Google Under Fire for Circumvention of Cookie Settings in Safari for iOS to Track Users

[marksman]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

Better be congressional letters going out on this. This is intentional and fraudulent. Much bigger issue then not having address book controls. That was an oversight. This is deliberate.

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

It's like Google is trying to become nothing more than adware or something.

This is completely unacceptable. You would expect this kind of behavior from some type of shady malware outfit. Is this what Google has become? I know the "don't be evil" thing was thrown out the window a long time ago but this is stooping to a new low even for Google.

Well F you Google.

"Don't be evil."

Why am I not surprised.

And who said Google is "not evil"?

Absolutely disgraceful.

This is evil. These yahoos were deliberately working around the privacy/security on a platform. There should be a massive fine and people should be fired from the company.

The really shocking thing is that very smart people within the company noted this loophole and designed the workaround. Did their ethical light-bulbs never go on? Can the government subpoena email records to see how high up the company people knew about this evil act?

Google only does it when you have it enabled on your account:

"provide features that signed-in Google users had enabled."

Does google explain the setting circumvents your cookie privacy settings? Unlikely.

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

Gimme a break. If Apple did this same thing, fanboys would unite in support of a new "feature" of Safari. If you think that Apple is any less nefarious than Google, you are sorely mistaken.

Really? So you claim iAds circumvents cookie settings for Ios safari? Or you just talking out your backside. I suspect you simply do not understand how egregious this is. This is a serious violation done knowingly to circumvent a users security and privacy settings. Feel free to share a single example of apple doing this.

Realize for apple the users are the customers. For google the advertisers are the customers and the users are the commodity.

This is not a no big deal all companies do stuff like this. It is serious and significant

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

I love that fAndroid nerds are blaming Apple for this: "It's clearly Apple's fault for leaving such a large loophole. How could Google not exploit it?"

"It's clearly Mr. Jones' fault that his car got stolen, your honor. He left the keys in the car. How could I not steal it?"

Haha that is the exact analogy I had in mind.

Big difference between overlooking something as opposed to actively exploit something to circumvent a end users desired security.

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

Google only does it when you have it enabled on your account:

"provide features that signed-in Google users had enabled."

I have to agree... they only do what you allow them to do.

Please show me a screen shot of the google setting where you authorize them to go around your browser security settings.

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

What a weird conversation to read. If this was a browser other than Safari, the conversation would start with:

"Security flaw in browser xxx allows tracking of cookies without user permission"

And the conversation would then proceed to bash the hell out of the browser and the company that made the browser.

Lol no.

 

[Rodimus Prime]

to me this is a reason why you run ad blocking software on your computer. It is kind of hard for any of this to happen if ads themselves are blocked from loading.

Another more advance thing you can do is do a host file edit and add on some of the big sites to the host file and have it go to 127.0.0.1 Makes it truly impossible to load.

This is not anywhere close to the worse type of cookie system I have seen. It is rather minor compared to the flash exploit that I am not sure has even been solved. That is the flash cookies so to speak complete ingore the browser settings, install cookies and if you delete the cookies it will recreate them automaticly. That put this one to shame.

While not good that Doubleclick, this whole needs to be patch ASAP because Google is much more trust worthy that most of the other companies that would use this hole.

 

[marksman]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

I love that fAndroid nerds are blaming Apple for this: "It's clearly Apple's fault for leaving such a large loophole. How could Google not exploit it?"

"It's clearly Mr. Jones' fault that his car got stolen, your honor. He left the keys in the car. How could I not steal it?"

The difference is, Apple left their front door open with a sign inviting people in, and decided to walk around naked, and called Google a peeping Tom.

You clearly have no understanding of the issue and I have called the analogy police on you.

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

The why did you immediately stop the practice once it was discovered??

Because it's wrong, you know it's wrong, and you got caught.

Bad move Google.

Are you sure it was not because the exploit (uh - feature) was actually fixed in WebKit?

You realize that makes google look worse? They fixed it in webkit but continued to exploit it for safari iOS users? That just proves they were up to no good and were aware what they were doing was wrong.

