, okay? He's been working on this for a long time, but basically he's the guy who wants to put the world, the world's most expensive marketplace. You're buying a $2 million house in a condo, a 1200 square foot condo in New York for $2 million. You know, but if the buyer is at least a peer in that thing, where I'm looking for a condo that has a big kitchen because I'm a foodie and I want one that's got a gin air, you know, or I'm just making this up, but I mean this is the kind of thing that's possible if you're looking at markets from the customer side, right? And that's kind of that hack that we're working, that's the larger hack that we're working on. That would be content casting, right, from the buyer? Right. Yeah, and that's, that's more than a take-casting, it's probably, it's not a word for it, but it's actually, I guess they're several, what is VRM? It's vendor relationship management. That's when we started this thing 12 years ago at the Berkman Center. So... That's just to remind you, but that's a cookie. The facts of the cookie. Yeah. Or... You know, but we can also inform policy, right? I mean it's... It all needs to go together. Yeah, so an interesting thing that's happened is that, and I like it that you brought this up, is that in a way what the GDPR did was it gave every individual a privacy policy and told the world of suppliers you have to comply with this, but what happened is as often happens the policy got ahead of the code. We're going to bring the code up and start meeting policy with code. The thing that's compelling about GDPR from a policy perspective is that it has real consequences. Right. There are all these guys who are at the table and never live in it. And yes, some of those consequences, the most painful ones are the financial ones. And now we're seeing possibility in Geneva there might be some change in that country about how those consequences are dealt with. You might not be charged on the first offense. It might only, this is something that Marcus was telling me yesterday. You might only be charged a financial penalty on the second offense, etc. So you're starting to see some variation. Well, this goes to the whole point about people who aren't being proactive about that and taking these kinds of approaches. Probably we might even get a second pass, right? Or whatever it is, you're the light. And the policy assurance policy, exactly. Yeah, if you make an attempt to go along with the spirit of it, they're not going to screw you to the wall if you just ignore it. So anything that we can create on the user side so that the good companies that want to do something can say, oh, look, what we're doing. We're listening to these user signals that are coming from these NGOs and these sort of civil service organizations, civil society organizations. We're good guys. We're trying, you know. I mean, I'd like to just following up on that. If the dashboard can generate the cookie. That's possible, yeah. That would be a really cool thing, right? So I don't know how we go about accomplishing that, but making it easy for the user to generate this cookie or somehow maybe- I'm thinking a little bit for those. Trying to get it to work that. And it could even just be some basics of it, right? And then just craft a minimum cookie, right? Maybe that's what we try to do today, right? So there was a difference between GDPR and do not track. The biggest one for me is the consequences. GDPR has hard financial consequences for violating. Do not track. It was just technically a polite request. It was a polite request, but it was also technically correct that said I do not want something and an industry looked at it and gave it the middle finger. So now we're not going to pay attention to that. Even though Bill put it into his browser, we don't care. There is an outlaw to that. W3C had a flag in the browser, I think for COPA, maybe five years ago, 60 years ago, Child Allowed Protection Act, where you could have a browser, not necessarily a cookie in the sense of an advertising cookie, but your browser would constantly broadcast as persons under the age of 13. It was deprecated because some people felt like, wait a minute, I don't want to be broadcasting that we have children. But at the same time, good actors would go, well, 13-year-old, we'll let them in. It had good intentions behind it, but this is the kind of web we might be able to co-opt to use for this person is not accepting your policy or this person has a competing policy, some kind of challenge response in there they could possibly be. I can't say this strongly enough, but I am speaking as a privacy professional by almost any measure, and I completely disagree with the idea that people, that we should expect people to set particular aspects of the policy for themselves. That is the third or the last choice that we want to do. We want people to inherit the policy from somewhere that they trust, the way I inherit whatever I inherit when I install a privacy pageant, and over the years, I've installed four, I mean six, I don't know, I probably want four or five of these things. I have never been tempted to change any of them, and I'm not exaggerating. And the one or two times early on that I try to change them, because for instance, self-destructing cookies I had in there for a while, and I tried to fill with it. The next thing I did was I threw it out, because it was even when you have something that you inherited by self-destructing cookies, and then you try it as a professional to modify it, it does not work. And so in no way should we be designing for people to change the sliders. I agree with that, and I think we should not be putting the onus on the user. The user wants to get news. They want to search for X. The last thing they want to do is read 48 pages of text. But they do want to be able to see, you put a privacy badger just to read yellow. Sure, I agree. It's really, really useful. So somehow in this dashboard, while it may not be something that someone actually sets anything, it would be useful for them to be able to understand it. But my great criticism of Do Not Track was my browser should tell me what I'm being before. But not anything other than red middle finger in the top corner of my browser saying, they're not respecting your signal. Just so I know that CNN doesn't care. Well, I want to modify what I'm sorry about. No, go ahead. I want to modify what I said a softly, a tiny bit because I've never seen this done successfully. But I think it might be done in the GDPR, might drive this to where it is done successfully. I attribute this to Kent Quincy and his work five years ago where because GDPR encourages people to selectively change the sliders, the thing that I said I don't want anybody to ever have to do, what he introduced into the conversation was the idea that as you change the slider, the page tells you what functionality you're about to lose. Yeah, yeah. And so that when, if IAB or whoever decides to interpret GDPR in this way and force people to play with the sliders, then it's important for us to be able to explain in our terms, like I attribute to say customer comments, what this change ought to mean in the policy. But I never, again, maybe GDPR will drive us in that direction, but Kent's done this not really out of the lab. So Andrew Hughes is here. I just invited him to join. So I just want to put out a project that just starts patching customer comments that might provide some clarification and like another way to go with this. So customer comments is all about balancing the power between customers and the institutions that serve them, whether they're commercial institutions, government institutions, not profits, whatever. So what we've talked about a lot is, well I want instead of a loyalty card from every single place and you've got to accept a loyalty card, I want to put out my life's loyalty card. So customer comments are an issue of loyalty card. And behind that loyalty card is I'll be loyal to you and this is my trust framework of rules about how you should treat me. And I like what you're doing, so I'm going to give you my loyalty card, you piece copy or smart final or whoever you want to do that. So if we're talking about larger ways of doing this, part of that would be like, I'll have a dashboard of what that gives me if I care to drill down, if I want to look at what it looks like, or I can just say, I know that customer comments is stands for these things and I'm perfectly happy to be a member, have their card, and then the other thing that it gives me if we work this through Indian software and all that is that it's your way to log on to anything, say single sign-on, you never have to log in again because it relates to your real identity that's hashed off. Blockchain. So. So Joyce, to this point that you just made, I separate what you just said into two pieces. I want, and you know this very well, I want to be able to tell the merchant here is where my authorization server lives and then I want to inherit policies for that authorization server from customer comments. I do not want to have, in other words, agency, which is what the role I'm playing here does means that I do not share my policies with the site, with the service provider. Agency means that I only share my agent with the site and then I inherit the policies from customer comments. And so that's why I said that I was going to stand back while we do the simple thing. And then try to introduce the standards for agency that I'd source as an option or as a component, depending again on what we're trying to do. So all the reasons I put it out there is just to kind of have a vision of one thing that could do this in sort of a mass way. And I just don't think, I agree with you, like some people really will want to have the agency, other people will want to just sign up and say, that's what my policy is. My policy is the same policy as everybody's policy. I, but we want to encourage, in the sense of GDPR, we want to encourage different, we want to encourage those vendors those service providers that want to compete on privacy to offer agency because they want an A and some patient privacy or whatever you want to call it. And then the service providers that don't want to offer agency, well they still get a B, they don't get a F. Hi, it's Andrew Heager. I wanted to reward you for being one of the good guys. Not necessarily always punish the bad guys, but reward the good guys. So they work economically for me to be a good guy as opposed to the status quo. Yeah, so that's sort of to your point. So identifying policies which are ready for inheritance is a pretty useful thing here, right? So among the people who do, so those products, I don't know, some factory use different products in the U.S. you know, where everyone calls, right? No, it's definitely acceptable. Right. Hi, it's Andrew Heager. So then we don't need to design policy of the cookie with literally, you could say good, it's sort of good policy here, which is sort of acceptable policy. So what, so I'm not sure what you mean by that. Sorry. So I'm trying to understand, when you say inherit policies, that doesn't mean that at what point does the user, that's an opt-in kind of thing. I opt-in to inherit this policy or by default, when I install my browser, I automatically inherit the default. So both what we implement and what sovereign foundation promotes is a four-layer stack. We're using the same standard for more likes. I mean, the debate is going on in some place called the Decentralized Identity Foundation, but we're all general one. But yeah, we're all part of the same, okay, a family of developers and in this four-layer stack, there's a person, the person has a mobile device as their agent, with Patrick's name and your element. Then, but it is not addressable because it is a mobile device. Right. Then there is an agent, which is controlled by the mobile device, which is also self-solving. Yeah, it's addressable. Running on the mobile device. The mobile device has a secure element. The agent has its own secure element that is a subset, if you were it, or a delegate of the biometric. But it has the benefit of being addressable. I serve, it's an UMA authorization server, literally speaking, the thing that's alumni. Right. And then you have the identity. Which is the public player that lives on the blockchain or lives in an open ID space or both. That's my audio working. And so, when I talk about agency, Yeah, I can hear you, Andrew. When I look at the software, it's entirely, I mean, we have a call setting on the same platform. Like Waller has been once assisted by us and it's totally used by software. Those are trivial differences. Yeah, yeah, yeah. So, we just so you know, we have Andrew Hughes and Mark Lazar, both ready to speak. But I don't know, is that thing still on? Is it on? Can you, can you hear me? Can you hear me? Now it's on, okay. Now can you hear me? Yeah, now we can hear you. You were trying to talk. You were trying to talk, but we had you muted. Did anyone write it down? Because it was really good. You looked really good with your head clamp on, so. Thanks. Oh, my microphone. Yeah. So, I just wanted to ask a quick question for today. So, are we trying to demonstrate to the IAB Europe that they're missing an important set of inputs into their design of consent management? So, they've done this cookie white paper. They know very clearly, it stayed right in the white paper itself that it's a bad solution and they're working towards a better one. We have the opinion that they're missing the voice of the customer, the real voice of the customer in their design thinking. Is one of our objectives to inform them that there is actually a better way that we would like better? Because all this talk about all this future stuff is great, but that's going to take longer than three hours. You're looking great, by the way. I love the infinite room in the screen. So, one thing to look at, I think when your property gets off or something, is there's a link to a shared notes file in hackmd.io. You can find it in the running notes. And it's also on the GitHub page of the event. And so, in there, we've kind of got three kind of like tentative smaller, like, tiger team groups that work on things. And one of them is a group to do a deeper dive into the cookies and that spec, and something that would be achievable this afternoon. And we added your Sean, right? Oh, that's Andrew. Oh, hey, Andrew, that's fine. So, like, we can add your name to that. Tiger team, if you want, Andrew. And I think we're going to be breaking into smaller groups that are more action-oriented, so I'm quick to share, you know, in a few hours, imminently, after ordering pizza. So that actually is the next item of the schedule. Because Mark's got a comment out there in the manual. Well, Mark has one of these things that we can work with. Yes, so it just seems that a really obvious pattern is I'd get a publisher to put a consent button that creates a consent receipt that can be used, that goes into the browser, and the consent receipt informs the creation of the cookie. Or a reference to the receipt that's placed in a cookie that exists already. And then the ontology that works with sort of standards and international lexicons can be used by, you know, people who want to develop solutions there. But I think the pattern is the publisher provides a consent. The user can then negotiate, provide more consent or by, for the use of privacy rights, or the removal of privacy rights. So for instance, I don't give you permission to track me around the internet. So I block, if you wish to track me, I block the use of my data using a GDPR privacy right. So it's sort of a way to use, to get user terms and negotiation going by using the publisher's consent and not really going, you know, I don't really prescribe to the IB framework. I don't think that we should fix it. And I sort of don't think that we should pay at home age as well. I might be a bit more hardcore, but I definitely think the consent, the policy of the user and the publisher, that relationship and the control of that relationship should be used in the thinking of how you create the cookie. And to that point, one of the golden opportunities we have with the IB creating such a accessible to hackers feature is that even if we don't subscribe to how they're using the cookie and how what this represents, because they've published the data format and we can intercept and rewrite that cookie. There's an opportunity to make it do more of what we wanted to do and less of what they wanted to do. But I think we need to look carefully at the cookie format because clearly it doesn't do the things we need it to do because, for example, the purposes list is written by the IAB Europe for advertising purposes. But maybe we could ask them to include additional purposes that are more suitable for intent casting and VRM and therefore co-opt their mechanism. Which if we get them to do that as a nod to the commons, they might do, doesn't cost them anything to increase the breadth of the purposes. We're not asking them to spend any money. We're not giving the middle finger to the ad tech industry which is paying all their bills. So there's a bunch of benefits in there unlike if this is an ad blocking solution which is an instant middle finger, they might go along with that. This is a diplomacy aspect to that. We're not going to burn your house down. Could you just put a sign on your lawn pointing to our house too? There's a big difference between the middle finger and that. Well, there's also just going directly to the publisher and getting consent and then placing the cookie that this is the consent to look at for ads. And you probably didn't direct from the user instead of through. That's a great point Mark. When we think of IED, they are for the most part funded by the ad tech industry, not even the publishers. That's really, the United States DCM is a different organization in Europe. The publishers are getting their tails kicked and this could be something that helps the publishers. Exactly. The publishers are not going to do it individually while we talk to them. One off, they're just scared to death. So this is a way to help the publishers, I would think. And particularly when you talk to them one at a time, they don't want to do anything. But if you say, okay, this is an outsourced organization that's going to just say, we're happy to get ads from you but just stump crack ads or whatever. Let's go to the outsourced stuff that Adrian was talking about, I guess from last night on W. So providing an outsourced service effectively. So IED could be providing an outsourced service for publishers if we pursue this. And maybe they have to consider that. As an ethical alternative to what their current status quo looks like maybe. Well, sorry. You have to read the framework document that they've produced because they actually do have a Consent Management Provider role. And that Consent Management Provider role collects the user's consent and writes cookie. So if we can be that role as a software, so it's not that they're evil. It's not that the publishers are not involved. It's just that if they take the basic cookie cutter that is the patched together solution IEDs come up with, then it doesn't serve anyone well. So maybe we can do a better UI and a better front end to help the user and help the publishers interface with AdTech. Is that a viable goal for us? Because I haven't read it closely, but the document conceives of this idea of a Consent Manager. But it doesn't say who it should be. It sort of says the publisher might be a Consent Manager sort of. But why don't we build Consent Management Software? I know some of you might be already. I know others that already are. And make it plug in. And then as other IAB-like AdTech consortia come along, you can say this is an IAB-compatible Consent Manager. And what's your framework? So the document you're mentioning, is that the FAQ that we looked at that was printed out that we had at the lab session, or is it a different one? That's the cookie format. Okay, right. So the transparency and Consent Framework cookie and vendor list format, Andrew? Because in there they talk about the different roles and who writes what and how do you register and all that stuff. But, you know, the publishers are on the hook for it. Because they're the ones usually interacting with the user interface. Yeah, I mean, this looks, I mean, I haven't drilled that. It looks a bit of a chef's omelet. To your point, I think we could probably help them structure it to be a little bit more usable. Particularly from a user perspective and publisher perspective. Right, I think that's, they're missing those two ends. You're looking at the document? Okay, could you check the link to it in the chat? Yeah, absolutely. So Joyce, by the way, is going to talk us through some way to get from here to pizza. It's in the technical way. The first technical way is the IAB. It should say IABD. So on lunch, because we can order it, it'll still take an hour, so we should order it. Is everybody okay with pizza? Either that or we could all, you know, yes. These are just the front of the packing. Yeah. Where am I taking this? Got to have pizza. Okay, would this be here without pizza? Okay, so I'll get like four large pizzas for that A&M. For five large pizzas. Four's a lot. Four's a lot. Four should be fine. Okay, so should I get like one meat, one cheese, or I mean, what is the nodes I'm going to have? Are there any like vegetarians or cheese there? Everybody here is a carnivore? We're going to have four side dishes. Maybe one that's kosher-ish. With live lamb and one kosher. So we can ask them to send hot peppers. Oh, good. Okay, all right, Emil. All right. I won't bring up the anchovies. I would throw you on that channel. We can get an anchovy. What anchovy? Yeah, one with anchovies. One with anchovies. All right, so then that's all. To be honest, we can share things. Are you a pro-anchovy or not? It's a whole, it's all kept. It's anchovies, capers, and olives. I feel like those are the three that might separate from that. Yeah, I did a 23-inch thing. And one of the things it said, in addition to, this finger will be larger than this finger, and it won't have a function, and I wouldn't have to be able to gather all those, is that the first time I taste cilantro, it tastes like so. And that was true. You know, and I wouldn't do it as an anchovy thing. But I love cilantro now. The first time I tasted it, when I moved to California from North Carolina, where there's nothing like so. Cilantro tastes like so for the first time. I don't understand that. I also prefer caffeine to spice to sweet, and I like caffeine. One of my hosts in the party had to ask value traders for shifted, but then I always have a line about cilantro. Because it relics it completely. But people who have that dish, that's all. Yeah, but here's the thing. It's when you first taste it, and then if you get used to it, it's an older, different thing. So if cilantro is in here at the event, like all the Mexicans would want it, right? So, but it's an interesting thing. First of all, we said that, is there, did you wash, did you wash the dishes or not? Or, you know, and no, that's just cilantro. Okay, on the wall, you guys online can't see it, but I just put down a list of allies and participants, some here, some not, and I put the ones I knew up the top of my head. Any of you who wants to add some? Mary, is this CISWG? I want to list all of the pieces of cantera. And I know UMA's cantera, and Adrian's UMA, and there's also, while set receipt, and there's concept management is a cantera thing, which angers. And it's not blind, right? Can you tell us all of the cantera pieces and why I went up with them in the shared note stock? Yeah, I put it in the shared note stock, I just put it up on the wall. Okay, Dazza, if you could maybe put a header in where I should type, but just for, just for a belief. Well, yeah, so I'm saying these are, what are these called for? What is the title of the header? What is the list? Oh, actual or potential participants, or organizational participants. Yeah, so what I'm going to type in is basically cantera work groups. Current and future. That's great, and it's down in line with E2. Okay, I'll type in, but I'll just give a quick verbal here. So there's the consent receipt specification, and that comes out of the Consent and Information Sharing Working Group, Work Group. Basically, it's a data format for expressing what a user is consented to, purposes, controllers, processors, that sort of stuff. We've also got a Work Group developing or collecting Consent Management Practices from basically any company that claims to manage consent, and we hope to turn that into a document showing common practice and then to a certification program around it. But basically with cantera, if there's work to be done to create recommendations, reports, or technical specifications in the area of personal data management or IDSE information management, then we just start them up and start to work. Okay, so we've got the shared notes docked up now. Do you want to just read down the... Yeah, I'll get that. Okay, so people watching, want me to read this down, right? Yeah, and I'll type in, these are the ACT teams that we'll break out into, versus legal views on this Elizabeth, Daza, and Robert. And it's a moving picture, as people like to say. Hack the cookie teams, Sal, Sean, and Hano, and describe GoToMarket in an engineerable way. Dodd, Joyce, and Daza. Daza's doubling up. I may want to jump between them, too. So, are we missed, should we reframe any of these teams, and who would like to... Where are you going to work? I'm not sure where this would fit in, but one idea I had, maybe it kind of spanned the view piece, is how to empower normal users, and I define normal as people who don't have privacy blockers, and the stickers on top of your camera on your laptop. How do you empower them to actually understand what informed consent is? So, can we go beyond the block of text? Let's not just try to simplify text, like can it look like something else, and then kind of try to explore that. We talked about this before you came. I think of it in terms of standardizing privacy policy, so that the way we standardize real estate agreements for the source licenses, so that people don't have to don't have to actually read the right agreement for the open source license because they trust the source. But that kind of privacy literacy is like a word streamer for itself, but it needs to happen. People need to understand why they want this. In other words, I try to avoid informed consent at all costs. If we can get through all of this without ever introducing the phrase informed consent, I will be delirious to that. Right, because that's the loophole that... Yeah, no use in consent is what the lawyer's thought. Right, right. Yeah, we want to avoid that. In other words, the hack we're looking for here is full agency starts on the individual side and then things flow from there. But in respect to another point that Andrew was making, we don't want complexity in too many choices. We want to inherit some things that are simple but already straightforward. But we'll cross people who are just the models who have the page flag in front of the camera to take it off. I think it is Jennifer, right? Stephanie, close. Close, three syllables. No, it's just Stephanie, right there. Well done, okay. So can we read on this one? Because I think it's more like that one. What are you going to read on this one? Okay. Who are we missing? And I'll learn to read this one. This one? Yeah, I saw it in the title. And your name again? Kathy. Kathy, right. Is