Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is W3C's P3P Good Privacy?

Posted by Cliff on from the sharing-those-first-impressions dept.

nileshch asks: "A very important development in recent times with regards to website users' privacy has happened with the W3C introducing the Platform for Privacy Preferences(P3P). P3P allows websites to create and maintain XML-based privacy policies for the entire website or sub sections of the site. These machine readable policies document what information is collected from users and how it is going to be used. Today, a few browsers like Mozilla/Netscape & Internet Explorer are committed to giving support for P3P (Mozilla here, IE here) . Although that support seems only skin-deep. I also find very few big sites adopting P3P seriously. Isn't it like the classic chicken-and-egg situation? Websites wait for full P3P support on browsers, browsers go slow on development because there isn't much feature demand happening on this front. Do you have P3P policies for your website? If not, what stops you from creating one? We all create hoopla over tiny privacy issues, user profiling and doubleclick.net . Then why isn't there much enthusiasm for P3P support in browsers?"

6 of 118 comments (clear)

  1. P3P is required by Anonymous Coward · · Score: 1, Interesting

    Well, my issue with P3P was that my shopping cart, that is cookie based, stoped working on some IE6 browsers. It ends up that IE6 will not accept cookies from any server that does not use P3P compact headers when set at certain (read most) security levels. Nice to do, but it would be nice if anyone spoke of it in major forums before it happened. It took days to figure out what was wrong, and more time to figure out that it did not support (or require might be a better term) any form of P3P to operate. It just wanted compact headers. What I really want is some docs to figure out how to generate those headers. I actually had to spend some money to get some firm to generate those for me. I am not happy with this. Any free software to do this? Any good white paper on the subject?

    -GReg

  2. If this really mattered to most of us by dubbayu_d_40 · · Score: 2, Interesting

    we wouldn't use our freaking credit cards, right? I suspect just a few people are making a lot of noise.

  3. p3p is not a PET by ajkessel · · Score: 4, Interesting

    The Electronic Privacy Information Center has published a report on Why P3P is not a PET (Privacy Enhancing Technology) (PDF file). It's worth a read as it challenges a lot of the justifications and goals of P3P.

  4. One problem remains by thasmudyan · · Score: 2, Interesting

    I think P3P is a step in the right direction. With tools like this one from IBM every site owner can create his P3P policy very easily. Those policies will help categorize sites and provide a nice filtering possibility.

    Of course one problem remains: since it's entirely up to the site owner, he/she can enter EVERYTHING. There is no way to know whether a particular site stays true to the poolicy it has created. Your data isn't safe just because the one stealing (and selling) it says it is. On the other hand, there is probably no way of verifying stuff like this, so P3P is the best shot we got.

  5. Re:Why? by Angry+White+Guy · · Score: 3, Interesting

    That is a very depressive outlook on the internet. Why, because it's true. I guess that our ideals of what the internet could be often blinds us to what the internet is. I don't subscribe to any sites, and do nothing for them aside from suck up their bandwidth. And then I am shocked when they dissappear from cyberspace.

    Let them sell off my information. Let them spam me, let these sites *gasp* make money to survive. There is no such thing as a free lunch. I've told the users which I support that same statement over and over again when they download all those seemingly free programs like hotbar and bonzai buddy. And yet I can't get it through my thick skull that even though I pay to access the internet, my responsiblity doesn't stop there. If I am to continue to use these sites, should they not get paid?

    Remeber, information is free, but you have to pay the tarriffs and transportation costs.

    --
    You think that I'm crazy, you should see this guy!
  6. P3P means nothing by cybpunks3 · · Score: 3, Interesting

    Just because there is a P3P privacy policy doesn't mean the policy itself is being truthful or accurate. There is no real accountability or certification of P3P policies, so companies can put any sort of generic boilerplate BS in their P3P policies and as long as there IS one, the browser will accept cookies, etc...

    It can say "oh yeah, we're not selling your information to 3rd parties or anything" when in fact they are. If you trust what it says, then you allow the site to set cookies. You shouldn't be trusting the word of the site itself. It should be a 3rd party certification.

    That's not really protecting privacy, IMHO.

    If P3P policies could be used as evidence in court cases for misrepresentation, then it might force companies to provide more accurate P3P policies, but I haven't heard of any lawsuits coming from inaccurate P3P policies. You'd have to KNOW their policy was misleading in order to take them to court anyway, which is hard to do.