GOOGLE: The Wall Street Journal Is Full Of Crap -- Here's What That Apple Safari "Tracking" Was Really About
by Henry Blodget on Feb 17, 2012, 10:54 AM
Advertisement
 Earlier, we described how the Wall Street Journal caught Google using another questionable online tracking tactic, one that Google has since stopped using. The tactic consisted of Google creating a way to secretly circumvent privacy settings that Apple put into its web browser, Safari. The workaround allowed Google to enable some Google features that would otherwise have been inaccessible to Safari users, such as the ability to use Google's "+ 1" button (Google's version of Facebook's "Like" button) to "like" ads served by Google. The workaround, however, also enabled other ad networks to drop ad-tracking cookies on unsuspecting Safari users, which Google says was an unintended consequence. Google says that the WSJ "mischaracterized" its intentions and behavior here. Google's frustration with the WSJ article is understandable, at least with respect to Google's intentions. But it's also no surprise that people are once again stunned by Google's behavior here. And Google's statement will not set everyone at ease. The facts are that: - Google secretly developed a way to circumvent default privacy settings established by a hated competitor, Apple
- Google enabled this workaround to further its own advertising (revenue) and social-netwoking goals.
- Google's workaround unintentionally enabled other companies to circumvent Apple's privacy rules as well.
Given the scrutiny around Google's power and privacy practices, Google's decision to do this can charitably be described as tone-deaf. More accurately, it can be described as idiotic. But, as usual, there's plenty of nuance here. Here's an explanation of what we think Google was trying to do, followed by a full statement from Google. WHAT GOOGLE WAS THINKING We spoke with an industry source who we believe understands Google's perspective on this matter. According to this source, here's what Google may have been thinking: The default privacy settings for Apple's Safari web browser, which is included on all Apple products, do not allow random web sites to drop "tracking cookies" on users' computers. Such cookies, which are used by most web sites and web services, can be used for both helpful and creepy purposes, depending on who is using them. Although many unsophisticated web users recoil at the thought that any web site is placing anything on their computers to "track" them, it is these cookies that allow users to stay signed-in to certain web sites and do other things that make the web vastly more useful and convenient. Facebook, Google, and Apple, for example, all use cookies to keep users logged-in to certain services. The web would be vastly less useful without them. Our source says that Apple's Safari browser does allow these sorts of cookies to be dropped on users' computers, even with the default privacy settings turned on. Once a Safari user signs into a web site like Facebook or Google, our source says, Safari concludes that the site is a trusted site and, thereafter, will allow that site to place as many cookies as it likes on the users' computer. This is how Safari users can stay signed in to Facebook, Gmail, Twitter, and other services, even when they are using Safari's default privacy settings. (If Safari did now allow this, most users would conclude that something was broken because they wouldn't say "signed in" anywhere). What Safari does NOT allow, by default, is for third-party advertisers and advertising networks to drop cookies on users' computers without their permission. It is these ad-tracking cookies that cause lots of Internet users to freak out that their privacy is being violated, so it's understandable that Apple decided to block them by default. But these default settings have created a problem for Google, at least with respect to its advertising business. Google serves its Google services and its display advertising services from two different domains. Google's web services, like Gmail and Google +, are served from the Google domain. Google's brand ads, meanwhile, are served from the Doubleclick domain. Because of Safari's cookie restrictions, Google can drop "cookies" on Google users who sign into Google services, but it cannot drop "cookies" from the Doubleclick domain. And this created a problem because Google wants its users to be able to use its "+1" button to "like" advertisements that it serves them. Why does Google want its users to be able to "+1" advertisements? So it can assess the relevancy and effectiveness of those ads. Because Google's ads are served from the Doubleclick domain rather than the Google domain, Google cannot put cookie necessary to enable the "+1" button on Safari users' computers. So Google decided to develop a Safari workaround that allowed it to put the "+1" button on its ads. This workaround was a "known" Safari workaround (meaning that Google wasn't the first company to discover or use it). It allowed Google to fool Safari into thinking that Google's Doubleclick domain was a trusted site from which Safari should accept cookies. This Google decision--to hack up a secret way to circumvent Safari's privacy restrictions to promote its "+1" service, serve more relevant ads, and make more money--would have raised eyebrows and hackles on its own. But the problem was compounded by an unintended consequence: Google's hack also allowed other third-parties to drop tracking cookies on Safari users--third-parties like Vibrant Media and PointRoll, the very users that Apple's privacy restrictions were designed to block. So, suddenly, it appeared that Google had not only secretly devised a way to get around Safari's privacy settings for its own goals, but had also helped other privacy-violating companies pursue sleazy tracking practices that Apple wanted to block. As former Presidential candidate Rick Perry might say, "Oops." THE BOTTOM LINE It seems likely that Google's secret Safari workaround was devised by a small team of engineers who were seeking to solve a narrow problem and who did not view their actions from the perspective of an outside public that already suspects that Google constantly abuses its privacy to further its own nefarious goals. In other words, it does not seem likely that Google management would have been stupid and tone-deaf enough to approve a hack like this. And it seems likely that the team that devised the "solution" is now being suitably educated on the larger ramifications of its creative solution. But, of course, from the public's perspective, the effect is the same: Google has once again put its foot in it. And this latest scandal will likely increase government and public scrutiny of the company's power and privacy practices. GOOGLE'S STATEMENT Here's Google's full statement on the matter: The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.
Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to “+1” things that interest them.
To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous--effectively creating a barrier between their personal information and the web content they browse.
However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.
Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google’s Ads Preferences Manager. SEE ALSO: BUSTED: Google Caught Hacking Apple Safari To Track iPhone And Mac Users
Please follow SAI on Twitter and Facebook.
| 
?>){kind=spacer}
Facebook
Twitter
Digg
Reddit
StumbleUpon
LinkedIn
No comments:
Post a Comment