×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sites Wary of Adopting P3P

timothy posted more than 12 years ago | from the p2p-was-hard-enough dept.

Privacy 154

technogamy writes: "CNN is reporting on the industry's take on P3P, the W3C's Platform for Privacy Preferences.According to the article, the W3C is expected by April to formally adopt P3P -- of course, as many of you are aware, Microsoft's IE6 already includes an implementation of the client side of P3P. 'Because Microsoft's browser checks for P3P, sites risk getting flagged if they don't adopt it.' P3Pizing (or 'pethripizing') a complex site can evolve into a Herculean task...! (See also EPIC's critique of P3P.)"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

154 comments

P3P is DEAD DEAD DEAD (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3175298)

Nobody is using it. Oh, and fp.

Re:P3P is DEAD DEAD DEAD (0)

Mayor McPenisman (557253) | more than 12 years ago | (#3175355)

Hey, I want to steal this FP thunder:

Could people who read /. and have interesting stories to post just respond to the current FP and post the link?

I know that interesting people read /. and I want to make reading /. a useful experience again. So do me this favor.

Re:P3P is DEAD DEAD DEAD (0)

Anonymous Coward | more than 12 years ago | (#3175360)

Many people have started to rely on m o n o l i n u x [monolinux.com] for all their Linux needs.

Just a thought.

- Blair

GODDAMMIT (0)

Anonymous Coward | more than 12 years ago | (#3175515)

Not every fp is offtopic. NOBODY IS USING P3P, SO IT IS DEAD. What part of that did you cum-sucking retards not get through your thick skulls?

I worked on this.. (3, Interesting)

Sc00ter (99550) | more than 12 years ago | (#3175301)

At my old job (before getting laid off) at an internet advertising company this was top priority. P3P is actually really cool, and it wasn't all THAT hard to get it implemented. It probably would have been faster for us if we didn't have a sucky developer.


I wonder if doing it with a module for Apache would be a good idea.. mod_p3p, then it reads your privacy stuff from a config file. That sure would save a lot of time for a lot of people.

Re:I worked on this.. (2)

nzkoz (139612) | more than 12 years ago | (#3175317)

Maybe not an apache module, but libraries for perl, python, PHP, JSP etc. The less work it is for the actual web developers the more likely our privacy concerns are going to be respected.

Definition of "Privacy" (1)

Taco Cowboy (5327) | more than 12 years ago | (#3175478)

You said:

"P3P is actually really cool, and it wasn't
all THAT hard to get it implemented."

Yes, implementation may be easy, but would you enlightened us as to the COST of the implementation of P3P ?

The thing is, do you have to SPECIFY a "privacy rule" just to state that your site "respects" the visitors' privacy ?

It's kinda like sholving legalise to the throat to the WEB scene.

I know lawyers are used to the legalise thingy - like "off the record" thing, but for the visitors and those who are operating websites (commercials or otherwise), do we HAVE to state our "privacy rules" before allowing others to surf into our domain ?

What kind of world will we be living in, if we apply the P3P rule into our real lives ? Will we have to tell ALL THE VISITORS to our offices, home, or even recreation events that we respect their privacy, that there will be no hidden cameras or microphone recording their movement / speech, and there will be no PI (private investigator) tracing where they come from and where they will be going to, and so on ?

Think of the consequences, will ya, please ?

Re:Definition of "Privacy" (2)

Sc00ter (99550) | more than 12 years ago | (#3175484)

Well.. at the internet advertising company we already had a privacy policy set in place.. How they got to it, I have no idea. As for the sites that ran our ads, they didn't have to do anything, since our p3p code was in our http headers. As far as running it on your own site, I wouldn't know

Re:Definition of "Privacy" (0)

Anonymous Coward | more than 12 years ago | (#3175595)

We have a policy in place as well.

It's called, "Don't ask, don't tell".

Seems to work pretty well so far.

I've implemented this, and use it day-to-day. (4, Informative)

SuperBug (200913) | more than 12 years ago | (#3175832)

To actually implement P3P, you only need mod_headers when using apache. There is no magic here, it's only a damn header + two XML files, at it's most basic.
At it's most basic P3P just a header being looked at by a http user agent which has a P3P agent built in. I believe to date it's only I.E. 6.0. Though Mozilla, Opera, Galeon, and Konquerer are sure to follow.
Many aspects of P3P are positive, but there are parts of the specification which have yet to be properly determined and implemented, in a real-world environment.
The main parts affected would be any "Third-party" though any "First-party" running a site and issuing cookies of any unacceptable fashion, mainly things which are PII related and cannot be opted out of, will be flagged.
. In short, be sure you have an opt-out mechanism for your shoppers if you're an e-commerce site.

Also, any "Third-party" acting as an "Agent" on behalf of any "First-party" which is issuing cookies or collecting data, regardless if PII is involved. The spec for being a "Third-party Agent" has yet to actually be implemented by anyone, though I know some people who will try this soon. Up to this point, the view of "Third-party Agent" is quite desireable to anyone on the 'net who operates in such a manner. It nearly absolves them of "having" to deal with any consumer related issues regarding their data collection because you can point people back to the "First-party's" P3P policy, rather than having to maintain your own.

