Web Privacy with P3P

By Lorrie Faith Cranor


Web Privacy with P3P includes references to a variety of online resources. Here is a chapter-by-chapter list of the URLs for these resources. Please let us know if any of these resources have moved so that we can keep this page up to date.

Chapter 1. Introduction to P3P

Privacy Leadership Initiative, Privacy Notices Research Final Results (Conducted by Harris Interactive, December 2001).

The Platform for Privacy Preferences 1.0 (P3P1.0) Specification

Hypterext Transfer Protocol

AT&T Privacy Bird

Lists of P3P software: http://p3ptoolbox.org/tools/ and http://www.w3.org/P3P/implementations

William F. Adkinson, Jr., Jeffrey A. Eisenach, and Thomas M. Lenard, Privacy Online: A Report on the Information Practices and Policies of Commercial Websites (Progress & Freedom Foundation, March 2002). [UPDATED LINK]

Chapter 2. The Online Privacy Landscape

Will Rodger, "Privacy Isn't Public Knowledge: Online policies spread confusion with legal jargon," USA Today, 1 May 2000, 3D.

List of privacy surveys

Mark S. Ackerman, Lorrie Faith Cranor and Joseph Reagle, Beyond Concern: Understanding Net Users' Attitudes About Online Privacy, (Florham Park, NJ: AT&T Labs, April 1999).

Mary J. Culnan and George R. Milne, The Culnan-Milne Survey on Consumers & Online Privacy Notices: Summary of Responses, (December 2001).

Cyber Dialogue, Cyber Dialogue Survey Data Reveals Lost Revenue for Retailers Due to Widespread Consumer Privacy Concerns, (New York: Cyber Dialogue, November 7, 2001).

Louis Harris & Associates and Alan F. Westin, Commerce, Communication and Privacy Online (New York: Louis Harris & Associates, 1997).

Louis Harris & Associates and Alan F. Westin, E-Commerce and Privacy, What Net Users Want, (Sponsored by Price Waterhouse and Privacy & American Business. Hackensack, NJ: P & AB, June 1998).

Opinion Research Corporation and Alan F. Westin, "Freebies" and Privacy: What Net Users Think. Sponsored by Privacy & American Business. Hackensack, NJ: P & AB, July 1999.

Privacy Leadership Initiative, Privacy Notices Research Final Results, (Conducted by Harris Interactive, December 2001).

David M. Kristol, "HTTP Cookies: Standards, privacy, and politics," ACM Transactions on Internet Technology 1, no. 2 (2001): 151-198.

Privacy Foundation Web Bug FAQ


OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data [UPDATED LINK]

The Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data - available on the Council of Europe web site as ETS #108.

US Federal Trade Commission, Privacy Online: A Report to Congress (June 1998).

Privacy Exchange

European Union Directive 95/46/EC, the Directive on Protection of Personal Data

Safe Harbor

Children's Online Privacy Protection Act information

Graham-Leach-Bliley Act information

Privacy Leadership Initiative overview of US State and Federal privacy laws

Virginia General Assembly bill HJ 172 Incorporate Privacy Preference Project (P3P) and government websites



International Association of Privacy Officers

American Civil Liberties Union (ACLU)

Center for Democracy and Technology -

Computer Professionals for Social Responsibility

Consumer Privacy Guide

Electronic Frontier Foundation

Electronic Privacy Information Center

Health Privacy Project


Online Privacy Alliance

Privacy and American Business


The Privacy Forum

Privacy Foundation

Privacy International

Privacy Journal

Privacy Leadership Initiative


Privacy Rights Clearinghouse

Roger Clarke's Dataveillance and Information Privacy Pages

Yahoo Internet Privacy News

Chapter 3. Privacy Technology


Information about the DES Cracker

PGPi Projec

Commercial version of PGP

Web-based encrypted email services - Hushmail, YNNMail, ZipLip, and Zixmail

Bruce Schneier's reviews of web-based encrypted email programs


Data Fellows

SSH Communications Security

Anonymizing proxies: Annonymizer, Rewebber, IDZap, Ponoi, Safeweb, Magusnet, and Secret Surfer

David Chaum, "Untraceable electronic mail, return addresses, and digital pseudonyms," Communications of the ACM 24, no. 2 (1981):84-88.

