Google, Microsoft butt heads over IE privacy skirting
'Plenty of blame to go around' for both companies, says privacy researcher
Computerworld - Google yesterday countered Microsoft's contention that it's skirting Internet Explorer's privacy protection, saying it's "impractical" to comply with IE's rules.
One privacy researcher said there was enough blame to apportion to both Google and Microsoft.
The latest dustup over Google's privacy practices began early Monday, when Microsoft's top executive for IE accused Google of circumventing the browser's default privacy defense so that Google's ad network could track IE users' online movements without their permission.
Microsoft's charges were similar to ones made last week after the Wall Street Journal said Google was sidestepping the privacy protection of Apple's Safari, which is bundled with Mac OS X and is the only authorized browser on the iPhone and iPad.
On Monday, Dean Hachamovitch, who leads the IE team, said Google was getting around Microsoft's browser, too.
"Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies," Hachamovitch said in a blog post.
Google, said Hachamovitch, was gaming P3P to trick IE into accepting tracking cookies, even though Google's Compact Policy Statement does not spell out the search giant's intent. "Google bypasses the cookie protection [in IE] and enables its third-party cookies to be allowed rather than blocked," Hachamovitch charged.
Google returned volley today.
In a statement issued by Rachel Whetstone, senior vice president of communications and policy, Google asserted that it was "impractical to comply" with IE's P3P request because doing so prevented sites and services from providing features, including sign-in to multiple Google services.
"Today the Microsoft policy is widely non-operational," said Whetstone, citing a 2010 report that claimed more than 11,000 websites were not issuing valid P3P policies. "The reality is that consumers don't, by and large, use the P3P framework to make decisions about personal information disclosure."
Whetstone went on to say that Google has "been open about our approach" to P3P, and said Microsoft itself had recommended using invalid P3P codes as a work-around for a problem in IE. "This recommendation was a major reason that many of the 11,176 websites provided different code to the one requested by Microsoft," she said.
The study referenced by Whetstone was conducted by a team at Carnegie Mellon University's CyLab and published in September 2010 (download PDF).
In the report, the researchers noted the widespread circumvention -- some apparently purposeful, some accidental -- of IE's cookie-blocking with malformed P3P compact policies. Among the companies involved, the report named Amazon, Facebook and Google.
"I think there is plenty of blame to go around," said Lorrie Faith Cranor, an associate professor of computer science at Carnegie Mellon, the director of its CyLab Usable Privacy and Security Laboratory and the faculty member who lead the team that produced the 2010 report.
- 3 privacy violations you shouldn't worry about
- U.S. commercial drone industry struggles to take off
- Snowden leaks erode trust in Internet companies, government
- NSA phone metadata collection program renewed for 90 days
- NSA isn't evil, says noted civil libertarian
- Franken presses Ford on location data collection practices
- Justices let stand appeals court decision on border searches of laptops
- California lawmakers move to bar state help to NSA
- Appeals court again nixes Google's bid to overturn Street View case
- Older Mac webcams can spy without activating warning light
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Privacy White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!