||Help! IE6 Is Blocking My Cookies|
|Subject:||P3P is poorly conceived.|
The W3C is clearly hopelessly out of touch with the development community at large. All we see out of them are larger, more complex recommendations with little viable adoption enforcement. P3P differs from most of the standrds in that it coincides with the major Internet players' concerns about being perceived as trustworthy. So now the big browsers have adopted it and we're all forced to live with its shortcomings.
Do Ms. Cranor and her cohorts really believe they can create a lexicon as expressive and nuanced as the human language? P3P in Compact and Full Policies will need to be if it is to be regarded as a legally biunding contract. Unfortunately, the specification does not provide a vocabulary rich enough to allow site owners to adequately express their data-collection intentions.
What's more, P3P is interpreted by an user-agent, and the accuracy of that interpretation is not easily verified by user or, in some cases, site-owner. What if the latest milestone release of Mozilla has a bug, and interprets policies incorrectly? Who benefits from that?
How does a user know that a site owner abides by the assertions made in the P3P policy, if they can even decipher the policy as expressed by the user-agent?
The single greatest problem with P3P is that, like so many ideas of its ilk, it presumes to think for the user. Was there really anything wrong with putting a human-language policy statement on a site, and leaving users to protect themselves by reading and understanding it? They certainly don't understand P3P better, and they don't understand the problems they have transacting business or gathering information on the Web when P3P impedes them. It is not a user's job to know what a Web developers knows. P3P is a solution for the populace that just isn't populist.