08:01:19 From Boris Mann to Everyone:
	https://discourse.atprotocol.community/t/private-data-wg001-kick-off-meeting/53
	
08:01:51 From Wesley Finck to Everyone:
	Looking for airpods
	
08:07:29 From Boris Mann to Everyone:
	https://discourse.atprotocol.community/t/what-is-private-data/35
	Sri.xyz, Chris Millet:👍
	
08:11:32 From Tessa Brown to Everyone:
	“hidden data” is interesting
	
08:11:34 From Tessa Brown to Everyone:
	where are today’s notes?
	
08:13:08 From Ezra Boeth to Everyone:
	to me, "private" just means "only shared with the people you want it to be shared with" rather than public. so Private Data seems like the correct term, but I'm open to other thoughts obv
	Dave Nash:❤️
	
08:13:34 From Tessa Brown to Everyone:
	^^ the question becomes whether service providers are “people you want it to be shared with”
	Ian Preston (Peergos), Ezra Boeth:👍
	Chris Millet:👍🏾
	
08:15:53 From Chris Millet to Everyone:
	Or the app view
	
08:17:07 From Gautam Dey (he/him) to Everyone:
	https://discourse.atprotocol.community/t/private-data-wg001-kick-off-meeting/53/3
	
08:17:53 From Tessa Brown to Everyone:
	Maybe in the comments?
	@ngerakines he/him:👍
	
08:18:30 From Psingletary.com to Everyone:
	Patrick-enterprise IAM/PAM
	
08:19:51 From @ngerakines he/him to Everyone:
	Nick Gerakines (he/him) as @ngerakines.me in the atmosphere. Independent-ish software engineer with smoke signal, lexicon community, atproto community fund, graze social, and a handful of other projects. Ohio, USA (eastern time)
	
08:21:13 From Wesley Finck to Everyone:
	Hi everyone, Wesley here. CTO / technical co-founder of https://cosmik.network/ working on https://semble.so/ - a social knowledge curation tool on atproto. Interested in private data because we’ll want to use it for Semble when available.
	
08:21:17 From Ted Han to Everyone:
	Ted Han, EiR at the atproto community fund.  I’m thinking about App Stores and app capabilities.  I’m in Oakland;
	
08:21:23 From Gautam Dey (he/him) to Everyone:
	Gautam Dey (he/him) as @gdey.me, software engineer. Work in GIS, looking to help create an independent social media system. Here to help how I can. Am super interested in E2EE.
	
08:22:38 From Ian Preston (Peergos) to Everyone:
	Ian Preston (@ianopolous). I work on Peergos which has E2EE data in a way compatible with atproto.
	
08:24:26 From @laurenshof.online to Everyone:
	Laurens Hof (@laurenshof.online), write about atproto at connectedplaces.online, located in Gouda
	
08:24:44 From Tessa Brown to Everyone:
	Hi from SF @arushi (she/her)
	arushi (she/her):😃
	
08:25:06 From Eva Lothian to Everyone:
	@arushi (she/her) - LOVE it. I really want to move all my structured personal data to ATProto at some point.
	arushi (she/her):❤️
	
08:25:26 From Boris Mann to Everyone:
	Sri, Maker of Stickers!
	@sri.xyz:😂
	
08:26:02 From Ian Preston (Peergos) to Everyone:
	If anyone's in Oxford UK I'd love to meet up and chat too.
	
08:26:12 From jon to Everyone:
	Jon Pincus, @jdp23.thenexus.today, I write at https://thenexusofprivacy.net/  … interested in AT photo-based alternatives to Facebook groups for organizing and activism.  Also I develop sometimes in JS/TS but best not to talk about that.
	
08:26:45 From Ted Han to Everyone:
	You just got choppy Boris
	Wesley Finck, Eva Lothian, Ian Preston (Peergos):👍
	
08:28:18 From Ezra Boeth to Everyone:
	Can whoever mentioned that they are working on/interested in Facebook groups/nextdoor-style communities on atproto remind me who you are? I'd love to chat more with y'all
	
08:28:45 From Gautam Dey (he/him) to Everyone:
	I would like to go, but might be cost prohibitive; for me.
	