The obvious problem here though, is scalability and maintainability. It's tantamount to remote key-managment. You must then manage your "First-party" client's P3P Policies and keep in contact/communication with them to ensure that any changes are propagated to you, should it change, yet you continue to serve an *out of date* P3P Compact Policy in the web server's headers for that client, you very well could be blamed for screwing the data they hired you to collect for them in a very bad way.
Aside from that, P3P is a very positive thing for consumers and business persons in such a way that it opens a channel of communication which did not exist so much in the foreground, as P3P enables, before. Hope this is useful to anyone trying to understand some of what P3P really is.

Damn (1, Informative)

Anonymous Coward | more than 12 years ago | (#3175306)

It's a shame that Mozilla doesn't yet support this. Sure, it's not a standard yet, but Microsoft had no problem jumping on it and getting it out and in use (in 90% of the browsers out there, no less). Oh well, you get what you pay for, I guess.

Re:Damn (0)

Anonymous Coward | more than 12 years ago | (#3175339)

uuh...you didnt pay for IE did you ? you downloaded it for $0. does that mean you got what you paid for (nothing) ?

Re:Damn (2)

Stone Rhino (532581) | more than 12 years ago | (#3175358)

But you DID pay for windows. Unless you're a 1337 w4r3z d00d. Where do you think Micro$hit gets the money for their world domi^H^H^H^H^H^H^H^H^H^Hbrowser?

Re:Damn (0)

Anonymous Coward | more than 12 years ago | (#3175372)

The cost of IE is included in the price of Windows, along with all subsequent (and frequent) security updates therein.

Re:Damn (0)

Anonymous Coward | more than 12 years ago | (#3175395)

uuh...im running it on solaris. who said anything about IE for windows ?

Re:Damn (0)

Anonymous Coward | more than 12 years ago | (#3175435)

Yeah, and you don't have P3P integration in your browser either, dipshit. I stated the original post about IE for Windows because that's what it applied to.

Re:Damn (0)

Anonymous Coward | more than 12 years ago | (#3175607)

I hope you're not speaking for all MS IE users, cos you seem pretty brain dead.

*BSD is dying (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3175309)

Netcraft has confirmed: *BSD is dying

Yet another crippling bombshell hit the beleaguered *BSD community when recently IDC confirmed that *BSD accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as further exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.

You don't need to be a Kreskin [amdest.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all, having lost 93% of its core developers.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it wll be among OS hobbyist dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

*BSD is dying

Profiles for browsers (1, Insightful)

ZaneMcAuley (266747) | more than 12 years ago | (#3175312)

It would be nice to have this customisable to a list of websites, on one website you could have TEXT ONLY, on others the IMAGES ON etc...

Hi Nikki! (0)

Anonymous Coward | more than 12 years ago | (#3175321)

We love to eat Channa and Potato Pancakes! With Tobasco! Thanks!

Re:Hi Nikki! (0)

Anonymous Coward | more than 12 years ago | (#3175485)

That's Tabasco.

I can't be the only one... (3, Funny)

oGMo (379) | more than 12 years ago | (#3175322)

Am I the only one who saw the headline and wondered whether P3P was some new file distribution fad? ;-) I can see it now. P3P: Share music with two friends at once!

OK, sue me, it's been a long day...

Re:I can't be the only one... (-1)

beee (98582) | more than 12 years ago | (#3175399)

i figured it was about p2p and timmah made a typo. who the fuck cares about this YRO shit? not me...

Mozilla (1, Informative)

Anonymous Coward | more than 12 years ago | (#3175329)

Mozilla also used to have an implementation of P3P in that the cookie section of preferences had an option to accept or reject cookies based on a sites privacy policy which I assume was derived from the P3P standard, but as of 0.9.9 and current nightlies the preference has been removed because "it didn't work anyway". Whether this "not working" refered to the implentation or the fact that no real sites have P3P policies so it is misleading, I don't know.

Privacy Protection...? Probably... (2, Insightful)

KeatonMill (566621) | more than 12 years ago | (#3175335)

The thing that I wonder about is HOW people ensure that these privacy claims are followed through with. I trust that, for most sites, the want to protect privacy and the drive to do so is there, but despite eTrust and despite (eventually) P3P, I'm still getting lots and lots of junk mail even though I recently changed e-mail addresses. These standardized privacy ratings are great, since they provide a common scale from which to view the results, don't get me wrong here. But I just think that there should be a better way of, if not ENFORCING privacy, at least downgrading site's ratings if they don't keep true to their word. (It's also possible it's the ads on the site collecting the data, not the site itself)

I guess what the whole internet needs is a /. type moderation system.

Why bother for private sites? (4, Interesting)

Bonker (243350) | more than 12 years ago | (#3175347)

I have to say that this is a way of trying to shut out non-commercial sites from the web. For example, my site [furinkan.net] is a privately run anime fansite with nothing for sale and no adds. Despite this, it gets flagged for not having a compliant privacy policy.

Now, I suppose that I could make a privacy policy for my site, but why should I have to bother when I'm obviously not in any kind of business, let alone selling personal information?

The web should be for *everyone*, not just businesses with large advertising budgets. Shutting out sites who don't have privacy policies posted is FUD tactics against little guys, plain and simple.

