p3p & internet explorer 6.0 new york – feb. 4, 2002
TRANSCRIPT
P3P & Internet Explorer 6.0P3P & Internet Explorer 6.0
New York – Feb. 4, 2002New York – Feb. 4, 2002
Before We Discuss IE 6.0…Before We Discuss IE 6.0…
Your One-stop P3P ResourceYour One-stop P3P Resource
http://www.p3ptoolbox.orghttp://www.p3ptoolbox.org
ImplementationImplementation
guideguide
Power PointsPower Points
LinksLinks
Key outsideKey outside
resourcesresources
P3P & Internet Explorer 6.0P3P & Internet Explorer 6.0
Cookie ManagementCookie Management
Earlier IE Versions:Earlier IE Versions: ““Reject” all, “accept” all, “prompt”Reject” all, “accept” all, “prompt” CookiesCookies
login, customization or advertisinglogin, customization or advertising How do you know?How do you know?
Same action applied to all cookies Same action applied to all cookies indiscriminatelyindiscriminately
P3P in Internet Explorer 6.0P3P in Internet Explorer 6.0 Based on the Network Advertising Based on the Network Advertising
InitiativeInitiative
Merging of online habits with offline Merging of online habits with offline databases (personally-identifiable databases (personally-identifiable information)information)
Opt-out of data collectionOpt-out of data collection
How Does This Work?How Does This Work? Processes cookies based on presence Processes cookies based on presence
and contents of P3P compact policiesand contents of P3P compact policies Differentiates between cookies based Differentiates between cookies based
on party on party First party: Domain a Web user is First party: Domain a Web user is
visiting visiting (www.example.com)(www.example.com) Third party: Any other domain Third party: Any other domain
serving content serving content (www.examplestore.com or (www.examplestore.com or www.catalog.com)www.catalog.com)
Displays, but does not process, full, or Displays, but does not process, full, or verbose, P3P policiesverbose, P3P policies
Types of P3P-based PoliciesTypes of P3P-based Policies
Verbose P3P Policy (Mandatory)Verbose P3P Policy (Mandatory)
XML file with complete description of site XML file with complete description of site
privacy policiesprivacy policies
Compact P3P Policy (Optional)Compact P3P Policy (Optional)
1-line description of site privacy policy1-line description of site privacy policy
Found in HTTP HeaderFound in HTTP Header
Served by the provider of the cookieServed by the provider of the cookie
Compact Policy ExampleCompact Policy Example
Individual AnalysisIndividual Analysis
Other RecipientsOther Recipients
Online Contact InformationOnline Contact Information
Policies could have more tokens, such as Policies could have more tokens, such as
which data is available for accesswhich data is available for access
Compact Policy:Compact Policy:
P3P: CP=“IVA OTR ONL”P3P: CP=“IVA OTR ONL”
Status Icon:Status Icon: First Encounter First Encounter
User Experience User Experience Help TopicsHelp Topics
Explains Explains privacy issues privacy issues with cookieswith cookies
Explains how to change privacy settings
User ExperienceUser ExperiencePrivacy SettingsPrivacy Settings
Privacy Tab sliderPrivacy Tab slider Medium = DefaultMedium = Default Highest = Block All Highest = Block All
CookiesCookies 11stst and 3 and 3rdrd
Lowest = Allow All Lowest = Allow All CookiesCookies
11stst and 3 and 3rdrd
ImportImport XML Privacy XML Privacy
settings filesettings file
User ExperienceUser ExperienceStatus IconStatus Icon
Web site uses Web site uses cookiescookies
Privacy Privacy Policies don’t Policies don’t match settingsmatch settings
Cookies are Cookies are restrictedrestricted
User notifiedUser notified
User ExperienceUser ExperienceAdvanced Privacy SettingsAdvanced Privacy Settings
Overrides Overrides
automatic cookie automatic cookie
handlinghandling
Control over 1Control over 1stst & &
33rdrd Party cookies Party cookies
Users can exempt Users can exempt
session cookies session cookies
from first two from first two
optionsoptions
What Does This Mean?What Does This Mean? At medium (default) setting:At medium (default) setting:
Third party cookies without compact Third party cookies without compact policies are blockedpolicies are blocked
First party cookies are acceptedFirst party cookies are accepted Third parties will not be able to collect Third parties will not be able to collect
some information. some information. Graphics may not appearGraphics may not appear
In addition:In addition: All settings medium & above will block at All settings medium & above will block at
least some third party cookiesleast some third party cookies Web site functionality may be Web site functionality may be
compromisedcompromised
Additional InformationAdditional InformationP3P Toolbox:P3P Toolbox:
http://www.p3ptoolbox.org/browserhttp://www.p3ptoolbox.org/browser
W3C: W3C: www.w3c.org/P3Pwww.w3c.org/P3P Deployment guide Deployment guide
http://www.w3.org/TR/p3pdeploymenthttp://www.w3.org/TR/p3pdeployment Candidate Recommendation Candidate Recommendation
http://www.w3.org/TR/P3P/http://www.w3.org/TR/P3P/
MSDN articleMSDN article http://http://msdn.microsoft.com/iemsdn.microsoft.com/ie and read the and read the
material on IE 6 privacymaterial on IE 6 privacy Contact Contact [email protected]@microsoft.com with with
questionsquestions