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

Why do people think it is ok to blame the victim? This is insane. Have people forgotten what is right from wrong? Just because something is technically legal in one country does not make it "right".

Apple isn't the victim. The people that trusted Apple to make software without security holes are.

Actually the users who wanted google to not intentionally and deliberately violate their privacy are the victims.

It is impossible to prevent every possible security hole in advance. A five year old can control themselves enough to not exploit something.

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

If you look at your response and the post you were responding to, it sure seems as if you were calling Apple the victim.

----------



For one, we are talking about Apple, that go around pretending they have the safest systems around...

They all claim to have the safest systems around. So are you saying it is okay to screw their users over to prove them wrong?

Do you think Google's advertisers knew they were exploiting a hack to get their ads to show up favorably? Do you think those advertisers would like it if a news story broke that they were knowingly exploiting a security hack developed to reach iOS users? Do you think those advertisers would assume their potential customers would feel it was no big deal that they exploited a security hole to market to them?

What is funny is if a google advertiser did something 1% as nefarious as this google would ban them for life without any explanation.

 

[Rodimus Prime]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)



You realize that makes google look worse? They fixed it in webkit but continued to exploit it for safari iOS users? That just proves they were up to no good and were aware what they were doing was wrong.

you realize that it is two different groups that are working on each project and chances are their is new to zero communication between the two groups.

 

[entatlrg]

Steve Jobs warned against Google, rightfully so. Google shows its true colors - again.

I just wish there was a suitable alternative to gmail. Google got that one right. But I'd rather not use any of Google's services. I strongly dislike the company yet use their services. Hypocritical of me, I realize.

 

[Rodimus Prime]

Steve Jobs warned against Google, rightfully so. Google shows its true colors - again.

I just wish there was a suitable alternative to gmail. Google got that one right. But I'd rather not use any of Google's services. I strongly dislike the company yet use their services. Hypocritical of me, I realize.

well you could leave them and use other search systems like bing.

 

[benthewraith]

That's what you should expect from a company that makes money by gathering user data.

For search, use DuckDuckGo.
If you want social, use Facebook, Twitter. Not Google Plus. Even better, don't use any.
For email, you have a plethora of options. Use them with your favorite mail application (Apple's Mail, Thunderbird, Sparrow...)

Just boycott Google.

Do you have any idea the sheer volume of information Facebook collects? Anything with a Facebook-like button tags you, regardless of whether you've clicked the links. Same with Twitter.

 

[Wicked1]

Perfect reason why I do not use Google apps, Android, or anything else, only thing I have no choice to use is Google Search, however one reason I will never go to Android, who knows what they are doing with their software on those devices.

This is one lawsuit I can see would make sense for Apple but who knows.

 

[marksman]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)

Steve Jobs warned against Google, rightfully so. Google shows its true colors - again.

I just wish there was a suitable alternative to gmail. Google got that one right. But I'd rather not use any of Google's services. I strongly dislike the company yet use their services. Hypocritical of me, I realize.

I agree gmail is top notch. I ran my own mail server for 15 plus years but googles spam filtering is second to none.

 

[mvnjpy]

It's like you people don't know how to read or something. Google did place cookies, but they did not use it to track anyone. Why else would they patch it up themselves? Also, why is nobody blaming Safari instead since it's their problem really.

 

[flottenheimer]

@macrumors (to whomever it might concern)

Google is not an advertising agency.
Google is (in this case) a media company.

Advertising agencies make ads (and a lot of other things).
Media companies buys media, place and host ads on various platforms and media (sometimes owned by themselves). And they do a lot of campaign tracking.

 

[Lennholm]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)



You clearly have no understanding of the issue and I have called the analogy police on you.

You "called the analogy police" on that but cheered on for this?:

I love that fAndroid nerds are blaming Apple for this: "It's clearly Apple's fault for leaving such a large loophole. How could Google not exploit it?"

"It's clearly Mr. Jones' fault that his car got stolen, your honor. He left the keys in the car. How could I not steal it?"

