Google Bypassing IE Privacy Policies, Says Microsoft

By

In an Internet Explorer (IE) blog post on Monday, software giant Microsoft accused Google of bypassing privacy protections in IE Google was breaking similar privacy protection rules on Apple’s Safari browser, wrote blogger Dean Hachamovitch, corporate vice president for IE.

The blogger wrote, “We’ve found that Google bypasses the P3P Privacy Protection feature in IE. The result is similar to the recent reports of Google’s circumvention of privacy protections in Apple’s Safari Web browser, even though the actual bypass mechanism Google uses is different.”

As per the blog post, Microsoft has contacted Google and asked the search engine giant to commit to honoring P3P privacy settings for users of all browsers.

According to Microsoft, IE9 offers an additional privacy feature called Tracking Protection, which is not susceptible to this type of bypass. Microsoft recommends that customers who want to protect themselves from Google’s bypass of P3P privacy protection feature must use IE 9 and add a Tracking Protection List. However, the Tracking Protection List website says that this new method is currently undergoing the standardization process at the W3C.

By default, as per the blog post, IE blocks third-party cookies unless the site presents a P3P compact policy statement indicating how it will use the cookie. Plus, it will not track the user. P3P is a protocol that websites use to disclose details in a standard format on how they plan to use the information gathered from the users. Google’s P3P policy causes IE to accept Google’s cookies even though the policy does not state Google’s intent.

Technically, wrote Hachamovitch, “Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies. Google's P3P policy is actually a statement that it is not a P3P policy. It's intended for humans to read even though P3P policies are designed for browsers to read," he added.

P3P-compliant browsers read Google's policy as saying that the cookie won't be used for tracking or any purpose, noted Hachamovitch. "By sending this text, Google bypasses the cookie protection and enables its third-party cookies to be allowed rather than blocked," wrote Hachamovitch.

In another blog post on the PCWorld.com site, Lorrie Faith Cranor, an associate professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University, said, "Companies have discovered that they can lie in their [P3P Compact Privacy Statements] and nobody bothers to do anything about it. Companies have also discovered that, due to a bug in IE, if they have an invalid [privacy statement], IE will not block it."

Continuing, Cranor said, “Google is not alone in circumventing P3P and that this issue points to a larger problem in browser privacy,” wrote IDG news reporter Nancy Gohring. In fact, Facebook presents a P3P statement that says: "Facebook does not have a P3P policy," according to Prof. Cranor. “That line is an invalid P3P privacy statement so it essentially turns off IE cookie blocking. Thousands of other sites have P3P privacy statements that don't match their actual practices.”


Ashok Bindra is a veteran writer and editor with more than 25 years of editorial experience covering RF/wireless technologies, semiconductors and power electronics. To read more of his articles, please visit his columnist page.

Edited by Tammy Wolf

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More