Microsoft, others hit back at Google for privacy hack
By Hayley Tsukayama,
After news broke that Google has been using code to circumvent Apple privacy settings on the Safari browser to serve personalized ads to its account holders, Microsoft took the opportunity to gleefully point out the privacy features in its Internet Explorer browser.
“Apparently, Google has been able to track users of Apple’s Safari browser while they surf the web on their Apple iPhones, iPads and Macs,” wrote Ryan Gavin, Microsoft’s general manager for Internet Explorer Business and Marketing in a company blog post. “This type of tracking by Google is not new. The novelty here is that Google apparently circumvented the privacy protections built into Apple’s Safari browser in a deliberate, and ultimately, successful fashion.”
As for this latest incident, in a statement given to The Washington Post, Google spokeswoman Rachel Whetstone said that the company was simply using a “known Safari functionality” that allowed the company to serve Safari users personalized ads when they were logged-in to Google services.
Safari, by default, only accepts cookies from sites that it visits directly. In order to be able to serve ads from its DoubleClick network on Google pages — adding the functionality to, for example, use the +1 button — Google used some code to make Safari think users visited DoubleClick directly and had filled out a form. But Google’s small modification also made it possible for other cookies from DoubleClick to make it onto users’ machines, prompting Google to begin removing the advertising cookies.
Whetstone said that information passing between Safari and Google’s servers was not linked to personal information and that Google was not collecting personal information with these cookies.
Privacy advocates also criticized Google. The Electronic Frontier Foundation said Friday that Google’s actions are a prime example of why the U.S. needs “Do Not Track” options, which would prevent advertisers from attaching cookies to users’ machines. The digital rights non-profit called on Google to add “Do Not Track” to its existing opt-out mechanisms for advertising and analytics.
Other groups asked how the workaround got through Google’s design process. Justin Brookman, the Center for Democracy and Technology's director of consumer privacy said in a statement, “We are severely disappointed that Google and others choose to place tracking cookies on Safari browsers using invisible form submission. While we take Google’s assertion at face value that it was not their intent to track users in this way, we are perplexed how this decision evaded Google’s internal design and review process. After a several recent missteps--and two new reboots on privacy-by-design--this should never have happened.”