WSJ: Google caught circumventing iPhone security, tracking users who opted out of third-party cookies

Google has been caught circumventing iOS's built-in anti-ad-tracking features in order to add Google Plus functionality within iPhone's Safari browser. The WSJ reports that Google overrode users' privacy settings in order to allow messages like "your friend Suzy +1'ed this ad about candy" to be relayed between Google's different domains, including and This also meant that was tracking every page you landed on with a Doubleclick ad, even if you'd opted out of its tracking.

I believe that Google has created an enormous internal urgency about Google Plus integration, and that this pressure is leading the company to take steps to integrate G+ at the expense of the quality of its other services. Consider the Focus on the User critique of Google's "social ranking" in search results, for example. In my own life, I've been immensely frustrated that my unpublished Gmail account (which I only use to anchor my Android Marketplace purchases for my phone and tablets, and to receive a daily schedule email while I'm travelling) has somehow become visible to G+ users, so that I get many, many G+ updates and invites to this theoretically private address, every day, despite never having opted into a directory and never having joined G+.

In the iPhone case, it's likely that Google has gone beyond lowering the quality of its service for its users and customers, and has now started to violate the law, and certainly to undermine the trust that the company depends on. This is much more invasive than the time Google accidentally captured some WiFi traffic and didn't do anything with it, much more invasive than Google taking pictures of publicly visible buildings -- both practices that drew enormous and enduring criticism at the expense of the company's global credibility. I wonder if this will cause the company to slow its full-court press to make G+ part of every corner of Google.

EFF has an open letter to Google, asking them to make amends for this:

It’s time for a new chapter in Google’s policy regarding privacy. It’s time to commit to giving users a voice about tracking and then respecting those wishes.

For a long time, we’ve hoped to see Google respect Do Not Track requests when it acts as a third party on the Web, and implement Do Not Track in the Chrome browser. This privacy setting, available in every other major browser, lets users express their choice about whether they want to be tracked by mysterious third parties with whom they have no relationship. And even if a user deleted her cookies, the setting would still be there.

Right now, EFF, Google, and many other groups are involved in a multi-stakeholder process to define the scope and execution of Do Not Track through the Tracking Protection Working Group. Through this participatory forum, civil liberties organizations, advertisers, and leading technologists are working together to define how Do Not Track will give users a meaningful way to control online tracking without unduly burdening companies. This is the perfect forum for Google to engage on the technical specifications of the Do Not Track signal, and an opportunity to bring all parties together to fight for user rights. While the Do Not Track specification is not yet final, there's no reason to wait. Google has repeatedly led the way on web security by implementing features long before they were standardized. Google should do the same with web privacy. Get started today by linking Do Not Track to your existing opt-out mechanisms for advertising, +1, and analytics.

Google, make this a new era in your commitment to defending user privacy. Commit to offering and respecting Do Not Track.

Google Circumvents Safari Privacy Protections - This is Why We Need Do Not Track



  1. Let me also say that Google Reader is the best tool I know of to approach the internet– as feed reader it allows you to consume, sort & share information in unparalleled ways.  OR IT USED TO.  Until Google decided to lobotomize it in favor of Google Plus, which doesn’t have a fraction of the utility or integration that the simpler Google Reader sharing had.  It has made a major impact on how I use the internet, & not for the better. 

    It is a real shame, & I think it is, as you put it, an internal panic.  Stop trying to chase Facebook!  Facebook has done a good job of not being MySpace, but they did it by becoming old school AOL.  It has a lifespan, it will wither & die, in time.  Google shouldn’t be trying to build a “Facebook Killer,” because even if Google Plus catches on, it will have the same built in senescence.  The more eggs you put in that basket, the worse you’ll be when the anvil drops onto it.


    1. How did they lobotomize it? I’ve actually not noticed any change (except the new design). They just replaced one set of social features by another… And now there’s an annoying G+-button I don’t use in place of the annoying Buzz button I didn’t use… But the feed reader functionality didn’t change.

