Sign in with
Sign up | Sign in

Microsoft Accuses Google of Bypassing IE Privacy Settings

By - Source: MSDN | B 23 comments

Microsoft has accused Google of bypassing IE privacy settings but Google has defended its actions, calling IE's cookie technology "widely non-operational."

Late last week the Wall Street Journal made quite a splash when it accused Google of tracking Safari users' activities without their knowledge. This past weekend Dean Hachamovitch, corporate vice president for Internet Explorer at Microsoft, penned a blog post that claims Google also circumvented the privacy settings of IE users.

Hachomovitch says that by default, Internet Explorer blocks third-party cookies unless the site presents a P3P Compact Policy Statement that describes how the site will use the cookie and that it will not use it to track a user. P3P, an official recommendation of the World Wide Web Consortium, is a technology that all browsers and websites can support and sites use P3P to indicate how they intend to use cookies and user information. Hachomovitch says that by supporting P3P, browsers can block or allow cookies to honor user privacy preferences with respect to the site’s stated intentions. However, according to Microsoft, Google approaches things a bit different.

"Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies. The P3P specification (in an attempt to leave room for future advances in privacy policies) states that browsers should ignore any undefined policies they encounter. Google sends a P3P policy that fails to inform the browser about Google’s use of cookies and user information. Google’s P3P policy is actually a statement that it is not a P3P policy. It’s intended for humans to read even though P3P policies are designed for browsers to "read":

P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

Google has responded to Hachomovitch's lengthy post with its own statement that dubs Microsoft's P3P cookie technology "widely non-operational" and highlights the fact that it is not alone in its tactics to attempt to get around this technology. Google says that P3P didn’t have a huge impact when it was introduced in 2002 when P3P, but these days, it actually breaks cookie-based features, such as Facebook's 'Like' feature (incidentally, Facebook is another company that doesn't comply with P3P).

"Despite having been around for over a decade, P3P adoption has not taken off. It’s worth noting again that less than 12 percent of the more than 3,000 websites TRUSTe certifies have a P3P compact policy. The reality is that consumers don’t, by and large, use the P3P framework to make decisions about personal information disclosure," said Rachel Whetstone, Senior Vice President of Communications and Policy at Google. "A 2010 research paper by Carnegie Mellon found that 11,176 of 33,139 websites were not issuing valid P3P policies as requested by Microsoft. In the research paper, among the websites that were most frequently providing different code to that requested by Microsoft: Microsoft’s own live.com and msn.com websites.

What's more, Whetstone goes on to say that the reason all of these websites have decided against issuing valid P3P policies is because Microsoft said it was okay not to. Apparently that same Carnegie Mellon research paper from two years ago found that "Microsoft's support website recommends the use of invalid CPs (codes) as a work-around for a problem in IE."

Microsoft has yet to respond to Google's lengthy statement but Google seems pretty adamant that it's not doing anything wrong. Or at least, if it is, it's not alone. This is the second time in the space of a few weeks that Microsoft has targeted Google publicly over privacy issues. Earlier this month, the company highlighted Google's controversial changes to its privacy policy with an ad campaign in several of the country's biggest newspapers. Redmond encouraged users unhappy with Google's actions to jump ship and try competing Microsoft products such as IE and Hotmail.

Further Reading

Follow @JaneMcEntegart on Twitter for the latest news.                        

Discuss
Display all 23 comments.
This thread is closed for comments
  • 9 Hide
    jhansonxi , February 21, 2012 8:39 PM
  • 5 Hide
    chicofehr , February 21, 2012 8:55 PM
    2 problems here. Microsoft says its OK to bypass this stupid feature then goes out to attack Google for doing just that. More of a marketing pitch in my opinion. Next, Google defends itself when they are in the right as Microsoft said its OK. If they want to defend themselves, there are proper avenues to do this. They got lawyers for this exact reason. Makes for much more interesting news on Tom's.
  • -7 Hide
    Anonymous , February 21, 2012 9:26 PM
    Buaa Buaaa concentrate on other things Microsoft.
  • 2 Hide
    back_by_demand , February 21, 2012 9:33 PM
    chicofehr2 problems here. Microsoft says its OK to bypass this stupid feature then goes out to attack Google for doing just that. More of a marketing pitch in my opinion. Next, Google defends itself when they are in the right as Microsoft said its OK. If they want to defend themselves, there are proper avenues to do this. They got lawyers for this exact reason. Makes for much more interesting news on Tom's.

