Acceptance of the P3P spec has been, ahem, slow at best. Of all the major browsers, only Internet Explorer (versions 6, 7, 8, 9, and 10) recognizes P3P policies. Firefox used to enforce P3P policies, but now it's an obscure option.
When Internet Explorer encounters an invalid compact policy, it simply accepts all cookies. Microsoft says that's in conformance with the W3C spec. Here's what the spec says, in Section 6.4: "P3P user agents MUST NOT rely on P3P compact policies that do not comply with the P3P 1.0 or P3P 1.1 specifications or are obviously erroneous. Such compact policies SHOULD be deemed invalid and the corresponding cookies should be treated as if they had no compact policies." You may read that as saying, "if the CP is invalid, accepts all cookies." I don't.
That's a bug, and it's existed since Internet Explorer 6. Should Google be penalized for taking advantage of IE's bug? What about Facebook and Amazon and 11,000 others?
Now for the kicker: Microsoft once published specific instructions on how to make an "unsatisfactory" CP code for IE6. MSDN had instructions for creating CP codes that would fail the IE6 validity check. Microsoft has since taken down the page, but you can find a reference to it in the old Knowledge Base article 323752. (Microsoft yanked that KB article, too, but a copy still exists on the Wayback Machine.) To quote the Knowledge Base article, "Visit the following MSDN Web site for a complete list of satisfactory and unsatisfactory policy codes."
Who knows? Maybe Google and Facebook and Amazon just followed Microsoft's old instructions to circumvent third-party cookie blocking.
If you want to take Google to the woodshed, do it for intentionally subverting Safari. But for ignoring P3P? Bah.
This story, "Google's cookie runaround in IE? Not a big deal," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.