Electronic Frontiers Georgia's list of anonymous remailer services [NO LONGER ACTIVE]

Cookie cutter software: AdSubtract, Window Washer, Cookie Crusher, Internet JunkBuster, Cookie Pal, Guidescope, IDCide Privacy Companion, Privacy Software Corporation products, and Personal Sentinel


Window Washer


McAfee Privacy Service

Zero-Knowledge Systems

The Online Privacy Store

Chapter 4. P3P History

Reachability management

Platform for Internet Content Selection (PICS)

Ross E. Mitchell and Judith Wagner Decew, "Dynamic Negotiation in the Privacy Wars," Technology Review 97, no. 8 (1994):70-71. [NEW] - Technology Review online archive now only goes back to 1997, but article is included in http://digest.textfiles.com/TELECOMDIGEST/vol14.iss0401-0450.txt (search for it)]

Transcript of 4 June 1996 FTC privacy workshop - see Paul Resnick's comments on p. 79 of the transcript of session two

Joel Reidenberg, "Information Privacy Rules Through Law and Technology" presented at the 19th International Conference of Privacy Data Protection Commissioners in September 1997 [BROKEN].

Script of W3C P3 Prototype

World Wide Web Consortium (W3C)

Lorrie Faith Cranor, "Bias and Responsibility in 'Neutral' Social Protocols," Computers and Society, September 1998, p. 17-19.

Lorrie Faith Cranor and Paul Resnick, "Protocols for Automated Negotiations with Buyer Anonymity and Seller Reputations," Netnomics 2, no. 1 (2000):1-23.

Online Profiling Standard (OPS) submission

W3C press release soliciting prior art for Intermind patent

B. Rein, G. Stephens, and H. Lebowitz, Analysis of P3P and US Patent 5,862,325, W3C Note 27-October-1999.

European Commission Working Party on the Protection of Individuals with regard to the processing of Personal Data, Opinion 1/98, Platform for Privacy Preferences (P3P) and the Open Profiling Standard (OPS)

August 29, 2000 press release on P3P by the Independent Centre for Privacy Protection Schleswig-Holstein, Germany


Response to BITS comments on P3P specification

Joseph Reagle, Eskimo Snow and Scottish Rain: Legal Considerations of Schema Design (W3C Note 10-December-1999).

Karen Coyle, A Response to "P3P and Privacy: An Update for the Privacy Community" (May 2000).

Lorrie Faith Cranor, "Agents of Choice: Tools that Facilitate Notice and Choice about Web Site Data Practices" in Proceedings of the 21st International Conference on Privacy and Personal Data Protection, 13-15 September 1999, Hong Kong SAR, China, p. 19-25.

Lorrie Faith Cranor, "The Role of Privacy Advocates and Data Protection Authorities in the Design and Deployment of the Platform for Privacy Preferences" in Proceedings of the Twelfth Conference on Computers, Freedom and Privacy, San Francisco, April 16-19, 2002.

Lorrie Faith Cranor and Rigo Wenning, "Why P3P is a Good Privacy Tool for Consumers and Companies," Gigalaw.com, April 2002.

Electronic Privacy Information Center and Junkbusters, Pretty Poor Privacy: An Assessment of P3P and Internet Privacy (June 2000).

Deirdre Mulligan, Ari Schwartz, Ann Cavoukian, and Michael Gurski, P3P and Privacy: An Update for the Privacy Community (March 2000).

Garbriel Speyer and Kenneth Lee, White paper: Platform for Privacy Preferences Project (P3P) & Citibank (October 1998).

Chapter 5. Overview and Options

W3C P3P Validator

Roger Clarke's Privacy Statements web page

Intelytics Site Sentinel

PrivacyWall family of products from Idcide

WebCPO product from Watchfire

Tivoli products from IBM

Zero-Knowledge P3P Analyzer

The Direct Marketing Association's guide to creating privacy policies

Online Privacy Alliance Guidelines for Online Privacy Policies

Better Business Bureau sample privacy notice

TRUSTe Privacy Resource Guide [ARCHIVED LINK]

Privacy Leadership Initiative's Privacy Manager's Resource Center

Privacy Diagnostic Tool (PDT) Workbook from the Information and Privacy Commission/Ontario

IBM P3P Policy Editor

Java 2 Runtime Environment Standard Edition version 1.3

W3C P3P implementation page

P3PToolbox.org P3P tool page

Chapter 6. P3P Policy Syntax

Naming and Addressing: URIs, URLs, ...

