x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • Apple, Google, Facebook caught up in Safari privacy imbroglio

Apple, Google, Facebook caught up in Safari privacy imbroglio

Apple, Google, Facebook caught up in Safari privacy imbroglio
The Wall Street Journal engaged in a bit of gotcha journalism this morning, in a piece that accuses Google and other advertisers of “bypassing mobile Safari’s privacy settings.” This accusation comes despite the fact that the functionality they are using has been in widespread use for over two years. Confused? So, apparently, is the WSJ.

When you surf the web in Safari, by default websites cannot add cookies to your browser. Safari doesn’t tell you this, nor ask you what your preference is, they simply turn them off, and to turn them on you have to discover the right page in the settings menu, which of course most customers don’t do. Apple claims that this protects user privacy, although of course it also cuts off all forms of personalized advertising and many web services.

Of course web-based advertising and services are competing with Apple’s services. Which explains why they “protect” you from cookies that don’t collect personal information, but (until recent events shamed them into it) Apple didn’t protect you against iOS app manufacturers that wanted to upload your entire contacts list to their servers.

Apple’s privacy policy also breaks many other popular web services, like many Facebook apps, Google +1 buttons, etc. Well, it would break them, except that those types of interactions use a work-around. It turns out that Safari will accept a cookie, even when cookies are turned off, if the user submits an internet form. So those services are enable by making it appear to Safari that an invisible form is being submitted when you “+1” something.

The WSJ journal has gone apoplectic on the issue, framing it as if these companies are trying to engage in data theft, even though the practice has existed for two years and is so common that Facebook shows app developers how to do this as part of their “best practices” guide on their website. Indeed, Google referred to it as “existing functionality” in Safari to enable those services, and Apple has apparently been in no rush to fix this work around.

Apple, Google, Facebook caught up in Safari privacy imbroglio
The problem has become magnified, however, because there’s a bug in Safari that allows advertising and other cookies to be saved once the first “list-based” cookie is saved. In other words, once the fairly innocuous web-service cookie is installed, the floodgates are opened to advertising services and other cookies that can piggy-back in. Which is not good if you purposely want to avoid those sorts of cookies.

While Facebook and Google aren’t trying to engage in the tracking of personal information in their work around (Google representatives emphasized that no personal information is gathered, even by the cookies that sneak in), it’s still a bad solution. Even if the loophole for other cookies is fixed, leaving the work-around for Facebook and Google in essence turns on a type of cookie, even for customers who don’t use Facebook or Google services (or other web-based services). And any service that places a cookie of any sort should give you the option to opt-in to it the first time, not "sneak it by" your browser.

The underlying problem seems to be that consumers simply don’t understand the different forms of “tracking” and how cookies enable web services. Most users would be unhappy if their favorite Facebook apps stopped working on iOS devices, but at the same time many of them think that Apple blocking all forms of “tracking” is good for them, even though these are diametrically opposed concepts.

What is needed is for someone to come up with a better interface so that ordinary customers can understand the tradeoffs between privacy and services. If people only use Apple services, they should be able to choose to accept no cookies at all, and not have that choice undermined by code that tricks their browser. At the same time, people who want to use services from Google, Facebook, and others shouldn’t have those settings hidden away from them by Apple. There needs to be more granular privacy controls that are presented in a clear and straight-forward manner.

In the short term, Google has apologized for the "unanticipated" bug that allowed other cookies to piggy back on top of their Google+ sign in. Apple has stated that it will “address the issue”, but it will be interesting to see if this makes the situation with web services better or worse for users. Either way, consumers deserve an intelligent discussion about these subjects in the press, rather than a histrionic stroll down Yellow Journalism Lane. The Wall Street Journal should be ashamed at the alarmist tone of their article.

In conclusion, there’s plenty of blame to go around here for everyone.

sources: WSJ, Jeff Battelle's searchblog, The Verge

  • Options

posted on 17 Feb 2012, 14:09

1. dreammixer (banned) (Posts: 81; Member since: 10 Feb 2012)

Google stealing people's information is nothing new and you being apologetic about it doesn't help the fact.

posted on 17 Feb 2012, 14:21 9

3. roscuthiii (Posts: 2233; Member since: 18 Jul 2010)

It's a fallacy in Safari that was exploited, not something Google or Facebook has engineered. Most likely Twitter, LinkedIn, Stumbleupon, Digg, Reddit, and any number of other companies were doing exactly the same thing to Safari.

You can't really claim any kind of invasion of privacy when first you had to sign in to Google, and then went and clicked the +1 button. (Or sign in to Facebook and click the "Like" button.) Those are voluntary actions. That kind of denotes the intention of sharing, or do people really not understand how the social networking buttons work?

It's really just a matter of semantics and perception. Safari lets sites place tracking cookies if a user interacts with the site, such as by filling out a form. Technically, that's exactly what happened. Not even technically, that IS what happened. The user chose to interact with Google and by clicking the +1 was requesting Google take their data. The situation reminds me of the kids sitting in the backseat saying, "You can't touch me, I have a shield!" But then go ahead and poke their little brother.

posted on 17 Feb 2012, 14:31 3

8. LoneShaolin (Posts: 307; Member since: 14 Jan 2012)

Truth. The second you sign in and hit Like/+1 is PERMISSION.

posted on 17 Feb 2012, 17:33

17. solidsnakeduds013 (Posts: 219; Member since: 20 Oct 2010)

Thank you. You comment gets thumbs up

posted on 17 Feb 2012, 14:24 3

5. MorePhonesThanNeeded (Posts: 645; Member since: 23 Oct 2011)

Perhaps you should learn to read iDiot! Said nothing about Google or anyone stealing your info, just says that they bypass the no cookie thing on safari to allow Google and FB things to save a cookie from their site in your browser. I hate stupidity and not the stupid people that use it. It's ok you will learn more if you read :)

posted on 17 Feb 2012, 14:17 3

2. cj100570 (Posts: 204; Member since: 12 May 2009)

So telling the truth about the situation is being apologetic? And since you seem to be privy to info that no one is aware of, what info has Google "stolen" from anyone?

posted on 22 Feb 2012, 23:40

22. sprockkets (Posts: 1611; Member since: 16 Jan 2012)

Overcome with anger; extremely indignant.
Relating to or denoting apoplexy (stroke): "an apoplectic attack".

