12 IEEE INTELLIGENT  SYSTEMS Onepage.com offers a service for display-
ing all of your favorite shopping and news
Web sites into a single consolidated page.
Once you buy books or music at Amazon.
com, it recommends titles related to your
past purchases when you open the site.
As Jakob Nielsen points out in one of his
columns at www.useit.com/alertbox/
981004.html, “Personalization works if the
user gets something useful out of a site
immediately—they don’t want to spend
time setting up complex personalization
features.” If the user does not fill out com-
plex forms to set up personalization fea-
tures, a personalized Web site must track
the user’s information every time he or she
visits the site. So how can we trust a Web
site to maintain a privacy policy that we feel
comfortable with? What are the tools at our
disposal for protecting our privacy on the
Internet, while letting us enjoy the conve-
nience of a personalized user interface? Seals of approval      Some Web sites publish a privacy state-
ment and make it available on every page of
the site (see www.truste.org/webpublishers/
pub_modelprivacystatement.html for an
example). The statement can specify what
information is stored in the site’s persistent
database, how the Web site uses that infor-
mation, and what kind of personal or aggre-
gate information the site shares with third
parties such as advertising companies and
business affiliates.      Some Web sites display a seal of approval
from watchdog organizations such as Truste
(www.truste.org) or the Better Business
Bureau (www.bbbonline.org/businesses/ privacy/index.htm). The seal means that an
independent nonprofit organization has
reviewed and approved the Web site’s pri-
vacy policy. But what happens if the com-
pany changes its policy or merges with
another company? The contract between the
Web site and the watchdog organization
might be terminated, but not much more will
happen. Your private information might
become an asset to some other company.      A seal of approval is just the first step
toward protecting privacy, but it doesn’t
answer many other subtle questions: Are
there any enforcement mechanisms? How
can we verify a Web site’s privacy state-
ment? How are customer complaints
resolved? Perhaps rules and regulations
could help. The Federal Trade Commission
and the US Congress are currently consid-
ering ways to self-regulate the Web and
protect privacy online. For example, begin-
ning 21 April 2000, it’s against the law for
commercial Web sites to collect personal
information from children under 13 years
old without parental consent. (See www.
infoworld.com/articles/ic/xml/00/04/20/
000420ickids.xml for more information.) A platform for privacy preferences      Reading a privacy statement’s legal fine
print is tedious and inconvenient. Who has
time for that? Wouldn’t it be great if we
could store our privacy preferences in a
Web browser, and the Web browser could
automatically warn us when we visit a Web
site whose privacy policy does not match
our expectations? The Platform for Privacy
Preferences (P3P), which the World Wide
Web Consortium is considering, provides a technical means for ensuring that users will
be informed about privacy policies before
they release personal information (www.
w3.org/P3P). The platform is a simple
mechanism that extends version 1.1 of the
Hypertext Transfer Protocol between the
Web browser and the Web server. When a
Web browser issues a request to get a cer-
tain document (such as the fictional shop-
ping_cart.html) from a Web site (for exam-
ple, www.shopping_mall.com), the Web
server response contains a header that spec-
ifies the location of the Web site’s machine-
readable privacy policy (such as www.
shopping_mall.com/P3P/PolicyReferences.
xml). The response header coming from the
Web server would look something like this: HTTP/1.1 200 OK
Opt: “http://www.w3.org/2000/       P3Pv1”; ns=11
11-PolicyRef: http://www.       shopping_mall.com/P3P/
      PolicyReferences.xml
Content-Type: text/html
Content-Length: 7413
<HTML>
...
</HTML> This technique requires both the Web browser and the Web server to be compli-
ant with the HTTP 1.1 extension. As an
alternative, the HTML document might
contain a hyperlink to the policy statement,
as follows: <HTML>
...
<link rel=“P3Pv1”  href=“http://www.       shopping_mall.com/P3P/
      PolicyReferences.xml”>
...
</HTML> This second alternative does not require the Web server to understand the novel
HTTP extension, but it does require the Privacy versus
convenience Many Internet companies offer personalization services; for example, Yodlee.com provides access to all of its user’s
personal accounts across the Web with a single click (includ-
ing e-mail, banking, credit card, investment, and news).          By Giovanni Flammia
gflammia@alum.mit.edu I    N    T    E    R    N    E    T         S    E    R    V    I    C    E    S