Re:Why bother for private sites? (2)

Sc00ter (99550) | more than 12 years ago | (#3175365)

I don't get any kind of warning in IE6.

Re:Why bother for private sites? (2)

Fweeky (41046) | more than 12 years ago | (#3175687)

> I don't get any kind of warning in IE6.

You'll get a little icon in the status bar you can click on if it blocks something based on your settings; look at View -> Privacy Report otherwise.

Yahoo [yahoo.com] is a good example to try it out on, since it seems to specify just about everything.

Re:Why bother for private sites? (2)

los furtive (232491) | more than 12 years ago | (#3175383)

But are you collecting any information such as email addresses? Even if your current intent is innocuous (email updates), what happens two years down the road when money is getting tight and someone offers to buy that list? Of course P3P isn't going to stop that, but it helps promote privacy as being important in the public's conscience...This is definitely a step up, and not a step down, and shouldn't be poopooed as a tactic against the little guy. It's a tactic for the little guy.

Re:Why bother for private sites? (0)

corps_inc (564368) | more than 12 years ago | (#3175442)

As for my e-mail, I don't care I'm swaping ir once a year. My private e-mail doesn't get to any site that requires it. Register shitguy@anymail.whatever I wonder who will pay for that.

Re:Why bother for private sites? (1)

los furtive (232491) | more than 12 years ago | (#3175585)

Yes, junkmail accounts are a great utility, but if your original intent was to read the mail you signed up for (a newsgroup for example) then most likely you would have given your legitimate address, wouldn't you? Now what happens when the guy running that newsgroup changes his mind and sells all those accounts? Sure P3P won't stop him from doing that in a court of law, but if he goes against his publicised word then it help make him look bad. As for changing email accounts every year, it's no different than changing apartments every year:sooner or later you realize that it's your own dang fault that you've lost touch with everyone ad get the urge to settle down.

Re:Why bother for private sites? (0)

Anonymous Coward | more than 12 years ago | (#3175634)

How the hell does this guy get modded up so high when he's talking out his ass?


1. His site doesn't show a warning in IE6 like he says it does.


2. If your site doesn't have a p3p policy you don't get "shut out" you get a little do not enter symbol on your IE6 window in the bottom, barly big enough to see, and does not stop you from viewing the site.

Re:Why bother for private sites? (1)

WildBeast (189336) | more than 12 years ago | (#3175703)

well your site runs fine and even if it doesn't have a compliant privacy policy it'll still run fine.

If however you use cookies on your website, then IE will put a little (not even visible) warning about the fact that you don't have a privacy policy.

What about Slashdot? (4, Interesting)

los furtive (232491) | more than 12 years ago | (#3175348)

I'm sure it's members would like to know what they have to say about it. How far up the priority list is this one CmdrTaco? And what does Katz have to say about it?

Hope this dies (2)

Pussy Is Money (527357) | more than 12 years ago | (#3175351)

Conceptually, the biggest problem with P3P is that it presupposes that the browser is already in control of sensitive and confidential information. This jibes perfectly with the vision behind schemes like Passport and product activation.

Practically, the system is a nightmare to configure. If this thing ever gets widespread adoption I am sure we will see a surge of privacy consultants and third party privacy management tools.

The real question is (1)

dsanfte (443781) | more than 12 years ago | (#3175722)

Is our privacy important enough to justify further complicating the web?

That's going to be answered by different people, of course, but that's what it boils down to.

test of page widening (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3175353)

.did .they .fix .this .yet .cmdr .taco .said .it .was .almost .fixed .because .it's .incredible .annoying .so .let's .see .did .they .fix .this .yet .cmdr .taco .said .it .was .almost .fixed .because .it's .incredible .annoying .so .let's .see .did .they .fix .this .yet .cmdr .taco .said .it .was .almost .fixed .because .it's .incredible .annoying .so .let's .see .did .they .fix .this .yet .cmdr .taco .said .it .was .almost .fixed .because .it's .incredible .annoying .so .let's .see .did .they .fix .this .yet .cmdr .taco .said .it .was .almost .fixed .because .it's .incredible .annoying .so .let's .see .did .they .fix .this .yet .cmdr .taco .said .it .was .almost .fixed .because .it's .incredible .annoying .so .let's .see .did .they .fix .this .yet .cmdr .taco .said .it .was .almost .fixed .because .it's .incredible .annoying .so .let's .see .did .they .fix .this .yet .cmdr .taco .said .it .was .almost .fixed .because .it's .incredible .annoying .so .let's .see

Re:test of page widening (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3175362)

Sorry everybody, I heard a rumor that page widening was fixed, and wanted to see for myself since it seemed pretty quiet on the page widening front.

Apparently not.

Re:test of page widening (0)

Anonymous Coward | more than 12 years ago | (#3175409)

The page looks fine here. Maybe your browser is shitty and/or broken?

Re:test of page widening (0)

Anonymous Coward | more than 12 years ago | (#3175414)

I am using IE, which is by far the superior browser. Unfortunately, it also has a bug with regard to this.

Klerck investigation (-1)

ArchieBunker (132337) | more than 12 years ago | (#3175474)

I was doing some thinking about this. Klerck does that page widening shit as a troll. Real trolls try to disrupt normal slashdot readers with fake goatse links or creative posts. Klerck only affects people who read at 0 or -1, trolls themselves. This means he is somewhat of an anti-troll. We all know IE is a superior browser and his page widening only affects it. CmdrShithead could easily fix this issue but he choses not to because it causes problems for his enemies, us trolls.

