Photo: Flickr/Esther Dyson
Google got busted by the Wall Street Journal last night for bypassing built-in security settings on the Safari Web browser on iPhones and iPads.This is the stupidest thing Google has done in a long time.
This isn’t some startup. This is Google. It is being watched very closely by the government for all kinds of possible violations. Competitors jump all over it at every opportunity. And a lot of people in the tech world and press seem to hate Google these days.
So what sort of juicy, incredibly valuable, and potentially damaging information was Google collecting through its trickery?
Your browsing activity. On some sites.
What Google was doing was placing a cookie into Safari. This cookie allowed Google to track your activity across multiple sites that use Google ad networks, including non-Google sites.
Cookies are not new. They have been around since the Web browser was invented. (Netscape came up with the idea in 1994 and started supporting them Netscape 2.0 in 1996.) You can read literally thousands of articles about what they are, how they work, and how to get around them. Here’s a pretty good one from 1996.
Without cookies, ad networks wouldn’t have any way to tell which ads they’ve already served you. So the ads would be even LESS relevant than they already are.
(Cookies are also how sites like Google and Facebook and Amazon save your settings so you don’t have to log in every time you visit the site.)
Some people don’t like cookies, which is why it’s easy in most browsers to disable them. In iOS, Apple went one step further and disabled certain kinds of cookies — those placed by third-party sites — by default.
In the overall scheme of privacy violations, on a scale of 1 to 10, with a total wiretap of all your phone conversations and a keystroke-logger on your computer as a 10, and iPhone apps collecting address book information as a 5, cookies placed by ad networks are a 1 or 2.
The thing is, it wouldn’t have been an issue at all if Google had just honored those settings like it’s supposed to do.
So the real question here is: how could anybody at Google possibly have been so stupid? Did they really think nobody would notice? Was the extra information really worth the firestorm they just unleashed?
Once again, this points out the need for more discipline and oversight at Google. It’s got a strong engineering culture, and it loves to think of itself like a scrappy startup full of smart people solving challenging problems. But the rest of the world doesn’t see it that way.
Correction: Google’s placement of the cookie in Safari did not open the way for other ad networks to do the same thing, as this story originally stated. However, other ad networks were using the same trick. Apologies for the error.