updated 2/17/2012 2:15:40 PM ET 2012-02-17T19:15:40

Google and three other online advertising companies bypassed the default settings in Apple's Safari browser and on iOS devices in order to track Web users, the Wall Street Journal reported on its front page Friday morning.

"The companies used special computer code that tricks Apple's Safari Web-browsing software into letting them monitor many users," the Journal reported. "Safari, the most widely used browser on mobile devices, is designed to block such tracking by default."

Google admitted to the Journal that it had been doing so, and disabled the workaround last night (Feb. 16) after having been contacted by the newspaper.

However, Google also issued a statement: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."

In addition to DoubleClick, which Google owns, the other three online ad-placement companies that used similar workarounds were Vibrant Media Inc., Media Innovation Group LLC, owned by WPP, and PointRoll Inc., owned by Gannett. Vibrant defended its practices to the Journal, WPP chose not to comment and PointRoll claimed to be ignorant of the practice.

Safari is special

Unlike other Web browsers, Apple's Safari automatically disables most ad-based tracking cookies, which log your movements around the Internet and transmit them back to a central server. Safari is the default browser on Macintosh computers and on iOS devices such as iPads and iPhones, though other browsers can be installed.

However, Safari does allow tracking cookies if the user interacts with an ad somehow, such as by filling out a form. Google and the three other companies took advantage of that feature by inserting a piece of code in ads that made Safari think a form had been filled out.

In Google's case, the workaround cookie was set to detect whether a user had signed into Google's Google+ social network. If so, the cookie tracked the user for 24 hours; if not, it was left blank and expired after 12 hours.

Google had built its workaround solely to track signed-in Google+ users, but the Journal explained that a "technical quirk" of Safari meant any ad placed by Google could also place tracking cookies.

"We didn't anticipate that this would happen," a Google spokesperson told the Journal. "These advertising cookies do not collect personal information."

But is it so bad?

Not everyone shared the Journal's judgment that Google's actions constituted a major breach of privacy.

"Apple's mobile version of Safari broke with common Web practice, and as a result, it broke Google's normal approach to engaging with consumers. Was Google's 'normal approach' wrong?" wondered tech entrepreneur and writer John Battelle on his personal blog. "One can debate whether setting cookies should happen by default — but the fact is, that's how it's done on the open Web."

Battelle also questioned why Apple disabled tracking cookies on its browsers in the first place.

"Do you think it's because Apple cares deeply about your privacy?" he wondered. "Might it be possible that Apple is using data as its weapon, dressed up in the PR-friendly clothing of 'privacy protection' for users?"

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments