Microsoft published a post on its Internet Explorer Engineering Team blog today calling out Google for bypassing Internet Explorer’s privacy settings.
Last Friday, The Wall Street Journal broke the news that Google has been bypassing privacy settings set by users on Apple’s Safari browser. After hearing this, Microsoft investigated whether Google was doing the same to Internet Explorer. After some digging, IE’s engineering team got their answer: yes, Google was going over user’s privacy controls.
Specifically, Google has been bypassing Internet Explorer’s P3P Privacy Protection feature, which defines how cookies are used by browsers and websites. P3P Compact Policy statements are provided by websites to explain how the site’s cookies will be impact a visitor’s privacy while browsing.
Dean Hachamovitch, corporate vice president for Internet Explorer, explains on the IE blog how the browser handles P3P statements:
By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent.
The same situation arose with Safari. The browser by default blocks third-party cookies, and Google bypassed this feature. Only time and more digging will tell if Firefox users have experienced this privacy issue as well. VentureBeat reached to Microsoft and Google on this issue.
Google’s Rachel Whetstone, Senior Vice President of Communications and Policy, told VentureBeat in an email:
Microsoft uses a “self-declaration” protocol (known as “P3P”) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form. It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality. We have been open about our approach, as have many other websites. Today the Microsoft policy is widely non-operational.
Microsoft has responded to the situation with a Tracking Protection List that Internet Explorer users can add to their browser to keep track of this kind of activity should it persist. The link for the list is available on the IE Engineering Team blog.
These allegations follow the developing controversy over Google’s new privacy changes, which allow for shared information across all Google services.
Image courtesy of Minerva Studio, Shutterstock