Home Ad Exchange News Google Responds To Microsoft Accusations About Bypassing IE Privacy Setting
Ad Exchange News

Google Responds To Microsoft Accusations About Bypassing IE Privacy Setting

By AdExchanger

SHARE:

google-microsoftThe following is from Rachel Whetstone, SVP of Communications and Policy at Google and is in response to today’s claim by Microsoft that Google had bypassed IE privacy settings.

Microsoft omitted important information from its blog post today.  

Microsoft uses a “self-declaration” protocol (known as “P3P”) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form.  It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality.  We have been open about our approach, as have many other websites.  

Today the Microsoft policy is widely non-operational. A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft.

Here is some more information.

Issue has been around since 2002

For many years, Microsoft’s browser has requested every website to “self-declare” its cookies and privacy policies in machine readable form, using particular “P3P” three-letter policies.  

Essentially, Microsoft’s Internet Explorer browser requests of websites, “Tell us what sort of functionality your cookies provide, and we’ll decide whether to allow them.”  This didn’t have a huge impact in 2002 when P3P was introduced (in fact the Wall Street Journal today states that our DoubleClick ad cookies comply with Microsoft’s request), but newer cookie-based features are broken by the Microsoft implementation in IE.  These include things like Facebook “Like” buttons, the ability to sign-in to websites using your Google account, and hundreds more modern web services.  It is well known that it is impractical to comply with Microsoft’s request while providing this web functionality. 

Today the Microsoft policy is widely non-operational.  

In 2010 it was reported:

Browsers like Chrome, Firefox and Safari have simpler security settings. Instead of checking a site’s compact policy, these browsers simply let people choose to block all cookies, block only third-party cookies or allow all cookies….

Thousands of sites don’t use valid P3P policies….

A firm that helps companies implement privacy standards, TRUSTe, confirmed in 2010 that most of the websites it certifies were not using valid P3P policies as requested by Microsoft:

Despite having been around for over a decade, P3P adoption has not taken off. It’s worth noting again that less than 12 percent of the more than 3,000 websites TRUSTe certifies have a P3P compact policy. The reality is that consumers don’t, by and large, use the P3P framework to make decisions about personal information disclosure.

A 2010 research paper by Carnegie Mellon found that 11,176 of 33,139 websites were not issuing valid P3P policies as requested by Microsoft.

In the research paper, among the websites that were most frequently providing different code to that requested by Microsoft: Microsoft’s own live.com and msn.com websites.

Microsoft support website

The 2010 research paperdiscovered that Microsoft’s support website recommends the use of invalid CPs (codes) as a work-around for a problem in IE.”  This recommendation was a major reason that many of the 11,176 websites provided different code to the one requested by Microsoft.

Google’s provided a link that explained our practice.

Microsoft could change this today

As others are noting today, this has been well known for years.

  • Privacy researcher Lauren Weinstein states: “In any case, Microsoft’s posting today, given what was already long known about IE and P3P deficiences in these regards, seems disingenuous at best, and certainly is not helping to move the ball usefully forward regarding these complex issues.”
  • Chris Soghoian, a privacy researcher, points out: “Instead of fixing P3P loophole in IE that FB & Amazon exploited …MS did nothing. Now they complain after Google uses it.”
  • Even the Wall Street Journal says: “It involves a problem that has been known about for some time by Microsoft and privacy researchers….”

//end

Tagged in:

Must Read

Meta is giving advertisers the ability to connect their third-party analytics tools directly to its ad platform via API.
Platforms

How Apparel Brand Tuckernuck Devised The 'Why' Behind Its CTV Ad Performance

Performance CTV tech company Keynes launched an AI-powered platform. Tuckernuck says it can finally “pop open the hood” and see what’s working.

Salt Lake City, Utah, U.S.A. - February 24th 2021: Martinelli Gold Medal Sparkling Blush for festive occasions and gatherings. Fermented Apple Cider from the state of California.
Measurement

How Juice Brand Martinelli’s Gets To The Core Of Retail Media Incrementality

ROAS who? Martinelli’s is testing how crisp its retail media spend really is by using a new metric called incremental ROAS.

A scale with the letters AI on one side and a pencil and ruler on the other. The pencil and ruler represent the concept of measurement and precision
Measurement

Measured Has A New Tool That Lets Marketers Chat With Their Incrementality Data

Media measurement provider Measured launched an MCP integration that allows brands to ask ChatGPT, Claude, Gemini and other AI platforms how their media is performing.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
CTV

Roku Revamps Its Home Screen To Appease Both Consumers And Advertisers

Roku unveiled its new home screen, which includes new features designed to further personalize the home screen experience for each viewer.

CTV

Why Critics Say Email-Based IDs Don’t Work For CTV

Email targeting in CTV has a credibility problem as buyers and sellers question whether one-to-one identity even fits a channel built for broader reach.

PODCAST: AdExchanger Talks

How ‘Wrapped’ Insights Become Audience Segments

How does Spotify translate quirky Wrapped labels, like “divorced dad hipster,” into ad audiences? And is AI-generated content safe for brands? Spotify’s Global Head of Ad Product Katie English weighs in.

Popular

  1. Publishers

    Amazon Has New Tools To Help Publishers Prove Which Bidstream Signals Drive Demand

    Amazon Publisher Services released a host of tools, such as Signal IQ, to help publishers see which bidstream signals drive demand. Pinpointing which signals drive higher revenue is key for publishers.

  2. CTV Roundup

    FAST Content Isn’t Always ‘Premium,’ But That’s Where TV Ad Innovation Is Happening

    The FAST channel ecosystem is providing advertisers with a sandbox (no, not that sandbox) to test new CTV formats, targeting tools and programmatic buying methods.

  3. Salt Lake City, Utah, U.S.A. - February 24th 2021: Martinelli Gold Medal Sparkling Blush for festive occasions and gatherings. Fermented Apple Cider from the state of California.
    Measurement

    How Juice Brand Martinelli’s Gets To The Core Of Retail Media Incrementality

    ROAS who? Martinelli’s is testing how crisp its retail media spend really is by using a new metric called incremental ROAS.

  4. Sarah Caputo, Founder & Independent Advisor, Fraction Method
    OPINION: Data-Driven Thinking

    From Open Internet To Open Agent: The Architecture Buyers Were Promised Is Finally Here

    The programmatic intelligence layer is owned by the same parties that are extracting margin from it. That structure is now being dismantled by an AI-underpinned protocol that moves the intelligence layer into the open.

  5. AdExchanger's Big Story podcast with journalistic insights on advertising, marketing and ad tech
    PODCAST: The Big Story

    The End Of The Programmatic Pageview

    TV piracy of sports streams is siphoning away millions of viewers. Then: Vox Media and BuzzFeed found new owners this spring, punctuating the end of the pageview era.