homepage Welcome to WebmasterWorld Guest from 54.167.173.250
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Google / Google Finance, Govt, Policy and Business Issues
Forum Library, Charter, Moderators: goodroi

Google Finance, Govt, Policy and Business Issues Forum

This 35 message thread spans 2 pages: 35 ( [1] 2 > >     
Google Bypassing Privacy Settings
This is going to be intrestring
bwnbwn




msg:4418791
 2:54 pm on Feb 17, 2012 (gmt 0)

Google and other advertising companies have been bypassing the privacy settings of millions of people using Apple's Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked

Read more: [foxnews.com...]

 

engine




msg:4418816
 3:32 pm on Feb 17, 2012 (gmt 0)

Google and Others Bypassed Apple iPhone Browser Settings for Guarding Privacy [online.wsj.com]
Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.'s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.

The companies used special computer code that tricks Apple's Safari Web-browsing software into letting them monitor many users. Safari, the most widely used browser on mobile devices, is designed to block such tracking by default.

Google disabled its code after being contacted by The Wall Street Journal.



It's interesting the code was disabled after being called out by the WSJ.

tangor




msg:4418836
 4:11 pm on Feb 17, 2012 (gmt 0)

I imagine it was simply an error, much like Street View capturing wireless communications (remember that?)

BeeDeeDubbleU




msg:4418839
 4:16 pm on Feb 17, 2012 (gmt 0)

Where does it all end!

graeme_p




msg:4418914
 7:13 pm on Feb 17, 2012 (gmt 0)

The original article is better than the one linked above.

[online.wsj.com ]

The researcher's article actually explains it properly:

[webpolicy.org ]

Google was setting a cookie by using Javascript to submit a form, because responses to form submissions are allowed to set cookies. Three other big ad networks were doing the same.

Once a site sets one cookie, it is no longer blocked from setting third party cookies.

That last bit is a shortcoming of Safari. Incidentally, Google have patched this in webkit, so Apple can fix this by merging Google's code!

Incidentally, why on earth did anyone think that allowing Javascript to submit forms was a good idea? Sometimes browser vendors seem to be trying to make CSRF as easy as possible.

JCKline




msg:4418923
 7:40 pm on Feb 17, 2012 (gmt 0)

All I can say is "Wow".

zeus




msg:4418930
 7:56 pm on Feb 17, 2012 (gmt 0)

serious how is surprised, google is not a search engine anymore, the main focus is to collect date from users.

Sgt_Kickaxe




msg:4418935
 8:10 pm on Feb 17, 2012 (gmt 0)

The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled.


So if you're signed in your privacy settings on non-google properties are null and void, nice.

I bet half of adsense users don't even know they are signed in to Google by just checking their account. They probably think that leaving the site logs them out (it should, but doesn't).

Brett, can you remove the google javascript file loading beacon at the bottom of this page until they offer a static alternative? (the +1 button, rarely used but always recording data on page load)

pp46




msg:4418951
 8:50 pm on Feb 17, 2012 (gmt 0)

Nice to read this kind of stuff, we all use google

Did not anybody notice that 1984 was 23 years ago ...

Sgt_Kickaxe




msg:4418958
 8:56 pm on Feb 17, 2012 (gmt 0)

Did not anybody notice that 1984 was 23 years ago ...


Actually 1984 was 28 years ago but I have no clue what you're talking about. Oh and no, we don't all use Google.

pp46




msg:4418962
 9:06 pm on Feb 17, 2012 (gmt 0)

Yes sorry miscount
but I think that most people use google
well are certainly involved with it

zeus




msg:4418967
 9:08 pm on Feb 17, 2012 (gmt 0)

maybe the book 1984

pp46




msg:4418974
 9:35 pm on Feb 17, 2012 (gmt 0)

Hi Zeus
Yeah did you read it?
it was written in 1949
it predicted exactly todays world
but then Big Brother was not called the Internet
It did not exist yet...
you were spied on through your TV
you were not allowed to turn it off

its a bit like now but we keep connected all the time voluntarily
;-)

so what does it matter that there is a +1 button at the bottom of this page

levo




msg:4418980
 9:52 pm on Feb 17, 2012 (gmt 0)

From Google's cache of [google.com...]

While we don't yet have a Safari version of the Google advertising cookie opt-out plugin, Safari is set by default to block all third-party cookies. If you have not changed those settings, this option effectively accomplishes the same thing as setting the opt-out cookie.


They've been following Safari users all along.. I was wondering why the hell Safari on iPad was trying to "resubmit a form" when I hit the back button while testing my website with adsense/+1 button on it.

dstiles




msg:4419005
 11:06 pm on Feb 17, 2012 (gmt 0)

Not just google. From threatpost.com...

"...security researcher scanned the most popular websites according to Quantcast and found that 22 of the top 100 had implemented the code on their sites while 23 of the 100 had installed it when viewed via Safari on an iPhone."

"In addition to Google, Vibrant Media and Media Innovation Group were all found serving similar scripts ... also found that PointRoll Inc., a Gannett company, was using similar code on 10 of the top 100 U.S. sites scanned."

levo




msg:4419049
 6:27 am on Feb 18, 2012 (gmt 0)

Well, any website with Adsense ads on it..

graeme_p




msg:4419054
 6:43 am on Feb 18, 2012 (gmt 0)

I bet half of adsense users don't even know they are signed in to Google by just checking their account.


So how do they think Google knows who they are?

They probably think that leaving the site logs them out (it should, but doesn't).


So how do they think Google knows who they are when they go back to the site?

I cannot think of a single site that logs users out on leaving a page. They mostly either require a logout button or time out after inactivity.


Amazon never times you out and does not label the logout link clearly.

Why is every focusing on Google, and ignoring the everyone else that does it, and why is Apple not getting any blame? Google also deserve some credit for fixing the browser issue that allows this.

I will continue to use Firefox with Cookie Whitelist, which means I have very few cookies set. I login to Google from a separate browser, usually on a different IP.

BeeDeeDubbleU




msg:4419087
 9:28 am on Feb 18, 2012 (gmt 0)

Why is every focusing on Google,


I login to Google from a separate browser, usually on a different IP.

Why do you login with a different IP? ;)

zeus




msg:4419092
 10:26 am on Feb 18, 2012 (gmt 0)

pp46 - yep i read it, I think it was from George Orwell or something like that, I have mentioned that book a few time, in relation to google or facebook, its a little scary, but has picked the wrong side.

scooterdude




msg:4419126
 4:26 pm on Feb 18, 2012 (gmt 0)

I was feeling a litttle lonely in my paranoia till i read this thread :)

Sgt_Kickaxe




msg:4419193
 10:26 pm on Feb 18, 2012 (gmt 0)

UPDATE: GOOGLE SUED OVER SAFARIGATE

Things just got serious according to PCMag [pcmag.com...]

It looks like a quick "apology for doing nothing wrong" by adding code that knowingly bypassed user security settings wasn't enough and Google's now been sued by an individual in Illinois who is seeking class action status. Apparently several members of congress are also deeply interested. The actions are being viewed as "willfully and knowingly in violation of federal wiretapping laws", among other statutes.

"This practice may have violated the company's own stated privacy practices," Senator Jay Rockefeller (D-WV) said."

Google is already under federal investigation in multiple countries on similar matters, this won't help.

Sgt_Kickaxe




msg:4419198
 10:40 pm on Feb 18, 2012 (gmt 0)

So how do they think Google knows who they are when they go back to the site?

The +1 button at the bottom of this page picked up your IP address and other data when you loaded it(because Google insists a javascript file be loaded for the +1 button to appear). If you visited your Adsense account today - it's a match thus they know who just loaded this page(adsense has your real name and info). They know exactly who graeme_p is even if you didn't provide that information on this site by using the data from your various Google accounts and simply matching timestamps and IP's. It's partly why Google deploys so many beacons, honestly they could have offered a static +1 button option like Twitter and Facebook do but no...

