back to article Microsoft claims Google bypassed its browser privacy too

Microsoft has released data showing that Google has been bypassing the user-defined privacy settings in Internet Explorer by using incorrect P3P identification terms. “When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy …

COMMENTS

This topic is closed for new posts.
  1. Mage Silver badge
    Big Brother

    Do no evil?

    Anyone else see a pattern?

    Slurping all that WiFi info during street view was just an accident M'Lud!

    1. Anonymous Coward
      Anonymous Coward

      Re: Do no evil?

      Do know evil!

      Fixed.

    2. Lewis Mettler
      Stop

      not to justify Google but

      Not to justify Google but Microsoft forces the sale of IE upon all of their customers illegally.

      Yes, slow learners, it is illegal to commingle the code between the OS and IE yet Microsoft continues to do so in order to force the sale of IE upon you and prevent you from removing the application.

      As long as you accept outright illegal practices from Microsoft you can hardly speak at all about what anyone else may do.

      1. Anonymous Coward
        Anonymous Coward

        RE:Lewis Mettler

        No they don't, when are you going to stop spouting the same tired shit. It is the only thing you ever say on here despite being proven wrong so many times.

  2. Jeebus
    Holmes

    I wonder which "rogue" operator will get the shaft this time.

    Glad everyone is finally taking direct shots at the poison vine, hopefully they can find a way to force Google into line as they get a massive berth, and a completely unwarranted defence at every level.

  3. Mike Judge
    FAIL

    quick....

    Some bad Google privacy press, and lets get on that bandwagon....

    Microsoft really are pathetic and desperate scumbags these days.

    1. Anonymous Coward
      Facepalm

      Re: quick....

      seriously? you may not see what's so bad about Google deliberately bypassing a user's privacy wishes but I'm pretty certain pretty much everyone else won't agree with you.

      Just as well I use neither IE or Safari.

      1. Silverburn

        Re: Re: quick....(@ Arkasha)

        Just as well I use neither IE or Safari.

        Lets hope it's not Chrome...I'd say it's a foregone conclusion what Google do in their own browser...

    2. Anonymous Coward
      Anonymous Coward

      Re: quick....

      What I wonder is if they figured it was a good idea to check the code on the competing services they offer before pissing in the wind ...

    3. dogged
      WTF?

      Re: quick....

      wholly inexhaustive and spur-of-the-moment testing prompted by your query indicates that Bing does indeed honour P3P codes although I can't test live.com services without actually logging into them (and thus using Passport, which pretty much ruins any test).

      So, MS apparently honour privacy, Gioogle don't and MS are pathetic and desperate scumbags? What an odd world you live in.

      1. Anonymous Coward
        Anonymous Coward

        Re: Re: quick....

        You should probably educate yourself on what P3P is before coming out with this.

        I find it more amusing though that Microsoft are accusing Google of not following W3C standards.

    4. JDX Gold badge

      Re: quick....

      You just don't know how this game is played, do you? "It's not IE" was practically the marketing slogan for FF and Chrome.

  4. Dazed and Confused

    Errr or this really

    Google use big loophole in our browsers wail Apple and Microsoft.

    "We wanted to tell our users that their privacy was safe if they used our browsers and big bad Google has shown we've been making hollow promises. They must be hackers or something."

    If its something Google can do then its something any mean and nasty problem site can do too.

    So is this a bug or a feature guys.

    1. Gav
      Devil

      Re: Errr or this really

      You are amusingly naive if you think that Google did this to show up flaws in Apple's & Microsoft's software. They did this because they wanted the data and because they could. And they did it *despite* it being against the wishes of the end-user.

      The fact that Safari and IE allowed it to occur does not negate Google's responsibility for doing it. Saying everyone else could do it too is not the point. Google claim to be better than that.

