Microsoft: Google Breaches P3P Policy, But They Let Facebook "Do It"

Update: See statement from Google at the end of the post

There has been a lot of hoopla about Google breaching privacy and circumnavigating settings in Safari. They have definitely been circumspect at what they are doing but a new report from Microsoft which says that Google did similar things with IE9 as well. Well, here’s the catch, there is nothing illegal Google did and Microsoft just let off the hook with it.

Let’s get to the start of where Microsoft is accusing Google:

By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent.

Well for starters, P3P is outdated and no longer under development. It is a age old policy which many websites including both Google and Facebook choose to ignore or not follow at all and mind you there is nothing legally wrong with it.

Google and Facebook authentication both have fake P3P policies in the HTTP headers that link to a webpage that explains why they don’t support it:

As you can see from the above, Facebook does not have a P3P policy and Google chooses to ignore it altogether. Now, both these approaches are different but they do the same thing; allow these websites to access third-party cookies because they don’t follow the P3P policies.

P3P also known as Platform for Privacy Preferences was started out by W3C in 2006 and the final draft was published in 2007. However, after P3P 1.1, W3C also effectively suspended all work on P3P as is evident from http://www.w3.org/P3P/. This means that the technology in question Microsoft has been using to gather information against Google was no longer developed for 5 years or more.

After a successful Last Call, the P3P Working Group decided to publish the P3P 1.1 Specification as a Working Group Note to give P3P 1.1 a provisionally final state.

The P3P Specification Working Group took this step as there was insufficient support from current Browser implementers for the implementation of P3P 1.1. The P3P 1.1 Working Group Note contains all changes from the P3P 1.1 Last Call. The Group thinks that P3P 1.1 is now ready for implementation. It is not excluded that W3C will push P3P 1.1 until Recommendation if there is sufficient support for implementation.

On the other hand, P3P keeps being the basis of a number of research directions in the area of privacy world wide. One might cite the PRIME Project as well as the Policy aware Web. Many other approaches also follow the descriptive metadata approach started by P3P. Such projects are invited to send email to <[email protected]> to be listed here.

This puts a big question mark, because Microsoft provided evidence against Google using this outdated technology which several companies and browser no longer honor.

So all in all, Microsoft is more than happy to give the same information to Facebook (because they are their partners) while dishing out hate to Google? This is definitely not the best way for a company which hardly follows W3C standards for web coding and CSS to accuse others of circumnavigating things which are outdated.

Google’s Statement Regards to Microsoft Accusations by Rachel Whetstone, Senior Vice President of Communications and Policy, Google

Microsoft omitted important information from its blog post today.

Microsoft uses a “self-declaration” protocol (known as “P3P”) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form. It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality. We have been open about our approach, as have many other websites.

Today the Microsoft policy is widely non-operational. A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft.

Google also goes on to suggest that this has been around since 2002. You’ll find the entire statement from Google below:

For many years, Microsoft’s browser has requested every website to “self-declare” its cookies and privacy policies in machine readable form, using particular “P3P” three-letter policies.
Essentially, Microsoft’s Internet Explorer browser requests of websites, “Tell us what sort of functionality your cookies provide, and we’ll decide whether to allow them.” This didn’t have a huge impact in 2002 when P3P was introduced (in fact the Wall Street Journal today states that our DoubleClick ad cookies comply with Microsoft’s request), but newer cookie-based features are broken by the Microsoft implementation in IE. These include things like Facebook “Like” buttons, the ability to sign-in to websites using your Google account, and hundreds more modern web services. It is well known that it is impractical to comply with Microsoft’s request while providing this web functionality.
Today the Microsoft policy is widely non-operational.
In 2010 it was reported:

Browsers like Chrome, Firefox and Safari have simpler security settings. Instead of checking a site’s compact policy, these browsers simply let people choose to block all cookies, block only third-party cookies or allow all cookies…..

Thousands of sites don’t use valid P3P policies….
A firm that helps companies implement privacy standards, TRUSTe, confirmed in 2010 that most of the websites it certifies were not using valid P3P policies as requested by Microsoft:

Despite having been around for over a decade, P3P adoption has not taken off. It’s worth noting again that less than 12 percent of the more than 3,000 websites TRUSTe certifies have a P3P compact policy. The reality is that consumers don’t, by and large, use the P3P framework to make decisions about personal information disclosure.

A 2010 research paper by Carnegie Mellon found that 11,176 of 33,139 websites were not issuing valid P3P policies as requested by Microsoft.
In the research paper, among the websites that were most frequently providing different code to that requested by Microsoft: Microsoft’s own live.com and msn.com websites.
Microsoft support website
The 2010 research paper “discovered that Microsoft’s support website recommends the use of invalid CPs (codes) as a work-around for a problem in IE.” This recommendation was a major reason that many of the 11,176 websites provided different code to the one requested by Microsoft.
Google’s provided a link that explained our practice.
Microsoft could change this today
As others are noting today, this has been well known for years.

  • Privacy researcher Lauren Weinstein states: “In any case, Microsoft’s posting today, given what was already long known about IE and P3P deficiences in these regards, seems disingenuous at best, and certainly is not helping to move the ball usefully forward regarding these complex issues.”
  • Chris Soghoian, a privacy researcher, points out: “Instead of fixing P3P loophole in IE that FB & Amazon exploited …MS did nothing. Now they complain after Google uses it.”
  • Even the Wall Street Journal says: “It involves a problem that has been known about for some time by Microsoft and privacy researchers….”

What Is The Loneliest Number?

So which is the Loneliest Number in the world? According to Google it is the number 1. This is proven when you search Google for "the loneliest number". You can try it out here for yourself.

The Loneliest Number

While you are at it. Don’t forget to try out several of our other Math articles and jobs. Including finding your age without telling anyone, appropriate Pi Day and Mathematical combinations so interesting.

By the way, if you are mathematical enthusiastic or good at Quantum Physics and are looking to contribute, send us an email at admin [at] techie-buzz.com.

Is Your WordPress Site Slow? Problem May Lie With MySQL, Here is How to Fix it

When I initially started out with using VPS, I had tons of problems with Apache but quickly switched to Nginx which has proven to be more than a boon, because it meant that I could do more with less. However, having used WordPress I have come to know that the system is not necessarily scalable in itself when it comes to self-hosted websites.

In the past, I have written about the architecture that powers Techie Buzz and several guides like Scaling WordPress Using MySQL Replication and HyperDB and setting up memcache with WordPress among others.

However, over time, I have learned quite a few things about managing WordPress for a website with heavy traffic and also sorted out several issues which had become a bottleneck for us.

One of the biggest issues I have faced over time with WordPress is the database. More often than not WordPress websites work slower than expected because of the MySQL database and heavy load on it. However, many a times a simple change in MySQL could speed up the website considerably.

The default engine (not forced by WordPress) while installing WordPress is MyISAM for most hosting companies. The problem with MyISAM is that it locks the entire table when it inserts or updates rows. This in turn locks other queries which are accessing the same table slowing down the entire website in the process.

For example, when you are updating a post, you will be updating the wp_posts table and during this update all other select, insert, update and delete queries will be queued till the insert/update query completes. This in itself should not be a big problem when you have a site with less traffic. However, it does make a big impact when you have a large website with multiple queries being run every minute or so.

So what is the solution for this? Well, the best I could implement was switching the tables with the frequent queries to InnoDB. InnoDB is a storage engine in MySQL which might become the default one in future MySQL versions. With an InnoDB table the queries don’t lock the entire table, but just lock a single row it is inserting/updating. This leaves the other queries to complete without having to wait in a queue.

Making this small change has definitely made life easier for us. Along with our other caching mechanisms we now have almost 0 load on our database, which is definitely a great thing.

While this has definitely been helpful for us, I would suggest that you spend some time reading up the differences between MyISAM and InnoDB and their advantages and disadvantages before you make the move. Once you are convinced that you are ready to migrate, head over to my earlier guide on how to safely and easily migrate tables from MyISAM to InnoDB Engine.

How To Migrate From MyISAM to InnoDB in MySQL Safely and Easily

Since the time that I have run this site, I have had my fights with keeping the website running smoothly. However, over time, I have identified several areas we need to improve on and one of them has been MySQL.

The problem I have had with MySQL is whether to use the MyISAM engine or the InnoDB engine. I have more recently tilted towards using InnoDB more often than not because of the advantages it has for a high traffic website. Though, I won’t go over the advantages in detail here, I might ask you to read my article on why we switched to InnoDB.

Nevertheless, here is a quick and easy tutorial on how to switch from a MyISAM engine to a InnoDB engine safely and easily. You can run these queries on the command prompt or use a GUI like PHP MyAdmin as well. However, you must note that the data in your MyISAM table might not be similar to your new table due to frequent updates and you might want to plan downtime so that you don’t lose data or have to sync the tables again.

So without further ado, here are the steps:

Create a Replica Table

The first step is to create a replica table of the one you want to switch the engines for, for that run the query given below. Make sure to replace the table names as appropriate.

