[decentralized] Clarify intended activities and coordination #291
Comments
wseltzer
changed the title
|
The group will initially author two documents that if adopted by the W3C will sit alongside the Security and Privacy self-questionnaire. These documents will help any proposer identify and better address the consequences of their proposal in non-technical terms. An example of such a list a proposer might create is the Apple WebKit Tracking Prevention Policy which lists the following consequences associated with changes associated with the policy. • Funding websites using targeted or personalized advertising (see Private Click Measurement below). In the forum of the W3C the group will encourage the early communication of such consequences so that a balanced assessment can be made far earlier in the process saving much time for all parties involved. The group will also encourage a diverse set of skills and interests. @torgo of the TAG identified the need for this earlier in the year when writing about the need for [web] engine diversity. The group will be able to provide insight to TAG and any other group wishing to benefit from a wide set of skills.
@torgo states "We need stronger mechanisms to ensure more voices, and especially more diverse voices representing more of those stakeholders, to be part of the process of improving and evolving the web…" DIG is one answer to this call to action. DIG complements TAG and provides valuable inputs particularly from the non-technical areas. In relation to horizontal review, the group will not provide this function in the same manner familiar to those who have interacted with the W3C privacy, accessibility or internationalization interest groups. Instead, this group will publish guidelines that proposers may or may not follow. DIG will only provide commentary on matters presented to the AC for review covering the broad consequences that would impact the decentralized nature of the web. In keeping with all other W3C groups, DIG does not assume the authority to prevent any changes from occurring, merely to ensure the changes and any unintended consequences are better understood earlier in the proposal process. |
|
In what way do you intend to have these documents "sit alongside the Security and Privacy self-review questionnaire"? That document is a joint product of the PING and the TAG, but it comes in to play in the TAG review process (when filing a design review request, the TAG asks a filer to fill out this questionnaire). Has the TAG agreed to ask filers to ask these questions, too? Re: " DIG will only provide commentary on matters presented to the AC for review covering the broad consequences that would impact the decentralized nature of the web." This appears to I continue to fail to see what problems this group would mitigate. For example, the one definite reference you make is to a specification that actually already lists the consequences - which is generally the case for W3C specifications, as the consensus work model of the W3C integrates many perspectives. Asking specification authors to list "unintended consequences" is not rational. Asking specification authors to examine their features from a specifically different perspective (e.g., with an eye to what identifying "fingerprints" they might be exposing, as the S&P self-review asks, or whether the spec persists state across sessions) - in short, highlighting specific types of unintended consequences - makes sense. This charter appears to ask for a blanket "unintended consequences" authority, which is somehow tied to "decentralization". |
|
The chartering of the group and the use by others of the deliverables or resources the group make available are separate. All we’re asking for at this stage is for the group to progress to charter vote in the AC forum. Assuming the group is chartered in 2020 then I suspect the documentation deliverables will be available in 2021. It will be up to other W3C members and chairs of other groups to decide how to use them, if at all. Similarly, it will be up to people engaged in W3C Process and TAG chairs to decide if and how they are applied to TAG filers. Given the public statements made by @torgo I doubt there will be any material objection to identifying a broad range of consequences that risk centralizing the web. The aspiration of those proposing the group is that the group’s deliverables will be widely adopted and as a result “sit alongside” other official documents and process of the W3C. Like all things W3C that will depend on consensus and no group or entity should dictate outcomes for the open web. In relation to the problems the group is seeking to solve and the WebKit example. Unless I have misunderstood, Apple’s WebKit Tracking Prevention Policy is not a standard in any sense of the word. It is a policy adopted by a commercial company which I used as a concise illustration of the sort of broad consequences that might be listed against a future proposal by it's author. It is the view of the group proposers, and presumably the trade bodies that support it, that the current method of identifying consequences and raising the profile of those consequences, particularly in relation to the centralization of features of the web, needs explicit recognition at the W3C. The group deliverables and the resources available will enhance and broaden existing activity only if others wish it to. |
