Re: Disavowing Legal Liability from Andreas Färber on 2001-09-20 (www-p3p-policy@w3.org from September 2001)

From: Andreas Färber <andreas.faerber@web.de>
Date: Thu, 20 Sep 2001 20:26:03 +0200
To: <www-p3p-policy@w3.org>
Cc: "Ken Martin" <ken@kpmartin.com>
Message-ID: <OPEAKPHJMKEOHNJONGDGCECCCEAA.andreas.faerber@web.de>

> > Neither Microsoft nor W3C forces anyone to write P3P policies.
>
> This doesn't seem quite fair. [...]

I'm sorry, but this is true. Think about it.

I am not a philosopher but, admittedly, I have not been in the situation of
being a Third-Party Cookie provider, so I don't know exactly about the
P3P/IE6 issues involved in that. But what you're saying basically means to
me that your service has been dependant on a small number of browsers,
namedly Microsoft Internet Explorer 3+, Netscape Navigator 3+, Opera and
some others. Additionally you seem to require your or others' users to
accept one or more Cookies in order for your service to work (otherwise you
would not have any problem with IE6 blocking Cookies based on P3P). Using
Cookies to save user preferences is clearly not unethical or something, I do
the same thing on one of my sites. But you already have two factors of
uncertainty there. One is the user agent and the other is the user. So as a
company, if you want to have your system functioning in these different
situations, you need a system that does not *depend* on Cookies but instead
offers them as a service to those users who are willing to accept them. In
case Cookies are not processed you would therefore need a login system
saving the user preferences into a database (which would have the negative
side effect of having to obtain additional user data) or you would have to
use query string parameters, as these two measures do not seem to be
directly affected. If you have not worked on those problems before, this has
nothing to do with P3P. And in turn, P3P does not threaten any business of
yours as you put it. P3P made you aware of a problem you had been facing and
ignoring all the time.

In fact, this is a structural problem that webmasters have to face
concerning their use of HTTP, not a problem of "bad" P3P leading to blocking
of Cookies in IE6. Because, as I was saying, Cookies could have been blocked
before P3P was implemented, for example by IE5, again showing that P3P is
not the source of any problem arising from the absence of Cookies.

Besides, if anyone does not like to write a P3P policy (e.g. because he does
not want to be liable for it), the users can be instructed to make the
necessary adjustments in IE6 for Cookies to work without P3P. If your site
was e.g. www.myweather.com you could instruct your users to put that site on
the allow-list in IE6 or taking another way of selecting a city/area/state
when discovering that a required Cookie (that could by the way also have
expired) is not sent by the Client, which *could* among other reasons be a
result of not accepting your P3P policy or of the absence thereof.

If you are "supportive of P3P" then you clearly see that the approach Mr.
Wright is trying to take is not the right one and does not solve the problem
of Cookies not being sent to the server.


Andreas

Received on Thursday, 20 September 2001 14:26:34 UTC