updated 10:20 pm EST, Mon February 20, 2012
Google defends against Microsoft cookie claims
Google's Senior Communications VP Rachel Whetstone claimed Microsoft was being dishonest in making claims of suspicious browser cookie circumventions in Internet Explorer 9 and elsewhere. The executive argued that Microsoft had effectively ignored the issue since 2002, when it had implemented the P3P approach of requiring a cookie state its intent. Microsoft not only knew about the "loophole" of using an undefined intent for years, letting Amazon and its recent investment target Facebook use the trick, but knew that P3P would break the modern Internet regardless
Whetstone more than once referenced a Carnegie Mellon research paper from 2010 that not only showed just a third of studied websites using P3P in their cookies the way Microsoft wanted, but that Microsoft itself had been suggesting the same code change Google was using. Privacy firm TRUSTe had added that under 12 percent of its own sites were honoring P3P and that it couldn't be counted on. Microsoft's own live.com and MSN websites weren't sending proper P3P information.
Of the minority that did honor the demands, it was the DoubleClick ads, the very elements framing the Google +1 requests, according to the Senior VP. It was only the +1 elements that needed the exception, which to Google was unavoidable.
"It is well known -- including by Microsoft -- that it is impractical to comply with Microsoft’s request while providing modern web functionality," Whetstone argued, pointing to Google's own notice and one from Facebook that both showed public knowledge of these practices.
The commentary effectively accused Microsoft of further being selective with interpretations in order to tarnish Google when convenient rather than raising a legitimate security issue. Google was using a form trick to achieve a similar functionality in Safari and hadn't been accused of conspiracy, although Apple had said it might alter Safari to close the gap.
The issue became public when a close examination showed that Google tracking cookies, and those of a few third-party advertisers, were appearing even when Safari (including mobile Safari) and later IE9 users had settings enabled to block third-party cookies. Both Apple and Microsoft are now known to use settings that can be relatively easily circumvented, although most sites don't use the Google trick or follow the P3P rules and are blocked properly.