Microsoft finds Google bypassed Internet Explorer’s privacy settings too, but it’s not alone
There was quite a stir sparked last week when it was revealed that Google was exploiting a loophole in a Apple’s Safari browser to track users through web ads, and that has now prompted a response from Microsoft’s Internet Explorer team, who unsurprisingly turned their attention to their own browser. In an official blog post today, they revealed that Google is indeed bypassing privacy settings in IE as well, although that’s only part of the story (more on that later). As Microsoft explains at some length, Google took advantage of what it describes as a “nuance” in the P3P specification, which effectively allowed it to bypass a user’s privacy settings and track them using cookies — a different method than that used in the case of Safari, but one that ultimately has the same goal. Microsoft says it’s contacted Google about the matter, but it’s offering a solution of its own in the meantime. It’ll require you to first upgrade to Internet Explorer 9 if you haven’t already, then install a Tracking Protection List that will completely block any such attempts by Google — details on it can be found at the source link below.
As ZDNet’s Mary Jo Foley notes, however, Google isn’t the only company that was discovered to be taking advantage of the P3P loophole. Researchers from Carnegie Mellon University’s CyLab say they alerted Microsoft to the vulnerability in 2010, and just two days ago the director of the lab, Lorrie Faith Cranor, wrote about about the issue again on the TAP blog (sponsored by Microsoft, incidentally), detailing how Facebook and others also skirt IE’s ability to block cookies. Indeed, Facebook readily admits on its site that it does not have a P3P policy, explaining that the standard is “out of date and does not reflect technologies that are currently in use on the web,” and that “most websites” also don’t currently have P3P policies. On that matter, Microsoft said in a statement to Foley that the “IE team is looking into the reports about Facebook,” but that it has “no additional information to share at this time.”