Microsoft accuses Google of invading IE privacy

Powered by SC Magazine
 

Google brands Microsoft policy 'impractical'.

Microsoft has accused Google of abusing privacy preference settings in its Internet Explorer (IE) browser.

The accusation follows the controversial discovery last week that Google was bypassing privacy settings in Apple's Safari browser, affecting OS X desktops and iOS mobile devices.

The discovery gave Microsoft ammunition to ramp up its privacy war on Google stemming from the search giant's privacy policy overhaul, set to come into effect on March 1.

"Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies," Dean Hachamovitch, Corporate Vice President, Internet Explorer wrote on the company's IEBlog

Hachamovitch accused Google of violating the W3C Web standards recommended P3P Privacy Protection feature in IE designed to block third-party cookies unless the site presents a P3P Compact Policy Statement, which explains how the site will user the cookie and a commitment not to track the user.

"Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent," said Hachamovitch.

How Google does this is by issuing a policy statement designed for humans to read, even though P3P polices are designed for browsers to read, according to Hachamovitch.

Google's P3P policy statement should contain a number of HTTP headers such as "ALL IND DSP", which signify to the browser what the site does with the information it collects and ultimately help the browser manage user preferences. 

Instead, Google's P3P policy reads: "This is not a P3P policy", and provides a link to its explanation page "for more info."

By not providing an correctly formatted statement, Google bypasses user preferences about cookies and permits third-party cookies to be allowed rather than blocked, explained Hachamovitch.

A Google spokesperson issued a statement in response to Microsoft's claims, saying it was "impractical to comply with Microsoft's request while providing modern web functionality".

The spokesperson also branded P3P as "widely non-operational", citing several research reports.

Google would not be alone in failing to the P3P standard in browsers, with one study in 2006 by CyLan Privacy Interest Group at Carnegie Mellon University finding that only 15 percent of the top 5000 websites incorporate P3P.  

Copyright © iTnews.com.au . All rights reserved.


Microsoft accuses Google of invading IE privacy
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 327

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 136

Vote