Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 17, 2012, 08:42 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Google Under Fire for Circumvention of Cookie Settings in Safari for iOS to Track Users




The Wall Street Journal reports that Google and several other advertising agencies have been discovered to be circumventing privacy protections in Apple's Safari browser for iOS devices in order to track users through ads on numerous popular websites. Google implemented the technique in order to embed +1 buttons on its ads, tricking users' systems into allowing cookies by using an invisible form submission to make Google's third-party cookies, which are blocked by Safari, appear as first-party cookies that are allowed.
Quote:
To get around Safari's default blocking, Google exploited a loophole in the browser's privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way--for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

The cookie that Google installed on the computer was temporary; it expired in 12 to 24 hours. But it could sometimes result in extensive tracking of Safari users. This is because of a technical quirk in Safari that allows companies to easily add more cookies to a user's computer once the company has installed at least one cookie.



Google halted the practice once it was contacted by The Wall Street Journal about it, but has tried to downplay the impact of the issue.
Quote:
In a statement, Google said: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."
In a companion blog post, The Wall Street Journal notes that the loophole that had permitted Google to bypass Safari's privacy protections has been closed in WebKit, the open source engine behind Safari, with the change having been made by two Google engineers. Consequently, Apple could and appears to be preparing to bring that fix to the public version of Safari.
Quote:
An Apple spokesman said: "We are aware that some third parties are circumventing Safari's privacy features and we are working to put a stop to it."

An update to the software that underlies Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update. The people who handled the proposed change, according to software documents: two engineers at Google.
The issue was discovered by Stanford graduate student Jonathan Mayer, who has also published an extensive blog post offering additional technical details on how Google and other advertising companies circumvented Safari's default cookie settings.

Article Link: Google Under Fire for Circumvention of Cookie Settings in Safari for iOS to Track Users
MacRumors is offline   2 Reply With Quote
Old Feb 17, 2012, 08:47 AM   #2
lifeinhd
macrumors 65816
 
lifeinhd's Avatar
 
Join Date: Mar 2008
Location: 127.0.0.1
It's like Google is trying to become nothing more than adware or something.

__________________
PowerBook G5, 1.67GHz MacBook Pro, iPhone Nano, iPhone 6, Apple Television Set
lifeinhd is offline   31 Reply With Quote
Old Feb 17, 2012, 08:48 AM   #3
newagemac
macrumors 68000
 
Join Date: Mar 2010
This is completely unacceptable. You would expect this kind of behavior from some type of shady malware outfit. Is this what Google has become? I know the "don't be evil" thing was thrown out the window a long time ago but this is stooping to a new low even for Google.
newagemac is offline   32 Reply With Quote
Old Feb 17, 2012, 08:48 AM   #4
bad03xtreme
macrumors 6502a
 
Join Date: Jul 2009
Location: Northern, VA
Well F you Google.
__________________
bad03xtreme is offline   27 Reply With Quote
Old Feb 17, 2012, 08:49 AM   #5
3N16MA
macrumors 6502a
 
3N16MA's Avatar
 
Join Date: Jul 2009
Location: Space
"Don't be evil."
3N16MA is offline   36 Reply With Quote
Old Feb 17, 2012, 08:49 AM   #6
MonkeySee....
macrumors 68040
 
MonkeySee....'s Avatar
 
Join Date: Sep 2010
Location: UK
Why am I not surprised.
__________________
If youíre busy making everything, how can you perfect anything? - Apple

Always keep the rhythm in your feet and a little party in your shoulders. - Phil Dunphy
MonkeySee.... is offline   20 Reply With Quote
Old Feb 17, 2012, 08:50 AM   #7
Merkuryy
macrumors regular
 
Join Date: Jun 2007
Location: Shanghai, China
And who said Google is "not evil"?
__________________
MBP 2.2ghz iPod Nano 4G(1G) iPod 5G(30G),iPod Shuffle(2G),Sony NW-E407,Creative Muvo2 (4G),iPod Mini(4G),YP-T10(2G),iPod Touch(8G) ,iPod 6G(80G)now
Merkuryy is offline   18 Reply With Quote
Old Feb 17, 2012, 08:51 AM   #8
Mac21ND
macrumors 6502a
 
Mac21ND's Avatar
 
Join Date: Jun 2007
Absolutely disgraceful.
Mac21ND is offline   21 Reply With Quote
Old Feb 17, 2012, 08:51 AM   #9
OrangeSVTguy
macrumors 601
 
OrangeSVTguy's Avatar
 
Join Date: Sep 2007
Location: Northeastern Ohio
This is why google's free. Gotta get their money somehow....
__________________
Browsing the forums from my Powerbook G4
OrangeSVTguy is offline   14 Reply With Quote
Old Feb 17, 2012, 08:52 AM   #10
FloatingBones
macrumors 65816
 
FloatingBones's Avatar
 
Join Date: Jul 2006
This is evil.

