Google has come under attack for violating users’ privacy and ignoring their wishes after admitting that it intentionally circumvented security settings in Apple’s Safari browser to track users on both desktop computers and iPhones.

A number of other advertisers exploited the loophole it had created to track those users too.

“Our data suggests that millions of users may have been affected,” Jonathan Mayer, the independent researcher at Stanford University who discovered the workaround by the search giant, told the Guardian.

…snip…

To get around Safari’s blocking, the Wall Street Journal explains, Google put code onto some of its ads served by DoubleClick’s servers at doubleclick.net to fool the Safari browser into thinking the user was interacting with DoubleClick.

But, the EFF notes: “That had the side effect of completely undoing all of Safari’s protections against doubleclick.net.”

That meant that other DoubleClick cookies, including the principal tracking one which Safari would normally block, were allowed.

“Like a balloon popped with a pinprick, all of Safari’s protections against DoubleClick were gone,” the EFF said.

A big deal? Has Google gone too far?



  1. spreeuw says:

    who cares, I hope these POS cloud companies kill eachother off.

  2. Jess Hurchist says:

    Sounds more like Safari didn’t go far enough

  3. soundwash says:

    surprise!

    I’ve been blocking all of doubleclick’s ad google’s tracking servers for years via the hosts file. -you want (much) faster browsing. block’em all.

    a decent hosts file and the Ghostery firefox extension will fubar almost all tracking crap -and the hosts file will save a lot of bandwidth from being wasted on useless ads.

    -s

  4. Hmeyers2 says:

    “Sounds more like Safari didn’t go far enough”

    Jess Hurchist for the win.

    Blaming Google, providing they used valid Javascript and HTML, is silly. If they didn’t do it, some other advertiser would use the workaround.

    The problem is that Safari’s implementation was not fully effective.

    • Dr Spearmint Fur says:

      You’re right about that. Microsoft had to go batshit crazy for years to get better on security. Apple has been bringing in outside help from the security community which is a smart move. It sucks to have to be a grownup but that’s what happens when you’re successful.

      Javascript engines are the new security black hole since everyone has been focused on speed for years.

    • dusanmal says:

      Blaming Google because they did things secretly behind the “scene” of the actual webpage. Trivialized – you went to something.something.com. You blocked in Safari settings ability of something.something.com to set any other cookies but its own. Honest server/provider does exactly that. Criminal server behind your back, without informing you or showing you anything loads “invisible” Google page together with actual something.something.com page so that now Google cookie can be set too. “Invisible” in a sense that it is intentionally hidden from you. Essentially going to Google page without your knowledge or request and actively hiding that fact. For obvious profit of only one participant in the transaction – Google.
      If we have had proper authorities Google would be charged for unauthorized computer access for every single instance. Because if I did it to say, employee of somebigbank.com and they traced me – I would face that charge by existing law.

      • Hmeyers2 says:

        Even if true, blaming the web site and not browser security doesn’t help if some Russian web site is using the same exploit.

        Any behavior that requires trusting the visiting web site is going to be exploited.

      • Ivan Vučica says:

        Also, in case the website is not hosted by Google (as appears to be the case) — the website that published the ad profits from the deal.

  5. Dr Spearmint Fur says:

    Most users don’t care and Apple will plug it. Small story itself.

    Google repeatedly seems very happy to step over the line and feign innocence a lot. Eventually it will erode trust. It’s an opening for competitors to exploit. If you take out search and mail (their big products) then they have nothing.

  6. Zybch says:

    “Our data suggests that millions of users may have been affected,”

    Who could have guessed there were that many pretend computer users out there.

  7. Howard Beale says:

    I’m shocked, shocked to find that web privacy wishes are being ignored.

    hey Google “Don’t be evil”

  8. Dr Spearmint Fur says:

    And meanwhile, back at the ranch.

  9. dcphill says:

    and meanwhile back at the commercial.

  10. KMFIX says:

    Google loves evil.

  11. McCullough says:

    I wasn’t aware many people used Safari. No one I know.

    I dumped all google products (was it last week)? that I was using when they informed me of their invasive privacy terms. Still use google search behind a proxy however. But that’s it.

    https://www.startpage.com/

    send a message

    • Hmeyers2 says:

      iPhones and iPad use Safari as stated in the article summary.

    • honeyman says:

      Likewise. I have dumped Chrome and Gmail, and returned to Firefox which I have set to reject all Google cookies.

      It’s a pity because they are both really great products.

      • Hmeyers2 says:

        FireFox is the only mainstream “pure” browser with no ulterior motivations.

        Chrome is a nice browser, but as Google makes their living off distributing ads I always wonder if it might be doing something I don’t know about.

        • dittmv says:

          … except that it gets most of its money to run its operations from the Google search box…

    • UncDon says:

      I use it all the time. Many a link I’ve sent my brother, Uncle Dave, was viewed with Safari.