she or Kate? Kate. Kate. Taking business. And that's this one? Okay, so Bill. Technical. Technical. Charity. Yeah, I should. Sure, sure. S-H-E-Double-R. S-H-E-Double-R-I? Why? S-H-E-Double-R-M-Y. Late to drink. Yes, okay. So is this not explaining these basic ways that engineers can build it? Or it might? Yeah. I saw that, I saw this as a technical thing, but what happened? Well, I would consider... Well, I mean when you break out, you should see what you really want to do. But the idea was from a prep conversation we had last night, where we were thinking it would be very useful as an output, not just for the other teams, but also just for the day, to be able to describe an, I would call it a business language that's agnostic to the technical implementation. You know, what functionally we're trying to do. And then part of that too, I think, would be people, like, the smallest one would be, like, the user sets this result is that kind of stuff. But then I think a good part of that would also be, okay, so let's say you have that technical capability, so a widget, a wrench or whatever, now what's the propagation strategy going to, how do people adopt it, how does it scale, and how does it work out? Kind of in the scope, I think. Because how can I pull this down further? Is it manual or is there a button on the wall? I'll just start clicking. I already did, but one brings, that brings all that up and down. This is the blackout shade. And that is, yeah, I don't know. I'm sorry. Can I just pull on it and break it? Yeah, yeah. Let's do that. Just a little. No, no, no. That is that, it's a new link, man. Maybe that's, oh, here's down. Oh, very good. Oh, good stuff. Excellent. There you go. Switch on. I think that's as far as we want to go. That's it. Oh, yeah. So we have another tool, which is just scroll the button. You can add me to the business. Okay. Business is waiting. Okay. We are on a FNB. No, just do it, right? Okay. Okay, is this quote, we're not gonna, to some of us, I mean, like these teams, you just go sit out there. Yeah, I suppose. Okay. But if we want to bring people in on it, we have to sort of decide which computers we want to bring along with us. So I would suggest going through the people on line now and see who's interested and why. Okay. I know that, yeah, I know Mark has already gone out for an Shovey Pizza. But, so I start by your person then. People on line. Yeah. So the people are snapping. People, people of the. People of the answer. People of the word. People of the effect. It occurred to me this morning that the Internet is in fact, you know, how do you say, you can say to find the universe and give three examples because there's only one. The Internet's like that. There's only, there's only one of those. There's no example. So it really is another universe. It really is a universe. So it's not just the world. It's the freaking universe. Okay. Is Andrew a wife? Yeah. Who's asked? Hey Andrew, can you, can you see the shirt doc? And do you, is there a team that you want to go with? Um, I'm just going to float in and out today. That's okay. Got a pretty full schedule. So. Yep. Definitely. And who's next? There's Sam. If Sam is still scratching his head there. Is there anyone? I'm still scratching my head. I put myself on the cookie team. I also have to float in and out just a bit, but I will, I'll coordinate with the people on team for what I can help. I'd like to go to the cookie team. Great. So there's Sam. And there's Mary. Then you're going to be on the team here. She has to go find the music. She's got a few other cats. And I'm going to see, I know that. Okay. So I think there's more. I think there's more. So my suggestion is that the business needs to probably stay in here. You have the most people. And then when we set up the cookie team, you're right, right out here. And we have a very huge process. There that we can use. So that we can get Sam in on the actions. So the whole team, why don't we get these two big teams set up and then we'll see what's going on with the list. And then we'll get Sam in the box. Okay. So that happens. I'm going to go stand up with the aspect. Room outside. And then when the seats come, we can put them right in this room. So that's going to come. Does it? We're a freaking hero for pulling this. I mean, if we just came in here, we go, Hey. Hey. Hey. Hey. Hey. Hey. Hey. Hey. Hey. Hey. Hey. Hey. I'm sorry. Hey. I respectfully disagree. So we can. I'm sorry. I'm sorry. I'm sorry. I'm sorry. I'm sorry. Do you know what you see that with? Sorry. There's a visitor, over in the sinks to announce the bathrooms are fine. Downloaded for people. Hello. Background Tonight now set up. Yes. Very happy. So pleasure. Thank you. The language. Okay, if we look at the cookie itself, right, so shall we move to the, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, yeah, I think that's really important to do that. It's Andrew. Is the cookie team setting up a hangout? I think they are trying to see the dust in the oven. Yeah, if they could post back to the chat or the document, I can click over. They moved out there, so I'm just going to see who's going to hook you up on that. So we need an axe. We're going to bury it. Yeah, exactly. And so, of course, there is this gap. So I'd love that we can have some kind of people that have some good ideas. And if we can get more and more help with other ideas and come across. Are you using the Indie SDK rule? Indie SDK rule, are you a developer? No, I'm a product and I work in community. But you don't write code? No. Okay, so Andrew's Gaza and Sal are going to try and bring you in on their own hangout? No, no. I think they're still there. Sounds good. Yeah, I think so. It looks like it's doing well. Look for communication from Gaza and lifestyle. Yeah, so what do I do? We should wait for alternative solutions. We want to explore the data in the way that we want. We want to tag the document we're going to want. The default version. Right now, we're thinking about what is the staff that we're going to write the code that can be reviewed so we can not just throw away the work. No, you don't want to throw it away at all. Let me think about that. You know, so I know you're a developer of a different company. I was, I don't know. So I thought it was a solution for change. Especially with information. Right now, there's one thing about it. If you just touch it, it goes back to zero. It disappears, you get listenability or something else. It hasn't changed. For a relationship, it's not a relationship. I think it's like a future. I like it too. Nathan said, his vision is each device should have a different, probably key. Probably key. Instead of just one person. Yeah, so it's one unique identifier. And I just don't know how you can put something in one device. It doesn't get better. There's something, like a key. Well, those are not. And you're going to make changes. I didn't know that this is a walkthrough. I just, you know, so I try to think what is what is what started. I know. It's terrifying. I don't know if the Office 365 is better. He's back. He's on vacation this morning. He's back on Monday. Instead of a call. We're in a call. We could go. We're going to know the status. No, I'm saying it's a call of views. Not the weekly call. You know what I'm saying. I know there's a guy at the end. He can't even pass on the phone. Yeah, so he's working on the wallet. You see that right now. We've got. We're building out the. Yes. Yeah. I think I think it's pretty. I'm studying. I guess. I don't know. I'm not going to be. Well, then what? Let me ask you. I might be. I might be. Yeah. So, they can sovereign Daniel's. And then. I don't. Okay. At least wait. Where were you? I don't. Yeah. Yeah. I'm going to call you. Yeah. Whatever. I'll take a look. I'll take a look. Yeah. Okay. Right. Yeah. Second, drive. And then. Just arrested this. Yeah. That. I just. And it's going to be true. Yeah. Yeah, I think the legacy has to be reduced to the narrative. Yeah, and that's why not. This point I'm going to hear is going to just be a draft of model. Not many people basically agree with this. But Larry, let's say you were discussing the draft, it was pretty good. He lost. Right. That was a great decision. And there were other things like that. But now we're not writing. The topic had a case. And it was like, no longer. High originalists. It says in the constitution, why is that what I got? And he lost some of his data. So he said, this is a change in practice. We've been changing a lot. So he events how we need to create a cover that's going to later. And here we have something. Right. Right. You know, as I mean, like, we're going to go to Flickr. Flickr. Flickr. We have, you know, some 8,000 passes. They're all crazy conversations. As a result of that. Right. So you guys shouldn't go on. They're going to do more covers. Yeah, so that's what I meant. Sorry. I was that. I look at night. I don't know. There are more. 860 to 30 stuff. I've taken. I'm. Yeah. I'll never be looking at it. But. So. But there's no thinking. Yeah. Oh, I do a search, you know, I did this single film, and it's better than the first one. And I remember, I'll leave it here. So when she was just at the end of the law school, it was kind of given that the honor of being present is within her. I decided there's too many pictures of her look like this, that she needed a good one. So at the Birkin Center, it was 10,000 percent. And when she was nominated to the Senate for 90 percent, she used this. Very few of them. And that's a big part of it. That's a big part of it. And I just don't think I was anything this. So there was one other fellow at the time, from Finland, and did his right speech. He passed on creative products. And he insisted that, because he didn't say this, and so I put it here. And you haven't started a weekly talk, so the 2010 Olympics, NBC contacted me in the morning. And they said, we really like your pictures of icicles. We want to use them on your icicles. They said, well, we don't have our attributions. We don't want it on your icicles. It was pretty cool. And you used the product. Yeah, so it wasn't an image. It was covered. I have to just check. They were going to take it. So I didn't do it. I didn't care about it. They found stuff. If you're on that list, you can obviously hear about it. And it's posted publicly on. They were violating it. And he took the license. And the license said, no, it's a way the license works. You can dispute it later if you want. Is that a contract? Yeah. You work it out. You know, Doc and NBC worked it out. The individual is kind of that ability to work. Yeah, and so they're slacking it. That's working out here. Is Andrew there? They're inviting him in, I think. So for this group though, you can just work together on the same doc. Okay. You could just type right on that computer. Okay. And then have people go into the same file. Basically, I would create like a header for each of the things that you want to work on together. Okay. Like the... Alright, this is the business go to market? Yeah. Okay. Oh, this is a bad screen. That's why we're doing this. This is a screen so bad. Switch. Yeah, let's go. Put this one back. Okay. There was a really great one. If you want to go back and watch it, with two Lawson questions from Leo, who talks about music, it was quite nice. So I just suggested to Doc, that you all get into the same file. And then maybe start with making like header size ones for the two or three things that you want to do together. Okay, so business oriented. So I have this note here. If you scroll to the top, there should be... So the way I have it, there's this... There's... If you zoom like that... Oh, there you go. So pencil. Oh, wow. No, no, come on. Okay, maybe we should have this... We're about to all circle up. Let's all circle up now. And we're going to get into the same file. There you go. We know what you're going to do. We know what you're going to do. I was going for the duty-free in Zurich, and I figured I should bring something from Switzerland. Yeah, that was good. The first Swiss guy was great. I could tell you the... I could tell you the... I could tell you the... I could tell you the... I could tell you the... ...school should just clean. ...the whole thing. I'll hold it in my hand and make sure... ...that you could do nothing. And then have you as... ...you know everything, and I'm working on fee-funded. I'm working. So, I'm living and working. So, we'll just have the chocolate. Can you hear me in there? Yeah, I was born. So, I was born in French. Can you hear me in the room? Andrew, do you want to be on the technical team? Uh, yes. Same with me, man. Do you want to be on the technical team and have Sal set up a hangout, send you a link to that hangout? And they're just getting started now, okay? Okay, also Sal wants to be on there too. Okay, so I'll make sure he says it to you. I think Sam's already on it. Who's on it? Sam is on the other team. Is Sam on that one? No, I'm not there yet. I'm here waiting. Okay, so the other team has to bring in both Sam and... They're both here for you guys though, just so that if you're not employing for everyone's time, you don't have to do anything. I would think the best thing would be to go on to HackMD where you are, scroll to the bottom, or scroll to the teams. Your team is further down. Yeah. I'm down to the bottom. This is crap. It has a crap. And then I'll make... Okay, so I'm just a spark up, right? I'm not going to do that at all. Where it's legal, it's middle understanding. And I'm just going to show you real understanding. Okay, and then this wraps here. Okay, that's good. And basically, the header size is smaller. Okay. The headers are one hashtag, and the header size is a part of the team's weight. And if you want to make it smaller, you can make it smaller. So this is okay. And then there's the same bullet. Basically, you're looking at this block. So this goes live. What does this look like? How do you solve that issue, right? What's starting up? Okay, I'm going to go to the bottom. So it's going to be everywhere. Any website. And so like, essentially, unless you have some sort of like opt-out, there we go. This is like, you don't think anyone's got that line. Okay. I think I'm going to go to interesting. Yeah, how do you choose like this? Of course. Okay, so do it in... Oh, you don't log into the screen. They talk about playing. All over the place. Yeah. It's interesting, like, where you can see this. Yeah, okay. Then pull that again. Yeah, I have many more to see. So on my channel... In Zurich. Okay. So I was breaking it back. I was just trying to be right here. Random internships. And then I ended up on... Yeah, I graduated. Okay. You're doing it out here. And then you're coming back. Okay. So I just cancelled my complex of place. But it's been cool. Yeah, but I worked at a law firm. Right after this came out. And then it was all together. So it was a little bit legal background. But it's kind of like... Oh, that was me at the end. Yeah, okay. That's me. I just wanted to make sure the doc was okay. So when I was down here... What would you do like this? One, would you like... Use cases to go to a market? Go to a market? I can also have you. Okay. Okay. Can we please start? So you're in here. You're in here. I see you. I feel a lot of market. Yeah. Go to market and stuff. And what are we going to talk about? Oh, this is the link, yeah. As of today, there's a whole bunch of features. I might give you a review. Finally, it's like... This is my old one. The screen is down here. So I have a lot of help. Six years. Six years. Mine's 24. Yeah, and things are failing all over. But it's still working for our purposes. I'm going to see... What kinds of features are there? I might give you a review. Okay. Your figures do things. It makes it do shit. Okay. It's hard to recommend it. I'm not in love with this. You're not in love, but you're okay with it. Yeah. It's like a functional marriage. Okay. All right. Okay. I'm going to do this in the first place. We're supposed to put out, like, use cases and go-to-art strategies. Okay. And he's got that in there as categories. Okay. You see it on one 10 and one... Okay. I'm going to do this in the first place. Okay. I'm going to... Oops. You have to go down. Okay. Okay. And here. And now make this another thing. Maybe we're done. And what's... What's the category? I don't know what you... What's the category? I don't know. We already have the categories. We already have the categories. Oh, I see. Yeah. Okay. Oh, I see. I see. Okay. All right. So, I go like this. And then we decide... Okay. You're taking up so, like, what are some go-to-art ideas. Okay. Around... getting... getting... Okay, let's... I mean... ... right? Okay. What is that? This... Okay. Andrew, it's Dazza. They're inviting you right now and they're just getting set up. So, you haven't missed anything. Great. I see it. Okay. Okay. So, let's see. Yeah. We're just starting to brainstorm the ideas about how to get a... ... Let's see if those people for a while can only serve this book. We'll see if we can do a deeper dive. Sounds good. Okay. Okay. We're all just typing in our own ideas this way. We can do this. I'm typing in things we talked about. Already. So, I'd like to make a... I want to just repeat this important suggestion which is I think it would make a lot of sense to make a header to talk to people about like, what do you want to do together and then make a header for each thing. So, I made a header for use cases because it's necessarily not possible to get you started and go to a market. But like, what do you want to work on together today? Yeah. Those are the right categories. Great. What do you want to do today? One thing we talked about was making like an engineerable technology neutral description of like what this functional component is supposed to do. What does that go under? Could be use case. Okay. Let me just... I'm going to take dictation here. In other words, you're saying basically a spec, like this is what we want to have somebody you build. Yeah, exactly. And then that way when things are built, you can evaluate them against what your attention was and more importantly, you can communicate your attention in a way that's engineerable from the start. And then you sort of see what hot part you get today. Oh, no, we did aspect A and B, but not C and B. Okay. So, that isn't really in the use case Let me just describe that as use case. I mean, you could or would make use cases and say when it comes to this description or operation. So, we say might belong in what... Why not just erase cases and replace that with in the same header size, like what the real name is. Real category. Buildable description. Yeah. That's good. So, you arrived at exactly the right time to meet your A. Hey, hi. Good to see you again. Yes, you too. So, I generate IW. Right, that's right. Oh my God. So, are you in that session? Are you in that session? No, the one that this is continuing actually. Oh, this is a little bit IW session. I see. I was in the one that was discussing the cookie more specifically. Yeah. I was looking at the pictures trying to figure out who was in it. Are you in the W3C? No, the other guy from W3C who also had a point of view. That's right. So, I used to work for Tim and so had participated with W3C but I'm not with him currently. Okay. W3CRI? Yes. Okay. So, we have some general socialization of the idea. Sorry. And now we're broken into two groups. We're a technical one out there and this one's more like you could say business or um I don't know what to call it. But basically writing down the idea of what is this function is supposed to do in a way that's available. So, it should be technology probably and then describe who does what and what is expected results kind of thing. And this is sort of a new exercise. It's a new like language and new approach for God and souls. So, part of what we do today is just to kind of get good at writing that in a way where it's built or more engineerable. W3CRI is good at that skill set. Thank you. Well, this is exciting. So, one thing I can invite you to W3CRI is we have a shared hack empty. Did you see the GitHub website? I don't know. Can you text me the name? So, can I email it to you? Yes. There's a whole list of partners that someone made. Yeah, it's not worth it. Sorry. Okay. Can we just do it? Yes. So, who made this? Tony made this? Right. Okay. Is that the same thing that you're... Yeah. Okay. Okay. Okay. Is there anything else you want to achieve? Yeah, I'm going to build a whole description. Okay, so I've seen this sort of as how the camel's nose gets under the tent. Okay. So, there's a side of this and actually the way Adrian put it, and I misinterpreted it first is what I... What do we say to people first technical and then the models? And what do we say to the industry? So, what are we saying to Jason Kidd and DCM, which is the publishing industry? What do we say to our potential partners? In other words, we go to three parties, I think. One is potential partners which we're just listing there. So, I go to Cory Doctorow at the EFF and say, okay, or maybe Dave Huseby goes to whoever replaced Cooper Clinton on the Privacy Manager case and say, we got this thing, you can put it in Privacy Manager and help us out. Okay. It seems to me like we better decide what it is, what we got built before we do that. Well, I think the first thing we're going to build is like this cookie, right? No, but this is what we're saying is the description of what we want to do and not call out that it's a cookie or anything else. Well, maybe we're ready with that now. Are we? Okay, let's try it. So, before I go into the meantime, just up here on the on the big board, so someone put ideas there which is good, but in terms of, you know, like headers that we could work on together and fill out, there's a buildable description which remains to be written or copy and pasted, and then I just wrote this place although there's like what would the narrative be to the technical people and the narrative would be to the models so that you have it as evidence and it's actually, that's probably not a bad order of operations. Are you also thinking about narrative to engineering teams of people who aren't building or that's more... No, that's narrative to technical people. Or do you use it in wizards? No, I mean, not the users but the people who would read the hands-on. That's a really good distinction because there is a VIM with, say, the EFF plus all these other standards, bodies, everybody can tear and so forth and the wizards who are going to be early adopters, they won't look at it and say, I want to do this, I don't want to jump on board. I tend to I tend to do this by the way you know for like a product in the FDA which is the FDA which is you start out with the indications for use which is one or two sentences that basically say I can use this for that and this is standards groups we call that a scope which tends to be a lot broader but if because then we can keep referring back to the scope or to the indications for use as we then start to deal with the different messages for example so in other words it's at a higher level than what message do we have or what documentation are we creating so so would this be an example what the indication would be like provide individuals to use method for expressing some consent to add tracking yeah I can use this for that so you specify who can use it is it by prescription only is it over the counter and then what do they use it for you know to track me in 14 years and that's all you put in there every month so right now if you look down to line 116 you don't see the line numbers there under buildable descriptions the person needs what we're able to do but the draft which I just caught and pasted from earlier notes today is that and then it kind of trails off there but I would suggest if you guys stay focused and keep coming back forget these take out any adjectives why don't you write me your fingers and hack them yeah that would be great because I mean you know what you're talking about but again I'm not here to define what but you have some ideas so I'm just saying I know but we're in the cell phone yeah I'm providing structure I don't have a voice in the no I understand but we're trying to have some words that are meaningful and your words are meaningful it's a good approach and also like literally I'm just typing just saying I'm a guy from Texas which is like I'm a guy from Dallas you're not here to do this it's a great teacher teach a man a fish guy yes we're the fishing rod fishing rod by us more or less so is that the US Digital Service that's right I'm a fisherman that's right we do crab calls for agreement just internally and we've now adopted the crab for everything so yeah so you know I'm meaning sometimes to say we just express agreement different pages actually different things simple snap and simple wage, finance, there was an organization just like we came with crab calls pretty early in the days and the stock crab has become this internally yeah that has kind of like your culture yeah that is something right that allows you to not destroy but also say I do agree yeah snap snap is more inclusive even here it's audio visual so how do you when you're doing kind of a project agreement for all the stakeholders and what you're fixing to do is this the kind of language that you think would work or is it correct and complete on line 116 to provide individuals a method for constructing and tracking that line for requirements yeah exactly it's maybe a little it may be incomplete for everything that they're looking for it's well the main thing is third party tracking we're having to see your ads but third party tracking is the no no I think that's one goal are people just not consenting to add tracking period or just the collection of their data add tracking versus are you only targeting add tracking well we're not consenting to third party cookies basically that's it because first party that's two you're there you're at that site so but the third party is they go off to other sites and the only problem with that of course is that they can be considered like this IAV Europe thing the first party can be shared with their partners or just like a bunch of other companies that are declared not to be third parties but they have some kind of relationship so now they have your information well I mean for the sake of simplicity and whatever the simple thing we're trying to do is we just say no to third party anything you know and they'll I mean oh we don't get our analytics well that's too bad you know give us analytics that work that was my question that is a tough one that is a tough one for the site owners because everybody uses Google analytics Google analytics is a giant data leak but Google can probably give you a version make available version of Google analytics that is actually you know in that sense so so from the perspective of the services then it's the idea that they're being provided a mechanism to identify like where do they get it because like they're getting something from users on a site or an app that's expressing their like from their perspective what is this underlying they're getting a form of GDPR compliance because their users are telling them to do the right thing by the GDPR basically definitely there's some power in that right now just this little momentum I mean because politically what they're doing right now is across the board thinking how can we violate the GDPR anyway we can be coming along saying hi we don't want you to violate the GDPR we're going to make it here's an easy way that actually gets you in alignment and also you