Shared publicly  - 
 
Evil yet?
Is this why Schmidt is dumping billions in stock?
1
Will Keaney's profile photoKee Hinckley's profile photoShasta Willson's profile photoKathy E. Gill's profile photo
16 comments
 
This is more a case of IE supporting a standard that never caught on.
 
I think that the standard itself was also poorly thought out - it's a pretty gaping privacy hole that any site can return garbage in the P3P negotiation and completely bypass its protections.
 
I agree that the browser should not interpret English as 'we aren't setting cookies' but Google's sending human language in an http header was a deliberate bypass of MY decision to block third party cookies. Or have I missed something here? Is there different behavior when the privacy settings are customized rather than default? 
 
Shasta, i agree with Lauren here : "But to assume that every error involving extraordinarily complicated software systems is evidence of evil intent is not only inaccurate and inappropriate, by to my way of thinking essentially perverse."

But Lauren was writing about Safari and thise damn Apple engineers.

Mistake? NOT the case with Google's sending 'this is not a P3P policy' to bypass the W3C 'standard' to MSIE.

P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

Moreover, I do Not expect that Google or Facebook should be tracking me after I have logged out. I do not think that Google's ad network should be able to track me on a non-Google property just because gmail is open. And I don't think I am an edge case.



 
+Kathy Gill Apparently some of Microsoft's own properties ignore P3P, and using it breaks +1, Like, and third party logins (where you can login via Google, Twitter, Facebook, etc instead of giving a site your password). Given that it's a standard supported by only one browser, I'm not sure what they should have done instead. Microsoft themselves recommended bypassing it to work around problems. One hand doesn't seem to know what the other is doing.
 
Ok. There are no innocents? Fine.

But when I say 'no third party cookies' dammit I MEAN IT.

Saying 'everybody' does it (a) isn't true or all 100 websites would have shown this happening (b) is NOT an excuse for ignoring consumer settings.

I don't CARE if likes and plus1s don't work in my browser if my settings ate honored!!!!!


 
Are not ate!! iPhone and G+ don't go together. 
 
The Carnegie Mellon study Google cites : 1/3 have errors means 2/3 (the majority) comply. And 79 of the top 100 sites complied with the P3P privacy initiative.

That's overwhelming SUPPORT

Of the 1/3 that made mistakes (usually mistyped code, not NO code), how many run a major advertising service?

Oh. And the CM reports that regulation may be needed to get sites to comply with consumer choice. Is that Really what Google wanted to share with the world??

 
No, I don't think it's what Google "wanted" at all. When 21% of the top sites aren't complying, that makes the evade an industry standard. How many of them didn't need to work around the issue for their functionality to function? What percent of those who did used the workaround?

Patching around other code's oddities is so standard most programmers wouldn't even blink. I really don't think this was an intentional effort by Google to be evil -- and they have PLENTY of those. Cutting off services like Picasa because they're been tied to a G+ (whether I like it or not) that is then deemed illegitimate?

That's a clear violation of what's best for the user. I'd call it evil. It's resulted in my moving away from using several Google products.

Using a workaround that is common to make functionality most people expect work as expected? That's just not.

e.g. Business groups have adopted third party sign-in widely, for example. It's not cutting edge -- in fact it's most heavily adopted by the least adept consumers. Suddenly breaking it on one platform without clearly letting your customers know how to fix it, or why you did it, is a bug.

I'm all for hanging them where they deserve it, but this is one of the least clearcut examples of Google Evil I can think of. (Have you followed what they've done in the book world? That's another rich one...)
 
Oh..I should add that NONE Of this is support for the actual practice. I think cookie setting should be MUCH more transparent to the end user and MUCH easier to manage for non-programmers.

Tracking is BROKEN. There should be an easy way for me to say "Leave me alone" when I browse, perhaps with a case by case exception option like when you turn off pop-ups. "Yes, I want to enable Google's 1-pass login" (which shouldn't enable ANYTHING ELSE FROM GOOGLE.

I just don't think Apple helped that goal AT ALL, nor that Google stands out as particularly evil on this one.
Add a comment...