Browser bypasses put Google in privacy cross hairs
Privacy advocates, lawyers and powerful rival Microsoft were piling on Google on Tuesday for sidestepping Web browsing software to tailor ads for people signed into its online services.
The California-based Internet giant continued to staunchly defend itself meanwhile against accusations that it had put profit ahead of privacy.
Controversy ignited last week after it was revealed that Google ad-targeting "cookies" bypassed track-blocking software on Apple's Web browser for iPhones and computers was fanned by Microsoft saying Internet Explorer was likewise duped.
By Tuesday a suit was filed in US federal court demanding Google pay unspecified damages for violating the privacy of millions of people, and potentially national anti-wiretapping law.
Some researchers, however, said lashing out at Google did little to resolve a contradiction underpinning the complex situation -- people want free online services that know them but Web surfing that remains anonymous.
Snippets of code called "cookies" from Google and three online ad specialty firms slipped past tracker-blocking safeguards on Apple's Safari browser, Stanford University graduate student Jonathan Mayer said Friday in a blog post.
Microsoft on Monday said that a check showed that Google was bypassing anti-tracking mechanisms built into the Redmond, Washington-based technology titan's Internet Explorer (IE) Web browsing software.
"Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies," IE corporate vice president Dean Hachamovitch said in a blog post.
"Given this real-world behavior, we are investigating what additional changes to make to our products," he said.
Google fired back at Microsoft, saying that the company has known for years that the IE cookie blocking technique thwarted the functionality of modern websites such as Facebook and Amazon and that bypassing it was common practice.
"Instead of fixing (a) P3P loophole in IE that Facebook and Amazon exploited ...Microsoft did nothing," privacy researcher Christopher Soghoian said in a Twitter post, referring to IE's way of having cookies identify themselves.
"Now they complain after Google uses it."
Researcher Lauren Weinstein in a post at social network Google+ referred to Microsoft's complaint as seeming "disingenuous at best, and certainly is not helping to move the ball usefully forward regarding these complex issues."
Whether calculated or innocent, Google's sidestepping of privacy features on browsers raised alarms with consumer rights groups and has already prompted a call for an investigation by the US Federal Trade Commission.
Google discontinued use of the offending cookies in Safari browsers after Mayer's findings went public, and characterized the situation as an unintended side-effect of an effort to safeguard online privacy.
Google last year began using cookies in Safari browsers to let people signed into Google accounts get personalized services, such as being able to "+1" ads or other online content as likeable for friends at its online social network.
The plan was purportedly to provide users personalization requested while disclosing no information about them to Google-owned ad specialty firm DoubleClick.
Google reportedly did not realize was the presence of the cookies opened Safari browser doors to a slew of DoubleClick ad tracking cookies, which would otherwise have been rejected.
"The Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser," the California company said in a released statement.
"We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers," it continued.
Safari is the most widely used browser on mobile devices and the default browser on iPhones and Macintosh computers. The Apple browsers are pre-set to block tracking cookies.
(c) 2012 AFP