Facebook response header link

Links show up in the most surprising places, finding one in the response headers of Facebook pages is not something the average user will trip over.

A Facebook link embedded deep deep undercover

Peeking into the headers of Facebook pages when requesting them in a browser shows, when using HTTPfox in a Firefox browser, that there is a P3P policy message present (and not a proper policy). Following the link found on Facebook page headers (link below) the following message is found:

A peek into Facebook header valuesThe organization that established P3P, the World Wide Web Consortium, suspended its work on this standard several years ago because most modern web browsers do not fully support P3P.

As a result, the P3P standard is now out of date and does not reflect technologies that are currently in use on the web, so most websites currently do not have P3P policies.

While being spot on with browsers not supporting P3P, it's worth noting that only MS Internet Explorer ever had it working.

The promise of P3P was that it enabled websites to express their privacy practices in a standard format that could be retrieved automatically and interpreted easily by user agents. However since the browser industry apparently didn't implement it for several reasons it is yet another fading technology on the internet.

Increasing your privacy

For the average user this means that other means of securing their privacy needs to be enabled, solutions such as using a Privoxy proxy might work. Or using plugins such as Noscript, Better Privacy, or Adblock Plus. Because just like P3P the new initiative DNT (Do Not Track) will most likely fade out as it isn't user driven, and sites can choose to ignore it completely.

In the end users are left with securing their own privacy despite the claim from sites that state "we work hard to give you control over the information you share and provide you information about how we collect and use your data". User driven privacy control puts you in the driver's seat.

Sending a message in a place very few users will ever look is a bit odd, but it points out the Facebook standpoint on P3P privacy policy very clearly.

As a minority of websites have a clear working P3P policy, and a large portion of the internet user audience do not have a P3P enabled browser, end users should ensure their privacy by using browser enabled privacy security.

External link:

Better Privacy browser plugin