This is evil. These yahoos were deliberately working around the privacy/security on a platform. There should be a massive fine and people should be fired from the company.

The really shocking thing is that very smart people within the company noted this loophole and designed the workaround. Did their ethical light-bulbs never go on? Can the government subpoena email records to see how high up the company people knew about this evil act?
FloatingBones is offline   30 Reply With Quote
Old Feb 17, 2012, 08:52 AM   #11
dethmaShine
macrumors 68000
 
Join Date: Apr 2010
Location: Into the lungs of Hell
I am not surprised at either of the things-

- Apple not fixing loopholes in software
- Google circumventing privacy restrictions on software

I know many people who belong to each club (Apple, Google) have adapted to both the facets referred above. Nothing can be done.
__________________
Steve is smiling down from above.
-darkfiber
dethmaShine is offline   -7 Reply With Quote
Old Feb 17, 2012, 08:54 AM   #12
Menel
macrumors 68040
 
Menel's Avatar
 
Join Date: Aug 2011
Location: Atlanta
Google exploits it.
Google fixes it (both on their end, and in Webkit project source)

Sounds like it really was purely unintentional. It's such a short lived behavior, they can't really get anything significant out of it.

Non-issue, only newsworthy because it's mildly interesting.
__________________
iPhone 5, iPad Air TMo, Mac mini i5
Menel is online now   -33 Reply With Quote
Old Feb 17, 2012, 08:54 AM   #13
pixelpro
macrumors member
 
Join Date: Jun 2010
Google's new motto - Do Evil, and then some more!
pixelpro is offline   19 Reply With Quote
Old Feb 17, 2012, 08:55 AM   #14
Rot'nApple
macrumors 65816
 
Rot'nApple's Avatar
 
Join Date: Dec 2006
Location: I DID build that!
"An Apple spokesman said: "We are aware that some third parties are circumventing Safari's privacy features and we are working to put a stop to it."

By buying Google and shutting it down and screw the shareholders, keeping the money! PLEASE!, PLEASE!, PLLLLLLLEEEEEEEEASE!
/
/
/
Rot'nApple is offline   3 Reply With Quote
Old Feb 17, 2012, 08:56 AM   #15
trainwrecka
macrumors regular
 
Join Date: Apr 2007
Location: Texas
Quote:
Originally Posted by Menel View Post
Google exploits it.
Google fixes it (both on their end, and in Webkit project source)

Sounds like it really was purely unintentional. It's such a short lived behavior, they can't really get anything significant out of it.

Non-issue, only newsworthy because it's mildly interesting.
Yup, I "unintentionally" write lines of code all the time that exploit loopholes that benefit me.
trainwrecka is offline   29 Reply With Quote
Old Feb 17, 2012, 08:56 AM   #16
Marcus-k
macrumors regular
 
Join Date: Nov 2011
Quote:
Originally Posted by lifeinhd View Post
It's like Google is trying to become nothing more than adware or something.

Quote:
Originally Posted by newagemac View Post
This is completely unacceptable. You would expect this kind of behavior from some type of shady malware outfit. Is this what Google has become? I know the "don't be evil" thing was thrown out the window a long time ago but this is stooping to a new low even for Google.
Quote:
Originally Posted by bad03xtreme View Post
Well F you Google.
Quote:
Originally Posted by 3N16MA View Post
"Don't be evil."
Quote:
Originally Posted by MonkeySee.... View Post
Why am I not surprised.
Quote:
Originally Posted by Merkuryy View Post
And who said Google is "not evil"?
Quote:
Originally Posted by Mac21ND View Post
Absolutely disgraceful.
Quote:
Originally Posted by FloatingBones View Post
This is evil. These yahoos were deliberately working around the privacy/security on a platform. There should be a massive fine and people should be fired from the company.

The really shocking thing is that very smart people within the company noted this loophole and designed the workaround. Did their ethical light-bulbs never go on? Can the government subpoena email records to see how high up the company people knew about this evil act?

Google only does it when you have it enabled on your account:

"provide features that signed-in Google users had enabled."
Marcus-k is offline   -18 Reply With Quote
Old Feb 17, 2012, 08:56 AM   #17
jon1987
macrumors regular
 
Join Date: Jan 2011
If they behave in this way with someone else's browser, makes you wander what shady activities they get up to on their own.
jon1987 is offline   30 Reply With Quote
Old Feb 17, 2012, 08:58 AM   #18
Big-TDI-Guy
macrumors 68030
 
Big-TDI-Guy's Avatar
 
Join Date: Jan 2007
It's obvious what a farce their slogan was from the beginning. Time to ditch your slogan, it's not helping you anymore.
Big-TDI-Guy is offline   11 Reply With Quote
Old Feb 17, 2012, 08:59 AM   #19
ugahairydawgs
macrumors 68020
 
ugahairydawgs's Avatar
 
Join Date: Jun 2010
Google is just one of the offenders here, and should be drug through the PR wringer for it, but at the end of the day a large chunk of the blame for this needs to be laid at Apple's feet for loading up Macs with software that has such a massive freaking hole.

