On Google, browsers, privacy and trust

After the revelation last week that Google was bypassing privacy controls on Apple‘s Safari Web browser — allowing Google to place advertising cookies anyway — Microsoft said over the weekend that Google is doing something similar with the Internet Explorer browser. But wait. Apparently, Microsoft IE’s privacy standard is practically useless — besides Google, Facebook and many other sites also work around it.

The standard Microsoft uses, called P3P, is supposed to block third-party cookies. But it has a loophole that allows websites to trick it into allowing the cookies anyway, as explained in more technical terms by Lorrie Faith Cranor, an associate professor at Carnegie Mellon University. Facebook reportedly calls P3P outdated, while Google says it is “widely non-operational,” according to the Verge. Oh, and Amazon.com used to bypass the standard as well, according to both Cranor and the Verge, which says that Google helpfully pointed it out.

So the P3P standard is easily bypassed. Is it excusable, then, that Google, Facebook and others are exploiting/have exploited the loophole? And along the same lines, does that mean that Google’s circumvention of Safari’s controls was simply a workaround to what it saw as a technical problem? Jonathan Mayer, the Stanford researcher who discovered Google’s overriding of Safari’s controls, told Mike Swift of the Mercury News that the search engine known for its “don’t be evil” mantra “is a company that asks users to place a lot of trust with them.” So, Mayer said, “it’s right to hold Google to a higher standard.”

Speaking of trust, and in light of the recent privacy-related developments involving Silicon Valley tech companies lately, it might be a good time to point out that a survey published last month and presented by Edelman at the World Economic Forum found that technology is the most trusted business sector worldwide for the sixth year in a row. The global survey was conducted in the fall, predating the recent apps privacy brouhaha (see Twitter, Path and the privacy controversy over contact info and apps) and the discovery of Google’s Safari workaround (see Google, Safari and the wild Web at war). But the survey followed or coincided with many other previous privacy concerns, including both Google and Facebook’s settlements with the Federal Trade Commission over their privacy practices. (See Facebook sorry? Sharing skepticism over settlement.)

Those who tend to dismiss privacy controversies may point to the survey mentioned above as proof that the public just doesn’t care about all of it very much. Others might take the view that, as Nick Bilton of the New York Times wrote over the weekend, “this technology is now completely woven into every part of society and business,” which makes it doubly important that something be done about the countless breaches of privacy. “The current system of self-regulation is clearly not working,” Bilton writes.

If governments attempt to enact legislation to address privacy issues, though, they’re likely to face plenty of resistance. Legislators have failed to enact or update tech-related laws, including those that involve privacy or anti-piracy efforts — partly because the tech lobby is strong. Not only that, the Edelman survey notes that public trust in government is low. Add that all up and there’s no sure recipe for success. It’s awfully hard to require companies to adhere to a largely non-existent privacy standard.


Share this Post

  • We’re talking about ‘trust’ and Microsoft in the same sentence? Is that a bad joke? Someone needs to get a new copy of You Can’t Win by Jack Black.

  • skip

    I think ‘caveat emptor’ should work fine here – there are plenty of people like that
    Stanford researcher who serve as watchdogs, and plenty of blogs and news
    services that like to break news and spread rumors in this field. Slow, craven and
    hamhanded meddling by pols is neither necessary nor helpful.

  • Larry Shoemaker

    Is this an opportunity for app developers to develop privacy violation detection apps? They could have the app report back violations by company and post a tally each week.
    Is “Ethics” another sales term for Google, Facebook and kindred?

    Found that Facebook was censoring some posts!

  • sd

    @skip, the problem with “caveat emptor” is that by the time it becomes known to the public, the horse already is out of the barn (the privacy violation has been experienced by at least some people). That’s too late. Unless repeated “oops”es give an organization (*cough* Microsoft *cough*) a reputation for not taking security very seriously, letting the market and watchdogs go at it will be a game of cat-and-mouse.

  • dermbuilder

    The only way to insure any kind of privacy is to have it written into the most basic levels of the operating system itself. If for instance a “locker” is provided for all forms of confidential information, and if any application stores any kind of information outside of that “locker” that looks to the OS like it should perhaps be considered confidential, the OS would warn the user that the application seems to be taking liberties with your data. there could be specific warnings to the user before any data in the locker is accessed by the application, or sent to the network or any USB device etc., and explicit permission would have to be granted by the user before any such thing would be allowed to happen.

    Microsoft, Apple, Google for Android, and the independent developers responsible for Linux could create such a level of security, whether any of them actually do however remains to be seen. I must say however that I would expect it to happen with Linux long before I see this level of data security to happen with any of the corporate produced OSs.