W3C home > Mailing lists > Public > site-comments@w3.org > December 2003

pls make your page valid, don't use cookies without a clear privacy policy

From: Dan Connolly <connolly@w3.org>
Date: Tue, 16 Dec 2003 12:21:58 -0600
To: webmaster@www.un.org, webmaster@un.org
Cc: site-comments@w3.org, Tim Berners-Lee <timbl@w3.org>, Rigo Wenning <rigo@w3.org>, Karl Dubost <karl@w3.org>
Message-Id: <1071598918.7650.438.camel@dirk.dm93.org>

Hello U.N. webmaster,

I just followed a link from a W3C news item
http://www.w3.org/News/2003#item200

to an article "In e-mail to students, Annan urges communication to build
understanding"
http://www.un.org/apps/news/story.asp?NewsID=9157&Cr=wsis&Cr1=

I was surprised that the www.un.org server asks to set a cookie.
Why does it do that?

I suggest you turn that off.

If you're going to set cookies, you owe your readers
a clear privacy policy. I don't see any p3p headers in the server's
response, nor any human-readable privacy policy.

Are you familiar with P3P?
  http://www.w3.org/P3P/

We have a tool that checks for P3P stuff:

"Validator could not find valid policy reference file URI."
http://validator.w3.org/p3p/20020128/p3p.pl?uri=http%3A%2F%2Fwww.un.org%2Fapps%2Fnews%2Fstory.asp%3FNewsID%3D9157%26Cr%3Dwsis%26Cr1%3D

(Rigo, please consider arranging for the P3P validator
to complain more loudly if it finds Set-Cookie headers
without a P3P policy.)

Also, I notice that the HTML markup of the page does
not conform to the community standards:

http://validator.w3.org/check?uri=http%3A%2F%2Fwww.un.org%2Fapps%2Fnews%2Fstory.asp%3FNewsID%3D9157%26Cr%3Dwsis%26Cr1%3D

Please fix.


-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
Received on Tuesday, 16 December 2003 13:22:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 24 October 2012 16:21:28 GMT