Google Under Fire for Circumvention of Cookie Settings in Safari for iOS to Track Users
The Wall Street Journal reports that Google and several other advertising agencies have been discovered to be circumventing privacy protections in Apple's Safari browser for iOS devices in order to track users through ads on numerous popular websites. Google implemented the technique in order to embed +1 buttons on its ads, tricking users' systems into allowing cookies by using an invisible form submission to make Google's third-party cookies, which are blocked by Safari, appear as first-party cookies that are allowed.
To get around Safari's default blocking, Google exploited a loophole in the browser's privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.
The cookie that Google installed on the computer was temporary; it expired in 12 to 24 hours. But it could sometimes result in extensive tracking of Safari users. This is because of a technical quirk in Safari that allows companies to easily add more cookies to a user's computer once the company has installed at least one cookie.
Google halted the practice once it was contacted by The Wall Street Journal about it, but has tried to downplay the impact of the issue.
In a statement, Google said: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."
In a companion blog post, The Wall Street Journal notes that the loophole that had permitted Google to bypass Safari's privacy protections has been closed in WebKit, the open source engine behind Safari, with the change having been made by two Google engineers. Consequently, Apple could and appears to be preparing to bring that fix to the public version of Safari.
An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.”
An update to the software that underlies Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update. The people who handled the proposed change, according to software documents: two engineers at Google.
The issue was discovered by Stanford graduate student Jonathan Mayer, who has also published an extensive blog post offering additional technical details on how Google and other advertising companies circumvented Safari's default cookie settings.
Popular Stories
Apple earlier this week announced the discontinuation of the iPod touch, and because it was the last iPod still available for purchase, its sunsetting effectively marks the end of the entire iPod lineup.
To send the iPod on its way, we thought it would be fun to take a look back at some of the most notable iPod releases over the last 21 years.
Original iPod (2001)
Introduced in October...
iOS 16 will include new ways of interacting with the system and some "fresh Apple apps," Bloomberg's Mark Gurman has said, offering some more detail on what Apple has in store for the upcoming release of iOS and iPadOS set to be announced in a few weeks at WWDC. In the latest edition of his Power On newsletter, Gurman wrote that while iOS 16 is not likely to introduce a major face-lift to...
It's been over 200 days since Apple debuted its redesigned MacBook Pro lineup. Offered in 14-inch and 16-inch display sizes, the new-look MacBooks wowed Apple fans and creative pros alike with their powerful custom Apple silicon, mini-LED screen, and multiple connectivity options. But there are still some things you can't do with a MacBook Pro. Here are five features some Mac users are still...
While there are as yet no concrete rumors related to which devices iOS 16 and iPadOS 16 will support, the discontinuation of the iPod touch earlier this week may be an indication that as many as nine devices could be about to lose support for Apple's upcoming operating systems.
iOS and iPadOS 13, 14, and 15 support all of the same devices, with the iPhone 6S and iPhone 6S Plus,...
Apple has launched a special limited-time offer for iPhone, Apple Watch, Mac, and iPad trade-in that offers customers additional credit when trading in their only device for a new one.
The offer is being run in several countries including the US, UK, Germany, Spain, Italy, South Korea, Japan, Taiwan, China, India, and France. In the UK, Apple is offering up to £50 of extra trade-in credit...
Sony's flagship WH-1000XM4 noise-canceling headphones have been among the best on the market for some time, and today Sony announced its fifth-generation WH-1000XM5 headphones, boasting a new design and several improvements over the previous model.
The redesigned headphones replace the shrouded arms that swivel on the XM4's with an exposed arm that has a single contact point at the earcups,...
Apple plans to launch a new version of the Apple TV in the second half of 2022, according to well-known analyst Ming-Chi Kuo.
In a tweet today, Kuo said the new Apple TV will have an improved cost structure, suggesting that the device could have a lower price that is more competitive with other streaming media players like Google's Chromecast line, Amazon's Fire TV line, and the Roku line. ...
The iPhone 14 and iPhone 14 Pro models will be available in a refreshed range of color options, including an all-new purple color, according to a recent rumor.
The claim comes from a post on Chinese social media site Weibo by an unverified source and purports to reveal the full range of color options for Apple's upcoming iPhone 14 and iPhone 14 Pro models. Compared to the selection of color...
Top Rated Comments
:rolleyes:
This is evil. These yahoos were deliberately working around the privacy/security on a platform. There should be a massive fine and people should be fired from the company.
The really shocking thing is that very smart people within the company noted this loophole and designed the workaround. Did their ethical light-bulbs never go on? Can the government subpoena email records to see how high up the company people knew about this evil act?
Yup, I "unintentionally" write lines of code all the time that exploit loopholes that benefit me.