So the WSJ publishes another one of it’s alarmist articles about Google and Safari during the weekend and Microsoft wants to capitalize by pretending it just now discovered that P3P (a defunct and shitty protocol) is useless and no one uses it.
NYT September 17, 2010:
http://bits.blogs.nytimes.com/2010/09/17/a-loophole-big-enou...If you rely on Microsoft’s Internet Explorer’s privacy settings to control cookies on your computer, you may want to rethink that strategy.
Large numbers of Web sites, including giants like Facebook, appear to be using a loophole that circumvents I.E.’s ability to block cookies, according to researchers at CyLab at the Carnegie Mellon University School of Engineering.
A technical paper published by the researchers says that a third of the more than 33,000 sites they studied have technical errors that cause I.E. to allow cookies to install, even if the browser has been set to reject them. Of the 100 most visited destinations on the Internet, 21 sites had the errors, including Facebook, several of Microsoft’s own sites, Amazon, IMDB, AOL, Mapquest, GoDaddy and Hulu.
Google doesn’t support a broken feature that is exclusive to IE somehow it’s their fault. If anyone ever doubted Microsoft's PR sleaziness and propaganda tactics that blog post is proof.
I don't side with Google on this one but here is an interesting tidbit: Microsoft support site advocated the same trick... a reference to this can be found on page 6 of this PDF
This is a totally disingenuous comment. From the linked PDF (note: this also occurs on page 7, not page 6, for those who wish to verify):
"We discovered that Microsoft’s support website recommends the use of invalid CPs as a work-around for a problem in IE. Specifically, a FRAMESET or parent window that references another site inside a FRAME considers the referenced site as a third-party, even if it is first-party content located on the same server [10]. Microsoft suggests the following invalid CP: CAO PSA OUR. This CP is clearly invalid since it does not contain any RETENTION or CATEGORIES tokens. Even if the CP were valid, Microsoft’s recommendation undermines the purpose of P3P since it encourages web administrators to use CPs that do not represent their actual data practices. We found several technical blogs recommending similar solutions [11], [19]."
So yes, a Microsoft support site did recommend a set of invalid CPs, but this is clearly not the same trick. This is a legitimate set of CP tokens that is used to workaround an issue where 1st party content appears to IE as 3rd party content. This token set is invalid because RETENTION/CATEGORIES tokens are missing, but the web author's intent here is (theoretically) honest.
Google, on the other hand, is providing no tokens whatsoever. Instead, in their P3P header they provide a human-readable string and a link to their privacy policy. This is not an invalid but intellectually honest set of tokens that is designed to comply with the spirit of the standard, if not the letter. This is an attempt to bypass the standard in order to allow 3rd party cookies, regardless of user settings.
The fact that you are equating these two practices is completely dishonest. Even a cursory glance through this document makes it clear that the Microsoft support site is advocating something completely different and is doing so in order to enable a fairly legitimate scenario.
>So Google doesn’t support an IE exclusive broken feature
I am tired of this constant meme in the comments. It's one thing not to support a standard, it's another to actually go to the effort of actively subverting it.
They are supporting it by sending out (fake) P3P headers.
If they didn't support it, they wouldn't send P3P headers. As simple as that.
You can't argue in defense of Google from an "it's nonstandard" angle, because Google is all about nonstandard Web extensions these days -- to a much larger extent than Microsoft.
You can't argue in defense of Google from a "they didn't know enough about how IE works" angle. They're Google. They created Chrome Frame, people. They know enough to solve this engineering problem.
There is no pro-Google bias. What is observable is passionate people who downvote any comment they disagree with, sometimes downvoting comments from the same author.
>They created Chrome Frame, people. They know enough to solve this engineering problem.
I would rather say the creation of Chrome Frame marked the point when they threw up their hands in frustration, deciding that they were never going to solve this engineering problem.
I can imagine how exact same commenters here supporting Google would react if Bing Ads did this to Chrome. I am sure hell would break loose with the "OMG EVIL M$" shouts.
My concern now is that this post may disappear soon thanks to inevitable flagging of any negative news about Google. This has happened to many submissions in the past.
That was an article about Microsoft posting an anti-Gmail video, but the pro-Google folks didn't want people to even see the video for themselves and judge it for what it's worth.
NYT September 17, 2010:
http://bits.blogs.nytimes.com/2010/09/17/a-loophole-big-enou... If you rely on Microsoft’s Internet Explorer’s privacy settings to control cookies on your computer, you may want to rethink that strategy. Large numbers of Web sites, including giants like Facebook, appear to be using a loophole that circumvents I.E.’s ability to block cookies, according to researchers at CyLab at the Carnegie Mellon University School of Engineering. A technical paper published by the researchers says that a third of the more than 33,000 sites they studied have technical errors that cause I.E. to allow cookies to install, even if the browser has been set to reject them. Of the 100 most visited destinations on the Internet, 21 sites had the errors, including Facebook, several of Microsoft’s own sites, Amazon, IMDB, AOL, Mapquest, GoDaddy and Hulu.
Google doesn’t support a broken feature that is exclusive to IE somehow it’s their fault. If anyone ever doubted Microsoft's PR sleaziness and propaganda tactics that blog post is proof.