" />
Web

Google fires back at Microsoft’s claim it evaded Internet Explorer privacy systems

Google fires back at Microsoft’s claim it evaded Internet Explorer privacy systems
piers.scott@sociable.co'

Microsoft’s opportunistic swipe at Google yesterday, accusing the company of evading Internet Explorer’s privacy settings, has been met with a strong and damning rebuttal from the search company.

Google graffiti - credit Google

Google graffiti - credit Google

Yesterday, Microsoft claimed that, following accusations that Google circumvented Safari privacy settings, its Internet Explorer team conducted some research to see if the search company had done the same in Internet Explorer, they said;

“When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes.”

In its reply today Google said that the “circumvention” used by Google has been a known feature in Internet Explorer since 2002.

Google goes on to say that and even Microsoft’s own live.com and msn.com websites use the same technique as it uses, in order to provide additional functionality, such as social networking buttons.

The issue comes down to a Microsoft system in Internet Explorer that asks websites to tell the browser how it will use the cookies it wishes to place on users’ machines.  Called Platform for Privacy Preferences , “P3P”, the system assesses each cookie’s statement and decides whether or not to allow them.

In Google’s statement, which essentially lists a number of articles showing how the P3P system is defunct, the company says;

“For many years, Microsoft’s browser has requested every website to “self-declare” its cookies and privacy policies in machine readable form, using particular “P3P” three-letter policies.

Essentially, Microsoft’s Internet Explorer browser requests of websites, “Tell us what sort of functionality your cookies provide, and we’ll decide whether to allow them.”  This didn’t have a huge impact in 2002 when P3P was introduced (in fact the Wall Street Journal today states that our DoubleClick ad cookies comply with Microsoft’s request), but newer cookie-based features are broken by the Microsoft implementation in IE.  These include things like Facebook “Like” buttons, the ability to sign-in to websites using your Google account, and hundreds more modern web services.  It is well known that it is impractical to comply with Microsoft’s request while providing this web functionality.

Today the Microsoft policy is widely non-operational.”

Google points to an article by TRUSTe (@TRUSTe | Facebook | LinkedIn), a digital privacy and website certification company, that describes the limited uptake of P3P.  And, pointing to a 2009 report, says that “misguided implementation” has limited its adoption in general.

“Despite having been around for over a decade, P3P adoption has not taken off. It’s worth noting again that less than 12 percent of the more than 3,000 websites TRUSTe certifies have a P3P compact policy. The reality is that consumers don’t, by and large, use the P3P framework to make decisions about personal information disclosure. Ari Schwartz, of the Center for Democracy and Technology, noted in a 2009 paper on P3P that while the idea behind P3P is a good one (using technology to increase transparency and simplify user choice) its shortcomings (prohibitive complexity and a misguided implementation strategy) critically hampered its adoption.”

And to hammer the point home Google points to a tweet by the privacy and security expert Christopher Soghoian, which places the focus firmly back on Microsoft;

 

Click to add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Web
piers.scott@sociable.co'
@pdscott

Piers Dillon-Scott is co-editor of The Sociable and writes about stuff he finds. He likes technology, media, and using the Oxford comma (because it just makes sense).

More in Web

ai

Down the Rabbit Hole: Top 3 Alternative Theories on AI with Mainstream Concerns

Tim HinchliffeApril 24, 2017
snowden

Outlaw Snowden Lectures Law Students: ‘There is no oath of secrecy in the US’

Tim HinchliffeApril 18, 2017
intercultural

Intercultural Understanding: The Key to Global Harmony in 2017

Peter MerryApril 14, 2017
cia

CIA Used Marble Framework to Cover its Tracks, Capable of Faking Russian Hacking

Tim HinchliffeApril 5, 2017

24 senators introducing bill to kill FCC Internet privacy rules received a combined $2.29M from industry PACs

Tim HinchliffeMarch 21, 2017
g suite

Startup Workep gives G Suite the project management tool it’s been lacking

Tim HinchliffeMarch 21, 2017
wikileaks google

Is Google’s hesitance on WikiLeaks’ cybersecurity offer due to a technicality or actual CIA involvement?

Tim HinchliffeMarch 20, 2017
utilities

Moving home? My Utilities sifts through 75K competing providers so you don’t overpay on bills

Tim HinchliffeMarch 7, 2017
perspective google

Google’s new Perspective API can help you not sound like a jerk while commenting

Tim HinchliffeFebruary 23, 2017