Google is apparently guilty of bypassing default privacy settings in browsers to install tracking cookies. Such cookies will enable Google to track the web activity of users using Safari (i.e. any Apple devices), something that the search engine company claimed as an accident. However, Microsoft announced that Google is also doing the same thing in their browser, Internet Explorer. (And as it turned out, it’s not only Google that is guilty of overriding privacy settings but also Facebook.)
Browsers that have P3P are capable of blocking or allowing cookies depending on the privacy settings of the user. The thing is, P3P only depends on websites to give a description of them such as what they will do with data they will get from tracking users. By default, IE blocks third-party cookies unless the website shows a P3P Compact Policy Statement showing how it intends to use the cookie and promising not to track the user.
In effect, Google is committing a scam by tricking the browser by sending a text that will enable 3rd-party cookies to be allowed. Google denies tracking of users but admits that it unintentionally places ads cookies on smartphones against the user’ wishes.
Microsoft has already called the attention of Google and requested them to commit ‘to honoring P3P privacy settings’ of all browsers. Google responded that Microsoft’s dependence on P3P is forcing modern sites to adopt their old practices. Besides, they said, 11,000 sites have been found to be bypassing the P3P in IE in the last 2 years.
Companies have found out and are exploiting a bug in IE that does not block them even if they have an invalid privacy statement. Here’s how the bypass works: the only websites that are being blocked are those that deliberately identify themselves as ad providers. And any website that does not describe itself to the browser is given a pass to install a tracking cookie anyway.
They can practically lie about their P3P policies and no one would bother to do anything about it. Talk about a silent scam.
Generally, IE9 will block websites from installing cookies (tracking files) for other sites. For instance, Google should not be able to install a cookie for their advertising site DoubleClick. However, there is an exception: IE9 will permit websites to install 3rd-party cookies if they show P3P (Platform for Privacy Preferences).
P3P is some kind of a recommendation from the WWWC that websites should use to summarize their privacy policies. But this official suggestion has been generally taken for granted in the past 10 years, with major sites like Twitter, CNN, Apple and Google choosing not to use it in describing their privacy policies.