or Connect
AppleInsider › Forums › Software › Mac Software › Safari user sues Google over claimed privacy violation
New Posts  All Forums:Forum Nav:

Safari user sues Google over claimed privacy violation

post #1 of 108
Thread Starter 
A user of Apple's Safari, the default web browser of every Mac and iOS product, is suing Google Inc. after it came to light that the world's largest internet company had implemented a tracking system that allegedly violates federal wiretapping and privacy laws.

Attorneys for Matthew Soble filed the complaint on Tuesday in Delaware's federal court, and are seeking class-action status for the suit which asserts that Google knowingly sidestepped certain Safari privacy settings in order to track users' web activities, reports Bloomberg.

“Google’s willful and knowing actions violated” federal wiretapping laws and other computer-related statutes, the complaint said.

The issue was brought to the fore when The Wall Street Journal reported that Google had instituted code that bypassed standard Safari privacy settings and allowed the company to insert advertising cookies on an affected device.

Unlike most popular browsers, Apple's Safari is set by default to blocks cookies, or small bits of code that are meant to identify users when they return to a previously visited site. However, cookies can also afford websites to track users' movements when surfing the internet, though Google claims that its code did not execute any such function.

Cookies can be activated in Safari if a user gives permission by either clicking a pop-up window asking to allow for cookie storage or by purposely interacting with certain website features.


Safari settings menu regarding cookie handling.


In order to get around the privacy settings, Google's DoubleClick ad serving platform reportedly exploited a Safari "loophole" that "tricked" the browser into thinking that a user was purposely interacting with an ad by automatically sending an invisible form. Safari subsequently allowed the installation of a temporary cookie as if the user purposely affirmed the procedure.

Ads on 22 of the 100 most-visited websites, as ranked by Quantcast, implemented the DoubleClick workaround.

Google denies any wrongdoing and stated: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."

After being contacted by WSJ, the internet search engine immediately disabled the code and later removed information from a company site noting that users can rely on Safari's default settings to prevent Google tracking.




Other advertising companies also use the technique, such as Vibrant Media, which implements the "workaround" to "make Safari work like all the other browsers."

The recent events have brought privacy rights into question and caught the eye of advocacy group Consumer Watchdog, which sent a letter to the Federal Trade Commission asking that action be taken against the Mountain View, Calif., company.

“Safari users with the browser set to block third-party cookies thought they were not being tracked,” said Consumer Watchdog Privacy Project Director John Simpson. “Nonetheless, because of an element invisible to the user, but designed to mimic a form, DoubleClick was able to set tracking cookies in an obvious violation of the set preference.”

Going further, lawmakers are also looking into the Safari case, with West Virginia Senator John D. Rockefeller IV saying that he intends to determine the extent to which Google used the technique to "circumvent consumer choice."

[ View article on AppleInsider ]
post #2 of 108
I'm curious why Google didn't do this to Firefox, Opera, and the rest.

In before "Chrome is WebKit and Safari is WebKit2, so Google would know the absolute ins and outs of Safari better than any others and therefore would be able to circumvent its stuff more easily," because I've already thought of that.
post #3 of 108
Quote:
Originally Posted by Tallest Skil View Post

I'm curious why Google didn't do this to Firefox, Opera, and the rest.

In before "Chrome is WebKit and Safari is WebKit2, so Google would know the absolute ins and outs of Safari better than any others and therefore would be able to circumvent its stuff more easily," because I've already thought of that.

Microsoft is saying they're doing it to IE, too: http://blogs.msdn.com/b/ie/archive/2...-settings.aspx
post #4 of 108
Quote:
Originally Posted by J.R. View Post

Microsoft is saying they're doing it to IE, too: http://blogs.msdn.com/b/ie/archive/2...-settings.aspx

http://www.networkworld.com/communit...oogle-vs-truth
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #5 of 108
So much for not being evil.
post #6 of 108
Quote:

"Everyone does it" is not a defense. It's not even an excuse. It's inexcusable on the face of it.
post #7 of 108
Quote:
Originally Posted by Tallest Skil View Post

"Everyone does it" is not a defense. It's not even an excuse. It's inexcusable on the face of it.

Of course it's not a defense. I completely agree. I've told my son and daughter the same more than once.

MS should have taken action two years ago when it was brought to their attention. . .
of course that assumes they thought it was important.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #8 of 108
We were just using Javascript. What's the big deal?

