Google, Facebook & More Bypassing Browser Privacy Settings [News]

Last week Apple and Microsoft employees were shocked to find that Google had bypassed user privacy settings in IE and Safari. But this isn’t the only surprise – apparently Facebook and many other companies are doing the same thing.

The problem is that Internet Explorer blocks third-party cookies unless the site presents a Platform for Privacy Preferences Project (P3P) Compact Policy (CP) statement explaining how the cookie will be used. Google, Facebook and many other companies present a P3P statement which is accepted by the browser even though it doesn’t state the intent.

Business Insider summarised Google’s behaviour as follows: “Google secretly developed a way to circumvent default privacy settings established by a… competitor, Apple… [and] Google then used the workaround to drop ad-tracking cookies on the Safari users, which is exactly the sort of practice that Apple was trying to prevent.”

Facebook’s compact policy states: P3P:CP=”Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p.”

It turns out many of the big websites would be unable to keep users logged in if they adhered to the privacy settings, so they want a way to get around them. As the P3P standard is out of date and not implemented on many browsers, these companies simply work around the P3P issue by providing CPs that are formatted in a way that circumvents the cookie blocking.

Source: MSDN& ZDNet


MakeUseOf Recommends

Angela Alcorn

Ange is an Internet Studies & Journalism graduate who spends way too much time messing with social networks (see AngelaAlcorn.com or @smange).

The comments were closed because the article is more than 180 days old.

If you have any questions related to stuff mentioned in the article or need help with any computer issue, just ask it on MakeUseOf Answers.

Hide 7 Comments

  • Suhel February 27, 2012
    0 likes

    are we heading towards a dark era of internet?

    | Like
    • Angela Alcorn March 7, 2012
      0 likes

       It could perhaps prompt the browsers to adopt something better instead.

      | Like
  • Ellen W. February 28, 2012
    0 likes

    I was wondering what happened to the “ask me” pop up about things I didn’t want to happen, yet needed in order for the sight to react with me. I used to get ‘Allow’ this whatever so that you can ‘use’ this sight…. why can’t ‘the big sights’ trust our judgement like they used to? 

    | Like
    • Angela Alcorn March 7, 2012
      0 likes

      Ah, but then the big sites couldn’t do whatever they wanted to, could they?

      | Like
  • Chris Hoffman February 29, 2012
    0 likes

    This is kind of a tempest in a teapot.

    Basically very few websites actually have P3P policies, because it’s an outdated standard that only IE implements. Even then, it’s IE’s default setting — users don’t choose it.

    Websites say to IE “Hey, we don’t have a P3P policy” and IE says “Okay, track away!”. If Microsoft was really serious, they could just block websites without P3P policies. Instead, they wait years while being aware of this happening, then decide to throw it at Google when they think they can do some damage.

    | Like
    • msillegality March 4, 2012
      0 likes

       So it’s basically like politics?

      | Like
      • Chris Hoffman March 4, 2012
        0 likes

        Yup, they’re trying to make Google look bad.

        Even if Google deserves it, Microsoft’s motives are certainly not pure and innocent.

        | Like