08:29:06 From Eva Lothian to Everyone:
	Same - would be an amazing trip but would definitely need funding support.
	
08:30:47 From Dave Nash to Everyone:
	https://github.com/knasher/rfcs/blob/42154eca9188bfc5bd82b129c3d31796dbc51dff/atproto/001-private-content.md
	
08:31:03 From Boris Mann to Everyone:
	Replying to "Can whoever mentioned that they are working on/int...":
	@Blaine Cook is building this at Now Public
	
08:31:15 From jon to Everyone:
	Replying to "Can whoever mentioned that they are working on/int...":
	Hi Ezra, that was me who mentioned it
	
08:31:38 From Gautam Dey (he/him) to Everyone:
	https://discourse.atprotocol.community/t/dave-nash-private-content-rfc/49
	
08:32:03 From Boris Mann to Everyone:
	We’ll get the diagram from you afterwards
	
08:37:11 From Gautam Dey (he/him) to Everyone:
	@Chris Millet  Are you taking about the  visibility  property in the example lexicon, in the RFC?
	
08:37:51 From Chris Millet to Everyone:
	Replying to "@Chris Millet  Are you taking about the  visibilit...":
	It was more this point under unresolved questions: Should there be mechanisms to help users evaluate AppView trustworthiness?
	Gautam Dey (he/him), Tessa Brown:👍
	
08:38:44 From Tessa Brown to Everyone:
	Replying to "@Chris Millet  Are you taking about the  visibilit...":
	very interested in this, if people are empowered to consent to sharing with certain users, appviews seem an extension of that as well
	Chris Millet:👍🏾
	
08:39:12 From @ngerakines he/him to Everyone:
	Search and indexing, would be highly app-view integration specific.
	
08:41:50 From Boris Mann to Everyone:
	I’m bad, I should use hand process to!
	
08:41:53 From Boris Mann to Everyone:
	Apologies!
	
08:42:17 From jon to Everyone:
	Replying to "@Chris Millet  Are you taking about the  visibilit...":
	Agreed, something like that is important
	Chris Millet:👍🏾
	
08:44:53 From Wesley Finck to Everyone:
	Open to exploring “off protocol” solutions, but feel pretty strongly against “off PDS” private data
	Eva Lothian, Blaine Cook, arushi (she/her):💯
	
08:46:02 From Eva Lothian to Everyone:
	Agreed, but...  and I'm a little rusty - aren't blobs stored "off PDS"?  Just wondering, if thats the case, how private blobs would work.
	Wesley Finck:👍
	
08:46:05 From Wesley Finck to Everyone:
	Replying to "Open to exploring “off protocol” solutions, but fe...":
	How the data is broadcasted for realtime purposes is an important piece for our use case and doesn’t necessarily need to be on atproto
	
08:46:46 From @ngerakines he/him to Everyone:
	And I think that’s a good seg to my semi-complimentary post
	Tony Worm:💯
	
08:47:23 From jon to Everyone:
	Replying to "Agreed, but...  and I'm a little rusty - aren't bl...":
	“Blobs are authoritatively stored by the account's PDS instance”, at least per https://atproto.com/specs/blob
	Eva Lothian:👍
	
08:49:32 From Ezra Boeth to Everyone:
	It's fine to trust the Relays and AppViews with private data for SOME use cases, but not all. Perhaps we should tease out the 3 or 4 different types of use cases and try and understand the trust model for each?
	Gautam Dey (he/him), Eva Lothian, arushi (she/her):❤️
	Eva Lothian, Blaine Cook, jon:💯
	
08:49:54 From Eva Lothian to Everyone:
	I wonder if it could be a lexicon specific claim for privacy isolation
	
08:50:53 From jon to Everyone:
	Replying to "It's fine to trust the Relays and AppViews with pr...":
	Totally agree.  And also even it’s fine to trust some Relays and AppViews , it’s not fine to trust all Relays and AppViews, so going down that path requires some kind of permission access at that level as well
	
08:51:01 From Wesley Finck to Everyone:
	Another question is where in the protocol does a “private group” get defined? A private record with a list of DIDs? Something else? An open question in my head
	
