Microsoft accuses Google of invading IE privacy

Powered by SC Magazine
 

Google brands Microsoft policy 'impractical'.

Microsoft has accused Google of abusing privacy preference settings in its Internet Explorer (IE) browser.

The accusation follows the controversial discovery last week that Google was bypassing privacy settings in Apple's Safari browser, affecting OS X desktops and iOS mobile devices.

The discovery gave Microsoft ammunition to ramp up its privacy war on Google stemming from the search giant's privacy policy overhaul, set to come into effect on March 1.

"Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies," Dean Hachamovitch, Corporate Vice President, Internet Explorer wrote on the company's IEBlog

Hachamovitch accused Google of violating the W3C Web standards recommended P3P Privacy Protection feature in IE designed to block third-party cookies unless the site presents a P3P Compact Policy Statement, which explains how the site will user the cookie and a commitment not to track the user.

"Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent," said Hachamovitch.

How Google does this is by issuing a policy statement designed for humans to read, even though P3P polices are designed for browsers to read, according to Hachamovitch.

Google's P3P policy statement should contain a number of HTTP headers such as "ALL IND DSP", which signify to the browser what the site does with the information it collects and ultimately help the browser manage user preferences. 

Instead, Google's P3P policy reads: "This is not a P3P policy", and provides a link to its explanation page "for more info."

By not providing an correctly formatted statement, Google bypasses user preferences about cookies and permits third-party cookies to be allowed rather than blocked, explained Hachamovitch.

A Google spokesperson issued a statement in response to Microsoft's claims, saying it was "impractical to comply with Microsoft's request while providing modern web functionality".

The spokesperson also branded P3P as "widely non-operational", citing several research reports.

Google would not be alone in failing to the P3P standard in browsers, with one study in 2006 by CyLan Privacy Interest Group at Carnegie Mellon University finding that only 15 percent of the top 5000 websites incorporate P3P.  

Copyright © iTnews.com.au . All rights reserved.


Microsoft accuses Google of invading IE privacy
 
 
 
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
 
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  24%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  23%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  27%
TOTAL VOTES: 271

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  61%
 
No
  39%
TOTAL VOTES: 85

Vote