In the wake of Google’s Safari cookie placing, Microsoft decided to investigate whether it had fallen subject to the same privacy scam. Turns out, it had. The IE team has also accused Google of circumventing its privacy settings in order to trace users’ activity. In all the Google finger-pointing, you might assume it’s been planting cookies in some devious and well-planned manner, but the cases are actually quite different — and in one it seems that the accusers are possibly trying to ride the latest anti-Google sentiment.
What Google did
Just because both IE and Safari fell victim to the same Google tactics doesn’t mean the process was the same. With Safari, Google was apparently installing temporary cookies when users clicked +1 on ads. These would expire after a few hours, but it would allow Google to track user activity without that time frame and that information was sent to its DoubleClick ad network.
Safari is particularly cookie-blocking heavy, so it’s especially notable that Google found a way to work-around the browser. So not only should users be put out by Google’s alleged privacy infringement, but it also makes Apple look bad. It’s made a notable effort to quell privacy fears and it unknowingly participating in tracking.
Microsoft has announced its browser was also victim to Google’s user tracking. “By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the use,” says Microsoft. “Google P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent.” Basically, P3P is an explanation shared between Web applications and browsers about what they will be doing with cookies that install and the information thereupon obtained. “By supporting P3P, browsers can block or allow cookies to honor user privacy preferences with respect to the site’s stated intentions,” Microsoft explains.
To break this into bullet points:
- IE allows cookies if a browser communicates via P3P what it’s going to use them for.
- Google flat out doesn’t do this.
For each case, Google has very different responses. In the case of Safari, Google actually pled innocence and explained that its motives were actually in the right – the mechanism was supposed to keep users anonymous while Safari was interacting with Google’s servers. Tracking was a side effect.
“We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari bowers,” a Google representative said. “It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.”
But Google isn’t taking that route with IE. Instead, Google is calling the Microsoft browser outdated for insisting on the use of a P3P agreement. “Microsoft uses a ‘self-declaration’ protocol (known as ‘P3P’) dating from 2002 under which Microsoft asks Websites to represent their privacy practices in machine-readable form,” Google tell us. “It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern Web functionality. We have been open about our approach, as have many other Websites.”
The company says some 11,000 other Websites do not follow the P3P protocol IE is describing.
However, none of those 11,000 others are Google. Things are different when you’re a major gateway to the Internet and one that has consistently been accused of less than exemplary behavior time and time again.
And in the Safari incident, Google was correct to immediately back up, take blame, and try to fix it. Does this make Google look bad? Absolutely. It’s a company that is already the subject of unending privacy concerns, and now there’s yet another incident to chalk up to Google’s prying ways.
Jumping on with the latest Google privacy mishap feels a little too quick and a little like grasping at straws. Many different Web mechanisms don’t follow P3P policies – the Facebook Like button, for example. It’s an old mechanism and one that simply isn’t as relevant as it used to be. If Microsoft is going to wage war with Google over this, then it has to take on every other platform that’s ignoring P3P as well. Other sites that don’t P3P to summarize their privacy terms includes Twitter, Apple, and CNN.
We’re sure every browser is doing their own Google investigation right now, as well they should be. Google is competition and being able to catch it in the act is something every Web company wants to do. But it shouldn’t come down to this. We’re going to have to side with Firefox in this whole mess: earlier this month, the minds over at Mozilla decided to create a new infrastructure based on color-coded icons to announce how intrusive a Web site is. It’s a solution fraught with its own problems, but at least it’s attempting to make heads of an increasingly complicated environment instead of hitching a ride on the bandwagon and pointing fingers (at least, so far).