[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Sign-in] [Mail] [Setup] [Help]
Status: Not Logged In; Sign In
|
Resistance See other Resistance Articles Title: Google admits tracking Safari users (Internet giant says it circumvented security settings in browser to track users on desktops and iPhones) Google has come under attack for violating users' privacy and ignoring their wishes after admitting that it intentionally circumvented security settings in Apple's Safari browser to track users on both desktop computers and iPhones. A number of other advertisers exploited the loophole it had created to track those users too. "Our data suggests that millions of users may have been affected," Jonathan Mayer, the independent researcher at Stanford University who discovered the workaround by the search giant, told the Guardian. An Apple spokesman said: "We are aware that some third parties are circumventing Safari's privacy features and we are working to put a stop to it." The Electronic Frontier Foundation (EFF), a pressure group for users' rights online, said that then admission was bad news for the company, coming so soon after the news that it is aiming to unite the data it keeps about people using different parts of its services such as YouTube and its main search engine. "It's time for Google to acknowledge that it can do a better job of respecting the privacy of web users," the EFF said in a statement, in which it warned: "Google, the time has finally come. You need to make a pro-privacy offering to restore your user's trust … it's time for a new chapter in Google's policy regarding privacy. It's time to commit to giving users a voice about tracking and then respecting those wishes." The company may also be tracking people without their knowledge on other browsers, including those on its own Android phones, because those do not implement the same security restrictions as Apple does. The admission will put extra pressure on the company in the US where it has already fallen foul of the US Federal Trade Commission over privacy practices, and in Europe where it could still be subject to an antitrust investigation by the European Commission. The circumvention, carried out by a small piece of code, meant that people could see messages indicating whether their associates in Google "Circles" on its Google+ social network had clicked on ads – but it also let Google and other advertisers see which websites people landed on. Mayer told the Guardian that his team had been looking into what was being done for two months, and was sure it had been used by Google certainly since December – though it could have been running since July 2011. Google declined to answer a Guardian request to say when it had begun the tracking. The search giant insisted that a report in the Wall Street Journal, which first revealed the tracking, mischaracterised its actions, and that the users' identities had remained anonymous throughout – although they were signed in to Google's systems. At least three other advertising companies – Vibrant Media, WPP Plc's Media Innovation Group and Gannett's PointRoll – also exploited the Google code to track users. Google's search engine is the default on all Apple's mobile devices and in its Safari browser, of which there are more than 100m in use. By default, Apple's Safari browser only accepts cookies – small chunks of text with unique information such as the time of a user's visit to a site – which come directly from by the sites that users are browsing. But Google wanted to use its DoubleClick and other ad systems to track where people go online, so that it can serve "relevant" ads. It also wanted to be able to integrate its Google+ data into that information. To get around Safari's blocking, the Wall Street Journal explains, Google put code onto some of its ads served by DoubleClick's servers at doubleclick.net to fool the Safari browser into thinking the user was interacting with DoubleClick. But, the EFF notes: "That had the side effect of completely undoing all of Safari's protections against doubleclick.net." That meant that other DoubleClick cookies, including the principal tracking one which Safari would normally block, were allowed. "Like a balloon popped with a pinprick, all of Safari's protections against DoubleClick were gone," the EFF said. In a statement, Google said: "We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information. "Unlike other major browsers, Apple's Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as [Facebook's] 'Like' buttons. "Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalised ads and other content – such as the ability to '+1' [the equivalent of Facebook's 'Like' for Google's new Google+ social network] things that interest them. "To enable these features, we created a temporary communication link between Safari browsers and Google's servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalisation. "But we designed this so that the information passing between the user's Safari browser and Google's servers was anonymous – effectively creating a barrier between their personal information and the web content they browse. "However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser [by other advertising companies using the DoubleClick network]. We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information." While the data collected by the cookies would not contain the user's name or personal details, privacy campaigners have long pointed out that the pattern of a user's web browsing allows a picture of them to be built up which can led to direct identification or profiling so precise that it leave little doubt about their identity. Google's use of such systems in defiance of the settings of the user's browser is the first time the company has been found doing so. Google said: "Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google's Ads Preferences Manager. "We didn't anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers." Cory Doctorow, a novelist and columnist for the Guardian, commented at the Boing Boing blog that he believed the tactic by Google indicated that the internal pressure put on staff by chief executive Larry Page to integrated "social" elements into all its work – which has included the announcement that all staff bonuses are now tied to Google's success in social software – "is leading the company to take steps to integrate G+ at the expense of the quality of its other services. He pointed out that his own Google Mail account, whose address he has never made public, "has somehow become visible to G+ users, so that I get many, many G+ updates and invites to this theoretically private address, every day, despite never having opted into a directory and never having joined G+". Poster Comment: This is another reason to not patronize Google or use Safari. While I am a Mac user when I installed Safari and learned that the default Search Engine was Google and could not be changed, without hacking the software, I ceased using it and went back to Firefox. Firefox lets me choose ANY Search Engine and I DO NOT use Google except via Scroogle. It is not just the privacy issue either. Although I do find Google's tracking to be an annoyance. The other issue is that Google seems to have gone to subtly manipulating search results so as to place some items out of sight. Now I am not enough of a geek to thoroughly confirm that, but given that Google is a CIA Op I don't doubt that the allegation is true and so do not trust Google to return a politically incorrect search result. Post Comment Private Reply Ignore Thread Top • Page Up • Full Thread • Page Down • Bottom/Latest Begin Trace Mode for Comment # 4.