Everything is legal as long as you don't get caught.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #9 of 108
Quote:

A little blurb on why you're posting the link would help us know your position, interest facts that would encourage us to click though and perhaps go in with an understanding of where you're coming from should we disagree.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #10 of 108
Quote:
Originally Posted by Gatorguy View Post

Of course it's not a defense. I completely agree. I've told my son and daughter the same more than once.

MS should have taken action two years ago when it was brought to their attention. . .
of course that assumes they thought it was important.

The technique with IE is different from the technique with Safari. In both cases the vendor of the browser is ultimately the one who let it happen. Not saying there may be some legal issues for Google but the browsers left the door open by mistake. In the case of Firefox they left the door open on purpose.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #11 of 108
Quote:
Originally Posted by Tallest Skil View Post

I'm curious why Google didn't do this to Firefox, Opera, and the rest.

In before "Chrome is WebKit and Safari is WebKit2, so Google would know the absolute ins and outs of Safari better than any others and therefore would be able to circumvent its stuff more easily," because I've already thought of that.

Apparently, Microsoft is accusing Google of similarly bypassing IE privacy settings.

oops, late freight
post #12 of 108
Quote:
Originally Posted by SolipsismX View Post

A little blurb on why you're posting the link would help us know your position, interest facts that would encourage us to click though and perhaps go in with an understanding of where you're coming from should we disagree.

I thought the link was reasonably balanced, presenting different views, with links to supporting docs. In other words a good reference with additional resources if you're interested in past background articles of the history dealing with the issues mentioned.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #13 of 108
Quote:
Originally Posted by AppleInsider View Post

A user of Apple's Safari, the default web browser of every Mac and iOS product, is suing Google Inc. after it came to light that the world's largest internet company had implemented a tracking system that allegedly violates federal wiretapping and privacy laws.



Good for him. This stuff needs to stop.

Surfing the web can be downright creepy lately, with ads popping up for some specific/unusual search you did 3 days ago. I saw a news article on some unusual locale, so I looked it up and checked it out. Likely I looked at 3 or 4 different map/tourist/historical/demographic sites. Now I am barraged with ads for vacationing there.

Quote:
Originally Posted by AppleInsider View Post

In order to get around the privacy settings, Google's DoubleClick ad serving platform reportedly exploited a Safari "loophole" that "tricked" the browser into thinking that a user was purposely interacting with an ad by automatically sending an invisible form. Safari subsequently allowed the installation of a temporary cookie as if the user purposely affirmed the procedure.

If that is not criminal behavior, it should be.
post #14 of 108
How stupid is Google? With everyone looking over their shoulder they go and do something like this! This is akin to posing as the "gas man" to gain entry into someone's house to case the place. It doesn't matter if they come back later and steal anything or not. They gained access by posing as something they weren't. That is a serious breach of privacy. True, tracking your website usage isn't nearly as serious as trespassing on someone's property, but it's still dirty-handed.
Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.
Reply
Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.
Reply
post #15 of 108
I've been fighting this cat & mouse game with DoubleClick for years. I thought I had it licked with the Ghostery extension but lately a lot of things won't work on web pages anymore unless I turn off the extension. It's a never ending battle.
post #16 of 108
Quote:
Originally Posted by Gatorguy View Post

I thought the link was reasonably balanced, presenting different views, with links to supporting docs. In other words a good reference with additional resources if you're interested in past background articles of the history dealing with the issues mentioned.

I only chose to read it after you replied to TS. Otherwise I didn't have interest. You went to the trouble to post the link give us interest to click it, that's all I'm saying.


Quote:
Originally Posted by ljocampo View Post

I've been fighting this cat & mouse game with DoubleClick for years. I thought I had it licked with the Ghostery extension but lately a lot of things won't work on web pages anymore unless I turn off the extension. It's a never ending battle.

I've come across that, too. Even things like Disqus comment on Engadget are blocked by Ghostery. I wonder if that's intentional or if they are wrapping these ads and analytics so deep that it breaks parts of the pages if not loaded.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #17 of 108
It seems that what Google was doing was sneaky, scummy, backhanded and illegal!

And they did it to MS too! Why doesn't Apple and Microsoft join together and sue Google, for illegally exploiting both of their browsers?

