Microsoft accuses Google of invading IE privacy

Powered by SC Magazine

Google brands Microsoft policy 'impractical'.

Microsoft has accused Google of abusing privacy preference settings in its Internet Explorer (IE) browser.

The accusation follows the controversial discovery last week that Google was bypassing privacy settings in Apple's Safari browser, affecting OS X desktops and iOS mobile devices.

The discovery gave Microsoft ammunition to ramp up its privacy war on Google stemming from the search giant's privacy policy overhaul, set to come into effect on March 1.

"Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies," Dean Hachamovitch, Corporate Vice President, Internet Explorer wrote on the company's IEBlog

Hachamovitch accused Google of violating the W3C Web standards recommended P3P Privacy Protection feature in IE designed to block third-party cookies unless the site presents a P3P Compact Policy Statement, which explains how the site will user the cookie and a commitment not to track the user.

"Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent," said Hachamovitch.

How Google does this is by issuing a policy statement designed for humans to read, even though P3P polices are designed for browsers to read, according to Hachamovitch.

Google's P3P policy statement should contain a number of HTTP headers such as "ALL IND DSP", which signify to the browser what the site does with the information it collects and ultimately help the browser manage user preferences. 

Instead, Google's P3P policy reads: "This is not a P3P policy", and provides a link to its explanation page "for more info."

By not providing an correctly formatted statement, Google bypasses user preferences about cookies and permits third-party cookies to be allowed rather than blocked, explained Hachamovitch.

A Google spokesperson issued a statement in response to Microsoft's claims, saying it was "impractical to comply with Microsoft's request while providing modern web functionality".

The spokesperson also branded P3P as "widely non-operational", citing several research reports.

Google would not be alone in failing to the P3P standard in browsers, with one study in 2006 by CyLan Privacy Interest Group at Carnegie Mellon University finding that only 15 percent of the top 5000 websites incorporate P3P.  

Copyright © . All rights reserved.

Microsoft accuses Google of invading IE privacy
Top Stories
Windows 10 lands in Australia
Campaign to get business to upgrade kicks off.
NSW to build its own myGov
Service NSW digital profiles available by September.
Android bug leaves a billion phones open to attack
Hackers only need phone number to target devices.
Sign up to receive iTnews email bulletins
Latest Comments
Should law enforcement be able to buy and use exploits?

   |   View results
Only in special circumstances
Yes, but with more transparency