Slashdot Mirror
Is W3C's P3P Good Privacy?
nileshch asks: "A very important development in recent times with regards to website users' privacy has happened with the W3C introducing the Platform for Privacy Preferences(P3P). P3P allows websites to create and maintain XML-based privacy policies for the entire website or sub sections of the site. These machine readable policies document what information is collected from users and how it is going to be used. Today, a few browsers like Mozilla/Netscape & Internet Explorer are committed to giving support for P3P (Mozilla here, IE here) . Although that support seems only skin-deep. I also find very few big sites adopting P3P seriously. Isn't it like the classic chicken-and-egg situation? Websites wait for full P3P support on browsers, browsers go slow on development because there isn't much feature demand happening on this front. Do you have P3P policies for your website? If not, what stops you from creating one? We all create hoopla over tiny privacy issues, user profiling and doubleclick.net . Then why isn't there much enthusiasm for P3P support in browsers?"
We all create hoopla over tiny privacy issues, user profiling and doubleclick.net . Then why isn't there much enthusiasm for P3P support in browsers?"
Why? It's simple. Users don't care. Geeks do, but geeks don't make up a large percentage of the general population. The general population of Web users aren't nearly as paranoid.
Who are they to tell us how to run the web? You'd think that they were a big group of people who pretty much invented the web by the way they act.
You think that I'm crazy, you should see this guy!
There are some papers about P3P HERE.
I think that if it puts spammers, pr0n peddlers and other crooks on the ropes, I'm all for it.
we wouldn't use our freaking credit cards, right? I suspect just a few people are making a lot of noise.
From the p3ptools website...
3. You should also have a compact policy associated with the cookie itself. This is done by sending the compact policy string of text along with the HTTP header when setting the cookie. The format of this text will vary depending on which web server software package you are using on your site. See Deployment Guide Section 3.1 "Using HTTP Headers" and Deployment Guide Appendix A for a discussion of various implementations.
The appendix is HERE.
You think that I'm crazy, you should see this guy!
Not really on topic at all, but I was always wondering, what's the big deal with cookies!? All they can do is store information THAT YOU GIVE THEM (or that they arbitrarily assign to you)! In fact, you don't even need cookies to do that. You can just do it with Perl or PHP. Yeah, sure, there are some flaws with cookies in IE, but there are flaws with everything in IE! Hell, Slashdot uses them! The media has somehow given them a bad name. Most sites require cookies, and they work quite well, actually. Would you really want to enter your user name and password for every like you click? No, I don't think so. I'll never understand...
...comes with good ethics.... good ethics comes with good motives... good motives comes with epathy and understanding. All branches are limbs of the same tree - problems within a society are the dysfunction of that society. Change the society and things like this would not need to be discussed; they'd be a forgone conclusion.
As far as I can tell, even Slashdot, the bastion of privacy (paranoi) isn't using it either. Tough to advocate something that you don't do yourself, huh?
It is a solution looking for a problem
... Governments are instituted among Men, deriving their just Powers from the Consent of the Governed...
At my company, we have a corporate website and individual portals for our clients, all of which implement P3P. It's essentially mandatory, once your customers start using IE6. I would prefer to have the customers abandon M$ entirely, but most can be expected to follow the path of least resistance, which means IE6 more often than not.
Many (15%?) people set their "cookie security" to "high". This makes cookies fail on all non-P3P websites, causing all kinds of application misbehaviors. So we either have an inconvenient/hard-to-follow set of instructions about enabling cookies, or we set up P3P on the server side. In our case, we never share or cross-market our client data with anyone, so P3P is administratively simple as well.
On the other hand, I don't see what stops the sleazier companies from simply lying about privacy via P3P. After all, these are some of the same people who sell everything you do to Doubleclick and quietly switch your privcacy preferences to "yes, spam me" (hint: 4-letter auction site; starts with "E"). What's another lie when there is direct marketing revenue at stake?
i'm not overly familiar with p3p (p2p i understand ;) ), but my ex-girlfriend has a website devoted to viewpoints on p3p (http://www.p3p-viewpoints.org/). from what i understand, the major issue with p3p is that it is overly complex. some user studies have shown that users don't effectively understand what p3p means or how it affects them. more info at the website...
smd4985
My company's website needs cookies enabled. So a week ago when we ran a survey all of a sudden all of our IE 6 users were not working at all. We had no idea of why these users could not get through other than that they had IE 6 and their cookies were not enabled. We searched the web for any signs of this and yet still nothing. It wasn't until one of our employees looked at the IE site and saw the section about P3P that we figure out what was wrong. Essentially all our cookies were being rejected by IE 6.0 because we did not have a P3P policy.