Disclaimer: I really am not anti-Google even if I sound like it here, they do have amazing products. I just think everyone needs to be more aware of what's really going on when they surf/buy online.

lucy24




msg:4419235
 1:41 am on Feb 19, 2012 (gmt 0)

The +1 button at the bottom of this page picked up your IP address...

Er, I think it was a rhetorical question.

This practice may have violated the company's own stated privacy practices

Dog Bites Man?

bwnbwn




msg:4419269
 5:41 am on Feb 19, 2012 (gmt 0)

It has started.
[foxnews.com...]

graeme_p




msg:4419277
 8:32 am on Feb 19, 2012 (gmt 0)

@BeeDeeDubbleU, because IP plus browser finger print is a pretty good way of tracking people as well.Browsing from 2 IPs, one dynamic and shared with other users, and only ever logging in on the dynamic one should muddy the waters nicely.

@Sgt_Kickaxe, I understand how it works. What I want to know is what the people who do not think happens. It is very naive to think that you are logged out when you leave a site, if you find yourself logged in when you go back.

lucy24




msg:4419286
 9:45 am on Feb 19, 2012 (gmt 0)

It is very naive to think that you are logged out when you leave a site, if you find yourself logged in when you go back.

Why shouldn't you be logged out? All you have to do is click the Remember Me button-- most sites have something equivalent-- and forever afterward it will read your information off a cookie so it seems as if you're logged in continuously. Even the credit union allows me to bypass one level of hoop-jumping when I'm on my home computer.

Hmm. Tree-falling-in-the-forest analogy here. If you're not physically on the site, is there any way to know if you're logged in?

Just don't try to make a non-computer-literate person grasp the difference between the password stored in your own computer and the one stored at your bank. ("Why does your computer want my password? At work it just signs me right in. I don't even KNOW my password!")

But yes, it's unnerving if I wander off to do a search while I'm in the middle of doing something at GWT, and the search greets me by name... and if I hastily log out from Search, they'll slam the door in my face when I go back to GWT. I can think of governmental entities that aren't that good at understanding you are all the same person-- even when it's their job to do so.

BeeDeeDubbleU




msg:4419300
 12:11 pm on Feb 19, 2012 (gmt 0)

Why shouldn't you be logged out?

Exactly. Rather than being naive I would say it is logical to assume that you are automatically logged out when you leave a site.

graeme_p




msg:4419380
 7:53 pm on Feb 19, 2012 (gmt 0)

Why shouldn't you be logged out? All you have to do is click the Remember Me button-- most sites have something equivalent-- and forever afterward it will read your information off a cookie so it seems as if you're logged in continuously.


If you legged in and clicked remember me, then you are logged in to the site. You seemt o be using a different definition of logged in. Mine is "the site or services knows who you are because you presented it with the correct authentication at some point".

If you're not physically on the site, is there any way to know if you're logged in?


If you would be still logged in if you went back to the site. Cookies will sometimes tell you this.

Rather than being naive I would say it is logical to assume that you are automatically logged out when you leave a site.


Logical to someone who does not know how cookies work. If you know how cookies work its obvious that this would not happen. The conversation did start with webmasters using Adsense, who ought to know how cookies work.

Also, as I said, I do not know of ANY site that logs you out when you leave. Some time out your login, others require you to do something to logout. Can anyone provide any counter examples

BeeDeeDubbleU




msg:4419498
 9:22 am on Feb 20, 2012 (gmt 0)

The conversation did start with webmasters using Adsense, who ought to know how cookies work.

I disagree. Why should anyone using Adsense know how cookies work. I would suggest that that vast majority of Adsense users don't know.

.

g1smd




msg:4419681
 8:08 pm on Feb 20, 2012 (gmt 0)

If you're not physically on the site, is there any way to know if you're logged in?

Ever visited a blog where the comment form shows your facebook user name preloaded and 'use facebook profile' is pre-selected? That's not much different.

This 35 message thread spans 2 pages: 35 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google Finance, Govt, Policy and Business Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved