When you surf the web in Safari, by default websites cannot add cookies to your browser. Safari doesn’t tell you this, nor ask you what your preference is, they simply turn them off, and to turn them on you have to discover the right page in the settings menu, which of course most customers don’t do. Apple claims that this protects user privacy, although of course it also cuts off all forms of personalized advertising and many web services.
Of course web-based advertising and services are competing with Apple’s services. Which explains why they “protect” you from cookies that don’t collect personal information, but (until recent events shamed them into it) Apple didn’t protect you against iOS app manufacturers that wanted to upload your entire contacts list to their servers.
The WSJ journal has gone apoplectic on the issue, framing it as if these companies are trying to engage in data theft, even though the practice has existed for two years and is so common that Facebook shows app developers how to do this as part of their “best practices” guide on their website. Indeed, Google referred to it as “existing functionality” in Safari to enable those services, and Apple has apparently been in no rush to fix this work around.
While Facebook and Google aren’t trying to engage in the tracking of personal information in their work around (Google representatives emphasized that no personal information is gathered, even by the cookies that sneak in), it’s still a bad solution. Even if the loophole for other cookies is fixed, leaving the work-around for Facebook and Google in essence turns on a type of cookie, even for customers who don’t use Facebook or Google services (or other web-based services). And any service that places a cookie of any sort should give you the option to opt-in to it the first time, not "sneak it by" your browser.
The underlying problem seems to be that consumers simply don’t understand the different forms of “tracking” and how cookies enable web services. Most users would be unhappy if their favorite Facebook apps stopped working on iOS devices, but at the same time many of them think that Apple blocking all forms of “tracking” is good for them, even though these are diametrically opposed concepts.
What is needed is for someone to come up with a better interface so that ordinary customers can understand the tradeoffs between privacy and services. If people only use Apple services, they should be able to choose to accept no cookies at all, and not have that choice undermined by code that tricks their browser. At the same time, people who want to use services from Google, Facebook, and others shouldn’t have those settings hidden away from them by Apple. There needs to be more granular privacy controls that are presented in a clear and straight-forward manner.
In the short term, Google has apologized for the "unanticipated" bug that allowed other cookies to piggy back on top of their Google+ sign in. Apple has stated that it will “address the issue”, but it will be interesting to see if this makes the situation with web services better or worse for users. Either way, consumers deserve an intelligent discussion about these subjects in the press, rather than a histrionic stroll down Yellow Journalism Lane. The Wall Street Journal should be ashamed at the alarmist tone of their article.
In conclusion, there’s plenty of blame to go around here for everyone.
sources: WSJ, Jeff Battelle's searchblog, The Verge