Microsoft Claims Over Google’s Web Monitoring Practices: Google Tricks Internet Explorer Into Accepting Tracking Cookies

Posted on Feb 21 2012 - 9:49am by Editorial Staff

The Google web monitoring practices issue which came in light when WSJ first reported that Google and several other prominent online advertising networks have been caught circumventing Safari and Mobile safari security restrictions, which results into the three congressman on Friday called on Federal Trade Commission (FTC) to investigate Google further into this – the search giant claimed (below) that the situation was accidental and is limited only to the Safari Web browser only – but with an “said to be an additional” turn by Microsoft today claimed that Google is doing much the same thing not only with Apple’s Safari but also with Microsoft’s Internet Explorer.

In a blog post titled “Google bypassing user privacy settings” Microsoft’s IE Corporate Vice President Dean Hachamovitch states that “When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.” – the company spells out the details about their discovery, as well as provide recommendations to IE users on how to protect their privacy from search giant with the use of IE9’s Tracking Protection feature.

Hachamovitch explains that IE’s default configuration blocks third-party cookies unless presented with a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent – P3P, an official recommendation of the W3C Web standards body, is a Web technology that all browsers and sites can support. Sites use P3P to describe how they intend to use cookies and user information.

By supporting P3P, browsers can block or allow cookies to honor user privacy preferences with respect to the site’s stated intentions. It’s worth noting that users cannot easily access P3P policies. Web sites send these policies directly to Web browsers using HTTP headers. The only people who see P3P descriptions are technically skilled and use special tools, like the Cookie inspector in the Fiddler tool.

According to Microsoft it has contacted Google to ask the company to “commit to honoring P3P privacy settings for users of all browsers.” Microsoft also updated the Tracking Protection Lists in IE9 to prevent the tracking described by Hachamovitch in the blog post – in a whole the text sent by Google actually reads “This is not a P3P policy” and will includes a link to a Google page according to which cookies are used to secure and authenticate Google users.

Here is the Google’s full statement:

The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content–such as the ability to “+1” things that interest them.

To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between their personal information and the web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.

Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google’s Ads Preferences Manager.

About the Author
Editorial Staff

Editorial Staff at I2Mag is a team of subject experts led by Karan Chopra.