back to article Microsoft claims Google bypassed its browser privacy too

Microsoft has released data showing that Google has been bypassing the user-defined privacy settings in Internet Explorer by using incorrect P3P identification terms. “When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Big Brother

Do no evil?

Anyone else see a pattern?

Slurping all that WiFi info during street view was just an accident M'Lud!

21
9
Anonymous Coward

Re: Do no evil?

Do know evil!

Fixed.

14
2
Stop

not to justify Google but

Not to justify Google but Microsoft forces the sale of IE upon all of their customers illegally.

Yes, slow learners, it is illegal to commingle the code between the OS and IE yet Microsoft continues to do so in order to force the sale of IE upon you and prevent you from removing the application.

As long as you accept outright illegal practices from Microsoft you can hardly speak at all about what anyone else may do.

2
5
Anonymous Coward

RE:Lewis Mettler

No they don't, when are you going to stop spouting the same tired shit. It is the only thing you ever say on here despite being proven wrong so many times.

2
2
Holmes

I wonder which "rogue" operator will get the shaft this time.

Glad everyone is finally taking direct shots at the poison vine, hopefully they can find a way to force Google into line as they get a massive berth, and a completely unwarranted defence at every level.

8
3
FAIL

quick....

Some bad Google privacy press, and lets get on that bandwagon....

Microsoft really are pathetic and desperate scumbags these days.

9
31
Facepalm

Re: quick....

seriously? you may not see what's so bad about Google deliberately bypassing a user's privacy wishes but I'm pretty certain pretty much everyone else won't agree with you.

Just as well I use neither IE or Safari.

9
4
Anonymous Coward

Re: quick....

What I wonder is if they figured it was a good idea to check the code on the competing services they offer before pissing in the wind ...

2
0
Silver badge
WTF?

Re: quick....

wholly inexhaustive and spur-of-the-moment testing prompted by your query indicates that Bing does indeed honour P3P codes although I can't test live.com services without actually logging into them (and thus using Passport, which pretty much ruins any test).

So, MS apparently honour privacy, Gioogle don't and MS are pathetic and desperate scumbags? What an odd world you live in.

12
5

Re: Re: quick....

You should probably educate yourself on what P3P is before coming out with this.

I find it more amusing though that Microsoft are accusing Google of not following W3C standards.

8
2
JDX
Gold badge

Re: quick....

You just don't know how this game is played, do you? "It's not IE" was practically the marketing slogan for FF and Chrome.

0
0

Re: Re: quick....(@ Arkasha)

Just as well I use neither IE or Safari.

Lets hope it's not Chrome...I'd say it's a foregone conclusion what Google do in their own browser...

4
1
Silver badge

Errr or this really

Google use big loophole in our browsers wail Apple and Microsoft.

"We wanted to tell our users that their privacy was safe if they used our browsers and big bad Google has shown we've been making hollow promises. They must be hackers or something."

If its something Google can do then its something any mean and nasty problem site can do too.

So is this a bug or a feature guys.

20
10
Gav
Devil

Re: Errr or this really

You are amusingly naive if you think that Google did this to show up flaws in Apple's & Microsoft's software. They did this because they wanted the data and because they could. And they did it *despite* it being against the wishes of the end-user.

The fact that Safari and IE allowed it to occur does not negate Google's responsibility for doing it. Saying everyone else could do it too is not the point. Google claim to be better than that.

5
4
Silver badge

Re: Re: Errr or this really @Gav

I'm not being naive nor am I being an apologist for Google, I'm not trying to defend them in anyway. I'm just pointing out that a privacy protection scheme that allows Google to act in anyway they feel like is about as much use a chocolate tea pot.

Now if someone draws up a laws that says website must follow a set of rules then the chances are that Google after a lot of bitching would probably follow, but if you think many of the sites on the web would you are naive.

A privacy scheme that works by having website decide whether they want to track you or not is not a privacy scheme at all. Its a pipe dream. And it just as much a market scheme as Google's tracking you where ever you breath on the net. Now you are probably well enough informed to understand that any claim made about these tools is just wishful thinking. But most users won't be, and will believe that when they click the box saying don't track me, they'll believe the marketing bs that they are now protected, when they're no more protected than wearing a white shirt will protect you from a rifle bullet.

0
0
Pint

Re: Re: Re: Errr or this really @Gav

Choc tea pot - where can you get one of those ?

0
0
Silver badge

Sending an "Ooh please don't rape me" code out was always going to be ignored anyway. Trusting marketing types to abide by an honour system is a fucking risible idea...always has been. The only way to be sure -apart from nuking them from orbit (and I wouldn't stand in anyone's way there)- is for the browser to not emit the information and to not store the cookies.

11
0
Gold badge
Facepalm

Too damned right. It's the same philosophy as that daft Do Not Track proposal. Anyone who really wants to track you will find a way to ignore it. Anyone who doesn't mind doing the odd bit of Evil will just ignore it, omitting the bit where they find a semi-legitimate reason to do so.

Advertisers are greedy, immoral bastards. Who knew?

5
0

They need to come up with clear rules and clear way of disabling tracking. I do not wished to be tracked. I do not wish to see ads all over the sites. I pay for my broadband and I want to control what goes down the pipe to my browser. If they want to share with me their revenue from ads, fine, I can live with them, but they don't share it.

Well, anyway, I live w/o adverts, adBlock and DNP Plus do the job.

1
0
Silver badge
WTF?

@hexx

"I do not wished to be tracked. I do not wish to see ads all over the sites."

So just delete your cookies! Why is this concept so fscking hard for some people to get their head around??

2
1

@boltar

Agreed - it's not like it's difficult to set your browser to just delete all cookies on exit.

1
0
Silver badge

Re: @boltar

Yes, it's so simple, now where did a read about EverCookies and Zombie cookies.

Oh right here on the reg.

1
1

Re: @hexx

Hi, if you read it again you can see that I'm not being tracked. What I said is that they need to come up with easy to understand way how to opt-out from this BS, nice clear form, well explained with examples so users can decide what they want to do. We know how to deal with this but average users don't.

0
0
Silver badge
FAIL

Re: Re: @boltar

"Yes, it's so simple, now where did a read about EverCookies and Zombie cookies."

Oh yeah , they're sooo hard to delete....

"rm -rf ~/.macromedia"

Sorted.

I'm sure its no harder on Windows.

2
0

Re: Re: @boltar

Never mind all that - you don't need a single cookie to track someone. You just use the unique code(s) their browser sends. Oh, sure, it doesn't send a UUID - but the average browser does allow javascript to detect what fonts a user has, and obviously sends a list of plugins, screen size, and so on. That's enough to uniquely identify almost anyone. And that's without using geolocation, zombie cookies, or any calculations like clock speeds, response time, etc.

Chances are, even in "private" mode, your browser still sends uniquely identifying information.

See http://panopticlick.eff.org/ for more info.

0
0
Silver badge
Unhappy

Re: Re: Re: @boltar

"See http://panopticlick.eff.org/ for more info."

That is a little worrying. Disabling javascript prevents it but that disables most webpages too.

0
0
Gold badge

@hexx

"If they want to share with me their revenue from ads, fine, I can live with them, but they don't share it."

You say that, but they do. You are paid in content. Take the very fine The Register as an example. The adverts on this site pay for the operation of the site and (I hope) compensation for the authors of the articles. When you read the articles, you are receiving a share of that payment.

0
0
Happy

Re: Re: Re: Re: @boltar

On Panopticlick... http://www.secretagent.co.uk may help.

On Geolocation... https://www.dephormation.org.uk?page=73 may help.

And on unwanted Google cookies? Wouldn't it be nice if someone wrote a browser add on that selectively purged Google/Google Syndication/Google Analytics cookies, or even wrote other more interesting values over them instead for Google to digest?

Perhaps I might review my (ever growing) 'todo' list.

0
0
Gold badge
Trollface

Re: Re: Re: @boltar

"rm -rf ~/.macromedia"

Sorted.

I'm sure its no harder on Windows.

Actually, it's a little harder; better to just not install the filth in the first place :)

1
1
Silver badge

Re: @boltar

I've always felt the answer here is to go on the war path. Deleting cookies doesn't discourage the bastards from doing it. What I've always wanted was a tool/option that just wrote random data into the unwanted cookies. If enough people did that then they'd stop doing it because the data would be useless to them, and certainly in the early days of the counter attack would probably cause all sorts of their crap SW to crash.

