And the Google browser privacy saga continues….

This time, with Internet Explorer – but the plot thickens along the way…  Number Six

From CNN Money:
Microsoft: Google violates our users’ privacy too

“…NEW YORK (CNNMoney) — Last week, Google was caught circumventing Apple’s Safari browser privacy settings. Microsoft chimed in Monday with a “me too” complaint, saying that Google is also dodging around Internet Explorer’s privacy settings.

But the Microsoft/Google standoff is especially complicated, and spotlights the technical swampland that surrounds online privacy issues.

In a blog post, Microsoft browser chief Dean Hachamovitch revealed that Google bypasses a feature in IE designed to let users set their cookie preferences. “Cookies” are files that are used to follow users’ movements and log-ins as they travel through the Web.

Hachamovitch suggests that Google is purposefully tricking Microsoft’s browser into accepting cookies that users would have otherwise blocked. The implication is that Google could track some IE users even if their privacy settings ask Google not to. Google slammed Microsoft’s criticism, calling it disingenuous.

“It is well known — including by Microsoft — that it is impractical to comply with Microsoft’s request while providing modern web functionality,” Rachel Whetstone, Google’s head of policy, said in a written statement. “We have been open about our approach, as have many other websites.”

The problem is that Microsoft made an outdated and commonly ignored standard the cornerstone of its browser’s privacy controls……”

Google busted on privacy – AGAIN.

big surprise – not! – Number Six

From the Seattle PI:

“….“Unlike every other browser vendor, Apple enables cookie blocking by default. Every iPhone, iPad, iPod Touch, and Mac ships with the privacy feature turned on,” Mayer pointed out in his paper.

Apple advertises this like so: ”Some companies track the cookies generated by the websites you visit, so they can gather and sell information about your web activity. Safari is the first browser that blocks these tracking cookies by default, better protecting your privacy. Safari accepts cookies only from the current domain.”

But it turns out there are a few ways for companies to get around these limitations. The one that Mayer’s paper focused on was inserting special code to place trackable cookies in Safari. He found four companies doing this: Google, Vibrant Media, Media Innovation Group and PointRoll.  This all sounds really bad.

Google discontinued the practice after being contacted by the Journal, which makes it sound even worse.  At the very least, Google and the other companies had no business doing this without making it crystal clear to users. It seems at odds with the reasonable expectations of savvy users who either choose Safari because of its default privacy protections, or were under the impression that they couldn’t be tracked while using it….”

And the followup rebuttal to Google from Mayer – a choice excerpt below (more if you click through), emphasis added is mine:

“…Rachel Whetstone, senior vice president of communications and public policy at Google, started the statement by saying:

The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

Mayer responded:
This was technically possible, therefore it was OK? What? I sure hope Google isn’t making an argument like that. There are all kinds of things we know are technically possible.

Whetstone’s statement continued:
Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as (Facebook’s) ‘Like’ buttons.

Mayer said:
Google’s response …  is it’s unfair that Facebook gets to do this and we don’t, because they host the services from and we split ours between Google and DoubleClick.

There are three responses to that. The first is, so what? You’re still circumventing a privacy feature. If you wanted to do this, you could have hosted this off of

The second is, this isn’t a social feature like Facebook, admittedly it blurs the line between social and advertising. But we’re not talking about social widget that exists for sharing with friends.   The purpose of this conduit is just to put the ‘+1′ button on ads. It seems like a lot of energy for what is unambiguously a lame feature. I don’t know how many users have clamoured for ‘+1′ ads.

The user is giving up some privacy in exchange for lining Google’s pockets.

Third, when has any good privacy counterargument begun with, well, Facebook does it too?….”