Google, Facebook & More Bypassing Browser Privacy Settings [News]

Ads by Google

Last week Apple and Microsoft employees were shocked to find that Google had bypassed user privacy settings in IE and Safari. But this isn’t the only surprise – apparently Facebook and many other companies are doing the same thing.

The problem is that Internet Explorer blocks third-party cookies unless the site presents a Platform for Privacy Preferences Project (P3P) Compact Policy (CP) statement explaining how the cookie will be used. Google, Facebook and many other companies present a P3P statement which is accepted by the browser even though it doesn’t state the intent.

Business Insider summarised Google’s behaviour as follows: “Google secretly developed a way to circumvent default privacy settings established by a‚Ķ competitor, Apple‚Ķ [and] Google then used the workaround to drop ad-tracking cookies on the Safari users, which is exactly the sort of practice that Apple was trying to prevent.”

Facebook‚Äôs compact policy states: P3P:CP=”Facebook does not have a P3P policy. Learn why here:”

It turns out many of the big websites would be unable to keep users logged in if they adhered to the privacy settings, so they want a way to get around them. As the P3P standard is out of date and not implemented on many browsers, these companies simply work around the P3P issue by providing CPs that are formatted in a way that circumvents the cookie blocking.

Source: MSDN& ZDNet

Ads by Google

Check out more about:
From the Web

7 Comments - Write a Comment



are we heading towards a dark era of internet?

Angela Alcorn

 It could perhaps prompt the browsers to adopt something better instead.


Ellen W.

I was wondering what happened to the “ask me” pop up about things I didn’t want to happen, yet needed in order for the sight to react with me. I used to get ‘Allow’ this whatever so that you can ‘use’ this sight…. why can’t ‘the big sights’ trust our judgement like they used to?¬†

Angela Alcorn

Ah, but then the big sites couldn’t do whatever they wanted to, could they?


Chris Hoffman

This is kind of a tempest in a teapot.

Basically very few websites actually have P3P policies, because it’s an outdated standard that only IE implements. Even then, it’s IE’s default setting — users don’t choose it.

Websites say to IE “Hey, we don’t have a P3P policy” and IE says “Okay, track away!”. If Microsoft was really serious, they could just block websites without P3P policies. Instead, they wait years while being aware of this happening, then decide to throw it at Google when they think they can do some damage.


¬†So it’s basically like politics?

Chris Hoffman

Yup, they’re trying to make Google look bad.

Even if Google deserves it, Microsoft’s motives are certainly not pure and innocent.

Your comment