Google defense cites study arguing for stronger privacy regulation

Google defense cites study arguing for stronger privacy regulation

Summary: Recent reports suggest that Google is attempting to circumvent industry-standard privacy protections in both Safari and Internet Explorer. Google's defense cites a study from Carnegie Mellon. What they don't mention is that that study argues for increased regulation of companies like ... Google

SHARE:

Last week the Wall Street Journal published a report accusing Google of deliberately circumventing privacy settings in Apple’s Safari browser, by implementing a technical workaround that tricks the browser into accepting tracking cookies from a third-party site.

Yesterday, Microsoft accused Google of “employing similar methods to get around the default privacy protections in IE.”

Google fired back with a blast email message that was widely reported by tech news sites, including ZDNet. My colleague Mary Jo Foley included the Google statement as an update to her post. This sentence was a key part of Google’s defense:

Today the Microsoft policy is widely non-operational. A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft.

The implication is that P3P is outdated and widely ignored, and that Microsoft is relying on a technicality to score meaningless points.

It took some digging, but I found the study Google was referring to. Its title is Token Attempt: The Misrepresentation of Website Privacy Policies through the Misuse of P3P Compact Policy Tokens.  The study was published in September 2010 by Pedro Giovanni Leon, Lorrie Faith Cranor, Aleecia M. McDonald, and Robert McGuire of Carnegie Mellon University.

The abstract of that study makes fascinating reading. In fact. I suspect that Google’s communications staff didn’t read it carefully. If they had, I don’t believe they would have wanted to world to read it.

Judge for yourself. The Carnegie Mellon researchers say this:

We collected CPs [Compact Privacy Policies] from 33,139 websites and detected errors in 11,176 of them, including … 21 of the top 100 most-visited sites.

Let’s turn that around, shall we? Using this study’s results, these researchers concluded that 79% of the top 100 most-visited websites in the world have perfectly valid compact policies. That seems to contradict Google’s assertion that “the Microsoft policy is widely non-operational.”

In addition, those errors were, in many cases, minor:

Our work identifies potentially misleading practices by web administrators, as well as common accidental mistakes. We found thousands of sites using identical invalid CPs that had been recommended as workarounds for IE cookie blocking. Other sites had CPs with typos in their tokens, or other errors.

Indeed, a look at the detailed results from the Carnegie Mellon study shows that some Microsoft-owned web properties have errors in their CPs. Appendix D cites msn.com, safety.live.com, and windows.com—all owned by Microsoft—as having “slight differences between CP and privacy policy.” By contrast, the same appendix criticized facebook,com, godaddy.com, and hulu.com using more severe language language: “Policies do not match.” Amazon.com and imdb.com were listed as “Invalid CP, unable to compare.”

The abstract concludes:

It appears that large numbers of websites that use CPs are misrepresenting their privacy practices, thus misleading users and rendering privacy protection tools ineffective. Unless regulators use their authority to take action against companies that provide erroneous machine-readable policies, users will be unable to rely on these policies. [emphasis added]

That’s an eye-opener. The study that Google uses to justify its behavior concludes that regulators should “take action against companies that provide erroneous machine-readable policies.”

They’re talking about Google, among others.

This is a complicated topic, filled with nuance and opportunities for confusion. I'll be digging into the details more and will have a follow-up next week.

Topics: Google, Browser, Microsoft, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

63 comments
Log in or register to join the discussion
  • that's very misleading

    google and others just advanced the state of the technology by innovating when M$ and apple refused to do so since 2007. This is a perfect opportunity to dump IE and Safari and adopt chrome that offers the cutting edge technology and privacy protections for the people. That 'study' is out of context and biased.
    Folks, the real issue here is the technical ineptitude of apple and M$ that unlike Google, failed to implement the latest industry standards and misrepresented the privacy to the end user!
    The Linux Geek
    • It can be safely assumed the Chrome is Google created

      @The Linux Geek... SPYWARE. Since that seems to be the business Google has chosen to be in as a bridge to advertisers. Plain and simple Google is a spyware writer.

      Pagan jim
      James Quinn
      • RE: Google defense cites study arguing for stronger privacy regulation

        @James Quinn
        obviously you are talking crazy and don't appreciate the treasure of free software and services from google that most people cherish.
        The Linux Geek
      • The others are already free, too.

        @The Linux Geek

        When was the last time you [b]paid[/b] to download IE, Safari, or even Firefox or Oracle?
        spdragoo
      • RE: Google defense cites study arguing for stronger privacy regulation

        @James Quinn
        Not often do I find occasion to agree with you, but on this subject we are in synch. This is the main reason I do not use any google products--none!!
        eargasm
      • RE: Google defense cites study arguing for stronger privacy regulation

        @James Quinn<br>Agreed and what's funny the Geek's next post encourages FOSS software over included software as a benefit. Browsers have been included with OS forever and assuming you maintain vigilant safe browsing techniques and anti-virus (if necessary) you should never have to worry about corrupt big name companies that should be helping solve exploited code not using it for their gain. When IE, Safari, and Forms of Mozilla have been the included browsers for so long I see no reason for redundancy. I also appreciate security over speed at any cost who cares if its FOSS.
        partman1969
    • They say they do no evil

      @The Linux Geek
      Yeah, everybody knows how biased the Carnegie-Mellon folks are. You are wise to reject their study and believe Google instead.
      Robert Hahn
      • RE: Google defense cites study arguing for stronger privacy regulation

        @Robert Hahn
        most likely that 'study' was written by some disgruntled professor angry for not getting grant $$$ from google.
        The Linux Geek
      • "Most Likely"?!

        @The Linux Geek
        "Most Likely"?!?! Now you've gone from framing the facts to fit your argument (which is fine - we all do it) to rampant unfounded speculation. If I was going to take you seriously, well you just put a nail in that coffin by showing that you'll just make stuff up to argue with anyone who disagrees.
        use_what_works_4_U
    • RE: Google defense cites study arguing for stronger privacy regulation

      @The Linux Geek <br><br>I'd love to install a browser that sends every bit of my web activity to Google, rather than forcing them to keep employing trickery and fraud to get the information.<br><br>What I've done instead is to continue using IE9, but with all 3rd party cookies blocked. And I've just installed the Google-blocking Tracking Protection List (link in 3rd paragraph here <a href="http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx" target="_blank" rel="nofollow">http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx</a>).
      1DaveN
      • RE: Google defense cites study arguing for stronger privacy regulation

        @DaveN_MVP
        then you'll miss the outstanding user experience google provides using the latest technologies.
        The Linux Geek
      • What outstanding experience?

        @The Linux Geek

        Gmail has less features & is less user friendly than Yahoo Mail, in my [b]personal[/b] experience with using it. So much for "outstanding" experience or the "latest technologies".
        spdragoo
      • RE: Google defense cites study arguing for stronger privacy regulation

        @DaveN_MVP
        Thanks for the tip! I went to the URL specified and added it to my IE 9's both the 64 bit and the plain Jane version. For people using FireFox, whichever flavor, add Ghostery to your add-on's. It too allows you to block 3rd party cookies, especially "Google" ones. It may take a little tweaking but to "Defeat the ET (Google) phone home syndrome it's worth the time and effort!!!!!!!
        To The Linux Geek- keep drinking the Google Kool-Aid. Your either a paid Google shill or just in love with spyware on your machine! I'm sorry, I just had a epiphany,
        you just love to stir the caldron, sit back and say to yourself : look what I did, I got them all stirred up again!!!
        Disgruntled_MS_User
    • RE: Google defense cites study arguing for stronger privacy regulation

      @The Linux Geek

      I'm more apt, as are many, to believe a study conducted by researchers with doctoral degrees and years of study with a given subject than your unfounded statements. For instance, what 'latest industry standard' did either Apple or Microsoft fail to implement relevant to this article/case?
      TechNickle
      • RE: Google defense cites study arguing for stronger privacy regulation

        @FuzzyBunnySlippers
        you could always find a professor willing to make a phony study for a handout....err grant (or lack of grant). Google is a leader in standards and M$ and apple just have to follow the leader to fix privacy issues.
        The Linux Geek
    • RE: Google defense cites study arguing for stronger privacy regulation

      @The Linux Geek

      So the study that google sited is biased against google? Just because you love google doesn't mean you don't excoriate them when they are caught with their hand in the cookie jar

      By a firefox user
      the.nameless.drifter
      • RE: Google defense cites study arguing for stronger privacy regulation

        @the.nameless.drifter
        you don't get it! It was M$ and apple being caught for not implementing the latest standards and proper privacy policies.
        The Linux Geek
      • RE: Google defense cites study arguing for stronger privacy regulation

        @The Linux Geek

        I get it fine its you who stated that the report google sited was biased against google.

        Both Apple and MS have implemented the standard as its written, P3P is a poor standard and will eventually be replaced but it hasn't been replaced yet.

        Google have been caught using an exploit in the P3P standard and as a company which preaches standard compliance this is embarrassing
        the.nameless.drifter
    • RE: Google defense cites study arguing for stronger privacy regulation

      @The Linux Geek Please stop embarrassing Linux supporters with your multiple inane kneejerk posts.
      Or at least take the word 'linux' out of hour handle.
      radleym
    • RE: Google defense cites study arguing for stronger privacy regulation

      @The Linux Geek what exactly would people have to be biased about back in 2007? Are you suggesting that the people who did the study had advanced knowledge about the coming of bing, and chrome?
      mrefuman