And there should definitely be class action suits against Google for their illegal invasion of privacy, like the one mentioned in the OP.

Besides having easy access to malware, I wonder what hidden surprises Android phones come with when somebody either buys one or is given one for free? I wouldn't trust shit that Google says or claim, they'll lie right to your face, while illegally gathering info on you and tracking you. Do the ignorant people who buy junky Android phones which comes with a free OS think that Google is doing it out of the goodness of their heart?

Some ignorant fools and degenerate Fandroids whine and bitch about Apple? Apple is a saint compared to Google.
post #18 of 108
Quote:
Originally Posted by Mike Fix View Post

So much for not being evil.

Google's don't be evil mantra is bullsh*t.

Google has a horrible privacy rights record. Trying to ween myself off but their search engine is still the best, imo.
post #19 of 108
Quote:
Originally Posted by Apple ][ View Post

It seems that what Google was doing was sneaky, scummy, backhanded and illegal!

It was all of those things.
post #20 of 108
Quote:
Originally Posted by mstone View Post

The technique with IE is different from the technique with Safari. In both cases the vendor of the browser is ultimately the one who let it happen. Not saying there may be some legal issues for Google but the browsers left the door open by mistake. In the case of Firefox they left the door open on purpose.

If you read the Microsoft blog post, you'll note that the behavior of the browsers is in accordance to the standard. Google (and others) are abusing the standard as it is currently written and implemented, plain and simple.

The default is to ignore malformed or unknown requests, this allows for future expandability. Google's P3P line isn't anything close to what they should be telling the browsers. In fact they completely ignore the standard and say so!

Microsoft has had to take a non-standard approach in order to further protect IE 9 users.
Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.
Reply
Disclaimer: The things I say are merely my own personal opinion and may or may not be based on facts. At certain points in any discussion, sarcasm may ensue.
Reply
post #21 of 108
I in general hate tech lawsuits but I did a double take on this one. While you can argue the browser should be smart enough to block this sort of thing, this is Google circumventing a users preference to privacy. It is not a case of Google choosing the most efficient way to deliver content that just so happens to expose a deficiency in the browser. It is blatant.

Quote:
Originally Posted by mjtomlin View Post

How stupid is Google? With everyone looking over their shoulder they go and do something like this! This is akin to posing as the "gas man" to gain entry into someone's house to case the place. It doesn't matter if they come back later and steal anything or not. They gained access by posing as something they weren't. That is a serious breach of privacy. True, tracking your website usage isn't nearly as serious as trespassing on someone's property, but it's still dirty-handed.

I think the gas man example draws an excellent parallel.
post #22 of 108
Quote:
Originally Posted by ljocampo View Post

I've been fighting this cat & mouse game with DoubleClick for years. I thought I had it licked with the Ghostery extension but lately a lot of things won't work on web pages anymore unless I turn off the extension. It's a never ending battle.

Suggest you download "Little Snitch", it stops the tracking of any site you don't want tracking you.
post #23 of 108
Everybody hop on the burn Google bandwagon!! Most people are blowing this waaay out of proportion, either due to ignorance, misunderstanding, or an over eager willingness to bash google. Ridiculous.
post #24 of 108
Quote:
Originally Posted by mjtomlin View Post

If you read the Microsoft blog post, you'll note that the behavior of the browsers is in accordance to the standard. Google (and others) are abusing the standard as it is currently written and implemented, plain and simple.

The default is to ignore malformed or unknown requests, this allows for future expandability. Google's P3P line isn't anything close to what they should be telling the browsers. In fact they completely ignore the standard and say so!

Microsoft has had to take a non-standard approach in order to further protect IE 9 users.

Winner. Legal standard no one reads
post #25 of 108
Quote:
Originally Posted by mikepro View Post

Everybody hop on the burn Google bandwagon!! Most people are blowing this waaay out of proportion, either due to ignorance, misunderstanding, or an over eager willingness to bash google. Ridiculous.

Its like the PATH fiasco. Its fun to be part of the mob. More fun to be against it as well.
post #26 of 108
Quote:
Originally Posted by mikepro View Post

Everybody hop on the burn Google bandwagon!! Most people are blowing this waaay out of proportion, either due to ignorance, misunderstanding, or an over eager willingness to bash google. Ridiculous.

No, Google isn't anything but in the wrong here.
post #27 of 108
I am the opposite of a Google fan-boy (in fact, I often wonder how there can be such a thing). Excluding search, I find most Google products and services to be a usability nightmare. That being said, I am not so sure that I agree that what Google did in this case is really really blameworthy.

Sure, there is an argument to be made that the "form trick" they pulled constitutes circumvention of Safari's privacy settings, but that argument strikes me as being a bit pedantic. Assuming, arguendo, that Google's statement about this trick serving only to enable features enabled by logged-in Google users, then what, really, is the harm? Ostensibly the only users affected would be those that wanted features enabled that wouldn't have worked without the "hack." Isn't the web full of instances where creative engineering was used to achieve interoperability across a wide variety of devices?

One thing is for certain, Google should dispense with the "Do no evil" bit. They are a corporation seeking to maximize shareholder value - they are governed by various bodies of U.S. and International law, not some holistic and unified sense of morality.

I am perfectly willing to stand corrected on this issue, but I frequently see "troll" posts in this forum by the Apple-haters, and I would like to think that we don't succumb to the same rush to judgment about Google as so-many Android fans have done to us.
post #28 of 108
Quote:
Originally Posted by mikepro View Post

Everybody hop on the burn Google bandwagon!! Most people are blowing this waaay out of proportion, either due to ignorance, misunderstanding, or an over eager willingness to bash google. Ridiculous.

Bullshit! Do you have a 5" Android piece of shit phone in your pocket, which led you to make such an outrageous and ridiculous post?

This is a blatant abuse of privacy and trust, far worse than any so-called outrage or scandal that Apple has been involved in.

For example, I have no problems with having my credit card linked to my Apple ID. No way in hell would I ever do the same when it comes to Google, because I simply do not trust them.
post #29 of 108
Quote:
Originally Posted by Apple ][ View Post

Bullshit! Do you have a 5" Android piece of shit phone in your pocket, which led you to make such an outrageous and ridiculous post?

This is a blatant abuse of privacy and trust, far worse than any so-called outrage or scandal that Apple has been involved in.

For example, I have no problems with having my credit card linked to my Apple ID. No way in hell would I ever do the same when it comes to Google, because I simply do not trust them.

Like the PATH Fisaco. Burn google, burn apple. Whats left? RIM, windows 7, meego, symbian, bada, and webos
post #30 of 108
Quote:
Originally Posted by ljocampo View Post

I've been fighting this cat & mouse game with DoubleClick for years. I thought I had it licked with the Ghostery extension but lately a lot of things won't work on web pages anymore unless I turn off the extension. It's a never ending battle.

Quote:
Originally Posted by SolipsismX View Post

I only chose to read it after you replied to TS. Otherwise I didn't have interest. You went to the trouble to post the link give us interest to click it, that's all I'm saying.

I've come across that, too. Even things like Disqus comment on Engadget are blocked by Ghostery. I wonder if that's intentional or if they are wrapping these ads and analytics so deep that it breaks parts of the pages if not loaded.

The only website that I need to turn it off is NFL for their video streaming. The rest work just fine though my list of regular sites may significantly less than both of you.



------
Quote:
Originally Posted by Neruda View Post

Google's don't be evil mantra is bullsh*t.

Google has a horrible privacy rights record. Trying to ween myself off but their search engine is still the best, imo.

That 'mantra' have long gone but it is (almost) the number one reason why people hate Google nowadays - when you connect the dots on what they have been doing with things like this, with their previous 'do no evil' corporate image.
post #31 of 108
Quote:
Originally Posted by deanbar View Post

Suggest you download "Little Snitch", it stops the tracking of any site you don't want tracking you.

Just this month Little Snitch started asking me if I really wanted to connect to google.com; saying that it could not verify the site. This came up on EVERY website I visited. I immediately cancelled my gmail account and it stopped.
post #32 of 108
One thing I haven't read in all the threads about this is, how can we fix it? Is Apple going to fix it? Is there a setting or something we can tweak?

I've manually gone through the cookies on my iMac and weeded them from 2500+ down to about 40 "legitimate" ones.

It makes me very unhappy that after manually deleting a bunch of crap, after an hour of browsing there's another 50 cookies from sites I did not visit - "Block cookies from 3rd parties and advertisers" seems to be completely and utterly broken / useless.