      1. See, I used the “share” button really heavily; I had about a community of 100 people, all of whom shared articles of interest, which were then seamlessly integrated into our Google Reader. Now, one way to integrate it with Google Plus would have been to allow circles to factor in, as filters or as a way to wider Google Reader use & access…but instead they replaced it with what amounts to “Send to Google Plus,” where it appears as a gross stub– not useful, not the way that feeds work, not any good for anyone, regardless of whether they are a Reader or Plus user. They just basically made the sharing function useless from both sides.

    2.  Try “Brief” the RSS reader Firefox plugin.  I switched from Google Reader to that and it’s working pretty well for me.

  2. Shared and passing the EFF letter through my contacts.

    I am a MASSIVE drinker of the google koolaid, so stuff like this irks me far more than it really should. Therefor I’m doing what I can to make them aware that I do not approve of this behavior.

    Thanks for the heads up guys.

      1. It’s so sad to see this happening to them, as I too am a Google fanboi.

        Their motto is: don’t be evil. But they don’t seem to realize it’s greed for money/power/influence that encourages evil decisions. They want so badly for G+ to be successful that they have lost the way.

        Google, WAKE UP!

  3. I used to be all about Google+ as an alternative to Facebook. But oddly enough, I’ve found it to be more intrusive than Facebook. My searches on every computer? Forced integration of Google Reader (including the inability to share individually and the replacement w/ the +1 feature)? Seeing results from all of friends’ websites when I search? I need to keep some things separate. Google seems to understand this even less. Disappointing.

  4. if the company in question here was Apple instead of Google, methinks Cory would have taken a much different tone with this post.

    1.  The company in question is Apple.  All other browser allow 3rd party cookies unless disabled.  This is the industry norm.

      Basically, if you opt in to certain google service they break in Safari.  You have already opted in.  Google does this to ensure these services work without the end user having to opt in twice (via google and via safari).  Apple, with Safari, are the ones who are going against industry standards here.

      This is not an issue with any google service or via any google page unless you first opt in via google.

  5. Someday everyone’s gonna realize that an ad-based internet economy is just a huge bubble waiting to burst, since no one actually clicks on or reads ads, and then Google is gonna be screwed.

    1.  Meh, you could say the same thing all advertising– “listen, putting up signs doesn’t mean anybody actually reads it or buys what is on it!”– but it does seem to work.  Hell, even if you don’t click on the add or consciously read it, the word enters our shared vocabulary.  I haven’t eaten at Taco Bell in fifteen years, but I still know what Taco Bell is, you know?

    2. Yup. The new version of the old saw is “I know that 95% of my advertising budget is wasted, I just don’t know which 95%”.

    3. If no one clicked on any ads, Google would have collapsed years ago. A quick  search shows that the current click rate, the percentage of people clicking on any particular ad is generally around 0.2% to 0.3% and can go up or even down depending on the success of the ad. Also how much Google charges for a click can have a huge range depending on keywords. However, I’ve worked with companies where a lot of their new clients are made via ads going through Google.

  6. IMO, Google has become the new AOL. Whenever I see an “”, I definitely already have a certain opinion of the person, and it’s not a favorable one. As far as I can see, the only Google service worth the security/privacy hassle is Google Maps – everything else is being quickly overrun by poor user experience and security failings. 

    1. Funny, I have the opposite perspective.

      I run into a lot of people who never moved to Gmail from Hotmail or Yahoo and they’re usually older people who are unwilling to change or adapt to new technology. Some of them still have AOL accounts.

      Gmail still works great. Reader, calendar, voice, and translate are still useful. I guess it just depends on what you expect from it.

      1. Gmil’s still ace on spamblocking. I don’t use Reader (Must be my methodology that doesn’t let the whole RSS thing to work well since if I tracked Everything I liked I’d have a metric boatload of items in the thing to have to tic through and the interface just never appealed to me. I dunno why though since that’s what I do Anyway clicking through pages.)

