Google, Facebook & More Bypassing Browser Privacy Settings [News]

google logo 300   Google, Facebook & More Bypassing Browser Privacy Settings [News]Last week Apple and Microsoft employees were shocked to find that Google had bypassed user privacy settings in IE and Safari. But this isn’t the only surprise – apparently Facebook and many other companies are doing the same thing.

The problem is that Internet Explorer blocks third-party cookies unless the site presents a Platform for Privacy Preferences Project (P3P) Compact Policy (CP) statement explaining how the cookie will be used. Google, Facebook and many other companies present a P3P statement which is accepted by the browser even though it doesn’t state the intent.

Business Insider summarised Google’s behaviour as follows: “Google secretly developed a way to circumvent default privacy settings established by a… competitor, Apple… [and] Google then used the workaround to drop ad-tracking cookies on the Safari users, which is exactly the sort of practice that Apple was trying to prevent.”

facebook privacy 300   Google, Facebook & More Bypassing Browser Privacy Settings [News]

Facebook’s compact policy states: P3P:CP=”Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p.”

It turns out many of the big websites would be unable to keep users logged in if they adhered to the privacy settings, so they want a way to get around them. As the P3P standard is out of date and not implemented on many browsers, these companies simply work around the P3P issue by providing CPs that are formatted in a way that circumvents the cookie blocking.

Source: MSDN& ZDNet

Check out more about:

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

7 Comments -

0 votes

Suhel

are we heading towards a dark era of internet?

0 votes

Angela Alcorn

 It could perhaps prompt the browsers to adopt something better instead.

0 votes

Ellen W.

I was wondering what happened to the “ask me” pop up about things I didn’t want to happen, yet needed in order for the sight to react with me. I used to get ‘Allow’ this whatever so that you can ‘use’ this sight…. why can’t ‘the big sights’ trust our judgement like they used to? 

0 votes

Angela Alcorn

Ah, but then the big sites couldn’t do whatever they wanted to, could they?

0 votes

Chris Hoffman

This is kind of a tempest in a teapot.

Basically very few websites actually have P3P policies, because it’s an outdated standard that only IE implements. Even then, it’s IE’s default setting — users don’t choose it.

Websites say to IE “Hey, we don’t have a P3P policy” and IE says “Okay, track away!”. If Microsoft was really serious, they could just block websites without P3P policies. Instead, they wait years while being aware of this happening, then decide to throw it at Google when they think they can do some damage.

0 votes

msillegality

 So it’s basically like politics?

0 votes

Chris Hoffman

Yup, they’re trying to make Google look bad.

Even if Google deserves it, Microsoft’s motives are certainly not pure and innocent.