Automated analysis of P3P-enabled Web sites

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Automated analysis of P3P-enabled Web sites

Full text

Pdf (193 KB)

Source

ACM International Conference Proceeding Series; Vol. 50 archive
Proceedings of the 5th international conference on Electronic commerce table of contents

Pittsburgh, Pennsylvania

Pages: 326 - 338

Year of Publication: 2003

ISBN:1-58113-788-5

Authors

Simon Byers	AT&T Labs-Research, Florham Park, NJ
Lorrie Faith Cranor	AT&T Labs-Research, Florham Park, NJ
David Kormann	AT&T Labs-Research, Florham Park, NJ

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 3, Downloads (12 Months): 34, Citation Count: 10

Additional Information:

abstract references cited by index terms review collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/948005.948048 What is a DOI?

ABSTRACT

The Platform for Privacy Preferences (P3P) provides a standard computer-readable format for privacy policies and a protocol that enables web browsers to read and process these policies automatically. We developed software to query a set of web sites for P3P policies, check the validity of each policy, and analyze the information practices it describes. We used this software to analyze 588 P3P-enabled web sites found by checking for P3P policies on 5,856 web sites on 17 July 2003. The sites we checked for P3P policies were taken from several lists of popular web sites, as well as from "crawling" indexes of shopping, news, children's and government web sites. We present the first major analysis of the data practices of P3P-enabled web sites.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Adkinson, W. F., Eisenach, J. A., and Lenard, T. M. Privacy online: A report on the information practices and policies of commercial web sites. Progress & Freedom Foundation, Washington, DC, 2002. http://www.pff.org/publications/privacyonlinefinalael.pdf
	2	Cavoukian, A., and Hamilton, T. J. The Privacy Payoff: How Successful Businesses Build Customer Trust. McGraw-Hill Ryerson, Toronto, Ontario, 2002.
	3	Lorrie Faith Cranor , Lawrence Lessig, Web Privacy with P3p, O'Reilly & Associates, Inc., Sebastopol, CA, 2002
	4	Lorrie Faith Cranor, The role of privacy advocates and data protection authorities in the design and deployment of the platform for privacy preferences, Proceedings of the 12th annual conference on Computers, freedom and privacy, April 16-19, 2002, San Francisco, California [doi>10.1145/543482.543506]
	5	Lorrie Faith Cranor , Manjula Arjula , Praveen Guduru, Use of a P3P user agent by early adopters, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.1-10, November 21-21, 2002, Washington, DC [doi>10.1145/644527.644528]
	6	Cranor, L., Byers, S., and Kormann D. An Analysis of P3P Deployment on Commercial, Government, and Children's Web Sites as of May 2003. Technical Report prepared for the 14 May 2003 Federal Trade Commission Workshop on Technologies for Protecting Personal Information. http://www.research.att.com/projects/p3p/p3p-censusmay03.pdf
	7	Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., and Reagle, J. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. World Wide Web Consortium Recommendation, April 2002. http://www.w3.org/TR/P3P/
	8	Cranor, L., Langheinrich, M., and Marchiori, M. A P3P Preference Exchange Language 1.0 (APPEL1.0). World Wide Web Consortium Working Draft, April 2002. http://www.w3.org/TR/WD-P3P-Preferences.
	9	Cranor, L. and Reidenberg, J. Can user agents accurately represent privacy notices?. TPRC 2002 (September 2002). http://papers.ssrn.com/sol3/papers.cfm?abstract_id=328860
	10	Culnan, M. J. The Georgetown Internet Privacy Policy Survey: Report to the Federal Trade Commission. Georgetwon University, Washington, DC, June 1999. http://www.msb.edu/faculty/culnanm/gippshome.html
	11	Culnan, M. J. Privacy and the top 100 web sites: Report to the Federal Trade Commission. Georgetown University, Washington, DC, June 1999. http://www.msb.edu/faculty/culnanm/gippshome.html
	12	Culnan, M. J. and Milne, G. R. The Culnan-Milne survey of consumers and online privacy notices. December 2001. http://intra.som.umass.edu/georgemilne/PDF_Files/culnanmilne.pdf
	13	Dhurvasula, H., Barrowman, D., and Morse, S. Technical Issues in Implementing P3P in Netscape 7.0. November 2002. http://www.w3.org/2002/p3p-ws/pp/netscape.html
	14	Ernst & Young. P3P Dashboard Report, August 2002. http://www.ey.com/global/download.nsf/US/P3P_Dashboard _-__August_2002/$file/P3PDashboardAugust2002.pdf
	15	Ernst & Young. P3P Dashboard Report, January 2003. http://www.ey.com/global/download.nsf/US/P3P_Dashboard_-_January_2003/$file/E&YP3PDashboardJan2003.pdf
	16	Esposito, D. Browser Helper Objects: The Browser the Way You Want It, MSDN Library, January 1999. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebgen/html/bho.asp
	17	Frank, D. OMB Honing Privacy Guidance. Federal Computer Week (14 March 2003). http://www.fcw.com/fcw/articles/2003/0310/web-guide-03-13-03.asp
	18	Federal Trade Commission. Privacy online: A report to Congress. Federal Trade Commission, Washington DC, June 1998. http://www.ftc.gov/reports/privacy3/index.htm
	19	Federal Trade Commission. Self-regulation and privacy online: A report to Congress. Federal Trade Commission, Washington DC, July 1999. http://www.ftc.gov/os/1999/9907/index.htm#13
	20	Federal Trade Commission. Privacy online: Fair information practices in the elctronic marketplace: A report to Congress. Federal Trade Commission, Washington DC, May 2000. http://www.ftc.gov/os/2000/05/index.htm#22
	21	Goldfeder, A. and Leibfried, L. Privacy in Internet Explorer 6. MSDN Library, October 2001. http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnpriv/html/ie6privacyfeature.asp
	22	Krishnamurthy, B. and Arlitt, M. PRO-COW: Protocol Compliance on the Web---A Longitudinal Study. In Proceedings of Usenix Symposium on Internet Technologies and Systems, USITS 2001, (March 2001) p. 109--122. http://www.usenix.org/events/usits01/krishnamurthy.html
	23	Milne, G. R. and Culnan, M. J. Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal Analysis of the 1998-2002 U.S. Web Surveys. The Information Society 18, 5 (October 2002), 345--359.