        And the ‘share is worthless’ comment. Mater of Opinion and habit. I liked the addition since i use G+ but never bothered with Buzz..
        Can’t please everyone. However hopefully you can make enough people happy to fund whatever you’re doing.

    2. wow, such a blanket judgmental statement there! I use a gmail account because we’ve moved often enough that it was a total pain to keep having to disseminate new email addresses when we changed providers. Having a gmail address means it travels with me no matter where we live. And it’s heads above yahoo or hotmail.

  7. ” this pressure is leading the company to take steps to integrate G+ at the expense of the quality of its other services. ” — like, for example, removing the + operator (for required) and replacing it with the need to surround the required search term in quotes, which is also how you group words, and so, Arrrrrrggggggg!

  8. Google really need to admit to themselves that G+ has failed and just bury the corpse, rather than shoving it down our throats at every possible chance. I love Google and some of its services are absolutely life-changing (being an expat without Google Translate would suck all nuts), but this is ridiculous and goodwill-sapping.

    1. Uh. Google+ failed?

      There’s more than enough room on the net for differing social networks. I like G+. I use it heavily. I have had lots of interesting convrosations through it.
      Does that mean it’s good for you? No. Does it instantly obsolete facebook? Nope.

      I HATE facebook, but I won’t call it a failure. 

    2. This viewpoint never fails to amuse me. G+ is really very heavily active, but the difference between it and other social networks is that things don’t get shared with the world by default. People have to opt in to including you.

      If G+ looks barren it suggests something about how other people feel about you.

      1. I appreciate the attempt to make your reply a personal insult, it was well played and probably finely honed from being trotted out whenever someone points out that Google+ is dead. However, considering that all my G+ contacts are contacts as well in either Facebook or other active forums, and they are conspicuously failing to ostracize me in those, Occam’s Razor seems to suggest that most of them simply do not use G+ any more.

        The problem with G+ is (or at least it was when I used it) the amount of work and micromanagement it takes to keep the signal/noise ratio at an acceptable level. It’s very obviously designed by and for engineers who thrive on this, but I honestly don’t know any single non-nerd who tried it and still uses it.

        I’m sure it’s a great tool for small groups of like-minded people, and probably the corpse will never entirely stop twitching until such day as Google pulls the plug, but it will never reach the size and relevance of Facebook.

        1. There’s a difference between ostracizing you and simply not choosing to share things with you. Facebook (pretty much) forces people to share everything with everyone, or deal with the potential fallout in removing someone from your friends list.

          With G+, you can add someone and never share anything with them.

    1. To be more specific, since I don’t own an Android device: Does Android allow you to set the internal browser to disallow tracking cookies from third party sites in the first place? If so, does the same iframe manipulation trick result in a cookie being placed anyway?

  9. “Accidental” wifi sniffing, nym policies, collapsing 60+ privacy policies into one and explaining the reasoning in disingenuous (though definitely plain-English) terms, etc., etc., at least were debatably nefarious.  This, however, has certainly crossed the axis of “evil,” yes?

    1. You do realize you do exactly the same “accidental” wifi sniffing every single time you activate a wifi device?

      1. Wifi sniffing and wifi accessing are far from the same thing.  As many wifeless networks as I’ve joined with my devices over the years, AFAIK I’ve never collected anyone’s usernames, passwords, and other traffic.  Network names, yes; that other stuff, no sir/ma’am.

        I also am not a (corporate) person that relies about knowing as much as possible as my users so I can sell it to others as my business model.

        1. You have. You didn’t keep them, or even know you had them, but your device saw them.

          What Google did was effectively what would happen if you drove down the street with your network discovery window open.

          1. The stuff I’ve read says Google kept them.

            But back to the topic at hand, I use Safari and I use a few Google services, and this is not what I expect when I choose “Block cookies: From third parties and advertisers” in my prefs.

          2. Accidentally.

            What they were trying to collect was the announcement packets that say “there’s a network here,” but those aren’t fundamentally any different from every other packet. They intended for their software to throw everything but the network identification information out, but it failed to do so.

