U.S. Department of Commerce

1
Minding Your Own BusinessThe Platform for
Privacy Preferences Project

• U.S. Department of Commerce
• Web Advisory Group
• http//www.osec.doc.gov/webresources/

2
The E-Gov Requirements

• The Privacy Provisions of the E-Government Act
  of 2002 require both a human readable Privacy
  Policy and agency use of machine readable
  technology that alerts users automatically about
  whether site privacy practices match their
  personal privacy preferences.

3
Isnt the Text Version Enough?

• Isnt the Text Version Enough?
• Most users do not see the text privacy policy
  until after they have visited one or more of the
  sites pages.
• Text privacy policies are sometimes difficult for
  users to locate, too lengthy for users to read,
  difficult to understand, and can change without
  notice.

4
Machine-Readable Policy

• Machine-Readable Policy
• P3P is the standard for machine-readable Privacy
  Policy.
• P3P enables web sites to translate their privacy
  practices into a standardized format (Extensible
  Markup Language - XML) that can be retrieved
  automatically and easily interpreted by a user's
  browser.

5
What Does P3P Address?
What Does P3P Address?

• Who is collecting data?
• What data is collected?
• For what purpose will data be used?
• Is there an ability to opt-in or opt-out of some
  data uses?
• Who are the data recipients (anyone beyond the
  data collector)?

• To what information does the data collector
  provide access?
• What is the data retention policy?
• How will disputes about the policy be resolved?
• Where is the human-readable Privacy Policy?

6
What P3P Does Not Address

• What P3P Does Not Address
• P3P does not set minimum standards for privacy
  nor can it monitor compliance with stated policy.
• Certain types of cookies can be blocked based
  on type of cookie but not based on content of
  information in them.
• Implementation varies among browsers.
• None go beyond cookies at this time.

7
How Does P3P Work?
How Does P3P Work?
8
How Users Are Notified
How Users Are Notified Web Browser Alerts Web
visitors who want to take advantage of P3P
enabled sites have to set their personal privacy
preferences in their web browser.
9
Browser Support

• Browser Support
• Browser implementation of P3P is concerned with
  the issue of cookies
• When the browser encounters a cookie from a web
  page that either does not have a compact P3P
  policy, or that has a P3P policy that does not
  match the users privacy preferences, the user is
  alerted via icons.
• Browsers supporting Compact P3P Policy
• Netscape 7
• Mozilla
• Internet Explorer 6
• ATT Privacy Bird (Plug-in for Internet Explorer)

10
Cookies

• Cookies
• Cookies are information stored by a server on a
  visitors computer during their first visit to
  the site and used on subsequent visits to the
  site.
• This may be information obtained without asking
  (e.g., viewing habits), or information provided
  by the user (name, preferences).
• The server records this information in a text
  file and stores this file on the visitor's hard
  drive.
• What do your cookies say about you? Search your
  computer for the cookie files You might be
  surprised.

11
Example of Cookies

• Example of Cookies
• Netscape HTTP Cookie File
• http//www.netscape.com/newsref/std/cookie_spec.
  html
• This is a generated file! Do not edit.
• home.frontiernet.net FALSE / FALSE 1089259125 regi
  onid 1
• home.frontiernet.net FALSE / FALSE 1089259125 stat
  eabb WV
• home.frontiernet.net FALSE / FALSE 1089259125 npa
  304
• home.frontiernet.net FALSE / FALSE 1089259125 city
  CharlesTown
• .mp3.com TRUE / FALSE 1293839999 RMID 8c5a18333f09
  c160
• .2o7.net TRUE / FALSE 1234755376 s_vi_bzbx7Bmfehkf
  CSv43F09DC8800001DFF-A000A4A000000014032DDB1
  CE
• .2o7.net TRUE / FALSE 1234755376 s_vi_nvnwhg CSv
  43F09DC8800001DFF-A000A4A000000014032DDB1CE
• .2o7.net TRUE / FALSE 1220907114 s_vi_cx7Bczccdfx6
  0x7Fl CSv33F09DC8800001DFF-A000A4A000000013F5F
  8EC23F09DC883F5F8EC33F5F8EFE2400ltx0AGKIx
  04cEPASEx5Dx1Ex04lKIAx04EJx40x04lKIAx04kBBMGAltx0
  AGKIx04cEPASEx5Dx1Ex04lKIAx04EJx40x04lKIAx04kBBMGA
  CE
• .2o7.net TRUE / FALSE 1220907114 s_sv_cx7Bczccdfx6
  0x7Fl CSv23F5F8EFECE
• .2o7.net TRUE / FALSE 1234755376 s_vi_cx7Bczxxfifx
  60x7Fl CSv43F09DC9B00003CC3-A000A4F00000001403
  2DDB1CE
• www.tigerdirect.com FALSE / FALSE 1089172972 MyEma
  il myname40domain2Enet
• .bizrate.com TRUE / FALSE 1373027937 br 1057667905
  47740314
• .bizrate.com TRUE / FALSE 1373027937 eval 10576679
  0547766748
• .bizrate.com TRUE / FALSE 1373027937 survey 23939_
  2003_Jul_8

12
Location of Cookie Files

• Location of Cookie Files
• In Internet Explorer cookie files are in the
  cookies folder
• C\Documents and Settings\user\Cookies

How to Delete Cookies From Internet Explorer
-Link to Microsoft Knowledge Base

• In Netscape cookies are stored in a file named
  cookie.txt

13
How Cookies and Browsers Interact

• How Cookies and Browsers Interact
• By default, browsers allow the use of cookies.
• You can change your privacy settings so that your
  browser
• Will ask you before placing a cookies on your
  computer, or
• Will prevent the browser from accepting any
  cookies, or
• Will handle First- and Third- Party cookies
  differently
• You can specify how you want to handle cookies
  from individual web sites or all web sites

14
Persistent Cookie

• Persistent Cookie
• stored on your computer
• remains there when you close your browser
• can be read by the web site that created it when
  you visit that site again.

15
Temporary or Session Cookie

• Temporary or Session Cookie
• stored on your computer
• retained only for your current browsing session
• deleted from your computer when you close your
  web browser.

16
Unsatisfactory Cookie

• Unsatisfactory Cookie
• might allow access to personally identifiable
  information
• information could be used for a secondary purpose
  without your consent.

17
First-Party Cookie

• First-Party Cookie
• either originates on or is sent to the web site
  you are currently viewing
• commonly used to store information such as your
  preferences, for use when you re-visit the site

18
Third-Party Cookie

• Third-Party Cookie
• either originates on or is sent to a web site
  different from the one you are currently viewing
• commonly used to track your web page use for
  advertising or other marketing purposes
• Example site xyz.com uses content from site
  123.com. Site 123.com uses a cookies to track web
  page views and use by visitors to xyz.com

19
Setting Netscape 7 Preferences
Setting Netscape 7 Preferences
20
Netscape 7 Notification
Netscape 7 Notification
A warning appears when the browser encounters a
cookie that either does not have a compact P3P
policy or has a P3P policy that does not match
the browser preferences
21
Setting Mozilla Preferences
Setting Mozilla Preferences
22
Setting IE 6 Preferences
Setting IE 6 Preferences
23
IE6 Notification
IE6 Notification
A warning appears when the browser encounters a
cookie that either does not have a compact P3P
policy or has a P3P policy that does not match
the browser preferences
24
IE 6 Privacy Reports
IE 6 Privacy Reports
25
ATT Privacy Bird
ATT Privacy Bird A free plug-in for Internet
Explorer 6
Green Bird
Yellow Bird
Red Bird
Audible Notifications
26
(No Transcript)