P3P Policy

For Joomla! 1.5 Coding related discussions, please use: http://groups.google.com/group/joomla-dev-general
Forum rules
Please use the mailing list here: http://groups.google.com/group/joomla-dev-general rather than this forum.
User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1195
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

P3P Policy

Post by PhilTaylor-Prazgod » Tue Sep 26, 2006 12:43 am

I have a Question,

is there a valid technical reason for hard coding a default P3P Policy in the HTTP headers using the Joomla session ?
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
Surely the Privicy Policy of a Joomla Website should be up to the owner of the site to decide/configure

I am guessing this is in the code to help with the setting of cookies in IE - but should it really be a hard coded thing as every Joomla website *may* have a different privicy policy.

If there is a valid reason, please can we have documented in this thread what each of the policies mean?
http://www.oreillynet.com/mac/blog/2002/06/p3p_in_ie6_frustrating_failure.html#comment-38046 wrote:A P3P privacy policy is similar to a natural language privacy policy, in that it is a commitment from a web site. A web site that makes a false or misleading statement in a privacy policy or a P3P policy (or a P3P compact policy) risks legal action. No web master should post a P3P policy without consulting with people in their organization who are authorized to make policy decisions.

Also be aware that it is improper to post a P3P compact policy without also posting a full P3P policy. While you may be able to post just a compact policy to get around IE6 cookie blocking, this is not valid P3P and, again, might be considered a deceptive practice.

...

I am a co-author of the P3P specification and author of a forthcoming O'Reilly book called "Web Privacy with P3P" that should be out in August.


Further reading:
http://www.oreillynet.com/mac/blog/2002 ... ilure.html
http://news.com.com/2100-1023-268478.html?legacy=cnet
Last edited by PhilTaylor-Prazgod on Tue Sep 26, 2006 12:46 am, edited 1 time in total.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
eyezberg
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 25, 2005 5:48 pm
Location: Geneva mostly
Contact:

Re: P3P Policy

Post by eyezberg » Tue Sep 26, 2006 4:35 pm

Where did you ever see these?
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1195
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: P3P Policy

Post by PhilTaylor-Prazgod » Tue Sep 26, 2006 4:38 pm

Its in the HTTP headers.

C:\>curl -I http://127.0.0.1/Joomla.1.5.svn/index.php
HTTP/1.1 200 OK
Date: Tue, 26 Sep 2006 16:36:42 GMT
Server: Apache/2.0.58 (Win32) DAV/2 SVN/1.3.0 PHP/5.1.4
X-Powered-By: PHP/5.1.4
Set-Cookie: daf87e4bb5b9e1eb1c56abe138fedd7c=amdahj39sotu641or797e3uln1; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: mosvisitor=1
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 26 Sep 2006 16:36:42 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
generated by:
D:\Joomla.1.5.svn\libraries\joomla\environment\session.php (237)
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
Last edited by PhilTaylor-Prazgod on Tue Sep 26, 2006 4:44 pm, edited 1 time in total.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1195
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: P3P Policy

Post by PhilTaylor-Prazgod » Thu Sep 28, 2006 7:49 am

Would any of the Joomla Developers Care to comment Please ?
Last edited by PhilTaylor-Prazgod on Wed Oct 18, 2006 8:00 pm, edited 1 time in total.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
Eelke
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 192
Joined: Thu Jan 19, 2006 3:15 pm
Location: Bussum, NL
Contact:

Re: P3P Policy

Post by Eelke » Thu Sep 28, 2006 12:16 pm

Phil, first of all let me make clear I do think this is a very valid concern.

However, sorry to say, the way you bring forth this issue, I would myself not be jumping at the "chance" of commenting on this if I were a core developer. The first post has an atmosphere of accusation, and it may be my imagination, but the numerous question marks in your last post seem just a bit over the top, as if you're absolutely amazed that noone had the common sense to drop whatever they were doing and get right to the bottom of this.

Relax, give these guys some breathing space. If this hasn't at least been given some attention when the first beta comes along (assuming that's not tomorrow, because that will explain why core developers had no time to give attention to this), and/or it has been sitting here unattended for weeks, that's the time to start questioning people's priorities and using more than one question mark at the end of sentences ;) And even then, not doing those kinds of things will usually get you more goodwill.
Last edited by Eelke on Thu Sep 28, 2006 3:38 pm, edited 1 time in total.

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1195
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: P3P Policy

Post by PhilTaylor-Prazgod » Wed Oct 18, 2006 7:13 pm

Well the beta was released with this ine intact - so now many sites (or testing sites) are unknowingly legally bound to a privicy statement they both are not aware of and even dont understand.

This line of code has LEGAL implications, a privicy policy is an important statement.

Do not just dismiss this thread as Phil stirring trouble cause believe me I am not trying to - Skype.com had the same issue setting cookies, yet we were able to add a P3P policy that reflected the policy of the organisation and not one forced upon us by the developer of the software.

I am about to explain exactly what the P3P String means in human language. That way people know what Privacy policy they are declaring they follow.


[quote="http://marc.theaimsgroup.com/?l=www-p3p ... 115808&w=2"]
If someone is a third party cookiebakery and send's an "innocent" header
and the announced practice does not correspond to the followed practice,
the statement is wrong.

This might encounter all sorts of sanctions, especially in a european
context.

Also note, that in the disputes-element, there is space for "assurance
parties" like label-programs and data commissioners. In this context,
there might be also consequences in the relation to the assurance party
or the data commissioner, if the header made up is not corresponding to
the real practice.

....

Best,
--
Rigo Wenning            W3C/INRIA
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
http://www.w3.org/      F-06902 Sophia Antipolis[/quote]
Last edited by PhilTaylor-Prazgod on Wed Oct 18, 2006 8:02 pm, edited 1 time in total.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1195
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: P3P Policy

Post by PhilTaylor-Prazgod » Wed Oct 18, 2006 7:45 pm

So here we have:
NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM


NOI Web Site does not collected identified data.

ADM Information may be used for the technical support of the Web site and its computer system. Users cannot opt-in or opt-out of this usage

DEV Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users cannot opt-in or opt-out of this usage

PSAi Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Opt-in means prior consent must be provided by users.

COM Information about the computer system that the individual is using to access the network -- such as the IP number, domain name, browser type or operating system.

NAV Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.

OUR Ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.

OTRo Legal entities following different practices. Users may opt-out of the data being used for this purpose.

STP Information is retained to meet the stated purpose. This requires information to be discarded at the earliest time possible. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.

IND Information is retained for an indeterminate period of time. The absence of a retention policy would be reflected under this option. Where the recipient is a public fora, this is the appropriate retention policy.

DEM Data about an individual's characteristics -- such as gender, age, and income.





Even the statements contridict themselves as many as 3 times as far as I can see!

So if you are running a Joomla 1.5 website - you are delaring that the above is your privicy policy for your site/company.  And this can be legally used against you.

fantastic!
Last edited by PhilTaylor-Prazgod on Wed Oct 18, 2006 7:59 pm, edited 1 time in total.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11746
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: P3P Policy

Post by brian » Wed Oct 18, 2006 8:08 pm

Thanks for bringing tis to my attention earlier today Phil. I wasnt actualy aware of this and i agree with you to a pint that this is definitely something to look at more carefuly.

I havent actually heard of P3P before but reading up on it earlier (thanks for the links) it does sound both a very good thing for site owners to implement and someting that joomla should be promoting.

However as you rightly point out there are legal implications behind any site owner using a P3P policy and it should not be done lghtly.

Can I suggest the following:
1. The P3P implementation is documented on the dev blog and in the "new features report"
2. The P3P implementation is managed within Joomla! by a wizard (perhaps a check list) that clearly explains what each of the options means

As the blame for introducing the Generator metatag can be laid firmly at my door and is one of the most common questions on the forum "how can I remove it" I fully understand the implications of introducing something to everyones Joomla sites that cant be easily controlled without hacking core files.

I am not against the idea of P3P I just want to see it implemented in a way that site owners can easily control it and that it is not introduced silently to every site (learnt that mistake from the generator tag)

As someone who is online almost 20 hours a day and regularly registering at sites (each time with a trackable email address) I know that there are numerous sites that dont think twice about abusing my registration data. A P3P policy would give me the ammo to challenge them.

