P3P Privacy Policy?

http://www.w3.org/P3P/

What is P3P?

The Platform for Privacy Preferences Project (P3P), developed by the World Wide Web Consortium, is emerging as an industry standard providing a simple, automated way for users to gain more control over the use of personal information on Web sites they visit. At its most basic level, P3P is a standardized set of multiple-choice questions, covering all the major aspects of a Web site's privacy policies. Taken together, they present a clear snapshot of how a site handles personal information about its users. P3P-enabled Web sites make this information available in a standard, machine-readable format. P3P enabled browsers can "read" this snapshot automatically and compare it to the consumer's own set of privacy preferences. P3P enhances user control by putting privacy policies where users can find them, in a form users can understand, and, most importantly, enables users to act on what they see.

I'm back and I know much more about this. But I can't get it to work. I downloaded a p3p editor and created a valid p3p.xml file. I created the default folder /w3c and uploaded it there.

Now let me step back and explain the problem. I have several domains but use a logging program on one (pphlogger) to count visitors for each. When I visit one of those other sites I get an IE6 warning by default settings that certain files from a 3rd party have been blocked. Those files are pphlogger.php and showhits.php from my doman that hosts the logging program.

So I went to the site that hosts my logging program and uploaded those policies but they still get blocked. The reason remains "a privacy policy for [this 3rd party site] can't be located". So I figured maybe I needed to add locator info to those blocked php files. I added both of these types of locater info.

But still all my counter type files get blocked on all of my other sites. So I have my p3p.xml file and a compact policy but I seem to be using them wrong or something. Any ideas?

Hi,

I recently developed a policy for a client of mine. Have a look at:

http://www.speeding.co.uk/w3c/

Hope it helps.

BTW... IBM have made a free p3p creator which you can download here:

http://www.alphaworks.ibm.com/tech/p3peditor

Yup, that's the one I downloaded. I believe all the files it produced (inlcuding the compact policy) should be correct, but it doesn't seem to work in my 3rd-party site situation, where I am both the 1st and 3rd party. I put those policies in all the right places, with header links to the policy and still get blocked.

How exactly do I use the compact policy? In a cookie would it be the first line? And since the file I'm accessing on a 3rd party site (mine) is actually a php file, is the compact header still at the beginning (before the <? )?

Here are the actual sites involved so you can see the errors and files for yourself.

Site getting most blocks: http://www.pstvalumni.com/ (see warning in IE6)
Site hosting files being blocked via site above: http://www.mikesussman.com/ (all files located at /w3c )
If you check here you'll see my "3rd party site" validates fine. In addition, I stuck my compact policy in both of the files being blocked [1] [2] (must 'save target as' to disk to see file code)

Hi,

You don't actually need to mention the p3p policy in any of your html/php/cookies. Just place the two xml files in a folder called "w3c" in your website public html folder and leave it as that. The browser knows to look in the w3c folder by default. It took lots of fiddling before that one was finally working properly

Once thats done, all you have to do is put a file called p3p.xml into that folder that links to the location of your actual p3p policy. p3p.xml should contain something like this:

Unfortunatly thats about as much as I know, as it was a bit of a strange new technology and I had a client screaming to get the problem fixed so I rushed through it to get it working. I havent used the technology much since, so I kinda forgot it all.

I did all of that plus the compact headers just incase. Still blocked. My "3rd party" site says policies are fine but my 1st party site still blcoks everything. I'm still stumped. Thanks so much for your help though.