Google was using a software trick to get around a Safari setting that only allow certain types of cookies. That way the company could put cookies on a user’s device, letting it track sites visited, which in turn let Google tailor advertising to the user.
By default, Safari blocks cookies from third parties. Most browsers allow users to block cookies, but don’t set it as a default. Google happens to operate many of its advertising services, including DoubleClick, from a domain outside Google.com — a domain which Safari treats as a third party. So even if a user was logged into Google, DoubleClick was blocked from serving ads to the user — unless that user approved the cookie by, say, filling out a form.
The company put a hidden field in some of its sites that essentially acted as a form, even though the user never filled out anything. That told Safari it was OK for DoubleClick to serve ads to the unknowing, unwitting user.
Google says it’s all an accident. Even though Google’s primary business is advertising and the Safari browser on iPhones and iPads is said to account for more than 50% of mobile browsing, Google says it was merely taking advantage of a known workaround in Safari that lets do things like use Google’s “+1” buttons on sites outside the Google.com domain.
Modules like the “+1” button and the Facebook Like button appear on many different sites, and users generally expect them to work without changing their browser settings. Facebook even encourages developers to exploit the same Safari quirk Google targeted here. Google says it was only trying to enable such functionality with those hidden fields, and it “didn’t anticipate” advertising cookies to be set on Safari.
Yes, it says it’s started removing these cookies from Safari browsers.
Until it started removing the cookies, the company used the information mainly to tailor ads based on the websites you visited. The cookie doesn’t track personal information, such as your address or phone number.
It’s unclear. Google is under close watch by the FTC for privacy violations, and this might qualify. For its part, the FTC acknowledged to Mashable that it was aware of the issue, but didn’t say if it would do anything about it.
No. The original testing by Stanford grad student Jonathan Mayer pointed the finger at three other companies — Vibrant Media, Media Innovation Group and PointRoll — all of which exploit Safari’s quirks to serve ads to unsuspecting users.
Apple says it’s working on a way to “put a stop” to third parties circumventing Safari’s privacy settings.
To ensure that no one puts unwanted cookies on your device, simply go into your browser settings and choose the option to never accept cookies. However, that will also mean you’ll have a hard time logging into many sites. Another option is to simply clear your browser of cookies regularly. You can do that in you settings as well.