February 28, 2021
Hot Topics:

Introduction to P3P

  • By O'Reilly & Associates
  • Send Email »
  • More Articles »

This is Chapter 1: Introduction to P3P from the book Web Privacy with P3P (ISBN: 0-596-00371-4), written by Lorrie Cranor, published by O'Reilly & Associates.

© Copyright O'Reilly & Associates. All rights reserved.

Chapter 1
Introduction to P3P

Internet users are becoming increasingly concerned about what personal information they may reveal when they go online and where that information might end up. It's common to hear about companies that derive revenue from personal information collected on their web sites. Information you provide to register for a site might later be used for telemarketing or sold to another company. Seemingly anonymous information about your web-surfing habits might be merged with your personal information. Web sites use cookies to gather information about users, but disabling cookies prevents you from doing online banking or shopping at some web sites.

Web sites might email you to say that their privacy policies are changing, but most of us find it difficult and time-consuming to read and understand privacy policies or to figure out how to request that the use of our personal information be restricted. Privacy concerns are making consumers nervous about going online, but current privacy policies for web sites tend to be so long and difficult to understand that consumers rarely read them.1

The Platform for Privacy Preferences (P3P) project addresses this problem by providing both a standard, computer-readable format for privacy policies and a protocol that enables web browsers to read and process privacy policies automatically. The World Wide Web Consortium (W3C) developed P3P as a standard way for web sites to communicate about their privacy policies. P3P enables machine-readable privacy policies that can be retrieved automatically by web browsers and by other user agent tools that can display symbols, prompt users, or take other appropriate actions. Some of these tools can also compare each policy against the user's privacy preferences and assist the user in deciding when to exchange data with web sites.

Unlike anonymity tools, which seek to prevent any transfer of personally identifying information, the P3P project seeks to enable the development of tools for making informed decisions about when and if personal information should be revealed.

These tools may work hand-in-hand with anonymity software or filters that actually prevent the transmission of personal information in situations when users do not want their information revealed.

P3P tools are currently available that allow users to configure their web browsers with their personal privacy preferences. P3P-enabled web browsers check for P3P privacy policies at web sites and display symbols to alert users at sites that do not match their preferences. They can also provide summaries of web site privacy policies and use P3P policies to make decisions about cookies.2

How P3P Works

The Platform for Privacy Preferences 1.0 (P3P1.0) Specification is the authoritative source for information on the P3P protocol and vocabulary. Throughout this book, I generally refer to it simply as the "P3P specification." You can retrieve the specification from http://www.w3.org/TR/P3P/.

P3P was developed through a consensus process involving several dozen W3C working group members. Participants came from around the world and included representatives from industry, government, nonprofit organizations, and academia. In addition, public comments on the many P3P working drafts helped shape the final P3P specification. This section gives a brief summary of how P3P works.

Privacy policies are intended to describe a company's data practices—what they do with the information they collect from individuals (usually customers and potential customers, but sometimes also employees and others). The P3P specification includes a standard vocabulary for describing these data practices and a base data schema for describing the kinds of information collected. A P3P policy is a collection of vocabulary and data elements that describes the data practices of a particular web site (or section of a web site).

A P3P policy is essentially composed of the answers to a number of multiple-choice questions and thus does not always contain as much detailed information as a human-readable privacy policy (i.e., a policy written in English or another spoken language that is intended for people, rather than computers, to read). The standard format of a P3P policy allows it to be processed automatically.

The P3P specification also includes a protocol for requesting and transmitting P3P policies. The P3P protocol is built on the same HTTP protocol3 that web browsers use to communicate with web servers. As shown in Figure 1-1, P3P user agents use standard HTTP requests to fetch a P3P policy reference file from a well-known location on the web site to which a user is making a request. The policy reference file indicates the location of the P3P policy file that applies to each part of the web site. There might be one policy for the entire site, or several policies that each cover a different part of the site. The user agent can then fetch the appropriate policy, parse it, and take action according to the user's preferences.

Click here for a larger image.

Figure 1-1. The basic protocol for fetching a P3P policy

P3P also allows sites to place policy reference files in locations other than the well-known location. In these cases, the site must declare the location of the policy reference file by using a special HTTP header or by embedding a LINK tag in the HTML files to which the P3P policies apply. Special HTTP headers are also used to transmit an optional P3P compact policy whenever cookies are set. Compact policies are very short summaries of full P3P policies that describe only the data practices related to cookies.They do not have the full expressive capabilities of P3P policies.

Here's a plain English example of the kind of disclosure a web site might make in a P3P policy:

We do not currently collect any information from visitors to this site except the information contained in standard web server logs (your IP address, referer, information about your web browser, information about your HTTP requests, etc.). The information in these logs will be used only by us and the server administrators for web site and system administration, and for improving this site. It will not be disclosed unless required by law. We may retain these log files indefinitely. Please direct questions about this privacy policy to privacy@p3pbook.com.

And here's what this policy would look like using the P3P syntax and encoding:

<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY discuri="http://p3pbook.com/privacy.html"
    <DATA ref="#business.name">Web Privacy With P3P</DATA>
    <CONSEQUENCE>We keep standard web server logs.</CONSEQUENCE>
      <DATA ref="#dynamic.clickstream"/>
      <DATA ref="#dynamic.http"/>

If you are familiar with the eXtensible Markup Language (XML), this encoding may look familiar to you. But if not, don't worry! I'll get to the details of writing policies in later chapters and introduce you to some tools you can use to create policies without having to write any XML yourself. It is also important to note that P3P policies are designed to be read by computers, not people. User agents will interpret these policies on a user's behalf. In addition, every policy should contain the URL of the web site's human-readable privacy policy, so that users have someplace to turn for more detailed information.

The example policy above is fairly brief, because this web site does not collect much information from visitors. Commercial web sites typically have lengthier policies that describe their more complicated data practices.

Page 1 of 3

This article was originally published on May 1, 2003

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date