Google and others track Apple users

Google bypassed privacy settings in Safari, the iPhone's internet browser, in order to track its users.

Kai Ryssdal: Consider this: 55 million iPhones were sold last year. Used for phone calls and game playing and picture taking and web surfing. If you have an iPhone or an iPad or a Mac, you're probably using the Safari web browser -- comes standard on Apple devices with the added benefit of not letting advertisers keep an eye on where Safari users go online. Well, at least that's how its supposed to be.

A story in the Wall Street Journal today says otherwise. Julia Angwin shared the byline on it. Julia, good to have you with us.

Julia Angwin: Happy to be here.

Ryssdal: So, in as layman-like terms as possible, what exactly is going on here?

Angwin: I know this is a very complicated story. So, what is going is we learned that Google and a few other ad companies were circumventing the privacy settings on Apple's Safari Web browser. So the Safari Web browser is what most people use on their iPhones, iPads and some people use on their desktop computers.

Ryssdal: OK. Another way that I've heard this put is that they're putting cookies in there -- those things that sort of track where you're going.

Angwin: Yes, so basically Safari is the only major Web browser that -- by default -- blocks the installation of cookies, which are these little tracking files, from sites other than the site you're visiting. So for instance if you visit the Wall Street Journal Web site, you would get a cookie maybe from that Web site and that might remember your settings. But it doesn't allow other advertisers usually who are on that page to place cookies on your machine.

Ryssdal: And what Google was doing would?

Angwin: Yes. Google and a few others used a technique that tricked Safari into allowing their cookies to be placed on these users' computers.

Ryssdal: That word you used -- "tricking" Safari into letting cookies be implanted -- it implies nefariousness.

Angwin: Right, and Google would say it was not nefarious. But I will explain the "trick" in the clearest way I can possibly describe it.

Ryssdal: In the aforementioned layman's terms.

Angwin: Yes. So Safari, in general, is designed to prevent these advertisers from placing cookies on the user's computer. But it does have an exception. It believes that if you, the user, click on an ad and fill out a form, for instance, you want a cookie from them. You clearly are interacting with that advertisement in some way. So what Google and these others were doing was actually embedding invisible forms into their ads, which were then automatically submitted -- without the user doing anything -- back to Google, which allowed Safari to think that you, the user, had done something with that ad. You may not have looked at it, you may not have clicked, but in fact the browser thought you had and allowed the cookie to be placed.

Ryssdal: Why would Google do this? What's the upside for them?

Angwin: So here's what Google says about why they did this. They were trying to embed a little button called "+1." So the idea was that if you looked at an ad and liked it, you could click this "+1" button. And in order to tell if you were logged into their "Google+" system. They wanted to drop this cookie to check your logged in status. But the end result was they ended up circumventing a lot of people's privacy settings.

Ryssdal: Much has been made the past -- I don't know -- two, three weeks about Google's privacy policies. Their revamping them and the company says their streamlining them. They've had privacy issues in the past. This does not seem to be a positive development in the world of Google privacy.

Angwin: Right. Not only have they just done this privacy policy revamp -- which I think raised a lot of scruples, but also Google signed a consent decree -- a twenty-year privacy consent decree -- with the Federal Trade Commission in October, in which they promised not to ever misrepresent their privacy practices to consumers.

Ryssdal: Frame this form me in the larger you-have-know-privacy-get-over-it debate.

Angwin: What I think it means is that: Every time we see one of these slip ups, the companies involved talk about bugs, or a loop hole, but the fact of the matter is what we're really coming to see -- after months and years of these "I'm-sorry-it-was-a-mistake" issues -- is that surveillance has become such much a part of every our lives, it's almost impossible to turn off. There are no rules and I think there's a growing sense of uneasiness about, "What is going to happen to all this information about every Web site I ever visited?"

Ryssdal: Julia Angwin at the Wall Street Journal. Julia, thanks a lot.

Angwin: Thank you.

Ryssdal: Investors in the more-ubiquitous-than-anyone-ever-thought search company sold off today. Shares of Google closed down three-tenths percent. A measly $604 a piece.

About the author

Kai Ryssdal is the host and senior editor of Marketplace, public radio’s program on business and the economy.

Comments

I agree to American Public Media's Terms and Conditions.
With Generous Support From...