Thursday, July 12, 2007

P3P - Do we really care about it?

P3P (Platform for Privacy Preferences Project) as it is commonly known is actually not known by the regular internet user. I was going through some Internet terminologies and came across this term in Wikipedia. It immediately struck me as an interesting topic and prompted me to share my own views. P3P is a standard introduced by the W3C (World Wide Web Consortium) for website to share/display their privacy policy to the general Internet users. There is tons of information on P3P on the Internet with all sorts of intricate details.
But do people know or feel the need for P3P? Personally, I think people should take it more seriously. I do know that third party cookie rejection rate has been at the highest during the past 3-4 years and it is high time that websites start feeling the need for introducing valid and sound privacy policies. Third party cookies are a piece of text/data placed on your machine that do not belong to the website you have visited. If you go to and you find an Omniture cookie on your machine, the cookie is the third party cookie tracking your browsing details in this scenario.

According to a WebTrends article posted in 2005, the cookie rejection rate was as high as 12-15%. So we can guess that figure should be between 20-25% in 2006-2007. The new versions of browsers like Firefox and IE7 aren’t helping matters either. The default settings in the Privacy tab of IE7 are designed to automatically block third party cookies that do not have a P3P policy. Look at the below screenshot.

So these points do prove that Webanalytics giants like WebTrends and Omniture are loosing a lot of valuable data as their cookies are being blocked more and more if the security setting of browsers is high. But this has been the trend since Web Analytics originated. One of the reasons why Google, MSN and Yahoo are successful in targeting their customers is because they have a login cookie placed on the user’s machine. If a hotmail customer is logged on to passport, it is really easier for Microsoft to show ads based on his previous browsing habits. This cookie can never be blocked unless the users chooses to block all the cookies. But if the user blocks all the cookies, he would not be able to login to his account. So it is possible that majority of the users will choose the defualt browser setting making it easier for other websites to place their cookies. It is always better for websites to have a TRUSTe Privacy Program which is a universal standard found in a privacy policy and for users it is a good practice to read the privacy policy of a website which can be checked by going to View -> Web Page Privacy Policy in your IE7 browser. The default setting in browsers will always allow cookies from companies having a Privacy Policy. A website having a valid privacy policy would also be worthy of the trust of users. Users should always shop online on portals having a TRUSTe Privacy seal in their Privacy policy.

It was a good practice for me to look around for information about P3P and believe that it is a positive step taken to make the users aware about what kind of data is being collected and how it could be attributed to their online behavior. Please feel free to add your opinions/criticisms.


Anonymous said...

Maybe you could give us some more information about how to make P3P and how the user sees your P3P information.

Rohan Kapoor said...

Hi Dave,
Thanks for the suggestion. I will be writing an article on creating P3P for a website and will be posting it in the future. Regards