Designing for Privacy Issues

Privacy has become a major concern because the news contains numerous stories of personal information misuse. One of the major misuses of personal information is identity theft, but that's by no means the largest misuse. Many users also feel that gathering personal information for marketing purposes without permission and full disclosure of how the requestor will use the information is also a major misuse of personal information. People don't want to suffer through a barrage of unwanted sales calls as witnessed by the proliferation of "No Call" lists both locally and nationally. In fact, many people are taking positive steps to take back their personal information or at least block further attempts to acquire new information. The proliferation of spyware blockers shows that users are becoming aware of covert attempts by some Web sites (including pop-up advertisements) to steal data from their systems.

Personal information covers a range of topics today. Most developers recognize that name , address, telephone number, and other personally identifying information is private. However, users don't want developers to know a lot of other information that some developers see as belonging to the public domain. For example, some developers will try to get the Referrer (the previous Web page), User -Agent (the browser type, version, and host operating system), and From (the user's email address) headers of the user's browser. Brisk sales of products such as Norton Internet Security demonstrate that users don't want developers to collect this information. An interesting side effect of this battle between user and developer is that even though the user is using a new version of products such as Internet Explorer and Netscape, the Web site often reports that the user has an outdated version of the product. You can easily avoid collecting browser information through careful design and by following standards. The Webmonkey chart at http://hotwired.lycos.com/webmonkey/reference/browser_chart/index.html helps you understand which design features to avoid based on browser compatibility.

Even with the best design, however, you'll eventually encounter a situation where you want to use cookies ( assuming the user has their browser set to accept cookies). Many users realize that cookies aren't inherently evil, but they also realize that a Web site could use cookies for nefarious purposes. All the pop-up ads that you see floating around on your favorite Web site are one reason that people are suspicious. Some of these vendors follow people around to the various sites they visit and keep track of their movements. However, you can overcome the fears of most users by maintaining a privacy policy and including special tags for that policy on your Web site. The most common way to publish and use a privacy policy is Platform for Privacy Preferences (P3P). The World Wide Web Consortium (W3C) sponsors this technique and you can read about the six easy steps for implementing P3P on your Web site at http://www.w3.org/P3P/details.html. The P3P standard (http://www.w3.org/TR/P3P/) also contains a wealth of information you should review.

Your privacy statement will consist of several files, including at least one P3P file that you create using the P3P generator and an XML reference file. A good generator will also help you create a generic privacy summary that you can use for queries from the user and a compact policy statement you can use in the response headers of pages that contain cookies. If you own the server you use for the Web page, you can place the privacy information in the \w3c folder of the Web site. It's also possible to create linkage between the privacy information and your Web page using a <link> tag similar to the one shown here.

 <link rel="P3Pv1" href="http://www.mwt.net/~jmueller/p3p.xml"> 

The problem comes in when you don't own the server that hosts your Web page ”the situation for many people, including small business owners . Internet Explorer 6 has several levels of cookie protection built in. The highest level will likely reject your privacy information because Internet Explorer relies exclusively on the compact policy statement supplied as part of the response headers. Adding the compact policy statement is relatively easy if you own the server. Listing 11.1 shows an alternative you can try when you don't own the server, plus some test code you can use to verify the results. You'll find the complete source code for this example in the \Chapter 11\Privacy folder of the source code located on the Sybex Web site.

Listing 11.1: Adding a Compact Policy to a Web Page

 <html> <head> <meta http-equiv='P3P'       content='policyref="http://www.mwt.net/~jmueller/p3p.xml",       CP="NOI DSP COR NID CURa OUR NOR NAV INT TST"'> <title>Privacy Demonstration</title> <script> function SetCookie() {     var UserCookie; // Stores the user name.     // Create the username cookie.     UserCookie = "UserName=" + escape(InputVal.value);     // Add the cookie to the document. document.cookie = UserCookie;     // Tell the user the cookie was saved. alert("The cookies were saved."); } function ReadCookie() {     var ACookie; // Holds the document cookie.     var Parsed; // Holds the split cookies.     var Name; // The user name.     // Get the cookie.     ACookie = unescape(document.cookie);     // Split the cookie elements.     Parsed = ACookie.split("=");     // Get the user name.     Name = Parsed[1];     // Display the name.     alert("Your name is: " + Name); } 

 

The <meta> tag at the beginning of the code is the essential addition to your application. The http-equiv attribute tells the server what kind of response header to add. Some servers don't honor this attribute, so this solution might not work completely in all cases. The content attribute tells the client where to locate the privacy policy for your Web site ”it works much the same as the <link> tag discussed earlier in this section. Finally, the CP attribute defines the compact policy for your server. Most tools, such as the IBM P3P Policy Editor shown in Figure 11.2, tell you what these codes mean and generate a text file containing them for you.

Figure 11.2: Make sure you generate a compact policy for Web pages that have cookies.

The test code consists of two functions attached to buttons on the example form. The first creates a cookie and attaches it to the document. The second retrieves the cookie stored in the document and displays the results on screen. Neither function is that exciting, but this is enough code to create an error with Internet Explorer 6 if the compact policy isn't accepted. You must have a compact policy in place and Internet Explorer 6 must accept it if you want users to use the high privacy setting. However, even if Internet Explorer 6 decides that it won't accept the compact policy, having a privacy policy in place and set up using the information provided in this section lets the user rely on the medium high privacy setting. Although the medium high setting isn't quite as comfortable as the high setting, it's much better than the low setting your Web site would require if it didn't have a privacy policy.