CITED BY 10

	Adam Barth , John C. Mitchell, Enterprise privacy promises and enforcement, Proceedings of the 2005 workshop on Issues in the theory of security, p.58-66, January 10-11, 2005, Long Beach, California
	Umesh Shankar , Chris Karlof, Doppelganger: Better browser privacy without the bother, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
	Lorrie Faith Cranor , Praveen Guduru , Manjula Arjula, User interfaces for privacy agents, ACM Transactions on Computer-Human Interaction (TOCHI), v.13 n.2, p.135-178, June 2006
	Serge Egelman , Lorrie Faith Cranor , Abdur Chowdhury, An analysis of P3P-enabled web sites among top-20 search results, Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet, August 13-16, 2006, Fredericton, New Brunswick, Canada
	Mark S. Ackerman, Privacy in pervasive environments: next generation labeling protocols, Personal and Ubiquitous Computing, v.8 n.6, p.430-439, November 2004
	Carlos Jensen , Chandan Sarkar , Christian Jensen , Colin Potts, Tracking website data-collection and privacy practices with the iWatch web crawler, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania
	Lorrie Faith Cranor , Serge Egelman , Steve Sheng , Aleecia M. McDonald , Abdur Chowdhury, P3P deployment on websites, Electronic Commerce Research and Applications, v.7 n.3, p.274-293, November, 2008
	Ian K. Reay , Patricia Beatty , Scott Dick , James Miller, A Survey and Analysis of the P3P Protocol's Agents, Adoption, Maintenance, and Future, IEEE Transactions on Dependable and Secure Computing, v.4 n.2, p.151-164, April 2007
	Ian Reay , Scott Dick , James Miller, A large-scale empirical study of P3P privacy policies: Stated actions vs. legal obligations, ACM Transactions on the Web (TWEB), v.3 n.2, p.1-34, April 2009
	Serge Egelman , Janice Tsai , Lorrie Faith Cranor , Alessandro Acquisti, Timing is everything?: the effects of timing and placement of online privacy indicators, Proceedings of the 27th international conference on Human factors in computing systems, April 04-09, 2009, Boston, MA, USA

INDEX TERMS

Primary Classification:
K. Computing Milieux
K.4 COMPUTERS AND SOCIETY
K.4.1 Public Policy Issues
Subjects: Privacy

General Terms:
Legal Aspects, Measurement, Standardization

Keywords:
P3P, platform for privacy preferences, privacy, privacy policy

REVIEW

"Myles F. McNally, III : Reviewer"

Computer ethics seeks to reduce the unintended or undesirable consequences of technology through accurate prediction. In this paper, Horner argues that predictive modeling does not provide any protection against future risk. Rather, he argues that more...

Collaborative Colleagues:

Simon Byers: colleagues

Lorrie Faith Cranor: colleagues

David Kormann: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player