know is the first step toward actually having a decent relationship with your users I met a few engineers like two weeks ago who at the top of GDPR came up and this guy was just yeah our team is just going to span all the loopholes and you can get around GDPR right and we want to kill them I mean that's basically that's all I care about right now that's all I can think of it's so I mean I'm not sure how to draw it up here up until 2007 advertising was advertising and then in 2007 that's the IAB advertising became oh you you would need to collect infinite data and you need the best ads so the ones that are directed great and correctly at people you need to spy on them and then all of advertising fell into that black hole so in the box nobody could think outside of right now including everybody in the industry everybody who used to be an advertiser used to be fired everybody who wanted to do old-fashioned creative brand manager and all that stuff they've been all the time so all they have now are like 25 year old people who've only known the tracking and can't imagine anything else who say things like how can we possibly ever make any money well the whole point of order here I disagree with trying to put into the indications for use different audiences we're building one thing here we're selling it to different audiences in different ways so we incorporated the second bullet into the first and whoever typed in the second bullet should take it away I didn't see it which is it read off how it reads right now and see how close it is please provide customers I changed individuals because that's too vague provide customers a method for expressing they do not consent to ad tracking in a way that's acceptable to service providers do you consider anyone every user is a website a customer well that's not for me to say that's customer comments problem customer this is an issue because we don't just use we don't just consume but we generally set users because that's the term of our so I would stick with users because people know what we're talking about I don't disagree with users everybody's a user when you are when we're drafting this we're focused on a particular on a particular utility to to a subclass of users I have the answer it's a GDPR answer data subjects provide data subjects yes a method for expressing they do not consent to ad tracking in a way that's acceptable to service providers we could use we could use data controllers and processors well they're controllers the processors don't send policies well it's not ad tracking they do not consent to be tracked by third parties that's it provided a subject for expressing that they do not consent to tracking by third parties that's it is tracking something we need to define because it's not something that comes out of GDPR no profiling so they do not consent to profiling by third parties that's fine so we're using in a way that's acceptable to data controllers so it's an interesting so in the GDPR there are these three entities data controllers, data processors and and data subjects a data controller can also be a natural person and and that is something that is a little bit of the cattle's nose because they were thinking of that as there could be a one person data controller that's not the data subject but in fact it could also be the data subject so it's a windmill made to ancient sea that allows a reading of the GDPR that's to the advantage of the individual so this part of the scope to do this in a way that's easy to use for data that's of operator's right for the people that actually run the systems that may not be the data controllers the processors that's easy to implement for data processors and acceptable to data controllers because I understand some thoughts will be the same right sometimes it will be different so as I understand it from Elizabeth who may or may not be on this call I wonder how back yet the the sites are controllers but not necessarily processors the third party was the processing right now so google analytics would be a processor right for whatever site that is right there right the site hires google analytics to be a processor for what they control and yeah so as a term operator I'm not even sure it shows up but it's a processor yeah a processor so is the part of the idea that this should be what you're going for something that's easy for whoever's processor to implement and use yes now the truth is we are going to fire most of the processors by the world right now but we'll also open up the world to processors that we might consent with subsequent methods that may not be cookies so that's I mean again the whole idea with the cookie years may have something in the short term to do in the longer term like J-Link which isn't in this conversation but is involved in a there's a protocol that allows an individual as a first party a data subject to have a contractual relationship with a that involves not a consent with a term the first term is this do not fight it comes from a vampire we don't want you sucking our blood and it says go ahead and show me I just make sure that I face them tracking me but it gets reported essentially a blockchain so let me ask you this because there may not be like a direct pairing with a like method for describing indications for use like if there was something that came out of the technical team that would make it easy for a data subject to signal their intent to not want to be tracked but it was very difficult to implement for data processors this isn't what I'm going for I know it's so essential that they track that you have to describe whether it's an engineer or not this is part of the messaging so there's a side to this where we're telling Nellie at the New York Times this is an expression of intent on the part of individuals that is going to have a a profound effect on everybody out there that's been busy following us to help them find better ways does it matter from your perspective if it's easy or hard for the processor to implement depends on the processor why I didn't say it why does it depend on the processor because if the processor is one of the fired outfits let's say it's OTH and OTH just wants to track and OTH can't even think of a way to not track so the answer is no then the answer is no the answer is no that it doesn't matter good so the answer is no then it really shouldn't be there so to ask us a practical question how would this be adopted if it was hard to implement for people that are providing services because the publisher the controller will adopt it in other words the publisher will tell them to do it in fact it makes it easier for them to do it we're going to make it easy for the good guys I'm just trying to test if it's complete and correct can I ask the last part where it's they do not consent to tracking in the manner acceptable to data controllers what does that mean the last part now that says provide data subjects a method for expressing we do not consent to tracking in the manner acceptable to data controllers yeah what does that mean is there a problem excuse me what does this answer there but that sentence is still completely what does that mean so without retyping it here's what I think we're talking to controllers we're not talking to processors we're talking to processors so the data subject is speaking goes to a website that's the data controller and says it gives them a cookie and the cookie says don't bring any third parties into tracking I can set to not be tracking third parties the part off of it in the manner acceptable does that mean the manners of the cookie in this instance there are many other ways that are being discussed but the acceptability or if I understand it correctly we want it to be relatively easy for the controllers to accept this that's the dimension of acceptability that's the forward acceptance so if in some crazy world the data controller has some manner that is quite good for whatever then that last sentence because it seems like we're saying we're saying we don't do tracking regardless of whatever the controller is doing you're not allowed to track it all no you're not allowed to track it to put it in their terms as profiler so if what we want to have happen is that the Washington Post Washington Post the Washington Post we go to the Washington you as a user as a data subject goes to the Washington Post the Washington Post has already heard about this hopefully and the cookie says what we wanted to say and when they hear the cookie they turn off the third parties third parties go on they still have the first party the first party we remember knows you're a customer knows you're a subscriber or just a visitor knows that you've been there 10 times but here's what I think is getting at but let me if I'm wrong tracking is a negative emotion what the OAuth and that ILP is doing is saying providing you a valuable service of sending you the ads that you want to see and so rather than using tracking I would use personalize for example because that's a positive I do not want personalize content so let me tell you what the problem with that is this is the Facebook answer that I got from the Facebook guy let's say I I want to target everybody with the Russian first name and at MIT on the fifth floor of of of this building or anybody with an MD on this floor you can do that and you're not going to personalize there's no possible personalization Facebook says we're not personalizing we're allowing our customers to have how do you know if you have the right adjective is but it's basically it's directed advertising oh it's just advertising I was just trying to channel what Kathy was saying I don't have a better word I think if we can state this in a positive way then we're better off if we can't we can I wasn't saying we had to say it in a positive way and I'm tracking our profiling actually is fine I was just trying to clarify that second part of what meant to be a manner acceptable to data controllers and if that was comprehensive of what we were trying to do with this could be it sounds like it is it's a serious I wonder if using the GDPR term profile which they define as any form of automated processing of personal data consisting of the use of personal data to evaluate personal aspects relating to a natural person I think that's exactly what we're getting at so this is the definitions part article 4 I think using these definitions makes our life easier because they did the work for us I mean if we have to use GDPR so let's call it profile and then go back to the step yep and actually if you have a link for that you can put it in yeah this document you made me think of a case where there are two but to personalize ads but we're able to use it to find that exact single congress person oh yeah I know you can basically target and it's not personalization, target it as but now you're charting exactly two people based on and they're like that's not personalization we're just targeting there was this other case like three years ago the guy who probably just rude me he knew everything about his rude me and so and the ads were like all of it by name or that thing with the Walmart they sent a girl like target Walmart can you guys hear me can you guys hear me we're breaking the lunch one two three four four five five six five six three five five So I'll need to take my number, call or something, I don't have to, but I just want to put it in. I just want to say, you need to treat all the children to the truth. Loose. See. See. See. See. See. See. See. See. See. See. See. See. See. That's a good sense of it. That's what it is. So, maybe. That's good to me. Thank you. I'm just looking forward to showing you that. Probably. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thanks. Everett. Yeah. So we built our own, I've been working with our creators, but Everett built us own blockchain, just for identity. Oh that's cool. We just brought in these discussions. If you use identity or something like this, it's a much bigger job. This is super liquid. So, let me see if anybody can still, group one, I'm not used to this one here yet, I'm not used to this one here yet. That's you Todd, that's a phosphorus mine that belongs to Colorado River, that's Christian. I have an idea of what's left of your rich life hat, that's on Santa Barbara right there, the only sail that I've ever been on. That, my father built that for his grandfather, it was the series, both of those were only those six years, it was for Serina in 1928. What is it? Uh, how's this park in New Jersey? That's where Santa Barbara is. I can tell the sun says it doesn't rise, but what's in it for me? My father's a guy, he can be taken in the middle to the right of that guy. We help build the doors, one of the doors that you need to construct. There's the Matterport, I don't know. what's on that side of the line? That's the Sunar and it's the Sunar and it's the Sunar. That's Santa Barbara, that's back in Ireland again. That ice cap that Hondo is about is there. The ice cap section, that's Frank, right over here. That's Versailles at night, that's Greenland. you did your eyes off talk, what are you going to use? Yeah, that's a very nice thing. I am a profound geographer in Santa Barbara. When I was, like, the second time I was in LA, I don't know what it was. That's the Dolomites. That's a hard stop. Yeah. That's the Dolomites. What are you not driving? That's a panel with iPhones. I have a board, and I have a switch that you can have. It's a pretty big switch. What's new to Santa Barbara? Now, is this a sorority? No, it's not. It's just a little bit of a mess. There's a little computer that goes up over there with the screens down the line. Yeah. That's the brotherhood of a computer. It was the main reason why I wanted to do this. You can see right now, there's a portion of the design behind it. It's a dog a**. You know, it's a research institution where we only have infields and fifties. It's playing out here. Over and out. Yeah. So anyway, I just do an early job for Santa Barbara. And they had a little talk about what they're doing. And it was just a little way plus social distancing. And it was a little... And I don't know how we looked at that. I mean, guys from New Jersey, all of Dahlman were all Stay Ahead of the Left at that point, that's it was that, more than usual. Where's Rose as well what I wouldn't know what it is? Where is it? I don't know if you can hear me. I'm here because I have to answer that. I give the people that I just, got to head to a level and beg them. And they said, well, how long has it been left here? The choice of your choice is half a second, but I don't know. I don't know. I don't understand. I don't know. There you go. There you go. There you go. There you go. OK. OK. OK. OK. So if I have a little bit of silence down, I'm going to be in a really good mood right now. I'm going to be just fine. I'm going to just put this track down. I really want to turn this thing forward. So anyway, it looks like it was out there. It was out there. At last, I'm actually going to say to fill in blanks in what the head industry already had left. Yeah. You were stepping in. You were filling in. Yeah. Yeah. And I'm not sure. I'm going to go ahead and put these two parts together for you. Are you going to be filling in the people content? Ah, they should be. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. Joyce. So what. What does that mean? It did quote her Oh, no. What's that? I'm trying to find a better search for a list of people who are just waiting for it. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Let's start in the marketing department. The project is really, you know, I was the best one ever for you. I'm an alumnus, I would make anything for you. But it's fine with me, you know, so I want to thank you. Now I want to go to the Asian University. By the way, you know. Yeah. You don't want to hear it. If you ever really need a position, that's the first question you can remember. Okay, I'll do it. Excellent. That's fantastic. I don't know. I don't know. I hope so. I hope so. I'll take this. You know, we'll send it out. We'll send it out. I didn't have a boyfriend today. My whole family is going to see us. I'm going to figure out what's happening to us. No, I mean, listen. No, it looks good. Tell us. This is exactly the way I fantasize, which is fantastic because nothing else can happen. So, pretend. Are you doing anything? Oh, mine is... Hold on. Let's see. You're very uniquely... You're more than just thinking about something, you're more... But then it becomes... Mashable, that's the way it is. Make your back. Make your back. Make your back. Make your back. Make your back. Make your back. Make your back. Make your back. Make your back. Thank you so much, thanks so much. So you're at Kennedy School? You go to Bernstein? All right. Yes, you go to Bernstein. So I see you in San Diego. I don't think so. Well, if you look at people in it, there's similar stuff. Cool. He's never even been to one. He's not even been to one? No, but whatever. Gabal is. Oh, he's going to Zoom? Yeah. Apparently, it's like a blockchain center. That's why. He's a blockchain guy. Yeah, and Adrian is local, so yeah. Great, great to meet you. Thanks. Thanks. So did you know where to Zoom? No, I just said that this is a big day where I'm going to be a lot of hard-working professors. You know? Different backgrounds that might be really, really interesting background. And so it's because of Swiss. He talked about it a month, and then the whole thing with my client. Yeah, and they're on Zoom. Yeah, yeah, yeah. It's your class, right? Oh, okay, it's your class, right? Yeah, yeah, yeah. No, no, that's another one. No, no. That's the only girl. That's the rich side of it. Yeah, yeah. Jay-Z, when he was at the bus, he started out with Charlie. That's how he was. Okay. And I remember Jay-Z, when he was like the boy master assistant on coffee syrup. He grew up, he was 19 years old with the collar. And there are some interesting people about that. And I think he either like took a break from Yale to work at Microsoft or vice versa. Okay. And he was still fighting it for the girls. No, I didn't. Something like that. And I found him to co-talk with, you know, the American media. Joey. Yeah, yeah, yeah. A class. Yeah, Joey's another old friend. I think he was before here. Yeah, he started his own one this year, exactly. And I'm trying to engineer a master's in computational law. So, okay, so... So that problem, like, is customer service problems. Okay, okay. So you follow up with that. We'd like to have somebody to do more work on that. And that's the thing. No, it's not. Yeah. Have you considered that? No, I haven't. Considered. And I believe it's a sort of background. Yeah, yeah. I think it's complicated. Very, very complicated. Like, the guys... They ran me back. I don't know if that's possible. Project... Project. I didn't say if I talked to you around the board, but... Our main illness was all done by an L1 who was the undergrad engineering major at Rice. So, now he's practicing law here. Somewhere in the US. But he was great. And that's where we came from. I mean, it helped to have somebody... He started his own term. I don't know. But... This isn't to recall the certain projects... The way it used to be handled with the L1. When they have the open house in fall, the project is not only to stay out here, but it will stay as it is currently in terms of... I don't know. I don't know if that's... Yeah. No, it's much ministerial. Yeah. No. What are the things that have just been coming out of here? A lot of things. Yeah. And part of this is the consciousness. I mean, I don't know how many times you were told. I mean, this is just sort of some basic question. Why do people not care about privacy in the US? But relatively speaking, people do care about it. They just sort of scratch it and say, Well, we can put the person in the most position to kill them while they're doing that. And that's what's important. That's what's important. And there is... The frames sense it has no races or no religions. You can't write that down. I don't know if that way it's... But religion? Because it affects the taxes you pay. Yeah. And I know that, I mean, most of the outside don't know how independent the cantons are. It's more like the US in many ways. Yeah. In a sense that they're really suffered and this is... But there are other things where Europe is just way behind it. Like the whole... People call it like digitalization or whatever it is. I feel it's lagging like ten years behind in Europe or something. It's really bad. Well, so like, I've worked at, for example, social security in and out of the like big, fresh banks. And they have 150,000 employees. And I bet your kids that like half of them are doing things that hard. In my view, it should be a lot because the people doing them are like don't have high capacity. But just they think we could do so much better than of course we should. And I think the issue is that you don't have the same like really tough road economic incentives to be efficient in Europe as you do in Europe. And so people are happy to kind of carry on and be successful. That's a good job then. There's a big advantage of being a customer. Maybe it's three or four years or something like that. So in the legal area, there's obviously a lot of companies. And I think it's going to come to the States. See, it's funny that you mentioned the fact because the US actually, compared to the user base, the incentives that we might have, the reviewer is happy to be out. We don't have to change that. That's fine. That's fine. But you know, you're also going to have to deal with less pressure. And then how was the... You're thinking about it. I'm not there. You're saying I'm worried about that right now. I'm not going to go over the license. Do you feel that too? Yes. Yes. I hope that you do feel the same. First, I would like to know how do you deal with that reviewer? Well, if you like the argument that you do, it tends to be people who don't like that. And it's not going to get exploited by others when it gets hard. But there are some things that I would like to know. Yes. Because right now, it's not right now. But it is. I mean, it's something that I can't deal with anywhere in Europe. You know, I'm not thinking about it. I'm thinking about the structure. Yeah. Oh, it's... Yeah. But it's a question of consensus, right? My buddy started staying with someone at a frat pit as I, and we stayed up a lot of last night, and we were discussing military budget in the U.S. versus Europe, and what it's done with that money in Europe where it's much higher taxes are low. It's that thing. Like, what is a trillion dollars buy? A trillion dollars buy is housing for... I have a benefit. I have a benefit for people. And I have a benefit for them. I don't know where they live. They live in a castle here. I don't know. They have people here. And so, when I was old enough, we just wanted to see what sort of military books were for children in the U.S. and why didn't we get them out of Europe? So, I didn't even trade what's going on for the poor, and it's not even there. Yeah. No, for sure. The thing is, it's not... It really is. I think it's like... I mean, there are people... I mean, there are people... Every place where there were... Well, yeah. Based on... Exactly. So, that's the thing. To me, despite the fact that... there are people... who are already in Europe who are... who used to speak the language. And that's the thing. And it's frustrating. It's intellectually frustrating, because you know that I go around and I just don't have it. But if you look at it more, I don't know what to do. So, that's what I'm starting to work on. They do. That's where it's worth it, right? I know. Well, the way people here put up their German defenses, I mean, it's not like you need to go online. No. But I have a question. You know, there are people who are... who really, really, really dig the knowledge and follow it. That's just... You know, these kinds of things that are in Europe, in the cities, with that stuff. On the technology barrier. It's the first time. Yeah. I mean, it's... they never tried to... Well, you know, the last time they had a... the US sort of had a claim on the integration by the U.S. for our... for our insurance or computer or any other kind of technology. It's relatively rare for Europe to be... It's relatively rare for Europe to say we're going to go this way. And... But if you look at GDP on the language, it would take a very close meeting, with governments, and public entities are essentially set for a lot of situations. And if this was a U.S. stock that I don't think I knew about, I'd say that. And this is something that bothers me about... that... Well, I mean, as you guys... Yeah. You know, I think that in the end of the year, well, you're getting that kind of reinforcement here as well. And so much of what you're doing here, at least to help us get out of there. This... So... So... I... I... Yeah, I can't make a change in the job here, because it is the latest, you know, but... No. But it has to be... No. No, that's... No, that's... But the fact that... I mean, I mean, what is it? What is it? You can... No, you're right. You know, get out of it. So, for instance, it's not going to be... If it gives you... You don't have all that sense. It's not that. It's just... It's just... We should have a battle right now. It's not supposed to be. We should have a battle right now. We should have a battle right now. It's not supposed to be. We should have a battle right now. So, that's my personal question. I'm trying to... I'm trying to... And... It's just... It's just so... It's just so... It was a... Yeah. It was a little bit... I don't know what I'm talking about. No. I've... I've been to the room and seen a handful of presentations, people, and it's a beautiful, beautiful, but not very successful. So anything can come out. It's very hard to say. The question is, is this naive? That's why. I'm going to be a part of this. I'm going to be a part of this. I'm going to be a part of this. Yeah, I'm going to be a part of this. It's exciting. That was a long time ago, and I'm going to be a part of this. I'm going to be a part of this. There are a lot of people who don't understand what it's like. They're going to be interested. They're going to have a positive. And they're going to be wondering what it's like, when you're being a part of this, and now that we know where it is, it's getting harder and harder, and we are going to be able to take part of this. I think there's something wrong with that. OK, hang on. We're just setting this up again. Is that it? I'll mute it for now. But this is what we're going to hear through. But we just have to click on one of the Google Hangouts. Yeah, one of the Hangouts is attached. That's open. This is maybe a system. Yeah. That's muted. Or that's muted now. OK. So I'll put this back in. Has Dazzo left us? Daz has gone to the dentist. Yeah. But his computer's still with us, so he has to come back. But he wanted to be back. That's working, I hope. That's speaker there. This is making a little light now. Yeah, that's good. OK. Let's keep it there. OK, there's that document. OK, that document's up. If you can find a way to test them at the end of the line, it's the annual of patient privacy rights summit on the 24th and 25th of the month. There's a big work to be done to happen to the pulmonary and pulmonary diseases. I'm just going to get this stuff. Never been to Austin. We've never been to Austin. Not alone might be a reason. It's not hard to get there. Well, the doc's something we're working on. OK, keep it in mind. My current plan is to try and show up here sometime. OK, good