Google caught spying on Safari users

Google stands accused of deliberately hacking Apple’s Safari browser, in order to circumvent security barriers and install user-tracking cookies.

Google’s activities were reported to the Wall Street Journal by a Stanford researcher. The researcher found that Google had installed dodgy web forms inside online ads with Google’s +1 button. Once a user clicked on the button, the form tricked Safari into thinking that the user had approved cookies to be installed, which allowed Google to install their tracking code.

Even worse, this form also allowed third party advertisers Vibrant Media and WPP, to install their own advertising cookies into Safari (which had previously been blocked), allowing the advertisers to track users and serve them ads based on what websites they had visited.

In its defence, Google argues that it wasn’t tracking users on purpose and only wanted to know if a user was logged into a Google account. The company also says that it did not realise its exploit allowed third party advertisers to install cookies.

After being contacted by the Wall Street Journal, Google promptly disabled the code and issued the following statement: “The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.”

Does anyone remember Google’s old catchphrase “don’t be evil”? Because Google clearly doesn’t…

Comments icon
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
Tags: Privacy

Comments

Daniel R Colgan

17.03.2012

Whotookmycivilrights -

It occurs to myself with so many claims of spying by browser suppliers, communication giants, etc that to assume that it is not happening is like sticking your head in the sand hoping the lion wont eat you.

The answer at least a partial one is an app that you can install on your computer and or phone that installs at both ends of a communication setup, for companies – comunications between itself worldwide and its employees, or for the average Joe the same app shared between friends for secure communications, the app Encrypts the data to be sent via a password that has to be entered at the receiving end to unencrypt the data, basically setting up a secure “Encryption Tunnel” communication.

Supposedly all data is already encrypted when sent if true then the app would let you encrypt your own information as well technically it is then being encrypted twice!

as i said it should be assumed that all data “IS BEING SPYED ON” and take precations regardless since if its not then it probably will be in the future,

“Those with power become corrupted by that power, very few resist the temptation!”

IdeasManDan!

aka “Whotookmycivilrights”

Sachin kumar

21.04.2012

Apple+google is coooool……

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.

You can't always get what you want: the eternal conflict between lawful access and privacy

Posted on April 19, 2018 by mirimir

In late March, the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act) took effect. And predictably, the US Supreme Court just dismissed United States v. Microsoft Corp. In that case, Microsoft was fighting a subpoena for data stored in an Irish data center.

Protect yourself today and get peace of mind

Shut out hackers, identity thieves and the global government surveillance apparatus — every time you go online.