Google and three online ad companies on Friday were accused of bypassing the privacy settings in Apple's Safari web browser to track users' web-browsing habits on their desktops and iPhones.
"Apple's Safari web browser is configured to block third-party
cookies by default. We identified four advertising companies that
unexpectedly place trackable cookies in Safari. Google and Vibrant
Media intentionally circumvent Safari's privacy feature," said
Jonathan Mayer, a graduate student at Stanford University, in a blog
post released on Friday.
The tracking code was confirmed by a technical adviser to The
Wall Street Journal. Among the top 100 websites, ads on 22 sites
were found on a test computer with tracking codes installed by
Google and ads on 23 sites were installed codes on an iPhone.
According to the research, Google and other companies exploited a
loophole in the privacy settings of Apple's Safari browser, which
blocks most tracking by default, but makes an exception if a user
interacts with the site, such as filling out a form.
"So Google added coding to some of its ads that made Safari think
that a person was submitting an invisible form to Google. Safari
would then let Google install a cookie on the phone or computer,"
The Wall Street Journal said in a report.
The report said the small file known as a "cookie" that Google
installed expired in 12 to 24 hours, but it could sometimes lead to
"extensive tracking of Safari users" as Safari allows companies to
add more cookies to a user's computer once it has installed at least
one cookie.
Google disabled the code after being contacted by The Wall Street
Journal, said the newspaper. The search giant also removed some
instructions to Safari users from one of its sites, in which it said
users could rely on Safari privacy settings to prevent tracking by
Google.
"The Journal mischaracterizes what happened and why. We used
known Safari functionality to provide features that signed-in Google
users had enabled. It's important to stress that these advertising
cookies do not collect personal information," Google said in a
statement.
Three other online ad companies that had been accused of using
similar coding are Vibrant Media, WPP's Media Innovation Group and
Gannett's PointRoll.
Anant Garg, a 25-year-old programmer in Mumbai, India, is the
developer of the code "Safari workaround" and blogged about the
technique two years ago. He told The Wall Street Journal that he
didn't consider the privacy angle, saying that he just wants to make
Safari work like other browsers.
The Consumer Watchdog group on Friday asked the U.S. Federal
Trade Commission (FTC) to investigate whether Google violates a
previous privacy agreement with the FTC by installing tracking
cookies that circumvent privacy settings in the Safari browser.
Also on Friday, Microsoft blasts Google over the practice, saying
the type of tracking by Google is not new. In a blog post titled
"Browse without being browsed," Microsoft promoted its Internet
Explorer 9, highlighting its "strongest privacy protection in the
industry."
Google has been under increasing scrutiny for violation of its
users' privacy. Late last month, Google announced to rewrite its
privacy policy, consolidating user information across its services.
The move immediately stirred up worries and blames as Google is not
offering users an opt-out option.