for that. I'm just going to leave you and Andrew and others from here. You know, I think I'd rather this one. Well, we don't want to. OK. Oh, let me turn my cell phone on this. That's it. I need to be muted. OK. That should be it. But now, OK. This is getting right. There's no feedback. I know, but we need to be able to hear with other people. No, no, but now this one's unmuted. Oh, that was definitely OK. So we need to be able to talk and hear through this one. Is there anyone on the other line that can tell us if they need to ask? Is anybody on there? Mary, are you around tomorrow? You're on the other side. Just Mary and Mark. I'll meet you here one second. Yeah, I don't want to hear. Oh, you're there? OK, you're speaking. That's good. We can hear you. That's true. I can speak. Can you hear us? I can hear you guys. OK. The whole time. OK, I'm going to tap a microphone. Tell me if it's this one. OK. Is that it? I can hear you tapping, but I don't know if it's a microphone. It is a microphone. OK, that means the right mic is working. That's good. OK. Hi, Mary. We missed your I.W. Hey, Adrienne. Yeah, I was actually traveling the week before. And I've been staying in Seattle working on a project up here. And I just couldn't swing another week away from work. So sorry about that. OK, well, we're waiting for Andrew and Sam to come back. Sal was writing things up. There was another session with another hangout. Yes. And they made enormous progress. At the end of the session. Yeah, I just thought it was there, there, as well. Apparently, yeah. He and Sean had a problem. Well, Sam, yeah, and Sean was there too. Sean was there in person. Sam and Andrew were there virtually. But everybody has a silence, including Sean. He's working on a silence. I saw him right here. Good group. OK, good group. Yeah, so luckily they did what we couldn't. Yeah. Here in the business room. Well, no, we figure out a part where the business part isn't figured out yet. So for those in line, we looked at the IABE spec. We looked at the way that their cookies being formatted. We thought about what are the ways that we can either hijack that or partner up with them to do something that's more respectful to the user. Based on the way it's configured, we could become a CMD, which is a Consent Management Platform, along with the likes, I think, of Quantcast and SourcePoint, a few others. In our case, it would be the first Consent Management Platform that is not a company built in the ad tech space, but built in the user support space. The critical path right now is it would be done with a Chrome extension. And it would allow you to have a cookie that is basically what the IABE cookie is, except with your terms encoded in it. So the business side needs to come up with those terms, with those policies, what those principles are that we have encoded in there. And so we saw a couple of different pathways. One of them being we make a fully functional browser extension, which with a bunch of policies that we all agree to in this room is Consensus. And then we go to IABE and say, isn't this great? Don't you want to work with us? And maybe it's before we go to IABE, we go to EFF. And I saw a bunch of other fellow travelers in the world who believe in the comments of what we do. And we say, why don't we make a consortium out of this and kind of let's encrypt and let's create a CMP for the user, as opposed to CMP publishing and advertising. And then go to IABE with that. Maybe we have a little more juice. Yeah, because you have a few fellow travelers. Or if IABE doesn't like it, we can just do it anyway. Because once you've got the Chrome extension, you can do whatever you want with it. And that Chrome extension with a little bit of formatting should work on Mozilla. It should work on Brave. It should work on Chrome. And then the user has, if you to work with us or FU, we'll just give this away. And then the user's got the ability to tell, here are my policies. Here's what I'm willing to accept. That might tick some people off at IABE if we go rogue. And then go rogue is an option. My personal feeling and the critical path is we should make a baseline version of the extension with some, if not all, of our policies that we think are important. And then bring that to IABE, say, look, working code. This is not drawing on an app game. This is not an idea. Don't you want to work with us? Because here are all the good things this is going to bring. One of the arguments we made earlier in the day was if we have a consortium or just it's all through customer comments, there is now an ethical alternative to all these ad tech guys. Wouldn't this be better optically reality wise if you had an ethical option that was user-centric, not IABE? It's going to help you with your regulators. This is a bunch of really interesting levers we can pull. But for the most part right now is Sam's jamming on a framework for a Chrome extension. I'm going to get some icons for it. Sal's going through the JSON to look and see what the IABE normal policies are. And we're going to, from a business and legal perspective, we should come up with what our own policies are that we can map those two or three work streams together. The politics and the diplomacy of engaging IABE is going to be delicate. I think showing up with working code first is the way to go. Not with threats, but honey, before the vinegar, they'll get the picture that there's vinegar. They're going to get it that we can walk away. Considering the rise of ad blocking in Europe, 40% of Germans have an ad blocker on one of their browsers. Considering how popular clicks is in Germany, this should resonate. It should resonate with users. It should resonate with IABE if they're a little more enlightened than their American cousins. That's a big ad. I don't know if they really are if they're just paying lip service to it. At the end of the day, some of these policies might be, I'm willing to allow cookies for monitoring and analytics, but I'm not willing to allow cookies for advertising. So I think these are where the trade-offs are. And so we have to figure out what they are. EFF might want to have a different profile than ISOC, than RAVE or a proxy batch. You've got to figure out. That's the game of moving pieces around on the board and figure out what they are. But from a technical solution standpoint, it seems to be super lightweight. And we could either go rogue or we could go to the political end either way. In that going rogue scenario, how do we use it for something to change on the kind of controller side of things to circumnavigate what we're building? They still could. There's no stopping them. They don't listen to the do not track now. The only thing they've ever stood up and listened to is bad luck. And is it trivial for them to block our solution? No, we might mess up their solution because if, let's say, Demetri is a CMP, member 24567, and we name our cookie 267, it might cause some conflicts. And that's not a very nice capability way of making people do what you want. But at the same time, we could monkey you understand by one of the reasons why RAVE doesn't get stopped is because RAVE looks like a crudomal Chrome browser. It's got all the ad blocking tooling involved. But your website can't tell if it's a generic Chrome install or if it's RAVE, it's just blocking area. That's how branding got passed all that. So in theory, we could make life slightly difficult. They don't have a, other than the consequences of GDPR, they don't have a reason to work with us. We can give them an incentive to work with us for why this would be better. Because there are some users who are never going to install this. I mean, like being. And when it starts with Chrome, it's going to be, Chrome's got 60%. And there are a lot of people like me that are using Chrome and 200 browsers or 300 browsers. Don't get me wrong. Google could block this extension. Google can pop it out of their app store in time they feel like. And we can pull our pants to the floor if they do that. Yeah. And it'll be well. And maybe if there's a regulator who looks at this and says, this is a really interesting thing, we would be behind it. That would be the juice against IAB to sit up and go, this isn't going to hurt us. We never were going to get that 10% anyway. The people who give $25 a year to EFF are folks like in this building, not the dude in Starbucks who tripped over my bag earlier. So it's, we can leverage some of that. But there's an interesting story in there about having an ethical alternative to the ad text up. We know the guys at SourcePoint that's been a rocus, he sold that mom to Google years ago. Coming up with a set of policies that we can community-wise agree with or create a tool that EFF can have their flavor and go to their communities that should you stand up for this. And the folks at ISOF can say, yeah, we believe in this. And we'll get behind that. Here's the tool, set your own policies. Mozilla may say, we're not messing with any analytics cookies because that breaks the web. Great, super. Now there needs to be some kind of dashboard on that extension so that the window shade drop down so you can see like, hey, your bank won't work with this. Maybe you've got to see how far we get on it. I want to answer the question, Mark. I can't see the question. My only concern is that starting with the IAB framework, which they admit is not the answer, starts with their definition of what consent is, which is fundamentally flawed. I'm wondering, Mark, I guess you can hear us through the name like, whether it matters that it's flawed or not or that they get it or not. We're sort of hijacking their framework. Is that right, Sean? It's a hijack of their framework. And basically going to them with it and saying, there's an opportunity here for you, not a fight. In other words, we're pursuing that sort of opportunity rather than we are sanctioning their flawed definition of what consent is. Yes, we're using their tools. We're using their tools to have a better definition of what consent can be. Mark, it doesn't screw with consent receipt, does it? I mean, you're not basing anything with consent receipt on what the IAB says. You can take your mic off me if you want. Yes, yes. Slightly, not by any means. Yeah, no, that sounds really good. But the burden of finding consent and recording the event in a way that is recognizable across or to others or in a standard way, that it follows on to this hack, I think, right? So we have to do that. So I think the consent receipt sort of helps with the structure, but not with the definitions. And the GDPR provides definitions. There has to be a comparative contrast or maybe an enhancement of the IAB cookie's definition with what we mean by consent or how that changes consent. So I think it could be the self-sovereign definition of consent, but I think there's a fundamental, we don't consent to put a cookie on my machine or I withdraw any consent for tracking, which would compete with the IAB cookie for the consent contract and framework that Google's using. Yeah, so Mark, we took a really small view of what we're trying to do, like how can we use the tools that they've got to stuff some of this without having to fall in line with their definition of what consent looks like? This is like a 20% solution, not a 100% solution. And it may not be perfect. And we were sort of looking for a way to co-op what they were doing and give the user a voice. There is still, if we can get IBE behind this, it will give it more legitimacy and get more adoption and uptake from the publisher side. But it doesn't solve the consent issue. I'm going to agree with you on that. OK, well, I definitely agree with you on it. It's a great place to start. And it gets us in the conversation in a soft way. And it doesn't storm the castle. And I think it's really good to make a discussion about it because you're right. It might be more about awareness, more about mutually trying to find that with them. So perhaps my perspective is a bit harsh from trying to start from that. I just worry that we don't poison the effort that we're trying to do by using their version of consent which David already said isn't as flawed to some degree. And then that just feeds into Google's use of contract with all this publisher saying that you now have a contract with us and that we're, I think, I have to look at it, but are they saying they're a joint controller? I think they were going for joint controls the last thing I read. Right, so I think that's a big issue politically for us saying that, well, the user has control or providence here, and here's the term at customer comments that says what that providence means. And it's basically like we give you permission. If you don't track us without our consent, and if you do track us without our consent, we want to use these privacy rights, which we object. We want you to put our data over to customer comments. We want you to, et cetera, et cetera. So I think it's about who controls the data is a core fundamental issue. So I want to put a pin in all that and say yes. And I'm totally agreeing with it. And maybe we were thinking a little too small or trying to be super light in our solution. And maybe this is a starting point and moves us forward. My sort of alternative goal was I wanted to park my horde in front of their castle and say, wouldn't it be great if you joined us and we assaulted your castle? And if that doesn't work, then yeah, it might poison the well. So we should definitely think through the implications. Well, there's also the other option, which is, hey, look, here's a little better way. Why don't you guys use our framework? If you take your time. Yeah. Or I mean, that's like, obviously, that's probably not likely to go far. And I think you know. Right? Like, they could take, they could look at our stuff and go, we're going to ignore this. And like, OK. I don't like in the UK, like the Guardian, the Register, some pretty independent publishers, don't like Google saying, hey, you're going to have to take our contract or we're going to be a joint controller. So I think if you go, hey, look, IAB will use your framework and we're going to give this definition that we're not going to be a joint. So you don't have to agree to be a joint controller with Google. I don't know if that actually, like it's more into Google's use of analytic cookies or being able to, you know, ultimately, I just think a consent cookie should go to a consent reference point that says, I've consented for this advertiser to give me ads. And you don't need to look at a cookie. You just need to look at my consent. I think buying into the whole cookie and we need to be track thing might actually create worst, you know, inflame the problem. But you say, no, just look at my consent receipt or my consent token. And my consent token places a cookie on the website just to disclaim that, you know, this is under the control of the user. And if you are tracking, it's without consent. If you just dispute their consent that they think they have consent and you as a user say, no, that's not consent. I think to me, that's an important sort of a step and maybe it's in the future. But for May 25th, it's like, no, this isn't consent. I wouldn't want to tell users that this is consent. You know, there are a lot of cookies on your machines without your consent, unless it's a first party cookie. Yes, and partly it's because the doc that we were editing is not on the screen. Okay, I'll put it up. Hang on. I know what Sean looks like. Just to make sure. There you go. I'm not gonna, I don't want to, I think it's really great to use the cookie and what we're doing with the cookie spec. And it's also a stepping point to go, oh, look, this is what should be in a cookie. But maybe we don't even need to use cookies. We can just use consent's tokens that place a cookie, which is, you know, we don't know yet. We know it's, I think it's about this hack day and about doing it step by step, like, which is really awesome stuff. But I see it all the time. I think, I mean. Who's cutting this into somewhere? And I think Mark, having only one idea coming out of this hackathon is definitely a mistake. The reason we should come up with some more. One of the reasons why we went down this trail is when we first looked at the IAB spec, it sort of had two players. They were either vendors or they were publishers. And we looked at the idea of can we take the vendor and co-op that and make Dmitri vendor and Sherry vendor and Shawna vendor along with all these ad tech jerks. Like, how can we co-op some of this work that they've done? Because right now, their model of consent is, we'll give you a cookie that says you're okay with what we're gonna do to you next. There's no forward or proactive doc saying, here's what I'm okay with, get ready. And so that's what we went with that, but I think we should look at, there should be a version B coming out, or C or D or E coming out of this hackathon along with the cookie idea to come up with something else. Yeah. I mean, in fact, we can send an I agree button that would give you a you agree button. So that's what I meant. Right? You agree. I think Sam and Andrew back in here. No, but they're writing, Sam's writing. Sam's, oh, okay, so they're both busy. And Andrew's reading. Yeah. And so what we want is that the link to that document that you had out there, it needs to go into this master document. It's hack, under hack the cookie. Oh, there it is, okay. Well, why don't we link to that and put the whole thing into it. But Sam has another document, it's a different document. No, no, I think that's the whole box. Oh, that is, you've seen that. I mean, it's kind of a dog's breakfast when everything's in there. Okay. It's much tastier than a dog. Yeah, I feel like you could have the link there, but also just paste the whole thing into this document. You can do that. In one document. Yeah, I mean, if you look at it, it's got a bunch of stuff, including talking about how we are approaching the idea of hacking the cookie, right? And the idea of what the approach is that in the context of the IEVE, there is this, you know, a CMP and the idea is, okay, so how do we become a CMP? And how does that CMP represent the user because the user's completely investing in the way that they design this stuff? So that seemed to be the, and it turns out that if you, I mean, you have to go to that document. It's simpler than I thought it was. I'm gonna have to click on this one. Yeah. I don't know who's got the document. All right. There we go. Cause it's sort of, also go way down. Way down. Keep on going. Up a little bit, up a little bit. Up a little, up a little bit. Sorry, it's a little, it's a little, this is what I found, this is like a little table. I thought it was what I found useful. So for them, purposes are, add purposes, right? So it has nothing to do with GDPR purposes, right? And then for them, the features are all advertising features. So there's nothing in their cookie, which represents any of the stuff that we're trying to, so if you go down further, and then the other thing that's in there is basically all their vectors. So this is the application of it. I just thought it was easy to put it in there as a table with a few specific things. Sorry, I don't want to type on precise. And then you see all the people down below who signed up, and there's like 80 of them. What we're suggesting is that we become one of the follow on vendor list. The CMPs, right? Right, but do it in a way in which you probably don't have the same purposes. So this is what we want to hack, right? So we want to hack those purposes and features, because their purposes and features are not what we're looking for in cookie. And I'm using the wrong term when I say policies. It's purposes, which maps to their own replacement in their cookie. And we want to co-op as well. So here are the features in JSON. While there, there are the purposes in JSON. Just scroll up, though. Just scroll up, we'll talk, right? Oh, no, no, I'm sorry. So in this case, storage and access of information under purposes, is it on or off, or is there some kind of variable that we can say for site analytics only? Like, how do we turn this into something where it's actually, to meet you telling a marketplace, here's what I'm okay with, as opposed to, here's what you will be okay with. So this was pretty enlightening to me, because I thought maybe they had some privacy-related references in what they did, but zero. So, Doc, one of the co-workers of Mozilla, Jason, is now, he's the head of business intelligence for a very large publishing firm. We've had an ongoing argument over the years, and then something like this. We in this community, whether it's customer comments or the open source world or VRM, we're showing up to a gunfight with a knife. You know, don't show up with a knife to a gunfight. The reality of it is, we're showing up with a knife to a murder-suicide pact, between publishing and advertising with ad tech, feeding both publishing and advertising cocaine to get them to be killed, the user and then kill each other. None of this is user-positive, although regularly it could look at it, you know, it gave them the choice of personalization. Like, I can see a really strict reading of this, going yes, no, yes, no. So, Mark, this kind of feeds into what Mark was saying, like, let's be careful about how much we map to what they want, because it might be completely against what we believe or a table of them. So, okay, let me ask if this is a useful exercise. To look at each of those things in the right column of the table, from the individuals from the data subjects side, right? And say, okay, storage and access of information, I see that as, I'd like us both to store our agreements in a blockchain. Very good. Personalization, I'm a person. I think personalization should be what I say it is, because I'm the person. Thank you. I'll let you know what it is. And selection, great, I'll let you know what it is. I have no problem with it from coming from a first party, from the second party, meaning a data controller. The data controller wants to give me an ad without involving your data processor, that's awesome. Content selection, yeah, I'm fine with everything you have in your site as long as it's, you know. In other words, I think there's a, there's another column, which are the user-based versions of both of them. Oh, that's interesting. We're recognizing these are their categories, sorry. No, that's exactly what I like. That's what you meant by the two sides, early on, is that correct? Yeah. Is we need to add a column. I didn't start capturing the stuff that you said. No, I think it's great, let's add a column. Yeah, I mean, you can do that, add a column, I think it'll work, right? So I'm in the process of writing it into the other thing. Yeah, I'll write it, so I was just gonna pick that one, but if you're doing it, that's fine. Yeah, so copy it, we can always copy that. But we can add a column here and then. Yeah, okay, well that's good, what are you doing yet? Yeah. Oh, we're just, someone better, or do I right click here and then insert your column to the right? But to someone I just wanna type into that. Yeah, go ahead and type. Or actually, I can type into that. I can transcribe. Well, put the heading so we remember why we're doing this. So what is it, user? First of all, comment says. Yeah, yeah, everything. All right. What I would put there is, you can ask us to believe it if you want, but you forget it, which is the term of heart. If you want. How long? Well, no, no, no, no, no, no, no, if you want. What? When you want. Right, how long, right? Well, just when, how is it to read it? When you want, you can ask us to believe it. Personalization, we call that trapping. Yeah, exactly. Oh, no, it's a trap. NG. Okay, a trap. Because just so we, we have the GDPR like lingo in there as well. Guys, can you put the document link into the chat? Because since those of us on video cannot read what you're saying, just go look at it. I'm on it. Okay. There's the link. And then laying out. There's my face. And then. Thanks. No worries. That selection is my ad preferences. My topic preferences. Topic. Really. My topic preferences. And exclusions, right? Oh, no. Well, preferences were included. Right. But maybe it's something. Yeah. Yeah. And exclusion. Sure. Yeah. Where. So that is effectively what we call a counter for disclosures in, in healthcare. Where do I see the locks? Well, that's. So that's analytics. Yeah. This is. Yeah. What I would put there is only aggregate information allowed. In other words, more than one subject. You're never, you know, or that's what this way, at least 10 subjects. Let's be clear. At least 10 subjects in any measure. If someone wants to spell check me. Yeah. Okay. Is duration. We're not allowed to add stuff, right? These are things that are already in the spec. So the duration was a question mark. Someone put in there. What's a part of it? Yeah. It could be a. No. Mary, I do not need anonymized. I don't think anonymized, uh, works in, uh, in the age of AI Facebook. And I wouldn't use it anywhere in this. They, uh, GDPR distribution between anonymous data and customized data. Um, and where, where like the risk is different. Um, no, I just completely, I would not. I would hassle customer comments. If they allowed for anonymous data. So I would, I would define it and I would say what you mean by aggregated because a lot of aggregated data. Or attempting to, to anonymize an anonymized, we know, can be completely reverse engineered. So, um, I mean, the term of ordinary is differential privacy. If you want to, if you want to avoid specifying at least 10 subjects for that, then I would call it differential privacy and then they can look at it. Allow differential privacy. I can put the, the definition of pseudomization as per GDPR up as well. I don't know if that's useful, but. But again, the columnist label with customer comments is suggested. Okay. And what I'm saying is I, I, and we create, I think agrees is I would take customer comments to pass. If they allow either anonymization or pseudomization as a. Yeah. Sean said the same thing. Yeah. So what you're saying is you want differential privacy. Yeah. I want so differential privacy or only aggregated. I can see that. I need to go farther and say that even differential privacy is high. Right. That's a good. What is differential privacy differential privacy. There's actually a very nice how long Apple finished about a year ago at the developer conference. Differential privacy is when it's like your knowledge proofs is a form. It is a form of differential privacy where you disclose something that people want measured or asserted, but you do it in such a way that it cannot be aggregated with anything else. Or correlated. Or correlated with anything else. So as you are knowledge proof, as an example. Is that a term in Apple? No. General academic term. That said, though, there's there's a lot of work that basically says there's a very neat inverse curve between the usefulness of the differential privacy and the actual privacy. Like, I wouldn't stress. I wouldn't put differential privacy in there. Okay. So. What's there. Okay. I mean, that seems reasonable. I'm not a hundred percent sure on the math. Yeah. That's right. Yeah. I suppose we could do a hundred. No, I suppose we can do some quick research and see. Well, you can't because you don't really know the functionality of the data that you store it. Unless you specify the dimensionality, you can't tell the number. That's why differential privacy is actually the academic term for this. It's because it considers the dimensionality of the data that's being aggregated