We all know Google has a history of privacy-related misdemeanors but a report in the Wall Street Journal last week suggests the search giant hasn’t learn from its mistakes.
The report, about the findings of Stanford researcher, Jonathan Mayer, showed Google was circumventing users’ privacy settings in Apple’s Safari internet browser.
Apple blocks cookies from third parties and advertisers by default. This should mean that if you use Safari, advertisers shouldn’t be able to track you as you move from site to site on the web.
Google discovered a way to get around this. A technical glitch in the Safari application could be used to allow Google (and others) to get around the restriction. This in turn allowed advertisers to install their cookies and track them from site to site.
Google claimed that if users had signed into Google then they were implicitly asking for features that Apple was blocking – in this case, the ability to click the +1 button that Google has added to advertising on websites. In the company’s opinion, this overrode Apple’s attempts to block such features.
In good company?
For all Google’s posturing about being justified in circumventing Apple’s restrictions, it has reacted quickly, disabling its code. It has also changed statements on its site advising how people can opt out of having advertisers track users.
The site previously claimed Safari users were already protected from advertising tracking. This statement has been removed.
Since the discovery that Google was circumventing users' privacy settings in Safari, a similar claim has been made about Google getting around the default privacy settings in Microsoft’s Internet Explorer.
While this claims seems to be true, Microsoft is using a privacy protection standard called P3P that is yet to be widely accepted or adopted.
There is software people can use to permanently stop tracking from advertisers on Google’s networks. But this software is not available for Safari and wouldn’t be available for Safari on the iPhone or iPad in any case.
Lest we think it’s only Google that has been caught with its fingers in the “cookie jar”, Facebook removed a page this weekend (cached version) that also highlighted how to circumvent Safari’s restrictions. Ironically, this was on a page called Developer Best Practices.
Not that long ago, Facebook sparked outrage when it was found to be still tracking users after they had logged out of the service. It seems that, despite such lessons, companies such as Google are still willing to risk public anger rather than jeopardise profits from advertising.
Privacy and ethics
There is also the perception by Google, Facebook and others that, just because the public is sharing more things with more people, there is a corresponding decrease in concern about privacy. Obviously this is a convenient belief to hold and possibly explains why these companies are not setting themselves higher ethical standards.
In this they are helped by the public’s still-limited understanding about privacy on the internet and, more importantly, people’s lack of knowledge of what they can do to protect their privacy.
Software manufacturers are not helping very much. The help file for Safari’s private browsing mode, for instance, says Safari does not keep information about “pages you visit, your search history, or your AutoFill information”.
Safari’s private browsing mode, Apple’s web site informs us, “also stops storing your searches, cookies, and the data in online forms you fill out".
In fact, it does delete cookies, as do the privacy modes of Firefox, Internet Explorer 9 and yes, Google’s Chrome, although cookies are only deleted after the browser session is closed.
Sharing cookies
Another little-known fact is that Google shares cookies across all of its different sites. This occurs even if you are not logged into Google. A particular identifier (“NID”) is set in a cookie as soon as you visit one of Google’s sites, such as www.google.com and then is passed to other sites, such as YouTube.
In this way, Google is still able to collect information from visitors when they are not logged in. Cookies that are installed on your machine when you visit a Google site are created to last at least six months.
US representatives Edward J. Markey, Joe Barton and Cliff Stearns have called on the US Federal Trade Commission (FTC) to investigate Google’s evasion of Safari’s privacy settings.
We will wait and see what the FTC does. In Google’s case, it seems clear only legislation will make it change its behaviour.
Colin MacGillivray
Retired architect
Found a new search engine yesterday:
from wikipedia
DuckDuckGo positions itself as a search engine that puts privacy first and as such it does not store IP addresses, does not log user information and only uses cookies when needed. Weinberg states "By default, DuckDuckGo does not collect or share personal information. That is our privacy policy in a nutshell."
CH Soames
Cytogeneticist
Many thanks for this recommendation Colin. I've been using Ixquick Startpage for the same reason- but if used without a proxy it still appears to 'bubble' [nice new term] geographically; very annoying. It doesn't take more than a second to type 'site:au' if local is needed.
There's a growing number of people very happy to ditch the search engine that has the arrogance to make this sort of decision for the punters without so much as a by-your-leave, let alone tracking their every move and targeting them with ads designed to play on the fears and greeds of their demographic.
Will use from now on DuckDuckGo, which doesn't 'bubble', they claim, and which can be customised in various ways.
Jeff Poole
logged in via Facebook
Ghostery http://www.ghostery.com/ is a nice little Safari extension available free by clicking in 'Extensions' in Safari Preferences.
It's blocked the five cookies that this site wanted to place from Facebook, Twitter, Gaug.es, NetRatings and Google Analytics...
Cheers
Jeff
Will Uther
Artificial Intelligence Researcher at University of New South Wales
I find this a strange beat up, but that is perhaps because I know too much about what is going on. I have no connection to Apple or Google, apart from being a customer.
My issues with this article start in the third paragraph, "Apple blocks cookies from third parties and advertisers by default." This should read "Apple claims to block cookies from third parties and advertisers by default. Unfortunately this is impossible without breaking many features of the web that users normally use, so…
Read moreWally Week
Bicycle Engineer
Are you really a customer of Google? I mean, do you buy online advertisement through them? If not, then you are not a customer but a user or even the product itself.
Will Uther
Artificial Intelligence Researcher at University of New South Wales
I know the meme. And there is an element of truth to it. But saying I'm the product is not more accurate than saying I'm the customer - both miss out some of the details of the situation. I think saying I'm a customer is more correct than saying I'm the product.
I consider myself a customer who watches advertising in return for services, as opposed to a customer who pays for services.
This is quite tangential to the point I made in my comment.
Wally Week
Bicycle Engineer
On the contrary, understanding whether you are a user or a customer makes all the difference about where you stand. Just try to contact Google while being a mere user in order to get support. It is pretty much impossible; there are no direct avenues. But of course, it is a strange concept that of complaining or asking for explanations about something that you do not pay anything for.
Will Uther
Artificial Intelligence Researcher at University of New South Wales
Enlighten me; how does not calling myself a 'user' make 'all the difference' to who has the legal right to set cookies in my web browser?
Phrased another way; Here are the facts as I understand them for a hypothetical person:
Read more- An individual has agreed with Google that Google can collect information about that individual and use it to target advertising. (This is in Google's privacy policy and terms of service for logged in individuals.)
- That individual is also using Apple's Safari browser…