Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
P3P A New Standard in Online Privacy Overview and Demos from Summer 2000 http://www.w3.org/P3P/ P3P1.0 – A first step Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format Can be deployed using existing web servers This will enable the development of tools (built into browsers or separate applications) that: Provide snapshots of sites’ policies Compare policies with user preferences Alert and advise the user 2 P3P is part of the solution P3P1.0 helps users understand privacy policies but is not a complete solution Seal programs and regulations help ensure that sites comply with their policies Anonymity tools reduce the amount of information revealed while browsing Encryption tools secure data in transit and storage Laws and codes of practice provide a base line level for acceptable policies 3 Using P3P on your Web site 1. Formulate privacy policy 2. Translate privacy policy into P3P format Use a policy generator tool 3. Place P3P policy on web site One policy for entire site or multiple policies for different parts of the site 4. Associate policy with web resources: Place P3P policy reference file (which identifies location of relevant policy file) at well-known location on server; Configure server to insert P3P header with link to P3P policy reference file; or Insert link to P3P policy reference file in HTML content 4 P3P policies Machine-readable (XML) version of web site privacy policies Use P3P Vocabulary to express data practices Use P3P Base Data Set to express type of data collected Capture common elements of privacy policies but may not express everything (sites may provide further explanation in humanreadable policies) 5 The P3P vocabulary Who is collecting data? What data is collected? For what purpose will data be used? Is there an ability to optin or opt-out of some data uses? Who are the data recipients (anyone beyond the data collector)? To what information does the data collector provide access? What is the data retention policy? How will disputes about the policy be resolved? Where is the humanreadable privacy policy? 6 P3P informs Web surfers privacy manager button 7 Transparency P3P clients can check a privacy policy each time it changes http://www.att.com/accessatt/ P3P clients can check privacy policies on all objects in a web page, including ads and invisible images http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE 8 A simple HTTP transaction GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page Web Server HTTP/1.1 200 OK Content-Type: text/html . . . Send web page 9 … with P3P 1.0 added GET /w3c/p3p.xml HTTP/1.1 Host: www.att.com Request Policy Reference File Web Server Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page 10 P3P today Intuitive – promotes a seamless browsing experiences while addressing privacy concerns Transparent – makes privacy policies clear to Web users Flexible – compatible with both regulatory and selfregulatory approaches, and with other technology tools Global – developed with international diversity in mind End-to-End – provides tools to more easily create policies and checks sites for privacy assurance seals Expandable – future versions could support automatic negotiation of privacy agreements and digital signaturebased authentication Available – demos currently available 11 P3P enabled web sites www.aol.com www.microsoft.com www.att.com www.pg.com www.cdt.org www.ttuhsc.edu www.engage.com www.youpowered.com www.hp.com www.vineyard.net www.ibm.com www.w3.org www.idcide.com www.whitehouse.gov And many more…. 12 P3P User Agent Demos Microsoft/AT&T P3P Browser Helper Object Idcide Privacy Companion YOUpowered Orby Privacy Plus Microsoft/AT&T P3P browser helper object A prototype tool designed to work with Microsoft Internet Explorer Browser Not yet fully tested, still missing some features 14 Preference settings 15 16 When preferences are changed to Disallow profiling, the privacy check warns us that this site profiles visitors 17 IDcide Privacy Companion A browser plug-in that adds functionality to Netscape or Internet Explorer browsers Includes icons to let users know that sites use firstand/or third-party cookies Enables users to select a privacy level that controls the cookie types allowed (1st or 3rd party) Prevents data spills to 3rd parties through “referer” Let’s users view tracking history Prototype P3P-enabled Privacy Companion allows for more fine-grained automatic decision making based on P3P policies http://www.idcide.com 18 IDcide P3P Icons Searching for a P3P policy No P3P policy found P3P policy is NOT acceptable P3P policy is acceptable 19 Double clicking on the P3P icon indicates where the site’s policy differs from the user’s preferences 20 YOUpowered Orby Privacy Plus A tool bar that sits at the top of a user’s desktop and allows a user to Accept or deny cookies while surfing Decide how, when and where to share personal information Store website passwords Enjoy the convenience of "one-click" form-fill P3P features in prototype automatically rate web sites based on their P3P policies 21 Trust Meter 22 Orby cookie prompt 23 Orby preference setting menu 24 Policy Generator Demos IBM P3P Policy Editor PrivacyBot.com YOUPowered Consumer Trust Policy Manager Wizard IBM P3P Policy Editor Allows web sites to create privacy policies in P3P and human-readable format Drag and drop interface Available from IBM AlphaWorks site: http://www.alphaworks.ibm.com/tech/p3peditor 26 Sites can list the types of data they collect And view the corresponding P3P policy 27 Properties windows allows sites to specify detailed information about how each type of data is used. 28 PrivacyBot.com Allows webmasters to fill out an online questionnaire to automatically create a human-readable privacy policy and a P3P policy 29 YOUpowered Consumer Trust Policy Manager wizard 30 For more information about P3P, please visit our web site http://www.w3.org/P3P/