That analogy is terrible if you're trying to make Apple the victim because
1. Every insurance company in the world is going to blame Mr. Jones and refuse to pay up
2. It's illegal to leave your car with the keys in it
3. Ignorance is never a valid defense in a court

------------------------------------------

You don't know me from spit so you sure as heck have no idea what I think unless I state it explicitly, and I would apply my logic to Microsoft, Oracle, SAP or any other company wherein another company writes code intended to circumvent security measures to gain access and exploit users of that company's products for profit. This is not some lone hacker, or group of coders trying to embarrass a company into doing a better job and fix weak security. This is a publicly traded company that wrote code to benefit financially by defeating security measures and without notice to the users, profit from their personal history. That I find that behavior reprehensible and in direct opposition to Google's own code of ethics does not make me an Apple apologizer. That Google stopped when it came to light in the WSJ would indicate they knew it was wrong as well. That you can't tell the difference is your problem.

True, I don't know you, so if you're telling me that you regularly think "Poor Microsoft, they've had their nice browser exploited by evil wrongdoers again, I feel sorry for them" then I believe it and apoligize for calling your posts Apple-apologetic.
But you keep going on about how Google has done wrong which I haven't opposed at all, I have only opposed the idea that Apple is a victim.
You're the one who can't see the difference between criticising Apple and excusing Google.

 

[JAT]

It's like you people don't know how to read or something. Google did place cookies, but they did not use it to track anyone. Why else would they patch it up themselves? Also, why is nobody blaming Safari instead since it's their problem really.

Hmm, you know we covered all that in this thread already, right? Because you know how to read, presumably.

 

[VulchR]

It seems to me that Google intentionally tried to circumvent users' preferences not to be tracked. You can argue all you want about whose fault it is, but in the end Google to the actions that violated privacy and Apple did not. Apple might be seen as culpable or negligent, but the primary perp in this piece is Google. My lack of trust in Google is one of the reasons why I doubt I'll ever used Android and the main reason I am certain I will never use gmail.

What really makes me angry about this sort of thing is that companies like Google think users are stupid. Mind you, judging from the success of Android, perhaps they're right....

 

[notabadname]

"Oh, but Google is Sooo GOOD, with free software, open environment . . . . "

When are people going to really start becoming aware of Google's "Big Brother" access to our world and lives. From the street-view image in which you can see my car in the garage and kid's bikes in the driveway, to satellite imagery and the ability to search my name using all the data they have mined from various sites. Where I live, what I drive, that I have kids, where I shop, what I browse on the internet . . . .

The list goes on. And it makes the complaints people used to have against Microsoft look like a joke.

 

[theelysium]

Just like you can use an alternate search and email engine (for example) you can avoid youtube as well.

They can be 100 percent avoided if you really wanted. And it's ok that you don't boycott them 100% too. Boycott them as much as you want.

The problem with avoiding YouTube is that none else does... so you are bound to it by society.

I love Vimeo.. it's way better.

 

[Nuvi]

Google, Facebook and the rest should buried and forgotten. Their business is profiling their users not providing service to them. When you think about it, private users are not their clients to begin with. They are here to provide information about us to advertisers.

 

[Renzatic]

"Oh, but Google is Sooo GOOD, with free software, open environment . . . . "

When are people going to really start becoming aware of Google's "Big Brother" access to our world and lives. From the street-view image in which you can see my car in the garage and kid's bikes in the driveway, to satellite imagery and the ability to search my name using all the data they have mined from various sites. Where I live, what I drive, that I have kids, where I shop, what I browse on the internet . . . .

Why does Street View bother people so much? I could understand if it had peoples names, their average yearly income, number of kids in the house, and times they went to work floating over all the houses. But no. All it does is give you an address. It's about the same as me driving down a road I've never been down before, and looking at everything.

Also, you can check out all the information Google has on you quite easily. I've looked up my Google advertiser profile before, and it's incredibly generic. It was just a list of 10 or so subjects I like based on what websites I've visited. Like 3D design, types of movies I usually watch, favorite book subjects, games I like to play, my hardcore lesbian elephant porn fetish. Things only an advertiser would find a use for.

