Google and Others Bypassed Apple iPhone Browser Settings for Guarding Privacy [online.wsj.com]
|Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.'s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked. |
The companies used special computer code that tricks Apple's Safari Web-browsing software into letting them monitor many users. Safari, the most widely used browser on mobile devices, is designed to block such tracking by default.
Google disabled its code after being contacted by The Wall Street Journal.
It's interesting the code was disabled after being called out by the WSJ.
I imagine it was simply an error, much like Street View capturing wireless communications (remember that?)
Where does it all end!
The original article is better than the one linked above.
The researcher's article actually explains it properly:
Once a site sets one cookie, it is no longer blocked from setting third party cookies.
That last bit is a shortcoming of Safari. Incidentally, Google have patched this in webkit, so Apple can fix this by merging Google's code!
All I can say is "Wow".
serious how is surprised, google is not a search engine anymore, the main focus is to collect date from users.
|The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. |
So if you're signed in your privacy settings on non-google properties are null and void, nice.
I bet half of adsense users don't even know they are signed in to Google by just checking their account. They probably think that leaving the site logs them out (it should, but doesn't).
Nice to read this kind of stuff, we all use google
Did not anybody notice that 1984 was 23 years ago ...
|Did not anybody notice that 1984 was 23 years ago ... |
Actually 1984 was 28 years ago but I have no clue what you're talking about. Oh and no, we don't all use Google.
Yes sorry miscount
but I think that most people use google
well are certainly involved with it
maybe the book 1984
Yeah did you read it?
it was written in 1949
it predicted exactly todays world
but then Big Brother was not called the Internet
It did not exist yet...
you were spied on through your TV
you were not allowed to turn it off
its a bit like now but we keep connected all the time voluntarily
so what does it matter that there is a +1 button at the bottom of this page
From Google's cache of [google.com...]
|While we don't yet have a Safari version of the Google advertising cookie opt-out plugin, Safari is set by default to block all third-party cookies. If you have not changed those settings, this option effectively accomplishes the same thing as setting the opt-out cookie. |
They've been following Safari users all along.. I was wondering why the hell Safari on iPad was trying to "resubmit a form" when I hit the back button while testing my website with adsense/+1 button on it.
Not just google. From threatpost.com...
"...security researcher scanned the most popular websites according to Quantcast and found that 22 of the top 100 had implemented the code on their sites while 23 of the 100 had installed it when viewed via Safari on an iPhone."
"In addition to Google, Vibrant Media and Media Innovation Group were all found serving similar scripts ... also found that PointRoll Inc., a Gannett company, was using similar code on 10 of the top 100 U.S. sites scanned."
Well, any website with Adsense ads on it..
|I bet half of adsense users don't even know they are signed in to Google by just checking their account. |
So how do they think Google knows who they are?
|They probably think that leaving the site logs them out (it should, but doesn't). |
So how do they think Google knows who they are when they go back to the site?
I cannot think of a single site that logs users out on leaving a page. They mostly either require a logout button or time out after inactivity.
Amazon never times you out and does not label the logout link clearly.
Why is every focusing on Google, and ignoring the everyone else that does it, and why is Apple not getting any blame? Google also deserve some credit for fixing the browser issue that allows this.
I will continue to use Firefox with Cookie Whitelist, which means I have very few cookies set. I login to Google from a separate browser, usually on a different IP.
|Why is every focusing on Google, |
|I login to Google from a separate browser, usually on a different IP. |
Why do you login with a different IP? ;)
pp46 - yep i read it, I think it was from George Orwell or something like that, I have mentioned that book a few time, in relation to google or facebook, its a little scary, but has picked the wrong side.
I was feeling a litttle lonely in my paranoia till i read this thread :)
UPDATE: GOOGLE SUED OVER SAFARIGATE
Things just got serious according to PCMag [pcmag.com...]
It looks like a quick "apology for doing nothing wrong" by adding code that knowingly bypassed user security settings wasn't enough and Google's now been sued by an individual in Illinois who is seeking class action status. Apparently several members of congress are also deeply interested. The actions are being viewed as "willfully and knowingly in violation of federal wiretapping laws", among other statutes.
|"This practice may have violated the company's own stated privacy practices," Senator Jay Rockefeller (D-WV) said." |
Google is already under federal investigation in multiple countries on similar matters, this won't help.
|So how do they think Google knows who they are when they go back to the site? |
Disclaimer: I really am not anti-Google even if I sound like it here, they do have amazing products. I just think everyone needs to be more aware of what's really going on when they surf/buy online.
|The +1 button at the bottom of this page picked up your IP address... |
Er, I think it was a rhetorical question.
|This practice may have violated the company's own stated privacy practices |
Dog Bites Man?
It has started.
@BeeDeeDubbleU, because IP plus browser finger print is a pretty good way of tracking people as well.Browsing from 2 IPs, one dynamic and shared with other users, and only ever logging in on the dynamic one should muddy the waters nicely.
@Sgt_Kickaxe, I understand how it works. What I want to know is what the people who do not think happens. It is very naive to think that you are logged out when you leave a site, if you find yourself logged in when you go back.
|It is very naive to think that you are logged out when you leave a site, if you find yourself logged in when you go back. |
Why shouldn't you be logged out? All you have to do is click the Remember Me button-- most sites have something equivalent-- and forever afterward it will read your information off a cookie so it seems as if you're logged in continuously. Even the credit union allows me to bypass one level of hoop-jumping when I'm on my home computer.
Hmm. Tree-falling-in-the-forest analogy here. If you're not physically on the site, is there any way to know if you're logged in?
Just don't try to make a non-computer-literate person grasp the difference between the password stored in your own computer and the one stored at your bank. ("Why does your computer want my password? At work it just signs me right in. I don't even KNOW my password!")
But yes, it's unnerving if I wander off to do a search while I'm in the middle of doing something at GWT, and the search greets me by name... and if I hastily log out from Search, they'll slam the door in my face when I go back to GWT. I can think of governmental entities that aren't that good at understanding you are all the same person-- even when it's their job to do so.
|Why shouldn't you be logged out? |
Exactly. Rather than being naive I would say it is logical to assume that you are automatically logged out when you leave a site.
|Why shouldn't you be logged out? All you have to do is click the Remember Me button-- most sites have something equivalent-- and forever afterward it will read your information off a cookie so it seems as if you're logged in continuously. |
If you legged in and clicked remember me, then you are logged in to the site. You seemt o be using a different definition of logged in. Mine is "the site or services knows who you are because you presented it with the correct authentication at some point".
|If you're not physically on the site, is there any way to know if you're logged in? |
If you would be still logged in if you went back to the site. Cookies will sometimes tell you this.
|Rather than being naive I would say it is logical to assume that you are automatically logged out when you leave a site. |
Logical to someone who does not know how cookies work. If you know how cookies work its obvious that this would not happen. The conversation did start with webmasters using Adsense, who ought to know how cookies work.
Also, as I said, I do not know of ANY site that logs you out when you leave. Some time out your login, others require you to do something to logout. Can anyone provide any counter examples
|The conversation did start with webmasters using Adsense, who ought to know how cookies work. |
I disagree. Why should anyone using Adsense know how cookies work. I would suggest that that vast majority of Adsense users don't know.
|If you're not physically on the site, is there any way to know if you're logged in? |
Ever visited a blog where the comment form shows your facebook user name preloaded and 'use facebook profile' is pre-selected? That's not much different.
| This 35 message thread spans 2 pages: 35 (  2 ) > > |