But for the majority of users the enforcement of legal terms and conditions secretly is not something that they would be happy about. (I cant imagine Al Gore (http://www.algore.org) would be too happy about it.) And for me it is kind of NON-open
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
eyezberg
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 25, 2005 5:48 pm
Location: Geneva mostly
Contact:

Re: P3P Policy

Post by eyezberg » Wed Oct 18, 2006 8:29 pm

Should indeed by configurable from admin.
But I don't really see how I could be [quote="PhilTaylor"]...unknowingly legally bound to a privicy statement they both are not aware of and even dont understand..[/quote]?
I haven't created it, I'm not aware of it being there, I don't understand it, it's not documented anywhere, so I really don't think any judgement would be rendered against me ever, don't you think?
Last edited by eyezberg on Wed Oct 18, 2006 8:31 pm, edited 1 time in total.
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11746
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: P3P Policy

Post by brian » Wed Oct 18, 2006 8:32 pm

I think you would be liable joe as you have installed the software and therefore implemented the P3P policy

Ignorance is no defence.

I'm sire that the core devs will come up with a config solution
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1195
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: P3P Policy

Post by PhilTaylor-Prazgod » Wed Oct 18, 2006 8:32 pm

Just because you dont know a law doesnt mean you cannot be punnished for breaking that law.

Ignorance never stands up in court, at least not under UK law.



EDIT: LOL Brian and I think alike :) and post at the same time.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
eyezberg
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 25, 2005 5:48 pm
Location: Geneva mostly
Contact:

Re: P3P Policy

Post by eyezberg » Wed Oct 18, 2006 8:50 pm

I know ignorance is no protection against a lawsuit, but you really think anyone is going to file a suit against anyone for this -and win? I'd just say, hey, these sneaky dev's hid that in there, haven't told me about it, so it's them to blame not me :)
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11746
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: P3P Policy

Post by brian » Wed Oct 18, 2006 8:56 pm

lets not get distracted by the legal issue that isnt really the main point.

what is the main point is that something like P3P is a relatively new concept and needs explanation as to its meaning and purpose AND we as users of Joomla! should have the ability to easily (ie not hack) ammend the P3P settings for our sites.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

mixed
Joomla! Intern
Joomla! Intern
Posts: 80
Joined: Fri Sep 02, 2005 7:50 am
Location: Sydney, Australia
Contact:

Re: P3P Policy

Post by mixed » Wed Oct 18, 2006 10:57 pm

As a lawyer that provides IT & Privacy advice - I think this is a really important issue.  I definitely think we will see law suits over this in future, once people start depending on P3P tags.

This should be a setting in the global configuration.php before Joomla! 1.5 comes out of beta - otherwise we'll have update nightmares having to ensure hacks to these core files for each client site with a different privacy policy don't get overwritten whenever we install a patch.

User avatar
Eelke
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 192
Joined: Thu Jan 19, 2006 3:15 pm
Location: Bussum, NL
Contact:

Re: P3P Policy

Post by Eelke » Thu Oct 19, 2006 6:47 am

Shouldn't this now simply be reported as an issue to the Q&T forums, as any other bug found in the beta?

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11746
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: P3P Policy

Post by brian » Thu Oct 19, 2006 6:51 am

it's a bit more fundamental than a bug imho
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
Eelke
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 192
Joined: Thu Jan 19, 2006 3:15 pm
Location: Bussum, NL
Contact:

Re: P3P Policy

Post by Eelke » Thu Oct 19, 2006 6:55 am

My only reasoning was that raising it as an issue through the normal channels would be a good idea to get the attention raised on it. Then again, I'm a newcomer here so maybe I don't understand the processes well enough. If opening a topic right here should normally be enough to "raise awareness", forget what I said.  :-[

mixed
Joomla! Intern
Joomla! Intern
Posts: 80
Joined: Fri Sep 02, 2005 7:50 am
Location: Sydney, Australia
Contact:

Re: P3P Policy

Post by mixed » Thu Oct 19, 2006 7:08 am

Eelke

Reporting it as a bug sounds like a good idea to me - I suspect it is just a piece of code that has slipped in without anyone having turned their mind to it.  I will toddle off and check whether it has already...

Andrew

diri
Joomla! Guru
Joomla! Guru
Posts: 702
Joined: Wed Sep 21, 2005 9:27 am
Location: Somewhere

Re: P3P Policy

Post by diri » Thu Oct 19, 2006 9:06 am

eyezberg wrote: I know ignorance is no protection against a lawsuit, but you really think anyone is going to file a suit against anyone for this -and win?
Yes, I do.

I could write the name of a german lawyer being famous for such things (i.e. successfull suing people for using the word "webspace" at the time it has been protected). Some time ago I had long discussions with him and I still must admit (even when I don't like it in such extend) - he works according laws.

User avatar
eyezberg
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 25, 2005 5:48 pm
Location: Geneva mostly
Contact:

Re: P3P Policy

Post by eyezberg » Thu Oct 19, 2006 5:16 pm

Coul you ask him what he'd answer to my objection that this code was placed there by someone else, without telling me, that I don't even understand what these abreviations all mean, proof is that I have my own policy up on the site, in clear words anyone can read and understand..?

It would be good to know why this was introduced and if a config for it is planned in stable before going all crazy about it..
Last edited by eyezberg on Thu Oct 19, 2006 5:19 pm, edited 1 time in total.
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com

diri
Joomla! Guru
Joomla! Guru
Posts: 702
Joined: Wed Sep 21, 2005 9:27 am
Location: Somewhere

Re: P3P Policy

Post by diri » Thu Oct 19, 2006 5:54 pm

I bet the answer is:
That's of no interest. YOU use the product. Therefore you are responsible.

Compare it with having a gun:
You are the owner. Therefore you are responsible when somebody is using it.

User avatar
eyezberg
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 25, 2005 5:48 pm
Location: Geneva mostly
Contact:

Re: P3P Policy

Post by eyezberg » Thu Oct 19, 2006 6:24 pm

diri wrote: ..
You are the owner. Therefore you are responsible when somebody is using it.
So I'm in no danger at all: OSM is the owner of Joomla, I'm just using it :)
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com

diri
Joomla! Guru
Joomla! Guru
Posts: 702
Joined: Wed Sep 21, 2005 9:27 am
Location: Somewhere

Re: P3P Policy

Post by diri » Fri Oct 20, 2006 6:02 am

Nope. OSM is manufacturer of the gun. In this case you are the owner of the gun (read: the site). You are responsible.

User avatar
eyezberg
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 25, 2005 5:48 pm
Location: Geneva mostly
Contact:

Re: P3P Policy

Post by eyezberg » Fri Oct 20, 2006 1:36 pm

:)
If I buy a gun I'd expected it to be empty.
If someone uses that gun to shoot someone because the manufacturer left a bullet in it, is it my fault just because now it is my gun? Even if I never bought the bullet and didn't load the gun?
:)
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com

diri
Joomla! Guru
Joomla! Guru
Posts: 702
Joined: Wed Sep 21, 2005 9:27 am
Location: Somewhere

Re: P3P Policy

Post by diri » Fri Oct 20, 2006 1:39 pm

Over here in Germany it is this way. It's your task when you put the cat into microwave heater - not the task of manufacturer of this machine.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11746
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: P3P Policy

Post by brian » Fri Oct 20, 2006 3:05 pm

but thanks to this thread you now know there is a bullet in the gun
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

diri
Joomla! Guru
Joomla! Guru
Posts: 702
Joined: Wed Sep 21, 2005 9:27 am
Location: Somewhere

Re: P3P Policy

Post by diri » Fri Oct 20, 2006 3:18 pm

ROFL

User avatar
eyezberg
Joomla! Hero
Joomla! Hero
Posts: 2860
Joined: Thu Aug 25, 2005 5:48 pm
Location: Geneva mostly
Contact:

Re: P3P Policy

Post by eyezberg » Fri Oct 20, 2006 3:22 pm

diri wrote: Over here in Germany it is this way. It's your task when you put the cat into microwave heater - not the task of manufacturer of this machine.
If there's no sticker warning me about this and I kill the cat, I can sue the manufacturer.. at least in the US :) Same as people suing McDonald because they got fat..

I think we have all argued enough to make our points, it's not really related to the topic anymore, right? So far, there has been no input about why this code was included, and why there's no config for settings, as far as I'm concerned, that's all that really matters now.
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11746
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: P3P Policy

Post by brian » Fri Oct 20, 2006 3:31 pm

agreed
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
ianmac
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4784
Joined: Sat Sep 24, 2005 11:01 pm
Location: Toronto, Canada

Re: P3P Policy

Post by ianmac » Fri Oct 20, 2006 8:40 pm

yeah...  doesn't really matter who's fault it is...  if some are aware enough to want to change the privacy policy, they should be able to do it using config options, not through hacking.  I don't imagine this would be too hard to accomplish - the bigger concern is adding it without cluttering, but we have good people on the project and it will be done well, I'm sure.

Ian


Locked

Return to “Joomla! 1.5 Coding”