Microsoft Says Google Bypassed IE9 Privacy Settings Too

Microsoft says that Safari was not the only browser that Google tricked into accepting cookies

Microsoft has claimed that Google is bypassing the privacy settings on its Internet Explorer 9 (IE9) browser to track users’ activities with cookies.

It says that the search giant is using similar methods to those it has employed to circumvent the privacy settings in Apple’s Safari browser, an action which has caused concern in the US.

P3P or not P3P

Microsoft initiated its investigations after learning about the incident involving Safari.

“We asked ourselves a simple question: Is Google circumventing the privacy preferences of Internet Explorer users too?” said Dean Hachamovitch, corporate vice president of Internet Explorer in a blog post. “We’ve discovered the answer is yes.”

He then explained that while Google’s cookies had tricked Safari into thinking they were first-party cookies, IE9 blocks these unless the site presents a P3P compliancy statement that outlines how the cookie will be used and that it will not be used to track the user.

Google apparently exploits a ‘nuance’ in the P3P system, used to describe how sites will use cookies and user information, that makes compliant browsers understand that Google’s policy is that the cookie will not be used for any tracking purpose or any purpose at all.

Future protection

“Google’s P3P policy is actually a statement that it is not a P3P policy,” explained Hachamovitch. “It’s intended for humans to read even though P3P policies are designed for browsers to ‘read’.”

He added that this policy stated, “P3P: CP=”This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info.” By sending this text, it meant its third party cookies were allowed rather than blocked.

Microsoft says that it has contacted Google to ask them to commit to honour P3P privacy settings, but said that in the event that it should continue with this practice, the best way to protect their privacy from Google was to use IE9’s Tracking Protection feature, which is apparently not susceptible to this type of bypass,

A number of congressman have demanded that the US Federal Trade Commission (FTC) investigate Google after Apple found that the search giant was managing to exploit a loophole in its Safari browser that tracked Internet users’ activities.

Google is already under investigation by the FTC in relation to its search business practice, a probe that was expanded to include its new social search last month.

How well do you know Internet security? Try our quiz and find out!