Why is there no option to have it just ask you for every cookie request if you want to allow or not? I'd like to see which sites I visit are playing these scummy games and sideloading cookies.

As much as I am unhappy with Google for deliberately exploiting this flaw, I'm also disappointed in Apple for not fixing the flaw in the first place.
post #33 of 108
Quote:
Originally Posted by Atashi View Post

One thing I haven't read in all the threads about this is, how can we fix it? Is Apple going to fix it? Is there a setting or something we can tweak?

I've manually gone through the cookies on my iMac and weeded them from 2500+ down to about 40 "legitimate" ones.

It makes me very unhappy that after manually deleting a bunch of crap, after an hour of browsing there's another 50 cookies from sites I did not visit - "Block cookies from 3rd parties and advertisers" seems to be completely and utterly broken / useless.

Why is there no option to have it just ask you for every cookie request if you want to allow or not? I'd like to see which sites I visit are playing these scummy games and sideloading cookies.

As much as I am unhappy with Google for deliberately exploiting this flaw, I'm also disappointed in Apple for not fixing the flaw in the first place.

its a standard that should have been fixed
post #34 of 108
Quote:
Originally Posted by Atashi View Post

It makes me very unhappy that after manually deleting a bunch of crap, after an hour of browsing there's another 50 cookies from sites I did not visit - "Block cookies from 3rd parties and advertisers" seems to be completely and utterly broken / useless.

And you're blaming Apple.

Quote:
Why is there no option to have it just ask you for every cookie request if you want to allow or not? I'd like to see which sites I visit are playing these scummy games and sideloading cookies.

Because who wants to click through twenty dialogue boxes before they get to a site?

If ABSOLUTELY NOTHING else, I would like a "protected cookies" option. Where you tick a box and that cookie is locked so when you go to "remove all", those aren't removed.

Quote:
As much as I am unhappy with Google for deliberately exploiting this flaw, I'm also disappointed in Apple for not fixing the flaw in the first place.

How is this at all Apple's fault? They JUST heard about it.
post #35 of 108
How do I get in on this class action?
post #36 of 108
Quote:
Originally Posted by TheDavid311 View Post

How do I get in on this class action?

It's not a class action.
post #37 of 108
Quote:
Originally Posted by Just_Me View Post

Like the PATH Fisaco. Burn google, burn apple. Whats left? RIM, windows 7, meego, symbian, bada, and webos

Not quite the same thing at all. Unlike Google, Apple was not the one who was collecting and gathering any data. If that PATH social network did it or if any other apps did it, then that was something that should clearly not be allowed. Unlike Google, Apple is not a shitty advertising company that relies on ads and deceiving users for their income.

"Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," the statement says. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."
post #38 of 108
Quote:
Originally Posted by Tallest Skil View Post

It's not a class action.

Not yet. They are seeking class action status.
post #39 of 108
Quote:
Originally Posted by Apple ][ View Post

It seems that what Google was doing was sneaky, scummy, backhanded and illegal!

And they did it to MS too! Why doesn't Apple and Microsoft join together and sue Google, for illegally exploiting both of their browsers?

And there should definitely be class action suits against Google for their illegal invasion of privacy, like the one mentioned in the OP.

Besides having easy access to malware, I wonder what hidden surprises Android phones come with when somebody either buys one or is given one for free? I wouldn't trust shit that Google says or claim, they'll lie right to your face, while illegally gathering info on you and tracking you. Do the ignorant people who buy junky Android phones which comes with a free OS think that Google is doing it out of the goodness of their heart?

Some ignorant fools and degenerate Fandroids whine and bitch about Apple? Apple is a saint compared to Google.

Interesting read: http://techcrunch.com/2012/02/21/the-last-alliance/
post #40 of 108
This is why I personally use a Littlesnitch, it told me about all Google little tricks of phoning home when I did not want them doing it, I have block most of Google's servers especially it analytic data collection servers. What people also do not fully realize if you have a gmail or google account it is able to track you on any and all computer you log into, even if you log out it is still tracking your activities.

The other thing I do when I use google for searching for information I run my connection via proxy server somewhere else in the world. This way they can not track it back to my home location. Face it Google goal in live is to know you better than you know yourself and then share that information with anyone who is willing to pay for. Most all of you freely give up your rights when you get free google accounts, you exchange your privacy for free things.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › Safari user sues Google over claimed privacy violation