Report: Google overrode Safari browser security to track Internet usage

Report: Google overrode Safari browser security to track Internet usage

The ongoing tech privacy debate, which began when Path was exposed for accessing user data without permission, took a new twist after Google, and a number if advertising firms, were revealed to have been overriding privacy settings to track Internet usage on Apple’s Safari browser.

According to a report from The Wall Street Journal, the companies made use of “a special code” which fools the browser into allowing the monitoring of behaviour, an action that it is specifically designed to block.

Google says that it has stopped using the code after it was contacted by the newspaper, while it was also found to have been used by ad firms Vibrant Media, WPP-owned Media Innovation Group and and PointRoll.

Research conducted by the Wall Street Journal found that the code, which was used to track user interaction with adverts on iPhones and across Apple computers, was present in 22 of the Web’s top 100. While it was supposed to expire within two days, it was found to allow more cookies to be added to track user usage.

As the graphic below explains, the security override was made possible by the insertion of a code which trailed visited sites and behaviour:

An Apple spokesperson confirmed that the company is “working to put a stop” to Safari privacy issue. Of the advertising firms, Vibrant Media called the practice a “workaround [to] make Safari work like all the other browsers”, WPP declined to comment while Gannett described the code as a “limited test”.

Google has defended its actions claiming that it did not collect personal data from the activity. A statement from Rachel Whetstone, Senior Vice President, Communications and Public Policy reads:

The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

The company goes on to explain that it began using the functionality “to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content”, which includes being able to +1 content for its Google+ social network service.

The company explains that it had made the information anonymous but it didn’t anticipate that its advertising cookies would be enabled:

To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization.  But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between their personal information and the web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser.  We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers.  It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.

Google’s recent privacy changes caused controversy, with the EU asking the company to “pause” its introduction. Authorities in Korea have also probed the new policy, while rival Microsoft has been vocal in its criticism too.
This latest episode follows the FTC’s going antitrust investigation into Google, which was recently expanded to include the company’s Google+ social network.

Image: Shutterstock user Dmitriy Shironosov

Read next: Seeking Apple payout, Proview chairman demands "proper" iPad trademark compensation