Not nine days after Google releases their new-and-improved privacy policy, we have some first hand results of its intrusiveness. Jonathan Mayer, a graduate student from Stanford University, discloses some rather disappointing findings. In his comprehensive article (found here) he identifies four ad-based companies that place trackable cookies in Safari’s browser, and code in two of the four show an intentional circumnavigation of Safari’s privacy feature. I’ll give you a hint: one starts with a G and ends in oogle. Now almost every browser has some type of privacy feature in place:
“Every popular web browser, save Opera Mini and the Android built-in browser, includes a “third-party cookie blocking” privacy feature. (The remainder of this post uses the term “cookie blocking” for brevity.) These options share a common high-level purpose: impose limits on cookies from “third-party domains,” that is, domains that differ from the “first-party domain” in the browser’s URL bar. In practice, however, implementations vary substantially; for (slightly out-of-date) specifics, see the Center for Democracy and Technology’s 2010 Browser Privacy Features report and Google’s Browser Security Handbook.”
Now Apple ships all of their web-ready devices with this feature already activated, which differs from all the other browser manufacturers. But according to the WSJ, Google used special computer code that tricks Safari’s software into allowing the monitoring of many users. Of course Google has an explanation for the blatant violation:
The spokeswoman acknowledged that Safari blocks third-party cookies by default, but said “Safari enables many Web features for its users that rely on third parties and third-party cookies, such as ‘Like’ buttons.” As a result, Google started using this functionality last year for Safari users who were signed in to Google and had opted to see personalized content – like Google’s +1 button.
“To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization,” the Google spokeswoman continued. “But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous – effectively creating a barrier between their personal information and the web content they browse.”
Safari, however, “contained functionality that then enabled other Google advertising cookies to be set on the browser,” Google said. “We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers.”
While Google’s actual intent is debatable, the company’s timing couldn’t have been more harmful to an already shaky level of public trust. One thing’s for sure though, this leaves the door wide open for Microsoft’s new version of Internet Explorer with the stinging slogan of “the browser that respects your privacy”.
Via: Safari Trackers « Web Policy
and: Google Accused of Tracking Safari Usage Without Permission | News & Opinion | PCMag.com.