Google’s been accused of ‘tricking’ Safari to bypass security settings and track iPhone and iPad users’ locations through cookies.
Stanford researcher Jonathan Mayer has told the Wall Street Journal that the conmpany’s advertising networks have been delivering cookies to user’s machines, even when the browser’s set to block them.
Normally, Safari would block cookies coming from advertising networks. But the Google code concerned ‘tricked’ the broser into thinking that a web form was being submitted to Google; and this isn’t blocked, as it allows the browser to check that the form was sent successfully.
The Electronic Frontier Foundation has cited the case as demonstrating the need for a ‘Do Not Track’ policy.
“For a long time, we’ve hoped to see Google respect Do Not Track requests when it acts as a third party on the web, and implement Do Not Track in the Chrome browser,” it says.
“This privacy setting, available in every other major browser, lets users express their choice about whether they want to be tracked by mysterious third parties with whom they have no relationship.”
And Microsoft’s seized on the story with glee, with the company’s Ryan Gavin observing that “this type of tracking by Google is not new”.
Google’s now disabled the offending code – but says it hasn’t really been doing anything wrong.
It set things up with way, it says, to enable features for signed-in Google users on Safari who had opted to see personalised ads and other content – such as the ability to ‘+1’ things that interest them.
To do this, it created a temporary communication link between Safari browsers and Google’s servers, to check whether Safari users were also signed into Google, and had opted for this type of personalization.
The information passing between the browser and Google’s servers was anonymous, it stresses.
“However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser,” says Rachel Whetstone, senior vice president of communications and public policy.
“We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.”