Following the revelation that Google bypasses built-in privacy protections on the iPhone’s web browser, Microsoft has come forward to declare that Google similarly exploits vulnerabilities in Internet Explorer. Google responded to the accusations, admitting it was using a known workaround but saying Microsoft’s policy is “widely non-operational.”
When it was revealed last week that many Google websites get around preferences in Apple’s Safari browser to anonymously track (via cookies) sites the user visited, Microsoft went to work to see if Google was also circumventing privacy settings in Internet Explorer. In a posting yesterday, Microsoft vice president of Internet Explorer Dean Hachamovitch said this was indeed the case.
Although the technique is different, what Google is doing has the same effect of getting the browser to accept cookies when it typically wouldn’t. If a website wants to serve a cookie from a third party (for example, DoubleClick wanting to serve a cookie to someone visiting a site in the google.com domain), Internet Explorer looks in the site’s code for a special key, essentially a declaration of what the site’s going to do with that cookie. If the browser doesn’t see the key, it won’t allow those third-party cookies to get through.
However, there’s a workaround. If you put in the key but leave it blank (or at least, unintelligible to the browser), then Internet Explorer will let it pass. As long as the site specifies exactly what it’s doing with the cookies, that site is still technically adhering to the spec. Microsoft says Google didn’t do that, though.
Not surprisingly, Google sees things differently. Saying that Microsoft omitted important information in its posting, Google senior VP of communications and policy Rachel Whetstone said in a statement that the protocol Microsoft is accusing Google of violating is 10 years old, and that it’s “well known — including by Microsoft — that it is impractical to comply with Microsoft’s request while providing modern web functionality.”
Whetstone goes on to say that many websites, including Facebook and Amazon, exploit the same workaround. Google also cites a 2010 research paper from Carnegie Mellon University that found more than 11,000 websites that didn’t adhere to Microsoft’s browser policies with regard to the special key. And far from leaving the key completely blank, Google provides a link to a page that explains what Google’s doing with regard to cookies.
In the end, Google says, its browser workarounds are aimed at giving users the functionality they expect from the web in 2012. Citing things like “+1″ and “Like” buttons, Google says many cookie-based features would not work with strict adherence to the “Microsoft implementation” of Internet Explorer.
What’s your take? Is Google violating the privacy of Internet Explorer users? Or is it just doing it best to provide the level of functionality to the web that today’s users expect? Have your say in the comments.via[mashable]
No comments:
Post a Comment