CREATE TABLE new_table LIKE old_table;

Once you have run this query you’ll have a new table which has the same schema as the older table and you are already on your way.

Drop FULLTEXT Indexes in New Table

The biggest difference, if you measure it that way is that InnoDB tables do not support FULLTEXT indexes. So before we do anything else you will have to drop the FULLTEXT indexes from the table you just created. To do that follow the steps given below.

Run the query:

SHOW INDEX from new_table where index_type=’FULLTEXT';

Drop individual indexes from the query (rename indexname for the index you want to drop):

ALTER TABLE new_table DROP INDEX indexname;

Once you have done that, you are now ready to move your MyISAM table to the InnoDB engine. So lets get ahead with it.

Moving MyISAM Table to InnoDB Engine

The next move is to update the Engine of your MySQL table to InnoDB. For that, you will have to run the following query:

ALTER TABLE new_table ENGINE = InnoDB;

That’s it. You now have the new table in InnoDB format, now you just need to move the data.

Move Data From Old Table to New Table

You will need to move the data from the old table to the new table. To do that, run the following query:

INSERT new_table SELECT * FROM old_table;

And the data is finally there. The last but not the least step is to switch between your older MyISAM table to your new InnoDB table.

Rename Old Table to Backup and New Table to Old

Run the following queries to rename your tables:

Rename Table old_table TO old_table_backup;

Rename Table new_table TO old_table;

That’s it. You have now successfully migrated your MyISAM table to the InnoDB engine while having a backup which you can quickly switch to by renaming the backup table again.

Pirate Bay and EZTV Down

It looks like two of the top torrent websites are down right now. Pirate Bay and EZTV are not responding to user requests at the time of reporting.

The Pirate Bay website at http://www.piratebay.se/ and the website http://eztv.it seem to be offline and cannot be accessed right now. There are several users who are reporting on the downtime on but there is no apparent reason as to why this is happening.

Accessing this website leads to "could not connect to website" errors on browsers, so there is no real indication whether these websites were taken down similar to how Megaupload was taken down.

We are trying to find out more about the downtime and will update this post as soon as more information becomes available.

Update #1: It looks like Pirate Bay is down at the provider end (piratpartiet.se) as you can see at the final trace route, so it might be possible that it was taken down by Swedish authorities, but we are not sure yet.

Pirate Bay Down

On the other hand, the EZTV tracert is breaking pretty early as well

EZTV Down

 

Update #2: EZTV.it seems to be up back now

Update #3: Pirate Bay is back up again as well

Story developing..

Thanks @Shaaqt and @YourAnonNews

Smooth Scrolling Comes to Google Chrome in Chrome 19

has seen tremendous growth since it was released 2 years ago. It has competed with browsers like and Internet Explorer by adding new features which have drawn users towards it. However, one of the most requested feature that has been missing in Google Chrome has been smooth scrolling.

Google Chrome Logo

Smooth Scrolling allows users to browse webpages in a single flow without continuous jumps in the display. The lack of this feature made scrolling in Chrome a bad experience if not worse. However, the wait for Smooth Scrolling might be over in a few months because Google has now included the Smooth Scrolling feature in the development version of Google Chrome (v19.0.1041.0 dev-m).

With the introduction of this feature, scrolling in Chrome has become less jumpy and maintains a single flow when you are scrolling from top to bottom or vice versa. The feature might be rolled out with the stable version of Google Chrome in near future, so you might have to wait a month or two before you can start using it.

If you are using the dev version, you will have to enable the Smooth Scroll feature in about:flags before you can use it. Head over to about:flags and enable "Smooth Scrolling". This feature is available for Windows, Linux and Chrome OS only so Mac OS X users won’t be able to use it yet.

Download OS X Mountain Lion Wallpaper

Apple just released the OS X Mountain Lion Developer Preview (Download Mountain Lion) for users. The Mac OS in itself is big news, however, one of the interesting thing about the OS is the Galaxy wallpaper used on the preview desktop.

mountain_lion_wallpaper

Several users have liked the new desktop Wallpaper used on Mountain Lion OS X and have been raving about it. However, not everyone can download OS X Mountain Lion yet, but you can at-least get hold of the wallpaper used on it.

Interested? You can download the OS X Mountain Lion by clicking on this link.

MWC 2012 Schedule, Keynotes & Press Conferences

Mobile World Congress (MWC) is one of the biggest mobile event of the year held annually in Barcelona. MWC attracts some of the biggest mobile manufactures and vendors who create mobile hardware and software and exciting new mobile accessories as well.

