WSJ: Google disregarded iPhone privacy settings
Google planted cookies on millions of iPhones despite settings in place from Apple
IDG News Service - The Wall Street Journal has charged that Google, along with a number of other advertising agencies, planted code on millions of iPhones that allows the companies to track user behavior.
Google has denied that the embedded code, or cookies, tracks users, and said that it is only activated when users opt-in to one of Google's services, such as Gmail. But the company also admitted that the code inadvertently allowed additional Google Web advertising cookies to be installed on users' phones, against users' wishes.
By default, Safari blocks tracking behavior though the browser. But Google's code "tricks" Apple's Safari browser into monitoring user behavior, the WSJ charged.
"The Journal mischaracterizes what happened and why," according to a statement from Rachel Whetstone, Google senior vice president for communications and public policy. "We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."
Stanford University researcher Jonathan Mayer first discovered the code. A technical advisor to the WSJ, following Mayer's instruction, documented that the Google tracking code was installed on iPhones by 23 of the top 100 Web sites. The code was installed on ads from sites such as Fandango.com, Match.com, AOL.com, TMZ.com and UrbanDictionary.com. Once installed, Google then could track user movement across a wide number of Web sites, the WSJ charged.
In addition to Google, at least three other online advertising companies also circumnavigated Safari privacy settings with similar techniques, the WSJ found: Vibrant Media, WPP PLC's Media Innovation Group and Gannett Company's PointRoll.
Google offers instructions for users on how to opt-out of Safari tracking, though according to the WSJ, those instructions were removed from the Web site Tuesday, after the company was contacted by the WSJ on the matter.
Google argues that the cookies were necessary to provide users with personalized services, such as the ability to approve of content through Google's "+1" rating system.
"To enable these features, we created a temporary communication link between Safari browsers and Google's servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization," Whetstone stated.A "But we designed this so that the information passing between the user's Safari browser and Google's servers was anonymous--effectively creating a barrier between their personal information and the Web content they browse."
"However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser," Whetstone added. "We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers."
The news comes at a sensitive time for Google. Last year, the company reached a legal settlement with the U.S. Federal Trade Commission about its privacy practices, and agreed not to misrepresent its privacy practices. Last month, Google consolidated its polices for all its sites into one privacy setting.
In a blog item posted Friday, Microsoft criticized Google for purposefully evading the Safari privacy settings, and offered its own browser as an alternative.
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- HTTP Status Code Cheat Sheet Look at the Graph, Find the Code and Boom - You're Solving Problems. Identifying and understanding common HTTP status codes can go a...
- Architects lead the next generation of data-driven applications Read this whitepaper to find out how application architects can quickly and confidently deliver long-lasting applications that minimize cost, complexity, and risk while...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Desktop Apps White Papers | Webcasts