W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2012

Re: P3P NOT fail

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 24 Feb 2012 11:39:42 +0100
To: public-privacy@w3.org
Cc: Richard Barnes <richard.barnes@gmail.com>
Message-ID: <2143482.buA0YM843G@hegel.sophia.w3.org>
Hi Richard, 

and here is Lorrie's answer: 
http://arstechnica.com/tech-policy/news/2012/02/web-privacy-standards-easy-to-
break-hard-to-enforce.ars

really worth reading. And I agree with her  answer to the claim that the P3P 
compact format is "impractical": "It's not obvious to me there's any 
fundamental reason why a proper P3P compact policy wouldn't work in that 
scenario."

In the work on DNT I constantly see the desperate need for simple notification 
of the user coming up. And people there constantly re-invent P3P with other 
angle brackets. So claiming P3P is outdated is IMHO a self-serving 
declaration. P3P is not widespread anymore and we may re-invent it in some 
other ways. Because whoever asks for "Transparency:  Consumers have a right to 
easily understandable information about privacy and security practices." will 
have to look at P3P as it provides exactly that.
(see http://www.whitehouse.gov/the-press-office/2012/02/23/we-can-t-wait-
obama-administration-unveils-blueprint-privacy-bill-rights for that last 
statement)

But I also think it's clear that we won't take up P3P as is. How to re-invent 
P3P? Dave Raggett had made a nice suggestion:
http://www.w3.org/2010/09/raggett-fresh-take-on-p3p/

This merits further discussion IMHO

Best, 

Rigo

On Tuesday 21 February 2012 08:43:20 Richard Barnes wrote:
> Internet Explorer is configured by default to reject cookies unless a
> certain P3P policy is present.  Google, Facebook, et al. say "This is
> not a P3P policy".  According to Lorrie Cranor, this practice is used
> by around 1/3 of websites, including msn.com and live.com.
> 
> "
> "Microsoft uses a 'self-declaration' protocol (known as 'P3P') dating
> from 2002 under which Microsoft asks websites to represent their
> privacy practices in machine-readable form," Google Senior VP of
> Communications and Policy Rachel Whetstone says in a statement
> e-mailed to Ars. "It is well known—including by Microsoft—that it is
> impractical to comply with Microsoft’s request while providing modern
> web functionality."
> "
> 
> <http://arstechnica.com/tech-policy/news/2012/02/google-tricks-internet-expl
> orer-into-accepting-tracking-cookies-microsoft-claims.ars>
Received on Friday, 24 February 2012 10:40:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:53 UTC