Microsoft accuses Google of invading IE privacy

Microsoft has accused Google of abusing privacy preference settings in its Internet Explorer (IE) browser.

The accusation follows the controversial discovery last week that Google was bypassing privacy settings in Apple's Safari browser, affecting OS X desktops and iOS mobile devices.

The discovery gave Microsoft ammunition to ramp up its privacy war on Google stemming from the search giant's privacy policy overhaul, set to come into effect on March 1.

"Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies," Dean Hachamovitch, Corporate Vice President, Internet Explorer wrote on the company's IEBlog. 

Hachamovitch accused Google of violating the W3C Web standards recommended P3P Privacy Protection feature in IE designed to block third-party cookies unless the site presents a P3P Compact Policy Statement, which explains how the site will user the cookie and a commitment not to track the user.

"Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent," said Hachamovitch.

How Google does this is by issuing a policy statement designed for humans to read, even though P3P polices are designed for browsers to read, according to Hachamovitch.

Google's P3P policy statement should contain a number of HTTP headers such as "ALL IND DSP", which signify to the browser what the site does with the information it collects and ultimately help the browser manage user preferences. 

Instead, Google's P3P policy reads: "This is not a P3P policy", and provides a link to its explanation page "for more info."

By not providing an correctly formatted statement, Google bypasses user preferences about cookies and permits third-party cookies to be allowed rather than blocked, explained Hachamovitch.

A Google spokesperson issued a statement in response to Microsoft's claims, saying it was "impractical to comply with Microsoft's request while providing modern web functionality".

The spokesperson also branded P3P as "widely non-operational", citing several research reports.

Google would not be alone in failing to the P3P standard in browsers, with one study in 2006 by CyLan Privacy Interest Group at Carnegie Mellon University finding that only 15 percent of the top 5000 websites incorporate P3P.