Tuesday, February 21, 2012

Microsoft alleges Google dodged IE privacy settings too.

www.tech-sanity.com
Microsoft's Corporate VP for Internet Explorer, Dean Hachamovitch, made allegations Monday that Google was bypassing Internet Explorer's privacy settings, not just Safari's measures. After checks, he claimed that Google's cookie text files, meant to allow +1 actions for those who were signed into Google, were skirting the P3P Privacy Protection standard as it was implemented in Internet Explorer 9. The technique supposedly made IE9 take third-party cookies that it would block by default while keeping the action a secret.
To honor P3P, Google was supposed to send a set of policy tokens indicating how the cookie's information would be shared. Google was supposedly exploiting a P3P clause that skipped users' preferences if the policies weren't defined. Any browser that used P3P interpreted the message that the token was "not a P3P policy" as a sign to allow the cookie, letting Google have its intended +1 effect but also possibly allowing third-party ads despite the usual blocking settings.

The executive implied this wasn't just a casual trick, since Google would have had to use "technically skilled" staff with "special tools" to see the P3P descriptions.

Microsoft had developed a cookie blocking list update for IE9 (link only working inside the post) as "protection" from the cookies and suggested that those concerned could implement a complete block of all Google cookies, although this would break all account-based Google activity. Hachamovitch wasn't clear on whether it would change its own software to prevent what Google allegedly did outright, but he implied that Microsoft was considering taking a recommendation from P3P founders that the spec be changed such that undefined tokens be rejected outright, not let through.

Google hadn't responded to the new accusations as of Monday afternoon.

The claims if borne out would point to Google using multiple browser-specific tricks to push the +1 allowance regardless of a visitor's browser choice or their security settings. Google has already said that the cookies weren't intended for any other purpose, although at least the Safari implementation allowed multiple third-party advertisers.

Some skepticism has emerged over Hachamovitch's post given Microsoft's tendency to
exaggerate Google's privacy position for the sake of its own search market share. While more technically sound, the reaction is still based around getting users to drop all their Google services rather than arguing for a measured reaction.




Read more:
http://www.electronista.com/articles/12/02/20/microsoft.tries.to.press.google.on.privacy.tricks/#ixzz1myJO2Xea

No comments: