Privacy has been a major concern for internet users and particularly for the web users. Many a times, while registering over several web-based services, users do not know if their e-mail address is going to be shared or not, or whether they would be bombarded with spam mail from manufacturers of all sorts of counterfeit products. Same is the case with other private information, like browser history and whatever cookies track on behest of their web masters.
P3P is an emerging industry standard that converts text intensive privacy policies of websites to a simple form that is easy to read by both humans and machines. This automation means more control at user-end to opt-in or opt-out from browsing a particular page based on personal privacy preference. For example, if a cautious user decides that his/her e-mail address must not be provided to any third party advertising company, this setting can be stored in a P3P-enabled web browser.
When the user browses an online shopping website, the browser requests the site to disclose its terms and conditions on how user information is gathered and used. If this reveals sharing of user e-mail address, the browser may flag an inconsistency with user’s privacy preference, and block the access to the site. Similarly, if a cookie is revealed to be placed for a particular undesirable use, it will be blocked rather there will be a blanket ban on all the cookies on all the sites.
Such a mechanism makes reading privacy statements consistent and repeatable, and in fact, standardizes the way sites disclose their data collection to the end-users whose privacy is at stake.
Technologies like P3P are required; courtesy the interest e-businesses have in making use of confidential data for their short-term advantage. In doing so, personally identifiable user information is susceptible to fall in wrong hands. For example, an online shopping store tracking purchase pattern and browser history, and then sharing it with other tracking sites may result in the creation of a virtual user profile, which can then be targeted for customized ads, spam, phasing and identifying theft attacks.
This is why, as an end-user, it is important to know what an e-commerce site does (or intends to do) with the user-supplied information. This specifically includes IP address, real name, user-name, use of such info for personalization or tracking over a period of time, sharing with others for telemarketing or research, and data retention policy. Knowing all this is critical not only in e-commerce, but also in activities as trivial as search engine queries. Imagine how much one can guess about a person merely by analyzing what that person has been searching over Google recently, or over last one year.
At a conceptual level, it is easy to understand how P3P is implemented. A web-server places a policy reference file in a default folder that will be known to web browsers. This file would be in format specified by P3P and this is where the power lies since this format is open for everybody to read and understand, and implement privacy features in custom tools and browsers. On the end-user side, browsers would either automatically read the file from default location, from location provided by the server or directly from the web-page code in case a file is not kept.
This exchange does not slow down browsing anymore than fetching a small image does. Also, this information is not fetched every time to make the process efficient. Re-fetching only happens after the policy expires. Here, P3P makes no compulsion on how browsers should configure default user preferences, but does suggests that defaults should be neutral or biased towards privacy and not be configured by default to transfer personal information without the user’s consent’.
To aid in the development of P3P, there are various tools and guides available over internet which include a Deployment Guide, step-by-step guide, P3P Toolbox, P3P Validator, mailing list and miscellaneous tools and software.
There are tools in the market as well that block unsafe content and block cookies based on their own learning mechanism. P3P distinguishes itself from such tools by pitting the user in charge of settings that affect privacy.
Nonetheless, there has been a fair share of concerns arising out of this model, but I think to go for the security certification’s there are many vendors that provide these specializations like.
Additionally, P3P can work as a tool in conjunction with legal framework since a violation of declared privacy stance or misuse of data is a criminal offence in many countries. This empowers the user to know his/her rights, and holds the sites accountable for their conflicting policies and deeds.
The next objection on P3P is that its specification is complex in structure and not many site administrators will be able to write policies in P3P format.
As a solution, P3P believes that new tools will make it easier to write policies much on the lines of web authoring tools that do not require users to know HTML tags and details. To further assist developers, P3P offers Test Suite site that simulates different scenarios which can take place depending upon conflicting user preferences and site policies.
Yet another objection on P3P is its slow pace of adoption at a mass level. P3P counters this with the scope of this ambitious project and the need to get buy-in from various privacy advocacy groups and stakeholders present in the large internet community.
There is also a list of known P3P implementation and services present over W3C website for further reference. According to a research by CyLab Privacy Interest Group of Carnegie Mellon University, about 15 per cent of the top 5,000 websites incorporate P3P.
There are other similar projects as well, such as, the European IST research project called PRIME, MIT Decentralized Information Group’s project called TAMI, and Policy Aware Web project. P3P has inspired great interest in developing an easy to use and understand method of deciphering complex privacy practices. Such an interface can become a helpful tool in developing a technical solution to aid legal solutions concerning privacy.
If your preparing for career change and looking for MCTS Training or MCITP Certification the best online training provider that provide the all the and complete MCTS certification exams training in just one package, certkingdom self study training kits, save your money on bootcamps, training institutes, It’s also save your traveling and time. All training materials are “Guaranteed” to pass your exams and get you certified on the fist attempt, due to best training they become no1 site 2009 & 2010.
In addition I recommend Certkindom.com is best and No1 site of 2008 which provide the complete Windows Server 2003 certified professionals training, Microsoft MCITP, Microsoft MCTS, Cisco CCNA, Cisco CCIE, CompTIA A+, IBM, Citrix, PMP, ISC, and lots more online training self study kits, saving your time and money on all those expensive bootcamps, conventional training institutes where you have take admission pay fees first and if you don’t want to continue no refunds no transfer to any other training course, If you planed to take CCNA or specialization in MCSE 2003 all the process starts again; as for getting online training can be much beneficial and you don’t need to take for fill any from to switch your training on any desire certification