u.s. department of commerce web advisory group osec.doc/webresources
DESCRIPTION
Minding Your Own Business The Platform for Privacy Preferences Project. U.S. Department of Commerce Web Advisory Group http://www.osec.doc.gov/webresources/. The E-Gov Requirements. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/1.jpg)
U.S. Department of Commerce Web Advisory Group
http://www.osec.doc.gov/webresources/
Minding Your Own BusinessThe Platform for Privacy
Preferences Project
![Page 2: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/2.jpg)
The E-Gov Requirements
The Privacy Provisions of the E-Government Act of 2002 require both a “human readable” Privacy Policy and
agency use of machine readable technology that alerts users
automatically about whether site privacy practices match their personal privacy
preferences.
![Page 3: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/3.jpg)
Isn’t the Text Version Enough?
Isn’t the Text Version Enough?• Most users do not see the text privacy policy
until after they have visited one or more of the site’s pages.
• Text privacy policies are sometimes difficult for users to locate, too lengthy for users to read, difficult to understand, and can change without notice.
![Page 4: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/4.jpg)
Machine-Readable Policy
Machine-Readable Policy• P3P is the standard for machine-readable
Privacy Policy.• P3P enables web sites to translate their
privacy practices into a standardized format (Extensible Markup Language - XML) that can be retrieved automatically and easily interpreted by a user's browser.
![Page 5: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/5.jpg)
What Does P3P Address?
• Who is collecting data?
• What data is collected?
• For what purpose will data be used?
• Is there an ability to opt-in or opt-out of some data uses?
• Who are the data recipients (anyone beyond the data collector)?
• To what information does the data collector provide access?
• What is the data retention policy?
• How will disputes about the policy be resolved?
• Where is the human-readable Privacy Policy?
What Does P3P Address?
![Page 6: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/6.jpg)
What P3P Does Not Address
What P3P Does Not Address• P3P does not set minimum standards for
privacy; nor can it monitor compliance with stated policy.– Certain types of “cookies” can be blocked
based on type of cookie but not based on content of information in them.
• Implementation varies among browsers.– None go beyond cookies at this time.
![Page 7: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/7.jpg)
How Does P3P Work?
How Does P3P Work?
![Page 8: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/8.jpg)
How Users Are Notified
How Users Are NotifiedWeb Browser Alerts
Web visitors who want to take advantage of P3P enabled sites have to set their personal privacy
preferences in their web browser.
![Page 9: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/9.jpg)
Browser Support
Browser SupportBrowser implementation of P3P is concerned with the issue of
cookies
When the browser encounters a cookie from a web page that either does not have a compact P3P policy, or that has a
P3P policy that does not match the user’s privacy preferences, the user is alerted via icons.
• Browsers supporting Compact P3P Policy:– Netscape 7– Mozilla– Internet Explorer 6– AT&T Privacy Bird (Plug-in for Internet Explorer)
![Page 10: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/10.jpg)
Cookies
Cookies• Cookies are information stored by a server on a
visitor’s computer during their first visit to the site and used on subsequent visits to the site.
• This may be information obtained without asking (e.g., viewing habits), or information provided by the user (name, preferences).
• The server records this information in a text file and stores this file on the visitor's hard drive.
• What do your cookies say about you? Search your computer for the cookie files – You might be surprised.
![Page 11: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/11.jpg)
Example of Cookies
Example of Cookies# Netscape HTTP Cookie File# http://www.netscape.com/newsref/std/cookie_spec.html# This is a generated file! Do not edit.