08:51:06 From arushi (she/her) to Everyone:
	Replying to "It's fine to trust the Relays and AppViews with pr...":
	my biggest qualm with this is that it seems a little unfortunate if the same types of massive surveillance / ad networks can be built on top of not just public but also private data on atproto because users are pushed to trust app views
	
	at least at this stage of the project!
	@ngerakines he/him:👆
	Ezra Boeth:👍
	jon, Ian Preston (Peergos):💯
	
08:51:36 From Boris Mann to Everyone:
	Hidden or Unlisted Data
	Ian Preston (Peergos):👍
	
08:52:02 From Boris Mann to Everyone:
	Replying to "Hidden or Unlisted Data":
	This was the discussion around “stuff on relay and in the PDS but don’t show it please”
	
08:53:15 From arushi (she/her) to Everyone:
	Replying to "Another question is where in the protocol does a “...":
	this is something i’ve been thinking about a lot!! leaning towards this should be defined in protocol and the pds should own it and maybe be responsible for a little more https://discourse.atprotocol.community/t/permissioned-groups/72
	Wesley Finck:😍
	
08:54:10 From Ezra Boeth to Everyone:
	Replying to "Another question is where in the protocol does a “...":
	The decision on this requires defining the governance structure of the group. If it's ultimately controlled by one person only, then it could be a repo on that user's PDS. But if it needs to be controlled by many users or ALL users in the group, maybe we could set up a system where no one PDS can control any part of it and requires programmatic consensus from multiple/all PDSs to take any action about the group itself (access control).
	arushi (she/her):➕
	
08:54:13 From Eva Lothian to Everyone:
	Replying to "It's fine to trust the Relays and AppViews with pr...":
	As someone who worked deeply in ad tech - oh yes, 💯, any metadata thats broadcast would be slurped up in a moment.
	Gautam Dey (he/him):💯
	
08:55:05 From @ngerakines he/him to Everyone:
	I have a couple of thoughts on authenticated XRPC calls, AppView (applications) authentication + trust, and the PDS as a namespaced bucket for MSTs
	
08:55:39 From Ezra Boeth to Everyone:
	Replying to "Agreed, but...  and I'm a little rusty - aren't bl...":
	the source of truth for blobs is the PDS, but CDNs are very common for large PDSs
	Eva Lothian:👍
	
08:55:51 From Boris Mann to Everyone:
	"clients"
	
08:55:52 From Boris Mann to Everyone:
	“Apps”
	
08:56:01 From Boris Mann to Everyone:
	(From users its all app)
	
08:56:20 From Eva Lothian to Everyone:
	(one of the things I want to play with wrt to private data is managing public/private keys for various things - and I have no idea how bad an idea this may end up being)
	Chris Millet:👍🏾
	
08:56:40 From Boris Mann to Everyone:
	Replying to "(one of the things I want to play with wrt to priv...":
	Definitely lots of experiments in this space.
	
08:57:05 From arushi (she/her) to Everyone:
	Replying to "Another question is where in the protocol does a “...":
	totally agree. for some use cases (example: my personal photos), it’s fine for the governance to be all controlled by just me / my PDS, but other use cases (example: shared document ownership), the governance needs to be a bit more distributed.
	Ezra Boeth:👍
	
08:57:14 From Eva Lothian to Everyone:
	Replying to "(one of the things I want to play with wrt to priv...":
	Yeah - like a private version of the cloud key stores  in azure/aws/etc.
	
08:57:16 From Wesley Finck to Everyone:
	This call has been great and also has convinced me that some kind of in person meet up to hash out all these ideas and questions will be incredibly valuable!
	
	Have to hop off now for another call
	
	Thx to all who helped kick off this discussion 🙂
	
08:57:20 From Boris Mann to Everyone:
	@@ngerakines he/him @Tony Worm so, I think we’re not going to have time to do your work justice. Can we bump you to next one
	
08:57:23 From jon to Everyone:
	Replying to "Agreed, but...  and I'm a little rusty - aren't bl...":
	Right.  In fact that was the very next sentence fragment I didn’t cut-and-paste 🤣: “but views are commonly served by CDNs associated with individual applications ("AppViews"), to reduce traffic on the PDS. CDNs may serve transformed (resized, transcoded, etc) versions of the original blob.
	While blobs are universally content addressed (by CID), they are always referenced and managed in the context of an individual account (DID).”
	Eva Lothian:👍
	
08:57:39 From Chris Millet to Everyone:
	With the meta data approach, how would we even catch non-compliant app views that do not honor private data restrictions?
	Ezra Boeth:❗
	
08:57:48 From Blaine Cook to Everyone:
	I’m going to need to drop off, but I wanted to say that the reason we’d put trust in the AppViews is because users who are using those AppViews trust their AppView. If they don’t, or if people are using untrustworthy applications (even “local first” ones), then all bets are off.
	
