Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I don't know of any techniques which would allow them to track you on sites that do not link back to their service to force a request from your browser. Their only option would be log mining those sites (which would have to give them their logs) or an extension/plug-in in your browser that would accumulate such a list and send it at regular intervals.

However, with the coverage DoubleClick has on the web, I can pretty much guarantee they can track you on every site if you have their tracking cookie.

Thanks for the info on the mechanics of this process. Very enlightening!
 
If its not closed then Apple deserve an even bigger fine. In fact, they deserve a fine anyway given that they knew the hole existed. You'll probably find others were exploiting the loophole, and that Google were the only ones caught.

If this works how I explained, then it's probably impossible for Apple to close the loophole and it probably wasn't "exploited" by Google on purpose at first (but when made aware of the issue, they should have fixed it immediately with their "test_cookie=CheckPermission" technique they are now using).
 
I switched from Google search to Yahoo. "Do no harm"… what a joke!

Might I recommend:

google9.jpg


The results are clean and remind me of how Google search used to look.

If you want to both laugh and cringe, visit here for why it makes sense to avoid certain search engines.
 
This was no mistake, it was totally INTENTIONAL.

Sure, the hack was intentional, but most likely only known about by the programmer and/or his little group that added it.

(Very doubtful that anyone high up would've approved, at least not without covering themselves with a disclaimer somewhere.)

The mass public seems to have this bizarre idea that software is watched over and vetted all the time. That rarely happens even with critical software such as space system or casino or banking or factory control code. More often, a top developer is simply trusted and if tests go okay, the code is released.

Never look for a conspiracy if something can be explained by sheer stupidity. I'm sure in this case a developer simply thought it was a brilliant workaround and freaked when they found out it caused such a ruckus. (Been there.)
 
Might I recommend:

Image

The results are clean and remind me of how Google search used to look.

If you want to both laugh and cringe, visit here for why it makes sense to avoid certain search engines.

While I know generally what happens to your privacy via Google searches, seeing it listed in detail is indeed scary - though your link has a funny example ("Likes: Herpes" )
 
If its not closed then Apple deserve an even bigger fine. In fact, they deserve a fine anyway given that they knew the hole existed. You'll probably find others were exploiting the loophole, and that Google were the only ones caught.

Yes, and the homeowner who left his door unlocked should be jailed for being victimized in a home-invasion robbery.

:confused:
 
Thanks for the info

I'm sure in this case a developer simply thought it was a brilliant workaround and freaked when they found out it caused such a ruckus. (Been there.)

So some brilliant software engineers have absolutely no moral compass at all, and are happily planning little "software pranks" that they can insert into the software we all use in our daily lives? How reassuring. Since they apparently have no inner personal morality to guide them, it might be a good idea for upper management to let it be known that they do frown on this kind of activity, and anyone caught doing it will be fired immediately. It appears this was not Googles policy at the time. I wonder if it has since changed?
 
An honest mistake. Time to move on.


Where as I agree, move on. I however can not agree to it being an honest mistake. Pretty sure Google saw that loophole and took full advantage of the opportunity. As others have said. It's chump change to them compared to the amount they make/made off of what they did.
 
Just about everyone that does online shopping or banking needs to have cookies enabled. If any default precautions are set by browser manufacturers, it should be a mild alert:

'This site requires cookies to be stored on your computer. These small bits of data help keep your transactions separated from others. The cookies will expire on XX-XX-XXXX. When you are finished visiting this site, you may manually delete the cookies if you desire.'
Internet Explorer 9 has become a consternation for shopping cart programmers because apparently, like Safari, cookies are disabled by default.
 
Geez

One can only imagine what Google does to its "own" herd using Android....all sorts of hidden privacy workarounds to jack up ad money.

This is what happens when a company is founded on getting their money from ad companies and not from selling SW and/or HW to consumers who actually CHOOSE to buy the companies product.

Google makes MS look like choir boys.....they are just SLIMEY!!!
 
However, with the coverage DoubleClick has on the web, I can pretty much guarantee they can track you on every site if you have their tracking cookie.

Yes, but this just seems less evil. I'm directing this at the people here calling Google "evil", by the way. So you're loading their ads, and they get to know which ads you load? That doesn't seem very evil, and having more data on the users as a whole is always good, like the US Census.

----------

Internet Explorer 9 has become a consternation for shopping cart programmers because apparently, like Safari, cookies are disabled by default.

Wait what? Is this some new thing in Safari 6? The security must be getting tighter and tighter. It's like the TSA. I can't just click "download" now and have it download the DMG for me, open the DMG, and open the installer :(
 
So some brilliant software engineers have absolutely no moral compass at all, and are happily planning little "software pranks" that they can insert into the software we all use in our daily lives? How reassuring.

Nobody said it was a prank. It was someone's job to figure out how to get cookies stored under various situations. A brilliant, but probably not very world-wise, young programmer is very likely to make the mistake of thinking any solution is okay.