Ideally, the intended use of the groups deliverables would be part of the chartering process. The group would give specifics about how their deliverables are intended be used, and the people voting on the charter would agree on that plan. |
|
+1 to what Alan said. To be clear - IGs take W3C resources. (CGs do not, really, which is why they are much easier to start, and why we encourage incubation of nearly all specifications in CGs before taking to a WG.). If there is no goal for how this self-review is intended to be applicable, it is difficult to know how much resource this is going to take. I'm still not entirely clear what you were saying about Apple's WTP Policy. Of course it is not a "web standard", but it is a specification - and I think (?) that you are saying the example list of potential consequences is all you are after here? |
|
@astearns The charter explains the deliverables and how they should be used. Like any other group in the W3C their use can not be mandated. If AC members would like to see the deliverables mandated then I believe that would involve a change to W3C Process in 2021 and would be seperate to the chartering of this group, or any group. @cwilso In relation to the W3C resources I suggest that time is allowed for attendance at two one hours meetings monthly and administration of the two document deliverables. As already mentioned it is entirely up to other W3C members and groups to decide if and how they use the guidelines the group produces. Perhaps a W3C team members could comment on what this entails in terms of FTE? @cwilso in relation to Apple's WTP. My understanding of a specification is that it provides sufficient detail for a developer to be able to implement a consistent solution that enables interoperability between multiple independent implementations based on that specification. Therefore Apple's WTP is not a specification. I referenced it purely as an example of what a list of consequences might look like. I apologise for any confusion. |
|
Since I’m still struggling to understand what to expect from this IG, I did a little bit of digging into recent W3C activity from @jwrosewell I’m guessing this is the kind of feedback to expect? Are these examples of the kind of unintended consequences the new group would uncover? w3c/fingerprinting-guidance#45 |
|
@astearns Thank you for drawing attention to these important points. The group charter provides a) guidance documentation to assist others in identifying unintended consequences; b) expertise to assist if requested; and c) commentary on matters provided for AC review. Only the last of these activities involve the group providing feedback. The group aims to include participants with a diversity of skills and interests. As such any feedback to the AC will come from this diverse set of skills and interests. The group will provide a better understanding of the impact to a wider set of stakeholders who are currently underrepresented. I would also like to take this opportunity to provide some additional background on myself and the four issues you linked to. This article titled “We Can’t Let The Open Web Become A ‘Tragedy Of The Commons’” provides a summary of my position. I, along with 19 other signatories, have a number of concerns about W3C governance which I raised with the AB, including Chris Wilson and Wendy Seltzer who are participants on these issues. This interview concerning the letter provides more specific explanation. I’m not alone in these concerns. The authoritative voice of US Congress raised similar issues in their anti-trust report of 6th October 2020. Page 229 references the W3C specifically. If there is specific language in the charter that you find objectionable could you please point it out? |
You skipped “DWIG may provide input on request to other W3C groups developing web standards to help identify early impacts on the broader web community beyond the focus of their specification” which I interpret as providing feedback to working groups.
This is so vague that I would not in good conscience be able to support the creation of this IG. Charters exist in the W3C to limit scope and provide focus for a group’s activities.
I object to the lack of specificity in the class of issues this group will be involved in, and the lack of specificity in who would be represented by the group. I think the group needs far more definition to be useful and successful. |
|
I think I've read this charter three times now and I'll be candid: I still have idea whatsoever what it's trying to accomplish. One of the deliverables purports to be about "Decentralization, Choice, Auditability, and Accountability." Stated in this way, it reads to me like four words picked at random. What driving principle gives coherence to this nebulous set? The other deliverable is about "foreseeable impact" of work. To me that reads just like chartering a group to produce "useful technology". If the intent is general review, then this sounds like it's attempting to duplicate the TAG. If the intent is expert horizontal review, then it should be easy to explain what this group's intended expertise is. As written, I can't tell if it's general or specific; if general, why; if specific, about what. The only thing I was able to tell with some confidence from the draft is that it does not appear to be related to decentralisation in any identifiable manner. |
|
DWIG (or DIG for the moment) does propose providing expertise on request to other groups only if those group request it. This would only include feedback if feedback was requested. See the parallel issue where the feedback on the PING charter is referenced and I explain how that feedback fed into the drafting of the proposed DIG charter. The participation is incomplete at the moment because we need to charter the group before we attract participants. We have listed the disciplines of business, economics, law, policy and product as ones we would like to attract. I have reread the PING charter which provided guidance for this charter. @astearn Can you help me understand in what way the subject of privacy and the open ended nature of the PING charter is different to this proposed charter? The deliverables from the group are two documents drafted in the Improving Web Advertising Business Group related to identifying success criteria and then a set of questions proposers could consider when evaluating their work. The topics for those questions are:
Much work is needed to improve these documents and support the goals of the charter. They are not complete. Of these Auditability is an important underrepresented consideration today. The group produces documents and provides advice to help proposers understand impacts that could be foreseen early in the process utilizing a wide range of expertise. This is a valuable addition to our work. The group will not conduct general review. Perhaps commenters can guide me as to where this impression came from in the charter text and particularly the weaknesses in the charter draft compared to the PING charter? |
|
I'm sorry but after reading this I still do not understand what this group is intended to do. You state that this group does not conduct general review. Thanks, that narrows it down to expert review. But, again, expert in what? PING carries out expert review in matters of privacy. Privacy is the right to appropriate flows of information. Everything can always be clearer, but that's all pretty straightforward and I know what PING is expected to be used for. DWIG carries out expert review in matters of __________. I still have no idea how to fill that blank. You list four words but I can't figure out what those are supposed to mean either. "Interoperability" is what every group does. "Accessibility" already has expert review. "Choice" and "Auditability" can mean pretty much anything. I read the document you link to, but I still don't know what the proposal is. That document lists a grab-bag of unrelated properties most of which are pretty transparent fig leaves over adtech lobbying positions. If the intent is to have a group for adtech horizontal review (or at least for the subset of the adtech industry that's not interested in innovating to match user expectations), then it would be a lot simpler to just say so rather than try to hide it behind some vague general considerations. So, again: |
|
DIG does not intend to carry out reviews of any type unless requested in which case the precise label for the review would need to be agreed on a case by case basis. To expand your comparison text on PING. DIG provides guidance in matter of identifying unintended consequences which centralize the web. Centralization is the concentration of control of an activity or organization under a single authority. This seems as clear as the PING sentances proposed as comparators. In relation to the ICAA document you reference, it is the objective of the group to improve that document and the success criteria which is the companion document such that in time they will become official W3C documents to aid proposers in creating proposals that consider a wide range of issues focused around decentralization early in the process. I'm not particularly involved in the field of adtech. Certainly the documents at the moment were constructed with participants from IWA BG so some advertising thought is likely to be present in the text. I would like to gain a wide range of input to those documents and believe DIG will be a mechanisim to achieve this. Perhaps you will be able to represent the requirements of larger publishers in time. There are certainly multiple bodies that support forming the group based on the text as drafted. In anycase is there a particular concern with adtech? |
|
Speaking for myself, I got the impression that the group was intended to do general review because of its mission:
that seemed very intentional to me that the group was planning on reviewing proposals, in other to identify and mitigate what it saw as unintended impacts. Auditability is entirely, in my opinion, the role of Web Platform Tests, and the related drive to make test suites the norm for all specs. However, your complaint does not appear to be about testing or auditing; it seems to squarely relate to "stability" or "backwards compatibility", and the struggle that I (and others) seem to have here is probably because we know quite well that all the standardization efforts we are involved in take their responsibility to not destabilize the web seriously, and they consider the effects of broad changes seriously. At the same time, the web (and the world of computing in general) changes, and new problems arise that we didn't know about before. Believe it or not, but when I was developing the first Web browser I worked on, security was not such a concern; the concept of "privacy" was in its infancy, let alone all the many tendrils of how these concepts would change our world. It took more than five years after I pointed out that visited link control could lead to privacy issues before that was