Forum OpenACS Q&A: P3P Standard and IE 6.0

Collapse
Posted by David Kuczek on
I heard that the new IE 6.0 by default only accepts cookies from sites
that are conform to P3P-Standards.

If your site isn't, the user will have to manually activate cookies.

Anyone familiar with the P3P-process? Worth it?

Collapse
Posted by Jonathan Ellis on
I dunno what p3p is, but I'm browsing openacs.org right now from IE 6, and I didn't manually activate anything...
Collapse
Posted by David Kuczek on
It's good to hear that you didn't have to activate any cookies manually while browsing on IE 6.0.

It might be possible that the people that wrote the article in Germany meant the IE 6.0 that comes with Windows XP...

http://www.w3.org/P3P/

Collapse
Posted by Jonathan Ellis on
relevant quote:
The default setting in IE 6 allows a "first-party" cookie to be set, meaning that if a person visits Yahoo the browser will accept a cookie from Yahoo.

However, "third-party" cookies--most often set by marketers or ad networks to track consumer response to promotions--will be allowed through IE 6 default settings only if the third party allows consumers to opt out of data-collection practices. If the company doesn't give consumers an option, the cookie will be blocked.

my experience confirms this.
Collapse
Posted by Bart Teeuwisse on

IE 6.0 lets you change the privacy settings whereby you can elect to review the site's privacy policy before you add the site to the list of sites whose cookies you accept.

The default in IE 6.0 is to accept cookies more freely, in fact it seems the same as in IE 5.0. Read Microsoft's Privacy in Internet Explorer 6 for the exact definition of the various pre-defined security levels.

If you do choose the review the privacy policy of the site you are visiting before you decide to accept their cookies then IE 6.0 will display the company privacy policy upon entering the site. Sites that don't have a P3P compatible privacy policy show up with a blank page which could leave a bad impression on the user.

I haven't worked with P3P policies yet, but put in a first attempt in the near future

--Bart