More Sneaky Business From Google: It Bypasses Internet Explorer Privacy Settings, Too

Google does not honor a default privacy setting in Microsoft's Internet Explorer 9 Web browser, but instead uses a trick to get around it.

IE head Dean Hachamovich says Microsoft started looking into this last week after news broke that Google was bypassing the default privacy settings in the Safari Web browser on iPhones and iPads. Google was caught by the Wall Street Journal and stopped playing that particular trick, but went on the offensive to try and explain its behavior away.

Like the Safari compromise, the IE9 compromise involves cookies -- small bits of code that Web sites put into your Web browser. Those cookies usually don't contain any personal information, but can keep track if you've visited a particular Web site so you don't have to log in again every time you come back to the site. (Think how annoying it would be if you had to re-enter your Facebook ID every time you came back to Facebook, for instance.)

But ad networks also use cookies to track users across any site where they serve up an advertisement. They do this to make sure they're serving the most relevant possible ads -- and often to track user browsing habits in aggregate to help their advertisers target ads more effecitvely.

IE9 blocks cookies from any site that does not honor a technology called P3P, which lets Web sites describe to browsers exactly how they're going to use tracking cookies.

Google doesn't honor P3P. So its cookies should be blocked.

But instead, Google employs a loophole -- instead of leaving a blank in the spot where it would deliver a P3P policy that only a browser could understand, it delivers a human-readable message saying "This is not a P3P policy!" and a link to this page explaining why Google doesn't like P3P.

If the browser can't understand a P3P message, it accepts the cookie anyway.

So, under the guise of transparency, Google is actually bypassing a privacy setting put in place by a major competitor.

Sneaky!

Like the Safari snafu, this is pretty small time stuff as far as privacy goes. Tracking cookies have been around for years, their behavior is well known, they're easy to block, and the information they deliver -- your browsing history -- usually doesn't contain personally identifiable information.

But still, it's another dumb blunder from a company that is increasingly being watched by government regulators and competitors very, very closely.

If you use IE9 and want to block Google from using this loophole to track you, Microsoft has instructions here.

See also: How To Block Google (And Everybody) From Tracking Which Sites You Visit On Your iPhone

• Google Is Run By Geniuses. So How Could It Be So Stupid?
  
• GOOGLE: The Wall Street Journal Is Full Of Crap—Here's What That Apple Safari 'Tracking' Was Really About
  
• This Guy Is Now Totally In Charge Of Google's Assault On Microsoft