addressed, for example. We've certainly developed tremendously as an industry since then; and there are serious, intentional, smart people involved in each of these areas. My overwhelming concern is that the charter for this group, as Robin puts it, does not actually declare what the group sees as a problem. It hand-waves at such things as Open Stand principles and the W3C's "One Web mission"; it talks about "helping identify early impacts" and "mitigating unintended effects" for various specifications, but without any detail of what perspective we've been utterly missing out on, that insults the efforts working on those specifications. There is an implication here that somehow, some nebulous ubergroup would somehow know more about the effects of individual specifications and new APIs than the groups working on them, and that those effects are "unintended". For areas like privacy, where there are very precise vectors of attack, or internationalization or accessibility, where there are very specialized skillsets and areas of knowledge about what is necessary to enable other languages or methods of interacting with content, that might apply; I've been trying to understand exactly what skillset or unique perspective is being touted here. We build open standards; by design, we welcome diverse viewpoints. Anyone is welcome to participate, and I haven't been in a group yet that doesn't want MORE engagement from others. If this group doesn't intend to produce reviews, they should start as a community group, and start by identifying the kinds of "unintended" consequences you are hoping to help authors identify and mitigate. |
|
I'm really sorry but I'm increasingly confused with every answer. One of the two deliverables for this group is a review document, but this group would not do review? Unless someone (who?) asks it to do review, in which case it might but we don't know of what, for whom, or which purposes. As Chris says, it doesn't seem that this group has a clearly defined area of applicability. Decentralisation is an interesting area of work, but there is little in the documents you cite that appears to have any clear relationship to decentralisation, and the description you give is not the one used in technical or in governance contexts. You seem confident that you have both a community and a problem. That is great. It is not rare in the early days of a problem space to find it difficult to communicate it to other actors. I would encourage you to form a community group, hash out the details until they are clear, and then see if there is a there there to build an official group about. |
|
Oh, I forgot to add: there are already multiple groups dealing with decentralisation. I would recommend you reach out to them to expose how you might align as a community before chartering a group. |
|
Amendments I have amended the draft charter to explicitly state that horizontal review is out of scope. The group produces guidelines. It does not perform reviews. Following todays meetings I have added to the work product of the group the creation of a document to translate between the different disciplines to aid common understanding. These are included in the pull request. To clarify the group will provide support to other groups that ask for it. This would include any other group in the W3C and support would be subject to availability of people and skills. Reading other group charters I don’t see why we would need to be prescriptive in this regard unless a new higher standard is now being applied to new charters. Perhaps W3C Team could advise? Audit Does the Web Platform Tests group work with external auditors to verify that standards have been implemented correctly in practice by different participants? What about the none technical component of implementations? For example; rules governing data or rights assigned to data are respected by all entities that receive or transmit such data. Effects of Change This group will provide support to make it easier for proposers who wish to avoid destabilizing or centralizing the web simpler and more consistent. Given the sheer volume of ideas being experimented with across community groups some guidelines to help drive consistency seem desirable and uncontroversial. If such guidelines already exist perhaps someone can highlight them? Problem Many proposals being presented and developed in the broad forum of the W3C have not considered the consequences. I do not know why this is. For example; we have discovered proposals to develop cohort based marketing discriminate against small players and favor larger players. There is no effective mechanism to highlight such issues today and the proposers of such solutions do not appear to have recognised this consequence. The justification of "better privacy" seems to trump all other considerations and the W3C environment has been conditioned to discourage debate on the subject. Creating this group to help identify such issues early in the proposal process seemed to the members of the IWA BG who supported the commencement of the chartering process and other supporters as a constructive method of helping people highlight such issues at the inception of a proposal. Given that web browsers currently "ship" features without them becoming candidate recommendations and receiving W3C AC approval of any kind these problems are particularly concerning for small players. To quote page 229 of the US Congress report of October 2020 which discussed the W3C.
