The Wall Street Journal reports that Google used special code to sidestep the privacy settings in the browser and track Web users. Google says the Journal's got it wrong.
The Wall Street Journal reported today that Google and other ad companies have been using special code to sidestep privacy settings in Apple's Safari browser and track Web users on desktop computers and the iPhone.
The Journal also said that on one of Google's sites--in language that has since been removed--the Internet giant had said Safari users could rely on the browser's privacy settings to avoid tracking by Google.
The privacy-skirting code, which the Journal said Google disabled after being contacted by the paper, appears to have been used to let members of the Google+ social network sign in and then, while moving around the Web, click +1 buttons in ads that are part of Google's DoubleClick ad network. The +1 buttons let a user give a thumbs-up to an item and automatically share that approval with friends via a message on the user's Google+ profile.
But, the Journal reported, Safari's default privacy settings prevented the +1/DoubleClick setup from placing a tracking cookie to determine if a user had signed in to Google+. Safari normally blocks cookies used by ad networks and others to track people (though it allows other types of cookies--such as those that remember visitors so they can return to a site without having to log back in).
The code reportedly tricked Safari into letting a tracking cookie be placed, the Journal said. Safari lets sites place tracking cookies if a user interacts with the site, such as by filling out a form, and the workaround code essentially tricked Safari into thinking people were submitting a form to Google.
The Journal said that though the cookies placed by Google were set to expire in 12 to 24 hours, they "could sometimes result in extensive tracking of Safari users...because of a technical quirk in Safari that allows companies to easily add more cookies to a user's computer once the company has installed at least one cookie."
Google told the Journal it hadn't anticipated the placing of additional cookies. It also provided the paper with the following statement: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."
The Journal said three other online-ad firms had used similar code: Vibrant Media, WPP's Media Innovation Group, and Gannett's PointRoll. Vibrant told the Journal that the code is a "workaround" and doesn't collect personally identifiable data like names or financial-account numbers. WPP declined to comment, the Journal said, and Gannett said the use of the code was part of a "limited test" to count how many Safari users went to an advertiser's site after seeing an ad.
The Journal said Google DoubleClick ads containing the privacy-skirting code were found on major sites including AOL.com, Match.com, TMZ.com, YellowPages.com, and others. These sites, however, apparently didn't know about the code, the Journal said. In fact, the Journal reported, the code used by Gannett's PointRoll was found in ads on WSJ.com.
The Journal said an Apple representative told the paper that Apple was working to prevent the sidestepping of Safari's privacy settings.
Google has been involved in a number of privacy tussles over the years, the most recent of which involves a revision of its privacy policy to grant it explicit rights to "combine personal information" across multiple products and services. The European Union wants that change suspended, and the Electronic Privacy Information Center last week filed a lawsuit against the U.S. Federal Trade Commission in an attempt to force it to prevent Google from implementing the planned change.
The Journal also said that on one of Google's sites--in language that has since been removed--the Internet giant had said Safari users could rely on the browser's privacy settings to avoid tracking by Google.
The privacy-skirting code, which the Journal said Google disabled after being contacted by the paper, appears to have been used to let members of the Google+ social network sign in and then, while moving around the Web, click +1 buttons in ads that are part of Google's DoubleClick ad network. The +1 buttons let a user give a thumbs-up to an item and automatically share that approval with friends via a message on the user's Google+ profile.
But, the Journal reported, Safari's default privacy settings prevented the +1/DoubleClick setup from placing a tracking cookie to determine if a user had signed in to Google+. Safari normally blocks cookies used by ad networks and others to track people (though it allows other types of cookies--such as those that remember visitors so they can return to a site without having to log back in).
The code reportedly tricked Safari into letting a tracking cookie be placed, the Journal said. Safari lets sites place tracking cookies if a user interacts with the site, such as by filling out a form, and the workaround code essentially tricked Safari into thinking people were submitting a form to Google.
The Journal said that though the cookies placed by Google were set to expire in 12 to 24 hours, they "could sometimes result in extensive tracking of Safari users...because of a technical quirk in Safari that allows companies to easily add more cookies to a user's computer once the company has installed at least one cookie."
Google told the Journal it hadn't anticipated the placing of additional cookies. It also provided the paper with the following statement: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."
The Journal said three other online-ad firms had used similar code: Vibrant Media, WPP's Media Innovation Group, and Gannett's PointRoll. Vibrant told the Journal that the code is a "workaround" and doesn't collect personally identifiable data like names or financial-account numbers. WPP declined to comment, the Journal said, and Gannett said the use of the code was part of a "limited test" to count how many Safari users went to an advertiser's site after seeing an ad.
The Journal said Google DoubleClick ads containing the privacy-skirting code were found on major sites including AOL.com, Match.com, TMZ.com, YellowPages.com, and others. These sites, however, apparently didn't know about the code, the Journal said. In fact, the Journal reported, the code used by Gannett's PointRoll was found in ads on WSJ.com.
The Journal said an Apple representative told the paper that Apple was working to prevent the sidestepping of Safari's privacy settings.
Google has been involved in a number of privacy tussles over the years, the most recent of which involves a revision of its privacy policy to grant it explicit rights to "combine personal information" across multiple products and services. The European Union wants that change suspended, and the Electronic Privacy Information Center last week filed a lawsuit against the U.S. Federal Trade Commission in an attempt to force it to prevent Google from implementing the planned change.