Just when you thought that as a user of Internet Explorer, you were safe from the prying eyes of Google, comes the news that like Safari, Google was bypassing the default privacy settings of Internet Explorer users too, to track them.
The IE team discovered that Google was employing a similar technique to circumvent the default privacy protections in Internet Explorer and track IE users with cookies. They found that Google bypasses the P3P Privacy Protection feature in IE. The result is similar to the recent reports of Google’s circumvention of privacy protections in Apple’s Safari Web browser, even though the actual bypass mechanism Google uses is different.
Third-party cookies are a common mechanism used to track what people do online. Safari protects its users from being tracked this way by a default user setting that blocks third-party cookies. But Google had tricked Safari browser into believing that they were first-party cookies, thereby circumventing Safari’s default privacy settings.
What happens in Internet Explorer is that, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating that the site’s use does not include tracking the user. Google’s P3P policy therefore causes Internet Explorer to accept Google’s cookies.
We are investigating what additional changes to make to our products. The P3P specification says that browsers should ignore unknown tokens. Privacy advocates involved in the original specification have recently suggested that IE ignore the specification and block cookies with unrecognized tokens. We are actively investigating that course of action, says the IE Team.
Microsoft has also contacted Google and asked them to commit to honoring P3P privacy settings for users of all browsers.
Looks like Google just loves Cookies!