This is very Internet Explorer-esque.
ugahairydawgs is offline   -16 Reply With Quote
Old Feb 17, 2012, 09:00 AM   #20
spazzcat
macrumors 68000
 
spazzcat's Avatar
 
Join Date: Jun 2007
Quote:
Originally Posted by pixelpro View Post
Google's new motto - Do Evil, and then some more!
No it's, do no evil when someone is looking
spazzcat is offline   16 Reply With Quote
Old Feb 17, 2012, 09:01 AM   #21
jpmcnown
macrumors member
 
Join Date: Aug 2011
Gimme a break. If Apple did this same thing, fanboys would unite in support of a new "feature" of Safari. If you think that Apple is any less nefarious than Google, you are sorely mistaken.
jpmcnown is offline   -28 Reply With Quote
Old Feb 17, 2012, 09:02 AM   #22
dethmaShine
macrumors 68000
 
Join Date: Apr 2010
Location: Into the lungs of Hell
Quote:
Originally Posted by Stella View Post
There's been an update to this story on AppleInsider, which Macrumors should also update accordingly.

http://www.appleinsider.com/articles...k_its_ads.html

Extract:
Update: Google reached out to AppleInsider to share the following comment from the company's senior vice president of Communications and Public Policy, Rachel Whetstone:
The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. Itís important to stress that these advertising cookies do not collect personal information.
Understandable. But they should have put it this way:

Quote:
The Journal caught us circumventing privacy settings. We used a known Safari bug/exploit to extract more information and more information and provide features that signed-in Google users had enabled. Itís important to stress that these advertising cookies do not collect personal information. I mean, believe us for what we say.
__________________
Steve is smiling down from above.
-darkfiber
dethmaShine is offline   9 Reply With Quote
Old Feb 17, 2012, 09:03 AM   #23
jpmcnown
macrumors member
 
Join Date: Aug 2011
Quote:
Originally Posted by ugahairydawgs View Post
large chunk of the blame for this needs to be laid at Apple's feet for loading up Macs with software that has such a massive freaking hole.
Dude, "loopholes" on an Apple, are called "features"
jpmcnown is offline   -10 Reply With Quote
Old Feb 17, 2012, 09:03 AM   #24
dethmaShine
macrumors 68000
 
Join Date: Apr 2010
Location: Into the lungs of Hell
Quote:
Originally Posted by FloatingBones View Post
This is evil. These yahoos were deliberately working around the privacy/security on a platform. There should be a massive fine and people should be fired from the company.

The really shocking thing is that very smart people within the company noted this loophole and designed the workaround. Did their ethical light-bulbs never go on? Can the government subpoena email records to see how high up the company people knew about this evil act?
I know Apple is to blame; they should have fixed the loophole but such a big company using an already known exploit to do something so unethical is beyond me.

The company being Google, is less surprising though. I always knew they would do anything to get whatever data beneficial to them.
__________________
Steve is smiling down from above.
-darkfiber
dethmaShine is offline   9 Reply With Quote
Old Feb 17, 2012, 09:05 AM   #25
mdriftmeyer
macrumors 68020
 
mdriftmeyer's Avatar
 
Join Date: Feb 2004
Location: Pacific Northwest
Quote:
Originally Posted by FloatingBones View Post
This is evil. These yahoos were deliberately working around the privacy/security on a platform. There should be a massive fine and people should be fired from the company.

The really shocking thing is that very smart people within the company noted this loophole and designed the workaround. Did their ethical light-bulbs never go on? Can the government subpoena email records to see how high up the company people knew about this evil act?
Authorization for this comes from the top.
mdriftmeyer is offline   12 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Google Launches 'Google Play Movies & TV' App, iOS Chromecast Users Gain Alternative to iTunes MacRumors MacRumors.com News Discussion 130 Mar 15, 2014 10:33 PM
Google to Pay $17 Million Settlement to States in Safari Privacy Circumvention Case MacRumors MacRumors.com News Discussion 93 Nov 20, 2013 09:03 PM
Google to Pay $22.5 Million Settlement in Safari Privacy Circumvention Case MacRumors MacRumors.com News Discussion 182 Aug 12, 2012 07:07 PM
Google and FTC Near Deal for Record $22.5 Million Fine over Safari Privacy Circumvention MacRumors MacRumors.com News Discussion 90 Aug 7, 2012 10:48 PM
Any users left Google Chrome for Safari? klmaj Mac Applications and Mac App Store 15 Jul 25, 2012 10:19 PM

Forum Jump

All times are GMT -5. The time now is 07:56 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC