Google has come under attack for violating users’ privacy and ignoring their wishes after admitting that it intentionally circumvented security settings in Apple’s Safari browser to track users on both desktop computers and iPhones.
A number of other advertisers exploited the loophole it had created to track those users too.
“Our data suggests that millions of users may have been affected,” Jonathan Mayer, the independent researcher at Stanford University who discovered the workaround by the search giant, told the Guardian.
…snip…
To get around Safari’s blocking, the Wall Street Journal explains, Google put code onto some of its ads served by DoubleClick’s servers at doubleclick.net to fool the Safari browser into thinking the user was interacting with DoubleClick.
But, the EFF notes: “That had the side effect of completely undoing all of Safari’s protections against doubleclick.net.”
That meant that other DoubleClick cookies, including the principal tracking one which Safari would normally block, were allowed.
“Like a balloon popped with a pinprick, all of Safari’s protections against DoubleClick were gone,” the EFF said.
A big deal? Has Google gone too far?
who cares, I hope these POS cloud companies kill eachother off.
Sounds more like Safari didn’t go far enough
surprise!
I’ve been blocking all of doubleclick’s ad google’s tracking servers for years via the hosts file. -you want (much) faster browsing. block’em all.
a decent hosts file and the Ghostery firefox extension will fubar almost all tracking crap -and the hosts file will save a lot of bandwidth from being wasted on useless ads.
-s
“Sounds more like Safari didn’t go far enough”
Jess Hurchist for the win.
Blaming Google, providing they used valid Javascript and HTML, is silly. If they didn’t do it, some other advertiser would use the workaround.
The problem is that Safari’s implementation was not fully effective.
You’re right about that. Microsoft had to go batshit crazy for years to get better on security. Apple has been bringing in outside help from the security community which is a smart move. It sucks to have to be a grownup but that’s what happens when you’re successful.
Javascript engines are the new security black hole since everyone has been focused on speed for years.
Blaming Google because they did things secretly behind the “scene” of the actual webpage. Trivialized – you went to something.something.com. You blocked in Safari settings ability of something.something.com to set any other cookies but its own. Honest server/provider does exactly that. Criminal server behind your back, without informing you or showing you anything loads “invisible” Google page together with actual something.something.com page so that now Google cookie can be set too. “Invisible” in a sense that it is intentionally hidden from you. Essentially going to Google page without your knowledge or request and actively hiding that fact. For obvious profit of only one participant in the transaction – Google.
If we have had proper authorities Google would be charged for unauthorized computer access for every single instance. Because if I did it to say, employee of somebigbank.com and they traced me – I would face that charge by existing law.
Even if true, blaming the web site and not browser security doesn’t help if some Russian web site is using the same exploit.
Any behavior that requires trusting the visiting web site is going to be exploited.
Also, in case the website is not hosted by Google (as appears to be the case) — the website that published the ad profits from the deal.
And the WSJ learned it was happening on their own website.
Most users don’t care and Apple will plug it. Small story itself.
Google repeatedly seems very happy to step over the line and feign innocence a lot. Eventually it will erode trust. It’s an opening for competitors to exploit. If you take out search and mail (their big products) then they have nothing.
“Our data suggests that millions of users may have been affected,”
Who could have guessed there were that many pretend computer users out there.
What cave do you live in?
I’m shocked, shocked to find that web privacy wishes are being ignored.
hey Google “Don’t be evil”
And meanwhile, back at the ranch.
Ha!
and meanwhile back at the commercial.
Google loves evil.
I wasn’t aware many people used Safari. No one I know.
I dumped all google products (was it last week)? that I was using when they informed me of their invasive privacy terms. Still use google search behind a proxy however. But that’s it.
https://www.startpage.com/
send a message
iPhones and iPad use Safari as stated in the article summary.
Likewise. I have dumped Chrome and Gmail, and returned to Firefox which I have set to reject all Google cookies.
It’s a pity because they are both really great products.
FireFox is the only mainstream “pure” browser with no ulterior motivations.
Chrome is a nice browser, but as Google makes their living off distributing ads I always wonder if it might be doing something I don’t know about.
… except that it gets most of its money to run its operations from the Google search box…
I use it all the time. Many a link I’ve sent my brother, Uncle Dave, was viewed with Safari.
And mostly on my PC’s.
