A faceplace conversation…
Google and privacy
Ethics and medical school
See? I knew they needed hugs
Google and privacy written on Tuesday February 21, 2012
It is interesting that Microsoft accuses Google of "Bypassing User Privacy Settings". Several notes on the matter:
I think that MS is just using the issue to bolster Internet Explorer. There is no reason to talk about IE these days if not a scandal against other companies.
Sending a compact P3P means absolutely nothing. It is supposed to represent the information collected and dissemination of such by the website in question, but the website in question can send any policy they want without oversight. If the company is going to sell your browsing habits, do you think they are going to tell the truth? Does MS really think that this is the end-all be all of privacy on the internet?
Why does Internet Explorer accept a string that it cannot parse? My understanding is that the browser is supposed to reject policy information in the compact P3P policy that it does not understand. As such, Google's
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." has no information that the browser would understand as being part of a well-formed compact P3P policy. As such, it is my understanding that Internet Explorer should ignore the entire policy sent. If that is the case, an empty string should be the same as not sending anything to the browser at all, yet Internet Explorer seems to trust this implicitly though it does not understand what it is reading. So, to compensate for a poorly written implementation of a standard, Microsoft accuses Google of bypassing user privacy settings. It seems to me that Microsoft made the mistake of allowing Internet Explorer to accept a policy it cannot parse.
I understand that inflammatory titles get people to click on your story and sells newspapers, but telling people that Google "...used special computer code that tricks Apple's Safari Web-browsing software into letting them monitor many users," is disingenuous at best. There are many problems to the way cookies are implemented, but rejecting third party cookies exclusively is not going to fix the problems. Browsers all let you natively reject third party cookies (recent ones anyhow, I cannot vouch for those old copies of IE 6 or Netscape Communicator you have laying around), or even all cookies (though most sites would not let you sign into their social network, email or whatever if you reject all cookies) but that does not stop companies from mishandling the personal information they already have on file. What needs to happen is users need to let those running these companies what is an acceptable use of their personally identifiable information and what is not. Of course, we will never all agree, but there has to be a middle ground.
And now, all of the users are crying that Google is evil. But this is far from the truth. They simply do not realize that there is no single policy governing what is allowed on the internet, nor what has occurred for the last decade or so.
And finally, none of these companies hacked your Safari, they didn’t steal your address book and spam your friends without asking (I’m looking your way, Path). The only reason what Google did matters is because they have such a massive following. If you don’t like their tactics, put your money where your mouth is and disable all cookies or move on to a different search engine, email service or social network and they will take notice at the mass exodus.
Permalink| RSS Feed