PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Google Accused of Tracking Safari Usage Without Permission

Chloe Albanesius
 & Chloe Albanesius Executive Editor, News

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

A Stanford University graduate student has released a report that accuses Google and three other ad networks of side-stepping the privacy settings on Apple's Safari browser to track usage on iPhones and Macs without permission.

Google said the report, which was picked up by the Wall Street Journal, "mischaracterizes" the search giant's efforts. But the company admitted that a glitch accidentally allowed Google cookies "to be set" on Safari and promised a fix.

The other companies named in Jonathan Mayer's report are Vibrant Media, Media Innovation Group, and PointRoll.

"Cookies" are little bits of data collected about your Internet activity. They can be useful - like remembering passwords and settings on sites that you surf to frequently - but there are also concerns about targeted advertising and how much data is really collected. As Mayer noted, popular Web browsers provide the option to block third-party cookies, but Apple's Safari browser is unique in that it blocks third-party cookies by default on the iPhone, iPad, iPod touch, and Macs.

According to the Journal, Google "used special computer code that tricks Apple's Safari Web-browsing software into letting them monitor many users."

A Google spokeswoman, however, said "we used known Safari functionality to provide features that signed-in Google users had enabled." She stressed that "these advertising cookies do not collect personal information."

The spokeswoman acknowledged that Safari blocks third-party cookies by default, but said "Safari enables many Web features for its users that rely on third parties and third-party cookies, such as 'Like' buttons." As a result, Google started using this functionality last year for Safari users who were signed in to Google and had opted to see personalized content - like Google's +1 button.

"To enable these features, we created a temporary communication link between Safari browsers and Google's servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization," the Google spokeswoman continued. "But we designed this so that the information passing between the user's Safari browser and Google's servers was anonymous – effectively creating a barrier between their personal information and the web content they browse."

Safari, however, "contained functionality that then enabled other Google advertising cookies to be set on the browser," Google said. "We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers."

The search giant insisted that IE, Firefox, and Chrome users were not affected, nor were those who opted out of Internet-based ad targeting.

A spokesman from Vibrant Media said the company is "immediately addressing the issue."

"A prior implementation of our technology provided for a separate web page call from the Safari browser which permitted use of a generic user cookie," he continued. "Vibrant Media does not collect personally identifiable information from any users. We remain supportive of all industry privacy guidelines, requirements and best practices. We are a member of the NAI and DAA and adhere to all applicable compliance policies."

In a blog post, PointRoll said it "conducted a limited test within the Safari browser to determine the effectiveness of our mobile ads," but does not currently use the technique mentioned in Mayer's report.

"The test did not involve the collection, retention or resale of any specific user information," wrote Rob Gatto, PointRoll's CEO. "The limited test ended on February 8, 2012, and we made the decision not to employ this practice further."

Media Innovation Group declined comment. Apple did not immediately respond to a request for comment.

Privacy researcher Christopher Soghoian this morning tweeted screen shots of Google's advertising cookie opt-out plugin instructions from Monday and Tuesday. On Monday, they included an "instructions for Safari" section, but any mention of Safari was deleted the next day.

Privacy advocates were quick to criticize the misstep.

"Technological workarounds to evade browser privacy settings are unacceptable," said Justin Brookman, director of consumer privacy at the Center for Democracy & Technology (CDT). "We are severely disappointed that Google and others choose to place tracking cookies on Safari browsers using invisible form submission. While we take Google's assertion at face value that it was not their intent to track users in this way, we are perplexed how this decision evaded Google's internal design and review process. After a several recent missteps – and two new reboots on privacy-by-design – this should never have happened."

Microsoft, of course, used the controversy to push its own Internet Explorer 9, which Redmond said is "the browser that respects your privacy."

Editor's Note: This story was updated Friday afternoon with further comments.

About Our Expert

Chloe Albanesius

Chloe Albanesius

Executive Editor, News

My Experience

I started out covering tech policy in DC for The National Journal, where my beat included state-level tech news and all the congressional hearings and FCC meetings I could handle. I later covered Wall Street trading tech before switching gears to consumer tech. I now lead PCMag's news coverage.

My Areas of Expertise

Getting my start in DC means I still have a soft spot for tech policy; Congressional hearings can sometimes be as entertaining as a Bravo reality show, for better or worse. But PCMag is all about the technology we use every day, as well as keeping an eye out for the trends that will shape the industry in the years ahead (or flop on arrival). I've covered the rise of social media, the iOS vs. Android wars, the cord-cutting revolution that's now left us with hefty streaming bills, and the effort to stuff artificial intelligence into every product you could imagine. This job has taken me to CES in Vegas (one too many times), IFA in Berlin, and MWC in Barcelona. I also drove a Tesla 1,000 miles out west as part of our Best Mobile Networks project. Of late, my focus is on our hard-working team of reporters at PCMag, guiding and editing their robust coverage.

Read the latest from Chloe Albanesius

Read full bio