      1. Dazed and Confused

        Re: Re: Errr or this really @Gav

        I'm not being naive nor am I being an apologist for Google, I'm not trying to defend them in anyway. I'm just pointing out that a privacy protection scheme that allows Google to act in anyway they feel like is about as much use a chocolate tea pot.

        Now if someone draws up a laws that says website must follow a set of rules then the chances are that Google after a lot of bitching would probably follow, but if you think many of the sites on the web would you are naive.

        A privacy scheme that works by having website decide whether they want to track you or not is not a privacy scheme at all. Its a pipe dream. And it just as much a market scheme as Google's tracking you where ever you breath on the net. Now you are probably well enough informed to understand that any claim made about these tools is just wishful thinking. But most users won't be, and will believe that when they click the box saying don't track me, they'll believe the marketing bs that they are now protected, when they're no more protected than wearing a white shirt will protect you from a rifle bullet.

        1. ideapete
          Pint

          Re: Re: Re: Errr or this really @Gav

          Choc tea pot - where can you get one of those ?

  5. Anonymous Coward
    Anonymous Coward

    Sending an "Ooh please don't rape me" code out was always going to be ignored anyway. Trusting marketing types to abide by an honour system is a fucking risible idea...always has been. The only way to be sure -apart from nuking them from orbit (and I wouldn't stand in anyone's way there)- is for the browser to not emit the information and to not store the cookies.

    1. TeeCee Gold badge
      Facepalm

      Too damned right. It's the same philosophy as that daft Do Not Track proposal. Anyone who really wants to track you will find a way to ignore it. Anyone who doesn't mind doing the odd bit of Evil will just ignore it, omitting the bit where they find a semi-legitimate reason to do so.

      Advertisers are greedy, immoral bastards. Who knew?

      1. hexx

        They need to come up with clear rules and clear way of disabling tracking. I do not wished to be tracked. I do not wish to see ads all over the sites. I pay for my broadband and I want to control what goes down the pipe to my browser. If they want to share with me their revenue from ads, fine, I can live with them, but they don't share it.

        Well, anyway, I live w/o adverts, adBlock and DNP Plus do the job.

        1. Anonymous Coward
          WTF?

          @hexx

          "I do not wished to be tracked. I do not wish to see ads all over the sites."

          So just delete your cookies! Why is this concept so fscking hard for some people to get their head around??

          1. CD001

            @boltar

            Agreed - it's not like it's difficult to set your browser to just delete all cookies on exit.

            1. Anonymous Coward
              Anonymous Coward

              Re: @boltar

              Yes, it's so simple, now where did a read about EverCookies and Zombie cookies.

              Oh right here on the reg.

              1. Anonymous Coward
                FAIL

                Re: Re: @boltar

                "Yes, it's so simple, now where did a read about EverCookies and Zombie cookies."

                Oh yeah , they're sooo hard to delete....

                "rm -rf ~/.macromedia"

                Sorted.

                I'm sure its no harder on Windows.

                1. BristolBachelor Gold badge
                  Trollface

                  Re: Re: Re: @boltar

                  "rm -rf ~/.macromedia"

                  Sorted.

                  I'm sure its no harder on Windows.

                  Actually, it's a little harder; better to just not install the filth in the first place :)

              2. ArmanX

                Re: Re: @boltar

                Never mind all that - you don't need a single cookie to track someone. You just use the unique code(s) their browser sends. Oh, sure, it doesn't send a UUID - but the average browser does allow javascript to detect what fonts a user has, and obviously sends a list of plugins, screen size, and so on. That's enough to uniquely identify almost anyone. And that's without using geolocation, zombie cookies, or any calculations like clock speeds, response time, etc.

                Chances are, even in "private" mode, your browser still sends uniquely identifying information.

                See http://panopticlick.eff.org/ for more info.

                1. Anonymous Coward
                  Unhappy

                  Re: Re: Re: @boltar

                  "See http://panopticlick.eff.org/ for more info."

                  That is a little worrying. Disabling javascript prevents it but that disables most webpages too.

