Microsoft reveals Google hacked Internet Explorer, just like Safari, so they could track people’s online activity everywhere on the internet.
Apple recently reported that Google hacked their Safari web browser so they could track users online activity on MAC computers and notebooks as well as on all of Apple’s popular handheld electronics with online capabilities such as the iPhone, iPad, and iPod.
Google admits hacking Safari security settings to spy on users
That announcement made Microsoft engineers suspicious that Google may have employed similar measures to bypass Internet Explorer’s security settings to track all of IE users online activity as well. Sure enough, Microsoft has come forward to say Google has employed a different hack which achieved the same results on the world’s most popular web browser.
I was to place I bet, I would bet that Mozilla engineers will soon make the same announcement about the Firefox web browser.
Tech News reports:
Microsoft Calls Google a Cookie Monster
Safari users aren’t the only ones who may be unintentionally picking up tracking cookies from Google as they surf the Web. The search provider also stuffs Internet Explorer with cookies, according to Microsoft. The methodology is different, but the result is the same. In response, Google said the result is due to IE using outdated and impractical standards.
Google is tracking users of the Internet Explorer Web browser without their knowledge, Microsoft has asserted.
After news emerged last week that Google had bypassed the privacy settings of Apple’s Safari browser, Microsoft researchers began looking into whether the search giant was also playing fast and loose with IE’s settings.
However, IE 9 has an additional privacy feature called “Tracking Protection” that blocks the method Google is using, Microsoft said. Users without IE 9 or who have the feature turned off may be susceptible.
Google “basically hacked IE differently than they hacked Safari, but the result is pretty much the same — they overrode the browsers’ capability to block cookies and prevent reporting,” Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld. Google “appears to be intentionally violating the privacy rights of users of third party products.”
Google’s actions are “concerning at any level, being misleading to consumers who expect these [privacy] controls to be honored and working,” Chris Babel, CEO of TrustE, told TechNewsWorld.
[…]
What Google Did
Internet Explorer uses the Platform for Privacy Preferences Project (P3P) feature to block third-party cookies unless the site they’re from sends along a Compact Policy (CP) statement indicating how it will use the cookie and stating that it won’t track the user. That policy must be in machine-readable form.
In other words, P3P appears to work on the honor system. Tell it you’ll comply and it OKs you. But if you’re sneaky enough to lie, it will let you get by anyway.
Microsoft said Google gets around P3P by leveraging a nuance that requires browsers to ignore any undefined policies they encounter. It sends along a P3P CP that is not in machine-readable form and is, therefore, undefined.
With Safari, Google used an iFrame that loaded a page containing a meta refresh to a Google ad link. If the user wasn’t logged into Google, the response directed the browser back to Google’s DoubleClick advertising platform. If the user was logged into Google, the user was directed first to Google’s authentication service and then to DoubleClick.
In the case of Safari, Google claimed the whole thing was the accidental byproduct of its creating a temporary communication link between the browser and Google servers.
[…]
Source:Tech News World
Russia Today reports:
Google got around Microsoft’s privacy policies too
If you read the recent reports that explain how Google exploited a flaw in Apple’s mobile browser to potential spy on its users, you might have wondered if you were among the victims. As it turns out, engineers at Microsoft pondered the same thing.
Now following revelations that Google sent scripts to the mobile version of Apple’s Safari application to keep tracks on its users, the programmers behind Microsoft’s Internet Explorer are learning that they were also impacted by the flaw.
A researcher at Stanford University recently identified an attempt by Google in which the company bypassed the privacy settings of users of the popular Apple Safari browser by means of forcing the app to accept a small cookie file that they could then watch to monitor online activity. Not only did the maneuver allow Google to exploit millions of users of competing products, but it also meant that millions potentially had their Internet history unknowingly monitored by the search engine giants.
In the days since the news broke, Google has downplayed the development and has repeatedly insisted that the exploit was meant to make mobile browsing more seamless. “[W]e designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous — effectively creating a barrier between their personal information and the web content they browse,” a spokesperson explained.
Google claim to be developing a work-around and insist that no harm was ever intended, but now Microsoft is learning that they were exploited as well.
“When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: Is Google circumventing the privacy preferences of Internet Explorer users too?” Internet Explorer executive Dean Hachamovitch writes this week on his blog. “We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.”
This revelation comes after Microsoft stepped up and shunned Google over its escapade with the Safari browser. “Apparently, Google has been able to track users of Apple’s Safari browser while they surf the web on their Apple iPhones, iPads and Macs,” Internet Explorer Business and Marketing General Manager Ryan Gavin blogged last week. “This type of tracking by Google is not new. The novelty here is that Google apparently circumvented the privacy protections built into Apple’s Safari browser in a deliberate, and ultimately, successful fashion.”
Little did the IE team know that similar success was made by Google after they managed to also bypass Microsoft’s policies.
In support of Microsoft, at least it’s reassuring to know that someone still uses Internet Explorer — even if it’s for malicious means. Netscape Navigator has yet to comment as to if they were effected as well.
Source: RT