Google Tracked iPhones, Bypassing Apple Browser Privacy Settings

Given that the Geek2English translation obscured useful detail: Safari blocks third party cookies by default. You can work around this default setting by using an iframe to submit a vestigial form, which will convince Safari that the domain doing the submitting is a first party, not a third party. After you have any cookie on the machine, broadening the scope to include e.g. cookies from your house advertising network is easy. Google says "Whoopsie, we didn't plan on that happening." Cookies are still just cookies and their newfound relevance to the WSJ is still refighting something the Internet largely settled back in 1996.

Lately I've been reading quite a few articles that arguably show Google not following the "Don't Be Evil" moto. But I've always found people having an explanation for the behavior where the benefit of the doubt can be given to Google. (E.g. Social results from SPYW, etc.)<p>I wonder if anyone can throw some light on this matter if there's a way they could be doing this "by mistake", or "unintentionally" or something else. For example could the +1 button be a cause? I don't know but I'm curious.

&#62; Google itself issued a statement saying the Wall Street Journal "mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."<p>Just asking: Isn't it a kind of a subtle lie to say that advertising cookies do not collect personal information? Of course, there isn't a personal information in the cookie itself, but that cookie is used to identify my profile in those third party databases, so they know who I am, and that profile already can contain anything they collected about me in the past, including personal information.<p>UPDATE: This article seems to confirm that the Google's spokesman statement is indeed misleading -&#62; <a href="http://cyberlaw.stanford.edu/node/6701" rel="nofollow">http://cyberlaw.stanford.edu/node/6701</a>

DoubleClick is owned by Google - it <i>is</i> a first-party.<p>If you're on a Google property, Google has every right to serve all the DoubleClick cookies it likes. All the WSJ's witch-hunt + Safari's pain-in-the-ass non-standard defaults mean is that Google will have to do the work to serve its DoubleClick cookies off the google.com domain - which, as people switch more and more to mobile, they will inevitably do.

Safari's default behavior is to Accept Cookies: 'From visited'. This prevents 3rd party iframes from saving cookies without a workaround. However, Chrome, Firefox, Opera, and IE (with proper P3P) all allow 3rd party iframes to save cookies by DEFAULT.<p>This leaves us with the choice of either using the workaround, or not providing a consistent experience that users expect.<p>If Safari worked like every other major browser in this regard-- allowing users to OPT-IN to the stricter cookie policy--then WSJ would be right in nailing Google for working around it.<p>I think Google did nothing wrong. They worked around a browser's non-standard default behavior, which is something we all do multiple times a day. Only when non-standard behavior is OPT-IN is there willful disregard for the user's intent in employing a work-around.

So much bullshit in one article. I mean the technical issue of tracking is probably correct, but it is not a Google vs Apple thing. Every website you visit on the web does it's utmost to track the hell out of you. That is an issue, but Google is not doing anything else than everybody else. I still don't like it, but this article just distorts the issue into something completely different.

Sounds to me like they have some pretty sloppy security then. But that's pretty much the iPhone all over.

But, Google already does the same thing on the devices using Chrome browser. Isn't it?

People should note that removing this "hack " removes arguably useful user functionality such as the facebook like button (or at least the social recommendations part) too.

Where is the "We are Sorry" post? That's what it takes to apologize for taking advantage of platforms that accidentally allow access to more data than they should, right?

A thorough hatchet job by the WSJ, "Google" mentioned 44 times in that piece.