Google Gets Around Safari's Privacy-Friendly Default Settings
Shortly after news broke this morning that Google and other companies were using a workaround to drop cookies on Safari users, Interactive Advertising Bureau general counsel Mike Zaneis took to Twitter to express his opinion.
"Safari DEFAULT blocking cookies is a technology limitation, not a consumer privacy setting," he wrote.
The implication is that Google (and the other ad companies) didn't circumvent users' privacy settings because they hadn't explicitly configured their computers to block third-party cookies. Rather, Apple did so for them.
Surely, however, some users browse the Web with Safari precisely because of its privacy settings. Google even told consumers that Safari would block third-party cookies. Google has since deleted that language from its site, but the advocacy group Consumer Watchdog saved a screenshot.
What's more, the ad industry has long taken the position that consumers implicitly agree to receive targeted ads by leaving their default settings in place. By that logic, then, don't consumers choose to avoid tracking by leaving Safari's default settings in place?
MediaPost has reached out to Zaneis for more information about his comment, but he hasn't yet responded. He stated in a subsequent tweet, however, that "the consumer did not set the cookie blocking, it was set by the browser" and that "tech one upsmanship is bad for consumers." He also later tweeted that the industry should "focus on developing sound data practices, not the creation of technological limits."
Zaneis wasn't the only one to react to the news by addressing Apple's settings. "Apple’s mobile version of Safari broke with common web practice, and as a result, it broke Google’s normal approach to engaging with consumers," wrote Google expert John Battelle.
By that reasoning, however, the tracking protection lists available in Microsoft's IE9 also break with Web practice. That doesn't mean it's okay to circumvent them.
Besides, the question isn't whether browser-based privacy settings violate Web companies' expectations. The question is whether ad companies are willing to accept limits on their ability to gather
data from consumers.
In this case, Google promised users that Safari blocked cookies, and then developed code that resulted in Safari accepting cookies.
Google says that it only intended to allow Safari users to say they liked ads via the +1 button, and not track them throughout the Web. But even if the Web-wide tracking was inadvertent, someone at Google should have known this was occurring -- especially given the new privacy measures Google implemented in 2010. Among others, engineering project leaders are supposed to keep privacy design documents for their initiatives; those documents are supposed to be regularly audited.
Gannett's PointRoll, Vibrant Media and WPP's Media Innovation Group also reportedly dropped cookies on Safari users. Vibrant Media says its "addressing the issue." WPP says it's not commenting. Gannett hasn't yet responded to MediaPost's queries, but told The Wall Street Journal that the initiative was aimed at learning how many people went to advertisers' sites after seeing their ads.
worth noting that this isn't the first time that ad companies have circumvented users' privacy settings. Other companies have engaged in techniques like "history-sniffing" and setting Flash cookies to
track users who delete their cookies. Flash cookies are stored in a different place in browsers than HTTP cookies and, until recently, were harder for many users to delete.
In the last two years, Quantcast, Clearspring and Say Media's VideoEgg agreed to pay a total of $3.4 million to settle civil lawsuits about Flash cookies. Additionally, the ad network Interclick, now owned by Yahoo, is facing a lawsuit stemming from allegations that it engaged in history-sniffing by exploiting a vulnerability in browsers to discover which Web sites users previously visited.
Given that online ad companies have a history of thwarting users' attempts to control information, it's unfortunate to see Zaneis and others harp on Apple's settings rather than acknowledge that the technique reportedly used by Google and the other companies violate many users' expectations that they aren't being tracked online.