08:58:00 From Tony Worm to Everyone:
	@Boris Mann thoughts on running over for those who can stay?
	
08:58:17 From Blaine Cook to Everyone:
	Trust flows from the users, not servers.
	Boris Mann, James Walker (@walkah), arushi (she/her), Eva Lothian, Ian Preston (Peergos):❤️
	
08:58:51 From Boris Mann to Everyone:
	Replying to "@Boris Mann thoughts on running over for those who...":
	I’ve got some time just want to make sure you / @@ngerakines he/him get proper time to present with an audience.
	
09:00:06 From Tony Worm to Everyone:
	Replying to "@Boris Mann thoughts on running over for those who...":
	I imagine more people to watch after the fact, I’m fine with a smaller audience in the moment
	
09:00:16 From Mark Xue to Everyone:
	Can I trust other people’s app views to apply my pds’s acls?
	Chris Millet:👍🏾
	
09:00:23 From Blaine Cook to Everyone:
	Sad I can’t stay on, thanks for bringing us all together, Boris! <3
	James Walker (@walkah):😢
	
09:00:33 From Boris Mann to Everyone:
	Replying to "Can I trust other people’s app views to apply my p...":
	Nope!
	
09:00:40 From Boris Mann to Everyone:
	Replying to "Can I trust other people’s app views to apply my p...":
	Same with “classic apps” web2 today
	
09:00:47 From Boris Mann to Everyone:
	Replying to "Can I trust other people’s app views to apply my p...":
	Except they also keep all your data.
	
09:00:47 From Tony Worm to Everyone:
	Replying to "Can I trust other people’s app views to apply my p...":
	If the PDS handles the author/acls, how would an app violate them?
	
09:01:08 From Boris Mann to Everyone:
	Replying to "Can I trust other people’s app views to apply my p...":
	Take in the data from the PDS and then make it public that an app can do
	
09:01:16 From Tony Worm to Everyone:
	Replying to "Can I trust other people’s app views to apply my p...":
	is this when they have read the data, and then distribute it later?
	
09:01:28 From Boris Mann to Everyone:
	Replying to "Can I trust other people’s app views to apply my p...":
	Yep that’s my take
	
09:02:25 From Boris Mann to Everyone:
	This is also for controlling “federation” where some apps can do things and others can’t
	
09:03:10 From Ezra Boeth to Everyone:
	https://discourse.atprotocol.community/t/private-data-use-cases-and-their-trust-models/76
	
09:03:44 From Boris Mann to Everyone:
	Everyone blames Canada
	James Walker (@walkah):🇨🇦
	
09:03:55 From Boris Mann to Everyone:
	Canadian flavoured data that only Gander can read
	Tony Worm:🍁
	
09:04:09 From James Walker (@walkah) to Everyone:
	Replying to "Canadian flavoured data that only Gander can read":
	maple syrup emoji
	
09:04:38 From Tessa Brown to Everyone:
	I have to jump. Great to see everyone and looking forward to continuing the conversation!
	
