Pinterest Stumbleupon Whatsapp

Last week Apple and Microsoft employees were shocked to find that Google had bypassed user privacy settings in IE and Safari. But this isn’t the only surprise – apparently Facebook and many other companies are doing the same thing.

The problem is that Internet Explorer blocks third-party cookies unless the site presents a Platform for Privacy Preferences Project (P3P) Compact Policy (CP) statement explaining how the cookie will be used. Google, Facebook and many other companies present a P3P statement which is accepted by the browser even though it doesn’t state the intent.

Business Insider summarised Google’s behaviour as follows: “Google secretly developed a way to circumvent default privacy settings established by a… competitor, Apple… [and] Google then used the workaround to drop ad-tracking cookies on the Safari users, which is exactly the sort of practice that Apple was trying to prevent.”

Facebook’s compact policy states: P3P:CP=”Facebook does not have a P3P policy. Learn why here:”

It turns out many of the big websites would be unable to keep users logged in if they adhered to the privacy settings, so they want a way to get around them. As the P3P standard is out of date and not implemented on many browsers, these companies simply work around the P3P issue by providing CPs that are formatted in a way that circumvents the cookie blocking.


Source: MSDN& ZDNet

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Chris Hoffman
    February 29, 2012 at 6:36 am

    This is kind of a tempest in a teapot.

    Basically very few websites actually have P3P policies, because it's an outdated standard that only IE implements. Even then, it's IE's default setting -- users don't choose it.

    Websites say to IE "Hey, we don't have a P3P policy" and IE says "Okay, track away!". If Microsoft was really serious, they could just block websites without P3P policies. Instead, they wait years while being aware of this happening, then decide to throw it at Google when they think they can do some damage.

    • msillegality
      March 4, 2012 at 12:03 am

       So it's basically like politics?

      • Chris Hoffman
        March 4, 2012 at 4:00 am

        Yup, they're trying to make Google look bad.

        Even if Google deserves it, Microsoft's motives are certainly not pure and innocent.

  2. Ellen W.
    February 28, 2012 at 7:47 pm

    I was wondering what happened to the "ask me" pop up about things I didn't want to happen, yet needed in order for the sight to react with me. I used to get 'Allow' this whatever so that you can 'use' this sight.... why can't 'the big sights' trust our judgement like they used to? 

    • Angela Alcorn
      March 7, 2012 at 8:27 pm

      Ah, but then the big sites couldn't do whatever they wanted to, could they?

  3. Suhel
    February 27, 2012 at 11:22 am

    are we heading towards a dark era of internet?

    • Angela Alcorn
      March 7, 2012 at 8:09 pm

       It could perhaps prompt the browsers to adopt something better instead.