                  1. dephormation.org.uk
                    Happy

                    Re: Re: Re: Re: @boltar

                    On Panopticlick... http://www.secretagent.co.uk may help.

                    On Geolocation... https://www.dephormation.org.uk?page=73 may help.

                    And on unwanted Google cookies? Wouldn't it be nice if someone wrote a browser add on that selectively purged Google/Google Syndication/Google Analytics cookies, or even wrote other more interesting values over them instead for Google to digest?

                    Perhaps I might review my (ever growing) 'todo' list.

            2. Dazed and Confused

              Re: @boltar

              I've always felt the answer here is to go on the war path. Deleting cookies doesn't discourage the bastards from doing it. What I've always wanted was a tool/option that just wrote random data into the unwanted cookies. If enough people did that then they'd stop doing it because the data would be useless to them, and certainly in the early days of the counter attack would probably cause all sorts of their crap SW to crash.

              I'm just too much of an idle git to bother actually writing it.

              Of course you'd have to track down all the other ways they follow you too.

          2. hexx

            Re: @hexx

            Hi, if you read it again you can see that I'm not being tracked. What I said is that they need to come up with easy to understand way how to opt-out from this BS, nice clear form, well explained with examples so users can decide what they want to do. We know how to deal with this but average users don't.

        2. BristolBachelor Gold badge

          @hexx

          "If they want to share with me their revenue from ads, fine, I can live with them, but they don't share it."

          You say that, but they do. You are paid in content. Take the very fine The Register as an example. The adverts on this site pay for the operation of the site and (I hope) compensation for the authors of the articles. When you read the articles, you are receiving a share of that payment.

  6. Mikel
    Windows

    Mooooooom!

    Google's touching my privacy settings.

    1. James O'Brien
      Thumb Up

      Re: Mooooooom!

      Best spontaneous laugh I have had in a while thanks.

  7. Steve McPolin
    Facepalm

    Interesting tack

    After you have made a mess of things so badly and for so long, it would be nice if you just sat down and shut up. IE has been a menace pretty much from its inception until maybe a year or two ago. Its too early to go pointing fingers.

    "Yes, we remember. We remember the past and its lessons, the past and its misfortunes, the past and its glories". Oh, and scratch the last bit.

  8. Amos
    Facepalm

    So several browsers completely ignore privacy protection when strange input is received.... and somehow google is to blame? how many sites have been doing this maliciously already?

    Come on, put the blame where its deserved. Security is useless when the default behaviour is to bypass that security at the slightest sign of trouble.

  9. Steve Knox
    WTF?

    But But But...!

    Didn't Microsoft just say:

    "Windows Internet Explorer is the browser that respects your privacy. Through unique built in features like Tracking Protection and other privacy features in IE9, you are in control of who is tracking your actions online. Not Google. Not advertisers. Just you."

    And all the while they knew that their browser's default behavior was to pass undefined privacy codes as if they were valid?

    And they want to blame Google for their two-faced BS!?

    [No, I don't think Google is blameless. This reminds me a little too much of Google's use of BHOs to install stuff in violation of IE's administrative settings. My thoughts on that here: http://forums.theregister.co.uk/post/1098266 ]

  10. Anonymous Coward
    Anonymous Coward

    oh dear, Google a web browser cracker? (No, I won't use Hacker.Too good for their likes).)

    Playing the script kiddies games. Got to love that. Well, I'll be waiting for the games to begin. We be needing a good boxing match between the Apple, Google goo and The MS. May the best liar win!

    I will need tons of popcorn for this one! :- )

  11. Antony Riley
    FAIL

    Oh dear, someone made a specification whereby websites are trusted to communicate their privacy policy correctly to the user agent? What sort of idiots would come up with such an idea, it's no wonder it never got any traction.

    http://www.w3.org/2002/p3p-ws/registrants.html

    Were I a shareholder in Google I would be calling them idiots for not making use of this to enable 3rd party cookies in IE and Safari with default settings (every other browser allows them).

