Friday, February 17, 2012

Google Caught With Hand In The Safari Cookie Jar

It looks like Google is at it again. This time they have been caught with their hands in the Safari cookie jar (pun intended). The search giant has been hit with another FTC complaint, this time alleging Google's ads are circumventing default privacy settings in Apple's Safari browser and installing tracking cookies.

The Consumer Watchdog advocacy group today submitted a letter to the Federal Trade Commission ask them to investigate whether Google violated a previous privacy agreement with the FTC by tracking cookies in a way that circumvents privacy settings in the Safari web browser. At the heart of the complaint is the a study by Stanford grad student Jonathan Mayer detailed in two articles in the Wall Street Journal. (1 - 2)

Once You Know, You Newegg
Mayer's study showed that Google, along with fellow advertising companies Vibrant Media, Media Innovation Group and PointRoll, utilized a code that intentionally circumvented Safari’s privacy feature. The code used an exceptions in Safari's cookie blocking rule which blocks all third party cookies with the exception of when you interact with an advertisement or form in certain ways. Once there is user interaction Safari allows those third party sites to set a cookie even if you aren’t technically visiting the site. Google’s code, which was placed on certain ads that used the company’s DoubleClick ad technology... took advantage of this loophole.

Google's response so far is that this was purely an unintentional side effect blaming Safari functionality rather than a malicious plot by Google to spread cookies.

In a statement sent to Arstechnica, Google's Senior VP of Communications and Public Policy, Rachel Whetstone, stressed that the advertising cookies did not collect any personal information, that they were an unintentional byproduct of Google adding new functionality for signed-in Google users on Safari, and that Google has now disabled these particular advertising cookies.

The full Google statement reads as follows:
"The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to '+1' things that interest them.

To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous—effectively creating a barrier between their personal information and the web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.

Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google’s Ads Preferences Manager."

Google, who is already under the watchful eye and scrutiny of the FTC, could face violations of a previous settlement with the FTC. This may lead to fines of up $16,000 per violation, per day. At this time it's unclear how many times Google may have circumvented the do-not-track protections on the Safari browser, but needless to day its not something they want to face.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you