Microsoft Confirms Google Bypassing IE User Privacy Settings


The drama of this Privacy Setting Bypassing continues as Microsoft’s IE team confirms that Google is bypassing user privacy settings in IE as well.

P3P, an official recommendation of the W3C Web standards body, is a Web technology that all browsers and sites can support. Sites use P3P to describe how they intend to use cookies and user information. By supporting P3P, browsers can block or allow cookies to honor user privacy preferences with respect to the site’s stated intentions.

Technically, a proper P3P policy states is intended to inform the browser the cookies stored by the website will not be used for any tracking purpose or any other purpose at all. But, confirmed by IEBlog,

Google sends a P3P policy that fails to inform the browser about Google’s use of cookies and user information. Google’s P3P policy is actually a statement that it is not a P3P policy. It’s intended for humans to read even though P3P policies are designed for browsers to “read”:

P3P: CP=”This is not a P3P policy! See for more info.”

P3P-compliant browsers interpret Google’s policy as indicating that the cookie will not be used for any tracking purpose or any purpose at all. By sending this text, Google bypasses the cookie protection and enables its third-party cookies to be allowed rather than blocked.

And indeed, from the page specified in Google’s P3P statement,

In some situations, the cookies we use to secure and authenticate your Google Account and store your preferences may be served from a different domain than the website you’re visiting. This may happen, for example, if you visit websites with Google +1 buttons, or if you sign into a Google gadget on iGoogle.

So, what can we do to prevent this?

Microsoft suggested that if you are reading this in IE, clicking this link (a JavaScript) to add Google to its tracking protection list in IE). Or copy and paste this page in IE and click the link there.

image thumb60 - Microsoft Confirms Google Bypassing IE User Privacy Settings

Or alternatively, you can block all cookies from a given site regardless of whether they are first- or third- party in Privacy Settings from Internet Option in IE. The privacy tab in Internet Option is where you can manage how cookies can be treated.

The new technology approach in IE’s racking Protection is currently undergoing the standardizing process at the W3C.


Please enter your comment!
Please enter your name here