Recherche avancée

Sur d’autres sites (7085)

• WebVTT as a W3C Recommendation

  1er janvier 2014, par silvia

  Three weeks ago I attended TPAC, the annual meeting of W3C Working Groups. One of the meetings was of the Timed Text Working Group (TT-WG), that has been specifying TTML, the Timed Text Markup Language. It is now proposed that WebVTT be also standardised through the same Working Group.

  How did that happen, you may ask, in particular since WebVTT and TTML have in the past been portrayed as rival caption formats ? How will the WebVTT spec that is currently under development in the Text Track Community Group (TT-CG) move through a Working Group process ?

  I’ll explain first why there is a need for WebVTT to become a W3C Recommendation, and then how this is proposed to be part of the Timed Text Working Group deliverables, and finally how I can see this working between the TT-CG and the TT-WG.

  Advantages of a W3C Recommendation

  TTML is a XML-based markup format for captions developed during the time that XML was all the hotness. It has become a W3C standard (a so-called “Recommendation”) despite not having been implemented in any browsers (if you ask me : that’s actually a flaw of the W3C standardisation process : it requires only two interoperable implementations of any kind – and that could be anyone’s JavaScript library or Flash demonstrator – it doesn’t actually require browser implementations. But I digress…). To be fair, a subpart of TTML is by now implemented in Internet Explorer, but all the other major browsers have thus far rejected proposals of implementation.

  Because of its Recommendation status, TTML has become the basis for several other caption standards that other SDOs have picked : the SMPTE’s SMPTE-TT format, the EBU’s EBU-TT format, and the DASH Industry Forum’s use of SMPTE-TT. SMPTE-TT has also become the “safe harbour” format for the US legislation on captioning as decided by the FCC. (Note that the FCC requirements for captions on the Web are actually based on a list of features rather than requiring a specific format. But that will be the topic of a different blog post…)

  WebVTT is much younger than TTML. TTML was developed as an interchange format among caption authoring systems. WebVTT was built for rendering in Web browsers and with HTML5 in mind. It meets the requirements of the <track> element and supports more than just captions/subtitles. WebVTT is popular with browser developers and has already been implemented in all major browsers (Firefox Nightly is the last to implement it – all others have support already released).

  As we can see and as has been proven by the HTML spec and multiple other specs : browsers don’t wait for specifications to have W3C Recommendation status before they implement them. Nor do they really care about the status of a spec – what they care about is whether a spec makes sense for the Web developer and user communities and whether it fits in the Web platform. WebVTT has obviously achieved this status, even with an evolving spec. (Note that the spec tries very hard not to break backwards compatibility, thus all past implementations will at least be compatible with the more basic features of the spec.)

  Given that Web browsers don’t need WebVTT to become a W3C standard, why then should we spend effort in moving the spec through the W3C process to become a W3C Recommendation ?

  The modern Web is now much bigger than just Web browsers. Web specifications are being used in all kinds of devices including TV set-top boxes, phone and tablet apps, and even unexpected devices such as white goods. Videos are increasingly omnipresent thus exposing deaf and hard-of-hearing users to ever-growing challenges in interacting with content on diverse devices. Some of these devices will not use auto-updating software but fixed versions so can’t easily adapt to new features. Thus, caption producers (both commercial and community) need to be able to author captions (and other video accessibility content as defined by the HTML5 element) towards a feature set that is clearly defined to be supported by such non-updating devices.

  Understandably, device vendors in this space have a need to build their technology on standardised specifications. SDOs for such device technologies like to reference fixed specifications so the feature set is not continually updating. To reference WebVTT, they could use a snapshot of the specification at any time and reference that, but that’s not how SDOs work. They prefer referencing an officially sanctioned and tested version of a specification – for a W3C specification that means creating a W3C Recommendation of the WebVTT spec.

  Taking WebVTT on a W3C recommendation track is actually advantageous for browsers, too, because a test suite will have to be developed that proves that features are implemented in an interoperable manner. In summary, I can see the advantages and personally support the effort to take WebVTT through to a W3C Recommendation.

