dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


united state

[Security] Google tracked iPhones, bypassing Apple browser priva

Google tracked iPhones, bypassing Apple browser privacy settings
Published February 17, 2012
| The Wall Street Journal
Google and other advertising companies have been bypassing the privacy settings of millions of people using Apple's Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.
The companies used special computer code that tricks Apple's Safari Web-browsing software into letting them monitor many users. Safari, the most widely used browser on mobile devices, is designed to block such tracking by default.
Google disabled its code after being contacted by The Wall Street Journal.
The Google code was spotted by Stanford researcher Jonathan Mayer and independently confirmed by a technical adviser to the Journal, Ashkan Soltani, who found that ads on 22 of the top 100 websites installed the Google tracking code on a test computer, and ads on 23 sites installed it on an iPhone browser.
Read more: »www.foxnews.com/scitech/2012/02/ ··· meJ0uHRf

We the people
Brewster, WA

Re: [Security] Google tracked iPhones, bypassing Apple browser p

The safari privacy settings bypassed was "block 3rd party cookies", Jonathan Mayer found this code in 2010, and this is as much a Google problem as child labor is at Asian factories is for "Apple". Facebook is doing this too apparently, many ad networks.

»www.osnews.com/story/25622/Faceb ··· rictions

This issue in the code belonging to webkit, which is the browser engine for Safari, Chrome, and others, was patched by... Google months ago.

The crazy thing here is that this loophole has already been fixed in WebKit itself. Over 7 months ago. By two Google engineers. In other words, while Google is one of the parties using the loophole, Google itself fixed it 7 months ago.

How do you like them Apples?

said by
ZDNet update from Google

Update: Rachel Whetstone, senior vice-president for communications and public policy at Google, expanded on the Journals findings:

Unlike other major browsers, Apples Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as Like buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content �€” such as the ability to +1 things that interest them.

To enable these features, we created a temporary communication link between Safari browsers and Googles servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the users Safari browser and Googles servers was anonymous �€” effectively creating a barrier between their personal information and the web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didnt anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. Its important to stress that, just as on other browsers, these advertising cookies do not collect personal information.

This is probably just a smear job related to something else more evil happening today that is so far staying below the radar in the news. Or the WSJ staff needed some quick stories to put out on a Friday so they can go hide from the not-on-their-payroll-police all weekend.
Say no to JAMS!

Bronx, NY
said by firephoto:

This issue in the code belonging to webkit, which is the browser engine for Safari, Chrome, and others, was patched by... Google months ago.

So it's ok to exploit a bug if you're Google, but if a hacker does it, it's wrong?

Google fixing the code doesn't change the fact that they were knowingly doing something that wasn't supposed to be possible with Safari's default settings. Google engineers fixing the code just proves they were aware of the issue long before they stopped doing it.

If other Ad networks (not owned by Google) were also exploiting the bug, they should be highlighted as well. I agree that the articles are probably pinpointing Google to get more hits.
University of Southern California - Fight On!

We the people
Brewster, WA
Oh I see google as guilty as the rest using this method, just a lot of humor to the whole thing really. The whole WSJ article could replace Google with Facebook and have a different spin on it from the re-reporting.
Say no to JAMS!