Google bypassed IE privacy too: Microsoft

In the wake of reports that Google had sidestepped privacy settings in Safari, Microsoft has announced that it has discovered the web giant had done the same with Internet Explorer.

Last week, the Wall Street Journal said that the search giant and other ad companies used special code to get around Safari's privacy controls in order to track users on computers and mobile devices. Google said that the Journal had mischaracterised what was happening and released statements on the matter:

Unlike other major browsers, Apple's Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as 'Like' buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalised ads and other content — such as the ability to '+1' things that interest them.

To enable these features, Google said it had to create a temporary link between its own servers and Safari. But Apple's browser had certain functionality that allowed other Google advertising cookies to be generated. Google added that it didn't expect this to happen, and the company has started removing the cookies in question from Safari browsers.

Microsoft had denounced Google for the bypass. It decided to have a look at its own browser, and said that Google was doing the same thing to IE as it was to Safari.

"When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too?" IE executive Dean Hachamovitch wrote in a blog post. "We've discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies."

The blog post, which details Microsoft's findings and offers privacy protection tips, said it has contacted Google about its concerns and asked it to "commit to honouring P3P privacy settings for users of all browsers".

Google representatives did not immediately respond to requests for comment.

In the blog post, Hachamovitch explained how the bypass occurs:

Technically, Google utilises a nuance in the P3P specification that has the effect of bypassing user preferences about cookies. The P3P specification (in an attempt to leave room for future advances in privacy policies) states that browsers should ignore any undefined policies they encounter. Google sends a P3P policy that fails to inform the browser about Google's use of cookies and user information. Google's P3P policy is actually a statement that it is not a P3P policy.

P3P, or Platform for Privacy Preferences, is an official recommendation of the World Wide Web Consortium that sites use to summarise their privacy policies. However, the recommendation has been largely ignored in the past decade since introduction a decade ago with many major websites such as Google.com, Apple.com, CNN.com and Twitter.com opting not to use it to describe their policies.

Hachamovitch also took the opportunity to point out that IE users have access to a Tracking Protection List that it says prevents the P3P bypass. Additionally, he said Microsoft is "investigating what additional changes to make to our products. The P3P specification says that browsers should ignore unknown tokens. Privacy advocates involved in the original specification have recently suggested that IE ignore the specification and block cookies with unrecognised tokens".

Via CNET

Via CNET News.com



Add Your Comment

Avatar
 

Be the first to comment on this story!


Post comment as


Sponsored Links

Recently Viewed Products