Google, Microsoft fight as Google tricks IE into accepting tracking cookies

February 23, 2012 | Filed under: Business | Posted by:

Google, Microsoft dispute is not going to end soon as Google tricks Internet Explorer into accepting tracking cookies

These are days of online security issues. Microsoft has just caught Google bypassing default privacy settings in the Internet Explorer browser so that it can serve up tracking cookies. The company claimed the situation was an accident and limited only to the Safari Web browser, but today Microsoft claimed Google is doing much the same thing with Internet Explorer.

Dean Hachamovitch, Microsoft’s IE Corporate Vice President, has written in a blog post titled ‘Google bypassing user privacy settings’, “When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.”

Hachamovitch elaborated on the breach, explaining that IE blocks third-party cookies by default. This is the setting unless presented with a “P3P (Platform for Privacy Preferences Project) Compact Policy Statement”, which blocks sites from using the cookie to track the user. Hachamovitch declared that Google is sending a string of text that tricks the browser into thinking the cookie won’t be used for tracking.

He wrote, “By sending this text, Google bypasses the cookie protection and enables its third-party cookies to be allowed rather than blocked.”

And this has in fact been the case as the text that Google sends reads, “This is not a P3P policy”, followed by a link to a Google page which says cookies used to secure and authenticate Google users are needed to store user preferences, and that the P3P protocol “was not designed with situations like these in mind.”

Microsoft informed the media that Google has been contacted by them in an inquiry to “commit to honoring P3P privacy settings for users of all browsers.”

As an added step, Microsoft has also updated the Tracking Protection Lists in IE9 in order to prevent such evasive tracking in future.

In response to these accusations, Google has come up with a lengthy response.

Rachel Whetstone, Google Senior VP of Communications and Policy said in an explanatory  statement to the media, “Microsoft uses a ‘self-declaration’ protocol (known as ‘P3P’) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form. It is well known—including by Microsoft—that it is impractical to comply with Microsoft’s request while providing modern web functionality.”

And it has been found that Google is not the only one breaching security features. Facebook’s like button works the same way and so does Microsoft’s very own msn.com and live.com websites.

Google explained that “Microsoft’s reliance on P3P forces outdated practices onto modern websites, and points to a study conducted in 2010 that studied 33,000 sites and found about a third of them were circumventing P3P in Internet Explorer.

Shortlink:

Posted by on February 23, 2012. Filed under Business. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>