    Probably also worth a mention - how to disable third party cookies in most browsers:

    http://www.bobulous.org.uk/misc/third-party-cookies.html

    Personally I think Microsoft are the fools in this for including half baked browser privacy protections and then blaming other people for bypassing them.

  12. Anonymous Coward
    Anonymous Coward

    Blaming Microsoft / Apple for this is a bit like blaming you for getting your house burgled (by Google) because you did not have bars on your windows and doors. Sure they could (and probably will) improve security of their browsers further but Google should not have been trying to intentionally circumvent their security for their own financial gain.

    1. Hans 1
      Gimp

      This is like having an electronic lock on the door to your house which, when you enter only letters, opens the door because it expects digits and letters.

      So Google are evil, we knew that .... Apple and Microsoft are evil, too, though and for them to point at Google for being evil is ridiculous ... Let's not forget, repeat after me:

      Google, Apple and Microsoft are evil

      Google, Apple and Microsoft are evil

      Google, Apple and Microsoft are evil

      Google, Apple and Microsoft are evil

    2. Little Poppet
      Thumb Down

      Bizarre!!!

      Apple and MS are in no way little angels, BUT people here really need to get a grip. Google have done wrong here!

      Why are people trying to put a different slant on things by spreading blame to other parties? Why come up with these excuses and attempts to justify and lessen Google's culpability?

      Only brainwashed fans react in this way. I get the Register doesn't like MS or Apple, but this article doesn't warrant any MS/Apple bashing. It's all about Google here...

      1. Anonymous Coward
        Anonymous Coward

        Seriously?!

        I'm not saying Google aren't evil... I'm not saying they don't already know too much about what we do, where we go, who we talk to, what we like and what we don't but seriously... Seriously of all of the things... P3P?? Who give's a shit?!

        It's not protecting your privacy it's just a way of providing information on how cookies will be used... Browsers are meant to be your first line of defence for protecting your privacy, websites should be treated as the enemy by any browser... Any website can send back any old garbage and do something completely different. If IE just drops its pants and gives access to the cookie jar at any old junk passed through as a P3P message... What's the point? It's not security, it's merely informative. Other browsers and website thought this, hence why IE is the only one to implement this as a PR exercise and websites with vested interest in IE are the only ones to provide a P3P message. Google's fault was providing a P3P message at all.

        There probably is a solution to cookie privacy, security, certification, recourse for abuse but P3P it ain't. Browsers should enable the user to nuke any storage mechanisms attached to the browser and err on the side of safety with privacy. Best solution for now is to disable cookies by default, add exceptions for sites you trust and monitor your cookie situation.

      2. Anonymous Coward
        Anonymous Coward

        Re: Bizarre!!!

        Perhaps it's because Google shouldn't have been able to bypass privacy settings if the browsers did what they claimed to do.

        Let's put it simply: MS and Apple both told people their browser was secure. Now it turns out the browser isn't. That's their fault, not Google's. That does not excuse Google for what they've done. It does not lessen what they have done. Rather, it highlights that MS and Apple have holes in their browser security and in MS's case, the hole is trivial to exploit.

        So it's not an excuse for what Google's done: It's that what Google did doesn't excuse the lax security in IE and Safari.

  13. Anonymous Coward
    Windows

    IMO 2 are to blame, but....

    First Google is obviously at fault here for violating standards. As many others already said; the times of "do no evil" are long behind us; now all that's left is hollow marketing talk.

    However; IMO one has to wonder as well why MS allowed this to happen in the first place? If you require a code and the code turns out to be invalid doesn't it sound a bit peculiar to accept it anyway? Worse; provide "admin like" access on top of that ?

    Still; the main blame sits with Google here IMO. Think about it this way: Would you have believed Microsoft if they claimed that you could no longer access Google's website with MSIE due to a code violation at the hands of Google themselves?

