Microsoft: Google also bypassed IE privacy settings

Microsoft accuses Google of bypassing its privacy settings in Internet Explorer, following news that Google had done the same with Apple's Safari browser.

Microsoft announces on Monday that Google had sidestepped privacy settings of its Internet Explorer (IE) browser, after reports that the Web giant had done the same with Safari. 

Dean Hachamovitch, corporate vice president of Internet Explorer wrote in a blog post that after hearing that Google had bypassed privacy settings on Safari, the team wondered if Google were circumventing the privacy preferences of Internet Explorer users as well. It was then discovered that Google was employing similar methods to avoid default privacy protections in IE and track IE users with cookies.

Last week, the Wall Street Journal had reported that Google and other advertising companies were using a special code to sidestep privacy settings in Apple's Safari browser to track Web users on desktop computers and the iPhone.

According to the Microsoft executive, Google had utilized a nuance in a P3P (Platform for Privacy Preferences) specification which has the effect of bypassing user preferences about cookies. The specification states that browsers should ignore any undefined policies they encounter.

He pointed that Google sent a P3P policy which failed to inform the browser about Google's use of cookies and user information. Hachamovitch added that Google's P3P policy was actually a statement and not a P3P policy.

P3P is an official recommendation of the W3C Web standards body and a Web technology which all browsers and sites support. The recommendation however, has been ignored over the past decade with the introduction of major Web sites such as and opting not to use it to describe their policies.

Hachamovitch also noted that Internet Explorer users had access to a Tracking Protection List which prevents the P3P bypass.

"[Microsoft] is investigating what additional changes to make to our products. The P3P specification says that browsers should ignore unknown tokens," he wrote. "Privacy advocates involved in the original specification have recently suggested that IE ignore the specification and block cookies with unrecognized tokens. We are actively investigating that course of action."