Namespaces in XML

RFC 2068

Chapter 7. Creating P3P Policies

BBBOnline Sample Privacy Notice

www-p3p-policy mailing list archive

Chapter 8. Creating and Referencing Policy Reference Files

D. Kristol and L. Montulli, HTTP State Management Mechanism (Request for Comments 2965, October 2000)

GNU wget


Chapter 9. Data Schemas

Tom Pixley, Ed, Document Object Model (DOM) Level 2 Events Specification. Version 1.0, (W3C Recommendation 13 November, 2000).

Chapter 10. P3P-Enabled Web Site Examples

list of P3P-enabled web sites

Robroy's web site

policy reference file for Robroy's web site

Chapter 11. P3P Vocabulary Design Issues

The Free On-line Dictionary of Computing

Designing a Social Protocol: Lessons Learned from the Platform for Privacy Preferences

Eskimo Snow and Scottish Rain: Legal Considerations of Schema Design

Federal Trade Commission, Privacy Online: A Report to Congress (June 1998)

Mark S. Ackerman, Lorrie Faith Cranor and Joseph Reagle, Beyond Concern: Understanding Net Users' Attitudes About Online Privacy, (Florham Park, NJ: AT&T Labs, April 1999).

Federal Trade Commission's Advisory Committee on Online Access and Security

Chapter 12. P3P User Agents and Other Tools

W3C P3P implementation page

Michael Edwards and Scott Roberts, Reusing Internet Explorer and the WebBrowser Control: An Array of Options (MSDN Library, July 30, 1998).

JRC P3P Proxy Service

Dino Esposito, Browser Helper Objects: The Browser the Way You Want It (MSDN Library, January 1999).

W3C P3P Validator

Compact Policy Translator

W3C P3P Test Suite

Chapter 13. A P3P Preference Exchange Language (APPEL)

15 April 2002 APPEL working draft

latest APPEL working draft

PICSRules specification

W3C XML Query work

Keynote Trust Management System

JRC APPEL ruleset editor

Date and time formats

RFC 1738

JRC P3P code download

Chapter 14. User Interface

script of the W3C P3 Prototype demo for the 1997 Federal Trade Commission workshop

Privacy Minder

Idcide Privacy Companion

Lorrie Cranor and Mark Ackerman, "Privacy Critics: UI Components to Safeguard Users' Privacy." in Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI'99), short papers (v.2.), p. 258-259.

Wendy E. Mackay, "Triggers and barriers to customizing software," in Proceedings of the Conference on Human Factors and Computing Systems (1991) p. 153-160.

Stanley R. Page, Todd J. Johnsgard, Uhl Albert, and C. Dennis Allen, "User customization of a word processor," in Proceedings of the Conference on Human Factors and Computing Systems (1996) p. 340-346.

Lorrie Faith Cranor and Joseph Reagle, "Designing a Social Protocol: Lessons Learned from the Platform for Privacy Preferences" in Jeffrey K. MacKie-Mason and David Waterman, eds., Telephony, the Internet, and the Meda (Mahwah: Lawrence Erlbaum Associates, 1998).

Lynette I. Millett, Batya Friedman, and Edward Felten, "Cookies and Web browser design: toward realizing informed consent online," in Proceedings of the SIGCHI conference on Human factors in computing systems (2001) p. 46-52.

W3C User Agent Accessibility Guidelines


Window Eyes

Harry Hochheiser, "Principles for Privacy Protection Software," in Proceedings of the Tenth Conference on Computers, Freedom and Privacy (2000) p. 69-72.

Appendix B

Compiling Apache

How Directory, Location, and Files sections work (in Apache)

Apache header directive documentation

iPlanet Knowledge Base: Implementing P3P with iWS 4.1 or iWS 6.0

Jigsaw documentation

Appendix C

Privacy in Internet Explorer 6


Appendix D

How to Create a Customized Privacy Import File

Security zones

Web Privacy with P3P
by Lorrie Faith Cranor
with Foreword by Lawrence Lessig
September 2002
O'Reilly & Associates
ISBN 0-59600-371-4
344 pages, $39.95

Privacy policy