            That happens.

  10. “I get many, many G+ updates and invites to this theoretically private address, every day, despite never having opted into a directory and never having joined G+”
    I remember that @neilhimself:twitter raised a stink (and he was right, too) in Twitter about this even though he had already quit G+. Cory, it turns out that there is a tiny link at the foot of these notification emails (not visible in a mobile phone) where you can opt-out of these emails, never to be bothered again. This is just a technical solution, but I understand your frustration at Google for not asking any permission to create an inactive G+ profile for your account.

    I myself quit G+ some weeks ago, there was too much noise in there and not enough added value. And now I read about this privacy meltdown. Really, Google, just kill G+ and go back to being a decent company.

  11. The Führer:        Fine them 2 million and make them issue a statement.

    Stooge:               But sir… They have already made 5 million on the data they stole.

    The Führer:        Anyone who uses Google + please leave the room…  

  12.  Google tried to transform itself into facebook, but they are two very different way companies, I really liked the old google, and I could never really liked facebook as I like to google

  13. This is why tracking opt outs will never work: it requires every person in the decision chain to know about, and respect the preferences people have expressed.

    The only sensible thing is to legislatively mandate exclusively opt-in tracking or none at all.

  14. Delete G+ while you still can, I did when “Search, plus Your World ” was released. It always seemed that I couldn’t block 100% of the avenues leading to my information. 

    However, I can’t have something for nothing. That’s why I switched from Groupon to Google Offers. That’s why I switched from iTunes to Google Music. That’s why I have an Android phone that has apps purchased from the Android Market; apps purchased because they would be ad free.

    I have Cox Communications, I have one service, and I’m not increasing it or bundling. But still, I get two mailings a week, (that doesn’t include the ads stuffed inside other junk mail) and I’m tired of it. At some point, the money they spend on trying to get me to buy more, has to surpass the amount of times it doesn’t take. In the past three years I’ve received approximately 350 upgrade offers from Cox. See, it only takes maybe 1 customer out of 1000 to accept. It’s littering as far as I’m concerned.

    As for Google, at some point I should be considered a paying customer, and not be chased down for my last penny or drop of information.

  15. About a week ago I began a process of extricating myself from Google.  I have about 200,000 emails in my GMail account so it’s taking a while to pull it all (especially given two false starts in which I determined that Thunderbird can definitely NOT handle a large quantity of mail).

    I’ve gone to locally hosted mail, I’ve installed a web calendar on my own site behind security, I’m working on a secure document manager on my website and I use Brief (firefox RSS reader plugin) to replace Reader.

    I also run AdBlock Plus and Ghostery (the latter is an EXCELLENT tracker blocker).

    I started this move due to a vague feeling of unease after the Google privacy statement revamp.  I just figured that once data is in the cloud, it’s there for any abuse, bad employee, governmental agency with an agenda that ever happens in the future, and it’s probably best to just not let the data there in the first place.

    I’m not happy but also not surprised to see this and find that I wasn’t just being paranoid, they (along with, apparently, every other company) are not trustworthy.  Apparently no matter how fast the money is rolling in, it’s never enough, and companies will violate both trust and the law to make more.

    Up until a month ago I was a 100% Google fan; everything I had was Google hosted, I was a G+ promoter, I used Google Docs like  crazy, heck, I even used Buzz and Wave when they were a thing.

    Now my default search engine is Duck Duck Go and I’m working every day at replacing Google services with something that I control as completely as possible, I don’t surf while logged in to anything Google, I block everything I can

  16. Google should have already been sued into oblivion for going around and illegally sniffing everyone’s routers with their Google Street View cars.  They should be shut down or at least have their monopoly broken up just on that issue alone.

    Can you or I “accidentally” break the law and get away with it?  NOPE.  Neither should Google.  And, the more we learn about Google’s exploits, the more it becomes obvious they do NOT do these things “by accident”… they’re just a bunch of corporatist, piece of shit liars.

