Microsoft Accuses Google of Bypassing IE Privacy Settings
Microsoft has accused Google of bypassing IE privacy settings but Google has defended its actions, calling IE's cookie technology "widely non-operational."
Late last week the Wall Street Journal made quite a splash when it accused Google of tracking Safari users' activities without their knowledge. This past weekend Dean Hachamovitch, corporate vice president for Internet Explorer at Microsoft, penned a blog post that claims Google also circumvented the privacy settings of IE users.
Hachomovitch says that by default, Internet Explorer blocks third-party cookies unless the site presents a P3P Compact Policy Statement that describes how the site will use the cookie and that it will not use it to track a user. P3P, an official recommendation of the World Wide Web Consortium, is a technology that all browsers and websites can support and sites use P3P to indicate how they intend to use cookies and user information. Hachomovitch says that by supporting P3P, browsers can block or allow cookies to honor user privacy preferences with respect to the site’s stated intentions. However, according to Microsoft, Google approaches things a bit different.
"Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies. The P3P specification (in an attempt to leave room for future advances in privacy policies) states that browsers should ignore any undefined policies they encounter. Google sends a P3P policy that fails to inform the browser about Google’s use of cookies and user information. Google’s P3P policy is actually a statement that it is not a P3P policy. It’s intended for humans to read even though P3P policies are designed for browsers to "read":
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Google has responded to Hachomovitch's lengthy post with its own statement that dubs Microsoft's P3P cookie technology "widely non-operational" and highlights the fact that it is not alone in its tactics to attempt to get around this technology. Google says that P3P didn’t have a huge impact when it was introduced in 2002 when P3P, but these days, it actually breaks cookie-based features, such as Facebook's 'Like' feature (incidentally, Facebook is another company that doesn't comply with P3P).
"Despite having been around for over a decade, P3P adoption has not taken off. It’s worth noting again that less than 12 percent of the more than 3,000 websites TRUSTe certifies have a P3P compact policy. The reality is that consumers don’t, by and large, use the P3P framework to make decisions about personal information disclosure," said Rachel Whetstone, Senior Vice President of Communications and Policy at Google. "A 2010 research paper by Carnegie Mellon found that 11,176 of 33,139 websites were not issuing valid P3P policies as requested by Microsoft. In the research paper, among the websites that were most frequently providing different code to that requested by Microsoft: Microsoft’s own live.com and msn.com websites.
What's more, Whetstone goes on to say that the reason all of these websites have decided against issuing valid P3P policies is because Microsoft said it was okay not to. Apparently that same Carnegie Mellon research paper from two years ago found that "Microsoft's support website recommends the use of invalid CPs (codes) as a work-around for a problem in IE."
Microsoft has yet to respond to Google's lengthy statement but Google seems pretty adamant that it's not doing anything wrong. Or at least, if it is, it's not alone. This is the second time in the space of a few weeks that Microsoft has targeted Google publicly over privacy issues. Earlier this month, the company highlighted Google's controversial changes to its privacy policy with an ad campaign in several of the country's biggest newspapers. Redmond encouraged users unhappy with Google's actions to jump ship and try competing Microsoft products such as IE and Hotmail.
Further Reading
- Tom's Guide: WSJ: Safari Loophole Allowed Google to Track Users via Ads
- Microsoft: Google Bypassing User Privacy Settings
- Parislemon: Google's complete statement on the issue.

So because Microsoft breaks privacy that makes it Ok for Google to do it as well?
...
There's an old saying - two wrongs don't make a right - no-one should be tracking you without permission
It doesn't matter if it's Google, Twitter, Yahoo, or The Atlantic. If you're using a service and you aren't paying for it, you're not the customer: you are the product. "
As said by TheAnonymouse in the comments on the page linked by jhansonxi a few posts above me.
Online privacy is a myth. Not that that's a good thing, it's really horrible, but we would be hard-pressed to change this. The hoops you need to jump through to be more or less truly private are ridiculous. Just as a start, get Firefox with No-Script and Add-Block, TOR and/or Advanced Onion Router, good firewall, and don't forget to set each thing up to be the most secure.
Then you need to deal with performance degradation just to get that semblance of privacy. What we've come to in the online world is disgusting.
There's also more that you can do, but you're faced with ever-increasing performance overhead. Of course, you could stick with basics like Firefox + No-Script+Add-Block and enjoy increased performance, but everything else is probably going to decrease performance.
Any other ideas?
Wait... people didn't know this? I figured out years ago that everyone will track everyone, it's human nature to want to know what others are doing and when you put that instinct combined with corporation sized power you get all this tracking and spying. I wonder how some people can stay so blind and think it doesn't happen at all.
You live on the wrong world if you want no tracking without permission
High up Microsoft dude (HUMD) to his minions "Hey Minions!!! got anything we can slam google on?
Microsoft Minion "Hmmm, well, they got a bunk P3P cookie"
HUMD "Alright sweet!!!" /blog
High up Google Dude to his minions (HUGD) "Hey Minions!! MS is slamming our P3P cooki. WTF! are they right?"
Google Minions "Well sure, they told us we could! Plus, they're doin it too"
HUGD "Sweet!!!" /blog
HUMD to his Minions "Gdamnit Minions!!! why didn't you tell me this shit?!?"
Microsoft Minions "You didn't ask!! Stop acting like a teenager and let us do some useful work!!!"
They should release a patch for all IE browsers, not advertise ie9 features and bashing other products for they own benefit.
No one should be surprised that Microsoft is tracking people on the internet. Where do you think they get all those Petabytes of user data from.
The only difference is that we know that Google is using it to sell advertising, build better products, and other nefarious evil things. We have no idea what Microsoft uses it for because, while they are eveil, it certainly isn't for building a better product.
ride so you can steal passwords while you google streetcar"
we want it to be free.
if you dont want ads, and think google is going to analy probe you... start a pay for the internet foundation. make is so you have to pay money to every webpage you go to, and pay them for the bandwidth you use. go and do that... than lets also impose old email 10mb per account restrictions.
google funds websites by allowing ads, i dont care how they get the money.
Advertisements are okay when we aren't being watched constantly to supply us with more specialized advertisements. I have no problem with advertisements. The problem is that Google, Microsoft, Apple, the ISPs, etc. all steal private data (some of which can be used to identify you, most of it probably can't but still). The funny thing is that although some still deny it even though it's been proven time and time again that they do it by us geeks, we see more and more companies admitting that they have been stealing data from us for years.
I don't know for sure about you, but this worries me. Especially in light of the many hackers going into some of these companies and taking MBs and GBs of data, often posting it. How many times do we see thousands of people screwed over in some way because of credit card numbers and the like being leaked? Well, some of the data gathered may be able to be used to obtain such data, if it isn't already within the gathered data. I don't mind the ads too much, but I most certainly do mind the manner in which they are served. Especially since ads began using deplorable tricks to get you to click them, but that crap isn't not new anymore and has been going on for years.
Most of the time I am lucky, if I am browsing at work behind our beefy corporate firewall
I mean, make no mistake about it, Google has gotten to the point where it would anally probe its own mother if it could make a buck from it, but it's been doing the exact same kind of stuff as this for years. Do nothing evil, right.
Part of me wants to congratulate Google for finally joining the ranks of people who are sick of IE's buggy crap, and part of me wants to throw up on Google for being that way.
Oh well, I guess it's just Google being Google.
But this big corps are most likely to qq on the others if their product isn't the best or isn't selling as good as ... Microsoft won't starve if all people on earth don't use their web browser.
...where your workplace tracks EVERY page you visit.