Not only is this concerning to smaller W3C members and web stakeholders it should also be concerning to dominant players who have an obligation not to abuse, or be seen to abuse, their dominant positions. Skillsets and Value The group will encourage a diverse set of skills to join. Importantly the group's input will be available, only if requested, and at the point of AC vote to provide an external view on the matter. The group will help avoid "group think" which is a problem for any complex organization no matter how skilled the participants. Other Groups There are other groups that share words. None of them address the concerns of this group from my brief reading of the list. Trying to consolidate and manage the work load of the W3C more effectively would appear to be a goal we should aspire to. This group will go some small way into assisting in that. Ad tech Is there a particular concern with adtech? |
|
@jwrosewell I get the sense from this discussion that you envision a very different organization from the current W3C. For example:
First, WebPlatformTests is not part of W3C although it got it's start there, see https://web-platform-tests.org/ (and https://github.com/web-platform-tests/rfcs/ , I believe, for its "process document") WPT doesn't attempt to certify that a standard is "implemented correctly in practice", it's a resource for both platform implementers and web developers to understand how ever-changing implementations supports an ever-changing set of standards. One could imagine W3C getting into the business of certifying compliance with its (stable) standards, but that is not what the organization does today. Second,
I do think W3C needs a community discussion on what its core values/principles are and how to address conflicts between principles. For example "free content" [generally ad-supported] and "privacy" [which often implies constraints on how ad-supported sites operate] are both desirable in the abstract, but it's not clear how to address scenarios where they conflict.. The Principles discussion could well result in a critical mass of members agreeing on principles that other current members can't live with, we shall see. But I think we need that community consensus-building before creating any more groups to develop authoritative guidelines (much less "horizontal review") on how to respect some principle such as "decentralization", that is outside the current set that focuses on Interoperability, Accessibility, Internationalization, Security, and Privacy. |
|
+1 to what @michaelchampion has said. If I understand the intent of this proposal, I think you'd do much better to:
Stepping back to the larger topic: One of the things that's bugged me about the Web for a long time is that it's extremely well-adapted to enabling creation of platforms (on top if it) that accrue network effects, where decentralised solutions could have emerged. We could debate about how many of the difficult properties of digital markets could have been mitigated in the Web's design, but that's water under the bridge now. Realistically, you're going to have limited success limiting the definition of such platforms in the future by acting in the W3C; the architecture of the Web is what determines this, not small decisions in WGs. The chances of any meaningful progress further shrink if this is limited to a sub-community (e.g., adtech, which it seems to be for now). Consensus takes a lot of hard work, buckets of time and significant compromise. If OTOH you just want to show how [large player] isn't playing fair, it isn't necessary to create an IG or write guidelines to do that. Making submissions to any of the many competition reviews around the world would be much more effective. |
To respond to comments not related to the group charter.
I agree that these are not subjects for this group charter, but they need to be addressed urgently and not via tweaks to a complex mosaic of documents and processes from a bygone era. |
|
I think that your (6) and (7) are worthy topics for a discussion at the W3C, along the lines I mentioned previously. The problem with the proposed charter is that it conflates them with so much else. WRT "water under the bridge" -- the point that I was making is that the Web's fundamental design -- cemented way back in ~1990 timeframe -- creates network effects for sites that are extremely difficult for competition authorities to counteract, much less a technical body 30 years later that has a strong motivation to avoid breaking the existing Web as it operates. So while progress might be made on limiting future developments that further consolidate power, the elephant will still very much be in the room. |
|
Regarding my (6) and (7). They don't relate to the charter. I do agree that they are topics that the W3C needs to recognise. There is some urgency to do so. Could those more experienced than me advise on the forum to take those topics where they relate to the W3C? |
|
[bikeshed alert ... this topic fascinates me, so much of what I say below is somewhat tangential this issue, the purpose of this repo, and the mission of W3C] @mnot 's point ...
... is a profound topic, probably one for future History of Technology and Economics scholars to sort out. Or maybe Historical Fiction authors... there might be a XanaduPunk genre envisioning an universe where Ted Nelson's ideas prevailed and TimBL's were marginalized :-) I'm not sure there's any W3C venue to make progress on it, but anyone can start a Community Group to discuss anything web-related, so that might be a start. Identifying what the web's design points that create overwhelming network effects / economies of scale were would be an interesting exercise, and possibly useful if the web as we know it does implode and a future generation has to rebuild from the debris. Nelson does put his finger on one 1990s design point that is either the web's most brilliant feature or it's fatal flaw:
In the XanaduPunk universe, maybe we wouldn't need Google to help us find information, Apple to build tidy walled gardens to keep the chaos at bay, Facebook to help us keep in touch with our friends and family ... and disinformation would be harder to propagate because its origin in some propaganda mill would be traceable. But such a vision of the web never materialized, probably because it would impose higher barriers to putting content on such a web, and the economics needed to support it, just didn't work. And it's not obvious to me that Xanadu-web would not have been subject to Metcalfe's Law, and thus giving larger players exponentially-growing influence. OK, I'll stop .... Bottom line for me as an observer but not actual participant in W3C anymore: This proposed charter is far too broad and ambitious, presupposing there could be a useful consensus on deep questions of technology, economics, and politics. I'll echo @mnot 's suggestion above:
|
|
It is for precisely this reason the group charter scope is limited to providing guidelines and support to proposal authors to help them identify a broad set of unintended consequences in the context of a technical proposal. I hope we can all agree it is not the role of the W3C, or any technical standards body, to be involved in politics in anyway. Technical standards bodies should be conscious of major laws created by politicians who in democracies are elected by people, and economic factors that impact the application of the standards they create in practice. Gaining consensus on technical standards at the W3C remains a matter for all of us, the AC, W3C Team and W3C Director. |
|
On Nov 11, 2020, at 10:32 AM, James Rosewell ***@***.***> wrote:
providing guidelines and support to proposal authors to help them identify a broad set of unintended consequences in the context of a technical proposal.
