Google explains how and why Safari privacy settings were circumvented
In response to a Wall Street Journal report claiming that Google bypassed Safari privacy settings to track ads on both Apple computers and iOS devices, the company released a statement today from Rachel Whetstone, SVP of Communications and Public Policy. The search giant contends that the Journal's story "mischaracterizes what happened and why."
Safari, by default, blocks third-party cookies. This prevents sites like Google from setting tracking cookies on iPhone, iPod touch or iPad devices, or for Safari users on the Mac or PC, unless the user interacts with the site (by signing into Google, for example). Google, the WSJ claims, used a software trick to fool Safari into letting it set advertising cookies without any user interaction. Needless to say, this report spread like wildfire once it hit the Internet.
In response, Google says the WSJ report is off-base when it comes to what Google is doing with its advertising cookies on these devices. Google says it was using a known bit of Safari functionality to provide features that were only enabled when users signed into Google using their browser. Google used this functionality to provide personalized ads and the ability to +1 items for signed-in Google users.
Google then pins the problem on Safari; the statement says the browser "contained functionality that then enabled other Google advertising cookies to be set on the browser." The search giant said it didn't expect this to happen and is now "removing these advertising cookies from Safari browsers." Google insists that the original cookie enablement was done anonymously and no personal data was collected.
Since no other browsers were affected by this privacy quirk (including browsers like Chrome and the Android browser, which share Safari's WebKit DNA), the explanation of a bug in Safari's cookie handling seems to hold water. Besides, why would the largest online advertising business care about having key cookies enabled on the phones of millions of Apple device owners, who are demonstrably more likely to spend money online?
You can read Google's full statement below.
The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information.
Unlike other major browsers, Apple's Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as "Like" buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to "+1" things that interest them.
To enable these features, we created a temporary communication link between Safari browsers and Google's servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user's Safari browser and Google's servers was anonymous--effectively creating a barrier between their personal information and the web content they browse.
However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information.
Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google's Ads Preferences Manager.