WSJ: Google caught circumventing iPhone security, tracking users who opted out of third-party cookies

Discuss

55 Responses to “WSJ: Google caught circumventing iPhone security, tracking users who opted out of third-party cookies”

  1. Mordicai says:

    Let me also say that Google Reader is the best tool I know of to approach the internet– as feed reader it allows you to consume, sort & share information in unparalleled ways.  OR IT USED TO.  Until Google decided to lobotomize it in favor of Google Plus, which doesn’t have a fraction of the utility or integration that the simpler Google Reader sharing had.  It has made a major impact on how I use the internet, & not for the better. 

    It is a real shame, & I think it is, as you put it, an internal panic.  Stop trying to chase Facebook!  Facebook has done a good job of not being MySpace, but they did it by becoming old school AOL.  It has a lifespan, it will wither & die, in time.  Google shouldn’t be trying to build a “Facebook Killer,” because even if Google Plus catches on, it will have the same built in senescence.  The more eggs you put in that basket, the worse you’ll be when the anvil drops onto it.

    tl;dr: FIX MY GOOGLE READER, GOOGLE.

    • neapel says:

      How did they lobotomize it? I’ve actually not noticed any change (except the new design). They just replaced one set of social features by another… And now there’s an annoying G+-button I don’t use in place of the annoying Buzz button I didn’t use… But the feed reader functionality didn’t change.

      • Mordicai says:

        See, I used the “share” button really heavily; I had about a community of 100 people, all of whom shared articles of interest, which were then seamlessly integrated into our Google Reader. Now, one way to integrate it with Google Plus would have been to allow circles to factor in, as filters or as a way to wider Google Reader use & access…but instead they replaced it with what amounts to “Send to Google Plus,” where it appears as a gross stub– not useful, not the way that feeds work, not any good for anyone, regardless of whether they are a Reader or Plus user. They just basically made the sharing function useless from both sides.

    • traalfaz says:

       Try “Brief” the RSS reader Firefox plugin.  I switched from Google Reader to that and it’s working pretty well for me.

    • Alexander says:

       I’m with you the new google reader SUCKS BIG TIME!!!

  2. Andrew Singleton says:

    Shared and passing the EFF letter through my contacts.

    I am a MASSIVE drinker of the google koolaid, so stuff like this irks me far more than it really should. Therefor I’m doing what I can to make them aware that I do not approve of this behavior.

    Thanks for the heads up guys.

    • ialreadyexist says:

      Share this: Google’s new motto, “Don’t get caught being evil”

      • Mantissa128 says:

        It’s so sad to see this happening to them, as I too am a Google fanboi.

        Their motto is: don’t be evil. But they don’t seem to realize it’s greed for money/power/influence that encourages evil decisions. They want so badly for G+ to be successful that they have lost the way.

        Google, WAKE UP!

  3. Terry Biddle says:

    I used to be all about Google+ as an alternative to Facebook. But oddly enough, I’ve found it to be more intrusive than Facebook. My searches on every computer? Forced integration of Google Reader (including the inability to share individually and the replacement w/ the +1 feature)? Seeing results from all of friends’ websites when I search? I need to keep some things separate. Google seems to understand this even less. Disappointing.

  4. then says:

    if the company in question here was Apple instead of Google, methinks Cory would have taken a much different tone with this post.

    • J says:

       The company in question is Apple.  All other browser allow 3rd party cookies unless disabled.  This is the industry norm.

      Basically, if you opt in to certain google service they break in Safari.  You have already opted in.  Google does this to ensure these services work without the end user having to opt in twice (via google and via safari).  Apple, with Safari, are the ones who are going against industry standards here.

      This is not an issue with any google service or via any google page unless you first opt in via google.

    • Cowicide says:

      if the company in question here was Apple instead of Google, methinks Cory would have taken a much different tone with this post.

      Wha?

      You should probably know who you’re talking about before you act like you know who you’re talking about.

      http://boingboing.net/2010/04/02/why-i-wont-buy-an-ipad-and-think-yo.html

  5. ComradeQuestions says:

    Someday everyone’s gonna realize that an ad-based internet economy is just a huge bubble waiting to burst, since no one actually clicks on or reads ads, and then Google is gonna be screwed.

    • Mordicai says:

       Meh, you could say the same thing all advertising– “listen, putting up signs doesn’t mean anybody actually reads it or buys what is on it!”– but it does seem to work.  Hell, even if you don’t click on the add or consciously read it, the word enters our shared vocabulary.  I haven’t eaten at Taco Bell in fifteen years, but I still know what Taco Bell is, you know?

    • OgilvyTheAstronomer says:

      Yup. The new version of the old saw is “I know that 95% of my advertising budget is wasted, I just don’t know which 95%”.

