ACCU Home page ACCU Conference Page
Search Contact us ACCU at Flickr ACCU at GitHib ACCU at Facebook ACCU at Linked-in ACCU at Twitter Skip Navigation

ACCU Menu

Advertisement

Advertisement

Membership

Join ACCU

Login

» Create an account

» Password Reminder

ACCU Buttons

Add them to your site:

ACCU: professionalism in programming (116x31 px)
ACCU: professionalism in programming (225x60 px)

Search in Book Reviews

The ACCU passes on review copies of computer books to its members for them to review. The result is a large, high quality collection of book reviews by programmers, for programmers. Currently there are 1949 reviews in the database and more every month.
Search is a simple string search in either book title or book author. The full text search is a search of the text of the review.
    View all alphabetically
Title:
Web Privacy with P3P
Author:
Lorrie Faith Cranor
ISBN:
0-596-00371-4
Publisher:
O'Reilly
Pages:
321pp
Price:
$39.95/£28-
Reviewer:
Tim Pushman
Subject:
security
Appeared in:
16-5
This book covers the P3P Project (the Platform for Privacy Preferences), from its inception and development through to a discussion of the current state of the proposal. Further chapters also provide an overview of related protocols and tools, such as APPEL. The author of the book is one of the co-authors of the specification and so has a good understanding of the issues involved in creating the standard.

The book is arranged in three parts: background and history, enabling a web site, and software and tools. At the end are appendices covering some odds and ends.

P3P is a protocol to allow web sites to inform their users of what kind of privacy they can expect on the site, how their data will be collected and used, and what recourse the user has if she believes the data is being misused. In short, it is a Privacy Policy as one would find on a site such as Amazon, but with the added twist that it can be installed in a machine-readable format and directly interpreted by a P3P enabled browser. And the machine-readable format is, of course, XML. The second part of the book gives a detailed explanation of how to create a P3P policy, both by hand or by using a policy editor. There are many levels of complexity in a privacy policy and the author does a good job of explaining the various possibilities, from the simplest (we collect no data) through to the most complex, as would be needed by a large commercial organisation.

The question is: do people really care about their privacy online? Probably not as much as they should do. P3P is an attempt to make protecting our privacy as transparent as possible. We should be able to specify what information about ourselves we want to make available to a web site or organisation and then let the software take care of it for us. There are many places that software can be P3P enabled, browsers being an obvious example, but also web proxies, installation programs, registration programs and so on. Unfortunately there seems to be very little available in the real world.

When reviewing the book I had expected to find more on the code side, and was a bit disappointed to realise that the book covers only the protocol, albeit with a large chunk of XML. As far as discussing the P3P protocol goes, the book is excellent reading, if occasionally rather dry. The author clearly knows the technology and explains it clearly. Whether any of it matters is another thing entirely, but if you are in the business of P3P enabling your company's web site, then this book is recommended.