TIPS AND TRICKS Privacy platform on Internet

Privacy has been a major concern for internet users and particularly for the web

users. Many a times, while registering over several web-based services, users do

not know if their e-mail address is going to be shared or not, or whether they

would be bombarded with spam mail from manufacturers of all sorts of counterfeit

products. Same is the case with other private information, like browser history

and whatever cookies track on behest of their web masters.





The only way out to get some details on this phenomenon is reading through

lengthy Privacy Policy pages which does not make much sense given the time

available and legal intricacies of the language used. To address this issue, and

give users more information about how privacy is handled over a website, a set

of standards called Platform for Privacy Preferences Project (P3P) is being

developed by the World Wide Web Consortium (W3C).





P3P is an emerging industry standard that converts text intensive privacy

policies of websites to a simple form that is easy to read by both humans and

machines. This automation means more control at user-end to opt-in or opt-out

from browsing a particular page based on personal privacy preference. For

example, if a cautious user decides that his/her e-mail address must not be

provided to any third party advertising company, this setting can be stored in a

P3P-enabled web browser.





When the user browses an online shopping website, the browser requests the site

to disclose its terms and conditions on how user information is gathered and

used. If this reveals sharing of user e-mail address, the browser may flag an

inconsistency with user's privacy preference, and block the access to the site.

Similarly, if a cookie is revealed to be placed for a particular undesirable

use, it will be blocked - rather there will be a blanket ban on all the

cookies on all the sites.





Such a mechanism makes reading privacy statements consistent and repeatable, and

in fact, standardizes the way sites disclose their data collection to the

end-users whose privacy is at stake.





Technologies like P3P are required; courtesy the interest e-businesses have in

making use of confidential data for their short-term advantage. In doing so,

personally identifiable user information is susceptible to fall in wrong hands.

For example, an online shopping store tracking purchase pattern and browser

history, and then sharing it with other tracking sites may result in the

creation of a virtual user profile, which can then be targeted for customized

ads, spam, phasing and identifying theft attacks.





This is why, as an end-user, it is important to know what an e-commerce site

does (or intends to do) with the user-supplied information. This specifically

includes IP address, real name, user-name, use of such info for personalization

or tracking over a period of time, sharing with others for telemarketing or

research, and data retention policy. Knowing all this is critical not only in

e-commerce, but also in activities as trivial as search engine queries. Imagine

how much one can guess about a person merely by analyzing what that person has

been searching over Google recently, or over last one year.





Conversely, the importance of uniquely identifying user searching 'Holiday in

Bhurbun' or 'Laptop prices in Pakistan' is useful from a merchandiser's point

of view. But the Web is not as simple as one site rendering all the pages. There

are embedded contents which, at times implement what are called as 'web bugs'

to independently track users. P3P takes care of such issues by requesting policy

information from embedded sources so that user exactly knows which policy

applies to which object on a page.





Implementation





At a conceptual level, it is easy to understand how P3P is implemented. A

web-server places a policy reference file in a default folder that will be known

to web browsers. This file would be in format specified by P3P - and this is

where the power lies since this format is open for everybody to read and

understand, and implement privacy features in custom tools and browsers. On the

end-user side, browsers would either automatically read the file from default

location, from location provided by the server or directly from the web-page

code in case a file is not kept.





This exchange does not slow down browsing anymore than fetching a small image

does. Also, this information is not fetched every time to make the process

efficient. Re-fetching only happens after the policy expires. Here, P3P makes no

compulsion on how browsers should configure default user preferences, but does

suggests that defaults should be 'neutral or biased towards privacy and not be

configured by default to transfer personal information without the user's

consent'.





To aid in the development of P3P, there are various tools and guides available

over internet which include a Deployment Guide, step-by-step guide, P3P Toolbox,

P3P Validator, mailing list and miscellaneous tools and software.





There are tools in the market as well that block unsafe content and block

cookies based on their own learning mechanism. P3P distinguishes itself from

such tools by pitting the user in charge of settings that affect privacy.





Nonetheless, there has been a fair share of concerns arising out of this model,

but I think to go for the security certification's there are many vendors that

provide these specializations like





First, P3P is only an information providing tool and it can not prevent sites

from falsifying their privacy statements. To address this issue, P3P requires a

dispute resolution site to be identified in case a user comes to know that the

site is bypassing the stated privacy policy.





Additionally, P3P can work as a tool in conjunction with legal framework since a

violation of declared privacy stance or misuse of data is a criminal offence in

many countries. This empowers the user to know his/her rights, and holds the

sites accountable for their conflicting policies and deeds.





The next objection on P3P is that its specification is complex in structure and

not many site administrators will be able to write policies in P3P format.





As a solution, P3P believes that new tools will make it easier to write policies

much on the lines of web authoring tools that do not require users to know HTML

tags and details. To further assist developers, P3P offers Test Suite site that

simulates different scenarios which can take place depending upon conflicting

user preferences and site policies.





Yet another objection on P3P is its slow pace of adoption at a mass level. P3P

counters this with the scope of this ambitious project and the need to get

buy-in from various privacy advocacy groups and stakeholders present in the

large internet community.





There is also a list of known P3P implementation and services present over W3C

website for further reference. According to a research by CyLab Privacy Interest

Group of Carnegie Mellon University, about 15 per cent of the top 5,000 websites

incorporate P3P.





There are other similar projects as well, such as, the European IST research

project called PRIME, MIT


Decentralized Information Group's project called TAMI, and Policy Aware Web

project. P3P has inspired great interest in developing an easy to use and

understand method of deciphering complex privacy practices. Such an interface

can become a helpful tool in developing a technical solution to aid legal

solutions concerning privacy.

If your preparing for career change and looking for



MCTS Training or MCITP Certification

the best online training provider that provide the all the and complete MCTS

certification exams training in just one package, certkingdom self study

training kits, save your money on bootcamps, training institutes, It's also save

your traveling and time. All training materials are "Guaranteed" to pass your

exams and get you certified on the fist attempt, due to best training they

become no1 site 2009 & 2010.

In addition I

recommend Certkindom.com is best and No1 site of 2008 which provide the complete

Windows Server 2003 certified professionals training, Microsoft MCITP, Microsoft MCTS, Cisco CCNA, Cisco CCIE, CompTIA A+, IBM,

Citrix, PMP, ISC, and lots more

online training self study kits, saving your time and money on all those

expensive bootcamps, conventional training institutes where you have take

admission pay fees first and if you don’t want to continue no refunds no

transfer to any other training course, If you planed to take CCNA or

specialization in MCSE 2003 all the process starts again; as for getting online

training can be much beneficial and you don’t need to take for fill any from to

switch your training on any desire certification