Re:test of page widening (0)

Anonymous Coward | more than 12 years ago | (#3175566)

No, you are using a browser that is both a piece of crap and worthless. Your goddamn fault.

Re:test of page widening (0)

Anonymous Coward | more than 12 years ago | (#3175625)

At least IE's CSS support works right, which the OSS community seems totally unable to do.

Re:test of page widening (0)

Lunar82 (541435) | more than 12 years ago | (#3175570)

They claimed it was fixed in the latest revision of slash. But that version isn't being used on slashdot yet. Thanks guys, where do I send my $5 ?

page widening is a form of terrorism (0)

Anonymous Coward | more than 12 years ago | (#3175504)

and should be punished as such. Does anyone here have FBI connections so this guy can be brought to justice?

Goodbye. (-1, Offtopic)

Lunar82 (541435) | more than 12 years ago | (#3175363)

I've decided to retire the "Lunar82" identity.
Because I can't simply delete it, I have decided to
make it available to the public. The password is as follows. 123456789
Do what you want with it, I don't care.

Re:Goodbye. (-1, Offtopic)

Lunar82 (541435) | more than 12 years ago | (#3175376)

Why would anyone care about getting this account? It's not like it's some low number, or has high karma or something.

Re:Goodbye. (-1, Offtopic)

Lunar82 (541435) | more than 12 years ago | (#3175392)

Eh, I'm already tired of it. I just wanted to see if I could get it before someone else did. The new password is 541435.

I'm like, way bored.

Re:Goodbye. (1, Offtopic)

Oily Tuna (542581) | more than 12 years ago | (#3175681)

user and/or IP got banned with the corrupted UUEncoded post.

New password is bollocks

Mixed thoughts.. (4, Insightful)

steppin_razor_LA (236684) | more than 12 years ago | (#3175368)

I haven't read the full specifications -- so take anything I write with a grain of salt. I've spent years building web applications, authored a popular anti-spam package, and have done some work building an advertising filtering & privacy enhancement proxy server-based package.

It seems to me that a better approach would be something like this (call it Personal Information Widget):

User puts all of their personal information into some form of a "wallet" (yes - I know there are technologies similar to this) -- the information resides on their computer not in a passport on a third party server.

When a user goes to a site and wishes to sign up for registration, to purchase something, etc -- there should be a mechanism where that site is able to formulate a list of the fields that it wants + requires for registration. The site will send this (i.e. XML) to the Personal Information Widget.

The PIW will pop a window on the user's screen showing them what information the site wants + requires. The other can then choose to "deny" "allow all" "allow required" or "custom".

If they deny -- end of transaction.
Allow all -- give the site everything it wants
Allow required - give the site only required fields
Custom - chose to give the site information different than in your profile.

This sort of approach would solve one of the major problems of building registration-based sites -- the pain in the ass factor of getting people to type in their information for the Xth time -- without doing anything sneaky about privacy.

In an ideal world, I would be able to choose to allow cookies that are required for a web application to funciton, but deny cookies used to track my viewing habits (especially across multiple sites). I don't think that a "protocol" can really solve this problem though.

Once a site uses cookies, they inherently have the ability to track you -- whether or not that is there intent -- this protocol doesn't really protect your privacy.

I'm not really opposed to cookies -- as a web developer, it is painful for me to imagine coding without them! That said, I don't like the idea of someone tracking my usage habits across multiple sites and then potentially correlating that back w/ registration information to me.

I tend to disallow third party cookies. I know that this breaks a number of 1x1 pixel tracking tools -- but this same sort of technology could be ran off the web servers of the clients or if it was really necessary to outsource it -- you could use DNS (i.e. tracking.yourcompany.com points to webtrendslive.com ) to limit the tracking cookies to a single domain.

You can disallow third party cookies and protect your privacy that way w/o this extra layer of technology added.

I am a priori (guess I'm being closed minded) opposed to anything that facilitates that automatic transfer of information. I just can't wait to see someone find an exploit....

Re:Mixed thoughts.. (1)

mdubinko (459807) | more than 12 years ago | (#3175453)

When a user goes to a site and wishes to sign up for registration, to purchase something, etc -- there should be a mechanism where that site is able to formulate a list of the fields that it wants + requires for registration. The site will send this (i.e. XML) to the Personal Information Widget.

Hmmm sounds like W3C XForms [w3.org] would be a great way to tag individual 'fields' [w3.org] with the type of personal information requested...

Re:Mixed thoughts.. (1)

steppin_razor_LA (236684) | more than 12 years ago | (#3175539)

I'm glad that thought is being given to a standard that defines a standard for a personal information object -- I'm just not sure that I agree with what the plans are to use that information.

Standard Microsoft (1)

CrazyJim0 (324487) | more than 12 years ago | (#3175369)

They make a technology incredibly hard to use, so only people trained by Microsoft can use it.

Re:Standard Microsoft (2)

Sc00ter (99550) | more than 12 years ago | (#3175381)

Nice troll.. Microsoft didn't invent this p3p thing.. perhaps you missed "W3C's Platform for Privacy Preferences" in the article.. It's a standard, Microsoft was just the first to implement the client side of it.

