News

Microsoft Claims Google Is Bypassing IE User Privacy Settings

Microsoft is claiming that Google is bypassing Internet Explorer's P3P Privacy Protection to track users' cookies. Dean Hachamovitch, corporate vice president of Internet Explorer, wrote in a blog post that Microsoft started looking into the issue after an article in The Wall Street Journal discussed how Google got around tracking blockers in Apple's Safari browser to keep tabs on Web users.

"When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We've discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies," said Hachamovitch.

Internet Explorer automatically blocks third-party cookies from sites that haven't presented a P3P Compact Policy Statement to the W3C Web standards body. This statement publicly discloses how and when a site will document data (in the form of cookies).

In Google's case, it has been bypassing the P3P requirements for Internet Explorer to track cookies without presenting a clear intent on how it would use the information.

"Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies," said Hachamovitch. "The P3P specification (in an attempt to leave room for future advances in privacy policies) states that browsers should ignore any undefined policies they encounter."

When the news hit last week concerning Google avoiding Safari's privacy protocol, Google responded by saying it was accidental, and the unintentional bypass was part of some bad code connected with its "+1" button that is integrated into many Web sites.

Google said in response to the IE blog post that Microsoft purposely omitted information in its blog, including its opinion that using P3P specifications was outdated. "It is well known -- including by Microsoft -- that it is impractical to comply with Microsoft's request while providing modern web functionality," said Google in a statement. "We have been open about our approach, as have many other websites.

According to Microsoft insider Mary Jo Foley, this workaround of Internet Explorer's privacy policy had been known for some time. In a blog post discussing the matter, Foley said she received an e-mail from Lorrie Faith Cranor, director at CyLab Usable Privacy and Security Laboratory, saying that a research team at Carnegie Mellon University had disclosed the practice used by Google (and Facebook) back in 2010.

Microsoft made no mention whether it previously had knowledge or investigated this issue in the blog posting.

Apple and Microsoft aren't the only ones raising concern over Google's privacy circumnavigation -- a class-action lawsuit has been filed with the U.S. District Court for Delaware, alleging that Google violated the Stored Electronic Communication Act, the Federal Computer Fraud and Abuse Act and the Federal Wiretap Act.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

comments powered by Disqus
Most   Popular