Microsoft’s Clash With Google Over Privacy Settings May Be Part of a Larger Problem

Google’s policies are once again under scrutiny as Microsoft and others have caught the company circumventing users’ privacy settings to track them with cookies. But Google representatives have pointed out that they are not alone.

It all started with Apple’s Safari Web browser. According to the Wall Street Journal, Google and other advertising companies have been using a special code to trick Safari into bypassing users’ privacy settings to monitor their activities online. Stanford grad student Jonathan Mayer first spotted the code. A follow-up investigation by WSJ advisor Ashkan Soltani revealed that the Google tracking code had been installed on a test computer through ads on 22 of the top 100 websites and that the code was also installed on an iPhone browser through ads on 23 sites. (Once the Journal contacted the company about the matter, Google disabled the code.)

When Microsoft heard that Google had circumvented user privacy settings on Safari, they wondered if Google was also bypassing users’ privacy preferences on Internet Explorer. Microsoft’s Internet Explorer corporate vice president Dean Hachamovitch wrote in a blog post, “We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.”

The real issue, according to a blog post by TAP, is that the default setting Microsoft created to block third-party cookies has a bug. As a result, many companies – including Facebook – have been able to get around the requirement for third parties to summarize their privacy policies and offer users a way to opt out of sharing their personal data. The protocol for writing compact policies (CP), as defined by the Platform for Privacy Preferences Project (P3P), has not been widely implemented since it was first created in 2002 by the World Wide Web Consortium.

A Facebook representative told ZDNet, “While we would like to be able to express our cookie policy in a format that a browser could read, P3P was developed 5 years ago and is not effective in describing the practices of a modern social networking service and platform. Instead, we have posted a public notice describing our practices that is consistent with Section 3.2 of P3P. We have reached out directly to Microsoft in hopes of developing additional solutions and we would welcome the opportunity to work with W3 to update P3P to account for the advances in social networking and the web since 2007.”

Google’s response to Microsoft’s complaints said more or less the same thing. “Today the Microsoft policy is widely non-operational,” Google wrote. “A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft.”

The complexity of the issue begs the question, is there an easier way to handle this? According to Jonathan Mayer, there is. He and fellow Stanford researcher Arvid Narayanan are currently working on Do Not Track, a policy proposal that would allow users to opt out of being tracked across all third-party sites, much like the Do Not Call Registry.

If it goes through, would you sign up?

Image by Gunnar Pippel via Shutterstock

Publish date: February 21, 2012 © 2020 Adweek, LLC. - All Rights Reserved and NOT FOR REPRINT