The next day we created a policy and haven't had a problem with IE 6 cookies since. Sad but true. Any site that relies on cookies are going to need a P3P policy.
> Then why isn't there much enthusiasm for P3P
> support in browsers?"
When I care about a site's privacy policy (and sometimes I do) I read it myself. I'm not about to trust my browser to tell me it's ok. When I don't care, I don't care. What good is P3P to me?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Part of the reason why the adoption of P3P has been so slow is that it may actually make privacy problems worse.
The problem is that users (and perl programmers) tend to be lazy. And lazy users check the little "this is the default setting so stop showing me dialog boxes" checkboxes in order to make things easier for them. The problem with this is that with P3P, a website can "claim" to not sell/rent your email address, but because the user set their default options to accept that, their address is automatically sent to the website and they don't have the opportunity to consider the implications and evaluate it themselves.
Also, P3P is a total PITA to write and the one editor that I know of (free from ibm) seems to be long since dead (and downright confusing too). It can also open companies up to legal trouble since a discrepency between a P3P file and the actual practices of the website could be grounds for a lawsuit (IANAL).
This is a way for you to control your information. You set guidelines, and the websites have to operate within those guidelines. Could a website lie? Sure. But now you're forcing them to lie rather than grudginly accepting a convoluted mess of a privacy policy.
You think that I'm crazy, you should see this guy!
The Electronic Privacy Information Center has published a report on Why P3P is not a PET (Privacy Enhancing Technology) (PDF file). It's worth a read as it challenges a lot of the justifications and goals of P3P.
Also for folks using Windows IE (the majority) ATT&T offers up their free eternally-beta AT&T Privacy Bird which gives folks visual and auditory feedback (both controlled/turned off in Prefs) on site's P3P settings. Quite informative actually, I discovered just how awful Yahoo's policies are when I used their headline aggregator (just who are they selling my newsreading habits to?) [rhetorical question]
The P3P folks have put together a great website at P3P Public Overview which is chock-full of useful information. On the other hand here is an interesting critique and here another, suprisingly both by lawyers. Security guru Richard Smith also has an important (though hopefully now fixed?) page on supercookies and how MS IE 6's touted protections can be got around.
Mozilla of course supports P3P and it's useful to understand just how MS IE 6 suppports and applies P3P and cookies.
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
OK, I run a personal site powered by PHP. I try to keep my site as HTML-compliant as I possibly can, so far everything is fine until I added a Flash header to my site.
.postal.street, .postal.city bla bla). If I'm a full-fledged business, that info might not be so sensitive... heck, I would want everyone to know the physical location of my business.
Somehow there is a severe lack of info on how to make Flash codes HTML compliant. I figured maybe I should use the <OBJECT> tag to somehow smuggle the Flash code from an external file.
OK, end of unrelated rant, now for the P3P thingy. I figured this will be important for my site in the future because I'm considering engaging in e-commerce (very small scale), so what the heck.
The thing is, the examples of P3P XML files I looked at from various sources always contain sensitive elements like business.contact-info.postal.address (using loosely, I know that it's supposed to be
But what if it's a home-based business? I surely don't want customers knowing my home address and dropping in whenever they like, a main reason why I chose to do online business in the first place. So in order to safeguard the privacy of my customers, I now seem to be compromising my own.
If there is a proper workaround for this issue (without any legal problems), can some intelligent and experienced individual point it out to me? Are all those business.contact-info.* tags required in the first place? It seems that every compliant site have them.
Thanks in advance.
Welley Corporation - SLM Scammers
> I have not seen an example of a contract or
> agreement that is not purposely ambiguous.
You've not seen many contracts, then. Most lawyers strive to eliminate ambiguity.