Mobile World Congress 2012

MWC 2012techi will be held at Fira Montjuïc, in Barcelona from 27th February, 2012 to March 1st, 2012. This years schedule and keynotes are filled up with some great press conferences and keynote speakers. You will find a schedule of MWC 2012 below.

Please note that all times are in Central European Time (CET) which is +1 UTC, so you might want to click on the Time mentioned below to find your local time.

MWC 2012 Keynotes Schedule

Monday, 27th February, 2012

Tuesday, 28th February, 2012

  • Eric Schmidt – Executive Chairman, Google at 18:00 CET

Wednesday, 29th February, 2012

  • Hans Vestberg – President & CEO, Ericsson at 18:00 CET

In addition to the keynotes, there are several other high profile speakers who will be speaking at the event. Some of the speakers include:

  • Stephen Elop – President & CEO, Nokia
  • Peter Chou – CEO, HTC
  • Warren East – CEO, ARM
  • Anne Bouverot – Director General, GSMA
  • Brian Dunn – CEO, Best Buy
  • John Partridge – President, Visa
  • Sunil Mittal – Chairman & MD, Bharti Airtel
  • Vittorio Calao – Chief Executive, Vodafone
  • Li Yue – President, China Mobile
  • Dan Hesse – CEO, Sprint Nextel
  • Raplh de la Vega – President & CEO, AT&T Mobility
  • John Chambers – Chairman & CEO, Cisco Systems
  • Vikram Pandit – CEO, Citigroup
  • Rene Obermann – Chairman & CEO, Deutsche Telekom
  • John Riccitiello – CEO, EA
  • John Donahoe – CEO eBay

Please visit this page for the complete list of speakers at MWC 2012 or this page for MWC 2012 Agenda.

MWC 2012 Press Conferences

There will be several press conferences that will be held during MWC 2012, here is a list of the key conferences that will be taking place.

Monday, 27 February 2012

Tuesday, 28 February, 2012

Apart from this, there will be several other events and press conferences spread over the 4 days at MWC 2012. We will update this list with the date and timings of newer press conferences and speakers as they become available. You might also want to keep an eye on our tag for the latest announcements from Mobile World Congress 2012 and visit the official site as well.

Download OS X Mountain Lion Developer Preview

Apple just released the newest version of their Mac OS X called Mountain Lion. The new version of Mac OS X contains several new features including several new features which already exist in iOS 5.

Mountain Lion Logo

Mac OS X Mountain Lion 10.8 also integrates with Apple’s iCloud allowing you to backup your data in the cloud. The OS is definitely exciting and includes new features such as Messages, Notes, Reminders, Game Center, Notification Center, Integration and more.

OS X Mountain Lion

If you are excited about this, you should go ahead and download OS X Mountain Lion 10.8 from the links provided below. Please note that users will require “Mac Developer Program access” in order to download the developer preview of OS X Mountain Lion.

OS X Mountain Lion is a developer preview and might be unstable. Regular users should stay away from the developer preview as it might cause system crashes and data loss. General public will be able to download or upgrade their Macs to the Mountain Lion later this summer.

Dark Legends MMORPG Trailer Teaser Video

A MMORPG game called Dark Legends is all set to be released for iOS, and in 2012 and we have a teaser video trailer of the game for you.

Dark Legends

In Dark Legends Players will embrace the secret societies of vampires to challenge the hordes of undead, werewolves, demons and humans that hunt them. Dark Legends opens with the player recently raised and under the direction of the vampire that sired them. The secret existence of vampires has been exposed and angry, misguided humans are uniting to exterminate the undead plague by any means necessary. Players must work with their clan to survive this brutal new world.

I stand weightless at the mouth of Gallows’ Alley. My enemies tremble before me – cornered, clutching their sacred totems, frantic as they load their weapons and stammer their song of hope.

The Thirst rages in my veins… but I remain patient. Eons of training under Sofia and Lord Ulrich keep the bloodlust from consuming me. The Blood is strong. But, in me, the Blood is disciplined. My Blood is a weapon.

The Blood knows when the moment is right. I soar forward, high above the stones. I fly into my enemies’ reach. Defiant. Crimson razor shears in my hands bounce streaks of moonlight onto the stone walls. A shimmer flashes across the Hunters’ faces. They raise their weapons – slowly, like blood crawling through snow.

They scream…

Dark Legends is set to be released in Q1 of 2012 for iOS, Android and Google Chrome. You can watch the trailer of the Dark Legends game in the embedded video below after the jump.