#1. To: Original_Intent (#0)
Scroogle hasn't been working for me for a few days, are you having this problem??
Yes. I did some checking around and it appears that they were hacked. They are completely offline last I knew.
I just found this: "For seven years, I have been running Scroogle on those six servers. Now Scroogle is crippled because I have to run it on the two remaining servers. It's probably just a matter of time before those two are taken away from me. The thing about those six servers is that three were blocked in 2007 by Google, and the other three blocked in 2008 by Google. Each time an engineer at Google got them unblocked for me because I was running a nonprofit service and didn't show any ads. The second time he did this, he mentioned that it was getting hard for him to pull this off. (Each of my six servers appears at Google under a single IP address for that server. That's the way it works with dedicated servers for outgoing traffic. For incoming traffic, you can point them to various IPs assigned to your server.) From 2009 to March 2011 I had no problems with Google blocks. It helped that I used up to 9,000 dedicated Google IP addresses on a random basis, spanning as many as 80 Google data centers. During that period Google had no centralized detection and throttling system. In March 2011 this changed, and after a one- minute delay, Google could detect and throttle a single IP address that had been fetching search results, even though I was randomly spreading out the requests from each server using 9,000 Google IP addresses. That throttling was not too severe — it lasted about two minutes. When it happened, I did an instant failover to a different server for those throttled requests. At the end of last December, I leased a seventh server because I knew Scroogle was in trouble. It turned out that this new IP address was throttled much more severely than the six IP addresses from my six legacy Scroogle servers. Adding more servers is not a solution. While it takes about fifteen minutes to trip, this second form of throttling lasts for 90 minutes after the requests stop instead of just two minutes. The four servers in Florida had "legacy" IP addresses attached to them, and now they're gone forever. The load shifts to the two remaining Arizona servers with legacy IP addresses, which cannot handle the load during daytime hours. Scroogle has gone from 350,000 searches per day to about 200,000 per day. I blame Friends of R... C.... For the attempted searches that don't go through, I show a screen blaming Google. After all, if Google hadn't started this "mild" form of throttling in March 2011, I could handle the load on two servers instead of six. The entire Internet infrastructure is in trouble because the design did not anticipate DDoS attacks. You cannot do anything about a SYN flood attack that is halfway sophisticated, and uses many unique IPs, either from a botnet or spoofed. You need a hardware firewall in front of your server that has a huge amount of bandwidth, just so it can filter out the attack based on some sort of analysis that differentiates the malicious packets. That sort of capability costs a lot more than leasing the server itself." And a new search engine: http://duckduckgo.com/ Read their privacy policy for more info, but in a nutshell: "For these reasons, DuckDuckGo takes the approach to not collect any personal information. The decisions of whether and how to comply with law enforcement requests, whether and how to anonymize data, and how to best protect your information from hackers are out of our hands. Your search history is safe with us because it cannot be tied to you in any way." "When you search at DuckDuckGo, we don't know who you are and there is no way to tie your searches together. When you access DuckDuckGo (or any Web site), your Web browser automatically sends information about your computer, e.g. your User agent and IP address. Because this information could be used to link you to your searches, we do not log (store) it at all. This is a very unusual practice, but we feel it is an important step to protect your privacy."
Thank you. I'll have to goose the duck and see if it is any quicker than ixquick which is my back-up to Scroogle.
There are no replies to Comment # 4. End Trace Mode for Comment # 4.
Top • Page Up • Full Thread • Page Down • Bottom/Latest |
||
|
[Home]
[Headlines]
[Latest Articles]
[Latest Comments]
[Post]
[Sign-in]
[Mail]
[Setup]
[Help]
|
||