Microsoft Says Google Bypasses IE Privacy Controls

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Says Google Bypasses IE Privacy Controls


Google responds by calling IEs privacy system outmoded and impractical; Microsoft takes some heat for selective presentation of facts.



Taking the opportunity to kick Google while it is down, Microsoft published Monday a blog post accusing Google of ignoring privacy controls in Internet Explorer.
Coming just days after the
Wall Street Journal
reported that Google and three other advertising companies were bypassing privacy controls in Apples Safari Web browser, Microsofts charges seem calculated to further complicate Googles ongoing regulatory entanglements related both to privacy and antitrust issues.
But Google could well escape further embarrassment because of Microsofts selective presentation of facts.
Weve found that Google
bypasses the P3P Privacy Protection
feature in IE, said Dean Hachamovitch, corporate VP of Internet Explorer in a blog post. The result is similar to the recent reports of Googles circumvention of privacy protections in Apples Safari Web browser, even though the actual bypass mechanism Google uses is different.
What Microsoft neglects to mention is that Facebook also ignores P3P, as does just about everyone these days.
Google SVP of communications and policy Rachel Whetstone said in an emailed statement that modern Web services enabled by cookies are broken by the way Microsoft implements P3P in Internet Explorer. These include things like Facebook Like buttons, the ability to sign-in to websites using your Google account, and hundreds more modern Web services, she said. It is well known that it is impractical to comply with Microsofts request while providing this Web functionality.
[ Only you can protect your privacy. Read
Googles Privacy Invasion: Its Your Fault
. ]
P3P, the
Platform for Privacy Preferences
, is a 10-year-old protocol that allows websites to declare their privacy policies in a machine-readable format. Microsoft is the only major browser vendor that still bothers with it, and even Microsoft doesnt implement P3P on all of its websites.
As a
2010 Carnegie Mellon research paper
notes, ... many websites are not taking P3P seriously and are behaving in ways that undermine the purpose of the P3P specification.
Privacy researcher Christopher Soghoian highlighted Microsofts hypocrisy in
a Twitter post
. Instead of fixing P3P loophole in IE that [Facebook] & Amazon exploited, [Microsoft] did nothing, he wrote. Now they complain after Google uses it.
Microsoft also took a beating in the comments section of its blog post, with far more critics than supporters.
Google suggests that
transparency
is enough. But thats not going to satisfy everyone.
The right forensic tools in the right hands are just a start. The new
Digital Detectives
issue of Dark Reading shows you how to better apply the lessons they teach. (Free registration required.)

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Says Google Bypasses IE Privacy Controls