Google stands accused of deliberately hacking Apple’s Safari browser, in order to circumvent security barriers and install user-tracking cookies.
Google’s activities were reported to the Wall Street Journal by a Stanford researcher. The researcher found that Google had installed dodgy web forms inside online ads with Google’s +1 button. Once a user clicked on the button, the form tricked Safari into thinking that the user had approved cookies to be installed, which allowed Google to install their tracking code.
Even worse, this form also allowed third party advertisers Vibrant Media and WPP, to install their own advertising cookies into Safari (which had previously been blocked), allowing the advertisers to track users and serve them ads based on what websites they had visited.
In its defence, Google argues that it wasn’t tracking users on purpose and only wanted to know if a user was logged into a Google account. The company also says that it did not realise its exploit allowed third party advertisers to install cookies.
After being contacted by the Wall Street Journal, Google promptly disabled the code and issued the following statement: “The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.”
Does anyone remember Google’s old catchphrase “don’t be evil”? Because Google clearly doesn’t…