  Choice of Working Group

  FAIK this is the first time that a specification developed in a Community Group is being moved into the recommendation track. This is something that has been expected when the W3C created CGs, but not something that has an established process yet.

  The first question of course is which WG would take it through to Recommendation ? Would we create a new Working Group or find an existing one to move the specification through ? Since WGs involve a lot of overhead, the preference was to add WebVTT to the charter of an existing WG. The two obvious candidates were the HTML WG and the TT-WG – the first because it’s where WebVTT originated and the latter because it’s the closest thematically.

  Adding a deliverable to a WG is a major undertaking. The TT-WG is currently in the process of re-chartering and thus a suggestion was made to add WebVTT to the milestones of this WG. TBH that was not my first choice. Since I’m already an editor in the HTML WG and WebVTT is very closely related to HTML and can be tested extensively as part of HTML, I preferred the HTML WG. However, adding WebVTT to the TT-WG has some advantages, too.

  Since TTML is an exchange format, lots of captions that will be created (at least professionally) will be in TTML and TTML-related formats. It makes sense to create a mapping from TTML to WebVTT for rendering in browsers. The expertise of both, TTML and WebVTT experts is required to develop a good mapping – as has been shown when we developed the mapping from CEA608/708 to WebVTT. Also, captioning experts are already in the TT-WG, so it helps to get a second set of eyes onto WebVTT.

  A disadvantage of moving a specification out of a CG into a WG is, however, that you potentially lose a lot of the expertise that is already involved in the development of the spec. People don’t easily re-subscribe to additional mailing lists or want the additional complexity of involving another community (see e.g. this email).

  So, a good process needs to be developed to allow everyone to contribute to the spec in the best way possible without requiring duplicate work. How can we do that ?

  The forthcoming process

  At TPAC the TT-WG discussed for several hours what the next steps are in taking WebVTT through the TT-WG to recommendation status (agenda with slides). I won’t bore you with the different views – if you are keen, you can read the minutes.

  What I came away with is the following process :

  1. Fix a few more bugs in the CG until we’re happy with the feature set in the CG. This should match the feature set that we realistically expect devices to implement for a first version of the WebVTT spec.
  2. Make a FSA (Final Specification Agreement) in the CG to create a stable reference and a clean IPR position.
  3. Assuming that the TT-WG’s charter has been approved with WebVTT as a milestone, we would next bring the FSA specification into the TT-WG as FPWD (First Public Working Draft) and immediately do a Last Call which effectively freezes the feature set (this is possible because there has already been wide community review of the WebVTT spec) ; in parallel, the CG can continue to develop the next version of the WebVTT spec with new features (just like it is happening with the HTML5 and HTML5.1 specifications).
  4. Develop a test suite and address any issues in the Last Call document (of course, also fix these issues in the CG version of the spec).
  5. As per W3C process, substantive and minor changes to Last Call documents have to be reported and raised issues addressed before the spec can progress to the next level : Candidate Recommendation status.
  6. For the next step – Proposed Recommendation status – an implementation report is necessary, and thus the test suite needs to be finalized for the given feature set. The feature set may also be reduced at this stage to just the ones implemented interoperably, leaving any other features for the next version of the spec.
  7. The final step is Recommendation status, which simply requires sufficient support and endorsement by W3C members.

  The first version of the WebVTT spec naturally has a focus on captioning (and subtitling), since this has been the dominant use case that we have focused on this far and it’s the part that is the most compatibly implemented feature set of WebVTT in browsers. It’s my expectation that the next version of WebVTT will have a lot more features related to audio descriptions, chapters and metadata. Thus, this seems a good time for a first version feature freeze.

  There are still several obstacles towards progressing WebVTT as a milestone of the TT-WG. Apart from the need to get buy-in from the TT-WG, the TT-CG, and the AC (Adivisory Committee who have to approve the new charter), we’re also looking at the license of the specification document.

