Microsoft: Internet Explorer subject to Google ad cookie workaround, like Safari

Microsoft has jumped in on the Google/Apple Safari ad cookie controversy, claiming that Google developed systems to circumvent “privacy protections in IE.”

Writing today in their IEBlog Internet Explorer’s  Corporate Vice President, Dean Hachamovitch, was direct in his accusation that the search giant has employed workarounds to avoid IE security.

“When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies”

IE’s blog post claims that the work-around has been designed to allow Google to place ad tracking cookies on users’ computers, similar to those placed through Safari, although the actual system that does this is not the same as that used on Safari.

Last week The Wall Street Journal said that Google evaded Apple’s Safari privacy systems to place ad tracking cookies on users’ devices.  Apple’s privacy system was designed allow websites that users had open in Safari to issue cookies but prevent third party sites loading cookies into the browser.

Microsoft says a similar feature in Internet Explorer prevented third party cookies unless the third party site described how it was going to use this cookie.  They say that Google was able to circumvent this.

“By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent.”

Google responded to the Wall Street Journal, disputing some of the language used  in its original report saying that the Safari system was designed to add functionality found in other major browsers;

“The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

“Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default.  However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons.  Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content–such as the ability to ‘+1’ things that interest them.”

Hachamovitch says Redmond has contacted Mountain View about the system and is investigating whether to prevent such techniques.  The IEBlog also details how IE users can prevent such ad cookies from being placed on their browser.

Whether this is Microsoft being opportunistic or not – what they describe in their blog does not seem particularly nefarious – this is bound to keep the story going and going.