Safari isn’t the only browser duped by Google.
Over the weekend The Wall Street Journal posted an article on how Google was bypassing the default privacy settings on the Safari browser, used on iOS and Mac OSX devices, to track the general web surfing behavior of consumers for better and more accurate advertisement by third party companies.
Yesterday Microsoft did a search of their own and found out that Google is indeed bypassing Internet Explorer’s default privacy settings as well.
“When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies,” wrote Dean Hachamovitch, Corporate Vice President, Internet Explorer.
The issue stems from a technical point, in that both Safari and IE stop 3rd party cookies by default to monitor consumer behavior. This is done by monitoring a Platform for Privacy Preferences (P3P) statement within the 3rd part cookie to see what the site will use the cookie for. P3P is an official privacy standard set by the World Wide Web Consortium (W3C) that various websites use to show their privacy policies.
“Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies.” Hachamovitch continues, “P3P-compliant browsers interpret Google’s policy as indicating that the cookie will not be used for any tracking purpose or any purpose at all. By sending this text, Google bypasses the cookie protection and enables its third-party cookies to be allowed rather than blocked.”
The IE team has made a ‘Tracking Protection List’ that current IE9 users can utilize to protect themselves from Google’s bypass procedures by clicking here.
Google soon fired back at Microsoft earlier today.
“It is well known–including by[sic] Microsoft–that it is impractical to comply with Microsoft’s request while providing modern Web functionality,” Rachel Whetstone, senior vice president of communications and policy for Google, said in a statement to CNET this evening. “We have been open about our approach, as have many other Web sites. Today the Microsoft policy is widely non-operational,” she continued. “A 2010 research report indicated that over 11,000 Web sites were not issuing valid P3P policies as requested by Microsoft.”
We’ll keep you updated as the drama unfolds.