Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• All debugging messages are also not printed into a tab anymore but are rather<br />
written into the error console of Firefox.<br />
• Of course it is possible to enable or disable the debugging-mode and hence all<br />
debugging messages by using the corresponding preference in Firefox.<br />
• As everyday-users should not be bothered by too many options which are not relevant<br />
to them, the debugging mode has to be set directly by accessing the extensions.webprivacy.debugMode-preference<br />
using “about:config”, Firefoxs’ preference<br />
manager.<br />
• P3P policies cannot be fetched directly from the Internet anymore in Firefox 3.<br />
This was replaced by using an XML-HTTP-Request.<br />
• Domains with hyphens, numbers etc. can now be checked and IDNs 6 are also<br />
supported.<br />
Basically, Webprivacy builds on three parts of Privacyfox: Fetching the XML-file from<br />
the well-known location, checking if it is a reference file or a P3P policy and, more<br />
importantly, the parser which translates P3P XML-files into human-readable policies.<br />
All of these parts are relevant regarding P3P compliance, that is why they were also<br />
enhanced:<br />
• As already described, P3P defines four mechanisms to fetch P3P reference files<br />
and Privacyfox only supports the well-known location method. Webprivacy now<br />
also has rudimentary support for the other three options build in. Rudimentary<br />
because websites which use (X)HTML-links or even HTTP-Headers to provide<br />
P3P reference files could rarely be found, so in-depth testing of these features with<br />
“real-life” examples was not possible.<br />
• While testing all four mechanisms with as much websites as possible, the author<br />
found that a significant number of websites do not correctly implement them:<br />
Instead of “w3c/p3p.xml” some other path or filename is used, the P3P HTTP<br />
header is either not named correctly (“P3P”) or is invalid, (X-)HTML-link-tags<br />
are not named correctly and so on. This is a serious issue for P3P clients as they<br />
cannot guess where P3P reference-files can be found. Additionally, they are not<br />
allowed to change not well-formed XML-files if they still want to be P3P compliant.<br />
• According to the P3P standard, policies which include the “TEST”-element have<br />
to be considered not valid which Webprivacy now does.<br />
So although some of the critical issues regarding P3P compliance have been fixed by<br />
Webprivacy, there are still some issues which are not accounted for: Multiple policies<br />
in one file, P3P compliant check of the Expiry-element, checking all externally loaded<br />
files such as ads or flash-images and cookies and, more importantly: check if the website<br />
6 IDN - Internationalized Domain Name<br />
61