Admittedly, it is a little creepy. But it could be far, far more invasive.

 

[chris7777]

Why does Street View bother people so much? I could understand if it had peoples names, their average yearly income, number of kids in the house, and times they went to work floating over all the houses. But no. All it does is give you an address. It's about the same as me driving down a road I've never been down before, and looking at everything.

Also, you can check out all the information Google has on you quite easily. I've looked up my Google advertiser profile before, and it's incredibly generic. It was just a list of 10 or so subjects I like based on what websites I've visited. Like 3D design, types of movies I usually watch, favorite book subjects, games I like to play, my hardcore lesbian elephant porn fetish. Things only an advertiser would find a use for.

Admittedly, it is a little creepy. But it could be far, far more invasive.

the whole problem is because so many like you don't care now, the "little creepy": will eventually be Far far more invasive.

If it were a leech draining them of their blood , but since it doesn't kill them, does anyone think they would just shrug their shoulders, and go, oh well , nothing I can do about, it, and it, doesnt even really hurt that bad because of the anesthetic(services google provides "freely") so its no big deal, im just gonna leave it alone.

 

[Renzatic]

You know, I do kinda want to write off your post as hyperbole, but after reading about Google's new privacy changes...

I dunno.

Right now, it's not so bad. A bunch of advertisers learn I like psychological horror flicks, crime movies, videogames, and 3D modeling. That doesn't bother me in the least. I mean hell. Those are my interests. If I'm gonna be harassed by advertisements, they might as well be advertisements for stuff I might potentially like.

But linking to my Google Plus page? Scanning my gmail inbox? Skewing Google search results to their own services as opposed to what I was actually looking for? That's just cheesy. I hate sounding like an overly paranoid idiot, but the potential for abuse is too hard to ignore.

I'm gonna see how it goes. It might be much ado over nothing. But if it does start getting bad, I'll consider Degoogling myself.

 

[dethmaShine]

Wirelessly posted (Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3)



I agree gmail is top notch. I ran my own mail server for 15 plus years but googles spam filtering is second to none.

I agree. Google has some great AI experts for Spam filtering algorithms. Unbelievably awesome.

On topic, after a day of thinking about this issue, it seems like a major violation of user privacy and security.

I don't know but someone should step up against Google and file an anti-trust issue against the company with respect to this very specific issue. This seems to be a very intentional breach and things like this shouldn't be permissible at all.

I would be very disappointed if a company like Google gets away with this. I've never used the 'no-cookie' mode but I have absolutely no idea as to what Google is up to overall. Since 1st January 2012, this is the 5th scam in which Google is/was knowingly involved. I don't know where else Google is doing similar things or the intentions of the company in general.

This is unacceptable.

 

[jacobj]

"Oh, but Google is Sooo GOOD, with free software, open environment . . . . "

When are people going to really start becoming aware of Google's "Big Brother" access to our world and lives. From the street-view image in which you can see my car in the garage and kid's bikes in the driveway, to satellite imagery and the ability to search my name using all the data they have mined from various sites. Where I live, what I drive, that I have kids, where I shop, what I browse on the internet . . . .

The list goes on. And it makes the complaints people used to have against Microsoft look like a joke.

I've been reading through this thread and several thigs stand out:

- Apple has a vulnerability in their browser. They are at fault for that and need to fix it.

- Google is a data gathering / mining company. They believe that algorithms applied to enough data can change the world to a degree never before witnessed. To them gathering data is not a privacy issue because their intent is good.

- Google's own developers fixed the flaw in the open source code

- someone at Google noticed that they could not deliver certain features and also came up with the solution. This one simply did not show up on the "isn't that a little wrong" radar. At worst it was one or two rogue and overly ambitious developers and Google needs to control it in future.

