Recently the company I’m working in encountered a problem with one of our web sites – for some reason the cookies were rejected by the client browsers. After short investigation we found the reason: incorrectly configured P3P policy on one of our servers. The problem was quickly fixed – but somehow I keep thinking about this small incident.
The topic of online privacy is a hot one – and was a hot one for quite some time. Users of the Internet – and I’m not an exception – were worried about the data that different sites collected about them. Several utilities were created at different times to address these worries (I myself had at some time installed a program called IDCide to block tracking cookies). And I’ve read a multitude of articles in different online and offline magazines – all talking about the necessity to protect an innocent Internet user against data collection and privacy violation. It seemed like everybody wanted something to be done.
And then the issue was addressed by W3C, and a Platform for Privacy Preferences (AKA P3P) was created. Now almost all major sites and the major browsers support P3P. The sites tell you their policy on data collection and retention, and the browser is able to allow or deny certain actions based on how your preferences match the site’s profile. Terrific!
The only question is – how many people know about it? I’ve asked several of my friends and colleagues – most of them never heard about this. Somehow P3P and everything that’s related to it got past the majority of people who need it most. There is something unwholesome about the situation; it shows us that people do not need privacy and security – they just need to talk about privacy and security.