09:05:11 From Tessa Brown to Everyone:
	Find me on bsky @tessa.germnetwork.com 🙂
	
09:05:32 From Boris Mann to Everyone:
	UCAN mentioned!
	James Walker (@walkah), @ngerakines he/him:🔥
	
09:09:00 From Boris Mann to Everyone:
	Thank you @Dave Nash for kicking us off … really excellent as you can tell from questions and discussion
	Dave Nash:❤️
	@sri.xyz, Chris Millet:👏
	James Walker (@walkah), @ngerakines he/him:💯
	James Walker (@walkah), Gautam Dey (he/him):🙏
	
09:09:53 From Boris Mann to Everyone:
	Bryan’s post is in the resources wiki page https://discourse.atprotocol.community/t/private-data-resources/44
	
09:10:05 From Ian Preston (Peergos) to Everyone:
	Thank you for organising, @Boris Mann !
	@sri.xyz:❤️
	
09:10:17 From Ted Han to Everyone:
	This is the Zanzibar paper: https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/
	@sri.xyz:👍
	
09:10:46 From Boris Mann to Everyone:
	Replying to "This is the Zanzibar paper: https://research.googl...":
	I made that one wiki page, I wonder if we should post these as individual posts
	
09:11:42 From Boris Mann to Everyone:
	I think for me, “Private Data” assumes wanting to handle “every app” — arbitrary Lexicon shaped data that has a permissions layer
	arushi (she/her), Ezra Boeth:➕
	Gautam Dey (he/him), Ian Preston (Peergos):👍
	
09:14:41 From Gautam Dey (he/him) to Everyone:
	@Boris Mann do you have a pointer to what you just talked about.
	
09:14:50 From Ezra Boeth to Everyone:
	Replying to "I think for me, “Private Data” assumes wanting to ...":
	yea I feel like Private Data is a large umbrella term for more specific types of data, like Gated Data (like a gated community, in which data is shared with their HOA (PDS)), and Protected Data (data is not seen by anyone except the end users, so no visibility by PDS or Relay)
	
09:14:53 From Boris Mann to Everyone:
	Replying to "@Boris Mann do you have a pointer to what you just...":
	I’ll add some links
	Gautam Dey (he/him):❤️
	
09:15:17 From Eva Lothian to Everyone:
	I hadn't been thinking of the moderation things I'm working for being applied to private data originally, but....  at scale, with groups of thousands of tens of thousands of members, it definitely could come into play. 
	
	But also - from a Trust and Safety perspective for an app like Bluesky, how do you handle the due-diligence of handling private user data on the app view that violates laws?  (I really didn't want to ask this, but...)
	
09:15:45 From Boris Mann to Everyone:
	Replying to "I hadn't been thinking of the moderation things I'...":
	Yes. This is another reason where the stuff may not be able to be stored encrypted.
	Eva Lothian:👍
	
09:15:57 From Boris Mann to Everyone:
	Replying to "I hadn't been thinking of the moderation things I'...":
	To Blaine’s point, 10K users in a “group” is not really private
	
09:16:02 From Ezra Boeth to Everyone:
	btw I think it's super important as a next step that we define the general use case types and how they differ/are similar. here's a discussion to talk more about that and define those collectively: https://discourse.atprotocol.community/t/private-data-use-cases-and-their-trust-models/76
	
09:16:04 From Boris Mann to Everyone:
	Replying to "I hadn't been thinking of the moderation things I'...":
	Signal Groups max out at 10K BTW
	
09:16:05 From jon to Everyone:
	Replying to "I hadn't been thinking of the moderation things I'...":
	Agreed, this is a huge issue that needs to be designed in
	
09:16:20 From Lexie (she/her) to Everyone:
	Sorry I'm late, got the wrong timezone on smoke signal.
	
09:16:51 From Gautam Dey (he/him) to Everyone:
	That seems to break the assumption of the PDS.
	
09:16:55 From Ezra Boeth to Everyone:
	Replying to "I hadn't been thinking of the moderation things I'...":
	@Boris Mann It could still be stored encrypted in some use cases, but in those use cases I think moderation has to be socially (off protocol) rather than technically
	
09:17:51 From Boris Mann to Everyone:
	Replying to "I hadn't been thinking of the moderation things I'...":
	I would not personally be a service provider for such a service. If your threat model is in this direction — then do E2EE mEssaging.
	
09:19:08 From Gautam Dey (he/him) to Everyone:
	The one thing I like about atproto, is that everyone writes to their own PDS, and then the view presents the state of the network.
	
09:19:27 From Ted Han to Everyone:
	Ok, so fundamentally this is a mechanism for me to authorize other people to write data into my PDS?
	