    • MatthewFabb says:

      If no one clicked on any ads, Google would have collapsed years ago. A quick  search shows that the current click rate, the percentage of people clicking on any particular ad is generally around 0.2% to 0.3% and can go up or even down depending on the success of the ad. Also how much Google charges for a click can have a huge range depending on keywords. However, I’ve worked with companies where a lot of their new clients are made via ads going through Google.

  6. dogzilla says:

    IMO, Google has become the new AOL. Whenever I see an “@gmail.com”, I definitely already have a certain opinion of the person, and it’s not a favorable one. As far as I can see, the only Google service worth the security/privacy hassle is Google Maps – everything else is being quickly overrun by poor user experience and security failings. 

    • Sagodjur says:

      Funny, I have the opposite perspective.

      I run into a lot of people who never moved to Gmail from Hotmail or Yahoo and they’re usually older people who are unwilling to change or adapt to new technology. Some of them still have AOL accounts.

      Gmail still works great. Reader, calendar, voice, and translate are still useful. I guess it just depends on what you expect from it.

      • Andrew Singleton says:

        Gmil’s still ace on spamblocking. I don’t use Reader (Must be my methodology that doesn’t let the whole RSS thing to work well since if I tracked Everything I liked I’d have a metric boatload of items in the thing to have to tic through and the interface just never appealed to me. I dunno why though since that’s what I do Anyway clicking through pages.)

        And the ‘share is worthless’ comment. Mater of Opinion and habit. I liked the addition since i use G+ but never bothered with Buzz..
        Can’t please everyone. However hopefully you can make enough people happy to fund whatever you’re doing.

    • stellans says:

      wow, such a blanket judgmental statement there! I use a gmail account because we’ve moved often enough that it was a total pain to keep having to disseminate new email addresses when we changed providers. Having a gmail address means it travels with me no matter where we live. And it’s heads above yahoo or hotmail.

  7. Kevin Pierce says:

    ” this pressure is leading the company to take steps to integrate G+ at the expense of the quality of its other services. ” — like, for example, removing the + operator (for required) and replacing it with the need to surround the required search term in quotes, which is also how you group words, and so, Arrrrrrggggggg!

  8. OgilvyTheAstronomer says:

    Google really need to admit to themselves that G+ has failed and just bury the corpse, rather than shoving it down our throats at every possible chance. I love Google and some of its services are absolutely life-changing (being an expat without Google Translate would suck all nuts), but this is ridiculous and goodwill-sapping.

    • Andrew Singleton says:

      Uh. Google+ failed?

      There’s more than enough room on the net for differing social networks. I like G+. I use it heavily. I have had lots of interesting convrosations through it.
      Does that mean it’s good for you? No. Does it instantly obsolete facebook? Nope.

      I HATE facebook, but I won’t call it a failure. 

    • foobar says:

      This viewpoint never fails to amuse me. G+ is really very heavily active, but the difference between it and other social networks is that things don’t get shared with the world by default. People have to opt in to including you.

      If G+ looks barren it suggests something about how other people feel about you.

      • OgilvyTheAstronomer says:

        I appreciate the attempt to make your reply a personal insult, it was well played and probably finely honed from being trotted out whenever someone points out that Google+ is dead. However, considering that all my G+ contacts are contacts as well in either Facebook or other active forums, and they are conspicuously failing to ostracize me in those, Occam’s Razor seems to suggest that most of them simply do not use G+ any more.

        The problem with G+ is (or at least it was when I used it) the amount of work and micromanagement it takes to keep the signal/noise ratio at an acceptable level. It’s very obviously designed by and for engineers who thrive on this, but I honestly don’t know any single non-nerd who tried it and still uses it.

        I’m sure it’s a great tool for small groups of like-minded people, and probably the corpse will never entirely stop twitching until such day as Google pulls the plug, but it will never reach the size and relevance of Facebook.

        • foobar says:

          There’s a difference between ostracizing you and simply not choosing to share things with you. Facebook (pretty much) forces people to share everything with everyone, or deal with the potential fallout in removing someone from your friends list.

          With G+, you can add someone and never share anything with them.

  9. Scott Frazer says:

    If they’re doing this with a browser they don’t control… What’s going on in the Android space?

    • Scott Frazer says:

      To be more specific, since I don’t own an Android device: Does Android allow you to set the internal browser to disallow tracking cookies from third party sites in the first place? If so, does the same iframe manipulation trick result in a cookie being placed anyway?

  10. crimpers says:

    “Accidental” wifi sniffing, nym policies, collapsing 60+ privacy policies into one and explaining the reasoning in disingenuous (though definitely plain-English) terms, etc., etc., at least were debatably nefarious.  This, however, has certainly crossed the axis of “evil,” yes?

    • foobar says:

      You do realize you do exactly the same “accidental” wifi sniffing every single time you activate a wifi device?