    More importantly: could that have triggered a move from MSIE to Chrome because "At least Chrome allows me to access Google's websites without hassle" ?

    1. Hans 1
      Mushroom

      Re: IMO 2 are to blame, but....

      You really think the coders at the chocolate factory would stop 30% of internet users from using their service? I think they would have done so already, if they thought it would be good practice .... remember all the Microsoft -only shops out there, I know, their sys admins are idiots, but still, they would not even be allowed to install Chrome ...

      1. Gordon Fecyk
        Stop

        I think ya better rephrase that...

        "I know, [Microsoft shop] sys admins are idiots"

        And you wonder why Linux advocates don't get any respect.

        These are good people who try to do their damn job as best as they can. Different platform, same, um, "challenges."

    2. (AMPC) Anonymous and mostly paranoid coward
      Gimp

      Re: IMO 2 are to blame, but....

      A better way would be to pop up one of those cute little IE messages.

      Something along the lines of:

      This web site is ignoring your browser's current security settings and attempting to bypass them.

      Allow this Report this Cancel

      Might keep everyone a bit more honest.

  14. david 12 Silver badge

    What did that mean?

    "It is well known ... that it is impractical to [represent their privacy practices in machine-readable form] while providing modern web functionality."

    That is a technical statement. What are they saying about moder web functionality?

    (Please don't bother replying just to say they are lying. If there is no technical explanation you can save time by just not posting)

  15. El Zorro

    Not defending google, but

    Microsoft is neatly ignoring the fact that it's P3P implementation is flawed at best, and causes web developers issues between different IE browser versions ( no surprises there ).

    Specifically, IE will refuse third party cookies within iframes, and will show a warning message regardless of your privacy settings.

    This makes it a pain for social application or widget developers - the workaround being to invalidate the P3P string entirely forcing IE to accept all cookies from your domain.

    Facebook do the same thing as google, setting their P3P header to:

    P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"

    No doubt google and facebook are mainly concerned about protecting their metrics and ad tracking business.

  16. Anonymous Coward
    FAIL

    So Safari and IE are shit

    and privacy settings are trivially bypassed, and that's Google's problem?

    Who wants to bet for every Google using this, there are 1000 less trustworthy companies doing the same.

    1. Anonymous Coward
      Anonymous Coward

      Re: So Safari and IE are shit

      You know what? The locks on the doors of my house may be trivially bypassed (a serious boot or drilling out the cylinder would probably do the trick) but if someone were to break in to my house it would most definitely be their problem, as they are the ones in the wrong.

      Even for you with your track record of defending everything Google does or says, this is should draw your criticism - Google have been caught out here, to say that the effective victims are to blame because they aren't secure enough doesn't change the fact that Google a breaking the rules (possibly even the law) in a premeditated manner.

  17. TonyHoyle

    "However, if the code is not recognized, Internet Explorer will accept it anyway and allow the requester full access to the user for third-party cookie purposes"

    If google knew this, so did every other marketing site - and I bet most if not all of them are still doing it.

    MS need to fix their bug, not flap around blaming others.

  18. Anonymous Coward
    Anonymous Coward

    Safari, then Internet Explorer.... what about Firefox?

    1. Dan 55 Silver badge

      Firefox only supports P3P if you mess about with about:config. To be honest there are far more effective ways of controlling privacy, especially on Firefox.

      Of course, Firefox is old, bloated, and on the way out. Chrome's where it's at, or so we're constantly told. Why, I'm not so sure.

      1. Giles Jones Gold badge

        So if you don't trust Google with your privacy then why on earth would you run their browser?

        1. Dan 55 Silver badge

          @Giles Jones

          yyparse error

      2. Silverburn

        @ Dan 55

        ..thing is, if privacy was important to you, would you trust a browser from Google now?

        If they're exploiting 3rd party browsers in this way, what are they doing inside their own?

        1. Little Poppet
          Thumb Down

          Re: @ Dan 55

          God forbid...