09:19:34 From Boris Mann to Everyone:
	Replying to "The one thing I like about atproto, is that everyo...":
	I think “private data enabled PDS” is a thing. What is the coordination function of of running different PDS codes
	
09:19:40 From @ngerakines he/him to Everyone:
	at+space://did/space/collection/rkey
	
09:19:45 From Gautam Dey (he/him) to Everyone:
	Replying to "Ok, so fundamentally this is a mechanism for me to...":
	That’s what it sounds like.
	
09:21:45 From Boris Mann to Everyone:
	Paid subscribers is a strong use case
	Eva Lothian:💯
	
09:22:08 From Eva Lothian to Everyone:
	To keep a separation where the user is authoritative of their own PDS data in a model like this, I wonder if it makes sense to have something similar to a pull request, where a user works on their own little (branch) copy on their own PDS, but asks permission to merge into the originator's PDS that they have to pull in through some mechanism.
	Gautam Dey (he/him), Chris Millet, @laurenshof.online, jon:❤️
	
09:22:38 From Boris Mann to Everyone:
	Replying to "To keep a separation where the user is authoritati...":
	Yeah this ends up looking like “local first” data and Automerge
	Eva Lothian, Gautam Dey (he/him):👍
	Ted Han:💯
	
09:22:50 From Boris Mann to Everyone:
	Replying to "To keep a separation where the user is authoritati...":
	I think this is VERY app specific
	Gautam Dey (he/him):❤️
	
09:23:27 From Eva Lothian to Everyone:
	Replying to "To keep a separation where the user is authoritati...":
	yep, absolutely!
	
09:23:33 From Boris Mann to Everyone:
	Replying to "To keep a separation where the user is authoritati...":
	e.g. a comment isn’t really a PR. Do I want to keep my comment? Maybe? Blog posts I definitely would want “mine” but could contribute it to a “group blog"
	
09:23:33 From Gautam Dey (he/him) to Everyone:
	Replying to "To keep a separation where the user is authoritati...":
	Yeah, for this you don’t need anything special; from what is already there.  The App can handle this with some custom lexicons.
	
09:24:55 From Eva Lothian to Everyone:
	Replying to "To keep a separation where the user is authoritati...":
	Yeah, I think this would be in the case where a specific piece of content can be edited by more than one user.  So instead of something like comments, more than one people editing the actual post itself (or longer form docs like blog posts, maybe lists or groups memberships, etc).
	
09:25:49 From Boris Mann to Everyone:
	Replying to "To keep a separation where the user is authoritati...":
	Yep! “Multiplayer” is our general label for that (not necessarily real time gdoc style)
	Eva Lothian:👍
	
09:26:36 From Boris Mann to Everyone:
	Multiplayer use cases probably need to get called out
	
09:26:42 From Boris Mann to Everyone:
	Very different than eg. Private posts
	Eva Lothian, jon, Gautam Dey (he/him):💯
	
09:27:35 From Ezra Boeth to Everyone:
	I gotta scoot, thanks for facilitating Boris!
	@ngerakines he/him, Gautam Dey (he/him), Chris Millet:👋
	
09:27:44 From Gautam Dey (he/him) to Everyone:
	Replying to "To keep a separation where the user is authoritati...":
	@Boris Mann maybe not “real time” but can be “soft realtime”, the websocket connection, or even with the relay.
	
09:28:27 From Chris Millet to Everyone:
	Gotta leave too, thanks for organizing!
	@ngerakines he/him, Gautam Dey (he/him):👋
	
09:29:38 From Eva Lothian to Everyone:
	Can you attach this presentation to the agenda?
	
09:32:09 From James Walker (@walkah) to Everyone:
	Also need to drop. Thanks all! 👋
	Gautam Dey (he/him):👋
	
09:37:01 From @laurenshof.online to Everyone:
	Thanks all!
	
09:37:12 From Eva Lothian to Everyone:
	Thanks all, this was AMAZING, glad I got the chance to attend! Looking forward to more! 💜
	
09:37:15 From Mark Xue to Everyone:
	Thanks all!
	
09:37:34 From @laurenshof.online to Everyone:
	No strong opinion
	
09:37:59 From jon to Everyone:
	Great meeting, thanks everybody!
	
09:38:01 From @sri.xyz to Everyone:
	Thanks for organizing!