Building the Platform for Privacy Preferences (P3P) Agent for Mozilla Firefox
While the Internet users are surfing the websites, especially the ecommerce ones, their private information like demographic information or shopping habits, etc. may be collected by those websites without the users’ awareness. Some ...
While the Internet users are surfing the websites, especially the ecommerce ones, their private information like demographic information or shopping habits, etc. may be collected by those websites without the users’ awareness. Some websites make their privacy policy available for the visitors; however those policies are usually either not easy to locate in the website or composed in legal document style which is long and difficult to read and understand. The World Wide Web Consortium (W3C) has developed the Platform for Privacy Preferences (P3P)[1] to help both websites and users have a convenience way to exchange information about privacy policies and preferences. P3P provides the standard for the website to express its privacy practices, for the web browser to read and understand the privacy practices of the website and take the appropriate actions when comparing those practices with the users’ privacy preferences. P3P is widely adopted by the industries in their products[7,9,18], for example, Yahoo website, Microsoft Internet Explorer web browser. Mozilla Firefox[21], the second most popular web browser, had P3P support in its first few versions. However in recent releases of Firefox, there is no P3P support which leads to the demanding of adding this function to the browser.
Fortunately, Firefox allows the developers to build the additional components called add-on or plug-in to extend the functionality of the browser[15]. In this paper, I will develop the add-on P3P agent for the current version of Mozilla Firefox (3.0.*) following the specification suggested by W3C. The P3P agent will translate the privacy policies of the website and display the summary for the users then enable the user take appropriate actions with the website by choosing to accept, accept for the current session or permanently block the website’s cookies.
I hope that by doing this paper I will have opportunity to deeply understand about P3P, its applications in real world, and the research directions on P3P that the research community is working on. By developing the P3P agent, I will have chance to gain the hand on experience of implementing P3P at both client side and server side.
Also, I hope that the add-on P3P support for Mozilla Firefox will be the interesting and useful feature for others since it will help them know what private information the websites which they are visiting will collect and use and allow them to decide to give their private data or not.
The rest of the paper is organized as follows. Section 2 provides some background about P3P and Mozilla Firefox web browser. The design and experiment implementation of the add-on P3P agent are presented in Section 3. Section 4 describes the evaluation of the P3P agent. Some related works is presented in Section 5. Section 6 describes the conclusion and the future work of the P3P agent.
Platform for Privacy Preferences (P3P)
P3P has been developed by W3C with the goal to create an effective protocol for websites and its users to exchange information about privacy practices and preferences. Basically, P3P provides a standard for websites to present their privacy policies in machine-readable format which can be retrieve and analyze by software programs. At the users’ side, P3P provides a software program called P3P agent which can help users express their privacy preferences. P3P agent automatically fetches privacy policies presented in P3P format, analyzes and compare those policies with users’ preferences and help users take appropriate actions, for example, block the cookies from the website that collects physical information. Also, P3P agent translates and displays these policies in human-readable format to the users.
An example of an English privacy policy and its appropriate P3P policy
P3P provides a standard vocabulary and a base data schema for the website operators to describe their privacy data practices and kinds of information they will collect. A website’s P3P privacy policy is presented in XML format including the combination of vocabulary and data elements. Usually, a P3P policy includes general assertions which apply for the whole policy and the data specific assertions that apply for the specific types of data. An example of a privacy policy in English language and its appropriate P3P policy from is described in Figure 1.
P3P policies are stored in the web servers and can be retrieved by P3P agent via HTTP protocol in one of three following ways:
- well-known location: /w3c/p3p.xml
- P3P header in HTTP response
- <LINK> tag in HTTP document
A website may have one policy for the whole website or several policies, each policy for a specific part of the website. In case the website has multiple policies applying for its different parts, the P3P reference file will be used to specify which policy file will be apply to which URI. The P3P agent can fetch the P3P reference file by using one of three methods mentioned above then analyze the reference file and continue to fetch the appropriate policy file that applies to a specific URI.
