Understanding P3P (
Page 1 of 5 )
Worried about greedy online merchants snooping around your hard
drive when you visit their e-stores? Wondering how much personal
information a site actually collects and stores about you? You might be
interested in P3P, an upcoming privacy standard that hopes to bring greater
transparency to the way personal information is used over the Web.Privacy on the Web has always been an important bugbear for Internet
users.
Used to be, most Web sites couldn't care less who you were, where
you lived, or what your email address was. Then came the Internet boom, and
suddenly everyone and his uncle was launching a Web site, a portal or an online
store. And, in the war for eyeballs and clicks, your privacy suddenly became
fair game - many Web sites started requiring users to provide detailed personal
information before allowing them access, and using (sometimes even sharing) this
information for targeted advertising (aka spam).
Faced with the potential
loss of his privacy, and deluged with a constant barrage of banner ads and
unsolicited commercial email, Joe Surfer hit back. The result: P3P.
P3P
(not be confused with PGP or PHP) is an acronym for the Platform for Privacy
Preferences Project, a W3c initiative aimed at improving privacy practices on
the Web. It's goal, though lofty, is pretty simple: a clearly-defined, open
standard that defines how personal information is collected and used over the
Web.
Needless to say, this is harder than it sounds. Web sites, many of
which require demographic data to sell ad space or decide business strategy,
tend to get overbearing and pushy when it comes to asking for personal details,
sometimes refusing access to their content unless the user first fills up a
detailed questionnaire. And, at the other end of the spectrum, Web users are
concerned about the loss of privacy that occurs when these sites play fast and
loose with the personal information they have in their massive
databases.
P3P attempts to provide a solution to the problem, by
providing greater information to Web users about how Web sites handle their
personal information. It addresses privacy concerns at two levels, providing Web
sites with a standard way of defining and publishing their privacy policies, and
providing Web users with a way to access these policies and make informed
choices about releasing personal information to the requesting
party.
Over the next few pages, I'll be taking a closer look at P3P,
explaining its rationale and goals, how it works and the problems associated
with it. I'll warn you at the outset itself that the P3P specification is still
under development, so things may change over the next few months - however, the
following material should be sufficient to explain the basics.
/ 1 
