Internet Explorer Privacy Features

Download Report

Transcript Internet Explorer Privacy Features 

Privacy, P3P and Internet
Explorer 6
P3P Briefing – 11/16/01
Privacy Context



Online Privacy a concern:

Consumers

Advocacy groups

Governments
Users often do not understand:

What data is being collected

How it is being used
A primary focus for online privacy has
been cookies

Cookies are not inherently bad
How does P3P fit in?

P3P is the work of the Worldwide Web Consortium;
currently in candidate recommendation phase

Creates a common vocabulary and syntax for
expressing Web site data management practices

Machine-readable format which can be deployed on any
web-server

Allows user agents (such as browsers) to act directly on
a user’s behalf, or facilitate decision-making, regarding
privacy preferences
The P3P vocabulary

Who is collecting data?

What data is collected?
does the data collector

For what purpose will
data be used?
provide access?


Is there an ability to optin or opt-out of some
data uses?
Who are the data
recipients (anyone
beyond the data
collector)?


To what information
What is the data
retention policy?

How will disputes about
the policy be resolved?

Where is the humanreadable privacy policy?
P3P is part of the solution
P3P 1.0 helps users understand privacy
policies, but is not a complete solution
 Seal
programs and regulations
 help
ensure that sites comply with their policies
 Anonymity
tools
 reduce
the amount of information revealed while
browsing
 Encryption
 secure
 Laws
tools
data in transit and storage
and codes of practice
 provide
a baseline level for acceptable policies
How do I create a privacy
statement?

Evaluate existing web-site practices

Write literal expression of these behaviors in natural
language

Review statement with legal counsel and marketing
departments

Post conspicuously on web-site, with “one-click”
access

Transform natural language privacy statement
into vocabulary and syntax of P3P
Types of P3P-based Policies

Verbose P3P Policy (Mandatory)

XML file with complete description of site
privacy policies

Compact P3P Policy (Optional)

1-line description of site privacy policy

Found in HTTP Header

Served by the provider of the cookie
Policy Example

contoso.com:

Analyzes behavior of individual users


Provides user info to third parties


Recipient = <other/>
Collects user email address


Purpose = <individual-analysis/>
Category = <online/>
Provides no opt in / out
Policy Example (cont)
Compact Policy
<STATEMENT>
<PURPOSE>
<individual-analysis/>
IVA
</PURPOSE>
<RECIPIENT>
<other/>
OTR
</RECIPIENT>
<DATA-GROUP>
<DATA ref="#user.homeinfo.online.email">
<CATEGORIES>
<online/>
</CATEGORIES>
</DATA>
</DATA-GROUP>
ONL
</STATEMENT>
Compact Policy Example
Compact Policy:
P3P: CP=“IVA OTR ONL”

Policies could have more tokens, such as
which data is available for access
IE 6 P3P Implementation Goals

End-user goals
 Unobtrusive
 Works
 Easy
out of the box
to understand
 Flexible

for power users
Site goals
 Not
disruptive to web business model
 Easy
to implement any changes
 Help
sites boost consumer confidence
IE 6 P3P Implementation

Focus on providing more information
about cookies

Help users make choices

Create smarter automated behavior

Discriminate according to purpose
Cookie Management

End user experience in IE browsers
before IE 6:


“Reject” all, “accept” all, “prompt”
Cookies



login, customization, advertising
How do you know?
Same action applied to all cookies
indiscriminately
Status Icon: First Encounter
User Experience
Help Topics


Explains
privacy issues
with cookies
Explains how to
change privacy
settings
User Experience
Status Icon




Web site uses
cookies
Privacy
Policies don’t
match settings
Cookies are
restricted
User notified
User Experience
Privacy Settings

Privacy Tab slider

Medium = Default

Highest = Block All
Cookies


Lowest = Allow All
Cookies


1st and 3rd
1st and 3rd
Import

XML Privacy
settings file
User Experience
Advanced Privacy Settings

Overrides
automatic cookie
handling

Control over 1st &
3rd Party cookies

Users can exempt
session cookies
from first two
options
Additional Information

MSDN article



http://msdn.microsoft.com/ie and read the
material on IE 6 privacy
Contact [email protected] with
questions
W3C: www.w3c.org/P3P


Deployment guide
http://www.w3.org/TR/p3pdeployment
Candidate Recommendation
http://www.w3.org/TR/P3P/
Call to Action



Express full privacy policy via the
P3P syntax
Deploy compact policies
Read MSDN IE 6 privacy article


Also browse through W3C P3P
literature
Work with your external partners to
have them deploy compact policies