Google Under Fire for Circumvention of Cookie Settings in Safari for iOS to Track Users

[praetorian909]

The sixth point of the 10-point corporate philosophy of Google says "You can make money without doing evil."*

*Addendum: But you can make a little more money by doing a little evil.

Google has been slowly losing my trust. I worried about the big change coming with their giant blanket new privacy policy that's coming soon.

http://www.extremetech.com/computing/115425-google-is-fubar

 

[flipperfeet]

Where does jpmcnown say anything like that? He was responding to a post that claimed Apple is the victim, which it certainly isn't

jpmcrown implies that the hack is excusable because Apple isn't the victim or did not take enough precautions. Google exploited this specifically to take advantage of the user's information unbeknownst them. They perpetrated this against both Apple systems and their end users. The question is not was Apple the victim, it is, was Google intentionally doing something Apple and the end user would not agree to if asked. They clearly were.

Just because I can flush cyanid down my American Standard toilet it does not absolve me from all the carnage it causes downstream because American Standard did not put in the correct safety precautions, especially when it was my intent to get it downstream. In this instance Google willfully did "evil"

 

[samcraig]

I'm sick of Google I want to boycott them. It pisses me off that they bought youtube..... jerks.... now they can't be 100% avoided.

Just like you can use an alternate search and email engine (for example) you can avoid youtube as well.

They can be 100 percent avoided if you really wanted. And it's ok that you don't boycott them 100% too. Boycott them as much as you want.

 

[lkrupp]

This is why google's free. Gotta get their money somehow....

This is what people keep forgetting about Google. They are NOT a technology company. They are an advertising company. They make their money by collecting and selling customer data to advertisers. Android, Chrome, GMail, Google Earth, the list goes on, are all free for one reason and one reason only and that is to collect information and sell it. If Google can't collect customer data and sell it they are out of business over night. It really is that simple.

 

[petsounds]

The issue was discovered by Stanford graduate student Jonathan Mayer

I would hazard to guess Mr. Mayer will not be receiving a job offer from Google any time soon. But good on him.

I know some of the ad people at Google, and the ones I've met are good people who wouldn't actively pursue something this nefarious with their clients. I suppose this directive came from higher up in the company.

 

[nsayer]

You made me think about closing my Gmail account and install my own mailserver in a virtual machine provider, like Linode.

Yup. I'd never use an email service provider that I wasn't paying. I ran my own mail server in my garage for just short of 20 years before moving it to a VSP - again, that I pay for.

Can my VSP provider sniff around in my server's RAM and storage and get all sorts of personal information? Sure. But I can't possibly imagine what their motivation might be given that if they were ever found out, they'd probably lose all of their customers.

It's like the erstwhile online poker sites. Though there was one particularly visible exception, most of them ran honest games and had top-drawer security. Why? Because they made far, far more money keeping the games honest and raking the pots than they would likely make by cheating or tolerating cheaters. As a player, their interests and mine coincided, and that made all the difference.

----------

I would hazard to guess Mr. Mayer will not be receiving a job offer from Google any time soon. But good on him.

I know some of the ad people at Google, and the ones I've met are good people who wouldn't actively pursue something this nefarious with their clients. I suppose this directive came from higher up in the company.

"their clients?"

You don't think for a moment that that includes you, do you?

----------

Just like you can use an alternate search and email engine (for example) you can avoid youtube as well.

They can be 100 percent avoided if you really wanted. And it's ok that you don't boycott them 100% too. Boycott them as much as you want.

http://www.theonion.com/video/google-opt-out-feature-lets-users-protect-privacy,14358/

 

[0134168]

"Don´t be evil. Evil is me"

 

[petsounds]

"their clients?"

You don't think for a moment that that includes you, do you?

Nope. When did I say I was one of their clients? Thanks for assuming though.

 

[lilo777]

Article's title is misleading

Obviously, Google did not circumvent anything. Google's web servers just can't do that. They placed cookies that Safari allowed them to place. How is that a circumvention? It's a design flaw in Safari. Just another example of Apple not taking security seriously. Somehow, Google did not "circumvent" Internet Explorer or Mozilla or Opera. Google is not in the business of "enforcing Safari's settings". The idea of disabling cookies in the browser is to make sure that the browser does not allow web sites to place the cookies which Safari failed to do.

 

[Rodimus Prime]

They said they stopped as soon as the WSJ confronted them with it. It had nothing to do with any fixes or updates with Webkit.

Chances are the person who got contacted had no clue it was in use and put a stop to it as soon as they found out.

At many companies the higher ups do not look at the details if everything is going well. The Ivy tower (management) has no clue what is going on in the field so to speak. Often times directions from the top are conflicting. They demand one thing but hand tie with the other. They complain no matter what you do.

I am willing to bet there are plenty of things at all companies that are like that.

 

[Marcus-k]

So tracking user privacy information is considered a "FEATURE" by Google and you?! How about you post your credit card number here so that you can have one more "FEATURE" in MacRumors?

They save your previous searches to give you more relevant information in your future searches. It can easily be disabled in your account settings.

 

[flipperfeet]

This is what people keep forgetting about Google. They are NOT a technology company. They are an advertising company. They make their money by collecting and selling customer data to advertisers. Android, Chrome, GMail, Google Earth, the list goes on, are all free for one reason and one reason only and that is to collect information and sell it. If Google can't collect customer data and sell it they are out of business over night. It really is that simple.

So you are arguing that if one uses Google products she or he is providing tacit approval for Google to gather their personal information by any means possible, even when it involves exploiting a security workaround, or our intent not to share it? In other words, that use implies consent? That's not actually how privacy laws work in North America and Europe.