Re:Standard Microsoft (0)

Anonymous Coward | more than 12 years ago | (#3175431)

Actually this sounds exactly like dirty Open Source hippies.

Re:Standard Microsoft (0)

corps_inc (564368) | more than 12 years ago | (#3175500)

I bet you're one of M$ fuckups

Re:Standard Microsoft (0)

Anonymous Coward | more than 12 years ago | (#3175658)

Nope. I have used Linux and FreeBSD. I gave them both a fair chance, and they didn't serve my needs or wants. I also don't like the attitude of the developers in general. So I use Windows 2000.

The problem with P3P is... (2, Informative)

Dr Kool, PhD (173800) | more than 12 years ago | (#3175377)

P3P has absolutely no Application-Server/Scripting support. It's just a
simple XML-File that tells the User what (personal) data the Website
collects, and is Requested with "hard-coded" relative URL's.
Assume a PHP Website with URL-based Session's. A User Request the Homepage
(/index.phtml) - he's anonymous, collected data is anonymous. The (static)
P3P File tells the User that the collected data is anon. Well, now the User
logs-in via a Form-Submit and reloads the Page (/index.phtml). The
information is set in the PHP-Session, the User is shown other
(personalized) Content, but the P3P-File is still the same, telling the
user, that the collected data is still anonymous - this is (or may be) wrong
now.

P3P has no mechanism to handle this case, in P3P you can only set a
different policy for (sub-)folders (differrent URI's). The problem is, that
the GET Request is absolutely the same, it doesn't matter if the user is
logged-in or anonymous (well, it would be a security hole, if someone is
able to find out, if a user is logged-in when (s)he takes a look at the URL,
hm?).

Sure, it's possible to copy all "templates" to another subfolder and link
logged-in users to this one, but why should I do so? The advantage of using
templates (a I define them) is that they just show any content. They don't
care if this content is personalized or not. The content is "prepared" by
the "business logic" - programmed in PHP - and stored in a database. This
way, I'm able to use the same "templates" for logged-in and anonymous
users - well, half the work to do...

Re:The problem with P3P is... (0)

Anonymous Coward | more than 12 years ago | (#3175472)

nice cut and paste job

The solution is 302 with include (1)

yerricde (125198) | more than 12 years ago | (#3175498)

Sure, it's possible to copy all "templates" to another subfolder and link logged-in users to this one, but why should I do so? ... I'm able to use the same "templates" for logged-in and anonymous users - well, half the work to do

Then simply have the templates in / and the templates in /members/ include the same PHP code.

Re:The problem with P3P is... (4, Informative)

Fweeky (41046) | more than 12 years ago | (#3175656)

"in P3P you can only set a different policy for (sub-)folders (differrent URI's)"

Uhm, no, you can specify policies for URI's, methods (GET/POST/PUT/DELETE etc) and cookies (including name, value, domain and even content).

For example:

<POLICY-REF about="/P3P/UserPolicy.xml">
<COOKIE-INCLUDE name="loggedin" value="*" domain="*" path="*"/>
</POLICY-REF>

If you really can't describe your case:

  1. Generate the headers dynamically based on whether they're logged in or not.
  2. Generate the P3P dynamically based on whether they're logged in or not.
  3. Just describe the case for logged in users, since your anonymous logging is likely just a subset of that anyway

And, of course, talk to the peeps on the P3P ml [mailto] and see if you can get it fixed in version 2.

I am looking for a true_girlfriend (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3175379)

I am looking for a girlfriend.

If you have the same hobbies like me, it could be lovely! I love anime, sci-fi and gourmet home cooking.

I don't care much about looks, as long as you're not a monster, but I rather not go out with you if you are: fat, hairy, melancholic, depressing, over-sarcastic or a bad person.

If you think you comply, then answer this comment. Thank you.

PS: WTF is P3P? Why don't they explain? I'm too tired at this time of the night to browse for this thingie, goddamnit. Can't you add a little explanation?

Re:I am looking for a true_girlfriend (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3175416)

Good idea, post to a website where 90+% of the people are flaming linux faggots! I hope CmdrTaco ass rapes you.

Re:I am looking for a girlfriend1 (0)

Anonymous Coward | more than 12 years ago | (#3175449)

(It's me again, the girlfriend seeker)

You mean ass raping like in Pulp Fiction, when they played that cool music background? I don't think CmdrTaco would do that. He's not a bad person.. those who ass rape are the trolls, usually, with all their goatse references.

Regards,
Trey Parker

I am looking for a girlfriend1 (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3175424)

Who moded me down?!?!?

That's so unfair! My posting was certainly on-topic.

I believe I deserve to have a girlfriend. Hmm.. but tell you what, I'm so happy that I used that "post anonymously" box. :) I didn't lose karma! It's so cute.

You know what's annyoing, though? I made the topic with underscore, especially so that I'd be able to search for that comment later, but it seems that I can't search for comments with the underscore sign. The dumb search of slashdot converts the underscore into a space.

Anyway, I'm off to sleep. Good night!

Regards,
Trey Parker.

