Microsoft: Google bypassing IE privacy settings, too

Following last week’s Wall Street Journal report that Google was sidestepping privacy protections in Apple’s Safari browser, Microsoft’s Internet Explorer team now says it has discovered that Google is doing something similar in Internet Explorer.

IE chief Dean Hachamovitch says Microsoft has contacted Google and asked them to honor the privacy settings in question.

The assertion comes amid a larger effort by Microsoft to capitalize on concerns about Google’s broader privacy changes, attempting to get people to dump Google and switch to Microsoft services. There are also questions about whether the Wall Street Journal overstated the implications of what Google was doing in Safari in its report last week.

Hachamovitch lays out Microsoft’s findings in this blog post today. The IE9 feature in question is known as P3P Privacy Protection. By default, this feature keeps a web service from depositing cookies on a user’s computer from sites that don’t belong to that web service — unless that web service makes a promise (in code read by the browser) not to use the cookie to track the user.

Microsoft says that rather than making that promise, the code that Google transmits refers to this website, which reads …

In some situations, the cookies we use to secure and authenticate your Google Account and store your preferences may be served from a different domain than the website you’re visiting. This may happen, for example, if you visit websites with Google +1 buttons, or if you sign into a Google gadget on iGoogle.

Some browsers require third party cookies to use the P3P protocol to state their privacy practices. However, the P3P protocol was not designed with situations like these in mind. As a result, we’ve inserted a link into our cookies that directs users to a page where they can learn more about the privacy practices associated with these cookies.

Information that Google collects in association with these cookies is subject to our Privacy Policy.

Microsoft says that doesn’t constitute a promise not to track the user, but the browser doesn’t understand the nuance, and therefore allows Google to deposit the cookie.

Hachamovitch writes in his post that Microsoft is considering changing how IE handles these situations to keep cookies from being deposited when it doesn’t recognize the P3P claim that a third-party service is making. Microsoft is also recommending that IE users make use of the browser’s Tracking Protection feature.

We’ve asked Google if it wants to respond to Microsoft’s statements.

  • Guest

    Shame on Google for exploiting security flaws in Microsoft’s and Apple’s web browsers. I’d like to see them brought to answer for their hacking.

  • Anonymous

    Nice that Google is finally being brought to the attention of the authorities.  They’ve been doing this kind of stuff for a long, long time.  I’m glad that they are not longer the ‘teflon media darling’ that they used to be.

    And Google used to scream about how ‘evil’ Microsoft was when Microsoft did the wrong thing.  Hypocracy at it’s finest as Google tries to justify it’s own mafeasance.

  • Guest

    Not sure why you inserted that 3rd paragraph. Are you suggesting that MS is making it up? That Google was only semi-slimy in what they did with Safari? Seriously, I don’t know why you’d try to minimize or otherwise excuse Google’s actions here. It’s definitely deceptive and it may end up being more than that.