U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project
The E-Gov Requirements The Privacy Provisions of the E-Government Act of 2002 require both a “human readable” Privacy Policy and agency use of machine readable technology that alerts users automatically about whether site privacy practices match their personal privacy preferences.
Isn’t the Text Version Enough? Most users do not see the text privacy policy until after they have visited one or more of the site’s pages. Text privacy policies are sometimes difficult for users to locate, too lengthy for users to read, difficult to understand, and can change without notice.
Machine-Readable Policy P3P is the standard for machine-readable Privacy Policy. P3P enables web sites to translate their privacy practices into a standardized format (Extensible Markup Language - XML) that can be retrieved automatically and easily interpreted by a user's browser.
What Does P3P Address? Who is collecting data? What data is collected? For what purpose will data be used? Is there an ability to opt- in or opt-out of some data uses? Who are the data recipients (anyone beyond the data collector)? To what information does the data collector provide access? What is the data retention policy? How will disputes about the policy be resolved? Where is the human- readable Privacy Policy? What Does P3P Address?
What P3P Does Not Address P3P does not set minimum standards for privacy; nor can it monitor compliance with stated policy. –Certain types of “cookies” can be blocked based on type of cookie but not based on content of information in them. Implementation varies among browsers. –None go beyond cookies at this time.
How Does P3P Work?
How Users Are Notified Web Browser Alerts Web visitors who want to take advantage of P3P enabled sites have to set their personal privacy preferences in their web browser.
Browser Support Browser implementation of P3P is concerned with the issue of cookies When the browser encounters a cookie from a web page that either does not have a compact P3P policy, or that has a P3P policy that does not match the user’s privacy preferences, the user is alerted via icons. Browsers supporting Compact P3P Policy: –Netscape 7 –Mozilla –Internet Explorer 6 –AT&T Privacy Bird (Plug-in for Internet Explorer)
Cookies Cookies are information stored by a server on a visitor’s computer during their first visit to the site and used on subsequent visits to the site. This may be information obtained without asking (e.g., viewing habits), or information provided by the user (name, preferences). The server records this information in a text file and stores this file on the visitor's hard drive. What do your cookies say about you? Search your computer for the cookie files – You might be surprised.
Example of Cookies # Netscape HTTP Cookie File # # This is a generated file! Do not edit. home.frontiernet.netFALSE/FALSE regionid1 home.frontiernet.netFALSE/FALSE stateabbWV home.frontiernet.netFALSE/FALSE npa304 home.frontiernet.netFALSE/FALSE cityCharles+Town.mp3.comTRUE/FALSE RMID8c5a18333f09c160.2o7.netTRUE/FALSE s_vi_bzbx7Bmfehkf[CS]v4|3F09DC DFF- A000A4A |4032DDB1[CE].2o7.netTRUE/FALSE s_vi_nvnwhg[CS]v4|3F09DC DFF- A000A4A |4032DDB1[CE].2o7.netTRUE/FALSE s_vi_cx7Bczccdfx60x7Fl[CS]v3|3F09DC DFF- A000A4A |3F5F8EC2|3F09DC88|3F5F8EC3|3F5F8EFE|2|4|0|0||ltx0AGKIx04cEPASEx5Dx1Ex04lKIAx04EJx40x04lKI Ax04kBBMGA|ltx0AGKIx04cEPASEx5Dx1Ex04lKIAx04EJx40x04lKIAx04kBBMGA||||[CE].2o7.netTRUE/FALSE s_sv_cx7Bczccdfx60x7Fl[CS]v2|3F5F8EFE|[CE].2o7.netTRUE/FALSE s_vi_cx7Bczxxfifx60x7Fl[CS]v4|3F09DC9B00003CC3- A000A4F |4032DDB1[CE] These cookies contain personal information such as the city and state (Charles Town WV), area code (304), and even address (myname%40domain%2Enet or
Location of Cookie Files In Internet Explorer cookie files are in the “cookies” folder: –C:\Documents and Settings\user\Cookies How to Delete Cookies From Internet Explorer -Link to Microsoft Knowledge Base In Netscape cookies are stored in a file named “cookie.txt”
How Cookies and Browsers Interact By default, browsers allow the use of cookies. You can change your privacy settings so that your browser –Will ask you before placing a cookies on your computer, or –Will prevent the browser from accepting any cookies, or –Will handle First- and Third- Party cookies differently You can specify how you want to handle cookies from individual web sites or all web sites
Persistent Cookie stored on your computer remains there when you close your browser can be read by the web site that created it when you visit that site again.
Temporary or Session Cookie stored on your computer retained only for your current browsing session deleted from your computer when you close your web browser.
Unsatisfactory Cookie might allow access to personally identifiable information information could be used for a secondary purpose without your consent.
First-Party Cookie either originates on or is sent to the web site you are currently viewing commonly used to store information such as your preferences, for use when you re-visit the site
Third-Party Cookie either originates on or is sent to a web site different from the one you are currently viewing commonly used to track your web page use for advertising or other marketing purposes –Example: site xyz.com uses content from site 123.com. Site 123.com uses a cookies to track web page views and use by visitors to xyz.com
Setting Netscape 7 Preferences
Netscape 7 Notification A warning appears when the browser encounters a cookie that either does not have a compact P3P policy or has a P3P policy that does not match the browser preferences Netscape 7 Notification
Setting Mozilla Preferences
Setting IE 6 Preferences
IE6 Notification A warning appears when the browser encounters a cookie that either does not have a compact P3P policy or has a P3P policy that does not match the browser preferences IE6 Notification
IE 6 Privacy Reports
AT&T Privacy Bird AT&T Privacy Bird A free plug-in for Internet Explorer 6 Green BirdYellow BirdRed BirdAudible Notifications: