Friday, February 17, 2012

Google, others, caught red-handed bypassing Safari Web browsing privacy settings

The Wall Street Journal has accused Google --- but not just Google --- of sidestepping Apple's Web privacy policies on iOS. The report was prompted by an observation by Stanford researcher Jonathan Mayer, and confirmed independently by the Journal's own Ashkan Soltani.

Google, and others listed in the report (Vibrant Media, Media Innovation Group and PointRoll) were found to be using “similar techniques,” according to the report. The Journal said the companies were using "special computer code" to tricks Apple's Safari Web browser, on both desktops and --- probably more importantly for many --- on Apple's mobile platform, iOS, as well.

After being contacted by the WSJ, Google promptly disabled its code. That looks both good --- and bad --- for the Internet giant, for although it eliminates the "special code," it also is a tacit admission of "guilt."

Rachel Whetstone, Google senior vice president of communications and public policy, released the following statement:

"The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. "However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content–such as the ability to “+1” things that interest them.

"To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between their personal information and the web content they browse.

"However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information."

The explanation, therefore, is that even if Safari was set to block this sort of behavior, Google was able to detect if a user was signed in to his or her Google account, and if those account settings "allowed" tracking, they sidestepped the Safari settings.

Google added that those using Internet Explorer, Firefox, or Chrome were unaffected. Also unaffected were those who completely opted out of Internet-based ad targeting.

Media Innovation Group and PointRoll have not commented. Vibrant Media said it would have a statement shortly.

It's not the only privacy furball involving Apple products to be spotlighted this week. Earlier, a dust-up over iOS apps grabbing entire contact lists without explicitly asking for permission, a violation of Apple's iOS policies, arose. Since then, not only have apps been modified to eliminate that behavior, Apple said a software update would enforce its policy.

No comments: