Google: IE Privacy Policy Is Impractical 258
itwbennett writes "In response to Microsoft's claim that Google circumvented Internet Explorer privacy protections (following the discovery that Google also worked around Safari's privacy settings), Google on Monday said that IE's privacy protection, called P3P, is impractical to comply with."
Impractical to who? (Score:5, Insightful)
No it isn't. (Score:2, Insightful)
Stop including P3P header data if all you're going to put is "this is not a P3P policy" in it. How impractical is that?
Re:Impractical to who? (Score:2, Insightful)
When has Google ever stated, or even indicated, that as a goal? They serve personalized ads, but the data they use to do so never leaves their own servers.
Re:Impractical to who? (Score:3, Insightful)
Re:Microsoft Quality (Score:5, Insightful)
If browser makers were serious about protecting their users' privacy, they would make adblocking the default, they would have stricter cookies policies, and they would not let a company like Google decide what sort of privacy people will have.
misleading/wrong question (Score:5, Insightful)
The question that should be asked is: Why does IE have some part of their framework in place which can be simply ignored/violated?
Re:Dear Google (Score:1, Insightful)
Google could have lied. They could have sent a page of lawyerese that looked OK on the surface but actually said that they weren't complying. But they didn't. They provided you with a service (whatever wouldn't have worked) and openly stated while doing so that complying with the policy was idiotic.
They had at least 2 chances to be evil and failed to be both times.
Re:misleading/wrong question (Score:2, Insightful)
Yeah! Why are they bothering to follow the P3P standard that they didn't invent?
(rolling eyes)
Re:Impractical to Microsoft, MS also send invalid (Score:4, Insightful)
Which is another way of saying: Google is also following the spec. The problem is, the spec is faulty, and doesn't provide what it's intended to.
Re:Dear Google (Score:5, Insightful)
I find it amusing that you are twisting and squirming to rationalize how Google explicitly disregarding the wishes of the user and exploiting a well-known loophole in the P3P spec in order to do something against that user's wishes is "not evil."
Even in the best "Microsoft should have prevented this" light, it makes them no better than the used car dealer who tries to convince you that the rust on that El Camino is a special limited-edition two-tone finish that the manufacturer tested out, and the noise from that busted exhaust system is just evidence that the car has a special glasspack muffler. It's bottom-feeding behavior of the worst sort, and blatant hypocrisy from a company that carries on about its "do no evil" policy.
Re:Impractical to Microsoft, MS also send invalid (Score:5, Insightful)
User: "I don't wish to be tracked. I've opted out using this P3P setting."
Google: "Haha there's a loophole that we're gonna use to track you anyway. Blame Microsoft if you don't like it, sucker!"
Yep, Google has done nothing wrong here whatsoever. They're completely right to exploit a known loophole which allows them to disregard the wishes of the users accessing their services, if those wishes would make Google's services less profitable.
If this is "Do no evil," I shudder to think about the damage Google could do if they decided one day to deliberately engage in evil.
Re:Microsoft Quality (Score:5, Insightful)
I remember thinking the same when I was forced to study it academically some time ago, and thought at the time what the fuck is the point in it exactly?
Well at least now I have my answer, it makes for good headlines when you want to troll your competitors with it if nothing else.
Re:misleading/wrong question (Score:5, Insightful)
Yeah how dare they implement the P3P standard as it tells them to! Google is using a loophole in the standard to bypass the privacy protection.
Re:Impractical to who? (Score:5, Insightful)
Selling that demographic information is how they provide all the free services they do. Their ability to target ads effectively is what makes them attractive to advertisers.
I get that Slashdotters are deeply paranoid about anyone knowing anything about them, but at the same time, you aren't entitled to free services like those that Google provides. If you really don't want anything to do with Google, modify your hosts file so all requests to *.google.com (and related domains) are sent nowhere. That's "voting with your wallet," so to speak.
But I can't say I have much patience for people who want to use Google's services and then complain about Google using the information they gather about you as part of their advertising system. There's room to argue about what they should or shouldn't be allowed to do with it, but to presume they shouldn't have any information about you at all is a bit silly.
Re:misleading/wrong question (Score:5, Insightful)
Re:Impractical to who? (Score:1, Insightful)
Keeping your mouth shut regarding aspects of a service which do not value is silly.
"I would value your service more if you respected my privacy," seems like fairly reasonable feedback.
But I can't say I have much patience for people who want to refer to cooperative dissent as silly.
Re:Impractical to who? (Score:5, Insightful)
Are we entitled to something for nothing? No, of course not.
However, it doesn't follow that Google is therefore entitled to disregard an unambiguous request from a user not to collect personal data. If they feel that a user is granting them too little information in exchange for their service, they are free to deny that user access. Making an end run around security settings is sleazy, no matter how you dice it.
I'd have a lot more sympathy for Google if the first story to break was this public complaint, together with a statement of how they were working around it and a warning to affected users that their privacy settings were being circumvented. To make a statement like this /after/ being caught with their corporate hand in the proverbial cookie jar doesn't make a very good defense.
Re:misleading/wrong question (Score:5, Insightful)
Because P3P was a pile of crap to begin with, is drastically out of date and long since abandoned by everyone except microsoft?
From wikipedia:
"The Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web browser users. Designed to give users more control of their personal information when browsing, P3P was developed by the World Wide Web Consortium (W3C) and officially recommended on April 16, 2002. Development ceased shortly thereafter and there have been very few implementations of P3P. Microsoft Internet Explorer is the only major browser to support P3P. The president of TRUSTe has stated that P3P has not been implemented widely due to the difficulty and lack of value."
"P3P manages information through privacy policies. When a website uses P3P, they set up a set of policies that allows them to state their intended uses of personal information that may be gathered from their site visitors. When a user decides to use P3P, they set their own set of policies and state what personal information they will allow to be seen by the sites that they visit. Then when a user visits a site, P3P will compare what personal information the user is willing to release, and what information the server wants to get – if the two do not match, P3P will inform the user and ask if he/she is willing to proceed to the site, and risk giving up more personal information."
P3P can't handle 'legit' cookies not being associated with the domain you're actually viewing. IE requires a P3P policy to exist for 3rd party cookies to be saved when that setting is turned on; google's exists, but just says "this is not a p3p policy", and points you to their privacy policy. IE then goes 'alrighty then, you've got a P3P policy that's utter garbage even though I'm the one that asked for it, but here, go ahead and set that cookie anyway'.
Frankly, Google not respecting Mozilla's DoNotTrack header is a much worse case of ignoring expressed user privacy than this crappy old IE only 'standard' having a loophole you could ride an elephant through.
Re:Impractical to who? (Score:4, Insightful)
If you don't like what Google does with your information, do not use their services and therefore avoid providing any information at all.
I agree that Google has every right to block access to people who don't allow Google to collect the information they want. That's the price you pay for their services, after all.
I think that's entirely separate from Google working around IE's security settings, which I agree is pretty fucking shady and not something they have any right to do.
Re:FTFY (Score:4, Insightful)
No, everyone is framing it correctly as a Google vs. Microsoft issue, since Microsoft intended it that way, using the 'user' as a convenient damsel in distress. The fact is, Google is following the standard as written. IE is not handling the invalid P3P statement as it should, as laid out in their own specification. Any malformed statement should be treated as having no statement, and the cookies blocked. Instead, IE happily accepts the malformed response and allows the cookies anyway. They brought this up now because of the Safari thing, they are playing piggyback-the-bad-press here.
You know who else 'circumvents' P3P policies? Microsoft. Oh, and some outfit they have a contract with, called uhm... Facebook, or something.