Internet Privacy: P3P

    June 27, 2002

If you downloaded Internet Explorer 6 recently (or it came pre-installed on your machine) you may have noticed something a little different. Take a under the “Internet Options” selection of the “Tools” menu. You will see a new tab titled “Privacy”. Click on the tab and you will be able to specify settings which control the way cookies are handled.

There has been a lot of press about this new feature. It’s been all over the web – some positive comments, some negative (and, of course, the usual “it’s just a Microsoft plot” type postings and articles.)

Personally, I like the new privacy tab as it eliminates the need for third party cookie handling products (if you are using Internet Explorer, of course). I found the controls very simple and straightforward, and within a short time cookies have ceased to be a concern.

This is part the first significant implementation of a new internet standard called P3P (Platform for Privacy Preferences). P3P is intended to give surfers more complete control of how their privacy is handled whenever they surf. In theory, at least, P3P should automate privacy, eliminating the need for surfers to read complex privacy notices every time they visit a site and want to enter some information.

The controls actually control much more than you might think. There is quite a bit of technology behind those simple radio buttons. You see, webmasters are being asked to supply a special XML document which defines how their site handles cookies and other privacy matters. Browsers which understand P3P (Internet Explorer for one) read this document and compare it to the settings you entered on the “privacy” tab. This allows the browser to automatically handle your privacy needs for sites which fulfill your privacy needs.

This became an issue because, quite frankly, many companies (both on and off the web) horribly abuse the privacy of their customers. It’s very common for a company to record your name and other personal data, then resell it dozens or even hundreds of times. Information is very valuable, and the information which is gathered from the internet is even more so.

You see, companies can use cookies to track your surfing habits, then compile a profile to determine which types of products you normally purchase. This can be further analyzed to extrapolate which products you are likely to purchase in the future. And this allows advertisements to be targeted at people who are likely to purchase, which increases the value of the advertising campaign.

Other uses, of course, include more, shall we say, slimy practices. These run the gamut from selling your email addresses (to other marketers and spammers as well) to outright crimes such as fraud and identity theft.

Now don’t get this wrong. There are valid uses for cookies, web bugs, and all of the other things used to track customers. These include shopping carts, personalization and the memorization of entry fields. All of these uses are to make things more convenient for the consumer, which thus makes it more likely for people to return the site.

In fact, many people have no objection to the tracking of their surfing habits and the maintenance of a profile. After all, these are used to show highly targeted advertisements, which means a customer will only, in theory, see ads in which he has an interest.

Consumers want to know how their personal information will be used, so companies started creating legal documents called privacy policies. These explain exactly how any and all information collected from a surfer or customer will be used.

Unfortunately, these privacy policies have become extremely complex and virtually unintelligible. I have seen policies which are over 100k in size (all text), which is ludicrously large. Thus, P3P was born to make this a little easier for the consumer, and thus make him more comfortable with surfing and shopping on line.

P3P is, in my opinion, a good start. I really do like the privacy feature in Internet Explorer. It does not, however, go anywhere near far enough. The XML document that must be created by webmasters is very complicated and extremely difficult to create and maintain. The XML documents must (at least until better tools are created) be maintained by webmasters with some technical competence. This means it is difficult for legal types to review and validate. In addition, since there must also be a human-readable document, it is awkward to keep the two policies saying the same things.

However, a start must be made and P3P is a decent attempt to do something to manage privacy. It needs to be greatly expanded to handle such things as web bugs, profile maintenance and so on. These things may be added in the future. In the meantime, those surfers who want to control cookies would be well advised to make the appropriate settings. And webmasters would be well advised to become knowledgeable about P3P and implement it for their sites.

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at – Visit our website any time to read over 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.