Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:15 PM
Thomas Claburn
Thomas Claburn
Connect Directly

Google's Privacy Invasion: It's Your Fault

If we really wanted privacy, we would turn off JavaScript, block ads, and browse in privacy mode through an anonymous proxy. But we would rather have free services.

Google stepped in it, again. The company was caught bypassing the privacy settings of those using Apple's Safari Web browser, which unlike other major browsers blocks third-party cookies by default. Google, like just about every other online company, relies on cookie files to improve ad relevancy, to identify users, and to deliver online services.

The Wall Street Journal, which Friday broke the story as part of its ongoing investigation into online privacy, reports that Google, along with at least three other advertising companies--Vibrant Media, WPP PLC's Media Innovation Group, and Gannett's PointRoll--"exploited a loophole in the browser's privacy settings" to place a cookie file on OS X and iOS devices such as iPhones using Safari.

The incident has prompted Consumer Watchdog, a consumer advocacy group critical of Google's privacy practices, to call for intervention from the Federal Trade Commission. Another consumer advocacy group, the American Consumer Institute, said, "Google’s willful disregard for the privacy choices of consumers and the privacy policies of Apple is a new low even for Google."

Google insists the Wall Street Journal report "mischaracterizes what happened and why." The company says it "used known Safari functionality to provide features that signed-in Google users had enabled" and that it did not collect personal information.

[ Google has been under fire for its planned privacy policy change. Read Google Rejects EU Request On Privacy Policy Consolidation. ]

Google hasn't helped its case by ceasing to use the HTML code that overrode Safari's default behavior. That looks like an admission of guilt. But let's step back for a moment and examine the situation.

The American Consumer Institute's contention Google willfully disregarded "the privacy choices of consumers and the privacy policies of Apple" isn't accurate.

Google disregarded the privacy choices of Apple, which chooses to block third-party cookies by default in its browser. And Google has nothing to do with Apple's privacy policies, which describe how Apple handles customer data.

Google argues that it manipulated Safari to resolve contradictory browser settings. Safari blocks third-party cookies by default. At the same time, Apple has implemented exceptions to Safari's third-party cookie blocking to allow social features like the +1 button to function.

Rachel Whetstone, SVP of communications and public policy, said in a statement that Google deployed its workaround code "to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to '+1' things that interest them."

The fact that other Google cookies got set, Google insists, was accidental. "The Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser," Whetstone explained. "We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information."

Were it not for the fact that Google's advertising cookie opt-out help page stated explicitly that Safari's default setting was the functional equivalent of opting out, Google's explanation might suffice.

But rewind now to the July 2011 release of OS X Lion. With Lion came Safari 5.1, which included for the first time third-party cookie blocking by default.

Could Apple's decision to block third-party cookies by default have been influenced by its competition with Google, a company that depends on advertising and cookies?


Recommended Reading:

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 4 / 4
User Rank: Apprentice
2/18/2012 | 3:13:54 PM
re: Google's Privacy Invasion: It's Your Fault
Well said. The only thing I disagree with is the suggestion that Google would consider the Software as a Service approach. Fundamentally, capitalism would not permit it as people would just find a new search engine.

<<   <   Page 4 / 4
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-13
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access.
PUBLISHED: 2020-08-13
Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access.
PUBLISHED: 2020-08-13
Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access.
PUBLISHED: 2020-08-13
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials.
PUBLISHED: 2020-08-13
Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version may allow an authenticated user to potentially enable denial of service via local access.