Slashdot Mirror
Pretty Poor Privacy
EPIC has just released a harsh criticism of the Pretty Poor Privacy specification from W3C. Although automatic data transfer is not in the P3P spec itself any longer (taken out after polls showed people didn't like it), implementations of P3P will still include automatic data transfer mechanisms - the idea behind P3P is that viewers will be required to reveal their addresses and other personal information to every commercial site they access or be denied entrance, and that this data transfer will be effectively hidden from users so it will be "out of sight, out of mind". (For a more in-depth article about P3P and Internet privacy generally, see this paper, written in response to Lessig's support of P3P in his recent book.)
Actually, it's Platform for Privacy Preferences Project.
What is wrong with companies not knowing who is accessing their site? Public sites should be open to all whether they want to be identified or not. Now companies will be able to deny access to anonymous users on a whim.
This is similar to the arguement a few years ago thet led to the "no purchase necessary" law. This case is similar in that it involves private companies blocking the people from public domain offerings. A web page should be considered a public offering.
A company cannot discriminate against you just because they don't know who you are. The phone company doesn't demand your ID when you put a quarter in a payphone, because it's a public service. Same thing again.
It could be, but it isn't. Changes in implementation will be necessary for anybody who wants to have a shred of privacy if this thing becomes incorporated. It may have started as a good idea that got mutated into a way to gather data without telling the user that you are gathering it, but it sounds more like something that was thought of as a way to gather data, that can be disguised as something good (and it's not a very good costume at that).
Eh...
It doesn't matter if they lie about what they will do with the information. If they require it, we don't use their site.
Suppose I set my machine up to let any site know that I'm 30 years old, live in the US, and use Linux exclusively.
Now if any site requires my SSN or address, my browser logs the name of the site, the time, and the fields they requested to a file, adds that site to a list of hostnames for which A Href's shouldn't be considered to be links, and redirects my request to a page that the browser generates displaying the actions it's taken, the reasons for the action, and a list of alternative sites with simular information.
What's wrong with that?
Think about it. Well done cookies are opaque, which means you have no control over the contents. With a P3P enabled proxy server, we've got total control over what identifying information gets kept by a web server.
Unless a P3P server is requiring certificates for everything and actually verifying them as the user connects to each page (read: expensive), there's an opportunity to feed pretty much any information you want to the server.
I predict that Mr. Gates is going to be visiting some pretty racy web sites when P3P gets off the ground.
Also, with a well-done proxy, you can basically use the P3P protocol to implement your own form of nyms (you can't hide your IP address, but that's it). A junkbuster patch for this should be trivial.
I think that P3P can dramatically _increase_ the amount of privacy we have (compared to cookies), while at the same time making all that demographic information sites are collecting completely useless. If enough users routinely feed new random information to a site every time they connect, it could also get pretty expensive to store all that. I imagine they might catch on to that when the number of unique records exceeds the global population, but that'll be a while down the road.
c.
Log in or piss off.
Left to itself, it's that anonymous. However, from the IP they get a certain amount of geography. With big enough databases, they can cross-correllate and come up with matches part of the time to your credit record, etc., by figuring you your interests. Not that, say, doubleclick, would try to do this . .
The problem with this is that there are both legitimate and illegitimate reasons to want that info. Sure it's great that you can automatically give people a bogus address and watch them waste their money junkmailing non-existent addresses. Unfortunately, the on-line retailers are going to be asking for the same information, so that book you just bought from Amazon.com is going to be sent to the same bogus address.
I suppose that there are practical solutions to this problem, but it still is a problem. You could, for instance, have two browsers and only fire up the one with genuine info when you actually wanted to buy something. Or, for that matter, a really smart browser could have the option of deliberately feeding bogus info to sites that you don't like the privacy policies of, rather than simply not letting you access them at all. Actually, that last one seems like a great idea for a free software project ...
There's no point in questioning authority if you aren't going to listen to the answers.
I mean, think about it. Instead of going through the trouble to research places you do business with online, to find out what their privacy practices and stances are, you can just go to the site and if it rejects you because you didn't automatically provide personal information that they have no right to, then you can just go elsewhere. They do all the 'footwork' for you in identifying themselves as businesses you may not wish to do business with!
---
seumas.com
This is like the WTO telling the U.S. its environmental laws have to go in the name of good trade.
'Scuse me? Seems like you've got that one bass-ackwards. Check out the ongoing debate between the US and the EU over genetically modified foods, or Coca-Cola's actions at the upcoming Olympic Games in Sydney.
Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
While searching for the actual actice I came across another one very simular with the same title.
http://www.kcoyle.net/p3p.html
It's up to those of us who are directly involved with the 'Net to insure that privacy will also be an issue, until the 'Net is completely anonymous (which it NEVER will be).
There are four boxes used in defense of liberty: soap, ballot, jury, ammo. Use in that order.
Just automatically reveal false data to all sites that you visit. If a group of people get together and all identify themselves as Jesus Christ or Linus Torvalds, then the data will be as worthless as if it were never collected. Your "identity" will not even function as a unique identifier as everybody in the group is identifying themselves as the same individual.
ByteMyCode.com: A Web 2.0 code sharing community.
The actual report is at http://www.epic.org/reports/pret typoorprivacy.html.
> Okay, decline to send that info. But you don't get in! If enough of us "honkin' huge" sites do this, most people will just set their P3P prefs to be something like "let it all hang out."
At some point, consumer advocacy is on the consumers' own shoulders. We already have sites that won't let you in without a cookie. I just go elsewhere. It's not like there aren't millions of other sites to visit. Consumers need to learn to say "no" to sites with bad privacy policies, excessive ads, etc.
--
Sheesh, evil *and* a jerk. -- Jade
The link points to the W3C itself. Where is the "harsh criticism".
BTW, you are doing your readers (and therefore yourselves) a great disservice by confusing them with this "Pretty Poor Privacy" pseudo-joke. I'd never heard of it until just now and I was totally baffled why I should be surprised that a spec that was called "poor privacy" would have privacy problems.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
While this is filed under the "from the what'd-you-expect-from-AOL-and-Microsoft dept.", I'm sort of doubting that AOL and Microsoft are purely to blame for this. Ironically, "the Center for Democracy and Technology" is credited in the press release. But what I'm wondering is this:
Are upcoming specifications that the W3C are going to release public?
Is there a period for public review of upcoming technologies? I would think problems like this, and the flaws pointed out in the article, would have to be addressed. It really sounds from the press release that unless you're a corporation in on the development, your input doesn't count. Should the W3C's drafts have to undergo public review? Or do they already, and I'm missing a step...
Giving one site false info does not make you anonymous...you must maintain a no exceptions policy of disinformation at all times! :-)
It's not funny till someone gets hurt.
Or, when faced with a huge list of "age/sex/favecolor/modelofcar/SSN/creditcardnumber " choices, the end user will click on "Send All" to save time.
Stupid user? Yes -- but how many folks turned cookies back on (and then used another technology to block them) after clicking on "NO" 500 times per page?
This technology is designed to facilitate data collection. You can bet your ass that the user interface will be designed to make any negotiation other than "send all data" extremely cumbersome.
> You are _optionally_ *INFORMED* of each piece of information the site wants from you, and what they're going to do with it.
And without enforceability, that's about as valuable as a TrustE seal of approval. Wow, the marketing guys told me via P3P that they wouldn't resell my data! They'd never lie, would they?
Bottom line: Privacy is a right, not a preference.
ever go to the supermarket and use your "shoppers club" card?
Every single instance of a club that saves you a nominal amount of money does so in order for them to better market their products to YOU. You save some money so you will spend much more later.
ever use a Credit Card? Yep, they track purchasesd, too.
Buy with a check and they use a check scanner? same thing.
Free email service? you have to provide your info.
Free Registration on any site? Yep, same thing... You are getting "valuable" content just for giving up your information. It may not be cash, but you are selling it anyway.
... hi bingo
But I do have privacy when I walk into a store in the mall, simply because nobody at the mall knows who I am. But if the P3P protpcal is implemented, tying some random IP number to my name, address, phone number, SSN, and credit card data can all happen automatically. Privacy isn't so much about doing stuff anonymously, but the inability of others to tie information about you together.
So now Rob knows that there is a guy whose nick is cannes, who (supposedly) buys porno every once in a while, and has a fake email address of fuzz_face_05@hotmail.com. He also knows at least one valid email address tied to that nick. But that's about it. The hotmail account (probably real) has very little to no attachment to some real person.
Rob doesn't know where you live. He doesn't know what your specific tastes in porn are, or what other products you buy. He doesn't know your phone number, your credit card, or your bank account numbers. He has no idea what your income is, whether you are married, have kids, and if so, how many. But if P3P is implemented, he could find out all of that with little difficulty.