      And mostly on my PC’s.

  12. sargasso_c says:

    The smartest guys in the room are violating the trusts in server-client software to load unauthorised code onto private, corporate and federal government computers? Well. That’s bad.

  13. Emily says:

    What’s all this talk about a Google Circumcising Safari?

  14. AdmFubar says:

    if they are doing that to mac uses, imagine what they do to chrome users..
    😛

  15. Sombody says:

    Safari has Security?

  16. Zybch says:

    And people still trust google. Why?

  17. Yaknow says:

    Trust and the internet….trust can’t exist in the would of ones and zeros and everything in between. There is no such thing as privacy where money can be made. Google souled it’s soul along with Apple and facebook. It isn’t government we should fear, it is Google.

  18. BigBoyBC says:

    Funny, if Google had done this to IE everyone would be blasting Microsoft, but since its Safari, Apple seems to be getting a free pass. Personally, anyone dumb enough to use IE or Safari deserves what the get…

    Besides everyone, especially the media knows smart people use Opera…

    • Ivan Vučica says:

      Don’t be trolling. Safari is a pretty good browser. Opera is neat, especially the mobile versions. I find Firefox more abhorrent than any other browser. Despite privacy concerns, Chrome is a decent browser.

      And, what would you use on an iOS device apart from the built-in browser? Do you really expect people to install a different browser on Android?

  19. The Startled Old Man says:

    One day while minding my own damn business I see that damn grass standing, walking, and cavorting all over my kids. I yell, “Get off my kids you damn grass!”, but the grass refused to head my warning calls.

    It wasn’t pretty after that.

  20. A. Sheeple says:

    Giant superpowerful megacorporations are good. Giant superpowerful megacorporations love me. Giant superpowerful megacorporations would never-ever-ever do anything bad. Praise Jesus. God bless America.

    And MY favorite giant superpowerful megacorporation is BETTER than YOUR favorite giant superpowerful megacorporation. So, nyah!

  21. Meh, until they can answer the question, “where, the fuck, are my keys?” I won’t be impressed.

  22. Grey says:

    Whatever happened to “Don’t be evil”?

    • vdiv says:

      No, no. “Don’t be evil!” applies to everyone else. Isn’t this what malware does — exploiting weaknesses in software for reasons not agreed to by the user? Can we finally agree that Google produces malware?

  23. orchidcup says:

    That does it for me.

    I am going to cancel my Gmail subscription along with Google Voice, Google Reader, Google Scholar, Google Earth, Google Calendar, Google Documents, Google News, Google Translate, Google Earth, YouTube, and Picasa,

    I am going back to pen and paper.

    I’ll show them …

  24. deowll says:

    While it does appear that Google in it’s own words ended up doing rather more than it meant to do I’m not concerned about it.

    My questions are:

    Why is anyone using Safari?

    Why doesn’t Apple block this known security hole?

    I doubt if Google is the only organization to make use of the hole. It isn’t new. It’s been known for some time.

  25. blah blah blah says:

    Time after time Google is in the news over privacy issues. Why do people continue to use Google services?

  26. DrWally says:

    uhhh….Apple promoted it’s software as being dependably secure, except it wasn’t. Microsoft continues to promote it software as being dependably secure, except it isn’t.

    Whether you think Google was wrong to exploit an opening or not, the message should be simple to everyone: Nothing is really secure if it is on the network. Nothing. Not Ever.

    It is the new cyber-reality — like it or not, you are not going to change it. (Well, maybe that pencil-and-paper dude…)

  27. Likes2LOL says:

    Lord Acton had it right back in 1887: “Power tends to corrupt, and absolute power corrupts absolutely.”

    The folks at Google appear severely addicted to collecting data on computer users, registered or not — maybe they have other purposes besides serving “relevant” ads and improving our browsing experiences?

    At least this time Google didn’t try to pretend that their circumventing the browser security settings was accidental, like they did when they got caught collecting Wi-Fi data with their Street View cars – yeah, right!

    It’s official now: Google’s gone Evil, over to the Dark Side. I wonder what else they’re doing that we don’t even know about yet…

  28. President Amabo (& my wife Chewbacca) (threaded comment systems are for retards) says:

    What’s the big deal? Last week, I couldn’t find my car keys. I asked Google and it said “behind your couch on the left side.” It was right and I made it to work on time. All hail Google.
    —–

    OK, in all seriousness, no one has a right to know anything about my surfing habits – not even me. We need to institute the death penalty for privacy violations.

  29. Cap'nKangaroo says:

    And Google still doesn’t know half of what your ISP knows about you.

  30. Skeptic says:

    Google is in this for the money. So why does anything they do surprise you?

    They were caught, so IMO the system is still working.


1

Bad Behavior has blocked 13458 access attempts in the last 7 days.