Apparently it's happening in IE as well:

When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.

[blogs.msdn.com...]

IE is is a bit different. Google sends an unparseable (human readable, effectively blank as far as the the browser in concerned if it treats in in accordance with the standard) P3P policy. IE then allows cookies.

I think P3P does not really work. IE (by defaut) allows cookies if ANY P3P policy is present, but does not provide any way for humans to view these policies when deciding which sites to accept cookies from (and this seems to be how P3P is intended to be used).

My reading of the MS analysis and others is that G is (deliberately?) sending a malformed P3P that tricks (at least MSIE) browsers into allowing the cookie. MS is considering rejecting any unrecognised code rather than, as I think the spec suggests, ignoring it.

Actually, it's not clear to me that a P3P cannot be entirely faked. Is there some reason it cannot be?

Ever visited a blog where the comment form shows your facebook user name preloaded and 'use facebook profile' is pre-selected?

For that reason I have started logging out of Facebook and only logging in when I visit. These folks are taking an incredible liberty with our personal info. I am starting to get a bit paranoid about it.

I look forward to the brown stuff hitting the fan on March 1 when this new policy kicks in and the mass media start reporting it.

(the +1 button, rarely used but always recording data on page load)

And what about the Analytics?