Any lawyer who puts ambiguity in a contract of adhesion (which these things are) is a fool. The courts will always interpret such ambiguities in the consumer's favor.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I think P3P is a step in the right direction. With tools like this one from IBM every site owner can create his P3P policy very easily. Those policies will help categorize sites and provide a nice filtering possibility.
Of course one problem remains: since it's entirely up to the site owner, he/she can enter EVERYTHING. There is no way to know whether a particular site stays true to the poolicy it has created. Your data isn't safe just because the one stealing (and selling) it says it is. On the other hand, there is probably no way of verifying stuff like this, so P3P is the best shot we got.
Well, P3P has been on my radar since 1998, when I first read about it, I think this was the article. There are many things that you can blame M$ for, and I'm personally M$-free, but developers should be paying minimal attention.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
"Do you have P3P policies for your website? If not, what stops you from creating one?"
Return on investment.
Creating a P3P policy would take alot of my time - I would have to research and learn the format and possiblities of the language, then write the policy, reconcile it with various departments within the company, then finally integrate into the site, and potentially have to deal with questions from confused visitors.
Implementing P3P on my site would cost me no money, but a great deal of time.
TIME IS MONEY
...if, for example, a user orders something on your site through a NAT firewall, say from a university dorm or something. Now supopose another student on the NAT happens to go to your website at the same time. If you are tracking by IP, these two appear to be the same user (due to the singular IP of the Internet gateway both of them share), so, essentially, you have just given full access to your customer's account to an unauthorized party, which of course, is a Very Bad Thing.
This can also apply to home users, or businesses, or anywhere else a NAT is set up. Uh-oh.
Throw some cookies in there and now suddenly each users request becomes uniquely identifiable, and although not entirely secure, it certainly is much more difficult than "accedentally."
CAn'T CompreHend SARcaSm?
... why so few people have implemented this. Our website actually has one of these thingys -- we just put it up, in fact, because its absence was causing trouble with some IE releases. Wading through the P3P docs to come up with a meaningful XML privacy description document is a non-trivial undertaking. The funny thing is that, IIRC, having this little shred of XML puts us ahead of a bunch of other commercial sites that don't do it.
Dog is my co-pilot.
NO ONE actually believes anything these sites say. They will sell their grandmothers organs for a dime, and we know that if they are violating their policies left and right, nothing will happen. Even if the company says no, as soon as they switch hands or go under that potential capital will be utilized one way or another. The key is successfull obsfuscation on the client side. You can't avoid footprints, so leave HUGE one in clown shoes all over the place, in different ID's.
errr....umm...*whooosh* *whoosh* Is this thing on ?
The alternative to using cookies is not tracking by IP address, but passing some session variable around every request. Yes, it's a pain (unless you use a framework that will handle it for you). Yes, it doesn't always work. I don't know of ANY web developer that would even consider tracking someone based on IP address, for the reasons you stated.
..write a script to gently but firmly ask politiely that your visitors arriving using IE would have a better and more secure "total internet surfing experience" if they "upgraded their browsers" to "a better one" then provide some links to them.
Like, why keep taking it and taking it and taking it and taking it? Don't insult them, just show them a different thing that's "better" for them. Most people just slap don't know, the "internet"is "windows and explorer" because it came with their new conpooter and "microsoft" somehow "owns" the internet. We have to do everything we can to get this brainwashing reversed..
Ernst & Young have a regular P3P Dashboard Report[PDF] that summarizes adoption of P3P by large Web sites.
Privacy is a difficult issue; P3P has been derided because it doesn't do enough (actively negotiate or protect your privacy), because it does too much (intrusion into the browser, difficult to implement) and generally because it's too complex.
As a result, it's a compromise that noone is 100% happy about, but it does give us something to work with. Standards that try to do everything for everyone almost always fail.
The W3C is, next week, holding a workshop to look at the future of P3P; I haven't had a chance to read the position papers yet, but the fact that they're holding a workshop shows that they know there's more work to do.
Hmm, yes I didn't think about that. Good call.
Implemented simply with a GET request which has some kind of ID number in it. Essentially, though, Cookies are just a more sort of hidden way to do this.