Re:I am looking for a girlfriend1 (0, Offtopic)

m4g02 (541882) | more than 12 years ago | (#3175479)

You really are dumb, you wont find a girlfriend on slashdot, dont be a fool, if you really want a girfliend go and play Quake3 or CounterStrike!, even better!, i know a girl named Alice who will be intersted on chating with you, find her on http://www.alicebot.org

Re:I am looking for a girlfriend1 (0)

Anonymous Coward | more than 12 years ago | (#3175508)

I am not dumb!
Can't you see that my sentences are flawless, and my comments are interesting and intelligently written (so what if they're moded down)?

Why did you call me dumb? You know, when you exert evilness on people, some of the evilness stays in you and pollutes you.

PS: Alicebot is not useful at all. The AIML model they invented is simplistic, as all what it can do is give an answer to a single statement. It doesn't remember information from prior answers, so you can't really handle a conversation that way. We're still far away from a real AI psychiatrists.

Regards,
Trey Parker

Re:I am looking for a true_girlfriend (0)

Lunar82 (541435) | more than 12 years ago | (#3175425)

Like the other guy said, you're looking in the wrong place. Everyone knows that all the hot chicks are on k5.

Re:I am looking for a girlfriend1 (0)

Anonymous Coward | more than 12 years ago | (#3175470)

Hi Lunar82,

I'm sure there are some cute geek girls here. They just have to read my message. And anyway, I'm not sure the situation in K5 is better. Although Anne Marie [educatedescort.com] used to write there, I didn't notice any other cute girls in that site.

Maybe you can recommend me on another site? I wish I could find a place with desperate girls, as I'm pretty desperate myself. But what- I don't want girls who are desperate because they are too ugly, fat or psychotic. I want girls who are desperate because of sheer bad luck, so I'll be able to be their savior.

Regards,
Trey Parker.

Re:I am looking for a girlfriend1 (0)

Lunar82 (541435) | more than 12 years ago | (#3175497)

If you are looking for some smart-but-average-looking girls then I suggest you try the library.

I am looking for a girlfriend1 - Library? (0)

Anonymous Coward | more than 12 years ago | (#3175523)

Well, it's problematic.

I can't just go and hit on chicks there, since it's not a pub.

Another way I can think of is just to become a regular in the library, know who are the other regular girls there (and also meet my male rivals that do the same thing), get to know them and after a while ask them for their phone number - a very lengthy procedure.

It's hard to be a geek. It's harder to be a geek looking for girlfriend.

- Trey

Re:I am looking for a girlfriend1 - Library? (0)

Lunar82 (541435) | more than 12 years ago | (#3175558)

It might be a lengthy procedure, but while you are at the library you can borrow the erotica and masturbate a lot to relieve the boredom.

Re:I am looking for a girlfriend1 (0)

The real Anne Marie (255255) | more than 12 years ago | (#3175626)

Hello Trey,

I still read Slashdot quite frequently (and it's still linked on my old site [educatedescort.com] I just don't post much to keep the controversy down and the articles about me to a minimum ;)

My new site though (which is a bit more acceptable to the masses) is ALL about a gorgeous geek. She is a total brainy babe. Sound too good to believe? I know it's been in the works for ages, but it'll finally be up in APRIL! So check often at my new site [brainyblonde.com] for the latest ;) Even good ole Kevin Mitnick will be on there with me. And yes this is the REAL Anne Marie, not the person who wrote claiming to be me (whose name is Anne Marie as well) who stirred up all that commotion over on K5! ;)

Anne Marie

Re:I am looking for a girlfriend1 (0)

Anonymous Coward | more than 12 years ago | (#3175870)

Aren't you full of yourself?!

Re:I am looking for a girlfriend1 (0)

Anonymous Coward | more than 12 years ago | (#3175879)

I NEED A BITCH TO DO THE DISHES AND LAUNDRY, NOT USE MY COMP WHEN I WANT TO. YOU AREN'T EVEN *THAT* GOOD LOOKING.

Lameness filter: off.
Proof: "fsdfnjkasdfansdjfnasjdfnjiasndfjnasjifdnjaisdnfji ansdfijnasjdnfjiansdjfasdjnfjiansjfnasjdfnjsadnfja sndfjnsadjfnasjdnfjiandsfjansdjfnasjdfnajsndfjasnd fjnasdjfinsajfdnjsidanfjiasndfnjasnfjasdnfjiasnfji sndfjinasdjfjiasndfjiasjindjasndjfnjaidsnfjinasdjf idjansfjisdnjfinajsidnfjinasdjfnjiasndfjinasdjfnji asdnfjinjasdfnjdsafnjidsanf".

A question... (1, Insightful)

Anonymous Coward | more than 12 years ago | (#3175411)

I don't know anything about P3P, and reading the website for the standard didn't help me answer this question.

So I'll ask Slashdot people:

What's to keep a site from lying or misrepresenting its usage policies?

And if the answer is nothing, then what the hell use is P3P? It seems that it doesn't affect me at all: I'll still refuse to send cookies to certain site, not keep cookies stored, and encrypt things.

fp fp fp! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3175415)

Yeah biatchez!

Holla out to all dem biatchez. w00t! w00t

this shows the hidden costs of monopolies (1, Offtopic)

discogravy (455376) | more than 12 years ago | (#3175432)

whether MS's browser monopoly is legal or not, this shows the hidden costs of monopolies in general. A lot of webpage serving is done on *nix boxes running apache -- machines that could surf the websites they're serving, because IE isn't available on that platform -- and because MS's monopoly of browsers (even fucking slashdot shows most readers use IE,) this puts MS in a powerful position to dictate what they consider important and proper. This isn't even about money, although I'm sure it'll cost a lot of money to pay to get various sites to comply, this is about effort and choices. As a webmaster, I don't want someone else dictating when I have to change my site's design, and I certainly don't want someone telling me that I have to do something. This is probably just the contrarian in me, and for all I know, p3p is the wave of the future and The One True Way and I'm a fool for not having done it already, but hey, it's my website and I'd like to fucking make decisions all on my own, thanks anyway, MS.

Support alternate browsers (like opera and mozilla,) if you're a Windows user.

Re:this shows the hidden costs of monopolies (1, Informative)

Anonymous Coward | more than 12 years ago | (#3175469)

Uh, where the hell did this troll come from? If you don't want to support p3p, don't. It would be nice if you supported the w3c standards but just like there's nothing forcing you to serve documents in html, there's nothing forcing you to use p3p. By the way, before you get too into IE alternatives, be sure to note that other browsers want to support p3p as well. Mozilla has partial p3p support now, with decent support to be available by 1.0. Full p3p support in Mozilla is scheduled for post-1.0 work (bug 62399).

Simple solutions (2, Interesting)

david.johns (466417) | more than 12 years ago | (#3175464)

One of the criticisms of this is that it doesn't have any enforcement behind it.

There's nothing to stop the industry, or me, or all of us who run websites, from just saying, "Sure, we respect virtually everything about your privacy!" and then selling the hell out of your information.

So, for those of us for whom it would be a pain - we have two easy choices. We can a) ignore people who bother to use it 'cuz it sucks or b) adopt the most private P3P policies possible, and then don't worry about them.

The real problem this will have on the developer end is having the P3P options mean something. If there's no reason (legislation, for instance) for big business to respect their own P3P policies, why should I pretend that mine have anything to do with reality?

Only one question... (1)

Akardam (186995) | more than 12 years ago | (#3175482)

When will Slashdot become P3P complaint?

Re:Only one question... (-1)

Serial Troller (556155) | more than 12 years ago | (#3175511)

Well, let's see. They place DOUBLECLICK COOKIES on our computers. They place a cookie named "ANON" on your computer if you browse anonymously. They have 1x1-pixel WEB BUGS coming from a server IMAGES2.SLASHDOT.ORG. And they sell our email addresses. How ELSE would I start getting spam at my slashdot-45212@(domain).org address!?

Do you think they WANT to write up a page documenting all these ATROCITIES!?

Join P3PSI (3, Informative)

yerricde (125198) | more than 12 years ago | (#3175534)

When will Slashdot become P3P complaint?

You might want to start a P3P Slashdot Initiative. Tell those in charge that you won't subscribe until Slashdot implements P3P, a W3C Proposed Recommendation [w3.org] . You can even call it P3PSI (pronounced PEP-see).

ttttgg (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3175499)

My Experience With Windows
I am a long-time Linux user and avid fan of GNU products, but I decided to try Windows to see what the hype is all about.

The long and short of it is that Windows sucks. It is basically unusable in its current state. I mean, who needs 8 half-working text editors? vi beats them all anyway, hands down.

Luckily I was running a vmware session so I just killed the session and the pain was over.

[ Reply to This | Parent ]

My Experience with Heterosexuality (Score:-1, Offtopic)
by Anonymous Coward on Saturday March 16, @03:12PM (#3174178)
My Experience with Heterosexuality

I am a long-time Homosexual fag and avid fan of Homosexual products (like dildos), but I decided to try Heterosexuality to see what the hype is all about.

The long penis and short penis of it is that Heterosexuality sucks. It is basically unpleasurable in its current state. I mean, who needs 8 half-working female vaginas? Ass beats them all anyway, dick up.

Luckily I was sucking a guy's cock so I just swallowed the semen and the pain was over.

Anyone who has read Brooks' "The Mythical Man-Month" will tell you that more coders != more productivity. Not always, anyway. And I think that this especially applies to open source projects where coders are often doing their work in different countries, if not different continents. I'm sure the openoffice team spends a hell of a lot of time just getting together and planning stuff, integrating everyone's code, etc. During this time the core KOffice developers can be banging away at the keyboard writing more code.

So it's not hopeless, even the smallest coder can change the course of the future :)
[ Reply to This | Parent ]

Re:there's still hope (Score:0)
by Anonymous Coward on Saturday March 16, @03:55PM (#3174345)
Anyone who has read Brooks' "The Mythical Man-Penis" will tell you that more penises != more semen. Not always, anyway. And I think that this especially applies to open source orgys where fags are often sucking their penis in different countries, if not different continents. I'm sure the openpenis team spends a hell of a lot of time just getting together and sucking penis, shoving their penises up each other's asses, etc. During this time the core KPenis developers can be banging away at their penises making more semen.

So it's not hopeless, even the smallest penis can change the course of the future :)

Am I the only one who has a problem with this? (3, Interesting)

wowbagger (69688) | more than 12 years ago | (#3175509)

OK, let me see if I correctly understand P3P.

