Microsoft claims Google foils IE's privacy policies as well

By Lee Kaelin on February 21, 2012, 9:30 AM

Microsoft accused Google of bypassing privacy protections used in Internet Explorer yesterday, following on from a revelation last week that the Internet search giant was bypassing privacy settings in Apple's Safari browser to track users.

The news came to light after an investigation by the Wall Street Journal found evidence showing that even though Safari’s default privacy settings block cookies from third parties, Google was actively circumventing this and installed a cookie that helped them serve personalized ads.

In a post to the MSDN IEBlog yesterday, Dean Hachamovitch, Corporate VP of Internet Explorer has this to say in the wake of last week's news. “When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.”

“Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies,” Hachamovitch wrote. “Google's P3P policy is actually a statement that it is not a P3P policy. It's intended for humans to read even though P3P policies are designed for browsers to 'read'."

The P3P (Platform for Privacy Preferences Project) Compact Policy Statement indicates that the site will not use the cookie to track the user. Microsoft’s accusation is that Google is sending a string of text that tricks IE into thinking the cookie won’t be used for tracking purposes. “By sending this text, Google bypasses the cookie protection and enables its third-party cookies to be allowed rather than blocked,” he wrote.

Since the announcement by IE’s team, it has come to light that Google is not alone in these actions.  "Companies have discovered that they can lie in their [P3P Compact Privacy Statements] and nobody bothers to do anything about it," said Lorrie Cranor, an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University, in a blog post during the weekend. She commented that the problem is partly Microsoft’s fault as well, as companies have also discovered that due to a bug in IE, using an invalid privacy statement results in the browser not blocking the tracking cookies being used.

“Microsoft uses a 'self-declaration' protocol (known as 'P3P') dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form,” Google Senior vice president of Communications and Policy Rachel Whetstone said in a emailed statement to Ars Technica. “It is well known -- including by Microsoft -- that it is impractical to comply with Microsoft’s request while providing modern web functionality.”

Whetstone argues that Microsoft’s system is outdated and over-involved, and more crucially breaks web functionality such as the popular Facebook “like” button. He also claims that the Redmond-based software giant omitted important information from the blog post.

It is also worth pointing out that the 2010 research by Carnegie Mellon University found that Microsoft’s own msn.com and live.com were equally guilty of providing invalid P3P policy statements. The research paper even pointed out that “Microsoft's support website recommends the use of invalid CPs as a work-around for a problem in IE” that was being experienced at the time.




User Comments: 9

Got something to say? Post a comment
Guest said:

Lol! Maybe microsoft should scrap their failure of a browser called IE before claiming stuff like this is happening when I bet it isn't microsoft just want to cause a flame ware as usual!

Guest said:

What I want for MS is than they fix their silverlight pluging when you attach a file in hotmail in chrome or firefox. I think it shouldn't be rocket cience since it is a very simple feature.

Guest said:

too bad googles the only one in the spotlight for this kinda ****.

Vrmithrax Vrmithrax, TechSpot Paladin, said:

So, let's recap... Google does this for its "+1" functionality, which you have to actually click for any data to be stored. It was reported to Microsoft 2 years ago, and they did nothing about it until suddenly it's front page news... Oh, and the MS "fix" conveniently requires you to upgrade to IE9 if you want it. Sounds suspiciously like scare tactics to try to bolster browser market share (and consequently slam Google). Not that I'm saying it's right that Google does this, or that there is no problem. Just mighty interesting how a 2 year old issue suddenly became a hot topic.

And, coincidentally, Facebook's identical actions with the "like" button is not in the hot seat. Doesn't MS have a big chunk of capital invested in Facebook? Ah, but that probably has nothing to do with leaving them out of it... Probably...

Guest said:

Now what about Firefox?

Tygerstrike said:

No its just Bill Gates throwing a temper tantrum. Im betting he lost a little of his cash and is looking for some way to make more money. Its the spoiled ones who freak out if you pay attention to other ppl then them. Microsoft and IE are quickly being overshadowed by other products.

Guest said:

Its funny how people dont believe google is doing this stuff considering their new policy going into effect soon proves they have been tracking people all along . Just now you are giving the permission to do so. Way to go people!

jester376 said:

Tygerstrike said:

No its just Bill Gates throwing a temper tantrum. Im betting he lost a little of his cash and is looking for some way to make more money. Its the spoiled ones who freak out if you pay attention to other ppl then them. Microsoft and IE are quickly being overshadowed by other products.

Bill Gates retired quite some time ago, Microsoft is being run without right now. Don't get me wrong, I'm not defending the guy. But, don't slam people just because other people like to.

Guest said:

Im tired of google, facebook, android, apple, bing, to me there just waivers, disclaimers to take more of our prvacy away. Our phones are tracking devices, Our home computers are bieng catered through advertising on every google, bing search you do through third party cookies. Leave your e-mail open do a search for a convertible ford mustang on google.. Wow look at your spam in your e-mail inbox. How did they know you were looking for that convertible ford mustang .. Its all just a way to gather and collect information on us to cater there advertising for us to buy from them. I hope eventually We will get our rights back and all this spyware crap will go away.. If you dont like Microsoft don't use it, use linux or apple. I used to use google as a search engine, not anymore.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.