or stored. It's hiding in plain sight. Sorry. Kind of. Yeah. So, it's like. Yeah. So, I go to a bar and I show them my driver's license. What they really care about is the over 21. So, it's literally a math equation looking at my birth date. So, track me by today's date and going, yes, he's over 21 or not. It's the predicates of the number that I need. And then the non-correlation part is big because if you have enough of those predicates and I can go, that's the joyses. Nope. We move on to the next point and then circle back to. Well, could you say exclusive or personal information, right? Because that would be the whole point, right? Right, so what you don't want is things which are personally identifiable. You don't mind if there is information in there, but you don't want to be able to track it. So, that's troublesome because in like today's age it's not trivial to define what personalized information is. Like if you have my general like geographic roundabouts and like tastes and where I went to college, you can learn that way. So, here's the example. If I give you my blood sugar to five decimal places, is that personal information or not? Because... It makes you uniquely identifiable. All of a sudden, you see what I'm saying? So, you know... So, I think only aggregate info is probably as good as... Yeah, you know, and this is what happens when it's difficult instead of multiple courses, you know, eventually. Yeah, anyway. Insulting. Well, that's already... Difficult sometimes. Okay. We're trying to define what it says in our column to what fits in those small boxes over here, I think. No. So, we're trying to relate to each one of the devices, the duration, the features. Once that they say IAB says... Right, so we should title the second column IAB says. Right, right. And then it takes IAB as... Right, that's good. So, here's a question for the group. What if... What if you're phrased, or at least, how do you feel about just presenting the analytics to the user and asking, like, are you up there with this analytics, this analytics being shared? Right? Like, instead of trying to guess ahead of what's dangerous on aggregates... So, a purpose that... I mean, in order to maximize individual agency here, I would rather have standard ways that a user would inherit from someplace, even in the term earlier, something that's their pro-formas, that tells the site, for example, I want you to get all the analytics you can to help you improve your site, but not track me off the site. That's good. So, and that's basically where Google Analytics started, and now it's been enhanced with, you know, we're going to probably go to the end of the year and report it. Because, by the way, we keep the information, too. And we'd probably be good with it. So, but I think there's something in too many words for us to say here, particularly that is what our consensus is. The thing is, as soon as we get into their saying, would you like this, would you like that, we're back to exactly the kind of thing we're trying to defeat here at. So, I wouldn't exclude the possibility that downstream there could be some sort of dialogue that's even automated, okay? So, where you have a set of conditionalities on both sides. Nitin Bajati, who's not here yet, and Ian Henderson is not here either, who was in the first conversation, both pointed out that a model for where it ends up is a lot like what we see in the B2B world. In the B2B world, where you have two parties of equal power, where you're bowing and you're cracking away, and you're having a whole bunch of agreements about where an engine goes and how an engine works at their point. And because there are so many variables in the agreements that have actually automated the process. So that there's a bunch of logic on both sides and say, if then or else nor, you know, and then the other side says similar things. But it's automated and the opposite of both sides trusts that the machine's going to work this out. But Ian has put it out there on 4,000 variables in B2B. And they're like almost none in B2C, because that was a power asymmetry, so absolute. What we're talking about here is that hi, IV, we have power on our side. GDPR has given us this, or thank you very much, we're going to take it from here and it's going to be good for you. Okay, we're helping you out here. There's useful information in that third column there that can actually help you do your job. And I shouldn't say that it was not just the IV, it's actually the publishers and the advertisers as well. And along with the advertisers, they not just the advertisers, it's just the companies we have relationships with. Now, sorry, I missed that. What I meant by that is, okay, so there's a, because we've been in the advertising box for some time, it's very hard for everybody to think outside that box, but in fact, if Proctor and Yamble's, let's say, L'Oreal wants to have a relationship with a user of cosmetics who even need advertising in the middle, it's already a customer. There may be lots of better ways of signaling back in the marketplace. They're outside the scope of advertising, which is generally the one-way thing. So, but again, this is very downstream. What we're laying out here, once we start, that's the count's nose and the tent, we're putting customer agency in there, and once you have the agency in there, all kinds of things are possible. Yes. I was going to react to the highlighted things and the features, because what Bill's putting down there is not like the others. I would say, you won't use my data to correlate me with my offline self, but if you do it explicitly, it shows up in the logs. Or somehow, in other words, there's a difference in the purposes thing we were being positive. We were basically saying this could be either this way or that way, whereas in the features we've shifted to saying it can only be one way. So, I'd like to ask... I'm sorry. In the purposes common, customer common sense, we weren't saying you can't store an access information. We were saying, if you store an access information, I can ask you to delete or forget it whenever I want. Right. We weren't saying you can't personalize. We're saying, call a tracking, and we might allow it, if you call the tracking, in certain forms. We're not saying you can never personalize. In the app selection, we weren't saying you can't personalize or allow me to select. We're saying, as long as I get to choose, you might be able to do that. What I'm saying is, in the purposes column three, we were always leaving their intent. Okay. Whereas in the way it was stated in features, we're denying their intent. Okay. So, that's a difficult distinction, and I have a bit of a concern about leaving their intent because I'm wondering whether or not... Let's just look at personalization for a second. But first, I mean, it's certainly in a way, personalization is done now. I want none of it. But they might proactively want personalization if they can not so much permit it as intent casting. Okay. I'm in the market. I'm going to Iceland, and I'm looking for Iceland as... Well, suppose, for instance, I wanted to have, and this is a classic one because it involves location, suppose I wanted to have the gas price within 10 blocks of where I am, show up on my phone as a form of personalization. Yeah. I might consider wanting to be tracked for that particular purpose. Yeah. So, that... I don't know if you want to go here because that's entirely the way Google works, right? I mean, you log into Google and you are being followed exactly the same way with the free gas and you get exactly what you just asked for. I'm certainly able to turn it off. In all of these things in the third column, we're able to turn it off completely. But I'm just saying there's a difference between personalization and content selection. Yes. And we don't necessarily have to... I mean, we could make... Don't track me with the fault. Again, that's how I asked specifically what we want to be also. Well, in a permit, I mean... I want to be careful for our purposes here about getting too far downstream with where all this may fan out in permutations and magic additionalities. And rather, you know, we basically want to be able to say to them is we see where you're going with this. You're missing our side. Our side is this. We're going to start with this simple thing. The simple thing is we have our own way of expressing consent. And here it is. It's a cookie. Or whatever it is. It sounds working on. And where you can go is these many other good places downstream. But for right now, we're looking at this one because we want to help you with a goal on the 25th and we want the same thing. I'm not going to insist on this at all. It's not my fight. But let me try and explain to you the way I think of this in health care or in general. I separate transparency from consent. And so I say to people even if you're not willing to treat my UMA authorization server as an issuer of authorization tokens. In other words, you don't want to recognize my authority to authorize that third party to view my location for example. On a transactional basis, on a contemporaneous basis, you have to report to my authorization server that that third party is looking at my location. And so because what that does is it creates a market for services that either customer comments or EFF would offer so that I can now hook up my authorization server to the great god of goodwill in this class to say, hey, these guys are tracking you. Did you know they were tracking you? And you get that feedback that independent decision support is cool. So what I'm saying is to me agency has both components and they're separable. As long as I can point, as long as agency means I have to come to my authorization server even if you're not going to honor my authorization. And this derives from the fact that the service providers in health care are subject to jurisdictional constraints. They may not be allowed to send information to Russia because they're the VA period. It doesn't matter what the vet wants. So they would override. So this is all got discussed for a year. It got discussed as to, you know, what to do. So in other words, once you give people agency, the service provider is still subject to their own governance issues, either for business or regulatory reasons. And so you can't, I can't impose my policy on them but I can impose transparency on them unless it's law enforcement. In which case I can't do that. So that's why I separate those two. Okay. And that's what I was trying to get at in the features thing is you want use my data to correlate me with things online. But if you do for whatever reason, it's like the watchman followed the canary clause where if you execute a secret request... So if there's a search warrant... What's it called? It's a canary thing. So there's a picture of a canary in the front of my website. And if I get a national security letter which says I can't actually tell you when I've gotten a national security letter. It's like a poison pill for NSLs. Yeah, but that's just transparency. So I'm saying transparency is separate from agency. Agency is you can ask me whether or not to release this to the FBI. Transparency is you tell me that you're releasing it to the FBI because I don't have a say in whether you do or don't. But you can be transparent. It's a warrant canary. That's the challenge. It's a warrant canary. It's more fuel. Yeah. But it's dangerous. Are we going to go somewhere else? I know, I know. It's $50,000. I don't say that. Yeah, it's $50,000. Take one password. There's people down there that don't look that low. Yeah. Yeah. Yeah. There is a cheat name. Cheat name? Yeah, well, just there. The Fire 2 Diary isn't fast. It's not really that fast. It works. It will be both lost. She's lost more than I am. That's all. What do you guys for me? She never looks that. Okay, so how was that? Robert, you were writing. Were you informed by what you were saying? I think, yeah, I think we've been good. There's at least three people who have been writing into this table. So I think the table reflects the current... Do people agree that the table reflects the current status of discussion? And then I've started transcribing some of that here. It may make sense to have everything in one centralized location. So, okay, that's... Is there... Is that linked to that who will publish some of it? Yes, it's in the other thing. It's in the other thing. Would it make sense to have a fourth column that's what GDPR says or what we think GDPR says? Well, I think what we're trying to do is actually accomplish that but we're custom working now. No, I would put the fourth column the actual section number or whatever. Yeah, I can already see this research. Because I have no problem with my regulation. Let's go beyond the regulation. That's on the table. Yeah, I've got it. I guess I'm in there. Yes, yeah, so if you scroll down a little bit. What if I'm in there and use it as an animal? I see GDPR article or GDPR section. Right where it is. So, I can go through GDPR and try and find the relevant bits. Yeah, there's a site white in case that says it's something that looks like this. Let me see if I can find it. These things, per se, match GDPR one to one. It's a table that they have. Yeah, this is it. Here we go. I'm going to put it on the other. First day. Yes, it's the first day. Yeah, I know. Well, it does a lot of things. You know, they my son's son is back. Really? Well, well, it's so much faster than that. This is dying. We're using it now. It's going to be $500 to fix it. I don't want to fix it. But some of the problems are like, here's mail. I want to move save all of these. And before I did this, I was moving around. So that's gone. That's there. And that's good. I guess that's good. So so this is considered by me a failed future. I'm not so. So choice of this. There used to be something here. I'm going to move this off. I hit control or right click on here. There's a choice here called move. He said, no, it's here. Yes. So not everybody likes that. No, I just clicked on it. And now other things in there. I don't know what those are doing there. That's what I was talking about. It's a feature. It's a feature that's highly debated. It should be. I mean, I know what the issue is with that apparently that it's an entire iPhone worth it's $200 parts cost to the cost of goods on each one of these Macs because it has its own chip. It's on display controller. It's on secure element. So it's got everything in the iPhone except the battery. I don't blame except there's nothing in the mail app on the phone that looks even anything like this. So exactly. And that's what's being debated is on the one hand they did this thing that's so much for the cost of goods that nobody's going to be able to put it all right on that line. Well, I actually wanted one of these keys but to get two terabytes I couldn't do it. I had to have the script. Yeah, exactly. So what are these? These are I've never used one. I was just looking at yours. It's literally the first time I've ever even know what these are. These are mailboxes. Those are fine for me. No, they're mailboxes. But I don't want that shortcut. I think to stay fixed the way it was. Yeah. But if I go to a different app Yeah, you can change the setting somewhere and have this be like the old kind of top. Yeah. Yeah. No, but I I remember accidentally so if he does that show back up in the menu where it disappeared from right because now we know what the test is that if you can disable it then the move connection the move connection Yeah. We don't know. I'll have to look at it. Will you just save me and fall through the loop or what's going to happen? Here's AppleCare right here. This man is saving. You know, I mean, there's this migration system which is fabulous unless there's like one decimal difference between the OS in this one and this one and if there is you have to back off on this and go through all the command lines to get it back to to download the right algorithm system. We've got it. Yeah. That's the test child. There you go. Okay, now try the move command and you can mail it in. Oh yeah, I'll go to the mail. Okay. Let's see if it shows up. Okay. Nope. Ah, he's right. He's always right. So now you want that to change it back, right? Yeah, and the keyboard. Keyboard. I will make a statement. And then touch bar shows and then app control, that's like the standard. I'll leave it there. Yeah. You can also customize the control. I mean, they give us too many options. Oh, hold on. Show me the choices. Oh press F key. Oh, okay. No, I don't want that. Yeah, so what that does is Oh, it gives you the shit that used to be on another keyboard. Like this is the right up and down. Okay, no, I don't want that. That's like, go back to OS 9 and that's what that looks like. But this is show the function keys. It's fine, I like that. There's this function keys. Yeah, it doesn't put that in command where you're expected. Have to job. Well, you know what happens is, and this is the disaster for me to say, is that no application developer, other than Apple, and apparently Apple themselves isn't willing to properly write to the API. Because the thing is so expensive the fact of fragmented the developer universe for absolutely no reason. Because they can't, it's not like adding the jack and then expecting it to roll down a line, you know, we're going to switch to USB-C and fine, you know. You can't do it. You can't add $200 worth of cost to every Mac in the line, you know, to a MacBook, for example. And therefore all of the third party Apple developers are ignoring the API. It doesn't seem tremendously useful in the API as well. I really hate that. You know, okay, now I'm doing again with another one. Move to copyright. I get a little debt. I get a little progress bar. But then if I do something else that changes the context the whole thing is disappeared. You've discovered it could move my cheese as a black Mac. I wonder if we're moving in a direction where the whole keyboard is going to be like adaptable and depending on the application you're using. Yeah. Let's hold it for a second. But like a dynamic input interface makes sense. Well, it wouldn't bother me because I don't touch type. I still wouldn't bother everybody else but a lot. Not in fact, are you are you talking? I've never learned to touch type. So, you know, Apple has looped off the advertising business, but now I click on a mailbox and it says, look up now. First of all, I see suggestions from the web. I choose the app store. I'm going to be sure to find more. Make suggestions more relevant to you. Look up and that one includes products with location with requests to Apple. Is if I only live in the Apple even worse and I want any of that, which I know. I want to do mail. I have mail. This is for mail. I don't want to go to ship. I don't even know what to write about. It also has me to retype that. I don't think I know how to do it. That's just that. So we lost Mary is the one who has still on there. We lost What did you say, Doc? I don't know what's going on. We observe that You're going to go star for hanging with it. So I believe we're supposed to be in marketing points. I'm the one that squashed them when I introduced the indications for use, but I didn't need to say that they were not part of our deliverable. Well, I think what happened was that group out there got a lot more interesting. For me, anyway, let's end it up. They're really pizza-cating, too. So did we finish this relative GDPR article, Steve? No, but it would be time-intensive to do it now. I don't know if that's the best use of time. Because essentially, it means someone who read this thing, the number of times, and has a good feeling for it, says like, for example. Yeah, we actually have a couple of groups. What I suggest we do is we start a section, label benefits, and we just move back to the other thing. We go to the benefits section, and we say for the advertiser, for the vendor, the benefit is blah, blah, blah. For the data broker, the benefit is that you don't put up a business. This is the set of four. I feel like we go fishing. That's the right thing to do. For the IAB, the benefit is they move out of the day. Now you're getting interesting. OK, so where is that? OK, it's here. You're there. Yeah, I can type. You're much faster at that than I am, so. So I would list the bullets starting with the actors. And then we'll figure out what the benefits are to each of them. Let's list all the possible actors. Oh, it looks like Andrew's back. Briefly, yes. Oh, you briefly, yes. Yeah, I do tell us what you've written. Yeah, so just so you know what we're doing, Andrew, we just had a really cool session where on this other document, we took the table that has what the IABE thinks these different variables means that we're putting our own versions of those so we can come back to them with them if they're friendly enough. Yeah, I took the JSON, but it Google Sheet. Oh, OK. It's not there in processors. It's there in processors. Andrew, and then we added to that basically a customer comments column of what the purpose of the features would be or should be going forward. Because what I found out, which is what you probably already knew, is that they would completely avoid anything related to the user. Simply purposes and features for advertisers. Yeah. And that's linked back to the document that I had earlier and is now incorporated back into the main doc too. And yeah, so that was good. And now what we're doing, and Robert is working on it, is taking to go to market side of this and basically filling in what the incentive alignment is for each of the different parties. This is what it does to the vendors. This is what it does for users. This is what it does for advertisers. I'll do the formatting. OK. Yeah. Right, well, they refer to the CMP, right, which is there. Yeah, consent management. What is this showing? Yeah, consent management provider, content management provider. Yeah, it's like that. It's consent, isn't it? It's consent management provider. Yeah. Is that another group? Is that what we're saying? That's it. Yeah. Well, so under the IABE, they've got vendor publisher, right? They have advertiser publisher. Oh, they actually have advertiser publisher. So then we take away their controllers? No, no, no, no. No, what I'm suggesting is that in the, what are the worlds here is the IABE world. And then there's also the outside of the IABE world, in terms of data, COVID, data subjects, data processors. So in the IABE section there, there's the vendor. And they're selling ads. Or, sorry, they're, yeah. They have the inventory of ads. There's the publisher who owns the website with spaces to put ads. And vendor. Yeah, vendor. And then there's the consent management, consent manager provider, CMP. And they own the user interface. So do the rotors exist in your vernacular? The data rotors exist in this IABE vernacular. I don't think they do. No, they don't. Vendors, right? No, no, the vendor is the, you know, the quad manufacturer, whatever, the Walmart. No, no, the vendor owns the inventory of ads. Right, right. Vendor means a third party that a website operator is using in connection with surfacing content with end users that either accesses an end user's device or browser and or collects or receives personal data of a website operator's end users. So. Vendor is that tech, basically. And the publisher is generally the website operator. So can I remove data rotors because they're called vendors? Or is data broker just a non IABE category? Right. Oh, OK. So axiom is not an IABE category. Axiom would be a vendor. No, axiom doesn't own any ad inventory. Axiom owns, takes, transmits, and collects data. They don't own any ad inventory. They don't have to. What they do is provide data. So does this? I'm not answering my question. So it's the second category. So it's either, well, they add data broker to the vendor categories, slash, owns ad inventory, slash data broker. Sure. And then now can I take away data brokers at the next level? Yeah. OK. And then civil society is slash the data protection authority What do you call the DPE in DPR? Who's the people who make the rules? That's the DPA. DPA, right? Well, the rule is the EU. No, the EU. But each country has. It's an information. Oh, yeah. Yeah. To the IOC. What's the data protection authority? Data protection authority. Authority sounds familiar. Yeah. It's the DPA. So civil society slash DPA has to benefit. Well, you know, there's the concept of a data processor beside the data controller which is outside of advertising. But I don't see that the data processor enters into this at all. Well, to some of the benefit would be GDPR compliance, right, to the data processing. Or like, I feel like it's relevant. That's a good point, DPA. That's a good point. I mean, would you put it on there and take it out? No, no, the data processor might see a reduced cost. You're right. It's a data processor. Yep. Even if they have no decision or business. They're out with the operational. The operational. And introduce them to both companies. Well, yeah. Cost and risk. Same thing applies to data controllers. You can just copy these things. What are the ports that make it easier for them? Well, that's the civil society. The civil society. I don't just call it peace of mind. For the subject? Yeah. Yeah, eyes in the back of their head. They don't have to guess. Yeah, I'm just. And this would take down this like consent wall, right? So that's. That's what we're hoping. Yeah. Yes. Is the IED in Burma? Sam is still hacking. Yeah, I'm waiting for him to get me a list of the other kinds of data that's passed a lot of time. Well, that's the science, right? No, it's not. Oh, yeah, I mean, if I sit through that, yeah. So that's for the publisher, right? Oh, oh, all right. Because you're using it. Facilitize and improve user experience. Yeah. So that's not possible. The same thing for the data subject. Yeah. So the data controllers and the, like per GDPR definition are the same as the publishers per IBE definition. Is that right? Not necessarily. What's the distinction? Let me find the IED version of that one. That's the IED version. No, that's a GDPR word. Yeah, no, I'm just wondering if there's any. Again, pointing out a lot of things. Yeah. Sorry, actually, publishers are controllers. They are. Because they collect personal information. Oh, yeah, but that's how publishers do it. So just the GDPR say that the one collecting information can be the controller, like the publisher's controller, even though the processor is usually the third party. The processor is acting under instructions of the controller. OK. They can be the same. Right. So like Google is simultaneously publisher and controller. In some cases. Yes. OK. And they may be acting just as the processor for some other website. No, but the data subjects are like the individuals who use those sites. Whereas they're put into control. But per, if we're trying to stick to the language of GDPR, which I don't know if we need to. But then it's confusing. Yeah, because the data controller is the person who's responsible for how something gets published. And if you have a complaint, the person that you go back to. So you, as an individual, would want to be able to get in touch with the data controller to say how you're using my data, even though you want to maintain personal control over how they then implement control. So the data controller has the terms and privacy policy and gives notice about the purposes for which the personal data is collected. That's what rule they play. And data is liable in the end, right? This like 20 million, whatever, fine, would be levied against the controller. They are