I'm just too much of an idle git to bother actually writing it.

Of course you'd have to track down all the other ways they follow you too.

0
0
Silver badge
Windows

Mooooooom!

Google's touching my privacy settings.

11
0
Thumb Up

Re: Mooooooom!

Best spontaneous laugh I have had in a while thanks.

1
0
Facepalm

Interesting tack

After you have made a mess of things so badly and for so long, it would be nice if you just sat down and shut up. IE has been a menace pretty much from its inception until maybe a year or two ago. Its too early to go pointing fingers.

"Yes, we remember. We remember the past and its lessons, the past and its misfortunes, the past and its glories". Oh, and scratch the last bit.

6
6
Facepalm

So several browsers completely ignore privacy protection when strange input is received.... and somehow google is to blame? how many sites have been doing this maliciously already?

Come on, put the blame where its deserved. Security is useless when the default behaviour is to bypass that security at the slightest sign of trouble.

9
6
Silver badge
WTF?

But But But...!

Didn't Microsoft just say:

"Windows Internet Explorer is the browser that respects your privacy. Through unique built in features like Tracking Protection and other privacy features in IE9, you are in control of who is tracking your actions online. Not Google. Not advertisers. Just you."

And all the while they knew that their browser's default behavior was to pass undefined privacy codes as if they were valid?

And they want to blame Google for their two-faced BS!?

[No, I don't think Google is blameless. This reminds me a little too much of Google's use of BHOs to install stuff in violation of IE's administrative settings. My thoughts on that here: http://forums.theregister.co.uk/post/1098266 ]

18
2
Anonymous Coward

oh dear, Google a web browser cracker? (No, I won't use Hacker.Too good for their likes).)

Playing the script kiddies games. Got to love that. Well, I'll be waiting for the games to begin. We be needing a good boxing match between the Apple, Google goo and The MS. May the best liar win!

I will need tons of popcorn for this one! :- )

0
1
FAIL

Oh dear, someone made a specification whereby websites are trusted to communicate their privacy policy correctly to the user agent? What sort of idiots would come up with such an idea, it's no wonder it never got any traction.

http://www.w3.org/2002/p3p-ws/registrants.html

Were I a shareholder in Google I would be calling them idiots for not making use of this to enable 3rd party cookies in IE and Safari with default settings (every other browser allows them).

Probably also worth a mention - how to disable third party cookies in most browsers:

http://www.bobulous.org.uk/misc/third-party-cookies.html

Personally I think Microsoft are the fools in this for including half baked browser privacy protections and then blaming other people for bypassing them.

7
0
Anonymous Coward

Blaming Microsoft / Apple for this is a bit like blaming you for getting your house burgled (by Google) because you did not have bars on your windows and doors. Sure they could (and probably will) improve security of their browsers further but Google should not have been trying to intentionally circumvent their security for their own financial gain.

6
3
Bronze badge
Gimp

This is like having an electronic lock on the door to your house which, when you enter only letters, opens the door because it expects digits and letters.

So Google are evil, we knew that .... Apple and Microsoft are evil, too, though and for them to point at Google for being evil is ridiculous ... Let's not forget, repeat after me:

Google, Apple and Microsoft are evil

Google, Apple and Microsoft are evil

Google, Apple and Microsoft are evil

Google, Apple and Microsoft are evil

2
6
Thumb Down

Bizarre!!!

Apple and MS are in no way little angels, BUT people here really need to get a grip. Google have done wrong here!

Why are people trying to put a different slant on things by spreading blame to other parties? Why come up with these excuses and attempts to justify and lessen Google's culpability?

Only brainwashed fans react in this way. I get the Register doesn't like MS or Apple, but this article doesn't warrant any MS/Apple bashing. It's all about Google here...

2
3
Anonymous Coward

Seriously?!

I'm not saying Google aren't evil... I'm not saying they don't already know too much about what we do, where we go, who we talk to, what we like and what we don't but seriously... Seriously of all of the things... P3P?? Who give's a shit?!

It's not protecting your privacy it's just a way of providing information on how cookies will be used... Browsers are meant to be your first line of defence for protecting your privacy, websites should be treated as the enemy by any browser... Any website can send back any old garbage and do something completely different. If IE just drops its pants and gives access to the cookie jar at any old junk passed through as a P3P message... What's the point? It's not security, it's merely informative. Other browsers and website thought this, hence why IE is the only one to implement this as a PR exercise and websites with vested interest in IE are the only ones to provide a P3P message. Google's fault was providing a P3P message at all.

There probably is a solution to cookie privacy, security, certification, recourse for abuse but P3P it ain't. Browsers should enable the user to nuke any storage mechanisms attached to the browser and err on the side of safety with privacy. Best solution for now is to disable cookies by default, add exceptions for sites you trust and monitor your cookie situation.

3
0
Anonymous Coward

Re: Bizarre!!!

Perhaps it's because Google shouldn't have been able to bypass privacy settings if the browsers did what they claimed to do.

Let's put it simply: MS and Apple both told people their browser was secure. Now it turns out the browser isn't. That's their fault, not Google's. That does not excuse Google for what they've done. It does not lessen what they have done. Rather, it highlights that MS and Apple have holes in their browser security and in MS's case, the hole is trivial to exploit.

So it's not an excuse for what Google's done: It's that what Google did doesn't excuse the lax security in IE and Safari.

1
0
Silver badge
Windows

IMO 2 are to blame, but....

First Google is obviously at fault here for violating standards. As many others already said; the times of "do no evil" are long behind us; now all that's left is hollow marketing talk.

However; IMO one has to wonder as well why MS allowed this to happen in the first place? If you require a code and the code turns out to be invalid doesn't it sound a bit peculiar to accept it anyway? Worse; provide "admin like" access on top of that ?

Still; the main blame sits with Google here IMO. Think about it this way: Would you have believed Microsoft if they claimed that you could no longer access Google's website with MSIE due to a code violation at the hands of Google themselves?

More importantly: could that have triggered a move from MSIE to Chrome because "At least Chrome allows me to access Google's websites without hassle" ?

5
2
Bronze badge
Mushroom

Re: IMO 2 are to blame, but....

You really think the coders at the chocolate factory would stop 30% of internet users from using their service? I think they would have done so already, if they thought it would be good practice .... remember all the Microsoft -only shops out there, I know, their sys admins are idiots, but still, they would not even be allowed to install Chrome ...

2
1
Gimp

Re: IMO 2 are to blame, but....

A better way would be to pop up one of those cute little IE messages.

Something along the lines of:

This web site is ignoring your browser's current security settings and attempting to bypass them.

Allow this Report this Cancel

Might keep everyone a bit more honest.

1
0
Stop

I think ya better rephrase that...

"I know, [Microsoft shop] sys admins are idiots"

And you wonder why Linux advocates don't get any respect.

These are good people who try to do their damn job as best as they can. Different platform, same, um, "challenges."

2
0
Bronze badge

What did that mean?

"It is well known ... that it is impractical to [represent their privacy practices in machine-readable form] while providing modern web functionality."

That is a technical statement. What are they saying about moder web functionality?

(Please don't bother replying just to say they are lying. If there is no technical explanation you can save time by just not posting)

0
0

Not defending google, but

Microsoft is neatly ignoring the fact that it's P3P implementation is flawed at best, and causes web developers issues between different IE browser versions ( no surprises there ).

Specifically, IE will refuse third party cookies within iframes, and will show a warning message regardless of your privacy settings.

This makes it a pain for social application or widget developers - the workaround being to invalidate the P3P string entirely forcing IE to accept all cookies from your domain.

Facebook do the same thing as google, setting their P3P header to:

P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"

No doubt google and facebook are mainly concerned about protecting their metrics and ad tracking business.

8
0
FAIL

So Safari and IE are shit

and privacy settings are trivially bypassed, and that's Google's problem?

Who wants to bet for every Google using this, there are 1000 less trustworthy companies doing the same.

9
4
Anonymous Coward

Re: So Safari and IE are shit

You know what? The locks on the doors of my house may be trivially bypassed (a serious boot or drilling out the cylinder would probably do the trick) but if someone were to break in to my house it would most definitely be their problem, as they are the ones in the wrong.

Even for you with your track record of defending everything Google does or says, this is should draw your criticism - Google have been caught out here, to say that the effective victims are to blame because they aren't secure enough doesn't change the fact that Google a breaking the rules (possibly even the law) in a premeditated manner.

2
2

Page:

This topic is closed for new posts.

Forums