  1. I give my browser all sorts of information about me, some of which I don't want distributed widely
  2. I then trust the remote web site to correctly identify what they are asking for, and that they will use the data in the way the P3P data says it will be used.


So, if I trust the web site to correctly implement their privacy policy, why don't I trust them with my data?

If I don't trust them with my data, why do I trust them to correctly implement a privacy policy?

In fact, this is one of the few real uses for a Cue-Cat I can think of- have your credit card numbers et. al. printed out on a barcode chart next to your computer. You see the pretty shiny thing you want on the web site, they want your credit card number, you scan the paper. I DEFY any 1337 haxor to get that by ownxoring my machine - I have to scan it.

Re:Am I the only one who has a problem with this? (1)

Account 10 (565119) | more than 12 years ago | (#3175533)

OK, let me see if I correctly understand P3P.

1. I give my browser all sorts of information about me, some of which I don't want distributed widely


No, you don't understand it at all. P3P is a way for a site to tell you and your browser, in a standard way, what the site's privacy policy is. No informtion goes from you to the site.

Re:Am I the only one who has a problem with this? (1)

Sloppy (14984) | more than 12 years ago | (#3175549)

In fact, this is one of the few real uses for a Cue-Cat I can think of- have your credit card numbers et. al. printed out on a barcode chart next to your computer. You see the pretty shiny thing you want on the web site, they want your credit card number, you scan the paper.

Holy Toledo! This is big.

Re:Am I the only one who has a problem with this? (1)

mewsenews (251487) | more than 12 years ago | (#3175710)

uhhh, i could own your box, then compromise your scanning software to copy the number somewhere which i could access later.

..... reminds me of programmers relying on hardware locks because "noone can copy a hardware device easily!!" .. they're right, but someone can certainly compromise the software which checks for the hardware.

interessting (-1, Troll)

corps_inc (564368) | more than 12 years ago | (#3175535)

at least 3:08 hours passed sincethis was posted. result is 180 trolling comments. including mine

isn't freebsd sophisticated? well i gues linux rocks

The only cookie solution (2, Interesting)

jmd! (111669) | more than 12 years ago | (#3175568)

The only reliable cookie solution is already here. No changes are required server-side, and you just need a competent browser like Mozilla client side.

First, disable third-party cookies. Then, weekly, or whenever you're bored, go in to cookie manager, check 'do not reaccept deleted cookies', and delete all the cookies for the sites where you do not need them (login info, valuable preferences, etc). Eventually, you'll end up with a block list that rejects all the bogus cookies of the sites you visit, and you never had to bother with dialogs per cookie, or sites not working because of cookie prefs.

God is an Iron (2, Funny)

poena.dare (306891) | more than 12 years ago | (#3175587)

I find it ironic that W3C's website isn't fully compliant:

http://validator.w3.org/p3p/20020128/p3p.pl?uri= ht tp%3A%2F%2Fwww.w3.org

But, at least they're trying. ;)

I remember setting up P3P (0)

Anonymous Coward | more than 12 years ago | (#3175620)

I remember having MSIE denying cookies with some security settings unless P3P was setup on my site...

So I copied all the P3P files from some other site and it worked fine!

Of course, it was all completely bogus information... and that's the point. It adds a whole level of complexity and hassle of setting it up, and the user still has no idea if all the info is real or bogus. What a waste of time. Thanks again, Microsoft. You SUCK at setting standards.

Stop bombarding me with cookies (2)

alanjstr (131045) | more than 12 years ago | (#3175676)

I'm so sick of being bombarded with third-party persistent cookies. Damn right I want to maintain my privacy. Ok, so if their privacy statement fully notifies me they're going to put a thousand cookies on my machine its alright? Uh, no.

You don't need my home address (2, Insightful)

Skapare (16644) | more than 12 years ago | (#3175729)

You don't need my home address, unless I am asking you to send something to my home address. You have no valid need or purpose for that information.

The real problem here is not the complexity of protocols to match privacy policies with privacy preferences, but instead is the fact that so many businesses are just too fucking nosy!. Now I know that those people in suits in the fancy shmancy corporate offices do tend to be idiots most of the time, but this spying on people has got to be stopped. What is wrong with those people that makes them so fucking sick that they need to be spying on everyone so much?

I find it interesting to note that quite a number of the dot-coms that went into business to spy on people were the ones that failed. But that's only a marginal level of significance. Many others, like doubleclick (which I block at my proxy server), still exist, and need to be taken out by any legal means (I'm doing my part by cutting out their level of hits, even when that means slashdot won't get the ad revenues).

Read the links (0)

Anonymous Coward | more than 12 years ago | (#3175803)

I strongly recommend that everyone read the material linked to in the original article, especially the EPIC commentary.

After reading it, I have to admit I have no clue as to why any user would want to use P3P in the first place. OK, I decide I only want to give out my address to have something shipped to me. So all P3P does is tell me when a site is about to ask me for that information--it does not automagically hand that information over to the site. If I don't want the information given out, I won't give it out. I don't need a preconfigured software nanny to remind me that I decided not to provide certain pieces of information.

Am I missing something here? This really seems like a lot of complexity and overhead for no benefit to anyone.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...