Researchers have discovered that Google deliberately bypassed the privacy settings in Safari, the Web browser on the iPhone and other Apple devices, so it could customize Web ads. The crux of the story, as reported by The Wall Street Journal in an article that is stirring much discussion online: By exploiting a loophole in the Safari browser, Google was able to install “cookies” that could let it track browsing activity.
Cookies are small files that Web sites can place on a hard drive or mobile device to do things like identify returning visitors. By default, Apple’s Safari browser blocks cookies from sites that a user has not actually visited — typically advertising networks that want to be able to follow people across multiple sites. Other browsers are not typically set up that way.
Google’s loophole involved tricking the Safari browser into allowing it to install cookies to serve ads with a tie-in to its Google Plus social network — adding a +1 button to ads for users to click if they approved of them. Because of another quirk in Safari, this opened the door for additional Google cookies to be installed, potentially allowing wider tracking of users, according to the article.
Google says that The Journal mischaracterized what it was doing. The search company said that it used “known Safari functionality” to provide features for people who were signed into Google services. Enabling the installation of additional cookies was unintentional, it said, so the company has started removing these cookies from Safari browsers.
“We didn’t anticipate that this would happen,” said Rachel Whetstone, senior vice president of communications and public policy for Google, in a statement. “It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.”
The news has drawn mixed reactions around the Web.
John Battelle, who has written a book about Google and is chief executive of Federated Media, a Web advertising company that The New York Times Company is an investor in, said in a blog post that he was skeptical about whether Google was truly violating people’s privacy. He said that allowing installation of cookies was standard practice in the Internet industry and “the backbone of the entire Web advertising ecosystem,” so even though Apple’s browser blocks them by default, it’s debatable whether Google’s installation of cookies is an invasion of privacy. And he said Apple might be preventing this activity for its own competitive purposes:
Why do you think Apple has made it impossible for advertising-driven companies like Google to execute what are industry standard practices on the open Web (dropping cookies and tracking behavior so as to provide relevant services and advertising)? Do you think it’s because Apple cares deeply about your privacy? Really? Or perhaps it’s because Apple considers anyone using iOS, even if they’re browsing the Web, as “Apple’s customer,” and wants to throttle potential competitors, insuring that it’s impossible to access to “Apple’s” audiences using iOS in any sophisticated fashion?
The advocacy group Consumer Watchdog has asked the Federal Trade Commission to investigate whether Google violated a previous agreement with the agency, which required Google to be up front about privacy matters. It says Google manipulated Safari users into believing they could permanently opt out of targeted advertising, when in reality they couldn’t.
Google falsely told Safari users that they could control the collection of data by ensuring that third-party cookies were blocked, when in fact Google was circumventing the preference and setting tracking cookies.
Microsoft took this opportunity to criticize Google and promote its Web browser, Internet Explorer, saying: “If you find this type of behavior alarming and want to protect your confidential information and privacy while you’re online, there are alternatives for you. Windows Internet Explorer is the browser that respects your privacy.”
Federal lawmakers, too, want answers. Congressmen Edward J. Markey, Democrat of Massachusetts; Joe Barton, Republican of Texas; and Cliff Sterns, Republican of Florida, sent a letter to the F.T.C. on the issue.
“Google’s practices could have a wide sweeping impact because Safari is a major Web browser used by millions of Americans,” they said in their letter. “As members of the Congressional Bi-Partisan Privacy Caucus, we are interested in any actions the F.T.C. has taken or plans to take to investigate whether Google has violated the terms of its consent agreement.”
The Electronic Frontier Foundation said this incident could serve as a wake-up call for Google.
It’s time for Google to acknowledge that it can do a better job of respecting the privacy of Web users. One way that Google can prove itself as a good actor in the online privacy debate is by providing meaningful ways for users to limit what data Google collects about them.