P3P & Internet Explorer 6.0P3P & Internet Explorer 6.0

New York – Feb. 4, 2002New York – Feb. 4, 2002

Before We Discuss IE 6.0…Before We Discuss IE 6.0…

Your One-stop P3P ResourceYour One-stop P3P Resource

http://www.p3ptoolbox.orghttp://www.p3ptoolbox.org

ImplementationImplementation

guideguide

Power PointsPower Points

LinksLinks

Key outsideKey outside

resourcesresources

P3P & Internet Explorer 6.0P3P & Internet Explorer 6.0

Cookie ManagementCookie Management

Earlier IE Versions:Earlier IE Versions: ““Reject” all, “accept” all, “prompt”Reject” all, “accept” all, “prompt” CookiesCookies

login, customization or advertisinglogin, customization or advertising How do you know?How do you know?

Same action applied to all cookies Same action applied to all cookies indiscriminatelyindiscriminately

P3P in Internet Explorer 6.0P3P in Internet Explorer 6.0 Based on the Network Advertising Based on the Network Advertising

InitiativeInitiative

Merging of online habits with offline Merging of online habits with offline databases (personally-identifiable databases (personally-identifiable information)information)

Opt-out of data collectionOpt-out of data collection

How Does This Work?How Does This Work? Processes cookies based on presence Processes cookies based on presence

and contents of P3P compact policiesand contents of P3P compact policies Differentiates between cookies based Differentiates between cookies based

on party on party First party: Domain a Web user is First party: Domain a Web user is

visiting visiting (www.example.com)(www.example.com) Third party: Any other domain Third party: Any other domain

serving content serving content (www.examplestore.com or (www.examplestore.com or www.catalog.com)www.catalog.com)

Displays, but does not process, full, or Displays, but does not process, full, or verbose, P3P policiesverbose, P3P policies

Types of P3P-based PoliciesTypes of P3P-based Policies

Verbose P3P Policy (Mandatory)Verbose P3P Policy (Mandatory)

XML file with complete description of site XML file with complete description of site

privacy policiesprivacy policies

Compact P3P Policy (Optional)Compact P3P Policy (Optional)

1-line description of site privacy policy1-line description of site privacy policy

Found in HTTP HeaderFound in HTTP Header

Served by the provider of the cookieServed by the provider of the cookie

Compact Policy ExampleCompact Policy Example

Individual AnalysisIndividual Analysis

Other RecipientsOther Recipients

Online Contact InformationOnline Contact Information

Policies could have more tokens, such as Policies could have more tokens, such as

which data is available for accesswhich data is available for access

Compact Policy:Compact Policy:

P3P: CP=“IVA OTR ONL”P3P: CP=“IVA OTR ONL”

Status Icon:Status Icon: First Encounter First Encounter

User Experience User Experience Help TopicsHelp Topics

Explains Explains privacy issues privacy issues with cookieswith cookies

Explains how to change privacy settings

User ExperienceUser ExperiencePrivacy SettingsPrivacy Settings

Privacy Tab sliderPrivacy Tab slider Medium = DefaultMedium = Default Highest = Block All Highest = Block All

CookiesCookies 11stst and 3 and 3rdrd

Lowest = Allow All Lowest = Allow All CookiesCookies

11stst and 3 and 3rdrd

ImportImport XML Privacy XML Privacy

settings filesettings file

User ExperienceUser ExperienceStatus IconStatus Icon

Web site uses Web site uses cookiescookies

Privacy Privacy Policies don’t Policies don’t match settingsmatch settings

Cookies are Cookies are restrictedrestricted

User notifiedUser notified

User ExperienceUser ExperienceAdvanced Privacy SettingsAdvanced Privacy Settings

Overrides Overrides

automatic cookie automatic cookie

handlinghandling

Control over 1Control over 1stst & &

33rdrd Party cookies Party cookies

Users can exempt Users can exempt

session cookies session cookies

from first two from first two

optionsoptions

What Does This Mean?What Does This Mean? At medium (default) setting:At medium (default) setting:

Third party cookies without compact Third party cookies without compact policies are blockedpolicies are blocked

First party cookies are acceptedFirst party cookies are accepted Third parties will not be able to collect Third parties will not be able to collect

some information. some information. Graphics may not appearGraphics may not appear

In addition:In addition: All settings medium & above will block at All settings medium & above will block at

least some third party cookiesleast some third party cookies Web site functionality may be Web site functionality may be

compromisedcompromised

Additional InformationAdditional InformationP3P Toolbox:P3P Toolbox:

http://www.p3ptoolbox.org/browserhttp://www.p3ptoolbox.org/browser

W3C: W3C: www.w3c.org/P3Pwww.w3c.org/P3P Deployment guide Deployment guide

http://www.w3.org/TR/p3pdeploymenthttp://www.w3.org/TR/p3pdeployment Candidate Recommendation Candidate Recommendation

http://www.w3.org/TR/P3P/http://www.w3.org/TR/P3P/

MSDN articleMSDN article http://http://msdn.microsoft.com/iemsdn.microsoft.com/ie and read the and read the

material on IE 6 privacymaterial on IE 6 privacy Contact Contact privinfo@microsoft.comprivinfo@microsoft.com with with

questionsquestions