      • crimpers says:

        Wifi sniffing and wifi accessing are far from the same thing.  As many wifeless networks as I’ve joined with my devices over the years, AFAIK I’ve never collected anyone’s usernames, passwords, and other traffic.  Network names, yes; that other stuff, no sir/ma’am.

        I also am not a (corporate) person that relies about knowing as much as possible as my users so I can sell it to others as my business model.

        • foobar says:

          You have. You didn’t keep them, or even know you had them, but your device saw them.

          What Google did was effectively what would happen if you drove down the street with your network discovery window open.

          • crimpers says:

            The stuff I’ve read says Google kept them.

            But back to the topic at hand, I use Safari and I use a few Google services, and this is not what I expect when I choose “Block cookies: From third parties and advertisers” in my prefs.

          • foobar says:

            Accidentally.

            What they were trying to collect was the announcement packets that say “there’s a network here,” but those aren’t fundamentally any different from every other packet. They intended for their software to throw everything but the network identification information out, but it failed to do so.

            That happens.

  11. “I get many, many G+ updates and invites to this theoretically private address, every day, despite never having opted into a directory and never having joined G+”
    I remember that @neilhimself:twitter raised a stink (and he was right, too) in Twitter about this even though he had already quit G+. Cory, it turns out that there is a tiny link at the foot of these notification emails (not visible in a mobile phone) where you can opt-out of these emails, never to be bothered again. This is just a technical solution, but I understand your frustration at Google for not asking any permission to create an inactive G+ profile for your account.

    I myself quit G+ some weeks ago, there was too much noise in there and not enough added value. And now I read about this privacy meltdown. Really, Google, just kill G+ and go back to being a decent company.

  12. causticagnostic says:

    The Führer:        Fine them 2 million and make them issue a statement.

    Stooge:               But sir… They have already made 5 million on the data they stole.

    The Führer:        Anyone who uses Google + please leave the room…  

  13. sanz says:

     Google tried to transform itself into facebook, but they are two very different way companies, I really liked the old google, and I could never really liked facebook as I like to google

  14. foobar says:

    This is why tracking opt outs will never work: it requires every person in the decision chain to know about, and respect the preferences people have expressed.

    The only sensible thing is to legislatively mandate exclusively opt-in tracking or none at all.

  15. Palomino says:

    Delete G+ while you still can, I did when “Search, plus Your World ” was released. It always seemed that I couldn’t block 100% of the avenues leading to my information. 

    However, I can’t have something for nothing. That’s why I switched from Groupon to Google Offers. That’s why I switched from iTunes to Google Music. That’s why I have an Android phone that has apps purchased from the Android Market; apps purchased because they would be ad free.

    I have Cox Communications, I have one service, and I’m not increasing it or bundling. But still, I get two mailings a week, (that doesn’t include the ads stuffed inside other junk mail) and I’m tired of it. At some point, the money they spend on trying to get me to buy more, has to surpass the amount of times it doesn’t take. In the past three years I’ve received approximately 350 upgrade offers from Cox. See, it only takes maybe 1 customer out of 1000 to accept. It’s littering as far as I’m concerned.

    As for Google, at some point I should be considered a paying customer, and not be chased down for my last penny or drop of information.

  16. traalfaz says:

    About a week ago I began a process of extricating myself from Google.  I have about 200,000 emails in my GMail account so it’s taking a while to pull it all (especially given two false starts in which I determined that Thunderbird can definitely NOT handle a large quantity of mail).

    I’ve gone to locally hosted mail, I’ve installed a web calendar on my own site behind security, I’m working on a secure document manager on my website and I use Brief (firefox RSS reader plugin) to replace Reader.

    I also run AdBlock Plus and Ghostery (the latter is an EXCELLENT tracker blocker).

    I started this move due to a vague feeling of unease after the Google privacy statement revamp.  I just figured that once data is in the cloud, it’s there for any abuse, bad employee, governmental agency with an agenda that ever happens in the future, and it’s probably best to just not let the data there in the first place.

    I’m not happy but also not surprised to see this and find that I wasn’t just being paranoid, they (along with, apparently, every other company) are not trustworthy.  Apparently no matter how fast the money is rolling in, it’s never enough, and companies will violate both trust and the law to make more.

    Up until a month ago I was a 100% Google fan; everything I had was Google hosted, I was a G+ promoter, I used Google Docs like  crazy, heck, I even used Buzz and Wave when they were a thing.

