Google bites into Apple, crams down cookies

Google has been caught with its hands quite literally in the cookie jar again. And no amount of Doubleclick — er, double talk — is going to save it this time.

According to the Wall Street Journal’s intrepid privacy reporters, Julia Angwin and Jennifer Valentino-Devries, Google has been deliberately bypassing the privacy settings in Apple’s Safari browser to allow itself and other advertising firms to deposit cookies on users’ iPhones and iPads.

[ Also on InfoWorld: Don’t look now, but your mobile apps may be spying on you. | For a humorous take on the tech industry’s shenanigans, subscribe to Robert X. Cringely’s Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld’s Tech Watch blog. ]

Essentially, Google was tricking Safari — which is set to block third-party tracking cookies by default — into allowing it to drop Doubleclick cookies on users’ machines by pretending they weren’t really Doubleclick cookies. Other ad networks followed suit.

I won’t get into the technical fine print here. The Journal goes into it in some detail, as does Marketing Land’s Danny Sullivan. Business Insider has a nice explanation of what Google was probably thinking.

Google’s reasoning? It wanted to enable users who were logged into Google to click its little +1 button on Doubleclick ads. Before going any further, I’d like to see a virtual show of hands. Anybody out there ever clicked +1 on an ad? Anyone at all? Bueller? Bueller? OK, I may have clicked +1 on that Honda CRV ad featuring Matthew Broderick playing a middle-aged Ferris Bueller — but only the extended YouTube version, not the actual ad.

So Google’s reason for breaking Safari’s privacy settings is dubious at best, but it’s not the only ad company to play fast and loose with Apple’s default settings. Other large third-party ad networks used similar tricks to set and reset cookies at will: Vibrant Media, WPP PLC’s Media Innovation Group, and Gannett Co.’s PointRoll. According to the Journal, 29 of the most popular 100 websites contain ads served by at least one of these companies.

The secret Google code was uncovered by Stanford researcher Jonathan Mayer. People who follow the battle over Do Not Track will remember Mayer as the guy who reported last July that much of the “anonymous” data being collected by Web trackers wasn’t all that anonymous. We in Cringeville are shocked — shocked! — at the spectre of yet another enormous company using subterfuge to have its way with our data.

Google’s official response? The Journal overstated its case, its cookies do not collect personal information or track the locations of iPhone users, and we didn’t realize exactly how well we managed to circumvent Safari’s restrictions. Are we good, or what?

…. Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content–such as the ability to “+1” things that interest them….

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.

Federated Media’s John Battelle points out that Apple isn’t an innocent player in this game, and its browser settings aren’t the norm for the Web. Other browsers also let you block third-party cookies, but it’s not the default setting.

To which I say, so what? Enhanced privacy should be the norm for the Web. If enhanced privacy settings break the way you want people to interact with your ads, maybe you should redesign your ads.

And if targeted ads are so much better for us, as the advertising and tracking industry desperately wants us to believe, wouldn’t we naturally want to choose them over regular old nontargeted ads? Surely if targeting is necessary for the continued survival of the “free” Web, wouldn’t Joe and Jane Internet elect to opt in?

It’s the same reason people channel surf when commercials come on TV. Don’t want us to surf past the ads? Make better commercials. Want us to allow third-party tracking cookies? Give us an incentive for letting you track us, besides delivering “more interesting” ads.

User clickstream data is clearly worth billions to the complex Web of companies involved in serving Internet ads. But it’s also worth something to us, Joe and Jane Internet. Why should we hand ours over for free?

Do Google’s secret cookies tick you off? Vent your spleen below or give me an earful directly: cringe@infoworld.com.

This article, “Google bites into Apple, crams down cookies,” was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely’s Notes from the Field blog, and subscribe to Cringely’s Notes from the Underground newsletter.