The danger of that is that then Rob can do some very mean things. If Rob was a perspective employer, he could not hire you because he has issues with pron. As a bank, he could deny you a loan, or give you a worse interest rate. He could even pretend to be you, getting credit cards in your name, or use your name as a cover for criminal acts, since this information is the way you validate your identity to the rest of the world.
Each individual bit of information is worthless. All of it together has a lot more worth, and is a lot more dangerous to give away.
- People have always been screwed this way, or...
- Someone is screwing you in a similar way right now.
Suggesting that we should put up with further invasions of privacy because other invasions already exist is like saying that we ought not to mind being mugged because people have always been mugged, or that there's no point in outlawing muggings because there's always shoplifting.Yes, there are other Bad Things in the world. And we should fix them, too. What we should not do is sit around in online discussions trying to score the most points for hipper-than-thou cynicality by ignoring the evil that men do. Dammit.
Proud member of the Weirdo-American community.
the idea behind P3P is that viewers will be required to reveal their addresses and other personal information to every commercial site they access or be denied entrance,...
Exactly where in the specification does it state this as the goal of the protocol? Oh, I see, you made it up. Does Michael actually understand the difference between the intention of something, and the possibility of abuse of something? Apparently not.
And by the way, do you think that a site actually has no right to demand personal information before it's accessed? Uh -- yes they do. They can do any damn thing they want. You have a choice -- either provide the information, or don't visit the site. It's called freedom -- on both sides.
Oh I see -- you know what's best for everyone else. You will decide they should not have a convienant capability to pass their personal information automatically. People are too stupid to make that decision for themselves, so they need protection from Michael.
And the "pretty poor privacy" thing is unprofessional. At least give the proper name of the specification, and if you want to make your little joke, then make it. But putting it in the article's title is just disrespectful and immature.
I wish Slashdot would get someone that has a little more class and maturity to do these sort of articles.
--
Sometimes it's best to just let stupid people be stupid.
People are trying to make P3P out to be more than it actually is or tries to be. All it is is some XML code people can use to automate (very useful) privacy negotiations. Say you don't want to do business with sites that hand out your e-mail address to marketers. Bingo! P3P will make sure you're warned before clicking 'Submit'. Say you don't have a problem with a site that gives out your zip code for aggregate, non personally identifiable data. Bingo! P3P will make sure you can do business with those sites. P3P itself does not facilitate data transfer, automatic or manual, in any way shape or form.
A side effect of standardizing privacy policies is that they are machine readable and therefore can be scanned automatically by a user agent.
The only problem with P3P is that it doesn't provide a way to make sure companies are actually following their policies, but nowhere does any spec even say they are trying to do that, so why lambaste them for it?
And lastly, P3P is a WORK IN PROGRESS. It is by no means finalized.
P3P's official website is here.
And no, I don't work for the W3C, but I've been researching P3P for awhile now and feel this story post was unfairly presented.
-ryry
-ryry
Yes, I think quite a few people do know somthing about this, and you are very wrong.
This is not really a privacy tool, but an anti-privacy tool. Please read the article at EPIC. I did read the entire piece, and could not agree more.
For this to even nominally become a tool which enhances privacy rather than degrades it, a lot of trust is required.
*You have to trust each web site you visit to really acquire only the information you want to let out and further trust that you will be notified that your personal information is being transferred or logged when it happens. P3P makes it much easier for web sites to acquire all kinds of information without your knowledge and to transmit that information by installing helpers in web browsers and even operating systems to do that.
*You have to trust the browser to be honest about doing the same. Get real. AOL-Netscape and Microsoft already have numerous built-in trojans which are difficult for users to remove or even know about. Working in conjunction with Active X, VB Script, Java Script, cookies and trojan horses hidden in the Widows registry, the browser can completely expose your local computer to a web site. It already does in some cases. This is truly 1984 - a nightmare. If an individual did what these companies do, he would be sentenced to years of imprisonment and forbidden to ever use the internet again when released. This is computer crime on such a large scale as to make the actions of every script kiddie and cracker inconsequential. If the lie is big enough, and is repeated with conviction, many people will believe it. A well known technique.
*As stated in the article, users will be overwhelmed with having to make choices about privacy levels at each web site and will tend to set the global setting to the lowest possible privacy level for all sites to avoid irritating popups. And, even if they set their desired level of privacy to the higest possible level, there is no guarantee that the browser and the web site will respect that setting, or that web site will not be able to change these setting without the user's knowledge. As described above, helper applications imbedded into a browser or an OS, or run by an ISP without a user's knowledge, will greatly facilitate the ease of silent transfers.
