REVIEW - Web Privacy with P3P

Title:

Web Privacy with P3P

Author:

Lorrie Cranor

ISBN:

0596003714

Publisher:

O'Reilly (2002)

Pages:

321pp

Reviewer:

Tim Pushman

Reviewed:

October 2004

Rating:

★★★☆☆

excellent reading

This book covers the P3P Project (the Platform for Privacy Preferences), from its inception and development through to a discussion of the current state of the proposal. Further chapters also provide an overview of related protocols and tools, such as APPEL. The author of the book is one of the co-authors of the specification and so has a good understanding of the issues involved in creating the standard.

The book is arranged in three parts: background and history, enabling a web site, and software and tools. At the end are appendices covering some odds and ends.

P3P is a protocol to allow web sites to inform their users of what kind of privacy they can expect on the site, how their data will be collected and used, and what recourse the user has if she believes the data is being misused. In short, it is a Privacy Policy as one would find on a site such as Amazon, but with the added twist that it can be installed in a machine-readable format and directly interpreted by a P3P enabled browser. And the machine-readable format is, of course, XML. The second part of the book gives a detailed explanation of how to create a P3P policy, both by hand or by using a policy editor. There are many levels of complexity in a privacy policy and the author does a good job of explaining the various possibilities, from the simplest (we collect no data) through to the most complex, as would be needed by a large commercial organisation.

The question is: do people really care about their privacy online? Probably not as much as they should do. P3P is an attempt to make protecting our privacy as transparent as possible. We should be able to specify what information about ourselves we want to make available to a web site or organisation and then let the software take care of it for us. There are many places that software can be P3P enabled, browsers being an obvious example, but also web proxies, installation programs, registration programs and so on. Unfortunately there seems to be very little available in the real world.

When reviewing the book I had expected to find more on the code side, and was a bit disappointed to realise that the book covers only the protocol, albeit with a large chunk of XML. As far as discussing the P3P protocol goes, the book is excellent reading, if occasionally rather dry. The author clearly knows the technology and explains it clearly. Whether any of it matters is another thing entirely, but if you are in the business of P3P enabling your company's web site, then this book is recommended.


Book cover image courtesy of Open Library.