And this is precisely what I think will be impossible to get consensus on. The underlying knowledge is not in place to infer unintended consequences of a technical proposal, and the politics/business/technology are so complex and intertwined that even rough consensus seems unlikely anytime soon.
I could be wrong of course, and this may be more feasible than some of us think. @mnot proposes a way forward; if a CG can develop such guidelines and proposal authors find them useful, you would have a much stronger case for proposing an IG or WG to apply those guidelines with more authority and with W3C staff support..
|
|
What is the standard of consensus that is required? Official W3C documents like the Security and Privacy Questionnaire lack consensus, particularly as new members join W3C. Legitimate and important issues are closed and ignored. This proposed group charter explicitly recognises the need to bring in broader skills and therefore knowledge. I do not think it would be difficult to gain consensus around unintended consequences and decentralization. Importantly the group does not prescribe right or wrong which makes consensus more likely. For example; we can all agree that privacy and choice are important. We may not all agree how to balance privacy and choice in a specific context. The latter is not within the scope of the group. |
|
I'm not sure how a link to all the closed issues on the questionnaire - including those quite legitimately resolved - furthers this case. I do think it would be difficult to gain consensus around "unintended consequences", because it appears you're concerned about INTENDED consequences - e.g. enhanced privacy for users. The Security and Privacy questionnaire is largely owned by the Privacy Interest Group, which is run by consensus - I'd recommend starting there if you disagree with their consensus, though of course appealing to the elected TAG is also valid. If you feel that unintended consequences are occurring, by all means bring them up in the relevant work. If you feel there is a community that has unused skills in crafting questions or ways to look at features that may be elucidating, then go ahead and organize that community; all that I'm saying is that the proper place to start that would be in a Community Group. |
|
There are a number of important issues raised here, but as several people have pointed out, we are working within an existing system. Remind me someday to tell you about my dreams of Hyper* making use of Xanandu. I too came to the W3C from an adjacent industry and was rather shocked that we couldn't tell browsers what to do and had no capacity to simply make ebooks work online. The W3C Process might seem overbearing. However, please take a step back to recognize that it has largely worked for 26 years. It is what makes it possible for me to come from a publishing company and meet with Google, Microsoft, Adobe, NY Times, and all the tiny companies that maybe we haven't gotten to know yet to create standards. Are there unforeseen consequences? Absolutely. Are they the result of a bad Process? I don't think so. In fact, I think that our Process has largely avoided many of the consequences that exist outside of the standards world. For example, HTML is accessible (as in Perceivable, Operable, Understandable, and Robust for people with disabilities). This is accomplished by thorough horizontal review. Are you proposing an equity review board to avoid technical bias? Increased testing requirements? An approach that will tell us if user agents are adhering to standards? While that last point might sound nice it would, IMO, be our downfall. Part of the success of W3C standards has actually been the ability to take or leave them, sometimes called graceful degradation. If I don't support a new CSS element, there are fallbacks built-in. That is harder to grapple with in areas like privacy and accessibility, but maybe that is where we need to explore the unforeseen consequences. I would prefer to see this brought to the TAG as it affects the architecture of the Web. If you don't think that this belongs with the TAG, then by all means start a CG. |
|
closing this issue since we now have a new AC review. Feel to open a new issue related to the new AC review. |
I requested horizontal review in the Strategy Funnel
Accessibility and internationalization reviewers both asked for "a clearer description of intended activities and how the group would coordinate deliverables with similar deliverables from other groups."
The text was updated successfully, but these errors were encountered: