1 / 31

P3P A New Standard in Online Privacy

P3P A New Standard in Online Privacy. http://www.w3.org/P3P/. Overview and Demos from Summer 2000. P3P1.0 – A first step. Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format Can be deployed using existing web servers

darius
Télécharger la présentation

P3P A New Standard in Online Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. P3PA New Standard in Online Privacy http://www.w3.org/P3P/ Overview and Demos from Summer 2000

  2. P3P1.0 – A first step • Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format • Can be deployed using existing web servers • This will enable the development of tools (built into browsers or separate applications) that: • Provide snapshots of sites’ policies • Compare policies with user preferences • Alert and advise the user

  3. P3P is part of the solution P3P1.0 helps users understand privacy policies but is not a complete solution • Seal programs and regulations • help ensure that sites comply with their policies • Anonymity tools • reduce the amount of information revealed while browsing • Encryption tools • secure data in transit and storage • Laws and codes of practice • provide a base line level for acceptable policies

  4. Using P3P on your Web site • Formulate privacy policy • Translate privacy policy into P3P format • Use a policy generator tool • Place P3P policy on web site • One policy for entire site or multiple policies for different parts of the site • Associate policy with web resources: • Place P3P policy reference file (which identifies location of relevant policy file) at well-known location on server; • Configure server to insert P3P header with link to P3P policy reference file; or • Insert link to P3P policy reference file in HTML content

  5. P3P policies • Machine-readable (XML) version of web site privacy policies • Use P3P Vocabulary to express data practices • Use P3P Base Data Set to express type of data collected • Capture common elements of privacy policies but may not express everything (sites may provide further explanation in human-readable policies)

  6. Who is collecting data? What data is collected? For what purpose will data be used? Is there an ability to opt-in or opt-out of some data uses? Who are the data recipients (anyone beyond the data collector)? To what information does the data collector provide access? What is the data retention policy? How will disputes about the policy be resolved? Where is the human-readable privacy policy? The P3P vocabulary

  7. P3P informs Web surfers privacymanagerbutton

  8. Transparency • P3P clients can check a privacy policy each time it changes • P3P clients can check privacy policies on all objects in a web page, including ads and invisible images http://www.att.com/accessatt/ http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE

  9. GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page A simple HTTP transaction WebServer

  10. GET /w3c/p3p.xml HTTP/1.1 Host: www.att.com Request Policy Reference File Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page … with P3P 1.0 added WebServer

  11. P3P today • Intuitive – promotes a seamless browsing experiences while addressing privacy concerns • Transparent – makes privacy policies clear to Web users • Flexible – compatible with both regulatory and self-regulatory approaches, and with other technology tools • Global – developed with international diversity in mind • End-to-End – provides tools to more easily create policies and checks sites for privacy assurance seals • Expandable – future versions could support automatic negotiation of privacy agreements and digital signature-based authentication • Available – demos currently available

  12. www.aol.com www.att.com www.cdt.org www.engage.com www.hp.com www.ibm.com www.idcide.com www.microsoft.com www.pg.com www.ttuhsc.edu www.youpowered.com www.vineyard.net www.w3.org www.whitehouse.gov P3P enabled web sites And many more….

  13. P3P User Agent Demos Microsoft/AT&T P3P Browser Helper Object Idcide Privacy Companion YOUpowered Orby Privacy Plus

  14. Microsoft/AT&T P3P browser helper object • A prototype tool designed to work with Microsoft Internet Explorer Browser • Not yet fully tested, still missing some features

  15. Preference settings

  16. When preferences are changed to Disallow profiling, the privacy checkwarns us that this site profiles visitors

  17. IDcide Privacy Companion • A browser plug-in that adds functionality to Netscape or Internet Explorer browsers • Includes icons to let users know that sites use first- and/or third-party cookies • Enables users to select a privacy level that controls the cookie types allowed (1st or 3rd party) • Prevents data spills to 3rd parties through “referer” • Let’s users view tracking history • Prototype P3P-enabled Privacy Companion allows for more fine-grained automatic decision making based on P3P policies • http://www.idcide.com

  18. IDcide P3P Icons Searching for a P3P policy No P3P policy found P3P policy isNOT acceptable P3P policy isacceptable

  19. Double clicking on the P3P icon indicates where the site’s policy differs from the user’s preferences

  20. YOUpowered Orby Privacy Plus • A tool bar that sits at the top of a user’s desktop and allows a user to • Accept or deny cookies while surfing • Decide how, when and where to share personal information • Store website passwords • Enjoy the convenience of "one-click" form-fill • P3P features in prototype automatically rate web sites based on their P3P policies

  21. Trust Meter

  22. Orby cookie prompt

  23. Orby preference setting menu

  24. Policy Generator Demos IBM P3P Policy Editor PrivacyBot.com YOUPowered Consumer Trust Policy Manager Wizard

  25. IBM P3P Policy Editor • Allows web sites to create privacy policies in P3P and human-readable format • Drag and drop interface • Available from IBM AlphaWorks site: http://www.alphaworks.ibm.com/tech/p3peditor

  26. Sites can list the typesof data theycollect And view the correspondingP3P policy

  27. Propertieswindows allowssites to specify detailed informationabout how eachtype of data isused.

  28. PrivacyBot.com Allows webmasters to fill out an online questionnaire to automatically create a human-readable privacy policy and a P3P policy

  29. YOUpowered Consumer Trust Policy Manager wizard

  30. For more information about P3P, please visit our web site http://www.w3.org/P3P/

More Related