Online interactions often involve the exchange of personal information—such as physical and email addresses, gender, credit card number and personal preferences—and you've probably wondered whether the Web site you're interacting with is really using your personal information for only the reasons you intended. For example, when you buy a book on the Internet, is the online bookstore using your address information just to ship your book or also to send you mailings based on your shopping behavior and your personal preferences (which the bookstore’s Web site has been recording)? The Web site probably has a privacy statement that might say that the site won’t use your personal information for targeted mailing campaigns—but if you did find the privacy statement, did you read this five-page small-capped document? Many Web sites don't have an easy-to-use mechanism that lets customers quickly check a site's real intentions regarding their personal information.
Interpreting Structured Privacy Policies
To understand P3P-formatted privacy policies, a browser must have a P3P agent. P3P agents are embedded in IE 6.0 and IE 7.0 and in Netscape Navigator 6.0, 7.0, 8.0, and 9.0. Mozilla is planning to add P3P support in a future version of the Firefox browser. (For more information about Mozilla's plans, see "The Platform for Privacy Preferences (P3P)" at www.mozilla.org/projects/p3p.)
P3P lets you manage and control the cookies that a browser downloads to its file system cache. In the IE documentation, this feature is referred to as cookie filtering. To better understand how IE filters cookies and how you can influence the filtering behavior, you must understand the different cookie types a browser deals with. A cookie can be persistent or session, and it can be first party or third party.
- A session cookie is a cookie that's deleted from the IE cookie cache when IE is closed.
- A persistent cookie can survive from one browser session to the next; it’s deleted only when the cookie reaches its predefined expiration time or when a user explicitly deletes it.
- A first-party cookie is a cookie created by the Web site whose URL the user types in the browser address bar.
- A third-party cookie is created by a Web site that’s linked to a Web page a user visits, such as a Web site linked to an ad that appears on a Web page the user navigated to. For example, if you surf to Google.com and the Google Web site creates a cookie in your browser cache, this cookie is a first-party cookie. If the Google Web site contains an ad that links to the HP.com Web site, which also creates a cookie on your system, the HP cookie is a third-party cookie.
In IE, you can set your cookie-filtering preferences by cookie type, the originating Web site of a cookie, and the comfort level you feel based on the existence or non-existence of a P3P policy for a given Web site. I’ll explain how to set up these preferences in more detail below. Given these preferences, the IE P3P agent automatically allows or blocks cookies, or changes cookie properties (e.g., the P3P agent can downgrade a persistent cookie to a session cookie).
Configuring Cookie Filtering
You can use the slider on the Privacy tab in IE’s Internet Options dialog box to adjust cookie-filtering levels. Figure 3 shows the default setting, Medium, which means that IE will block third-party cookies and restrict first-party cookies under certain conditions (e.g., if no P3P policy has been defined for a given Web site). For a detailed overview of the different levels of cookie filtering, refer to the Microsoft article “Privacy in Internet Explorer 6” ( msdn2.microsoft.com/en-us/library/ms537343.aspx).
It's important to stress that the IE cookie-filtering level you set in the Internet Options dialog box applies only to cookies generated by Web sites that are classified in IE's Internet security zone. By default, the IE P3P agent accepts all cookies of Web sites that are classified in the Local Intranet, Trusted Sites, and Local Computer security zones and blocks all cookies of Web sites that are in the Restricted Sites security zone. If you’re not familiar with the Local Computer security zone, it's a hidden zone that by default doesn't appear in the IE configuration interface. The Local Computer security zone applies to all data stored on the local machine that can be accessed from IE (with the exception of the locally cached temporary Internet files). For more information about this security zone, see the Windows IT Pro article "Using the Local Computer Security Zone" (www.windowsitpro.com/article/articleid/44962/44962.html). For a general introduction to IE security zones, see "Understanding IE Security Zones" (www.windowsitpro.com/article/articleid/43848/43848.html).
