Tag Archives: P3P

Déjà-vu, Microsoft Says Google Bypassed Internet Explorer Security Too

 Whoa Déjà-vu!

Today, Microsoft has come out with a strong condemnation of Google for bypassing the privacy setting of its browser, Internet Explorer. In a blog post by Microsoft’s Dean Hachamovitch, Corporate Vice President, Internet Explorer – he exposed Google’s lack of respect for Microsoft’s security setting and how Google deliberately circumvented a security tool put adopted by Microsoft to protect its users from spying eyes.

By default setting, Internet Explorer is designed to prevent tracking cookies from being set on the browser and keep out those who want to track your every move on the web from seeing what you’re doing.

Internet Explorer uses something called P3P (Platform for Privacy Preferences) – it works by allowing websites to send information about their privacy policies to the browser, which the browser then reads and makes a judgment to allow or prevent cookies to be set on the browser. It’s a good thing for users because the browser makes sure to check a website’s privacy policies for you before you even have to. This security setting also prevents companies whose sole or main business objective it is to collect personal data of you to sell to advertisers. These companies usually use “third party” cookies, which are the notorious tracking cookies people hate so much. Keep in mind that over 90% of Google’s revenues come from advertising.

However, just like in the case of Apple’s Safari browser, there was a loophole in Internet Explorer’s privacy setting too. As early as 2010, the loophole was known about and could have been exploited by any company which had to will to exploit it. Of course, true to character, Google exploited it.

Since Google neither abides by nor respects the P3p security protocol, it obviously should have been rejected by Internet Explorer. The browser should have not allowed Google’s website from setting tracking cookies. But Google tricked the browser by changing the code the browser uses to read the privacy policies of particular websites.

Instead of Google leaving a certain area in the code blank after the browser asked Google to submit its privacy policies, Google inserted the following text: “This is not a P3P policy!”

The browser does not read human language; it reads code that only computers and technically skilled people can decipher. So when the browser security read Google’s text, it didn’t understand it and so it resorts to doing the same action it would do if that area of the code were left blank – it allowed Google’s cookies to be set. You can read how this all works in more detail by visiting Microsoft’s blog (click here)

Microsoft says that they are actively investigating more ways to protect its users now and has contacted Google to ask for the company to respect the privacy of all Internet users no matter what browser they use. In the same blog post, Microsoft said they come out with a Tracking Protection List available on Internet Explorer 9 that will prevent Google and others from trying to bypass security.

When asked to respond on the latest allegation of privacy and security violations, Google has so far declined to comment.

For crying out loud, Big Google, RESPECT our privacy!

What we need is government intervention to introduce laws to protect Internet users. In the United States, there are hardly any protections for Americans. This is getting ridiculous. People need to demand protection from their representatives before this gets too out of control.

Tagged , , , , , , , ,