Following last week’s Wall Street Journal report that Google was sidestepping privacy protections in Apple’s Safari browser, Microsoft’s Internet Explorer team now says it has discovered that Google is doing something similar in Internet Explorer.
IE chief Dean Hachamovitch says Microsoft has contacted Google and asked them to honor the privacy settings in question.
The assertion comes amid a larger effort by Microsoft to capitalize on concerns about Google’s broader privacy changes, attempting to get people to dump Google and switch to Microsoft services. There are also questions about whether the Wall Street Journal overstated the implications of what Google was doing in Safari in its report last week.
Hachamovitch lays out Microsoft’s findings in this blog post today. The IE9 feature in question is known as P3P Privacy Protection. By default, this feature keeps a web service from depositing cookies on a user’s computer from sites that don’t belong to that web service — unless that web service makes a promise (in code read by the browser) not to use the cookie to track the user.
Microsoft says that rather than making that promise, the code that Google transmits refers to this website, which reads …
In some situations, the cookies we use to secure and authenticate your Google Account and store your preferences may be served from a different domain than the website you’re visiting. This may happen, for example, if you visit websites with Google +1 buttons, or if you sign into a Google gadget on iGoogle.
Some browsers require third party cookies to use the P3P protocol to state their privacy practices. However, the P3P protocol was not designed with situations like these in mind. As a result, we’ve inserted a link into our cookies that directs users to a page where they can learn more about the privacy practices associated with these cookies.
Microsoft says that doesn’t constitute a promise not to track the user, but the browser doesn’t understand the nuance, and therefore allows Google to deposit the cookie.
Hachamovitch writes in his post that Microsoft is considering changing how IE handles these situations to keep cookies from being deposited when it doesn’t recognize the P3P claim that a third-party service is making. Microsoft is also recommending that IE users make use of the browser’s Tracking Protection feature.
We’ve asked Google if it wants to respond to Microsoft’s statements.