*Microsoft and other application service providers will increasingly be able to alter, without the users knowledge, information which is on a remote computer if their software is used. For example, in "updating software" all your setting can be changed to the default (the lowest possible privacy setting of course). Rememember, you do not own the software which operates your computer if you use Windows, Mac and some other proprietary systems. You only have a license to use that software. Increasingly such licenses will be time-limited and subject to cancellation on mere suspicion of internet "piracy" and so forth or even for having another OS also installed on the same machine, which can be interpreted as a breach of the license contract (installing "non-standard" software which might interfere with proper functioning of licensed, proprietary products).
Finally, consider the source of support for this new "standard". Corporations like MS, AOL and Real have been prosecuted or sued time and time again for violations of privacy and will continue abusing their customers unless the penalties become prohibitive or unless customers boycott them.
Even if it is remotely possible for this P3P protocol and "standard" to enhance privacy, your post which implies that those of use who do have concerns are completely off base rings false. Such concerns are well justified by past "untrustworty" behavior by the major corporations behind this standard for abuse. And yes, I do trust the people at EPIC and Junkbusers a lot more than I trust Bill Gates and Steve Chase.
The WTO is being used by corporations of multiple nations to gut environmental laws of multiple nations. It isn't just US corporations vs Europe.
The WTO has already demanded that the US repeal a law mandating that tuna be caught in a way that doesn't kill dolphins, under threat of sanctions -- and the US complied. Result: more dead dolphins.
Now, there are some possible good uses for the WTO rules: why haven't people sued the RIAA yet? Surely the region codes in DVDs are a trade violation!
ZDNet story
To every commercial site, eh? who decided that?
Hmm. I run commercial sites.. and we aren't planning on 'requiring' this kind of information.. I wonder who they've been talking to..
http://www.junkbusters.com/h t/en/standards.html#supply
To see the absurdity of the current state of American privacy and P3P's part in it, imagine switching the interest concerned from privacy to copyright, a very similar right concerning the restriction of dataflows. Suppose that in response to the music industry's alarm about unauthorized distribution of songs over the Internet, a consumer group proposed a technology called the "Platform for Piracy Promises". Each consumer would configure his own "piracy policy" in his browser, stating the circumstances under which he promises to copy, modify, transmit or broadcast certain different kinds of recordings, such as poetry, country music, and heavy metal containing profane lyrics. A rich language will be developed to express information about the various uses, owners and types of content. When the consumer visits the site of a recording company to download MP3 tracks, his browser would automatically "negotiate" with the company's server to determine whether the consumer's piracy policy "matches" recording company's "preferences" for use of its property.
If the music industry is suing like mad to fight piracy, perhaps the "identity industry" (i.e. consumers) might want to do the same to fight privacy invasion!
sulli
sulli
RTFJ.
Why do people think they are entitled to privacy online?
DrLunch.com The site that tells you what's for lunch!
By the way, it's not actually a criticism of the system itself (its implementation), but of whether or not it fufills its goal (which they think it doesn't).
-o Disclaimer: My employer doesn't even agree with me about C indentation style. o-
The P3P standard is being developed to let users decide how much of the data their computer will give up about them.
It has nothing to do with PGP, even though it begins and ends with P. btw, so does PHP and PCP. I don't think anyone is confusing those with PGP either. It is not an encryption technology, but a policy technology.
It would send out a PICS-like code to a user, and it would match to user preferences to check for violations of personal security rules.
This would let people collect a certificate that states "this site (will|will not) (sell|share) you information. Information is kept for (foo) months." If visitorse have a problem in the future that they think is a result of visiting this site, or accuse the site of violating their stated terms, they have evidence by which to prove it.
There really aren't many implementations available yet, aside from some of you usual startup-of-one-purpose companies.
This is a consumer protection measure intended to keep governments (particularly the pesky US) from passing yet more laws that don't work.
This was reported on NPR yesterday. Some folks form junkbusters commented on it saying it was a good idea to take back personal information, but more needs to be done to ensure enforcement, or the whole system would fail.
I needn't remind anyone that using junkbuster with cookie protection is usually enough for most privacy addicts.
Lowmag.net
It sure doesn't look that way!
Okay, with P3P, you are supposed to be able to:
1) Define different things about yourself, such as your age, sex, address, favourite colour, waist size, whatever.
2) Set rules for how each of those piece of information are shared, or even IF they're shared (though there's not much point in defining them if you're never gonna share 'em. So don't define them if you don't want to!)