 

[Lennholm]

jpmcrown implies that the hack is excusable because Apple isn't the victim or did not take enough precautions. Google exploited this specifically to take advantage of the user's information unbeknownst them. They perpetrated this against both Apple systems and their end users. The question is not was Apple the victim, it is, was Google intentionally doing something Apple and the end user would not agree to if asked. They clearly were.

Just because I can flush cyanid down my American Standard toilet it does not absolve me from all the carnage it causes downstream because American Standard did not put in the correct safety precautions, especially when it was my intent to get it downstream. In this instance Google willfully did "evil"

I'll let him/her speak for himself/herself on that part but that's not what I read into it anyway.
But making Apple out to be a victim in this is ridiculous, THEY left a security flaw unpatched and the only ones that may have been a victim of anything are the users.
Google didn't do anything to Apple, hence Apple is not a victim and with that I'm not saying it excuses wat Google did.

I'm willing you to bet you wouldn't apply your logic to Microsoft and call them a victim for having the security flaws in Internet Explorer exploited.

Your reasoning is nothing but Apple-apologetic spin

 

[ownamac]

Resistence is futile. Install Chrome.

 

[ugahairydawgs]

So you are arguing that if one uses Google products she or he is providing tacit approval for Google to gather their personal information by any means possible, even when it involves exploiting a security workaround, or our intent not to share it? In other words, that use implies consent? That's not actually how privacy laws work in North America and Europe.

I think it is safe to assume that if you use Google service you should be aware that they are doing everything in their power to collect as much information about you as humanly possible for the purpose of selling ads.

A person's level of comfort with that kind of arrangement is going to vary from person to person.

 

[nsayer]

Nope. When did I say I was one of their clients? Thanks for assuming though.

That can be read two ways:

1. "I am not one of their clients, since I do not buy advertising or user tracking data from Google."

2. "I am not one of their clients, since I do not use Google search, gmail, YouTube or any of the other various consumer services that they offer."

The way I meant it when I said "you don't think [their clients] includes you, do you?" was in sense number 1.

It *sounds* to me like your reply meant it in sense #2, in which case you're missing the entire point.

As I said earlier, users of Google services are not Google customers. They are the product being sold.

 

[GermanyChris]

You know you don't have to use Google services on an Android phone. They're optional.
Amazon's Android Appstore isn't tied to Google in any way.

My G1 has been offline for a while..Android the way google makes it really isn't bad..But every purchase of and android phone makes google a stronger presence for better or worse.

 

[flipperfeet]

I'll let him/her speak for himself/herself on that part but that's not what I read into it anyway.
But making Apple out to be a victim in this is ridiculous, THEY left a security flaw unpatched and the only ones that may have been a victim of anything are the users.
Google didn't do anything to Apple, hence Apple is not a victim and with that I'm not saying it excuses wat Google did.

I'm willing you to bet you wouldn't apply your logic to Microsoft and call them a victim for having the security flaws in Internet Explorer exploited.

Your reasoning is nothing but Apple-apologetic spin

You don't know me from spit so you sure as heck have no idea what I think unless I state it explicitly, and I would apply my logic to Microsoft, Oracle, SAP or any other company wherein another company writes code intended to circumvent security measures to gain access and exploit users of that company's products for profit. This is not some lone hacker, or group of coders trying to embarrass a company into doing a better job and fix weak security. This is a publicly traded company that wrote code to benefit financially by defeating security measures and without notice to the users, profit from their personal history. That I find that behavior reprehensible and in direct opposition to Google's own code of ethics does not make me an Apple apologizer. That Google stopped when it came to light in the WSJ would indicate they knew it was wrong as well. That you can't tell the difference is your problem.

 

[pubwvj]

Why the surprise? Google has long been doing "Evil". They're about profits. Nothing to see here. Move along and go about your business. These are not the Androids you seek.

 

[petsounds]

That can be read two ways:

1. "I am not one of their clients, since I do not buy advertising or user tracking data from Google."

2. "I am not one of their clients, since I do not use Google search, gmail, YouTube or any of the other various consumer services that they offer."

The way I meant it when I said "you don't think [their clients] includes you, do you?" was in sense number 1.

It *sounds* to me like your reply meant it in sense #2, in which case you're missing the entire point.

As I said earlier, users of Google services are not Google customers. They are the product being sold.

Err…what? No, my original post meant "clients" as in, ad agencies who use Google's Doubleclick for their ad placement services. So when you replied, it sounded like you were accusing me of being one of Google's clients.

 

[LostSoul80]

Who the hell cares? Google, do whatever you want with my cookies.

So many hypocrite people.

 

[nsayer]

Err…what? No, my original post meant "clients" as in, ad agencies who use Google's Doubleclick for their ad placement services. So when you replied, it sounded like you were accusing me of being one of Google's clients.

Well, then we're in violent agreement.

Carry on!

 

[rjohnstone]

This is tongue-in-cheek right? Haven't you overlooked the Android OS?

Stock Android OS (AOSP) has no Google services installed.
None what so ever.

Every CM ROM released does not contain any Google apps or services either, not even the Market.
You have to install them separately if you want to use them.

 

[tigerphilosophy]

100s cookies even with Safari on "PRIVATE"

So THIS is why my browser gets bogged down with tons of crap (er 'scuse me, cookies) despite denying 3rd party cookies and having the browser set to private.

How about enabling as a permanent feature in safari preferences to reset safari anytime I quit? It would help maintain some anonymity.

 

[Judas1]

You have to have google+ installed and be signed in for the cookie to be installed. All these outrages over a cookie, and we don't even know what the cookie does. If you use a lot of Google services, they have a lot of information on you already. What's one more cookie?