"When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: Is Google circumventing the privacy preferences of Internet Explorer users too?" IE executive Dean Hachamovitch wrote in a blog post this morning. "We've discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies."
The blog post, which details Microsoft's findings and offers privacy protection tips, said it has contacted Google about its concerns and asked it to "commit to honoring P3P privacy settings for users of all browsers".
Google representatives did not immediately respond to CNET's request for comment.
In the blog post, Hachamovitch explained how the bypass occurs:
Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies. The P3P specification (in an attempt to leave room for future advances in privacy policies) states that browsers should ignore any undefined policies they encounter. Google sends a P3P policy that fails to inform the browser about Google's use of cookies and user information. Google's P3P policy is actually a statement that it is not a P3P policy.
P3P, or Platform for Privacy Preferences, is an official recommendation of the World Wide Web Consortium that sites use to summarize their privacy policies. However, the recommendation has been largely ignored in the past decade since introduction a decade ago with many major Web sites such as Google.com, Apple.com, CNN.com, and Twitter.com opting not to use it to describe their policies.
Hachamovitch also took the opportunity to point out at IE users have access to a Tracking Protection List that it says prevents the P3P bypass. Additionally, he said Microsoft is "investigating what additional changes to make to our products. The P3P specification says that browsers should ignore unknown tokens. Privacy advocates involved in the original specification have recently suggested that IE ignore the specification and block cookies with unrecognized tokens."
Microsoft slammed Google earlier this week after The Wall Street Journal reported that Google had sidestepped Safari user privacy settings to track Internet users. The search giant and other ad companies reportedly used special code to get around Safari's privacy controls in order to track users on computers and mobile devices.
No comments:
Post a Comment