The Wall Street Journal reported today that Google and other ad companies have been using special code to sidestep privacy settings in Apple's Safari browser and track Web users on desktop computers and the iPhone.
The Journal also said that on one of Google's sites--in language that has since been removed--the Internet giant had said Safari users could rely on the browser's privacy settings to avoid tracking by Google. (Editors' note: See Google's response below.)
The privacy-skirting code, which the Journal said Google disabled after being contacted by the paper, appears to have been used to let members of the Google+ social network sign in and then, while moving around the Web, click +1 buttons in ads that are part of Google's DoubleClick ad network. The +1 buttons let a user give a thumbs-up to an item and automatically share that approval with friends via a message on the user's Google+ profile.
But, the Journal reported, Safari's default privacy settings prevented the +1/DoubleClick setup from placing a tracking cookie to determine if a user had signed in to Google+. Safari normally blocks cookies used by ad networks and others to track people (though it allows other types of cookies--such as those that remember visitors so they can return to a site without having to log back in).
The code reportedly tricked Safari into letting a tracking cookie be placed, the Journal said. Safari lets sites place tracking cookies if a user interacts with the site, such as by filling out a form, and the workaround code essentially tricked Safari into thinking people were submitting a form to Google.
The Journal said that though the cookies placed by Google were set to expire in 12 to 24 hours, they "could sometimes result in extensive tracking of Safari users...because of a technical quirk in Safari that allows companies to easily add more cookies to a user's computer once the company has installed at least one cookie."
Google told the Journal it hadn't anticipated the placing of additional cookies. It also provided the paper with the following statement: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."
The Journal said three other online-ad firms had used similar code: Vibrant Media, WPP's Media Innovation Group, and Gannett's PointRoll. Vibrant told the Journal that the code is a "workaround" and doesn't collect personally identifiable data like names or financial-account numbers. WPP declined to comment, the Journal said, and Gannett said the use of the code was part of a "limited test" to count how many Safari users went to an advertiser's site after seeing an ad.
The Journal said Google DoubleClick ads containing the privacy-skirting code were found on major sites including AOL.com, Match.com, TMZ.com, YellowPages.com, and others. These sites, however, apparently didn't know about the code, the Journal said. In fact, the Journal reported, the code used by Gannett's PointRoll was found in ads on WSJ.com.
The Journal said an Apple representative told the paper that Apple was working to prevent the sidestepping of Safari's privacy settings.
Update, 11:57 a.m. PT: A Google representative e-mailed CNET the following statement, from Rachel Whetstone, the company's senior vice president for communications and public policy:
The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information.
Unlike other major browsers, Apple's Safari browser blocks third-party cookies by default. However, Safari enables many Web features for its users that rely on third parties and third-party cookies, such as "Like" buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to "+1" things that interest them.
To enable these features, we created a temporary communication link between Safari browsers and Google's servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user's Safari browser and Google's servers was anonymous--effectively creating a barrier between their personal information and the Web content they browse.
However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information.