Since they apparently have no inner personal morality to guide them, it might be a good idea for upper management to let it be known that they do frown on this kind of activity, and anyone caught doing it will be fired immediately. It appears this was not Googles policy at the time. I wonder if it has since changed?

Now you're shooting at the right target. At Google, developers are king. It'd be a pity to change that dynamic, but obviously some more oversight would be helpful.

I've said it a million times: sometimes people make dumb moves. It doesn't mean the company they work for is somehow evil because of their goofs.

It's like when that poor programmer at Apple didn't put any limit or expiration date on the location lookup cache. Remember all the idiotic paranoia and claims that Apple was tracking people? We all screw up at times. That's real life.
 
Two points:
- some of that money should go to the ones that discovered the Google scam
- how much money does Google made thanks to that hack? Maybe 22 m is not too much.
 
The 80% excluded the people who come to MacRumors daily (or even sporadically). Those are the informed. The majority will have no idea what Google has done, and will continue to use it.

That's what Google likely thought, so they settled real quick. Some day this attitude will come back and bite them at the ass. More and more people don't like them now, and it's weird when you're the company which give people great services for free but people still dislike you anyway. This is so different from Apple that charge you dearly.
 
They didn't get what they deserve. $22.5 million is about seven hours of their earnings. What they did violates their supposed motto of do no evil. This is ridiculous. This fine should have a B in it, as in billions.

Billions would be a "G". Billions seems like an unfair amount for something that did no harm to anyone. And the amount of money Google makes per hour is irrelevant to their punishment amount.
 
Nobody said it was a prank. It was someone's job to figure out how to get cookies stored under various situations. A brilliant, but probably not very world-wise, young programmer is very likely to make the mistake of thinking any solution is okay.



Now you're shooting at the right target. At Google, developers are king. It'd be a pity to change that dynamic, but obviously some more oversight would be helpful.

I've said it a million times: sometimes people make dumb moves. It doesn't mean the company they work for is somehow evil because of their goofs.

It's like when that poor programmer at Apple didn't put any limit or expiration date on the location lookup cache. Remember all the idiotic paranoia and claims that Apple was tracking people? We all screw up at times. That's real life.

Yes, I think all the major software companies would do well to establish a "code of conduct" so to speak, some kind of ethical standard that they use throughout the company. Bringing this idea to the forefront seems to be badly needed in todays competitive market. It appears that with most companies, the motto "anything goes as long as we win" is what they live and die by. As long as this is the prevailing philosophy, everybody loses.
 
One can only imagine what Google does to its "own" herd using Android....all sorts of hidden privacy workarounds to jack up ad money.

This is what happens when a company is founded on getting their money from ad companies and not from selling SW and/or HW to consumers who actually CHOOSE to buy the companies product.

Google makes MS look like choir boys.....they are just SLIMEY!!!

You don't have to imagine nothing, it is open source and you can look at what it does but it is easier to believe in conspiracies.

And the last time I looked, smartphones were not free.
 
Yes, and the homeowner who left his door unlocked should be jailed for being victimized in a home-invasion robbery.

:confused:

If the homeowner had been informed that he left his door open and that robbers were snooping around, and decided not to close it then its his own damn problem.

Apple knew about the issue LONG before Google were found to be accidentally exploiting it (yes, it was an accident, a blatant one...they just didn't fix it from their end quick enough when they found out). As far as I can see, Apple are as much at fault as Google here.

Both screed up...not really in a meaningful or big way though, it's been blown way out of proportion by the tin-foil hat club who are convinced some greasy haired hipster sits at a desk in Google HQ looking at their browsing history.
 
People are misunderstanding what actually happened here. DoubleClick presents ads on a page. To track sites where you see DoubleClick ads, DoubleClick requires that you send it a cookie each time you load ads so it recognizes who you are (well, your randomly generated profile number). Safari didn't allow 3rd party cookies. So to get the cookie, you have to click the ad in question. The cookie then gets placed because you land on DoubleClick sites before being redirected to the advertiser's website.

Unless I'm misreading you, what you are saying seems at odds with the reports. I bolded the relevant part. The OP says that, and I quote:

MacRumors said:
Google took advantage of a loophole in Safari's privacy settings designed to prevent placement of third-party cookies by default, using invisible web forms to trick Safari into thinking that users had interacted with Google's ads and thus allowing cookies to be placed on the device.

The original Wall Street Journal article went into more depth, but here are two of the most important lines:

WSJ said:
Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

The major problem is the circumvention did not require any interaction on the user's part other than simply visiting a webpage, contrary to what you say when you claim:

KnightWRX said:
You finally see an ad from DoubleClick about something that interests you. You click it.

No ads had to be clicked for the tracking to occur, and that is precisely the issue here. Invisible forms should not be submitted on your behalf.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.