So the fact that P3P doesn't solve all the problems it set out to solve justifies Google intentionally using it to compromise visitors' privacy in a way that directly contradicts the purpose of the header? And this is okay because it's an MSIE feature they're circumventing?
The functionality being "broken" is functionality that users DO NOT WANT and have EXPLICITLY OPTED OUT OF by configuring their browser to reject tracking cookies. If they weren't tracking cookies, you could send a VALID P3P header and your app would work.
Actually it's the default in IE, not a feature people opted into. I'd be a lot less sympathetic to Google if it was a feature people opted into rather than one that IE users were unaware of.
XP SP2 made the firewall default and enabled. If Chrome disabled it for themselves and started uploading user files when the computer was idle, will that make it okay since it was Microsoft who installed the firewall by default and not the user?
MS tries to market their browser as safer and with more privacy features. Presumably some users trust MS to go with safe defaults. And Google tries to break that by intentionally breaking the standard for their profit by recording the users' browsing habits on their tracking servers and you are sympathetic to Google because they would make less profit if they didn't do this?
I recognize it's a judgement call, but I'm sympathetic to breaking P3P because P3P is a crappy standard that doesn't actually do much to protect your privacy. In 2012, P3P is best known as the thing that breaks your single sign-on solution in IE.
That third one is accept that you lost 99% of IE users, since almost no IE users can actually understand something like P3P and who is asserting what and why that claim should be trusted, and thus leave that scary looking setting at the default level.
