Google Accused of Bypassing Safari's Privacy Controls

DJRumpy points out an article (based on a possibly paywalled WSJ report) describing how Google and other ad networks wrote code that would bypass the privacy settings of Apple's Safari web browser. 'The default settings of Safari block cookies "from third parties and advertisers," a setting that is supposed to only allow sites that the user is directly interacting with to save a cookie (client side data that remote web servers can later access in subsequent visits). ... The report notes that "Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.' Google says this mischaracterizes what the code does, claiming it simply enables 'features for signed-in Google users on Safari who had opted to see personalized ads and other content — such as the ability to “+1” things that interest them.' Google adds that the data transferred between Safari and Google's servers was anonymized. John Battelle writes that the WSJ's story is sensationalist, but that it raises good questions about the practices of ad networks as well as Apple's efforts to stymie industry-standard practices.

Re:And people ask me why I don't use Chrome

If you're running DNSmasq just add this line:

address=/google-analytics.com/127.0.0.1

and it won't bother you again.

I trust google as much as microsoft

[FudRucker]

i rather use Linux

http://duckduckgo.com/

Safari has a long history of cookie problems

[MrLint]

IIRC the first 3 major versions of Safari on OS X totally ignored the setting for 'don't allow 3rd party cookies'. I had to file a bug that apple.com was setting these cookies w/ safari.

These assertions are really empty for me personally, since apple's site has partners that set these cookies, and apple's devs couldn't bother to implement this feature right.

And yes, my bitterness permeates everything:)

Re:And people ask me why I don't use Chrome

[phrostie]

another cool trick is to set up a host file.

http://winhelp2002.mvps.org/hosts.htm

Re:And people ask me why I don't use Chrome

You *can* do a system-wide installation, it's just not obvious.

Re:And people ask me why I don't use Chrome

[GIL_Dude]

If you need to block Chrome installs in your locked down environment you can: http://support.google.com/installer/bin/answer.py?hl=en&answer=146164. At one point early in Chrome's life (before the policies existed) we had a desire to block Chrome as it was playing havoc with our authenticated proxy servers (it would just hammer them with failed authentication requests). It plays nice with proxies now, so we don't do anything to either enable or disable Chrome.

Re:And people ask me why I don't use Chrome

[icebraining]

If it was properly locked down, the Chrome installer wouldn't be able to run at all. And if it able to run, then it doesn't need an exploit.

Re:And people ask me why I don't use Chrome

[icebraining]

(Silly question, but I'm no Windows admin -- isn't there an equivalent of the "noexec" mount option, to prevent any binaries within certain subtree of the filesystem from being executed?)

Yes. I don't know exactly how it's done, but I know it can be done, since the public computers on my university prevent it.

Google tells me it's called a Software Restriction Policy.

Fight back with surrogates

[Giorgio+Maone]

sites which won't display their content until I allow Noscript to run all scripts on the page (including advertisers'), turn off Adblock, and disable Ghostery

Surrogate Scripts are meant to deal with this kind of crap.

Could you please show me some URLs to check?