Following a Wall Street Journal report last week which revealed that search giant Google had developed a way to bypass privacy settings in Apple’s Safari browser, the head honchos at Microsoft’s Internet Explorer (IE) division started wondering if their competitor was doing the same to them.
As it would turn out, they absolutely are, according to a lengthy explanation published Monday by IE corporate vice president Dean Hachamovitch.
“We’ve found that Google bypasses the P3P Privacy Protection feature in IE,” he wrote. “The result is similar to the recent reports of Google’s circumvention of privacy protections in Apple’s Safari Web browser, even though the actual bypass mechanism Google uses is different.”
P3P is a tech convention that’s been adopted by browser-makers as a way of certifying what third parties want to do with a users’ browser. It stands for the Platform for Privacy Preferences Project, which has adopted industry standard certificates used to identify what tracking cookies want to do with a user’s data, allowing browsers to accept or deny the files based upon the users’ privacy preferences.
In Apple’s browser, Google was essentially tricking Safari into thinking it was placing first-party cookies that users had already agreed to, when it was really injecting third-party cookies from advertisers. Something similar happens in IE, Hachamovitch explained: Because Google’s P3P policy identifies third-party cookies as Google’s own, Microsoft’s browser accepts them at face value.
In the code of Google’s tracking files themselves, even though they’ve been validated as P3P compliant, Google includes a line that notes: “This is not a P3P policy,” and directs readers to a support page that explains P3P was not designed with Google’s goals in mind.
While Microsoft hasn’t yet found a fix for Google’s P3P work-around, the IE browser does have another layer of protection in the form of tracking protection lists that keeps up with third-party servers seeking to track individual users, blocking any communications with them.
Google told The Wall Street Journal that its tracking cookies “do not collect personal information,” and they insist that third-party files are only served to customers who are signed in to their Google accounts — meaning they’ve actively requested files necessary for Google’s services to function.
While Apple’s Safari only makes up just shy of 11 percent of the Internet browser market, Microsoft’s IE has a whopping 52 percent share, according to StatOwl’s most recent survey of 28 million web users.
In the wake of Apple’s revelation, some Republican lawmakers have urged the Federal Trade Commission to investigate whether Google violated the terms of a 2011 settlement over practices that guided users into a now-shuttered social network beta called “Buzz.” It seems likely that Microsoft’s revelations will only help drive that controversy further, but it’s not clear why the company hasn’t also called out others, like Facebook, that also ignore P3P standards.
Photo: Flickr user cambodia4kidsorg.