Google's recent gaming of the privacy settings on Apple's Safari browser is "unacceptable" behavior and further proof of the need of a "Do Not Track" feature in web-surfing software, according to privacy experts.
"Technological workarounds to evade browser privacy settings are unacceptable," says Justin Brookman, director of consumer privacy for the Center for Democracy & Technology (CDT) in Washington, D.C. in a statement.
The workaround referred to by Brookman was used by Google and others to alter the default settings in the Safari browser. Those settings prevent third-parties from planting cookies on your PC that track your surfing habits.
Privacy Invasion Inadvertent, Google Says
Google explained in a statement that the circumvention of Safari's privacy settings was done inadvertently when it created a way for Safari users who sign into Google to use third-party features, such "+1," that would be blocked by the default setting. That action, though, enabled tracking cookies to be activated on the browser.
"We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers," Google's Senior Vice President for Communications and Public Policy Rachel Whetstone says in a statement.
"It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information," she added.
Google Actions 'Severely Disappointing'
Accident or not, Google's actions were "severely disappointing," maintains the CDT's Brookman. "While we take Google's assertion at face value that it was not its intent to track users in this way, we are perplexed how this decision evaded Google's internal design and review process," he said. "After a several recent missteps—and two new reboots on privacy-by-design -- this should never have happened."
This week's incident wouldn't have happened if Google had began to recognize the need for "Do Not Track" technology on its servers and software, argues Peter Eckersley, Rainey Reitman, and Lee Tien in an essay posted at the website of the Electronic Frontier Foundation (EFF).
"It’s time for Google to acknowledge that it can do a better job of respecting the privacy of Web users," they wrote.
The essay continues: "One way that Google can prove itself as a good actor in the online privacy debate is by providing meaningful ways for users to limit what data Google collects about them. Specifically, it’s time that Google's third-party web servers start respecting Do Not Track requests, and time for Google to offer a built-in Do Not Track option."
Do Not Track and Google
Although Do Not Track is intended to counter third-party snooping on web users, its effectiveness is muted without the cooperation of big players like Google. "Google refuses to add support for DNT [Do Not Track] to its Chrome browser, and ignores it when it has been set by users of other browsers," Christopher Soghoian, a graduate fellow at the Center for Applied Cybersecurity Research in Washington, D.C. tells PCWorld.
"The problem is not the absence of DNT," adds Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington, D.C. "That was built-in to the Safari browser. The problem is Google's blatant disregard for user privacy settings."
Google is currently under a consent order with the Federal Trade Commission (FTC) to protect the privacy interests of its users. In a letter (PDF) sent to the FTC on Friday, EPIC contends that Google's Safari snafu violates that agreement and has called on the agency to take enforcement action against Google.
This latest assault on consumer privacy should not be taken lightly, declares Soghoian.
"The public should be concerned about this, because it shows that advertising companies, like Google, are willing to go to any lengths necessary to track us," Soghoian says. "If that means circumventing privacy controls and exploiting loopholes in the privacy mechanisms built into browsers, so be it."
"This particular bug will no doubt be fixed by Apple, but the arms race--in which ad networks engineer around user privacy control--will continue," he warns, "at least until regulators and legislators put an end to these shameful business practices."