P3P A New Standard in Online Privacy - PowerPoint PPT Presentation

1 / 31
About This Presentation
Title:

P3P A New Standard in Online Privacy

Description:

Machine-readable (XML) version of web site privacy policies ... Allows web sites to create privacy policies in P3P and human-readable format ... – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 32
Provided by: lorr76
Category:

less

Transcript and Presenter's Notes

Title: P3P A New Standard in Online Privacy


1
P3PA New Standard in Online Privacy
Overview and Demos from Summer 2000
  • http//www.w3.org/P3P/

2
P3P1.0 A first step
  • Offers an easy way for web sites to communicate
    about their privacy policies in a standard
    machine-readable format
  • Can be deployed using existing web servers
  • This will enable the development of tools (built
    into browsers or separate applications) that
  • Provide snapshots of sites policies
  • Compare policies with user preferences
  • Alert and advise the user

3
P3P is part of the solution
  • P3P1.0 helps users understand privacy policies
    but is not a complete solution
  • Seal programs and regulations
  • help ensure that sites comply with their policies
  • Anonymity tools
  • reduce the amount of information revealed while
    browsing
  • Encryption tools
  • secure data in transit and storage
  • Laws and codes of practice
  • provide a base line level for acceptable policies

4
Using P3P on your Web site
  • Formulate privacy policy
  • Translate privacy policy into P3P format
  • Use a policy generator tool
  • Place P3P policy on web site
  • One policy for entire site or multiple policies
    for different parts of the site
  • Associate policy with web resources
  • Place P3P policy reference file (which identifies
    location of relevant policy file) at well-known
    location on server
  • Configure server to insert P3P header with link
    to P3P policy reference file or
  • Insert link to P3P policy reference file in HTML
    content

5
P3P policies
  • Machine-readable (XML) version of web site
    privacy policies
  • Use P3P Vocabulary to express data practices
  • Use P3P Base Data Set to express type of data
    collected
  • Capture common elements of privacy policies but
    may not express everything (sites may provide
    further explanation in human-readable policies)

6
The P3P vocabulary
  • Who is collecting data?
  • What data is collected?
  • For what purpose will data be used?
  • Is there an ability to opt-in or opt-out of some
    data uses?
  • Who are the data recipients (anyone beyond the
    data collector)?
  • To what information does the data collector
    provide access?
  • What is the data retention policy?
  • How will disputes about the policy be resolved?
  • Where is the human-readable privacy policy?

7
P3P informs Web surfers
privacymanagerbutton
8
Transparency
  • P3P clients can check a privacy policy each time
    it changes
  • P3P clients can check privacy policies on all
    objects in a web page, including ads and
    invisible images

http//www.att.com/accessatt/
http//adforce.imgis.com/?adlink2685231146ADF
ORCE
9
A simple HTTP transaction
WebServer
10
with P3P 1.0 added
WebServer
11
P3P today
  • Intuitive promotes a seamless browsing
    experiences while addressing privacy concerns
  • Transparent makes privacy policies clear to Web
    users
  • Flexible compatible with both regulatory and
    self-regulatory approaches, and with other
    technology tools
  • Global developed with international diversity
    in mind
  • End-to-End provides tools to more easily create
    policies and checks sites for privacy assurance
    seals
  • Expandable future versions could support
    automatic negotiation of privacy agreements and
    digital signature-based authentication
  • Available demos currently available

12
P3P enabled web sites
  • www.aol.com
  • www.att.com
  • www.cdt.org
  • www.engage.com
  • www.hp.com
  • www.ibm.com
  • www.idcide.com
  • www.microsoft.com
  • www.pg.com
  • www.ttuhsc.edu
  • www.youpowered.com
  • www.vineyard.net
  • www.w3.org
  • www.whitehouse.gov

And many more.
13
P3P User Agent Demos
  • Microsoft/ATT P3P Browser Helper Object
  • Idcide Privacy Companion
  • YOUpowered Orby Privacy Plus

14
Microsoft/ATT P3P browser helper object
  • A prototype tool designed to work with Microsoft
    Internet Explorer Browser
  • Not yet fully tested, still missing some features

15
Preference settings
16
(No Transcript)
17
When preferences are changed to Disallow
profiling, the privacy checkwarns us that this
site profiles visitors
18
IDcide Privacy Companion
  • A browser plug-in that adds functionality to
    Netscape or Internet Explorer browsers
  • Includes icons to let users know that sites use
    first- and/or third-party cookies
  • Enables users to select a privacy level that
    controls the cookie types allowed (1st or 3rd
    party)
  • Prevents data spills to 3rd parties through
    referer
  • Lets users view tracking history
  • Prototype P3P-enabled Privacy Companion allows
    for more fine-grained automatic decision making
    based on P3P policies
  • http//www.idcide.com

19
IDcide P3P Icons
Searching for a P3P policy
No P3P policy found
P3P policy isNOT acceptable
P3P policy isacceptable
20
Double clicking on the P3P icon indicates
where the sites policy differs from the users
preferences
21
YOUpowered Orby Privacy Plus
  • A tool bar that sits at the top of a users
    desktop and allows a user to
  • Accept or deny cookies while surfing
  • Decide how, when and where to share personal
    information
  • Store website passwords
  • Enjoy the convenience of "one-click" form-fill
  • P3P features in prototype automatically rate web
    sites based on their P3P policies

22
(No Transcript)
23
Orby cookie prompt
24
Orby preference setting menu
25
Policy Generator Demos
  • IBM P3P Policy Editor
  • PrivacyBot.com
  • YOUPowered Consumer Trust Policy Manager
    Wizard

26
IBM P3P Policy Editor
  • Allows web sites to create privacy policies in
    P3P and human-readable format
  • Drag and drop interface
  • Available from IBM AlphaWorks site
    http//www.alphaworks.ibm.com/tech/p3peditor

27
Sites can list the typesof data theycollect
And view the correspondingP3P policy
28
Propertieswindows allowssites to specify
detailed informationabout how eachtype of data
isused.
29
PrivacyBot.com
Allows webmasters to fill out an online
questionnaire to automatically create a
human-readable privacy policy and a P3P policy
30
YOUpowered Consumer Trust Policy Manager wizard
31
For more information about P3P, please visit our
web site
  • http//www.w3.org/P3P/
Write a Comment
User Comments (0)
About PowerShow.com