Google Fined $22.5M For Hacking Safari To Track You

Google Fined $22.5M For Hacking Safari To Track You


The FTC has fined Google pocket change $22.5 million after security researcher revealed the company hacked Safari and Internet Explorer to track online users.

Last year security researchers learned that Google was using a backdoor hack to allow 3rd party tracking cookies to be installed on Safari browsers – which blocks them by default – to track people’s online internet activity. To protect yourself from things like this it’s important to look into using virtual private networks which protect your privacy.

Google admits hacking Safari security settings to spy on users

Google-Admits-Hacking-Safari-To-Track-Users-290x174 (1)Internet giant says it circumvented security settings in browser to track users on desktops and iPhones which allowed third-party advertisers to spy on users.

Google has come under attack for violating users’ privacy and ignoring their wishes after admitting that it intentionally circumvented security settings in Apple‘s Safari browser to track users on both desktop computers and iPhones.

If you’re an iPhone owner, it’s important that you look into How to Prevent Your iPhone from Being Tracked because a number of advertisers exploited the loophole it had created to track those users too.

“Our data suggests that millions of users may have been affected,” Jonathan Mayer, the independent researcher at Stanford University who discovered the workaround by the search giant, told the Guardian.

An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.”

“It’s time for Google to acknowledge that it can do a better job of respecting the privacy of web users,” the EFF said in a statement, in which it warned: “Google, the time has finally come. You need to make a pro-privacy offering to restore your user’s trust … it’s time for a new chapter in Google’s policy regarding privacy. It’s time to commit to giving users a voice about tracking and then respecting those wishes.”

The company may also be tracking people without their knowledge on other browsers, including those on its own Android phones, because those do not implement the same security restrictions as Apple does. It is because of breaches of privacy like this that makes some people do anything that they can to keep private online. They use resources like VPN’s and encryption or decide to buy bitcoin in india to keep themselves as anonymous as possible. Big corporations like Google taking advantage of vulnerable users like this shows why some choose not to trust the internet.

At least three other advertising companies – Vibrant Media, WPP Plc’s Media Innovation Group and Gannett’s PointRoll – also exploited the Google code to track users.

To get around Safari’s blocking, the Wall Street Journal explains, Google put code onto some of its ads served by DoubleClick’s servers at to fool the Safari browser into thinking the user was interacting with DoubleClick.

But, the EFF notes: “That had the side effect of completely undoing all of Safari’s protections against”

That meant that other DoubleClick cookies, including the principal tracking one which Safari would normally block, were allowed.

“Like a balloon popped with a pinprick, all of Safari’s protections against DoubleClick were gone,” the EFF said.

If that wasn’t bad enough, soon after other companies looked at their browser settings and revealed Google was doing the same thing to them. No wonder people are looking to alternative browser options, like this Pale Moon download for Windows, in light of this news.

Google Hacked Internet Explorer To Spy On Users, Just Like Safari


Microsoft reveals Google hacked Internet Explorer, just like Safari, so they could track people’s online activity everywhere on the internet.

Apple recently reported that Google hacked their Safari web browser so they could track users online activity on MAC computers and notebooks as well as on all of Apple’s popular handheld electronics with online capabilities such as the iPhone, iPad, and iPod.

That announcement made Microsoft engineers suspicious that Google may have employed similar measures to bypass Internet Explorer’s security settings to track all of IE users online activity as well. Sure enough, Microsoft has come forward to say Google has employed a different hack which achieved the same results on the world’s most popular web browser.

I was to place I bet, I would bet that Mozilla engineers will soon make the same announcement about the Firefox web browser.

Google is now being punished for violating their ‘Do No Evil’ slogan.

As Wired reports, the FTC has slapped them with a $22.5 million fine, not even a dent in their over $12 billion in revenues last quarter along.

Its a repeated theme among mega corporations who get caught doing something entirely illegal that an individual would have gone to jail for an extremely long time and walk away with a fine that isn’t even a dent in the profits made from the illegal activities.

From Wired, who falsely reports Google immediately disabled the hack after the Wall Street Journal reported on it (not true at all – Google first denied it and then a second researcher verified it).:

Google agreed to pay a record $22.5 million to settle Federal Trade Commission charges it intentionally circumvented the default privacy settings of Apple’s Safari browser, using a backdoor to set cookies on browsers configured to reject them, the commission said Wednesday.

Google immediately disabled the practice in February after the Wall Street Journal disclosed it, which was discovered by Stanford researcher Jonathan Mayer and confirmed by security consultant Ashkan Soltani.

Safari, which accounts for about 6 percent of desktop browsing and more than 50 percent of mobile browsing, is the only major browser to block so-called third-party cookies by default. When you visit a website, all browsers by default, including Safari, allow that site to put a small tracking file on your computer, which allows the site to identify a unique user, track what they’ve done and remember settings. That’s a first-party cookie. Cookies placed by ad networks and social sharing buttons are third-party cookies.

The FTC complaint said Google had maintained publicly that users would be opted out automatically of getting Google ad cookies on other people’s sites under the default Safari settings.

The fine, while minuscule when juxtaposed to Google’s second-quarter revenue of $12.21 billion, represents another PR blow to the Mountain View, California-based media giant that has adopted the slogan: “Don’t be evil.” Google has come under fire for misrepresenting its its Google Buzz information-collecting practices and for collecting Wi-Fi payload data from its Street View cars as they drove through neighborhoods.

The FTC said Google’s underhanded practice breached a 2011 consent agreement related to Google Buzz in which Google agreed with the agency not to misrepresent its privacy practices, including whether it is collecting personal information, for the next 20 years.

“The record-setting penalty in this matter sends a clear message to all companies under an FTC privacy order,” said Jon Leibowitz, FTC chairman. “No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”

Safari blocks the sites that power those services from setting or reading cookies, so a Facebook “Like” button on a news site, for instance, can’t tell if you are logged in, so it can’t load a personalized widget. Google’s DoubleClick advertising network, along with a number of ad servers, were caught avoiding this block, using a loophole in Safari that lets third parties set cookies if the browser thinks you are filling out an online form. (See a good technical overview here.)

Google said it used the backdoor so that it could place +1 buttons on ads it places around the web via its Adsense program, so that logged-in Google+ users could press the button to share an ad. Without the work-around, the button wouldn’t be able to tell Google which Google account to link the button to.


Another take away from this that isn’t even being mentioned – or investigated – is that you can be rest assured if you are using a Google product – be it the Google Toolbar, Google Search Provider, The Android, Or Google Chrome – the company is undoubtedly tracking your every move whether you know it or not.

Categories: US NEWS

About Author

Write a Comment