    Now my default search engine is Duck Duck Go and I’m working every day at replacing Google services with something that I control as completely as possible, I don’t surf while logged in to anything Google, I block everything I can

  17. Cowicide says:

    Google should have already been sued into oblivion for going around and illegally sniffing everyone’s routers with their Google Street View cars.  They should be shut down or at least have their monopoly broken up just on that issue alone.

    http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html

    http://www.technewsworld.com/story/72805.html

    Can you or I “accidentally” break the law and get away with it?  NOPE.  Neither should Google.  And, the more we learn about Google’s exploits, the more it becomes obvious they do NOT do these things “by accident”… they’re just a bunch of corporatist, piece of shit liars.

  18. LucusAnon says:

    “We want information.”
    “You won’t get it.”
    “By hook or by cookie, we will.”

  19. Eric Rucker says:

    Deciding to slowly migrate away from Google’s services, partially because of this. I’ve used Gmail for so long that I might never get fully migrated off of that one, the search is excellent (and who else would I use, Bing?), and there’s various other services (yes, G+) that I use regularly, but what I can, I’m migrating off the cloud.

    Switched to a Tiny Tiny RSS instance on my server, instead of Google Reader, just now.

    Might spin up a Diaspora seed, too, so I can use that for social. Not sure what I’ll do about my blog (on My Opera) – I’d like to get it off of My Opera eventually, but not sure if I should just merge it into Diaspora (my understanding is that Diaspora acts like Google+, and Google+ is actually not a bad blogging platform), or spin up a WordPress instance for that.

    • Eric Rucker says:

      FWIW, the Diaspora pod experiment appears to be a failure – performance is absolutely dreadful on my server. (Granted, it’s an older machine, but still, this is just ridiculous.)

  20. Guest says:

    The implementation of Google+ was the end of my relationship with them. I have intensely disliked the continual narrowing of options and opt-outs in their apps and search functions, and been so dismayed at the continuing revelations of their Facebook-like lack of respect for user privacy and increasingly blase view of users as nothing but data mines for revenue.

    Money changes everything, as Cyndi Lauper said. Google is going the route of Facebook and Amazon, and it’s even more of a shame, as I believe Google did not start out with the ulterior motives that Facebook and Amazon did. Now I don’t trust any of these companies as far as I could throw a fit.

  21. s2redux says:

    Thinking back to the recent post on the nascent Privacyscore.com site, which still rates Google.com as 50-out-of-50 in the “Who tracks you there” category: “No tracker was seen on more than 1% of the pages scanned on this site.” (And still rates 35-out-of-50 in the “Policies” category, which score is based on the new, upcoming policy.) Privacy is a tough metric to generate.

  22. madmark4 says:

    I believe the headline here is extremely misleading.
    1) No one “opted out” of those third party cookies on Safari, its the default setting in Safari to block them, and it is the only browser that defaults to that setting.
    2) It appears that Google was ‘circumventing’ this setting for people who had OPTED IN to targeted ads.  In other words, Google was attempting to give those folks what they wanted, but were blocked by the browser.  Since an easy workaround existed, and has since early 2010, they used it to deliver for their customers.

    I’m no corporate apologist by any means, I think they are all amoral and far, far too powerful, but lets reserve our anger and vitriol for something that’s actually WRONG, instead of delivering a service to customers they specifically accepted.

    • crimpers says:

      What about the folks that use Google’s search engine and Safari, but specifically wanted to block cookies from third parties and advertisers when they’re on non-Google sites?  Google may have been giving some subset of people what they wanted, but I’m betting they were abusing orders of magnitudes more folks who either don’t care or are ignorant to the ramifications.

      It’s certain that Apple put this option in by design as it doesn’t follow browser “standards” and, from the article, “Until recently, one Google site told Safari users they could rely on Safari’s privacy settings to prevent tracking by Google. Google removed that language from the site Tuesday night.”

      It seems that there should have been a more elegant solution – perhaps working with the folks at Apple may have helped.  At the least, it seems very bad form and worthy of skepticism.

  23. Webstats Art says:

    The BBC World Service is using facebook

  24. beslayed says:

    Maybe you know this, but there are two projects which aiming to recreate the social aspect of the old Google Reader: namely, Newsblur and HiveMined. The first is up and working as a reader, but doesn’t yet have the social features added. Hivemined is still a work in progress as far as I can tell, and is not yet join-able. Just things to keep an eye on. [this is supposed to be a reply to Mordicai, but between writing and signing in, it seems to have got misaligned.]

  25. I find it curious how first-party websites are somehow excluded from this analysis. The primary privacy that is applicable when visiting Boing Boing is Boing Boing’s. If BB decides to include widgets from other sources, it is responsible to check and enforce that those widgets are compatible with that policy. 

    If users don’t want to visit BB as a result of a permissive policy, then so be it, no need to fuss about it. If users want to complain, they should complain to BB for putting that widget. Maybe Google would offer two variants of the widget as a result and some sites would use the more privacy-sensitive variant.

  26. Alan Wexelblat says:

    What I really want is an extension to your “share” widget so I can share this on Google+

Leave a Reply