Last week Apple and Microsoft employees were shocked to find that Google had bypassed user privacy settings in IE and Safari. But this isn’t the only surprise – apparently Facebook and many other companies are doing the same thing.
The problem is that Internet Explorer blocks third-party cookies unless the site presents a Platform for Privacy Preferences Project (P3P) Compact Policy (CP) statement explaining how the cookie will be used. Google, Facebook and many other companies present a P3P statement which is accepted by the browser even though it doesn’t state the intent.
Business Insider summarised Google’s behaviour as follows: “Google secretly developed a way to circumvent default privacy settings established by a… competitor, Apple… [and] Google then used the workaround to drop ad-tracking cookies on the Safari users, which is exactly the sort of practice that Apple was trying to prevent.”
Facebook’s compact policy states: P3P:CP=”Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p.”
It turns out many of the big websites would be unable to keep users logged in if they adhered to the privacy settings, so they want a way to get around them. As the P3P standard is out of date and not implemented on many browsers, these companies simply work around the P3P issue by providing CPs that are formatted in a way that circumvents the cookie blocking.