in the line of fire for liability. Yes, the data processor follows the contractual agreement they have with the controller. They're liable, too, if they break that agreement. But they don't have to get consent of the user. They have to follow the consent instructions of the controller gathered. Who has to follow the GDPR? And thus it kind of trickles down the value chain, ideally. Yeah, if the processor goes outside of the contract, they get into trouble. If the controller collects consent and then doesn't perform the actions according to the notice and consent, then they get into trouble. And third party has a special meaning in GDPR. It's a processor or controller that is not within the EU. Because if they were in the EU, they would be a controller or a processor. I mean, a big benefit to the data controllers here is the outsourcing of policy, right? What would it be, Andrew? You said that rather than them having to say, this is what you need to do, being able to say, this is what the user wants us to do, it's kind of like, it could be the best of all worlds if somehow they were in agreement, but that's what they wanted to accomplish with the information. So just looking at the benefits here, it can simplify the data controller task. I mean, that's the reason why you've got this reduced operational cost, because it just can simplify things at the end of the day. Well, a benefit for the data controller, OK, assuming that our answer is better than what the data controllers already have, then the notice and consent interaction with the data subjects is better aligned with the values of the data subject. Right. So that will per se a benefit to the controller? Isn't that a benefit to the data subject that their interests are aligned with the interests of the control? I mean, maybe I'm being nitpicky. Not interest values. So if the data controller can figure out a way to express what they want to do in a way that is palatable to the data subject representing the values and interests, then they have less friction in onboarding people. So it's potentially less friction. Right. And the onboarding is a useful representation of the value of that. So reduced friction and then I would say EG onboarding. It reduces the incentive of the data subject to install an ad blocker. Yeah, I mean, since that's very IAB-specific, I would add that by itself. As a separate point? Yeah, reduces the interest for ad blocking, if that's what they don't want. Or this one last time. I am, yeah. Yeah, yeah, yeah, so I've still got the other hangout open here. Yeah, OK, so come back to the other hangout. Yeah, if you want to talk to the room, my speakers are kind of crap. So do you have the other hangout? It's the original one. The original one. Thank you. Yeah. I think so. That's sad. Sad. Santa's probably still watching me. I'm just looking to ask this. I know Jonathan has been designed. Hi, Jonathan. If you're, he's actually, he's our viewer on the video. No, he's watching on that YouTube-olding one. Yeah, it's Sam's. Sam's here. I made it. You made it. There he is. Welcome back, Sam. Thank you. So I built a thing. It's light, but it's a Chrome extension that demonstrates setting a cookie on a domain you specify. So we could take this with some additional packaging of the details around which cookie we want to set and the domain we want to set and make it happen pretty easy. So it's not done, but it's a start. Can we, is that a thing that we can look at now, or is it just something that exists in the world that we can work with? Well, it's on GitHub, and I can visually show you how it works, but it's really boring. It's just a button that says set cookie, and then it's the code that actually sets the cookie, just as a demonstration. I'm just setting it on Google.com right now, just as a test, because we haven't got to the point where the other pieces exist yet. So we need to put the GitHub link into the, into this document that we're creating then, to hack and beat the document, right? Yes, I'll go get it. Let me, let me go. You've got like 90,000 tabs open. Yeah, that's about it. The rest of the room, that's too. You have to have so many that you can't read any of them. Then you close the Bible and state it's all the same. Then you open new windows for dedicated kind of topics. Yeah. Here it is. Okay, so I'm trying to open an Adobe product. You can try this product for 32,767 days. So start the trial. It says buy now. I know that rather, I have a license for this. That's a Maculite C6. 37,000 days. I'm making a little bit of a license for that. I'm making a little bit of a license for that. Okay, I added it to the bottom of the hack, the cookie section on the markdown page. I reached the spot places. Yeah, this guy, right? So it's not much, but it's the basic mechanism that can be loaded as an unpacked extension easily into anyone's browser. And then it has a browser icon. So it shows up with the icon on the right. When you click it, you just get a window that says set cookie. The details here is that I wanted to verify the mechanics of setting a cookie on any site. And it's in place. So with a little bit of logic to create the cookie, the IAB cookie, that we wanted to, the mechanism exists to get it there. Obvious improvements, like auto renewing the cookie, et cetera, would be useful, but now there's something to start from. Cool. And then where did our UI person go? She's gone now. Yeah, they left, right? Mm-hmm. So, Sharer, did you do UI? I tried to run it, right? I mean, let me see. You're trying to run it right now? Yeah, I just stopped that one a little bit. I'm not expert at Chrome, so I think I'd better have a look. That's exciting. I'll go to Chrome here. If it's for Chrome, Sam, will it work on Brave? I've not tried to use extensions in Brave, so I don't know. I don't know what they've done to the mechanism. It's based on Chromium, but I don't know if they support all the pieces necessary to make that work. Yeah, probably not. Now, if Brave wanted to do this, it would not be that hard to add to Brave, but. Yeah. Hey, was there anyone in the room that was trying to install the extension? I can give a couple hints if you need anything. Yeah, I'm working on that. There's a lot of tapping in the room. If you download the extension to just a folder, you can check it out, then the rest happens in Chrome. You have to... Yes, already loaded from and what's next? I can show you how to both hit the button, which is very anti-climatic, and how to go check that the code, he actually got set. Okay, I think I already installed, and then how to use it? So there's an icon, the icon for it is a blue tag with a human shape out of it. This should be... Oh, did you already install it as an unpacked extension? Yeah, it called Consent Cookie Manager. Okay, so up in the upper right-hand corner where you have browser, your plugins, there should be one that says Consent Cookie Manager on a hover, it's a blue tag with the human shape. Yeah, I did. So if you click on that, you should be able to click the Set Cookie button and nothing will happen. Nothing will happen, yes, nothing happened. Okay, now go, now open a new tab and go to www.google.com. And then if you click on the Secure thing, it'll pop up with the Chrome dialog that says, your connection is secure. Down in that list, there's a cookies, and then we'll open up the cookies that are relevant. You can expand www.google.com and then cookies and you'll see a test cookie with a test value. So fast. I'll open new tab now, I'm in Google. I need a tab, okay. Yeah, so... www.google.com. Then I click the blue icon again, right? Yeah, well, you click the Secure thing up at the left-hand side of the URL in the Chrome. Oh, okay, okay, okay, okay. And then cookies. And it should say Secure on the card. They're on here. And the cookies are on this Chrome extension. Yes, and click that. Or someone's going to return it to you. Yeah, okay. Yeah, so what are you looking at? Secure or cookies? Yeah. Yes, and then? Click, then. Yeah, so did you already click cookies? Not yet, no, click on cookies, click on 24 years. Okay, yeah. And then in that list, you're going to find www.google.com. Yes. And then expand that, and then expand cookies underneath it. And you'll see a cookie whose name is Test Cookie, and if you click on it, you'll see the stuff down below. It's Test Cookie and Test Value, and it expires in a year. Yes. That's the cookie that pressing the other button put there. Right, and so. So as a demonstration, this could be any site that we intentionally wanted to stick it on, and the value can be anything, and the name can be anything. I just used Test Values to test the mechanics of actually setting it. Okay. Okay, can you? So that's super-infect climactic, but it shows that the functional piece of the Chrome extension already works as long as we just need to find out to work on the format of the cookie that needs to get saved, and which domains to save it on, and then we can plug it into this code, and then we have a Chrome extension that plants GDPR cookies. Right now, it just plants that Test Cookie. So basically, we prove that we can get something that we could further leverage and as an extension in Chrome at this point. That's correct. So we've proved that the payload delivery mechanism, I sound like I'm trying to design a secret op here, we've proved the payload delivery mechanism, and the payload then is the GDPR cookie that we craft according to whatever makes sense, and then we can deploy that on any browser or any, as a cookie on any domains that we want to, to sort of to a subvert or take user control of that process. I don't know, Sam, I can see you two guys are left. So Sam, effectively, if we could pull in something like we have that policy there, that would just work right out of bounds. Not necessarily. We have to craft the cookie according to the same way that the cookie was designed to be crafted by the IAB. So we have to pack it up the same way that they want it packed in order for them, their system, to be able to make sense of it. But we have that format, right? Right. We have that whole part. Yes, they've published the whole thing. We just need to go through and put the work into, there's some timestamps, and they sort of fill the whole thing out in binary, and then base 64 and code the thing. So the code, the work needs to be done in JavaScript so that it's pluggable here. The work needs to be done in JavaScript to assemble the right values into the cookie. And then we also additionally need to know which domains it needs to be placed on, and that's not super clear in their document. But we verified the delivery mechanism is functional. And I've got that on GitHub. So the user has to click a button, the blue button. No, no, no. Just demonstration. We could make it automatically apply that as soon as like every time the browser opens, it can update and refresh their cookies. I just had to put it somewhere for testing. So are we trying to give the user the ability to kind of modulate how much tracking is going on, or is this a static kind of no nothing at all extension and it blocks everything? Because ad block is kind of anemic, right? We can set how much we want to block and like there's these like sliders and stuff. Depends on what you want. I suspect that we'll want a recommended default that the user can modify. Yeah. So it's Andrew. Just, I'm looking at some of the sample videos and webinars on the IAB site. It could just be that we, like the, what's that table in the document? So the IAB version of purpose and then regular English version. So IAB says personalization. Well, why don't we just tell the user, if you don't want to be tracked, click here. They say personalization, we mean tracking, or they say personalization, they mean tracking. And maybe that's the simplest way. So, because if you look at the CMP interfaces that they've got samples of, the Consent Management Provider interfaces, they're nasty and complex because potentially they could list every single vendor that's registered with IAB potentially. But the confusing part about what the purposes are is that when they say add selection, deliver and reporting, what exactly is that? Is that delivering me ads based on your profile of me or what? So maybe we just clarify that language for the users and have that set the cookies. All right, so I brought that text back up. So basically what we're then trying to say is take what customer comments does and make that acceptable, actionable in the cookie. Well, ask the user for the consent for the various purposes just like the IAB does, but explain that personalization means profile tracking based on wherever you are. So, Andrew, from the user's perspective, there's a couple of different features. One of them is this site can maintain a shopping cart for me, right? Yeah. Another one is advertisers can serve me personalized ads. Those are two separate things that the language seems to cover both of. Did you get any sense of like what is allowed for shopping cart maintenance? We'd have to. Shopping cart stuff is all first party. And what we're trying to show up here is the third party stuff. So, let me rewind it and tell you what I think I heard here, but I'm not sure, which is it. For Andrew first, is that within the IAB's description of what a consent management provider consent? Yeah. Okay. CSA. A consent management provider could provide is exactly what we're asking for. And it's this obligating what we're trying to do here in one way, which is where we make the first move. All right. We're trying to change what the way that the CMP currently interacts. Yeah. So, go ahead Andrew, sorry. So, correct. The CMP is the provider that provides the user interface to the user to say these are the purposes for collecting your data. What do you consent to? And that could be by vendor or could be global. What I'm suggesting is the CMPs that work with IAB now use the language of IAB, which is unintelligible to regular people, right? So, when IAB says personalization, what is that actually? All right. Yeah. Maybe that's, so from a user interface side, we could say, you know, you could set your global settings to be, you know, turn off this feature called matched data to offline sources. Right. Is that correct? Yeah. Andrew, this is what earlier on I said that these are two separable settings. One of them is the setting that defines the language. You use tracking when instead of personalization, the other one is the one that inherits the settings of the various switches from customer comments, regardless of how they're labeled. And what I was saying is that those agency means that those two could be inherited from two different places relative to the UI or relative to the process. If there's no particular reason to merge those by design, we may want to strategically, you know, again, I'm not trying to sort out what the customer comment strategy ought to be, but technically they're two separable things. Yeah. So I guess what I'm trying to say in my unclear way is, so the user is presented with a screen with a bunch of sliders and switches and stuff on it. Users are either gonna say, go away screen, just give me the default will be, which is situation normal, right? Track me everywhere. The customer comments default. What I'm saying is that default is named. Hold on, hold on. So on day one, GPR day one, everyone in Europe is gonna get a screen saying, what are your preferences? What do you consent to? 90% of the people will say, okay, right? Without reading it, because it's a lot of switches and stuff. And the other, no, sorry. 30% will say, okay, whatever. 30% will say, turn everything off. I don't wanna do it. And they're probably running out block anyways. So what I'm suggesting is that if we're running a CMP equivalent, because that's kind of what we're talking about, we just got better explanations about what their choices are. How does that fit into the waterfall? So let me ask a technical question, but it's really a definition of everyone. I don't know. Can any, I'm assuming anybody could be a CMP, but I guess the publisher has to hire one, right? Or more than one. And a CMP is sort of like a whole new third party of a sort that hasn't been in the world before. But the ID lists a bunch of them. Do they list a bunch of them? I don't know. So the CMPs register with IABs so they get put into the correct domain DNS structure so they can read these third party cookies. Okay. They're responsible for the user interface to collect consent and for writing the first version of the cookie, which is then Daisy Chames. Are, but okay, so, but there's a third party that a publisher would bring in to do that, wouldn't they? Yeah, the publisher would choose a CMP to use. Publishers could do it themselves, right? They could be their own CMP provide the screen or they could go to this predefined list of right now about seven or eight that have a CMP service, which basically displays a thing to the user, right? Okay, so two questions. One is, could anybody here, without a lot of trouble, stand up to CMP? It isn't hard to stand up because all it's doing is saying something simple. It's showing you the things on that table. The purpose is to be there. The defaults are the customer comments column. Today they do the defaults of the IAVE set. Right, yeah, but I'm saying originally that's what we're assuming that an IAVE compliant CMP was gonna do, but if we're, so I'm going in two directions at once here, mostly trying to understand what your Andrew's going on, but one is, if we were to stand up a CMP that was simple, in other words, it might be easy to stand up because all it does is say, do what customer comment says. And the publishers that want to be fully GDPR compliant would say, we're doing this, we're gonna use this CMP, and our work is done. We hired a third party that is entirely friendly to the customer. That's one, I know Andrew's shaking his head, but I'm sorry. No, no, no, that's branch number one. Okay, I agree with you, yeah. But the other one is, we do another way we go is we turn off all third parties and that includes the... No, that's not what I was gonna say. Okay. Branch number one is the one you just said. Okay. Branch number two is we let the publishers pick from the approved list of CMPs. We don't mess with that, we don't join that list, but we only screw with the interface. And so I wasn't shaking my head because I disagreed with you. I was shaking my head because I think we're at the point where we wanna be clear about whether we're going to the right or the left at this point. So explain the one you just did again. So one way to do it is to simply say what you just said is customer comments becomes listed as a CMP and some publishers choose to use customers. That's the other one you just said. The other one is we don't list customer comments as a CMP, but we figure out a way so that if you go to say the customer comments website or if Joyce emails you a link and says, listen, you should really click this link, trust me. What ends up happening is when they click that button, the view we in effect hijack the UI of the CMP, whatever the publisher chose, and we make it be the UI that is rendered by customer comments. I'm not funny, so. So Adrian, you should look at the demo screens in that IAB published, the CMP demos, because I agree with you that's one way to do it, we can do it, but the CMPs that exist today and have the products today, their user interfaces is probably too complex to subvert in that way. There is a third way, right? The third way is we go to each of the CMPs and say, hey, instead of calling it whatever, personalization, why don't you use this description of what personalization is, so that people actually understand it, right? And see if they'll change the text on their UI. Yeah, that's a good job. Why work with them, I'm not sure. Since we have a Chrome extension, I should bring up, it's possible to modify content on pages. So if we have the URLs that actually show those things, we could shrink the text on theirs and insert our own with a little tag that indicates it's coming from customer commons, that indicates what it actually means. So that's more work than simply planting a cookie to be able to customize their faces in a place that we can't do that. This is just the human, right? And this is what it looks like. We're gonna translate from advertising. Don't laugh, my friend actually owns the patent, sold it to Intellectual Ventures, where the ISP takes the ad and switches it for their ad. And yes. The ISP. Oh, yeah, this is. Well, whoever the channel is, he actually patented and sold it to Intellectual Ventures. This is actually one of the things the brain wanted to do in the first place, which is we're just walking all the ads and you can buy space in those spaces through us. They got out of that and they went to St. Ellsworth. That's been thought of. But, Sam, to go back to what you're saying, so we understand it completely, we take, so a site is right now by the IAB, ease way of looking at it. They're hiring these AD2CMPs to put up a gauntlet wall and we rewrite the gauntlet wall. We redirect. We redirect the gauntlet wall. We could do both or either, depending on your terminology. We could do both or either. I hope we're ready to send this down somewhere. But that, those are the choice. I can't get to there. Okay, so it's up on our wall here, just so you guys, I think you guys are looking at people and are looking at the screen. Yeah, yeah, I'm gonna turn it again. No, he's looking at the dock right now. Okay. So if you had at the dock. Yeah, there's the dock up there. So you're pretty quick. We're not editing at there, we're editing at the site. Yeah, so I'm, if I'm editing, but it's hard to kind of keep track of everything, then it's somewhere in here. Okay. So I was gonna add this as an idea, but maybe it's. Sure, we can always move it. Yeah, go ahead. So we said we have two distinct possibilities. Yeah, two approaches. Oh, no, actually, yeah, two approaches, one approach. Oh, yeah, customer, number one is customer comments gets listed as a, as a CMP. With user friendly. Whatever, whatever, customer comments gets listed as a CMP. CMP, period. Okay, by the way. Or any vendor to choose. We'll figure it out, okay. And option two is customer comments becomes a proxy onto the CMP's user interface. Approximately four customer comments becomes a name proxy for the CMPs you are in. A name proxy for the CMPs you are in. And that's because we have Sam's extension. Right. Whatever. Or Sam's Chrome button, whatever it is. Yes. Yeah. Okay. Or Sam's Chrome button, whatever it is. Yeah. Somebody pushes the button, you know, Joyce pushes the button on the email you sent her and magically. So I'm missing it with the, how the email works today. I don't want to have to do this. So. Well, you're going to have to be notified to install this extension somehow. Well, you downloaded from the, from the extension. From the store. Yeah, from the store. Yeah, because somebody told you to do it. Yeah. And that's why you say you're all starts That's also, that's also so the intention behind the lying, the lying groups like DFF. Yeah. Yeah. So that'd be the marketing challenge. Yeah. Yeah. Somebody trust, that's why I said it was good. So when you have DFF and some other friends just to say it, tweet, go to the, go to Kessler Power to go to the promo store or Buleth. And they can link it to each other. There's a link there. Yeah. Okay. It's Andrew. What's that? One sec. I got it. So could we not call it a name proxy? Cause I don't know what that is. Why don't we just say customer commons hijacks to see the, the CMPs? Cause that's what we're. I don't have a problem with hijack actually. And it's CMP, not CPM. CMPs. The CMPs you want. So do any of us have a sense of whether or not, I guess if there are any some companies that have said they're a CMP, that's probably how many are signed out of your IAB or are part of this. There's about eight right now. There's hundreds of vendors but there's only about eight CMPs. So the vendors go with the CMPs? They're in the same category and you have to look through that best if you're out of each one to see it. And the CMP search, what's happened is some of the ad tech, I don't know what they are, but they've added on CMP functionality. So if you already use them for something, they are offering CMP functions. One aspect that I keep thinking about is we have this like requirement for clear, plain language in the EPR. And I feel like what we're doing is just that great. And then there's this other aspect of certification. And they don't define like how you become certified. But in an ideal world, we could say that these are the definitions and to be certified, you have to use these definitions, right? And this is kind of outside of... To be certified by... No, to be certified as under whatever GDPR defines and they leave it open like they say, like you could have to use certifications, but we don't define how you would form these certifications and it would be up to EU member states and it's this whole like terrible. But essentially, like if you founded something that said like we propose a standard and then convinced individual member states, I think that would be the level to say, yes, we accept the standard. And if you want to be in compliance with GDPR, then you have to use this standard. I mean, this would be like so very optimistic. But just to put it terribly here, let's imagine that customer comments is actually funded and not comprised of three-fifths out of the people that are on this call. We should let this right out to you. I think it was six, whatever. So half of us are here. But we're seeking funding, we get funding. And then there may be a main job of customer comments is to go to these member states and do this kind of thing. Like offer certification process. Yeah, like we could offer certification process. And it can go, We talked about this like where the UL labs and something. It could go very far, right? So it could be a revenue stream because the people that are hearing it, the publishers don't want to pay for that. This is something I've heard before. Wait, let's put this in the file as that list. Import money. I don't know, I purpose to be there. But EU member state money. Okay, they're paying for service with money. Okay, all right, that's good. So this certification path while it's a good one is a long, long, long road. Yeah, certification, you know. Okay, yeah. If you, I mean, if you want, if you want direct experience from organizations, an organization that's doing that right now, similar to that, Jaon. So the research and education group, they're writing a code of conduct for themselves, which they are hoping to get approved. I work in party 29 equivalent or whatever they become after a GPR day, but it's taken them two years to write it. Okay, all right. And that's for effectively a trade association of universities and research and education facilities. So they have an extremely common interest and it's taken them two years. And that's not even certification. That's just a trade body agreeing on what they should do. I was gonna say, it's really not, we really want a certification like from anybody what we want is a trade association and it's a trade association of customers kind of thing. So that's what we have now, yeah. Yeah, I like that it's true. It's so hard for us. But it feels like this would be like a question of networking, right? If you found the right people in Estonia and all the other EU states to just say like, yeah, this sounds like a reasonable thing to do. We're gonna work with you guys. We would be a member state lobbying organization. Yeah. That's what it sounds