- however the main issue I have is how easy it is for us to take the information we have at hand and put together compelling arguments that justify our bias or paranoia. We are so convinced that we can't see with any clarity. Ask yourselves how vulnerable you are if a group takes advantage of a widespread social concern. You display the same blindness as the Germans had of the Nazis. An extreme example I know, but at a fundamental level, completely true (I think. I could have a theory here and be looking for ways to justify it ;-).

 

[kdarling]

Right now, it's not so bad. A bunch of advertisers learn I like psychological horror flicks, crime movies, videogames, and 3D modeling. That doesn't bother me in the least. I mean hell. Those are my interests. If I'm gonna be harassed by advertisements, they might as well be advertisements for stuff I might potentially like.

Actually, the advertisers don't know anything about a person. It's Apple and Google who store information associated with an individual.

Remember, folks, advertisers simply provide the ads to Google/Apple. They do not know anything about YOU personally.

It's Google and Apple who choose who sees a particular ad. That's how they make their ad money: from anonymously providing targeted viewers. They do NOT sell that valuable info directly to advertisers. That would be foolish.

This is a HUGE distinction that passes right over most people's heads.

Also, you can check out all the information Google has on you quite easily. I've looked up my Google advertiser profile before, and it's incredibly generic.

Yes, Google's ad info is surprisingly generic and often wrong. Plenty of news articles out there about how Google thinks young women who look at high-priced tech must be older males, for example

My Google ad profile listed electronics, computers (makes sense), and toys (from looking up presents for the kids and grandkids). But it had me pegged as 35-40 or something, and I'm in my late '50s. Cool, I must act younger

https://www.google.com/settings/ads/preferences

Or something like that. You can edit what Google "knows" about you and you can even block any previous advertiser you don't want to see ads from again.

I don't think Apple gives us that much control with iAds, which draws on sources such as detailed personal information from our iTunes purchase history.

 

[Renzatic]

It's Google and Apple who choose who sees a particular ad. That's how they make their ad money: from anonymously providing targeted viewers. They do NOT sell that valuable info directly to advertisers. That would be foolish.

This is a HUGE distinction that passes right over most people's heads.

A huge distinction I actually had no idea about. I always assumed they sold demographic information directly to advertisers. Nothing quite as personal as names, phone numbers, what restaurants you frequent based off of Android GPS tracking, and whatnot. Rather more along the lines of "X amount of people prefer product Y. we can sell you the analytics for the people who prefer product Y based off what websites they tend to visit, so you can perform more focused advertising". It's a little creepy in the sense that it's so encompassing, and there no real way to escape being pegged if you don't wanna be. But it's ultimately no more sinister than everyone being a Nielsen family member.

But if only Google has access to the analytical data, and they're only selling the right for them to advertise others products to you, then it's not even that bad.

Though to play devil's advocate, the potential for abuse does make me arch my eyebrow a bit. But hell, it's really inescapable when it comes right down to it. If Google weren't doing the deed, Apple would be. If not Apple, then Microsoft. If not Microsoft, then someone else. Advertisers want your information so they can sell you their products, and someone somewhere is going to find a way to provide it to them. At least Google has, so far, been responsible with all the info. They're just kinda pushy in the ways they get it.

Yes, Google's ad info is surprisingly generic and often wrong. Plenty of news articles out there about how Google thinks young women who look at high-priced tech must be older males, for example

My Google ad profile listed electronics, computers (makes sense), and toys (from looking up presents for the kids and grandkids). But it had me pegged as 35-40 or something, and I'm in my late '50s. Cool, I must act younger

Yeah, I know it. I went through this stage where I wanted to learn how to cook. Found out that, despite my many talents, I can't number culinary skills among them. Hell, I managed to screw up chili and spaghetti. I didn't think that was possible. But I did it. And a lot of people suffered horribly because of my mistakes.

But because I was looking up recipes, learning to cook, and whatnot, Google has me pegged as being a chef wannabe. So now I see these ads for recipes and cooking websites. It's like they're rubbing my failure in my face.

I hate them so much.

 

[MacNut]

Doesn't Apple track as well with iAds, As of now I have not found a way to turn those off.