The news alert from the Wall St. Journal hit my phone about an hour ago, pulling me away from tasting “Texas Bourbon” in San Antonio to sit down and grok this headline: Google’s iPhone Tracking.
Now, the headline certainly is attention-grabbing, but the news alert email had a more sinister headline: “Google Circumvented Web-Privacy Safeguards.”
Wow! What’s going on here?
Turns out, no one looks good in this story, but certainly the Journal feels like they’ve got Google in a “gotcha” moment. As usual, I think there’s a lot more to the story, and while I’m Thinking Out Loud right now, and pretty sure there’s a lot more than I can currently grok, there’s something I just gotta say.
First, the details. Here’s the lead in the Journal’s story, which requires a login/registration:
“Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.”
Now, from what I can tell, the first part of that story is true – Google and many others have figured out ways to get around Apple’s default settings on Safari in iOS – the only browser that comes with iOS, a browser that, in my experience, has never asked me what kind of privacy settings I wanted, nor did it ask if I wanted to share my data with anyone else (I do, it turns out, for any number of perfectly good reasons). Apple assumes that I agree with Apple’s point of view on “privacy,” which, I must say, is ridiculous on its face, because the idea of a large corporation (Apple is the largest, in fact) determining in advance what I might want to do with my data is pretty much the opposite of “privacy.”
Then again, Apple decided I hated Flash, too, so I shouldn’t be that surprised, right?
But to the point, Google circumvented Safari’s default settings by using some trickery described in this WSJ blog post, which reports the main reason Google did what it did was so that it could know if a user was a Google+ member, and if so (or even if not so), it could show that user Google+ enhanced ads via AdSense.
In short, Apple’s mobile version of Safari broke with common web practice, and as a result, it broke Google’s normal approach to engaging with consumers. Was Google’s “normal approach” wrong? Well, I suppose that’s a debate worth having – it’s currently standard practice and the backbone of the entire web advertising ecosystem – but the Journal doesn’t bother to go into those details. One can debate whether setting cookies should happen by default – but the fact is, that’s how it’s done on the open web.
The Journal article does later acknowledge, though not in a way that a reasonable reader would interpret as meaningful, that the mobile version of Safari has “default” (ie not user activated) settings that prevent Google and others (like ad giant WPP) to track user behavior the way they do on the “normal” Web. That’s a far cry from the Journal’s lead paragraph, which again, states Google bypassed the “the privacy settings of millions of people.” So when is a privacy setting really a privacy setting, I wonder? When Apple makes it so?
Since this story has broken, Google has discontinued its practice, making it look even worse, of course.
But let’s step back a second here and ask: why do you think Apple has made it impossible for advertising-driven companies like Google to execute what are industry standard practices on the open web (dropping cookies and tracking behavior so as to provide relevant services and advertising)? Do you think it’s because Apple cares deeply about your privacy?
Really?
Or perhaps it’s because Apple considers anyone using iOS, even if they’re browsing the web, as “Apple’s customer,” and wants to throttle potential competitors, insuring that it’s impossible to access to “Apple’s” audiences using iOS in any sophisticated fashion? Might it be possible that Apple is using data as its weapon, dressed up in the PR friendly clothing of “privacy protection” for users?
That’s at least a credible idea, I’d argue.
I don’t know, but when I bought an iPhone, I didn’t think I was singing up as an active recruit in Apple’s war on the open web. I just thought I was getting “the Internet in my pocket” – which was Apple’s initial marketing pitch for the device. What I didn’t realize was that it was “the Internet, as Apple wishes to understand it, in my pocket.”
It’d be nice if the Journal wasn’t so caught up in its own “privacy scoop” that it paused to wonder if perhaps Apple has an agenda here as well. I’m not arguing Google doesn’t have an agenda – it clearly does. I’m as saddened as the next guy about how Google has broken search in its relentless pursuit of beating Facebook, among others.
In this case, what Google and others have done sure sounds wrong – if you’ve going to resort to tricking a browser into offering up information designated by default as private, you need to somehow message the user and explain what’s going on. Then again, in the open web, you don’t have to – most browsers let you set cookies by default. In iOS within Safari, perhaps such messaging is technically impossible, I don’t know. But these shenanigans are predictable, given the dynamic of the current food fight between Google, Apple, Facebook, and others. It’s one more example of the sad state of the Internet given the war between the Internet Big Five. And it’s only going to get worse, before, I hope, it gets better again.
Now, here’s my caveat: I haven’t been able to do any reporting on this, given it’s 11 pm in Texas and I’ve got meetings in the morning. But I’m sure curious as to the real story here. I don’t think the sensational headlines from the Journal get to the core of it. I’ll depend on you, fair readers, to enlighten us all on what you think is really going on.
This is the worst argument for a company whose only intent is to violate -better yet, rape – the privacy rights of consumers. BTW, ‘industry standards’ are not excuse to a blatantly invasive behavior. You should know better than that.
facepalm.
http://webpolicy.org/2012/02/20/setting-the-record-straight-on-googles-safari-tracking/
The default cookie blocking feature that Google circumvented was implemented in Safari 1.0, which shipped in 2003—long before Google was in the third-party display advertising business, and long before relations between the companies soured over smartphones.
I’ve always set all my browsers to not accept third party cookies. This is one of the first things I do when I get a new computer. Was it still okay for Google to do this? Did Google circumvent my privacy settings? Or, was Google correcting an error I had made?
I’ve asked a lot of non-savvy web users about this issue. Their initial response was “Advertisers can do that?” and “How can I prevent that from happening?”. I bet most users, once they understand the issue would prefer the default setting in Safari.
I’m also sick and tired of the misappropriation of the word “open”. What part of “the web” did Apple “close off” in doing this? All websites worked just fine when set to either “accept all cookies” or “don’t accept third party cookies”. Heck, even sights with Flash work with the default Safari setting.
As for me, I’ve decided to drop Google as my default search engine and I will be moving my email server off of Google’s servers. I honestly believed that whole “Don’t be evil” thing! Man what a yutz I was!
Dumbest article I’ve ever read. “Open Web” means “accepting 3rd party cookies”? Trololololo.
John: I hope you don’t get flamed for your blog post; far too many PC and Mac “fans” get overly bent out of shape with others people’s opinions. (In fairness, you could say that about many areas of interest: religion, sports teams, etc.) You did offer the proviso that perhaps you’d didn’t grok something. Your absolutely correct in that, at least. I’ve read some good responses in other places (that’s me admitting I didn’t read all the comments), for instance Gruber’s response is pretty even handed, follow the link below if you want to read it.
Here’s what I think: I don’t agree with your core premise that Apple has made a suspect decision for us, or is trying to control access to their customers. The decision is consistent across their browser, Safari, on the desktop – OS X and mobile, IOS. Based on the knowledge that most users don’t know how to control their privacy and assuming that given a choice they’d like some control, Apple has chosen to provide its customers with a default that stakes out a middle ground. Google decided to explicitly bypass the privacy setting on those browsers. That is completely the fault of Google, and I’d argue, par for the course, with regards to their respect (read: lack of) for individuals. Their customers are Advertisers and their product is aggregate data – privacy settings or no. I don’t have a problem with their business, I have a problem with them opting me in despite my choice (and I’m a user who does know my privacy settings) not to allow the activity.
I have long had little regard for Google and their actions only confirm my low opinion.
As far as Apple goes, they are a major corporation and so I know their motivation in not focused on my well being. However, so far, their actions support a view that I am their customer and they want to maintain a positive relationship by maintaining the trust of their customers. I far prefer the company where my transactions with them make me their customer, over a company who is using my transactions with them to the benefit of others – especially when I have so little say in what they (Google and their customers) do “to” me.http://daringfireball.net/2012/02/cookies_and_privacy
I am researching this, but as far as I can tell so far, “bypassing” Safari was common practice, a “hole” existed that Apple knew full well was a way to bypass it, and it didn’t bother to fix the hole. It knew it was used by many companies – including, I have heard, Facebook. I’m learning more and as I have a clearer picture, I’ll write another post.
Apple being aware of a hole, is the same as them being aware of a bug. It is still wrong for another company to exploit the opening. “… she was dressing provacatively and was asking for it….”
I will watch for your next post, but I can’t release Google (and others) from responsibility for bypassing user privacy preferences – whether Apple knew it was possible or not.
I understand your point of view. I think Google acted improperly here, even if “others” were also doing it. Apparently it was an “open secret” and I’ve heard that Facebook was also exploiting it. Trying to get more details…
oooops ….. I see your wearing a Anti Google is the Eye in SkyNet…. Tin Foil hat! lol…. sorry but I really can’t help it when someone is so obviously prejudiced against one company and biased toward another. I’m neither for or against any of these companies, I watch them all like a hawk. Because the reality is you can’t trust any of them and that’s especially true of the Big Five…. Apple, Facebook, Twitter, Google and Microsoft!
So I use VPN and Secure Tunneling Services that encrypts all your traffic when I think it’s important enough. It can make it appear you’re in Spain or UK when your in Egypt or Canada. As consumers today we all have to learn to be a whole lot craftier at using the Web, than they are at figuring out who we really are. Best way? Keep ’em guessing, remain suspicious of them all, but hold no biases or grudges and be suspicious of them all. Keep track of your privacy settings and always know how to change them fast.
Make passwords completely unrecognizable….. even to you. So a glance or even a long they won’t get remembered or stolen and use Copy/paste with them stored in an encrypted secure lock box App. Mix and change them often and make ’em longest you can. Using all allowable numbers, letters and symbols that are allowed by the site. Remember to make a habit of turning off GPS when you don’t want your location tracked. Because it’s just like remembering to lock your doors and check the windows when leaving your home.
Above all don’t take it so personal. Because most of time they aren’t either. When you realize the odds of a human actually seeing and stealing your personal information are nil to none. The ones that sell or abuse your information don’t deserve to get the right information anyway and there are black and white lists of who’s the best to trust. Most of the time you’re dealing with a dumb machine just like when you call near anyone today. I trust machines a lot more ore than I do humans to look after your best interests.
That’s where Tunneling and using aliases on just about everything you do on the web comes in handy. Keep your Anonymity in tact by baffling them all with a little bullshizt and tom foolery. Make it fun!
Now to John Gruber; that guy has a big mouth and he sometimes uses it to store his foot in. There is perhaps no other blogger on line that’s as single minded and loyal to only Apple on the web as he is.
This is my first visit here, but I’m liking what JBAT writes so far. Battelle seems to say it like it is, holds no biases, and is willing to attack any side that’s seem to be looking for trouble. To that end, I like his fair approach…… “Don’t just like ONE…. when you can Dislike them all for your own greater good”!!! :DDD …..so Yeah I’ll be back!
I’m pleased you like what I write, do come back. I’ll keep writing stuff…
Really impressed ! Everything is very open and very clear explanation of issues. It contains truly information. Your website is very useful. Thanks for sharing You have nicely presented your thoughts in this blog.
I had a great time reading your article and I found it interesting. This is such a beautiful topic that me and my friends are talking about. Thanks for this blog, we are enlightened.
If google really cared about user preference, they’re smart people and could have put a notice on their sites or adsites to let users know cookies were off and ask to enable them.
Google cared more about tracking users silently and without their knowledge it seems and just hacked them, as it was found they did IE as well. They hacked IE too after all and used a different excuse, but along the same lines. If they want to say that IE (Microsoft) and Safari (Apple) were not standard, having user options for privacy, it sounds like google made up their own imagined standard and could have said anything to justify hacking and tracking. Besides, I don’t think people knew google was trying to track their entire web history.
With the release of Safari 7, not only 3rd Party cookie is being blocked. Local Storage as well as WebDB, any kind of website data are being blocked. When you go to Safari Preferences (CMD+comma), Under privacy tab, on Safari 7, it now says : “Block cookies *and other website*”, originally was “Block cookies”. That confirms the changes.