Microsoft says Google bypassing IE security too

Microsoft says Google bypassing IE security too
Google exploiting IE privacy settings too?

Microsoft says it has discovered evidence that Google is bypassing security settings in Internet Explorer in order to track users' movements.

The controversy comes less than a week after Google, Facebook and other advertising networks were caught circumnavigating users' privacy settings on Apple's Safari and Safari Mobile browser.

Microsoft had initially reacted to the news by trumpeting IE9s safety, but a blog post on Monday revealed its users had also fallen victim to the snooping, albeit in a slightly different way.

Stating intent

"Google is employing similar methods (to what it employed with Safari) to get around the default privacy protections in IE and track IE users with cookies," said IE boss Dean Hachamovitch.

"We've also contacted Google and asked them to commit to honoring P3P privacy settings for users of all browsers.

"IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site's use does not include tracking the user.

"Google's P3P policy causes Internet Explorer to accept Google's cookies even though the policy does not state Google's intent."

Fix in place

While it waits for Google to respond, Microsoft already has a fix in place for IE9 users who want to protect themselves from the tracking.

Microsoft also said it is looking into reports that Facebook is guilty of the same tracking technique.

Google responded to the claims on Friday, claiming it was not harvesting personal information, but simply establishing which users were signed into Google.

"Microsoft omitted important information from its blog post today," wrote Google's Rachel Whetstone later. "Microsoft uses a "self-declaration" protocol (known as "P3P") dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form.

"It is well known - including by Microsoft - that it is impractical to comply with Microsoft's request while providing modern web functionality. We have been open about our approach, as have many other websites.
"Today the Microsoft policy is widely non-operational.

"A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft."

It's an argument that is likely to run and run, but many will ask whether these public spats are ever really going to be acting in the best interest of the actual users rather than for political point scoring.

Via: Zdnet

Chris Smith

A technology journalist, writer and videographer of many magazines and websites including T3, Gadget Magazine and He specializes in applications for smartphones, tablets and handheld devices, with bylines also at The Guardian, WIRED, Trusted Reviews and Wareable. Chris is also the podcast host for The Liverpool Way. As well as tech and football, Chris is a pop-punk fan and enjoys the art of wrasslin'.