home.frontiernet.net FALSE / FALSE 1089259125 regionid 1home.frontiernet.net FALSE / FALSE 1089259125 stateabb WVhome.frontiernet.net FALSE / FALSE 1089259125 npa 304home.frontiernet.net FALSE / FALSE 1089259125 city Charles+Town.mp3.com TRUE / FALSE 1293839999 RMID 8c5a18333f09c160.2o7.net TRUE / FALSE 1234755376 s_vi_bzbx7Bmfehkf [CS]v4|3F09DC8800001DFF-
A000A4A00000001|4032DDB1[CE].2o7.net TRUE / FALSE 1234755376 s_vi_nvnwhg [CS]v4|3F09DC8800001DFF-
A000A4A00000001|4032DDB1[CE].2o7.net TRUE / FALSE 1220907114 s_vi_cx7Bczccdfx60x7Fl [CS]v3|3F09DC8800001DFF-
A000A4A00000001|3F5F8EC2|3F09DC88|3F5F8EC3|3F5F8EFE|2|4|0|0||ltx0AGKIx04cEPASEx5Dx1Ex04lKIAx04EJx40x04lKIAx04kBBMGA|ltx0AGKIx04cEPASEx5Dx1Ex04lKIAx04EJx40x04lKIAx04kBBMGA||||[CE]
.2o7.net TRUE / FALSE 1220907114 s_sv_cx7Bczccdfx60x7Fl [CS]v2|3F5F8EFE|[CE]
.2o7.net TRUE / FALSE 1234755376 s_vi_cx7Bczxxfifx60x7Fl [CS]v4|3F09DC9B00003CC3-A000A4F00000001|4032DDB1[CE]
www.tigerdirect.com FALSE / FALSE 1089172972 MyEmail myname%40domain%2Enet.bizrate.com TRUE / FALSE 1373027937 br 105766790547740314.bizrate.com TRUE / FALSE 1373027937 eval 105766790547766748.bizrate.com TRUE / FALSE 1373027937 survey 23939_2003_Jul_8
These cookies contain personal information such as the city and state (Charles Town WV), area code (304), and even e-mail address (myname%40domain%2Enet or [email protected])
![Page 12: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/12.jpg)
Location of Cookie Files
Location of Cookie Files• In Internet Explorer cookie files are in the
“cookies” folder:– C:\Documents and Settings\user\Cookies
How to Delete Cookies From Internet Explorer -Link to Microsoft Knowledge Base
•In Netscape cookies are stored in a file named “cookie.txt”
![Page 13: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/13.jpg)
How Cookies and Browsers Interact
How Cookies and Browsers Interact• By default, browsers allow the use of cookies.• You can change your privacy settings so that your
browser– Will ask you before placing a cookies on your
computer, or– Will prevent the browser from accepting any
cookies, or– Will handle First- and Third- Party cookies
differently • You can specify how you want to handle cookies
from individual web sites or all web sites
![Page 14: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/14.jpg)
Persistent Cookie
Persistent Cookie
• stored on your computer• remains there when you close your browser• can be read by the web site that created it
when you visit that site again.
![Page 15: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/15.jpg)
Temporary or Session Cookie
Temporary or Session Cookie
• stored on your computer
• retained only for your current browsing session
• deleted from your computer when you close your web browser.
![Page 16: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/16.jpg)
Unsatisfactory Cookie
Unsatisfactory Cookie
• might allow access to personally identifiable information
• information could be used for a secondary purpose without your consent.
![Page 17: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/17.jpg)
First-Party Cookie
First-Party Cookie
• either originates on or is sent to the web site you are currently viewing
• commonly used to store information such as your preferences, for use when you re-visit the site
![Page 18: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/18.jpg)
Third-Party Cookie
Third-Party Cookie
• either originates on or is sent to a web site different from the one you are currently viewing
• commonly used to track your web page use for advertising or other marketing purposes
– Example: site xyz.com uses content from site 123.com. Site 123.com uses a cookies to track web page views and use by visitors to xyz.com
![Page 19: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/19.jpg)
Setting Netscape 7 Preferences
Setting Netscape 7 Preferences
![Page 20: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/20.jpg)
Netscape 7 Notification
A warning appears when the browser encounters a cookie that either does not have a compact P3P policy or has a P3P policy that does not match the browser preferences
Netscape 7 Notification
![Page 21: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/21.jpg)
Setting Mozilla Preferences
Setting Mozilla Preferences
![Page 22: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/22.jpg)
Setting IE 6 Preferences
Setting IE 6 Preferences
![Page 23: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/23.jpg)
IE6 Notification
A warning appears when the browser encounters a cookie that either does not have a compact P3P policy or has a P3P policy that does not match the browser preferences
IE6 Notification
![Page 24: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/24.jpg)
IE 6 Privacy Reports
IE 6 Privacy Reports
![Page 25: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/25.jpg)
AT&T Privacy Bird
AT&T Privacy Bird A free plug-in for Internet Explorer 6
Green Bird Yellow Bird Red BirdAudible Notifications:
![Page 26: U.S. Department of Commerce Web Advisory Group osec.doc/webresources](https://reader034.vdocument.in/reader034/viewer/2022051416/56814408550346895db09e04/html5/thumbnails/26.jpg)