Google reportedly ignoring Safari users' privacy settings to better track its ads [u]

Posted:
in Mac Software edited January 2014


Google has joined other online advertisers in intentionally circumventing the privacy settings of desktop and iOS Safari users in an effort to better track their web browsing activity [updated with comment from Google].



According to an investigation by Wall Street Journal, Google and at least three other smaller web ad networks (Vibrant Media, Media Innovation Group and Gannett PointRoll), have purposely overridden Safari's browser privacy settings using code that misrepresents its ads as being a user-initiated form submission.



The default settings of Safari block cookies "from third parties and advertisers," a setting that is supposed to only allow sites that the user is directly interacting with to save a cookie (client side data that remote web servers can later access in subsequent visits).



Advertisers like Google save cookies on users' browsers so they can track their browsing habits across the various websites they place their ads on, and these "third party" cookies are expressly what the setting is designed to block.



The report notes that "Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer."









While the cookies were set to expire with a day or two, the report states that a "technical quirk in Safari" subsequently "allows companies to easily add more cookies to a user's computer once the company has installed at least one cookie," resulting in "extensive tracking of Safari users."



Google's hack around Safari's browser privacy settings was discovered by Stanford researcher Jonathan Mayer and "independently confirmed by a technical adviser to the Journal, Ashkan Soltani," who the site reported to have found Google's circumvention code enabling tracking for about a third of the web's top 100 sites for either desktop users or iOS users.



The Wall Street Journal named a wide variety of top websites, including Google's own YouTube, Aol, About.com, Comcast, NYTimes, YellowPages.com, Match.com and Fandango, as testing positive for Google's circumvention code, but noted that "there is no indication that any of the sites knew of the code" that Google was placing on their pages as a third party web advertising network.



The report cited Michael Balmoris, a spokesperson for AT&T, the operator of YellowPages.com, as saying "We were not aware of this behavior," and "we would never condone it."



It also cited an unnamed "official" from Apple as saying "we are working to put a stop" to the circumvention of Safari's privacy settings by advertisers like Google.



Google itself issued a statement saying the Wall Street Journal "mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."



Update: Google reached out to AppleInsider to share the following comment from the company's senior vice president of Communications and Public Policy, Rachel Whetstone:

Quote:

The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.



Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to “+1” things that interest them.



To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous--effectively creating a barrier between their personal information and the web content they browse.



However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.



Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google’s Ads Preferences Manager.



Vibrant Media, another web advertiser using similar tactics to Google's, called the circumvention a "workaround" intended to "make Safari work like all the other browsers," because other major browsers, including Google's own Chrome and the almost exclusively Google-financed Mozilla Firefox, do not block third party cookie tracking by default.



Google is already under government scrutiny regarding its privacy policies. In a settlement last year with the US Federal Trade Commission, the company agreed not to "misrepresent" privacy practices to customers or pay a fine of $16,000 per violation per day.









However, in its own online privacy guide, Google represented to Safari users that they did not need to do anything to opt out of its advertising cookies because "Safari is set by default to block all third-party cookies. If you have not changed those settings, this option effectively accomplishes the same thing."



Google has since removed that wording from its site, and after being contacted by the Wall Street Journal, has also reportedly disabled the tracking code to circumvent Safari's privacy settings.







[ View article on AppleInsider ]

«13456

Comments

  • Reply 1 of 106
    Heinous.
  • Reply 2 of 106
    It's the mysterious iframe--the standard HTML element for many revisions and yet to be sandboxed seamlessly in Chrome and Safari.



    Sandbox the bastard already. I'd really like to not have 2 sets of CSS files. to make iframes match the look n' feel of their parent window container.
  • Reply 3 of 106
    I guess if you customers aren't willing to pay for your product you have got to find somebody you can screw to make a buck. After all, it costs a lot of money trying to copy Apples every move.
  • Reply 4 of 106
    mstonemstone Posts: 11,510member
    Javascript is your friend.
  • Reply 5 of 106
    cpsrocpsro Posts: 3,192member
    The Internet is just too hard for the geniuses at Google, and so is the smartphone business. When the only way you can make a buck is by screwing people behind their backs, maybe you need to find another line of work.
  • Reply 6 of 106
    swiftswift Posts: 436member
    Quote:
    Originally Posted by Icelus View Post


    I guess if you customers aren't willing to pay for your product you have got to find somebody you can screw to make a buck. After all, it costs a lot of money trying to copy Apples every move.



    Remember when Google did things like G-mail? Nice stuff. They bought YouTube, and aside from not being able-- or not caring-- to remove the stupidest, nastiest comments section on the Internet, it's a very cool thing. But this deliberate betrayal of the consumer's wishes? Not acceptable. As the days go by, the less I think of them. I checked that box! Get your filthy hands off Safari!
  • Reply 7 of 106
    More of Google's "Do no evil" disinformation mantra exposed
  • Reply 8 of 106
    I still can't believe in this day and age that privacy is an issue, you have none, the government knows everything, Apple knows EVERYTHING, Micro$oft knows EVERYTHING, now Google also know EVERYTHING.



    Apple even gives developers on iOS free access to your entire contact list and history without a hint of permission!!



    So in the end, who cares about privacy, it is only an illusion to think you have any at all anyway! Try building a shed in your backyard and not telling the government! LOL



    The same way jQuery had to put in fixes to bypass how SHIT Internet Explorer is, companies bypass Safari's pretend security. Don't freak out, don't stress yourself into a coma, just take a deep breath and enjoy your life... fear is the tool of the controlling class.
  • Reply 9 of 106
    Besides, this site makes its money from Google adds, I'd think it's selfish to use the site and try to block Google's cookies, you should do you best to support the site by helping Google continue to pay for its existence!



    Competition is awesome, if Google wasn't around Apple would stop innovating and release new features even slower cause as we all know Microsoft stopped innovating a decade ago when it had no competition, there's no reason to think Apple wouldn't do the same. We need Google and even... *gulp*... Micro$oft, in order to help Apple be all it can be!
  • Reply 10 of 106
    irelandireland Posts: 17,798member
    I hate Google.
  • Reply 11 of 106
    adonissmuadonissmu Posts: 1,776member
    I smell a law suit
  • Reply 12 of 106
    cpsrocpsro Posts: 3,192member
    Quote:
    Originally Posted by anthropic View Post


    I still can't believe in this day and age that privacy is an issue, you have none, the government knows everything, Apple knows EVERYTHING, Micro$oft knows EVERYTHING, now Google also know EVERYTHING.



    I see the Internet is too hard for you, too. It doesn't have to be that way, just as it isn't for medical records.



    Incidentally, Microsoft knows almost nothing.
  • Reply 13 of 106
    Quote:
    Originally Posted by anthropic View Post


    Apple even gives developers on iOS free access to your entire contact list and history without a hint of permission!!



    It has always been against Apple's App Store policy to access and store a users' contacts without express permission. But it is amusing to hear Google defenders bring up Apple's restrictions as not being restrictive enough after trumpeting how free and open Android is.



    Which is it, do you want impenetrable protection from all possible imagined threats or complete untethered freedom from anything that could be described as restrictive or potentially inconvenient?



    The issue here is pretty clear: Safari is set to block ad cookies unless users allow them, and Google has been purposely defeating this feature expressly to track users that don't want to be tracked. It's even misrepresenting to users WHO GO TO A PAGE TO OPT OUT how the cookie blocking works.



    That's beyond "oops, we saved too much data because of an oversight," it's pretty damned criminal.
  • Reply 14 of 106
    Quote:
    Originally Posted by anthropic View Post


    Competition is awesome, if Google wasn't around Apple would stop innovating and release new features even slower cause as we all know Microsoft stopped innovating a decade ago when it had no competition, there's no reason to think Apple wouldn't do the same.



    Actually, there's a very good reason -- Apple has been innovating long before Google even existed, and Apple's real competitor is Apple itself. They must outdo themselves. The fact that they are outdoing Microsoft and Google on product quality and user experience is merely a side-effect of their own high standard. They are not compelled by third-party competition to perform and achieve excellence. It's in their own DNA.
  • Reply 15 of 106
    Quote:
    Originally Posted by Cpsro View Post


    I see the Internet is too hard for you, too. It doesn't have to be that way, just as it isn't for medical records.



    Incidentally, Microsoft knows almost nothing.



    I see someone who is ignorant yet still attempts to be condescending.
  • Reply 16 of 106
    iqatedoiqatedo Posts: 1,822member
    Quote:
    Originally Posted by anthropic View Post


    I still can't believe in this day and age that privacy is an issue, you have none, the government knows everything, Apple knows EVERYTHING, Micro$oft knows EVERYTHING, now Google also know EVERYTHING.



    Apple even gives developers on iOS free access to your entire contact list and history without a hint of permission!!



    So in the end, who cares about privacy, it is only an illusion to think you have any at all anyway! Try building a shed in your backyard and not telling the government! LOL



    The same way jQuery had to put in fixes to bypass how SHIT Internet Explorer is, companies bypass Safari's pretend security. Don't freak out, don't stress yourself into a coma, just take a deep breath and enjoy your life... fear is the tool of the controlling class.



    So, what Google has done is okay then?
  • Reply 17 of 106
    Quote:
    Originally Posted by Corrections View Post


    It has always been against Apple's App Store policy to access and store a users' contacts without express permission. But it is amusing to hear Google defenders bring up Apple's restrictions as not being restrictive enough after trumpeting how free and open Android is.



    Which is it, do you want impenetrable protection from all possible imagined threats or complete untethered freedom from anything that could be described as restrictive or potentially inconvenient?



    The issue here is pretty clear: Safari is set to block ad cookies unless users allow them, and Google has been purposely defeating this feature expressly to track users that don't want to be tracked. It's even misrepresenting to users WHO GO TO A PAGE TO OPT OUT how the cookie blocking works.



    That's beyond "oops, we saved too much data because of an oversight," it's pretty damned criminal.



    http://www.appleinsider.com/articles...ress_book.html



    I don't recall defending Google, I actually think it is pretty poor form what they did. Evil, I think would be a lame and insulting thing to call it, I think stupid and arrogant is more appropriate.



    I don't think either the Apple contacts security failure or the Google cookie permission failures deserve the level of venom people spit at them. All corporations make bad decisions, they get told about them and fix the issue and try harder to avoid it, but it will always happen. I still think it is former Micro$oft employees penetrating both Apple and Google
  • Reply 18 of 106
    Quote:
    Originally Posted by IQatEdo View Post


    So, what Google has done is okay then?



    See above
  • Reply 19 of 106
    paul94544paul94544 Posts: 1,027member
    If you are being lied to, you are being controlled



    If you are being controlled, your are being lied to



    Nothing every changes , what do people who have power and control want?

    Answer: more power and control



    Let them have their fun, we are all damned
  • Reply 20 of 106
    [QUOTE=anthropic;2048593]I still can't believe in this day and age that privacy is an issue, you have none, the government knows everything, Apple knows EVERYTHING, Micro$oft knows EVERYTHING, now Google also know EVERYTHING.[QUOTE]



    What's that anagram.. um.. FUD, yeah, FUD



    Apple knows everything i do but ah, don't need to make a buck of it, cause people buy things off them.



    Google sells everything they know that i do to other people, for whatever they can. Cause that is how they make money.



    I don't have an issue with privacy. i have an issue with people harvesting and selling what they collect because they don't have the brain power to actually think anything cool up that people would be willing to pay them for.



    Unsolicited adversiting is illegal, stalking is illegal. and Google does what exactly?
Sign In or Register to comment.