Homework 6 - due October 7, 2004
Reading Assignment: Cranor - 5, 6 (p. 104-109 optional), 7, 11, Millett
paper (Optional: Cranor 12)
1. (30 points, 4 for each summary, 2 for each highlight) Write a short summary of each chapter and article in the reading
assignment (2-5 sentences each). After each summary (in a separate
paragraph) provide a "highlight" for that chapter. This can be
something new you learned that you found particularly interesting, a
point you would like to discuss further in class, a question the
chapter did not fully answer, something you found confusing, a point
you disagree with, or anything else you found noteworthy.
2. (40 points) Download and try at least two P3P user agents (for example, Privacy
Bird, IE6, Netscape 7 -- see http://www.w3.org/P3P/implementations
for other choices, but don't review P3P-related software that is not a user agent). Then answer the following:
- (a) (20 points) What are the similarities and differences
between the two user agents? (List at least 2 similarities, and
at least 2 differences.)
- (b) (20 points) What particular features of each did you like or dislike and why? (Discuss at least 2 features of each of the two user agents.)
Note: You may need to find a Windows machine to complete this question as some P3P user agents only run under Windows.
3. (30 points) In homework 4, you each picked an industry or type of web site and read three privacy policies. As it turns out, some of the sites
you picked were P3P-enabled but some were not. Go back to the three sites whose privacy policies you looked at and do the following:
- (a) (12 points) For EACH of the three sites, use the W3C P3P validator to answer these questions:
- (i) Is the site fully P3P-enabled, partially P3P-enabled (has some but not all
required P3P files, has errors in P3P files, has compact policy but
not a full policy, etc. - if the site is partially P3P-enabled, explain), or not P3P-enabled at all?
- (ii) Does the site have a compact P3P policy?
- (iii) If the site is P3P-enabled, how many P3P policies does it have?
- (b) (18 points) If one of the sites you looked at is fully or
partially P3P enabled, compare the P3P policy with the site's
human-readable policy. (If more than one site is P3P enabled, just
answer these questions:
not captured at all by the P3P policy?
- (iii) Are any of these elements you identified in part ii items that are supposed to
be encoded in a P3P policy (that is, did the site make an error, or
are they limited by the P3P syntax)?