Pretty Poor Privacy

EPIC has just released a harsh criticism of the Pretty Poor Privacy specification from W3C. Although automatic data transfer is not in the P3P spec itself any longer (taken out after polls showed people didn't like it), implementations of P3P will still include automatic data transfer mechanisms - the idea behind P3P is that viewers will be required to reveal their addresses and other personal information to every commercial site they access or be denied entrance, and that this data transfer will be effectively hidden from users so it will be "out of sight, out of mind". (For a more in-depth article about P3P and Internet privacy generally, see this paper, written in response to Lessig's support of P3P in his recent book.)

Let's put the actual links in, please

[Decklin+Foster]

The actual report is at http://www.epic.org/reports/pret typoorprivacy.html.

Does anyone posting on this know ANYTHING about it

[Tumbleweed]

It sure doesn't look that way!

Okay, with P3P, you are supposed to be able to:

1) Define different things about yourself, such as your age, sex, address, favourite colour, waist size, whatever.

2) Set rules for how each of those piece of information are shared, or even IF they're shared (though there's not much point in defining them if you're never gonna share 'em. So don't define them if you don't want to!)

3) Okay, so you've got your Internet app configured with the information and the rules on how and when and to whom you'll share.

Scenario:

You go to an online retailer (e-tailer, ugh.). This place sells clothes, woohoo! When you hit the site, your internet app does a check - it checks how you set up your P3P settings in that app - do you get notified of where your P3P rules clash, does it autonegotiate sending _some_ of your info based on what the site says it will do with it, or will it pop up a thing that lets you 'dicker' with the site about what you will and won't share? Okay, so if the site says it'll use the info it's requesting for non-personally identifiable marketing purposes (age, sex, favourite colour, nothing that can identify YOU), then hopefully you've set your P3P rules to allow that to happen automagically. The site then has all those nice customized features to match your age, sex, and favourite colour. Nice.

Okay, say what the site wanted wasn't allowed by your P3P rules. Okay, if the internet app has been coded nicely (that's an assumption), then it might pop up something saying, "Site X wants such and such information, but promises it won't be shared with anyone under any circumstances." It's then up to you to say yea or nay, HOPEFULLY to each individual item of information. HOPEFULLY you'll be able to say, check next to each item you're willing to allow. Then the internet app goes back to the site with the additional items you're willing to share. If the site says okie dokie, then you're fine. Or else some features of the site may be disabled. Or perhaps the price of the item is higher (lower price for people willing to share more info? A better way to 'pay' people for sharing information.). Or maybe you don't get access at all, but that brings us to the friggin' POINT of P3P:

You are _optionally_ *INFORMED* of each piece of information the site wants from you, and what they're going to do with it. You don't get that information at many sites now, and you certainly don't negotiate anything. Either you share it, or you don't. This will _NOT_ give out information you don't want given out. Anyone who thinks that knows nothing about P3P. This is about giving INFORMED CONTROL over your information. You don't have to give out anything you don't want to, or you can selectively give out INDIVIDUAL things (there's no "all or nothing" aspect here!!!), to sites, based on what they say they'll do with the info.

P3P _IS_ a good thing. It's GREAT for privacy. It's good for children and other living things. It also stays crunchy in milk, and has a good beat that I can dance to. I give it a 42, Dick.

Ha! Extorted Information is Crap

[johnos]

My company used to require information from users before they could download our free app. We dropped this requirement for two reasons, first, the users hated it, and second, the information we collected was crap. I looked at the database once and found what I expected, hundreds of William Jefferson Clinton, thousands of Bill Gates and quite a few Saddam Husseins, Jesus Christs and Vladimir Lenins.

The point being, if you try to compel people to give you information, that information becomes useless. The more you attempt to compel them, the more useless it gets. Sort of like a Hiesenberg's principle for info.

Some of these folks who want to set up huge databases from user info will find that the extra money generated won't pay for the boxes and bandwidth the infrastructure will require.

P3P vs. PGP

[Phroggy]

Has it occurred to anyone else that the name P3P was chosen just to confuse consumers who've heard the name PGP floating around before? It's supposed to be an abbreviation for three words that start with P. P3 or 3P would make sense, but P3P is redundant and can only have been chosen because it sounds familiar.

The World Wide Web Consortium is abbreviated W3C, and this makes sense. P3P would make sense if there were another P, but there isn't.

IANAL, but is this grounds for a lawsuit by whoever owns PGP trademark?

--