like. Yeah. That's nothing wrong with that. We would work with these advisories, is that what they're called? So each member state has to define like a advisory. Is that what they're called? I don't think it's called authority. Authority, yeah. Authority is a different A word. And so we would be presumably working with these authorities. Yeah, they exist there. That's easy to get to those people. Yeah. And also it's like the enforcers. What? They're both said something. Agent first. The authorities are the enforcers. They're the police. We don't necessarily, that if we wanted to cast this in terms of the authorities, then what would it be is the definition of the safe harbor for the people who would. So whether we're providing a certification service for money or not, the role that we would be placed is effectively a safe harbor for those people that decide to ascribe to our principles. Now they don't have to pay us to do that because our principles are not gonna be secret. So it's not necessary. So I thought about it because patient privacy is exactly the kind of position for trust and promise. Yeah, it's one way or the other is what I'm saying. But it's also, so the down-nose, you need one. So you get Nation of France, catalogs where you get Estonia. Once you're able to do one. But I'm saying it's one way or the other. They say you can't do it. No, I didn't say you can't do it. I'm saying it's A or B. One? Yeah, you just said you can't. You can either be a certification and pay a charge for that or you can be just an association with volunteer. Volunteer, water, actually. We might have to charge for, we might be able to charge for that too, but you're not charging the individual. You see what I'm saying? In other words, we might be able to be sponsored to be a nonprofit-like entity that provides a service to the world. It's just that we're not charging the individual vendors to certify that. But nothing's stopping us from spinning out the certification process. It doesn't have to be directly done through customer companies, right? It could be a separate entity. The thing that stops us is the conflict of interest issue because consumer reports, consumer union works because the first thing they say is we do not accept money from any individual vendor. We don't either. I mean, we do have a CPR at this point, but every time we look at selling something, we run into this thing which will no longer consume any reports. What if we accepted money not from the vendors but from the authority? Essentially saying we will give you a framework within which you can do your business. Because they, I assume they don't know what to do. What's being proposed by the Trump administration, HHS for under something called TEPFGR, and it's called, they call it an RCE. We recognize coordinating entities. So HHS goes and assigns a sole source contract with somebody. They outsource it to us, essentially, right? The authority like, how does this happen? You would have to be, when you get governments to do this, you have to be of a certain height. You have to be above the side to ride this, to ride this ride. And customer comments. This is not about that. This is also our group to be about that. So, sorry I had to step away, but where were we at, everybody? Ooh, ooh, ooh. Ooh, ooh, ooh. No, no, no. Cookies built. There's something we want to, that's why I like to hear. I knew you liked it. Well, there were two weeks before I left. I think they had to run the daily race. Work, go. Really great. Is that someone talking? Okay. So, working through this, if there's any way I can help on both sides. Why don't we make a one next event? Yeah. We have everybody's email address. Yeah. In the event. In the event. We probably don't. So, Demetri has told me that someone's interested in doing a GDPR event and in about a month. And it just so happens I have this space there and all out there for the entire day of May 24th, the day before sunrise for GDPR, on the assumption that everybody would be in a frothy lather that day. And sure enough, Demetri, who was it that you said? So, it was my data movement. The European My Data. Yeah, we know you. Yogi. Yeah. Yogi, exactly. So, our company are highly encouraging US-based hubs. One for us to start with Boston. And specifically for US-based hubs to hold some sort of event at the GDPR sunrise. Yeah. So, definitely if anybody can make it to Boston. I looked to an excellent host and organizer to actually send out the invites. The dozen knows it's a couple of years ago. With pure coincidence, sunrise day is also just my anniversary. Oh! Oh! I will be in the UK on a way to Iceland. I'll see you in Iceland. I'll see you in Iceland. I'll see you in Iceland. I'll be in the UK. I will. Mark, sorry. I'll see you in the UK. So, is there something that came out of today that is a little imperfected and ready for deployment? Well, we've already got a cookie sitting in a chrome browser. It'll push on some. You get me. Let's bring it up on here. You didn't know which one to reach for it. Is it something that could be tested and perfected in this span of a month? So, you can just push it out with a fan. Well, I don't know if it's easier for me to... It's fine. Yeah. Okay. Yeah, I think it's the third tab from the right at the top. This doesn't. Can't wait for that. We're going to sort it out. No, keep all the way to the top. My teeth are clean. It's good to cook. Oh, I see what you're saying. Okay. No, that's not. Yeah. But I don't know how to demonstrate this. It's a pretty sketchy sketch. So we have this. Which is something Sam packed quickly. And that shows that we can... How's it work? It's a Chrome browser extension, which allows us to hijack other people's... Potentially allows us to hijack other people's consent interfaces. Interesting. So we can liberally hijack the IAV consent interface substitute the customer comments. Instead of being presented with do you consent to personalization? Who would say do you consent to being tracked? Amazing. And then how would that... How does this work with those specifications that we were looking at earlier? It's hijacking. It's literally... We're figuring out how to... We're using the structure that's changing their... I keep calling it policies, but they're really called... Purposes for their features. Yeah, so we have this table. So we're taking that framework, we're replacing their purposes with ones that are customer commons, user, customer-focused. I see all their purposes, Gaza, are add, add, add, nothing about the user. So what we're going to do is we're going to hijack the add centric language and make the user centric as a customer comments service. Thanks for explaining the things we're showing. So it seems to me like one thing that might be useful would be to get Elizabeth and keep you in the mix and some other lawyer types and maybe do like a deep scrub of GDPR. Yeah, it's more common. Even... I see it, but I also... But it's still out. Very good. Now that you've done the hard work of making it fit to something, maybe we could refine it so that it's completely lethal. Well, we also started... Like we started a dialogue relatively recently about one aspect that's mentioned GDPR, which is a certification, right? Yeah. Whether we could fit into that somehow. To say, for example, that we propose a certain language because they want this plain clear language. We propose a certain language and the individual authorities would have the ability to say that this is the language you need to use, everyone. And they are the certifiers of your language when it comes to this process. Yes, so then you could be... There could be a trust service provider that qualified under the certification regime and that would, in effect, give a... Almost like a safe harbor for those that used it for compliance. So there are things called consent management platforms within the IAB structure. One of the things we're looking at and towing around with is, let's make a CMP that is user... That is customer friendly, customer service to address it. Why would I take a point? Mark Lazar... It came up with some great stuff earlier. These really aren't consent receipts. We are hijacking IAB's work. We're trying to co-opt it. That wasn't the initial intent when we were talking about the technology. And also, this is sort of a carrot stick. Hey, IAB worked with us. We have working code. When we're a few, Joe, we give you the little finger and we can give this away to the world anyway. What about the guy who was at IAW who was from IAB or from OBE? Yeah. Yeah, he was actually... Brendan? No. Oh, George Fletcher? No. No, the guy that stood up and showed us the documentation on the IAW, you know, Wendell. Oh, Wendell. Wendell. I'll see you at Wendell. Wendell, okay, so Wendell, I don't know. I don't know. Wendell has an IAW's post to get together to do some hacking of War of Open Source components. I mean, the word hijacking is good, but I mean, there's a very quicky, like, a loving distinction. How about redirect? No, no, it's an alternative explanation. Clarify. Clarify. But it is an alternative, you know, because we're taking these terms and, you know, putting them in a user-understandable form. And it gives them an ethical alternative to what's existing right now. And this might be something that we go, yeah, we would like this, just now. Makes that look better. But Mark, I'm sorry, it was all made a great point about, it's really as if you can set. So there's, this is an A, a solution probably of a couple. Yeah. This is something we could put up really quickly, but there might be something else we could do as well as it should have. Yeah, there's something we don't understand here that we need to understand that if there are eight of these, then they must be in a position to differentiate themselves somehow. Otherwise, it would be like, you know, the clearing houses for banks. There's only one, maybe two for a backup because they're undifferentiated relative to the value chain. So, unless we know what the basis of differentiation is that makes their behavior instead of two, we can't really answer this. Because one of the things that we came up with was, what if this was an EFF version and there was a Mozilla version. And then we also started on some, why don't we just have a consortium like Let's Encrypt, which is the CMP that's doing, so there are a bunch of ways that we do play. That's really good. So here's a question, how do we test it? How do we test the cookie? Could I set up something that was like, represented the Linux journal, which is Drupal, I think, right? Yes. Like what would I have to do on the cert? When I say I, I mean to you. Is this a good question? Because that's why you have to leave. You're almost down now, it's fine, it's fine. Now, does the GPR sites, do they have some sort of test frameworks, right? Like they surely have to, or do they have any chance? I'll tell you what, the truth is not, I believe the answer is no right now, because I've kept a reach out to European people about asking if we hacked for the May 24th, a bunch of open source components that were like a linear extrapolation. Reference of limitations, like what would we be tracking to your side, well, that's all to follow. To follow? Is that what you heard too? Yeah, I mean, it all seems undefined, right? Yeah. Nobody knows what's going on. It's much a lawmaker, it's not technical. Well, without the beauty of it, that we could step in and get that. That's exactly what I'm talking about. Is it an email? Registered safety. Yeah, we want to know. So those are the... Yeah, that's itself. Oh, we don't know if any of these comply with the GDPR. No, but those are the ones that they're registering. But those are, yeah. So you've got folks like SourcePoint, podcast, others who are in the business. The folks are told. It's not necessarily on the user side. Yeah, it is. They know there's going to be something like this to be certified under the... Sure, I could type this. I really think that's what it is for. Just kind of, just kind of, just kind of, just kind of, I want to be yours. I think this is, so maybe some work work for between now and the 24th could be number one, setting up a server that could, you know, interact with the cookies. And number two, we could be legally going through and doing a deep scrub. I don't know if you... Doing a deep scrub of GDPR to cross reference and hone the phrasing in the GDPR column. So that was, you know, more legit. And then, and then the other thing might be looking at certification regimes. So the trust service providers and the certification and the GDPR, and then maybe voluntary schemes like in the U.S., Sal's been a leader in IDSG for a long time. They actually have a certification registry for privacy preserving, identification, registration. And he's saying that they could extend that potentially for this, that's going to get the tower thing, I think. Maybe there's other certification issues as well. Yeah, I thought so. And then that starts to look like an adoption path to me. So that if someone was a company that wanted to differentiate themselves, for example, that they would have an idea of like how many, what kind of staff and how many days of effort might it take with what organizations to sort of deploy something, get certified and then be able to tout it in a press. That's one of the parallels to working with the IAB Europe's code. We've already done it. I'm asking you to adopt a new platform, a new regime. We're using your IAB and just making it more customer. And then that was where some of it went was also trying to be a small and fast weekend. Yeah. And like, wait, yes, we can do it on a blockchain not the next six months. So we were like, focus on it. A great thing about this is that we can go to the EU people, we have the names of some of the people who wrote the GPR and all that, we haven't contacted them yet. We're going to them with this and say, hey, look, we've interpreted, we've taken what you've said and interpreted it in this other column, we just put it in there. Right? Yeah. If we go down to the level of members. This is what you wanted, right? And I'm sure that some of you friends in Germany are different, but I feel like Poland or something. They must be terrified of this, right? Like they probably don't have the staff or the money or the infrastructure or whatever to really deal with this. And if you came in, coming from a reliable background, IE, MIT, Harvard, et cetera, it looked like, you know, we got a bunch of bright people to interpret this for you. Read it. This is our suggestion. And then you could go back and forth. And I feel like someone said like, once one member states that this works for us, then you get the ball rolling. So that's why it's good that Yogi and Mike are coming in. They haven't even get the my data. Well, my data, well, that would kick it so hard to pick that one. Right, so it's in that sheet now. Those are the registered same case. We have to go to my data, I think. OK, is there a link to the GitHub repo somewhere? Yeah, not on this sheet, but yes, in the baseline job. The sheet is linked to, though, in the baseline job. The base is the baseline that's what you said, the hack and dee? The hack and dee. So the fact, though. OK, so what I'm doing for my little part here is I've made an HTML output of your shared Google doc. I'll put it in the event registry, in the event repo, rather. And then if there's no objection, I'll go to the repo where you hacked the cookie and fork it into the media lab, I guess, also. So we can kind of have two repos that somehow make sense and could be iterated. And is it Sam, Telegram Sam, who's made the GitHub repo? Yeah. You could have said that he sort of wants to. Oh, yeah. I was going to ask if you could have said that he sort of like, I want to develop in this repo, and this is important. No, I guess it's a start. OK. It's a start, but you can put it somewhere else there. I think it'll just fork into the media lab as opposed to doing a bunch of full requests into this thing. Ask him, maybe he would want to just enter. Right. Oh, hey, Sam, can you hear us? I may have dropped. Oh, I think we do have to hit the button again? No, no. But if I just try. And now I know. But when you hit, I want to hit this door here. No, no, no, don't do anything. It's fine. Here, I heard a click. They're there. Sam, we are calling you. Is there a question of volume? No. Sam's there, but he's un-mute. There he is. Oh, Sam. This is making tea. Yeah, Sam's un-mute. Making sandwiches. Mark's un-mute, and Mary's un-mute, but I'm un-mute. Everybody here should be un-mute because we have a microphone. Everyone here's un-mute. I think we would all be un-mute. Otherwise, we'd need feedback. Yeah, that's exactly right. That's because the feedback is here. To this, we have that. We have the repo. Is there any? Are we good? OK, we should say thank you and goodbye to the nature. And thank you to everyone who's un-mute. Really, really, I hope to see as many of you as I can at the GDR, taking me to the 4th. Yes. CCL's 4th coming. I'm really happy to be able to speak to you, too. Thank you. 2, OK. I'm going to do a target, and I'll borrow it. Oh, sure, please. Yeah, go for it. She's very attractive. I'm going to try to do it. Bureau 2, don't fork this to me. So fork this. It is a world-changing ship. Fork. Well, trust me, it's so common to have you be kind of a target. Obviously, that we together, it's not a question of whether you do the job is there to watch it. But I think that's the second one's there. Yeah. And so let's just make this question like that. That's all we know. And we don't celebrate it as a repo. Probably. Yeah, that's the beginning, you know. Oh, boy. I'm going to do it. Watch it now. Actually, this is Google. This is Google Doc. OK, that's the link. Oh, my god. I'm just looking at it here. OK. So I'm forking. And the thing is, we don't just want to be very strict with it. Yeah, yeah. This other doc is Mike. So it was just two dots. I guess I'll take care of it. So here's one other thing about this. When these guys can read and read that, and you copy the half-technique, the half-technique that I speak for them, the native of Brazil. Yeah. And they go up to your head. Wait a second. Yeah. You're here. I'm just getting out of here. I'm just wondering if we're going to be folding apps in Google Docs. You're again. Sorry to keep you on here. Is that what you need? Yeah, I don't have so much. I think this is Mike's phone app. I'm going to show it to you. You're like, oh, obviously you must know how to think of it. Yeah. So go ahead. They were all really great. They were working through. You must need a lot of stuff. I don't know. OK. I'll make a note. So here's how you do this. So you go here. You just create a file. And then you save. Save. Save. And so something in this. So what languages do you go on? So you just have to do a hash day. Passing a hash day. No. So it was an empty. You make it .mp, and then you chuck them in there. Then watch what happens. Then you commit it. Greek. I'm sorry. I'm just, I'm sorry. That's how you can just follow it. So great that it's even now. Look at this. Can we do a table? It's very hard to do. Yes. We can put a table. That's how we do it. It's all pure text. It doesn't go anywhere. You know, have your way with it with any input. It's a little, you know, that's just going to be some terms. I wonder if people like, yeah, pretty much. It's like, it's a sort of, sort of, sort of, we love our, yeah. And then I'm going to call in two. Oh, you want to speak English? I'm sorry. You want to speak English? I'm sorry. I'm sorry. I'm sorry. I'm sorry. So this sign say the meeting. Do you want to have your desk sign? I'm sorry. I'm sorry. Send it, send it now. Here. Which seems very attributes. I'm sorry. But it doesn't do a table with this sign. Oh my God! It's really beautiful. I mean, it's gorgeous. So you want to do a table with it. No! Oh my God! It is beautiful. It's beautiful. It's gorgeous, it's so gorgeous, it's navigating the way it's happening right in Chinese because you can do that, you can do that. And these are just chords. And now I go into the notes. I don't want to know Chinese at all. So can you go like short here? Yeah. You can type in short here. Do you play flute with this? I don't know. Do you play with this? I don't know. You translate something? What are you talking about? I have this colleague who is from China. Yeah. But obviously he speaks English. He was a perfect fellow. Okay. And he's taking notes in Chinese, typing the combinations of keys that we see in Chinese characters. Yes, yes. And you can actually symbolically transcribe English into Chinese faster than the government. Tight, alphanumeric, English, which is good. I mean, that's shorthand. That's awesome to stop for the, you know, I mean, look at Chinese. It's like, it's a meal. I don't know. It's spoken in many different ways, but it's the same meaning. Can you speak Chinese? Mandarin. Mandarin, yeah. Yeah. Yeah, there's a document like this. Yeah, I know. Just want to puzzle some bullet. Yeah, it's easier to show. Hang on. Yeah, that's not complicated. Yeah, but look at all the time of the year. Everything. I'm driving from a localization. Just killing. That's what we're getting off today. Is it, like, just thick driving problem? It's a weak problem. Well, driving globalization, but what I've noticed in the U.S., is it access to everybody else? He read our email, so... Yeah, I'm going to give you a card. Okay, thanks. No, I'm trying to stick it out. I live in North Carolina on a whole time, but I can do four or five. I didn't know if I could go out and exit. I could be Texas. I can have a heart. I mean, I know what's going on. Special check, I can see what's going on. And we're... Is there a good one? Sure. Is there a boss? I don't know. I can go out and out. Is there a good one? I can go out and out. Is there a good one? I can go out and out. Is there a good one? I can go out and out. Is there a good one? Yes. Is there a good one? I can go out. Is there a good one? Sir, you and this have a good deal, but... Is there a good one? There's a Klarberg schlecht ange. Are there any adge bathrooms here? No, I've got a landfair. Is there any adge pool here? Is there a good water room here? Yes. Is there any boo-o-o-o-er here? No, but you can use it somewhere else, because it doesn't really use it to the hell. Is there any adge pool here? No. No. But not at all. Is there an adge pool? Yes. Oh. Yes. Yes. Oh. Put it down there. Put it down. Put it down there. You know, you can grow up here, not have that accent, grow up in Texas and not sound like that, or you're in Carolina and not say that. You don't have an accent. No. No, but you'll be able to. Oh, yeah. Oh, really? Yeah, my son does it too. I also put up a CME registration video in the link, which is kind of what our other users say. See what they ask to go through. Yeah, I think we could. Let's go over here. Okay, wait a second, wait a second. Let's go over here. You didn't live in Las Vegas. Okay, everybody. Okay, ready? We're wrapping. Wrapping it up. Wrapping. So, let's go ahead and wrap it up. We're online to people. We've got to do this. Hold on. But when I say we're wrapping up, I want to say a couple things so you can see it. Where's the... Mary said we lost that on the box that I'm going to upload. Oh, no, I replayed it. You have some time again. It's like... Where's the rest of the internet? She's got the internet. Oh, here we go. Okay, everybody, pull it into the extreme. See? It's really good to be here too. Thanks for having us. Thanks for having us. Oh, yeah. And share is definitely good. Okay. All right. So, we're sharing the screen. I'm going to go with that. It's super trendy. I see you. All right. Here we go. So, let's look at the good papers. Have you heard the good papers? Wait, wait, wait. Let me finish over there. Oh, sorry. Because we can't stop. Okay. Maybe we can sell. We're wrapping up when we want to be here. We're all here in years. Let's take a look. This is the event website, which is conveniently situated in an open source that we cover possible. So, what have we got? What we have in here is, this is an archive of the video, such as it is. And then up here, I'm sorry, this is, yeah, and that's number two. So now up here, we've got, this was the live notes, which I think probably kicked down. Here is an archive of the live notes committed to GitHub. This is actually kind of habit. These are notes that we took today in the big group. Do, do, do, do. Okay. Including the chart. Including the chart. And then if you go back to the chart, that's the chart that Robert did? Yeah. Okay. So, it might not be 110% up to date. But we don't have the GBR says. Look, if you go back to the big place, it says it's that and this. And you click on this and what you see. You can see the mechanics, the mapping, you see like, you see this other chart with the deeds. Look at your MPs. Here's the thing. Here's the JSON. Well, JSON objects. The properties. But that's the IAEB JSON. Yeah. But that's what we'd be hiding, right? I really love it. Okay. We're extending. We'd be extending. Just hear away. Pity. Yeah. But that's all they're at. Pity. Pity's good too. Okay. All right. Let's give it. And so, and then finally, finally, if you go here, I'll add one more link because here comes the money chart. I think we lost Andrew. Concert cookie manager is down. It was down a line. Oh, is this not? No. Well, we might want maybe you. Oh, four right here, right? Three, four. Concert cookie manager. Ah, this one. Yeah. Okay. So now finally, here is the actual repo with the actual goods in it. Thank you, Sam. Awesome. Welcome. Welcome. Welcome. Welcome. Welcome. Welcome. Welcome. Welcome. Welcome. And now I'm going into the briefing and we'll just take one more hit from the top, which will be the best one. Let's be signed in. Oh. Okay. Okay. I'll do it on my. On yours. On mine. So now I'm going to link it to the actual repo. So we have a boot contained like everything that we did today. And it's possible to kind of do it without searching around and figuring, you know, perhaps finding and perhaps not finding everything. So here's the repo and I'm going on to a different computer now for those of you online. And I'm adding in the repo to the top list of links. And I shall make it nice and big. So this is what we call this is a repo with what do we call it? Working cookie. Oh, man. Or what is the content with content cookie? I'm excited. Very well. You're baking the instant cookies. With cookie prototype. Half bake type. Yeah. Half baked. Half baked. Definitely half baked. So this is our customer. Good. Yeah. Customer. Okay. Now. Prepare to be. The names. Now here we go. All right. Here we go. Here we go. Now. Da da da da da. Boom. Okay. So now we're happy. So here are all the assets as it were from that we built today are here on the stage, which is also conveniently from. They're bright. Thank you. So what? So maybe I'll take advantage of this moment to make. So what? So on the eve of the sunrise of GDPR 24th. What would be like kind of like very realistic, not a stretch to take the work that was seeded today and make it ready for maybe more like announceable demo. Demoable. What do you think? Well, Sam. I don't know. It depends on the scope of what we're trying to accomplish. I definitely think we can have something that works in as newsworthy. It is unlikely to extend to the extent of I think what we've talked about we'd like to do. From a from a demonstration capability of a user controlled consent involvement through the Chrome extension, the amount of technical work is not it's more than an hour, but it's not insurmountable. And we could