Whenever I see one of those absurdly long URLs with all kinds of session info in it, I wonder why the developers couldn't just use a little JavaScript and an <INPUT TYPE=HIDDEN VALUE="whatever">. When you click on a link, instead of using the HREF, use an onClick="go('thisLink.html')", where the go() function will set the appropriate hidden form values and use a form.submit(). The server will parse all nessesary info, including session info, from the POST request, and redirect or dynamically generate as nessesary. Of course, if the user takes action on an <INPUT TYPE=SUBMIT>, this becomes quite trivial.
Of course, that's a lot of trouble for the same functionality you get from cookies, and in some situations (depending on implementation) could be a little too trusting of the end user as well... I never understood why people where bothered by cookies in the first place.
CAn'T CompreHend SARcaSm?
Just because there is a P3P privacy policy doesn't mean the policy itself is being truthful or accurate. There is no real accountability or certification of P3P policies, so companies can put any sort of generic boilerplate BS in their P3P policies and as long as there IS one, the browser will accept cookies, etc...
It can say "oh yeah, we're not selling your information to 3rd parties or anything" when in fact they are. If you trust what it says, then you allow the site to set cookies. You shouldn't be trusting the word of the site itself. It should be a 3rd party certification.
That's not really protecting privacy, IMHO.
If P3P policies could be used as evidence in court cases for misrepresentation, then it might force companies to provide more accurate P3P policies, but I haven't heard of any lawsuits coming from inaccurate P3P policies. You'd have to KNOW their policy was misleading in order to take them to court anyway, which is hard to do.
The same people that shut off cookies also shut off javascript - often shutting off javascript INSTEAD of cookies. The only real option is to put everything in the URL, which is damn ugly. Also, imo, increases the chance that someone will try to play around with the session ID in the URL, simply because it's there.
creation science book
There is no external auditing of P3P that I can see.
I set this up on one website I built, but why? I was able to say whatever I wanted. If my browser acted on this sort of information I would be forced to disable it, since it is not, and cannot be trusted without an external verification.
The story and comments here are incorrect.
Mozilla doesn NOT, in fact, support P3P. It did at one point. Support was removed, because, as I understand it, P3P is "dumb".
Netscape reincludes it in there releases, but it hasn't been in Mozilla proper for some time now.
The slippery slope will lead to profiling agencies, much like credit reporting agencies, who sell your profile to employers, landlords, lawyers, law enforcement, and anyone else who wants to make a decision about you.
they just don't care. I'm a geek who understands the tracking that goes on (I've written Web tracking software in the past) and for the most part, I don't care.
This is one reason the Electronic Privacy Information Center argues that P3P is not a privacy enhancing technology. Websites will eventually demand that you reveal everything, or they won't let you access the site. If people don't care, they will comply. The end result will be like cookies (only with your name, age, address, and other personal data attached). Handing your full identity over to every site you visit will simply become the de facto standard.
There is nothing to prevent the web site operator from lying between their teeth in setting a false P3P policy.
P3P Seal of trust? Good and strong as the weakest link of chain. Just think Thawte or Verisign.
P3P embedded in Mozilla or IE browsers? Yeah, right. Gotta see the code in order to trust the browser.
How much trust and confidence does that inspire to "We, the Web Surfers?"
None, Nothing, Na-da!
Quote: browsers like Mozilla/Netscape & Internet Explorer are committed to giving support for P3P
? id=128639
Mozilla, commited to P3P?
I refer you to this bugzilla thread:
http://bugzilla.mozilla.org/show_bug.cgi
which has been going since March. Several people supported P3P, but the people in charge weren't having any of it.
Hrm, I take it you can setup a p3p thing in the same way you setup a cookies.txt. Just drop the thing in the right URL?
Are there any tools out there that let you edit a p3p XML file quickly and easily? I'm to lazy to look up the specs and edit an XML file in notepad right now (and I have other things to do).
autopr0n is like, down and stuff.
Not only do they need to 'log on', but they need to keep logging on (like fark) or have their log on tied to an IP address. For huge sites this becomes a major headache, as it requires HUGE Databases of pointless information.
Really, why should I have to store gigs of data so that people can chose what background color or what kind of porn they want to see when they visit my site?
autopr0n is like, down and stuff.
Oh, I though P3P was P2P, just cooler! :]
You can also use the SSL session key as a identifier. Of course, that requires the entire session to be encrypted, which is not practical in most situations.