3) Okay, so you've got your Internet app configured with the information and the rules on how and when and to whom you'll share.
Scenario:
You go to an online retailer (e-tailer, ugh.). This place sells clothes, woohoo! When you hit the site, your internet app does a check - it checks how you set up your P3P settings in that app - do you get notified of where your P3P rules clash, does it autonegotiate sending _some_ of your info based on what the site says it will do with it, or will it pop up a thing that lets you 'dicker' with the site about what you will and won't share? Okay, so if the site says it'll use the info it's requesting for non-personally identifiable marketing purposes (age, sex, favourite colour, nothing that can identify YOU), then hopefully you've set your P3P rules to allow that to happen automagically. The site then has all those nice customized features to match your age, sex, and favourite colour. Nice.
Okay, say what the site wanted wasn't allowed by your P3P rules. Okay, if the internet app has been coded nicely (that's an assumption), then it might pop up something saying, "Site X wants such and such information, but promises it won't be shared with anyone under any circumstances." It's then up to you to say yea or nay, HOPEFULLY to each individual item of information. HOPEFULLY you'll be able to say, check next to each item you're willing to allow. Then the internet app goes back to the site with the additional items you're willing to share. If the site says okie dokie, then you're fine. Or else some features of the site may be disabled. Or perhaps the price of the item is higher (lower price for people willing to share more info? A better way to 'pay' people for sharing information.). Or maybe you don't get access at all, but that brings us to the friggin' POINT of P3P:
You are _optionally_ *INFORMED* of each piece of information the site wants from you, and what they're going to do with it. You don't get that information at many sites now, and you certainly don't negotiate anything. Either you share it, or you don't. This will _NOT_ give out information you don't want given out. Anyone who thinks that knows nothing about P3P. This is about giving INFORMED CONTROL over your information. You don't have to give out anything you don't want to, or you can selectively give out INDIVIDUAL things (there's no "all or nothing" aspect here!!!), to sites, based on what they say they'll do with the info.
P3P _IS_ a good thing. It's GREAT for privacy. It's good for children and other living things. It also stays crunchy in milk, and has a good beat that I can dance to. I give it a 42, Dick.
The internet is as anonymous as you want to make it...because we still have the option of lying to those who ask us for information. Look at me. Did you think my real name was 'Remus Shepherd'? No -- it's a psuedonym, a lie.
99% of the websites I visit and do business with know me by an IP address and maybe the name Remus Shepherd. The other 1% are those that require real information and whom I've decided to give that information to. But most advertisers and databases out there know me as Remus, with no connection to my real name. They can't get a credit history on Remus Shepherd. Mailing address? None known. Bombard Remus Shepherd with 'targetted' ads all you like -- they're easy for my mailfilter to trash, while the few trusted sites that know my real name are allowed through.
The net may evolve into a communication medium where people have screen names and True Names (thanks again, Vernor Vinge). I think it's a simple and effective response to commercial invasion of privacy.
Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
If my personal data is really worth that much to you, then I'll be selling it for $10 a pop!
Love, Don
--
Wooden armaments to battle your imaginary foes!
Also check out this Wired article and a href="
The main function of this "privacy protocol" is to streamline the gathering of personal information, and to make it as "painless" as possible for the user.
Our privacy is supposed to be "enhanced" by a protocol which standardizes all these aspects of personal information, and facilitates their transfer, possibly without the user initiating even noticing the transfer, to any web site that happens to implement the protocol. The name for this protocol sounds like it comes straight out of 1984.
Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
My company used to require information from users before they could download our free app. We dropped this requirement for two reasons, first, the users hated it, and second, the information we collected was crap. I looked at the database once and found what I expected, hundreds of William Jefferson Clinton, thousands of Bill Gates and quite a few Saddam Husseins, Jesus Christs and Vladimir Lenins.
The point being, if you try to compel people to give you information, that information becomes useless. The more you attempt to compel them, the more useless it gets. Sort of like a Hiesenberg's principle for info.
Some of these folks who want to set up huge databases from user info will find that the extra money generated won't pay for the boxes and bandwidth the infrastructure will require.
viewers will be required to reveal their addresses and other personal information to every commercial site they access or be denied entrance
Next I'll have to have my IPV6 address tatooed on my forehead to do business in the brick and mortar world.
134340: I am not a number. I am a free planet!
The World Wide Web Consortium is abbreviated W3C, and this makes sense. P3P would make sense if there were another P, but there isn't.
IANAL, but is this grounds for a lawsuit by whoever owns PGP trademark?
--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;