United States News
See other United States News Articles
Title: Google Busted With Hand in Safari-Browser Cookie Jar
Source:
wired
URL Source: http://www.wired.com/threatlevel/20 ... /google-safari-browser-cookie/
Published: Feb 17, 2012
Author: Ryan Singel
Post Date: 2012-02-17 18:32:35 by A K A Stone
Keywords: None
Views: 2386
Comments: 6
Google intentionally circumvented the default privacy settings of Apple’s Safari browser, using a backdoor to set cookies on browsers set to reject them, in the latest privacy debacle for the search and advertising giant. Google immediately disabled the practice after the Wall Street Journal disclosed the practice Thursday night, which was discovered by Stanford researcher Jonathan Mayer and confirmed by security consultant Ashkan Soltani. Safari, which accounts for about 6% of desktop browsing and more than 50% of mobile browsing, is the only major browser to block so-called third-party cookies by default. When you visit a website, all browsers, including Safari, allow that site to put a small tracking file on your computer, which allows the site to identify a unique user, track what they’ve done and remember settings. However, many sites also have Facebook “Like” buttons, ads served by third parties, weather widgets powered by other sites or comment systems run by a third party. Safari blocks the sites that power those services from setting or reading cookies, so a Facebook widget on a third-party site, for instance, can’t tell if you are logged in, so it can’t load a personalized widget. Google, along with a number of ad servers, were caught by Mayer avoiding this block, using a loophole in Safari that lets third parties set cookies if the browser thinks you are filling out an online form. (See a good technical overview here.) Google’s rationale seems to be that Apple’s default settings don’t adhere to standard web practices and don’t actually reflect what users want, since the browser never asks users if that’s the privacy setting they want. Facebook even goes so far as to suggest to outside developers that getting around the block is a “best practice,” linking to a developer’s blog post from 2010 that includes sample code on how to circumvent the block. Google said it used the backdoor so that it could place +1 buttons on ads it places around the web via its Adsense program, so that logged-in Google+ users could press the button to share an ad. Without the work-around, the button wouldn’t be able to tell Google which Google account to link the button to. Now if Safari weren’t so dominant on mobile to the popularity of the iPhone, it’d hardly be worth the code to get at the 6% of desktop users. But more to the point, if this is a problem for Google and Facebook, and if the defaults actually do mess with user’s expectations, it would seem that there are better ways to bring attention to the issue than getting busted working around them. It may not be Apple’s first priority to help Facebook and Google, but I likewise doubt that Apple is intentionally trying to ruin user experience in order to hobble Facebook, Google and online ad networks. As for Google, I would expect a new round of calls for hearings and perhaps even a fine from the FTC, which has already imposed mandatory privacy audits on Google for 20 years. And my new shorthand for how companies should deal with privacy – Don’t be a secretive jerk – applies here as well. Google may or may not have been a jerk in this case – that depends on your perspective, but it’s clear it was sneaky and secretive. Given that Google announced it is backtracking on its privacy promises to users in order to create the mother of all online profiles by combining the data you give it to nearly all of its services, that secrecy may be more disturbing than the “crime” itself.
Post Comment Private Reply Ignore Thread
Top • Page Up • Full Thread • Page Down • Bottom/Latest
#1. To: A K A Stone (#0)
(Edited)
Google is an advertising firm. That is all it is and all it will ever be as its income is based on those who use Google's resources. Of course it is probably one of the finest search engines on the web BUT that is the sucker punch for end users. Use firefox and use one of its addons called "Scroogle" when using Google. "Where there is will, there is a way" ... to use an old cliche. Browser support: Firefox — dozens of OpenSearch plugins; we do not test any of them Opera — Tools > Preferences > Search > Add. Pick a new keyword ( "x"? ) and for the "Address" use http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=%s Now x search terms should launch a search Chrome — wrench > Options > Default search Manage > Add. Paste the URL shown for Opera, or better yet, use https://ssl.scroogle.org/cgi-bin/nbbwssl.cgi?Gw=%s (Chrome phones home a lot)
I use scroogle but it doesn't always work. It also leaves out some results.
Have you considered using TOR or JonDo?
I've never heard of them.
I tried that duck duck go that Fred Mertz mentioned. I didn't get real good results.
What were your results? I shall help you on how to become COMPLETELY invulnerable to the Internet and the setup for your machine.
#2. To: buckeroo (#1)
#3. To: A K A Stone (#2)
#4. To: buckeroo (#3)
#5. To: buckeroo, Fred Mertz (#3)
#6. To: A K A Stone (#5)
I didn't get real good results.
Top • Page Up • Full Thread • Page Down • Bottom/Latest
[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Mail] [Sign-in] [Setup] [Help] [Register]