          It makes me shudder!!!!

          !!!!!!

  19. g e

    So in other words

    Apple and Microsoft admit privacy flaws in their browsers, blame Google for them.

    1. Dan 55 Silver badge

      Re: So in other words

      Or despite their customers' privacy settings, Google finds a way to get the data they want anyway using questionable code targeted for each browser. Just because it can be done, it doesn't mean it should.

      Ignore that, their customers are the advertising industry, the idiot behind the keyboard is the product being sold.

      1. Silverburn

        Re: Re: So in other words

        +1 for Dan; given Google's tactics here, it's safe to say that "Do no evil" is truly dead and buried now.

  20. Jeebus
    Big Brother

    I always enjoy the cretins in their Google defence mode, it makes Appletards look positively enlightened.

    I wonder if their equivalence argument applies elsewhere, like women inviting rape because of what they're wearing?

    Some of us are a bit smarter than that sort of level, evidently a lot associated with IT are the awkward stereotype. Shame.

    1. Giles Jones Gold badge

      If it wasn't for Android they would be complaining about Google's actions. Somehow Android excuses them for anything.

    2. Owen Carter

      "like women inviting rape because of what they're wearing?"

      ..followed by..

      "Some of us are a bit smarter than that sort of level, evidently a lot associated with IT are the awkward stereotype."

      So, you are so smart that you think this is equivalent of raping a user.

      Being able to spot and call out BS + hyperbole does not imply awkwardness.

      But falling for it does imply a certain lack of critical facility.

      1. Little Poppet
        Thumb Down

        Arrogance

        "Being able to spot and call out BS + hyperbole does not imply awkwardness.

        But falling for it does imply a certain lack of critical facility."

        Sounds like you are wrapped up in your own hubris.

        BS+hyperbole? That's your opinion. Implying that it's a fact and criticising someone who thinks otherwise is arrogant beyond belief.

    3. Little Poppet
      Thumb Down

      Stupid People

      By and large, these type of people have a constitution which is generally 'closed'. The problem with this character flaw is that they are generally unimaginative and resistant to change; They latch onto something and are unable to let go no matter what!

      In this case: - Google is now 'open source' - 'shiny key word, that attracts certain types' - Therefore take-up of Google ecosystem is justified - Leading to Google can do no wrong no matter what.

      Which is ironic, since the IT world is a rapidly moving entity and Google's accumulating track record of naughtiness should be an obvious warning for people to jump ship - or at least latch onto something else (temporarily!)...

      :0

  21. hexx

    tit for tat :)

  22. Anonymous Coward
    Anonymous Coward

    So let me get this right. If the wrong code is sent to IE then all your prefs are ignored and everything is shown ?

    Why was it set this way ?

    Really it should be if the tag is malformed then nothing is shown.

  23. Giles Jones Gold badge

    LOL

    Wasn't it Microsoft who put out a press release after the original Safari news saying to use their browser instead?

    1. hexx
      Thumb Up

      Re: LOL

      yep, indeed

  24. Owen Carter
    Holmes

    Did anybody read the link...

    It's there in the P3P string; I'm surprised nobody here seems to have read it:

    http://support.google.com/accounts/bin/answer.py?hl=en&answer=151657

    This is terribly trivial, a non-malicious bypassing of a failed, obsolete, and rather silly proprietary privacy technology that was being pushed by MS and ignored by everybody else.

    The only reason we are reading about it is that people who are loosing to Google commercially are pushing it as hard as possible. Yet again it's MS at the root of it all.

    And, as needs to be continually mentioned, the UK government is accelerating plans to centralise the database with a record of -every- web transaction you make. You can block Google (it's easy; google for 'block Google'), but you cant block HMG.

    1. Owen Carter
      Windows

      correction.

      I really need to remember that MS likes to embrace some technologies: P3P is not proprietary, far from it, it's a W3C standard. And, having read about it the basic principles seem sound, it's a shame it was not developed to keep it relevant as web technologies overtook it's capabilities.

