Google guilty of tricking iPhone and Mac Safari surfers

Tut, tut, tut; Google has been caught doing something it shouldn't - bypassing the privacy settings of fanboys worldwide using Safari on their iPhones or Macs.

The Wall Street Journal is reporting that the Mountain View search giant, along with other advertising companies (including Facebook) has "used special computer code that tricks Apple's Safari web-browsing software into letting them monitor many users".

Safari blocks this sort of monitoring by default by Google and the naughty gang had been circumnavigating the default settings to to drop cookies on people's devices even when set to not accept them.

The Google code was spotted by Stanford researcher Jonathan Mayer and The Verge is reporting that it used an exploit by developer Anant Garg from 2010 that sends a blank form in the background to trick Safari into accepting cookies from unauthorised sources.

Google has since being contacted by the WSJ, ceased the technique and has stated: "The Journal mischaracterises what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled.

"It's important to stress that these advertising cookies do not collect personal information."

Facebook has also been caught up in the security row, although both it and Google would argue that the practice allows for quicker sign-in processes and seamless surfing.

Update: Google has contacted us with a full statement:

Rachel Whetstone, SVP, Communications and Public Policy:

"The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default.  However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons.  Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to “+1” things that interest them.

To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous--effectively creating a barrier between their personal information and the web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers.  It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information."