Extending P3P to Facilitate Proxies Which Pose as a Potential Threat to Privacy

  • Wesley Brandi
  • Martin S. Olivier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4083)


P3P allows Web sites to declare their intentions in a standard form (as a policy) in so far as privacy related matters are concerned. User agents are free to then examine P3P policies prior to engaging in normal interactions with a Web server (upon which the Web site is hosted). Unsuitable policies may result in no further interactions with the Web server. Since P3P was designed with only two parties in mind (the client and the server), the presence of a Web Proxy in the P3P framework raises privacy concerns that demand attention. What is immediately apparent is the problem of a user accessing a site with an acceptable P3P policy via a Proxy which may employ a privacy policy that is unacceptable to the user.

In this paper we discuss some of these problems within the context of a P3P environment. In discussing these problems we focus our attention on the identification of a Proxy within a P3P environment and the separation of a Proxy’s policy from the policy of a site being accessed through it.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Coyle, K.: P3P: Pretty Poor Privacy? A Social analysis of the Platform for Privacy Preferences (June 1999), available via the World Wide Web at:
  2. 2.
    Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, W3C Working Draft (2005)Google Scholar
  3. 3.
    Cranor, L., Reagle, J.: The Platform for Privacy Preferences. Communications of the ACM 4(2), 48–55 (1999)Google Scholar
  4. 4.
    Davidson, B.: A survey of Proxy cache evaluation techniques. In: Proceedings of the 4th International Web Caching Workshop (1999)Google Scholar
  5. 5.
    Day, J., Zimmermann, H.: The OSI Reference Model. Proceedings of the IEEE 71(12), 1334–1340 (1983)CrossRefGoogle Scholar
  6. 6.
    Demuth, T.: A Passive Attack on the Privacy of Web Users Using Standard Log Information. Privacy Enhancing Technologies, 179–193 (2002)Google Scholar
  7. 7.
    Felten, E., Schneide, M.: Timing Attacks on Web Privacy. In: ACM Conference on Computer and Communications Security (CCS) (2000)Google Scholar
  8. 8.
    Hochheiser, H.: The Platform for Privacy Preference as a Social Protocol: An Examination Within the US Policy Context. ACM Transactions on Internet Technology (TOIT) (2002)Google Scholar
  9. 9.
    Marchiori, M.: The HTTP header for the Platform for Privacy Preferences 1.0 (P3P1.0), Network Working Group, Internet-Draft (August 2002), available via the World Wide Web at:
  10. 10.
    Thibadeau, R.: A Critique of P3P: Privacy on the Web (August 2000), available via the World Wide Web at:

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Wesley Brandi
    • 1
  • Martin S. Olivier
    • 1
  1. 1.Information and Computer Security Architectures (ICSA) Research Group, Department of Computer ScienceUniversity of PretoriaPretoria

Personalised recommendations