      Still, some Cludos to MS for being the only major Browser to widely implement this..

      ..followed by a big whack with a cluestick for disabling it when a site returned a invalid response.

  25. heyrick Silver badge

    Microsoft saying Google are evil...

    "However, if the code is not recognized, Internet Explorer will accept it anyway"

    Does this not sound like a FLAW in the Microsoft product?

    1. This post has been deleted by its author

  26. Doug Glass
    Go

    Love Google

    All sheople: please keep using Google. In fact use it a lot more. The more time and resources Google spends on those in line for a shearing, the less time they may have to look at me. Of course it helps to shitcan all things Google to get that lesser level of spying.

    Yeah right ... do no evil.

    1. Doug Glass
      Go

      Re: Love Google

      And oh yeah, wipe out all your cookies upon closure of your browser and all the other paranoid reaction stuff. That or fake everything ... right anonymous?

  27. This post has been deleted by its author

  28. the-it-slayer
    Pint

    Stop behaving like school children!

    Google, M$ and Apple are just all behaving like school children in this instance! Playing dirty tricks on each other as if the rules don't matter. They all should just:

    a) Keep prodding each others privacy settings, report them into the public domain and work to fix up the holes which is better for everyone.

    b) Actually behave and stick to the standards.

    Big corps as we know don't like to stick to the rules to get one over each other (or the innocent general public). Bets on for Apple/MS to be found out exploiting other privacy settings next week? Buy me some beer if that's the case.

  29. Anthony Cartmell

    P3P could never work

    P3P assumes that every website in the world will be 100% honest about how it uses cookies and tracking, and will also be 100% accurate in describing this using P3P codes. How is that going to work?

    But the biggest WTF is to assume that a P3P policy that's invalid means that the website doesn't do any tracking: a massive hole for those websites that aren't 100% honest about tracking.

    Are Google and Facebook maliciously sending invalid P3P codes, so their systems work in IE like other browsers, or are they merely working around a broken concept?

    1. Dan 55 Silver badge
      Boffin

      Re: P3P could never work

      It doesn't say anywhere in the P3P spec that the compact privacy header should contain an error message which the client puts on the screen or a link to click on... it does however say that if the client can't parse a compact policy no attempt should be made by the client to fix it up and it should get the full policy instead. If there is no full policy then the default is not to break operation (i.e. not use P3P). Draw your own conclusions.

  30. Anonymous Coward
    Anonymous Coward

    Oh dear!

    "Microsoft claims Google bypassed its browser privacy too"

    Are you telling me that Microsoft have security holes in their software, oh wait - that's been obvious for ages!

  31. Keep Refrigerated
    Boffin

    Kick Google all you want but don't let MS off the hook here...

    <blockquote>“When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too?” Dean Hachamovitch, VP of Internet Explorer wrote in a blog post...

    Redmond had been rather pleased about the fact that it hadn’t suffered the same kind of problems as Apple against Google’s quest for information on users.</blockquote>

    Translation: We decided that competing by the technical merits of our product is far less important than getting a dig in at a competitor. So when we heard Apple got away with blaming Google for their crap browser, we decided to take advantage of the opportunity to blame Google for our crap browser too.

    <blockquote>"However, if the code is not recognized, Internet Explorer will accept it anyway...</blockquote>

    Umm...

    <blockquote>Google didn’t do this “in a manner consistent with the technology,” Microsoft suggests..."</blockquote>

    Actually, sounds like they did.

    For those fond of the burglar analogy:- The burglar rocked up to your house, finds a combination lock on your door. He enters any old code and because the code he enters doesn't match the correct code in the combination, the lock opens and lets him in!

  32. ideapete
    Mushroom

    Does not compute

    Ho Ho - Microserf and Security ??

    Simply does not compute

This topic is closed for new posts.

Other stories you might like