To override the IE default cookie-filtering behavior in the Internet zone—for example, to accept or block all third-party cookies—you can use Advanced Privacy Settings on the Privacy tab, which Figure 4 shows. Note that you can choose to have IE prompt you with a Privacy Alert each time a cookie is about to be downloaded to your machine. If you choose to be prompted, you'll see a Privacy Alert dialog box like the one on the left in Figure 5 when a Web site attempts to download a cookie. The Privacy Alert dialog box lets you allow or block the cookie, or view the cookie’s properties and content by clicking the More Info button, which expands the Privacy Alert dialog box (shown on the right in Figure 5). I advise you to enable the prompt option at least for a short time, simply to experience how often Web sites attempt to write cookies to your machine and to see the cookie properties (i.e., first, third-party, persistent, or session cookie) the dialog box shows and the information embedded in the cookies.
One of the things you can see at the bottom of the expanded Privacy Alert dialog box is the P3P compact policy. This is an abbreviated version of the full P3P policy that Web servers communicate to Web browsers by using a custom HTTP response header. The P3P compact policy uses codes to represent each element of the full P3P policy. In the Compact Policy box in Figure 5, ALL, for example, means that the user has access to all of his or her identifiable data, and COM means that computer information is collected. A complete list of the codes and their meaning can be found in the Compact Policies section of the P3P specification at www.w3.org/TR/P3P/#compact_policies.
You can also override the default IE cookie filtering by exempting selected Web sites so that you can always allow or block their cookies independent of the default cookie-filtering settings you set up. On the Privacy tab of the Internet Options dialog box, click Sites to bring up the Per Site Privacy Actions dialog box. In Figure 6, you can see that I always allow cookies from the Microsoft.com and HP.com Web sites. Note that the site exceptions you define in this interface are overridden if you previously set the default cookie-filtering behavior to either Block All Cookies or Accept All Cookies using the slider bar on the Privacy tab.
To ensure that your cookie-filtering configuration changes apply to all your cookies (including persistent cookies), I advise you to clear the IE cookie cache after you make a cookie-filtering configuration change. This will ensure that new persistent cookies are created that will be subject to your cookie-filtering configuration changes. To clear the IE cookie cache, go to the Internet Options dialog box's General tab. Under Browsing history, click Delete. Then click Delete cookies.
If you want to define a more fine-grained IE cookie-filtering behavior than the one described above, you can put the desired settings in a specially formatted XML file and import it into IE by using the Import button on the Internet Options dialog box's Privacy tab. This customization can be done only for Web sites that are in the Internet, Trusted Sites, or Local Intranet security zone. For more information about how to create this customized XML file, see "How to Create a Customized Privacy Import File" (msdn2.microsoft.com/en-us/library/ms537344.aspx).
In Windows domain environments, administrators can centrally enforce the IE cookie-filtering behavior on users’ desktops by using the Group Policy Object (GPO) at User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security Zones and Content Ratings.
Successfully Protecting Privacy
P3P is a major privacy protection initiative that's endorsed and implemented by today’s leading software vendors. (For more information about Web site P3P adoption rates, see the following reports: "An Analysis of P3P-Enabled Web Sites among Top-20 Search Results" at lorrie.cranor.org/pubs/icec06.pdf and IEEE's "P3P Adoption on E-Commerce Web sites: A Survey and Analysis" at ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4120451.) P3P’s success is also illustrated by the fact that it continues to be the basis of important research projects in the privacy area. A good example of a project leveraging the P3P fundamentals is the European Union’s PRIME Project (see https://www.prime-project.eu ).
Microsoft was the first browser vendor to implement P3P support in IE 6.0, and it has since played a leading role in embedding other privacy protection features in its OSs and browser software. Good examples of such features are pop-up blocking (introduced in Windows XP SP2), spyware protection in Windows Defender (included in Windows Vista), and phishing protection (introduced in IE 7.0).