  The CG specification has an open license that allows creating derivative work as long as there is attribution, while the W3C document license for documents on the recommendation track does not allow the creation of derivative work unless given explicit exceptions. This is an issue that is currently being discussed in the W3C with a proposal for a CC-BY license on the Recommendation track. However, my view is that it’s probably ok to use the different document licenses : the TT-WG will work on WebVTT 1.0 and give it a W3C document license, while the CG starts working on the next WebVTT version under the open CG license. It probably actually makes sense to have a less open license on a frozen spec.

  Making the best of a complicated world

  WebVTT is now proposed as part of the recharter of the TT-WG. I have no idea how complicated the process will become to achieve a W3C WebVTT 1.0 Recommendation, but I am hoping that what is outlined above will be workable in such a way that all of us get to focus on progressing the technology.

  At TPAC I got the impression that the TT-WG is committed to progressing WebVTT to Recommendation status. I know that the TT-CG is committed to continue developing WebVTT to its full potential for all kinds of media-time aligned content with new kinds already discussed at FOMS. Let’s enable both groups to achieve their goals. As a consequence, we will allow the two formats to excel where they do : TTML as an interchange format and WebVTT as a browser rendering format.

• Privacy-enhancing technologies : Balancing data utility and security

  18 juillet, par Joe

  In the third quarter of 2024, data breaches exposed 422.61 million records, affecting millions of people around the world. This highlights the need for organisations to prioritise user privacy. 

  Privacy-enhancing technologies can help achieve this by protecting sensitive information and enabling safe data sharing. 

  This post explores privacy-enhancing technologies, including their types, benefits, and how our website analytics platform, Matomo, supports them by providing privacy-focused features.

  What are privacy-enhancing technologies ? 

  Privacy Enhancing Technologies (PETs) are tools that protect personal data while allowing organisations to process information responsibly. 

  In industries like healthcare, finance and marketing, businesses often need detailed analytics to improve operations and target audiences effectively. However, collecting and processing personal data can lead to privacy concerns, regulatory challenges, and reputational risks.

  PETs minimise the collection of sensitive information, enhance security and allow users to control how companies use their data. 

  Global privacy laws like the following are making PETs essential for compliance :

  • General Data Protection Regulation (GDPR) in the European Union
  • California Consumer Privacy Act (CCPA) in California
  • Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada
  • Lei Geral de Proteção de Dados (LGPD) in Brazil

  Non-compliance can lead to severe penalties, including hefty fines and reputational damage. For example, under GDPR, organisations may face fines of up to €20 million or 4% of their global annual revenue for serious violations. 

  Types of PETs 

  What are the different types of technologies available for privacy protection ? Let’s take a look at some of them. 

  Homomorphic encryption

  Homomorphic encryption is a cryptographic technique in which users can perform calculations on cipher text without decrypting it first. When the results are decrypted, they match those of the same calculation on plain text. 

  This technique keeps data safe during processing, and users can analyse data without exposing private or personal data. It is most useful in financial services, where analysts need to protect sensitive customer data and secure transactions. 

  Despite these advantages, homomorphic encryption can be complex to compute and take longer than other traditional methods. 

  Secure Multi-Party Computation (SMPC)

  SMPC enables joint computations on private data without revealing the raw data. 

  In 2021, the European Data Protection Board (EDPB) issued technical guidance supporting SMPC as a technology that protects privacy requirements. This highlights the importance of SMPC in healthcare and cybersecurity, where data sharing is necessary but sensitive information must be kept safe. 

  For example, several hospitals can collaborate on research without sharing patient records. They use SMPC to analyse combined data while keeping individual records confidential. 

  Synthetic data

  Synthetic data is artificially generated to mimic real datasets without revealing actual information. It is useful for training models without compromising privacy. 

  Imagine a hospital wants to train an AI model to predict patient outcomes based on medical records. Sharing real patient data, however, poses privacy challenges, so that can be changed with synthetic data. 

  Synthetic data may fail to capture subtle nuances or anomalies in real-world datasets, leading to inaccuracies in AI model predictions.

