Microsoft: Google Bypasses Privacy Settings in Internet Explorer, Too
Last Friday, a Wall Street Journal report revealed that Google and some advertising companies had been circumventing privacy settings in order to follow users browsing through the Safari browsing on the iPhone and on the Web. Now, Microsoft has said that Google is working around the privacy settings on its browser, Internet Explorer, as well.
In a blog post written by Dean Hachamovitch, Microsoft’s corporate vice president for Internet Explorer, the software giant alleges that Google is using similar methods — though the actual bypass mechanism is different — to get around default privacy protections in Internet Explorer and track IE users with cookies.
By default, Microsoft says, Internet Explorer blocks third-party cookies, unless the site presents a “P3P Compact Policy Statement” indicating how the site will use the cookie and that ultimately the site won’t track the users.
“Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies … By sending this text, Google bypasses the cookie protection and enables its third-party cookies to be allowed rather than blocked,” the post reads.
Microsoft said it has contacted Google and asked them to commit to Microsoft’s standard privacy settings for browser users.
In the post, Microsoft also offered a Tracking Protection List that Internet Explorer 9 users can add as a protection, “in the event that Google continues this practice.”
Google has responded by saying that Microsoft has omitted important information in its blog post.
“Microsoft uses a ‘self-declaration’ protocol (P3P) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form,” Google’s statement reads. “It is well known — including by Microsoft — that it is impractical to comply with Microsoft’s request while providing modern web functionality. We have been open about our approach, as have many other websites.”
Google went on to point out that in 2010, a research report from Carnegie Mellon University found that more than 11,000 of 33,139 Web sites were not issuing valid P3P policies as requested by Microsoft.
“Today the Microsoft policy is widely non-operational,” Google said.
The Wall Street Journal reported Google’s bypass of Safari’s privacy settings late last week, and after being contacted by the Journal, Google disabled the code that had allowed it to track Safari users. Three U.S. lawmakers have since called on the FTC to investigate the search giant over the privacy gaffe.
(Photo courtesy of Flickr/Si1very)