Google: IE Privacy Policy Is Impractical

itwbennett writes "In response to Microsoft's claim that Google circumvented Internet Explorer privacy protections (following the discovery that Google also worked around Safari's privacy settings), Google on Monday said that IE's privacy protection, called P3P, is impractical to comply with."

Re:One question never answered

[MozeeToby]

Not only does Facebook do it but Microsoft also does it. The standard they are accusing Google of violating is so out of date that W3 doesn't even try to update it anymore, because no one follows it and most browsers don't even implement it fully. This is a non-story in every direction.

Re:Impractical to Microsoft, MS also send invalid

[Lonewolf666]

Consider the following (from http://www.w3.org/TR/P3P11/#ua_compact;

6.4 Compact Policy Processing

P3P user agents MUST NOT rely on P3P compact policies that do not comply with the P3P 1.0 or P3P 1.1 specifications or are obviously erroneous. Such compact policies SHOULD be deemed invalid and the corresponding cookies should be treated as if they had no compact policies.

As I understand this, IE should actually search the Google P3P header for a valid statement of what Google intends to do with regard to tracking cookies. If it does not find those, it should apply the default behaviour for web sites without any P3P header. As described by Dean Hachamovitch (the author of the blog post):

By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the sites use does not include tracking the user.

Fine. So your browser sees a Google P3P header without any valid policies. At this point, the clause "unless the site presents..." should kick in and cookies should be blocked. To me this looks like a bug in IE, as they failed to implement the default behavior in this case. It would be appropriate for Microsoft to fix this bug, send the fix as update on next patch day and otherwise be very humble about their error.

  Instead, Dean Hachamovitch tries to paint this as conspiracy by Google to circumvent IE's security protection. FAIL.

Re:Impractical to who?

[madmark1]

No, they aren't. In the Safari case, the default setting in Safari is to block third party cookies. No one made that choice, unless it was to go in and unblock them. Seeing as how Safari is the only browser that blocks them by default, most people probably don't even realize they ARE blocked. And in this specific case, the 'work-around' was to provide tracking cookies to people logged in to G+ who specifically opted in to targeted ads. How this can possibly be spun into Google doing evil is really amazing to me. They did exactly what their customers asked for, and got thrashed for it. Lets not forget also that the cookies in question were non-specific, and had no personally identifiable information in them. Did anyone even read the article on that?

In the IE case, Microsoft is relying on an optional, trust based system deprecated 5 years ago as a method of protecting your privacy. Once again, Google used a perfectly legitimate part of that standard to bypass it, for the express purpose of giving users who were logged in to G+ and opted in to targeted ads, those targeted ads. Explain the evil here, if you would?