Privacy policies

Some web browsers allow you to get a summary of a website's P3P privacy policy as a special feature of that browser.  It should be noted that:

• Only some of the information it presents is obtained from the website.

• Some of the explanations that are presented by the browser do not really explain what the website actually does.  They're presumptions that are generated by the browser, itself.  It might give examples of the types of data that could be collected, and what can be done with it, as generic information about those sorts of things, rather that provide explicit information from the website that explain what information is used and how.

  Privacy policies have some predefined and rather vague properties, and allow the site to include their own explanations.  Computers can read the property types, and make assumptions about them, but they can't understand what people write.  Unfortunately browsers seem to just provide you with explanatory information using their own interpretations of the properties, the possible uses of such data, and not bother to include the explanations written by humans to go along with them.

  MSIE 6 does this (makes wild speculations about what could be done, while looking as if it's explaining what the website actually does).  Mozilla 1.7.3 presents far less speculative information about what the site might be able to do.

• Websites can lie about what they do, and the privacy statement doesn't enforce client or server software to do what it says.

  e.g. A statement that says the site, “doesn't use cookies,” doesn't prevent the server from using cookies, and a statement that says it uses cookies in a certain way doesn't prevent them from using them in other ways (the server is configured completely independently from the privacy policy).  And only browsers that are designed to pay attention to privacy policies will warn you if the policy is being breached (such as a cookie being sent when the site says it doesn't use them), and only if you configure yours to do so (you might configure your browser to warn you about cookies, warn you about some of them, ignore all of them, allow all of them, allow some of them, block sites that use them, block pages that go against a site's policy, etc.).

But in short; P3P is essentially useless, misleading, and confusing:  They don't enforce sites doing what their policy says, you can't really tell what a site does with the data that they collect, and there's a bewildering array of options to configure what to do with them (for the webmaster and the browser).

The concept was that you could set some preferences, such as allowing cookies if the browser believed they kept the data private, and disallowing cookies if it didn't, automatically.  Or, perhaps, outright blocking access to a site with unacceptable privacy policies in organisations that required it.  But it was so poorly supported, that it's dead in the water.

This website doesn't have a P3P policy, as it's mostly a waste of time and effort.  But it does have a human-written statement about privacy that you can read.

For what it's worth, the P3P name referred to “Platform for Privacy Preferences Project.”