  Pseudonymisation

  Pseudonymisation replaces personal details with fake names or codes, making it hard to determine who the information belongs to. This helps keep people’s personal information safe. Even if someone gets hold of the data, it’s not easy to connect it back to real individuals. 

  

  Pseudonymisation works differently from synthetic data, though both help protect individual privacy. 

  When we pseudonymise, we take factual information and replace the bits that could identify someone with made-up labels. Synthetic data takes an entirely different approach. It creates new, artificial information that looks and behaves like real data but doesn’t contain any details about real people.

  Differential privacy

  Differential privacy adds random noise to datasets. This noise helps protect individual entries while still allowing for overall analysis of the data. 

  It’s useful in statistical studies where trends need to be understood without accessing personal details.

  For example, imagine a survey about how many hours people watch TV each week. 

  Differential privacy would add random variation to each person’s answer, so users couldn’t tell exactly how long John or Jane watched TV. 

  However, they could still see the average number of hours everyone in the group watched, which helps researchers understand viewing habits without invading anyone’s privacy.

  Zero-Knowledge Proofs (ZKP)

  Zero-knowledge proofs help verify the truth without exposing sensitive details. This cryptographic approach lets someone prove they know something or meet certain conditions without revealing the actual information behind that proof.

  Take ZCash as a real-world example. While Bitcoin publicly displays every financial transaction detail, ZCash offers privacy through specialised proofs called Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKs). These mathematical proofs confirm that a transaction follows all the rules without broadcasting who sent money, who received it, or how much changed hands.

  The technology comes with trade-offs, though. 

  Creating and checking these proofs demands substantial computing power, which slows down transactions and drives up costs. Implementing these systems requires deep expertise in advanced cryptography, which keeps many organisations from adopting them despite their benefits.

  Trusted Execution Environment (TEE)

  TEEs create special protected zones inside computer processors where sensitive code runs safely. These secure areas process valuable data while keeping it away from anyone who shouldn’t see it.

  TEEs are widely used in high-security applications, such as mobile payments, digital rights management (DRM), and cloud computing.

  Consider how companies use TEEs in the cloud : A business can run encrypted datasets within a protected area on Microsoft Azure or AWS Nitro Enclaves. Due to this setup, even the cloud provider can’t access the private data or see how the business uses it. 

  TEEs do face limitations. Their isolated design makes them struggle with large or spread-out computing tasks, so they don’t work well for complex calculations across multiple systems.

  Different TEE implementations often lack standardisation, so there can be compatibility issues and dependence on specific vendors. If the vendor stops the product or someone discovers a security flaw, switching to a new solution often proves expensive and complicated.

  Obfuscation (Data masking)

  Data masking involves replacing or obscuring sensitive data to prevent unauthorised access. 

  It replaces sensitive data with fictitious but realistic values. For example, a customer’s credit card number might be masked as “1234-XXXX-XXXX-5678.” 

  The original data is permanently altered or hidden, and the masked data can’t be reversed to reveal the original values.

  Federated learning

  Federated learning is a machine learning approach that trains algorithms across multiple devices without centralising the data. This method allows organisations to leverage insights from distributed data sources while maintaining user privacy.

  For example, NVIDIA’s Clara platform uses federated learning to train AI models for medical imaging (e.g., detecting tumours in MRI scans). 

  Hospitals worldwide contribute model updates from their local datasets to build a global model without sharing patient scans. This approach may be used to classify stroke types and improve cancer diagnosis accuracy.

  Now that we have explored the various types of PETs, it’s essential to understand the principles that guide their development and use. 

  Key principles of PET (+ How to enable them with Matomo) 

  PETs are based on several core principles that aim to balance data utility with privacy protection. These principles include :

  Data minimisation

  Data minimisation is a core PET principle focusing on collecting and retaining only essential data.

  Matomo, an open-source web analytics platform, helps organisations to gather insights about their website traffic and user behaviour while prioritising privacy and data protection. 