If you thought it said apologetic, you were wrong. And, btw, the WSJ hates google with a passion; they are diametrically oppossed in their political beliefs, and it shows. Example, the WSJ didn't like the fact of how Google treated the situation of Bill Clinton's search results vs. Rick Santorum's.

posted on 23 Feb 2012, 06:17

23. cj100570 (Posts: 204; Member since: 12 May 2009)

Your comment has me slightly confused. The 1st comment, to which I replied, claimed that the OP was being "apologetic" to Google. You're referencing the word "apoplectic", in a reply to my comment. I fail to see the connection. Please enlighten me.

posted on 17 Feb 2012, 14:21 2

4. remixfa (Posts: 14605; Member since: 19 Dec 2008)

tell me all the things google has stolen from you please. a nice list would be great.

i love the little semi-zinger at the end about apple's refusal to allow competing browsers.

how do u guys live with being (mostly) adults and told how you can use every facet of your device? geesh.

posted on 17 Feb 2012, 14:26

6. dreammixer (banned) (Posts: 81; Member since: 10 Feb 2012)

Shows the author is ignorant as there are plenty of 3rd party browsers available in the app store. Google is known worldwide for stealing information. I'm not going to waste my time. Do a GOOGLE search :)

posted on 17 Feb 2012, 14:36 3

9. Scott_H (Posts: 167; Member since: 28 Oct 2011)

Dream is right in a way - there are lots of browsers that reskin the Safari code to provide differences in the basic UI. Apple generally restricts the sort of drastic changes that would allow for the type of competition I was referring to, but that's more detail than is necessary for this topic, so I removed it rather than expanding it.

The article, however, does not apologize for companies that used the work-around - we condemn the solution. But the reality is that everyone, including Apple (who ignored it for two years) was basically treating it as an open secret until the WSJ discovered that it also allowed for ad tracking. Consumers deserve a better solution.

As for Google "stealing" information - that's just hyperbole.

posted on 17 Feb 2012, 16:33

13. dreammixer (banned) (Posts: 81; Member since: 10 Feb 2012)

Google has gotten in trouble lots of times for taking information without permission.

posted on 17 Feb 2012, 17:08

15. 14545 (Posts: 1671; Member since: 22 Nov 2011)

WTF are you talking about? The only thing that they have ever gotten a slap on the wrist for was the "wifi snooping" incident in Europe. Please cite specific examples are STFU.

posted on 17 Feb 2012, 14:27 2

7. tward291 (Posts: 559; Member since: 14 Feb 2012)

dame safari my porn never works

posted on 17 Feb 2012, 15:00 1

10. Droid800 (Posts: 22; Member since: 23 Jan 2012)

God Phone Arena is getting as bad as Droid-life with their irrational iHate.

Google did something wrong, and they got pinged for it. Stop trying to excuse their mistake.

posted on 17 Feb 2012, 15:33 1

11. Scott_H (Posts: 167; Member since: 28 Oct 2011)

We're apparently in the same boat as "iHaters" like MG Siegler? No one is saying that the companies doing this (it's not just Google) were using the right solution, it's just that the issue is more complicated than the simplistic "oh noes, Google is evil!" sort of story that the WSJ wrote.

posted on 17 Feb 2012, 15:58 5

12. MichaelHeller (Posts: 2707; Member since: 26 May 2011)

It isn't iHate to say that Apple has a hand in this mess. However, it is fanboyism to ignore Apple's responsibility and and target Google in this case.

Google, Facebook and the rest probably shouldn't have used the workaround, but Apple should have given users the choice in accepting cookies in the first place.

posted on 17 Feb 2012, 16:35

14. dreammixer (banned) (Posts: 81; Member since: 10 Feb 2012)

Apple does give choice in accepting cookies although I agree it should be a more obvious choice. Still doesn't make what google is doing ok.

posted on 17 Feb 2012, 17:10 2

16. 14545 (Posts: 1671; Member since: 22 Nov 2011)

DID YOU MISS THE FACEBOOK PART? Geez, take your iCrap somewhere else.

posted on 17 Feb 2012, 19:48

18. Retro-touch (Posts: 277; Member since: 24 Oct 2011)

I've been wondering the same thing seeing his repetitve post, there are probably more sites that use this trick but for simplicity sake they concentrated on Facebook and Google

posted on 19 Feb 2012, 13:53

21. Stuticus (Posts: 26; Member since: 05 Feb 2012)

The problem with that is the average iDiot doesn't know what they would need to do on their own to make it work, much less that they could look up how to do it.

posted on 17 Feb 2012, 19:48

19. ENIGMA (Posts: 81; Member since: 17 Feb 2012)

We beleive apple is losing market to android

posted on 17 Feb 2012, 23:37

20. squallz506 (banned) (Posts: 1075; Member since: 19 Oct 2011)

i dislike this article.

the source is a much better read.

the source explains that the security breach is a tracking cookie dropped in by google or advent or other advertisers. the cookie collects no personal information; it is invasive but harmless. i think its a fair trade to give up a little information in exchange for better services.

Want to comment? Please login or register.

Latest stories