    So because Microsoft breaks privacy that makes it Ok for Google to do it as well?
    ...
    There's an old saying - two wrongs don't make a right - no-one should be tracking you without permission
  • 2 Hide
    K2N hater , February 21, 2012 10:15 PM
    We know neither play fair. How about the other 99% of the people who browse the internet daily?
  • 2 Hide
    blazorthon , February 21, 2012 11:11 PM
    "People seem to forget that Google isn't a search company that happens to sell advertising; it is an advertising company that happens to have a pretty good search engine.

    It doesn't matter if it's Google, Twitter, Yahoo, or The Atlantic. If you're using a service and you aren't paying for it, you're not the customer: you are the product. "

    As said by TheAnonymouse in the comments on the page linked by jhansonxi a few posts above me.

    Online privacy is a myth. Not that that's a good thing, it's really horrible, but we would be hard-pressed to change this. The hoops you need to jump through to be more or less truly private are ridiculous. Just as a start, get Firefox with No-Script and Add-Block, TOR and/or Advanced Onion Router, good firewall, and don't forget to set each thing up to be the most secure.

    Then you need to deal with performance degradation just to get that semblance of privacy. What we've come to in the online world is disgusting.

    There's also more that you can do, but you're faced with ever-increasing performance overhead. Of course, you could stick with basics like Firefox + No-Script+Add-Block and enjoy increased performance, but everything else is probably going to decrease performance.

    Any other ideas?
  • 0 Hide
    Camikazi , February 21, 2012 11:17 PM
    jhansonxiAnother view from the Atlantic Wire: It's Not Just Google: Everyone Tracks Everyone on the Internet

    Wait... people didn't know this? I figured out years ago that everyone will track everyone, it's human nature to want to know what others are doing and when you put that instinct combined with corporation sized power you get all this tracking and spying. I wonder how some people can stay so blind and think it doesn't happen at all.
  • -1 Hide
    Camikazi , February 21, 2012 11:19 PM
    back_by_demandSo because Microsoft breaks privacy that makes it Ok for Google to do it as well?...There's an old saying - two wrongs don't make a right - no-one should be tracking you without permission

    You live on the wrong world if you want no tracking without permission :p 
  • 1 Hide
    schwizer , February 21, 2012 11:23 PM
    I can imagine the internal conversations

    High up Microsoft dude (HUMD) to his minions "Hey Minions!!! got anything we can slam google on?
    Microsoft Minion "Hmmm, well, they got a bunk P3P cookie"
    HUMD "Alright sweet!!!" /blog

    High up Google Dude to his minions (HUGD) "Hey Minions!! MS is slamming our P3P cooki. WTF! are they right?"
    Google Minions "Well sure, they told us we could! Plus, they're doin it too"
    HUGD "Sweet!!!" /blog

    HUMD to his Minions "Gdamnit Minions!!! why didn't you tell me this shit?!?"

    Microsoft Minions "You didn't ask!! Stop acting like a teenager and let us do some useful work!!!"
  • 1 Hide
    bebangs , February 21, 2012 11:25 PM
    Microsoft says that we should use IE9 to have privacy protection. Bunch of Hypocrites.
    They should release a patch for all IE browsers, not advertise ie9 features and bashing other products for they own benefit.
  • 0 Hide
    ap3x , February 22, 2012 12:09 AM
    lol. Was wondering when this was going to show up on Toms hardware. Saw this one right after the Safari incident.
  • 0 Hide
    SmileyTPB1 , February 22, 2012 1:17 AM
    No one should be surprised that Google is tracking people on the internet. Where do you think they get all those Petabytes of user data from.

    No one should be surprised that Microsoft is tracking people on the internet. Where do you think they get all those Petabytes of user data from.

    The only difference is that we know that Google is using it to sell advertising, build better products, and other nefarious evil things. We have no idea what Microsoft uses it for because, while they are eveil, it certainly isn't for building a better product.
  • -2 Hide
    EightyFour , February 22, 2012 2:36 AM
    "yo dawg i hurd yu leik circumventing privacy, so i put an NSA/CIA collaborative device in yo
    ride so you can steal passwords while you google streetcar"
  • -2 Hide
    alidan , February 22, 2012 3:07 AM
    we love the internet.
    we want it to be free.
    if you dont want ads, and think google is going to analy probe you... start a pay for the internet foundation. make is so you have to pay money to every webpage you go to, and pay them for the bandwidth you use. go and do that... than lets also impose old email 10mb per account restrictions.

    google funds websites by allowing ads, i dont care how they get the money.
  • 1 Hide
    blazorthon , February 22, 2012 3:45 AM
    alidanwe love the internet.we want it to be free.if you dont want ads, and think google is going to analy probe you... start a pay for the internet foundation. make is so you have to pay money to every webpage you go to, and pay them for the bandwidth you use. go and do that... than lets also impose old email 10mb per account restrictions. google funds websites by allowing ads, i dont care how they get the money.


    Advertisements are okay when we aren't being watched constantly to supply us with more specialized advertisements. I have no problem with advertisements. The problem is that Google, Microsoft, Apple, the ISPs, etc. all steal private data (some of which can be used to identify you, most of it probably can't but still). The funny thing is that although some still deny it even though it's been proven time and time again that they do it by us geeks, we see more and more companies admitting that they have been stealing data from us for years.

    I don't know for sure about you, but this worries me. Especially in light of the many hackers going into some of these companies and taking MBs and GBs of data, often posting it. How many times do we see thousands of people screwed over in some way because of credit card numbers and the like being leaked? Well, some of the data gathered may be able to be used to obtain such data, if it isn't already within the gathered data. I don't mind the ads too much, but I most certainly do mind the manner in which they are served. Especially since ads began using deplorable tricks to get you to click them, but that crap isn't not new anymore and has been going on for years.
  • 0 Hide
    mosu , February 22, 2012 4:10 AM
    Because they can.
  • -3 Hide
    back_by_demand , February 22, 2012 7:16 AM
    CamikaziYou live on the wrong world if you want no tracking without permission

    Most of the time I am lucky, if I am browsing at work behind our beefy corporate firewall
  • 2 Hide
    capt_taco , February 22, 2012 7:43 AM
    As a web designer, I'm inclined to believe this has more to do with IE's notoriously crappy interpretation of code than anything else.

    I mean, make no mistake about it, Google has gotten to the point where it would anally probe its own mother if it could make a buck from it, but it's been doing the exact same kind of stuff as this for years. Do nothing evil, right.

    Part of me wants to congratulate Google for finally joining the ranks of people who are sick of IE's buggy crap, and part of me wants to throw up on Google for being that way.

    Oh well, I guess it's just Google being Google.
  • 0 Hide
    Anonymous , February 22, 2012 3:03 PM
    Microsoft is just qq'ing because their product sucks. People with a bit more knowledge about computerz and webz are more likely to install firefox/chrome on their pc's. It is just a few websites that doesn't allow you to do stuff if ur not using IE for that (e.g.: internet banking).

    But this big corps are most likely to qq on the others if their product isn't the best or isn't selling as good as ... Microsoft won't starve if all people on earth don't use their web browser.
  • 4 Hide
    tj_the_first , February 22, 2012 10:27 PM
    back_by_demandMost of the time I am lucky, if I am browsing at work behind our beefy corporate firewall

    ...where your workplace tracks EVERY page you visit. :) 
Display more comments