The smartest guys in the room are violating the trusts in server-client software to load unauthorised code onto private, corporate and federal government computers? Well. That’s bad.
What’s all this talk about a Google Circumcising Safari?
if they are doing that to mac uses, imagine what they do to chrome users..
😛
Safari has Security?
And people still trust google. Why?
Trust and the internet….trust can’t exist in the would of ones and zeros and everything in between. There is no such thing as privacy where money can be made. Google souled it’s soul along with Apple and facebook. It isn’t government we should fear, it is Google.
Funny, if Google had done this to IE everyone would be blasting Microsoft, but since its Safari, Apple seems to be getting a free pass. Personally, anyone dumb enough to use IE or Safari deserves what the get…
Besides everyone, especially the media knows smart people use Opera…
Don’t be trolling. Safari is a pretty good browser. Opera is neat, especially the mobile versions. I find Firefox more abhorrent than any other browser. Despite privacy concerns, Chrome is a decent browser.
And, what would you use on an iOS device apart from the built-in browser? Do you really expect people to install a different browser on Android?
Don’t accuse me of trolling and keep your ignorant opinions to yourself.
Does calling someone you never met ignorant make you feel superior?
One day while minding my own damn business I see that damn grass standing, walking, and cavorting all over my kids. I yell, “Get off my kids you damn grass!”, but the grass refused to head my warning calls.
It wasn’t pretty after that.
Giant superpowerful megacorporations are good. Giant superpowerful megacorporations love me. Giant superpowerful megacorporations would never-ever-ever do anything bad. Praise Jesus. God bless America.
And MY favorite giant superpowerful megacorporation is BETTER than YOUR favorite giant superpowerful megacorporation. So, nyah!
Meh, until they can answer the question, “where, the fuck, are my keys?” I won’t be impressed.
Whatever happened to “Don’t be evil”?
No, no. “Don’t be evil!” applies to everyone else. Isn’t this what malware does — exploiting weaknesses in software for reasons not agreed to by the user? Can we finally agree that Google produces malware?
That does it for me.
I am going to cancel my Gmail subscription along with Google Voice, Google Reader, Google Scholar, Google Earth, Google Calendar, Google Documents, Google News, Google Translate, Google Earth, YouTube, and Picasa,
I am going back to pen and paper.
I’ll show them …
While it does appear that Google in it’s own words ended up doing rather more than it meant to do I’m not concerned about it.
My questions are:
Why is anyone using Safari?
Why doesn’t Apple block this known security hole?
I doubt if Google is the only organization to make use of the hole. It isn’t new. It’s been known for some time.
Time after time Google is in the news over privacy issues. Why do people continue to use Google services?
uhhh….Apple promoted it’s software as being dependably secure, except it wasn’t. Microsoft continues to promote it software as being dependably secure, except it isn’t.
Whether you think Google was wrong to exploit an opening or not, the message should be simple to everyone: Nothing is really secure if it is on the network. Nothing. Not Ever.
It is the new cyber-reality — like it or not, you are not going to change it. (Well, maybe that pencil-and-paper dude…)
Lord Acton had it right back in 1887: “Power tends to corrupt, and absolute power corrupts absolutely.”
The folks at Google appear severely addicted to collecting data on computer users, registered or not — maybe they have other purposes besides serving “relevant” ads and improving our browsing experiences?
At least this time Google didn’t try to pretend that their circumventing the browser security settings was accidental, like they did when they got caught collecting Wi-Fi data with their Street View cars – yeah, right!
It’s official now: Google’s gone Evil, over to the Dark Side. I wonder what else they’re doing that we don’t even know about yet…
Oops! Spoke too soon:
“Google hit with FTC complaint, says circumventing Safari privacy features accidental”
http://arstechnica.com/tech-policy/news/2012/02/google-hit-with-ftc-complaint-says-circumventing-safari-privacy-features-accidental.ars
What’s the big deal? Last week, I couldn’t find my car keys. I asked Google and it said “behind your couch on the left side.” It was right and I made it to work on time. All hail Google.
—–
OK, in all seriousness, no one has a right to know anything about my surfing habits – not even me. We need to institute the death penalty for privacy violations.
And Google still doesn’t know half of what your ISP knows about you.
BINGO!
Nice. Someone who gets it.
Google is in this for the money. So why does anything they do surprise you?
They were caught, so IMO the system is still working.