  Recognising the importance of data minimisation, Matomo offers several features that actively support this principle :

  • Cookieless tracking : Eliminates reliance on cookies, reducing unnecessary data collection.
  • IP anonymisation : Automatically anonymises IP addresses, preventing identification of individual users.

  

  (Image Source)

  • Custom data retention policies : Allows organisations to define how long user data is stored before automatic deletion.

  7Assets, a fintech company, was using Google Analytics and Plausible as their web analytics tools. 

  However, with Google Analytics, they faced a problem of unnecessary data tracking, which created legal work overhead. Plausible didn’t have the features for the kind of analysis they wanted. 

  They switched to Matomo to enjoy the balance of privacy yet detailed analytics. With Matomo, they had full control over their data collection while also aligning with privacy and compliance requirements.

  Transparency and User Control

  Transparency and user control are important for trust and compliance. 

  Matomo enables these principles through :

  • Consent management : Offers integration with Consent Mangers (CMPs), like Cookiebot and Osano, for collecting and managing user consent.
  • Respect for DoNotTrack settings : Honours browser-based privacy preferences by default, empowering users with control over their data.

  

  (Image Source)

  • Opt-out mechanisms : These include iframe features that allow visitors to opt out of tracking. 

  Security and Confidentiality

  Security and confidentiality protect sensitive data against inappropriate access. 

  Matomo achieves this through :

  • On-premise hosting : Gives organisations the ability to host analytics data on-site for complete data control.
  • Data security : Protects stored information through access controls, audit logs, two-factor authentication and SSL encryption.
  • Open source code : Enables community reviews for better security and transparency.

  Purpose Limitation

  Purpose limitation means organisations use data solely for the intended purpose and don’t share or sell it to third parties. 

  Matomo adheres to this principle by using first-party cookies by default, so there’s no third-party involvement. Matomo offers 100% data ownership, meaning all the data organisations get from our web analytics is of the organisation, and we don’t sell it to any external parties. 

  Compliance with Privacy Regulations

  Matomo aligns with global privacy laws such as GDPR, CCPA, HIPAA, LGPD and PECR. Its compliance features include :

  • Configurable data protection : Matomo can be configured to avoid tracking personally identifiable information (PII).
  • Data subject request tools : These provide mechanisms for handling requests like data deletion or access in accordance with legal frameworks.
  • GDPR manager : Matomo provides a GDPR Manager that helps businesses manage compliance by offering features like visitor log deletion and audit trails to support accountability.

  

  (Image Source)

  Mandarine Academy is a French-based e-learning company. It found that complying with GDPR regulations was difficult with Google Analytics and thought GA4 was hard to use. Therefore, it was searching for a web analytics solution that could help it get detailed feedback on its site’s strengths and friction points while respecting privacy and GDPR compliance. With Matomo, it checked all the boxes.

  Data collaboration : A key use case of PETs

  One specific area where PETs are quite useful is data collaboration. Data collaboration is important for organisations for research and innovation. However, data privacy is at stake. 

  This is where tools like data clean rooms and walled gardens play a significant role. These use one or more types of PETs (they aren’t PETs themselves) to allow for secure data analysis. 

  Walled gardens restrict data access but allow analysis within their platforms. Data clean rooms provide a secure space for data analysis without sharing raw data, often using PETs like encryption. 

  Tackling privacy issues with PETs 

  Amidst data breaches and privacy concerns, organisations must find ways to protect sensitive information while still getting useful insights from their data. Using PETs is a key step in solving these problems as they help protect data and build customer trust. 

  Tools like Matomo help organisations comply with privacy laws while keeping data secure. They also allow individuals to have more control over their personal information, which is why 1 million websites use Matomo.

  In addition to all the nice features, switching to Matomo is easy :

  “We just followed the help guides, and the setup was simple,” said Rob Jones. “When we needed help improving our reporting, the support team responded quickly and solved everything in one step.” 

  To experience Matomo, sign up for our 21-day free trial, no credit card details needed. 

• Merge remote-tracking branch ’qatar/master’

  4 juillet 2012, par Michael Niedermayer

  Merge remote-tracking branch ’qatar/master’