Microsoft accuses Google of sidestepping privacy in IE [update]
Microsoft jumped into the Google "Safari tracking" controversy today by accusing the search giant of doing the same thing with its Internet Explorer browser. Google, however, said Microsoft was using an outdated standard.
"When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too?" Dean Hachamovitch, corporate vice president of Internet Explorer, said in a blog post. "We've discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies."
Microsoft said IE users can avoid the tracking by using the Tracking Protection feature in IE9.
Late last week, a Stanford University graduate student, Jonathan Mayer, released a report that accused Google and three other ad networks of side-stepping the privacy settings on Apple's Safari browser to track usage on iPhones and Macs without permission.
Google said the report, which was picked up by the Wall Street Journal, "mischaracterizes" the search giant's efforts. But the company admitted that a glitch accidentally allowed Google cookies "to be set" on Safari and promised a fix.
"Cookies" are little bits of data collected about your Internet activity. They can be useful - like remembering passwords and settings on sites that you surf to frequently - but there are also concerns about targeted advertising and how much data is really collected.
"Given this real-world behavior, we are investigating what additional changes to make to our products. The P3P specification says that browsers should ignore unknown tokens," Hachamovitch said. "Privacy advocates involved in the original specification have recently suggested that IE ignore the specification and block cookies with unrecognized tokens. We are actively investigating that course of action."
In a statement, Rachel Whetstone, senior vice president of communications and policy at Google, said Microsoft "omitted important information."
The P3P standard, Whetstone said, dates back to 2002 and it's "impractical to comply with Microsoft's request while providing modern Web functionality. We have been open about our approach, as have many other websites."
"Today the Microsoft policy is widely non-operational," Whetstone continued. "A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft."
Update: Rachel Whetstone, Google's Senior Vice President of Communications and Policy, has released a statement in response to Microsoft's blog post. Check it out below:
Microsoft omitted important information from its blog post today.
Microsoft uses a "self-declaration" protocol (known as "P3P") dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form. It is well known - including by Microsoft - that it is impractical to comply with Microsoft's request while providing modern web functionality. We have been open about our approach, as have many other websites.
Today the Microsoft policy is widely non-operational. A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft.
Copyright © 2010 Ziff Davis Publishing Holdings Inc.