On Monday, Microsoft accused Google of trying to bypass Internet Explorer 9"s privacy code. Microsoft says that Google created "a nuance in the P3P specification that has the effect of bypassing user preferences about cookies." The company added, "Google sends a P3P policy that fails to inform the browser about Google"s use of cookies and user information. Google"s P3P policy is actually a statement that it is not a P3P policy."
Today, Google sent Neowin an email response to Microsoft"s claims, written by Rachel Whetstone, Google"s Senior Vice President of Communications and Policy. In the company"s response, Whetstone said:
Microsoft uses a “self-declaration” protocol (known as “P3P”) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form. It is well known - including by Microsoft - that it is impractical to comply with Microsoft’s request while providing modern web functionality. We have been open about our approach, as have many other websites. Today the Microsoft policy is widely non-operational. A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft.
Google sent some examples of what web sites that no longer use the P3P approach. Whetstone states:
These include things like Facebook “Like” buttons, the ability to sign-in to websites using your Google account, and hundreds more modern web services. It is well known that it is impractical to comply with Microsoft’s request while providing this web functionality.
Google also claims that Microsoft has known about this issue for some time and that other outside researchers have pointed it out. Whetstone"s statement quotes one of them, Lauren Weinstein, as saying, "In any case, Microsoft"s posting today, given what was already long known about IE and P3P deficiencies in these regards, seems disingenuous at best, and certainly is not helping to move the ball usefully forward regarding these complex issues.”