  17. Deciding to slowly migrate away from Google’s services, partially because of this. I’ve used Gmail for so long that I might never get fully migrated off of that one, the search is excellent (and who else would I use, Bing?), and there’s various other services (yes, G+) that I use regularly, but what I can, I’m migrating off the cloud.

    Switched to a Tiny Tiny RSS instance on my server, instead of Google Reader, just now.

    Might spin up a Diaspora seed, too, so I can use that for social. Not sure what I’ll do about my blog (on My Opera) – I’d like to get it off of My Opera eventually, but not sure if I should just merge it into Diaspora (my understanding is that Diaspora acts like Google+, and Google+ is actually not a bad blogging platform), or spin up a WordPress instance for that.

    1. FWIW, the Diaspora pod experiment appears to be a failure – performance is absolutely dreadful on my server. (Granted, it’s an older machine, but still, this is just ridiculous.)

  18. The implementation of Google+ was the end of my relationship with them. I have intensely disliked the continual narrowing of options and opt-outs in their apps and search functions, and been so dismayed at the continuing revelations of their Facebook-like lack of respect for user privacy and increasingly blase view of users as nothing but data mines for revenue.

    Money changes everything, as Cyndi Lauper said. Google is going the route of Facebook and Amazon, and it’s even more of a shame, as I believe Google did not start out with the ulterior motives that Facebook and Amazon did. Now I don’t trust any of these companies as far as I could throw a fit.

  19. Thinking back to the recent post on the nascent site, which still rates as 50-out-of-50 in the “Who tracks you there” category: “No tracker was seen on more than 1% of the pages scanned on this site.” (And still rates 35-out-of-50 in the “Policies” category, which score is based on the new, upcoming policy.) Privacy is a tough metric to generate.

  20. I believe the headline here is extremely misleading.
    1) No one “opted out” of those third party cookies on Safari, its the default setting in Safari to block them, and it is the only browser that defaults to that setting.
    2) It appears that Google was ‘circumventing’ this setting for people who had OPTED IN to targeted ads.  In other words, Google was attempting to give those folks what they wanted, but were blocked by the browser.  Since an easy workaround existed, and has since early 2010, they used it to deliver for their customers.

    I’m no corporate apologist by any means, I think they are all amoral and far, far too powerful, but lets reserve our anger and vitriol for something that’s actually WRONG, instead of delivering a service to customers they specifically accepted.

    1. What about the folks that use Google’s search engine and Safari, but specifically wanted to block cookies from third parties and advertisers when they’re on non-Google sites?  Google may have been giving some subset of people what they wanted, but I’m betting they were abusing orders of magnitudes more folks who either don’t care or are ignorant to the ramifications.

      It’s certain that Apple put this option in by design as it doesn’t follow browser “standards” and, from the article, “Until recently, one Google site told Safari users they could rely on Safari’s privacy settings to prevent tracking by Google. Google removed that language from the site Tuesday night.”

      It seems that there should have been a more elegant solution – perhaps working with the folks at Apple may have helped.  At the least, it seems very bad form and worthy of skepticism.

  21. Maybe you know this, but there are two projects which aiming to recreate the social aspect of the old Google Reader: namely, Newsblur and HiveMined. The first is up and working as a reader, but doesn’t yet have the social features added. Hivemined is still a work in progress as far as I can tell, and is not yet join-able. Just things to keep an eye on. [this is supposed to be a reply to Mordicai, but between writing and signing in, it seems to have got misaligned.]

  22. I find it curious how first-party websites are somehow excluded from this analysis. The primary privacy that is applicable when visiting Boing Boing is Boing Boing’s. If BB decides to include widgets from other sources, it is responsible to check and enforce that those widgets are compatible with that policy. 

    If users don’t want to visit BB as a result of a permissive policy, then so be it, no need to fuss about it. If users want to complain, they should complain to BB for putting that widget. Maybe Google would offer two variants of the widget as a result and some sites would use the more privacy-sensitive variant.

Comments are closed.