The website may implement the optional P3P compact policy that applies for cookies by translating the P3P policy into compact policy vocabulary that can be embedded into the CP header in the HTTP response from the web server to the web browser.
In case the website serves the third-party content, for example, ad banners, the P3P reference file should include the information for P3P agent to look for the P3P policy files of that content via <HINT> tag.
Mozilla Firefox Web Browser
Mozilla Firefox is a free and open source software web browser developed by the Mozilla Corporation and is considered as the second most popular web browser
Firefox enables the developers to create the extensions’ graphical user interfaces in XML User Interface Language (XUL) and use JavaScript programming language to add the program logics to the extensions[15]. In addition, the extensions are cross-platform applications which means once developed and packaged the extensions can run on Firefox in many operating systems like Windows, Linux or Mac without changing the code. There are thousands of extensions and plug-ins available in Mozilla’s website developed by the open source software community.
Firefox has P3P supported in its first few versions; however the current version (3.0.*), there is no P3P support.
Like a typical browser extension, P3P agent is developed with the Firefox enabled technology like XUL for graphical user interface, JavaScript for program logics and DOM for document handling. Whenever the user requests for a web page from Firefox, P3P agent will check if that website supports P3P. If the website has P3P enabled, P3P agent will fetch the policy files and then parsing them for translating into human-readable format. If the user make a request to see the website privacy policy, P3P will display the translated version of the P3P policy to the user and at the same time, it provides the users with the options of handling website’ cookies. Details about the design of P3P agent function are described as follows.
Fetching P3P policy file
As mentioned above, there are three ways to fetch the P3P policy file in XML format from a web server that support P3P: the well-known location /w3c/p3p.xml, P3P header in HTML response, and <LINK> tag in the HTML document. Some websites have multiple policies applying to different URIs. In that case, web server uses the P3P policy reference file to specify which policy is applied to which URI. The P3P policy reference file can be fetched by one of three methods above. P3P agent uses XMLHttpRequest object to fetch remote XML files. In theory, XMLHttpRequest can be used in all three methods; however, to make it simple, P3P agent only uses the well-known location method. The process of fetching policy file is described in the following steps:
- Fetch the p3p.xml file at the well-known location of the web server using XMLHttpRequest: If the return status code is 200, success, P3P agent will get the XML document from responseXML property of XMLHttpRequest and then parse the XML document to see if it is the policy file or policy reference file. If the XML document is the policy file, P3P will move to the next phase: translating the P3P policy. If the XML document is the reference file, P3P will take one more step to fetch the P3P policy file.
- Fetch the P3P policy file: P3P agent will read the attribute about of the <POLICY-REF> tag and compare the current URI with the URI mentioned in the <INCLUDE> tag of <POLICY-REF>. If the current URI matches with the URI in the <INCLUDE> tag, P3P agent will use XMLHttpRequest to fetch the P3P policy file which is stored at about. If the XMLHttpRequest get the status code 200, the XML document from responseXML property will be used for the next working phase of P3P agent.
Translating P3P policy
To make it simple for processing the P3P policy file, P3P agents assumes that all the P3P policy files are well formed and valid XML documents. P3P agent parses the P3P policy file in XML format and generates the plain English for the appropriate P3P vocabulary based on the translation recommendation of W3C. A sample translation is described in the Figure 2.
Sample translation from P3P policy into plain English
The translated version of P3P policy will be structured in HTML format and displayed to the users when requested. The users can investigate the privacy policy of the website they are visiting to see if there is something mismatches with their privacy preferences. As recommended by W3C, the P3P agent allows the user to store and print the P3P policy and its translated version for later reference.
Handling cookies
Many website collects the private information from their users by using cookies. For example, an ecommerce website can track the shopping habits of its users by storing the cookies to the user’s web browser the data about each merchandise that the user views. Later when the user visits that website again, his/her browser will send the cookies with the data about the merchandises that the user is interested in to the server. The sever can base on this information to display only goods that may interest the users and hope that s/he will purchase something.