actually have a shipping thing that people could use to plant their own cookies where they wanted. And that would be pretty powerful. The extent of the vision we've talked about, but it's kind of a fun start. Okay. So I think we can also, you know, produce that chart. Have something that is verbiage that hopefully will have already been vetted with our partners or future partners in this, including EU people that Robert is talking about. A point Robert was making was privately earlier as we were all talking about this is that countries like Poland, any community speaks Polish, talk in Polish, are well equipped at the country level to deal with this stuff and we can help them out. In other words, they don't know what to do with the IAB, but we do. And we can give them this and they'll say, that sounds cool. That's what we wanted to have. Right. So, your information commissioner would be very happy to get the time and the partnership. So, the ICO, the DICs or the ICO as we're usually all. Are you all familiar with the demo washing? Okay. For those of you who may be not familiar with the demo washing, I used to work for the Tachi semiconductor. And in dealing with the Mades, with the Japanese nuclear wars, there was never any tension with the meetings because everything was decided ahead of time. And meetings were less ratified. A consensus that was arrived at by demo washing, which is where you get consent basically at the social level. Okay. We're all agreeing that this is what this is about. We can do some demo washing before this thing. That's basically what we want to do by talking to the privacy commissioner of Poland or of Switzerland or of any of these other countries at the same time. We're also talking to Corey Doctorow and the EFF and Wendy Seltzer at the W3C and other friends in different places like that so that they're all in kind of alignment with what we're trying to do here. And for that matter, Wendy really at, you know, and say, okay, here's who we are with this thing. Thank you very much for getting us going on with this. And Jessica Rich, who we're overdoing, getting in touch with. And she would, I think we show her what we did today. We're, yeah, plus other friends to be dating. A few more. A few more. That's the other thing you could do. If you could turn each of those customer comments, says things to have a corollary, which is a worldly ball, or each of those CMPs to see how close they get to what customer comments. So when they say personalization, when they got the circle with nothing in it, as opposed to, you know, so you literally adopt the super reports. Oh, yeah. Grading. Right. Because they can't get into digital anyway, you know, because it's enough with the refrigerators, you know. And interesting thing about this. Those are called digital too. Yeah, no, it's that. So they have to get into the digital aspect of life as opposed to just being on it. All right. So that's what you call the privacy worldly ball for consumer reports. Exactly, yeah. That's their little thing there. Yeah, you know, where they have it done, you know. The guy's name was Worley, I think. Oh, really? That was the designer that came up with the little ball. The little doughnut. We used to be part of the logo, but then they took it out of the logo. Yeah, but it used to be how they rated things. Yeah. We had a really awesome member in our presentation. Those are hard people. The same thing I knew, we've been. The Harvey Ball. Harvey Ball, Harvey Worley. Yeah, those are the black things that are percentages. Yeah. Part of both of you are doing that. Okay, same thing. Okay, upload it. Thank you. I'll remember that for the next few days. I didn't remember it was called Harvey. So basically to summarize where we're at here is we kind of have the we have the code side of this, and we have the text side of this, I guess, which is our not our expansion of our reconciliation of IAB categories of what the GDPR wants, and then turning that into a document or what. I would think like a cookbook would be appropriate so that people could see here's how you set these cookies, get the Chrome extension, here's how you implement them on your server. Here's like what it is. I do. Yeah, let's do that. Your flow chart is about both. I mean, something which is content, which could be streamed, which is someone doing a narrative about what this was about, which we tried to achieve just as a talking bad. Okay, so if you're a media cookbook male, I'll make a cookbook. I'll make a cookbook. Yeah, so the cookbook, the all the comments cookie cookbook. Customer comments cookbook. Customer comments cookbook. Customer comments cookie cookbook. See this past lifetime. Doesn't even look like a cookbook. Customer comments cookbook. Customer comments cookbook. And then second issue is, is there anything you want to do? Yeah, just something like that in the store, just to sort of talk about it. I mean, then eventually the sub market is talking about, which is how do you then take what we've got here and bring it into the world and actually consent, right? Because right now we're trying to fix the advertisers view of how to manage personal information. This is it really concentric, and we're trying to get them to move that way. So maybe at some point in the future, we actually revisit hacking the consent receipt itself as a tool to be used here as well. So right now, all that we're doing is we're providing a better, it's not really a consent cookie. It's really a user interface cookie improvement for all intents and purposes. So data design here, which data does it? So maybe at some point in the future. I mean, I think that's a lot to do by May 24. Let's take a look at what we have. So I'm going to add a follow-up event to the site. If you click it, I've taken the precaution of making a repo so I have a place to do stuff. If you look at the convenient direct link to GitHub, you can actually get things done. Then you can see we have issues. And so here's a couple of tasks. Make a hookbook, a flow chart, some step-by-step instructions, two paragraphs with an overview, and the wondrous advantages doing it this way. Oh, excuse me. And then the second thing that was making a YouTube thing, which doesn't seem achievable, or if we didn't do anything, we could do it on the day itself, like that could happen, what we do. Right. Right. OK, so David, excuse me. Oh, I did not hear you. We're going to just sing for the rest of you. Very good. OK. I did not know that. OK, so David, I don't hear. Mr. Pup, I don't hear either or not. But have you kept up with what we're doing here? He said I made it back on. He said that three minutes ago. That was a launching. You want to hear it? Yes. David, are you there? He's probably trying to figure out how to turn the sound down. Oh, that's you. Yeah. David, it's not on mute. Yeah, I just want to make sure he knows that what you're typing up right now and where it is that's used to be. I'll put up a link for all the people in the chat. Yeah, we're going to. Here it is. 3, 4, next steps. Oh, Dr. Ward, on the 2th act. Next steps. 4. I'm calling it summarized E. Because that would actually be an A. Because it's an A. There we go. So that is now here. Here we are. Whoa, that's tricky. There we go. So I put it right here for everybody. Oh, there you are. There, can you hear me now? There you are. Hello. There's now two of you on the screen. Hold on. Killing that one. We only hear one. Yeah, that's true. Oh, I know, but just fan with them at home here. Yeah, sorry, I was testing out an arm laptop. It's not surprisingly, extremely slow. All right. Yeah. Hey, what's up? So anyway, we have, we're just finishing up and we have links to all of the interesting work that we're doing here. So Mary has a suggestion of the write up for naming. Our name? Oh, yeah. For user terms. For user terms, okay. Which is really what we're driving for. Because we've been calling it a consent cookie. Yeah, I said no, but just. So that was the point that I was making. I think she nailed it, right? Yeah, and the thing is, I mixed feelings with a user. Data subject cookie, but data subject is like, what is the subject of the data? But the, I really love the literativeness of the customer car most good because I could look. Sure. Sure. But I think it's important for us to understand that what we pack was really the user terms. Not really consistent. Yes, that's correct. I think that's the one point. Yeah, we're not doing that. Which is, this is a huge step forward because one of the big problems clearly is users don't understand the terms to which they're agreeing and GDPR does anything that should do that. On the GitHub page, is there a summary statement of what it does to so we know that people look at it? So I added the article, like the GDPR. And Mary's keep going, right? I think just making sure you're being heard. Did you guys decide today whether we were going to add bits to the cookie alongside the IAB ones or are we going to try to redefine the IAB ones? That was an open question at IW. We have a table, see if you bring the table up and put it on the screen. So we took with the IAB's interpretation what the IAB wanted to do and the customer comments column saying with the GDPR citation column to the right of that saying here's what we want these things to do and they're complying with the GDPR. So the answer is yes and we have a table for it. So their bit one or their bit four would be our bit two in this case. Purpose is bit two, personalization for them. Purpose is bit two for us is tracking. So we're literally keeping their bits, keeping their protonym and then substituting our terms as Mary referred to. Why scramble them? I'm just curious. Why is their tracking one our whatever bit? Why aren't we trying to map closely to there? Right, so their personalization one which isn't really personalization, it's tracking. So what we're trying to do, the way that we tried to hack this was to take their purposes and features as they define them and make them user centric as opposed to advertising centric. Not changing the format of their cookie so that these are some technical options of ways to hack it. Great, so I'm on the hackmd.io notes. Where do I find that table? Yeah, yeah, yeah. We'll further take that. Oh, it's down a technical hack. We're treating the display as a transparency component separately from the consent or the authorization component. We treat them as separate vectors. But we don't have to your point yet like pros like entry-ree paragraphs that overview it. But we have that as an issue. We have a link to their registration process for those over here. CMPs. But this is in the other thing, right? Oh, I see what you're saying. Is there anything added to it? It doesn't exist. Understood, okay. God, I love their Orwellian double thought or the double think of, they call it personalization but it's just tracking. What's personal? So we have a... Oh, there it is. Okay, so here, Dave, you can see it is... I can. Okay, so we're... We're looking at the same part. So we're saying, yeah, the hope would be to flesh that out a lot more. Yeah, the lawyers are going to flesh out the... But we're also saying in column three because the promise was that we don't want that. Not that we want that. Right, so... It kind of flips when we were describing it. Sometimes you're using the negative, sometimes you're using the positive. Yeah, so moving that. Yeah. What are you requesting? Yeah, that's true because we're saying we're using the first person voice everywhere but in that role. I don't want. So can you change that? No, because if I make changes now, it won't be reflected. Yes, you can. Nice. So the first person was like... Well, it's all first and second person. It's my or it's you. Yeah, or I. So... No... No, usually. So one of the points here was for... It's not like we want them to change what they're doing. We want them to actually be more clear and transparent about what they're asking. Yeah. Tell the truth. All right. And then I think a further step would be to... But you see that on the right here, we're right to object. So what we want to say there is more profiling through tracking. Right. If you close the question, do you accept personalization? Yeah, that sounds fine. I'd love to have my name and not have the time. But what they're really asking you and what we're trying to make clear is are you okay with tracking? No, I'm not okay with tracking. So previously if you were asked a question, you would have inadvertently perhaps said yes. Now if you're asked a question with the clear customer comments you know how to... You've got a much better chance of answering the way that you should. My point though is that if somebody's coming to this for the first time and reading it, there's this one square where it looks like I'm saying okay to something and I'm not objecting. I'm right to object. I'm not objecting to GDPA in order to track it. So that's why I'm just... If you're going to say what you're saying, the point that's captured in this somewhere but I'm not sure it's made clear enough is that I want to treat the ability to define the language separately, independently of the ability to specify the fault policy track. So we captured that somewhere up towards the top but it didn't make it into the table. I think that we did. The table is much more limited in scope. So at one point when we were talking about the Cook You Replace button or whatever I said that we had a choice you know you could click a button that said simply accept customer comments the faults and then there would be another button which was the invitation that Joyce sends to Doc which is accept customer comments proxy cookie or whatever we're calling it cookie hijacker and so those are two separate customer comments branded things that do very different things and customer comments could be either one or both. So the customer comments says is what is our translation of their language customer comment default is what the policy should be. So related to and there was often so PBI could be one and customer comments could be the other. So my suggestion is we have we copy and paste this table and we have one the interpretation of language and the other be what customer comments says. Customer comments has two roles. So both columns start with customer comments so we two columns yeah so we add a column we add a fourth column a fifth column probably between columns we do that yeah so customer comments says is the translation and then customer comments recommends would be the other recommends is default recommends recommends by default okay oh I see I think I can but I don't know if I can I'll just computer but I can't okay customer comments customer comments customer comments customer comments customer comments just the most recent customer comments well how do you usually make a table? I don't know so I don't know I know how to do it in excel so in excel I would say just make it wherever you're most comfortable or I would see what you're most comfortable with can I see a document here so we put that mark down on the top one down to the table that's the table I think but it isn't okay this is not that this is not that one this is this is getting out for it there's not this one yeah that one okay so let me clean this up a little bit but similar I think what I'll do is I just put html but let me what I want to do is change it to mark down so it's simpler to edit because html is kind of a very edit I think I think a pretty good version of it tables are up a little bit tougher so writing p html and I want to do html to mark down are you going home today or are you hanging out? are you going to take the train what's your train? I eat tarant so walk around sunny sunny today turn into a nice day across the bridge go to go to the red line the south station go to the north end the north end never been to harvard have you done it they go to harvard let's walk there the mit is like it's like a bunch of bills and it's a bunch of office bills like if you know they're always heck of a bum I have been here last year and the biggest heck of a bum our company is one of the sponsor heck of a mit yeah I was there for protein yeah I love it but it's confusing that's part of the chart part of the chart yeah the thing that surprised me about harvard I mean it was the first time years ago you know I'm expecting she said it looks like Princeton or even Duke it's actually not as good looking as those it's nice it looks like I can leave but I'm looking for some but it's awesome the yard is real the yard is the best part and it's the only real part it's like every other college they had around the edge yeah one more hillball annenberg, dining hall is really nice oh yeah that's a little bit of Oxford Harry Potter yeah so you live here right now I'm looking oh really? I flew in last Saturday and I'm flying back on Saturday for this? so when do you start? next fall but my plan is to show up here so right now I'm working with very high intensity, high stress that I fell into because I met some evening private equity so I met some guys in a bar and they told me like literally this isn't like what happened but I finished at the end of the day and then like mid-June I had to show up and start finagling we're a year or a bunch this summer well like I said if you're just going to find yourself you're going to find yourself you're going to find yourself but I would tune in the cyber law people to you yeah that's why I want to spend the summer to do just that because once one hell gets going I think I'm going to have no other play that's what we do tomorrow is fine tomorrow is fine I fly back Saturday night I'm just going to do an intro for Elefant because she's a big star it's really interesting the whole point is that it doesn't work and to me personally this is the tip right now it's not happening but nobody knows exactly how it works there's so many aspects frankly, mind blowing once you start getting do you know about Epress? yeah, you're talking about that there are a bunch there's like five years I'm lost they have no way you can vlog it I have a question no, the three bunch that's right what are you talking about are we done? we're done we're not we're going to tell you we're going to tell you we're going to tell you we're going to tell you we're going to tell you we're ready to tell you we're gonna tell you we were when he got into Aoteに and he came with us and he came to get it I think the response was I don't think it's worth it if I can get the chart that was exactly what I was worried about two months in Boston no it's no way it's not important And it was complicated. Yeah, yeah. Like, you can't say it. Yeah. And the wildlings that I found and I saved it in the picture and I even put it in the library. It was just, you know, we were asked to do a group and this was like last week. You know, we just, we just went and said, some other people, we just put the library in front of the library and we put it in the library. Yeah. And I thought, well, next, this was the class of Thursdays, so I'm probably going to ask them to pick it up and see if they can get it to themselves. So, you can fly back Saturday, Saturday. You can fly this morning. I'll be right back. Okay. Yeah. And I'm free talk for this kind of stuff. Yeah. Okay, so. I'm not sure what you're talking about. You can do a lot of stuff. You can choose. And you want to get the cycle to the library. That's nice. We have your room now. That's great. And we need the real stuff. We need to write the room down. We have the real stuff. We have the real stuff. We have the real stuff. We have the real stuff. We have the real stuff. We have the real stuff. And if you want to see what you're writing, you can see your email up right there. Um. Um. You can do that. Oh. Yeah. Do you like the back-to-back? Okay. That's a good game. So we're going to head up. Thanks again to everyone. Okay, thanks so much. Say hi, to everyone. Say whatever I can. Or in the same security space, I like the code to your private I see Okay Oh This is not editing there He's editing like You know it's translates And then customer college translates and then customer commons recommends So those are the two Marry to one Yeah, well my wife's actually the legal she's a JD SJD, but her PhD is an anthropology so So she's really It's a legal PhD That's I guess it's for letters Yeah, so doctor doctor doctor something like that and the J is technically a doctor too. It's a turn over you, right? Right. Yeah, so doctor doctor doctor. It's funny. It's most most jd's don't like to be called doctor It's like it feels pretentious. It's pretentious. It's like it's very much like if you went to Harvard You don't drop the age bomb Everyone here says oh, I went to school in Boston. Yeah, yeah, we're exactly okay Yeah, and we're like south Cambridge Between central border my case Yeah, that's opposed to Here here here is I like to say My son very transverse from an IT to Harvard. Yeah, which I do with both places goes up So if you go to school I Just South That's it customer comments. Oh customer comments translates Don't recess recess instead of says it's translate We are Want to add a column also no, that's no is the added comment is customer comments. Oh, we don't have to add a column Where everything the customer commons recommends is in alignment with the relevant GDPR Well, well close enough for now So in other words the categories are The row is Yeah storage of information Information you can you can say see see all three hundred forty pages of GDPR It's only 88 pages So I think I think there's another part of the of the GDPR that sort of would apply There's tons that that would apply. I think I really just started this No, not that one either I think it's actually restrictions on processing of personal data This would be and I think technically yeah, that's 18 right right the restriction of prophecy crossing article 18 Right to restriction yeah, yeah, the data subject shall have the right to it. That's what's there. Oh, it's 18 18 and 17 Restrict an arrays. I figured it would be the two most. Okay. Well, you're gonna be right about a muscle Yeah, that's right Did you did you read it to a point? That's what it says Did I read do you share it? Let's share it just 18 with everybody so you can hear it. It's written very plainly It's I'll help you can check it or do you mind checking it into the read me or somewhere so we'll keep it alone in pre-code We all have to do the research so much. Oh, so the individual articles are just 18 specific Yeah, I think so because that's it's really about restricting processing in primarily and then so it says the data subject Shall have the right to obtain from the controller? Restrictions of processing for one of the following applies So the first thing I'm brought us down before we get there is the right to obtain from the controller Okay, how do you obtain a controller this hack provides a mechanism by which the subject can inform the controller of like a method for restricting but what they want restricting instead of like it's the way that we're doing it is through a cookie It should be like a method of exercising your right to Inform the controller of a restriction So that's assuming that the controllers in the workflow in the cookie purchase not to give it It is not here. That's probably one highlighting this And so what but nonetheless is a mechanism for controllers that find that they choose to use this So this is where I think the notices and receipts of Mark will be referring to become a lot more useful because as an example as a result of Implementing that cookie it generates a notice which you don't which was which somehow gets to the controller Then that's that you know, then then you close the loop here. I mean what we're again what we're doing here is we're Rather the language they had had no indication that You have to write to notify the data controller about what you wanted to achieve We're saying you can keep this this will You should be able to notify the data controller because article 18 as you just said says that you should be able to do that We're not saying that that takes place But we're saying that that's what we customer comments wants to have occur, right? So so we haven't implemented the technical means to accomplish that we face and highlighted the outcome we want to achieve and whereas before the outcomes were Completely divergent from anything like what we're describing now now at least that the outcome is pointed in that direction right, so I think it's so it's like swinging the You know If you're if you were sailing it would be changing your compass heading right Right, and this is one example. There's the certification thing we talked about There's the member state data authorities and there's there's a ton of stuff we can say can you plug into this right now? We're early enough that no one else has all right, so let me see if I call it possibly no one else's it's um That under gene care mechanistically step number one would be data Subject under our 21 objects to processing of data for direct marketing Just like subsection 3 and then and then under 17 or whatever the restriction was 17 is ratio, right? Which under 18 so 18 then said what so what it says is um So I as far as I understand The right to restriction applies after you've checked that right So I think you can object to several things. So for example, you can object to inaccuracy And you can have Any data that is reported about you Updated to reflect the truth. So the one I'm looking at is subsection 3 it says under right restriction We're the So the whole thing says the data subject you'll have the right to object on grounds relating to his or her particular situation at any time The processing of personal data concerning camera, which is based on blah blah blah And then when you go down to section 3 where the data subject objects to processing for direct marketing Or this is the data the personal data for no longer be processed for such purposes So I'm pretty sure the add tracking part and the tracking is like Like the commercial abuses is for direct marketing thing Maybe something could be for aggregate understanding the market or something like that But you could say it was custom proof customer service if you wanted to just I guess yes Some of the some of the age conditions But the thing that I think feel like is at the center of like the heart of the man part Is that people find it super creepy when you're tracking me for stuff? And then oh my god now I'm getting at for blunders I'm gonna add some of these answers on that that direct marketing these seems to be like point blank Right, I think and also it has its own subsection Well, I think a lot of what so a lot of what we're taking on here So we should meet so, you know, I would go right through the document do a search for marketing direct marketing So see which sections specifically have those terms in them and then map those sections to the The purpose is a feature Yeah, I would do I would do direct marketing and then Yeah, no if you give it This is the point you're making guys is tremendous if there are direct links to direct marketing language in the GDPR Those are here then that gives us a much bigger cudgel to to assuage Or anyone else Like we're talking about the Harvey Balls, right? Talk here about having like clear icons that are recognizable Yeah, that help users understand what they're consenting to. Yeah, maybe Harvey Balls are those Or check or any of some set of checkmarks. Yeah, who knows what they are. Yeah, but I think whenever we say look What we're doing is a and that exact concept is in article X. I think that gives us a lot of Yes, right and that's useful in this People