One of the effective ways to prevent websites from collecting private information is to block the cookies from these websites. While displaying the website privacy policy to the users, P3P agent allows users to choose one of three options to handle the cookies from that website:
- Allow: User may choose this option if there is no conflict between website’s privacy policy and user’s privacy preference.
- Allow for this session only: User may choose this option if the website cannot work without cookies. Firefox will allow the website to store cookies but those cookies will be deleted after the user move to another website or close the browser.
- Block: User may choose this option if there is conflict between website’s privacy policy and user’s privacy preference. For example, if the website wants to collect health information from its users but the user does not want his/her health information viewed by anyone except the user and his/her doctors.
To enable this function, P3P agent makes use of Firefox’s cookies handling ability. Firefox uses SQLite database to store information about websites and their cookies. There is a SQLite database named permissions.sqlite that includes a table named moz_hosts with four fields (id, host, type, permission) where id is the identification field, host field will store the URI, type field store information about what type exeptions, in our case, type is always ‘cookie’, permission field store what kind of permission: 1 means Allow, 8 means Allow for this session only, 2 means Block. P3P agent will get the information about user’s decision on cookie handling then insert a new record or update the existing record in moz_hosts table.
Experiment Implementation
After being installed into Firefox, P3P agent creates a toolbar button, a pop-up menu item and a menu item under Tool menu of Firefox (Figure 3). User can access to P3P agent by clicking on one of those GUI elements.
P3P agent GUI elements
To display the translated version of P3P policy, P3P agent opens a pop-up window when requested (Figure 4). From this pop-up window, users can save and print out the website privacy policy for later reference. User can also, choose one of three options about handling cookies of the website when comparing their privacy preferences and website privacy policy.
Privacy Policy Window
Due the time limitation, I could not optimize the P3P agent, so it is used mainly for proof of concept. In this section, the paper presents the evaluation of P3P agent’s functionality as described in Section 3: fetching and parsing P3P policy/reference files from the web server, translating and displaying the privacy policy to the users in plain English, and helping users take appropriate action in handling site cookies.
P3P is tested with the websites supporting P3P provided by Privacy Finder
There are several projects about P3P agents. The most commonly known one is Privacy Bird[6] which can translate the P3P policy into the human-readable format and display the result to the users and provides the users with a handy GUI to create their privacy preferences that can be compare with the website privacy policy. However, Privacy Bird only works with Internet Explorer. From version 6 of Internet Explorer, Microsoft provide the browser with P3P support[23] which translates and display the P3P policy in plain English, it also provide ability of users to make decision on handling the website cookies. Fahd Arshad developed the JavaScript based P3P agent for Firefox version 0.99 and 1.0 call Privacy Fox[5]. Privacy fox can translate and display the P3P policy in plain English. Unfortunately, there has been no update version of Privacy Fox that lead to the lack of P3P support for Firefox users. Another work on Firefox related to P3P is FoxBeacon[13] that read the P3P compact policy to inform user about the potential web bugs. P3P resource centre of the Joint Research Centre[22] provides P3P solution as the middleware and it also provides many tools for implementing P3P.
This paper presented the design and experiment implementation of the add-on P3P agent for Mozilla Firefox web browser. The P3P agent fills the gap of lacking P3P function for Firefox users. The paper also showed that the P3P agent worked well in fetching the P3P policy file, translating the policy into human-readable format and displaying the summary to the users as well as helping users to take the appropriate actions with the websites whose privacy policies do not match with users’ preferences.
In the future work, I would like to integrate A P3P Preference Exchange Language (APPEL), the complements to the standard P3P, into the agent to provide the users the ability to flexibly create their own privacy preferences. This requires the development of the APPEL engine to automatically match the users’ privacy preferences and the effective graphical user interface for users to edit their preferences. In addition, I would like to work more on handling third-party cookies of the website since sometime the website itself does not collect the privacy data of the users but the third-party cookies do. One of the methods to handle the third-party cookies is to look at the P3P compact policy of the third-party content and compare that policy with the privacy preferences of the users to help the users take the appropriate actions. Also, I would like to add to the P3P agent the function that can get as much information as possible from the policy files that are not well formed or not valid.
[1] World Wide Web Consortium. Platform for Privacy Preference (P3P) Project. http://www.w3c.org/p3p, accessed October 2008.
[2] Lorrie Faith Cranor. Web Privacy with P3P. O’Reilly & Associates, 2002.
[3] Lorrie Faith Cranor, Praveen Guduru and Manjula Arjula. User interface for privacy agents. ACM Transactions on Computer-Human Interaction (TOCHI), 2006.
[4] P3PToolbox. The P3P Implementation Guide. http://www.p3ptoolbox.org/guide/, accessed October 2008.
[5] Fahd Arshad. Privacy Fox – A JavaScript-based P3P Agent for Mozilla Firefox. http://privacyfox.mozdev.org/, accessed October 2008.
[6] AT&T and CMU Usable Privacy and Security Laboratory. Privacy Bird. http://www.privacybird.com, accessed October 2008.
[7] Serge Egelman, Lorrie Faith Cranor and Abdur Chowdhury. An Analysis of P3P-Enabled Website among Top-20 Search Results. Proceeding of the Eighth International Conference on Electronic Commerce, 2006
[8] Simon Byers, Lorrie Cranor, Dave Kormann, and Patrick McDaniel. Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine. Proceedings of the 2004 Workshop on Privacy Enhancing Technologies (PET2004), 2004.
[9] Lorrie Faith Cranor, Serge Egelman, Steve Sheng, Aleecia M. McDonald, and Abdur Chowdhury. P3P Deployment on Websites. To be published in Electronic Commerce Research and Applications, 2008.
[10] Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu. Implementing P3P using database technology. Proceeding of the 19th International Conference on Data Engineering, 2003.
[11] Pranam Kolari, Li Ding, Shashidhara G, Anupam Joshi, Tim Finin and Lalana Kagal. Enhancing Web Privacy Protection through Declarative Policies. Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’05), 2005.
[12] Ian K. Reay, Patricia Beatty, Scott Dick and James Miller. A Survey and Analysis of the P3P Protocol’s Agents, Adoption, Maintenance, and Future. IEEE Transaction on Dependable and Secure Computing, Vol. 4, No.2, 2007.
[13] Chaiyong Ragkhitwetsagul. FoxBeacon: Web Bug Detector Implementing P3P Compact Policy for Mozilla Firefox. http://www.cs.cmu.edu/~cragkhit/foxbeacon/, accessed October 2008.
[14] Hsu-Hui Lee and Mark Stamp. P3P privacy enhancing agent. Proceedings of the 3rd ACM workshop on Secure web services, 2006.
[15] Mozilla Developer Center. Firefox Extensions. http://developer.mozilla.org/en/Extensions, accessed October 2008.
[16] Mark S. Aekerman and Lorrie Cranor. Privacy Critics: UI Components to Safeguard Users' Privacy. ACM Press, 1999.
[17] Lorrie Faith Cranor, Manjula Arjula and Praveen Guduru. Use of a P3P User Agent by Early Adopters. Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, 2002.
[18] Patricia Beatty, Ian Reay, Scott Dick, and James Miller. P3P Adoption on E-Commerce Web sites: A Survey and Analysis. Internet Computing, IEEE, 2007.
[19] Rediger Grimm and Alexander Rossnagel. Can P3P Help to Protect Privacy Worldwide? Proceedings of the 2000 ACM workshops on Multimedia, 2000.
[20] Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant and Yirong Xu. An XPath-based preference language for P3P. Proceedings of the 12th international conference on World Wide Web, 2003.
[21] Mozilla Firefox. http://www.getfirefox.com. Accessed October 2008.
[22] P3P resource centre of the Joint Research Centre. http://p3p.jrc.it. Accessed October 2008.
[23] Privacy in Internet Explorer 6. http://msdn.microsoft.com/en-us/library/ms537343(VS.85).aspx. Accessed October 2008.
