Safarigate: Benign Behavior or Malignant Breach?

Last Thursday, the Wall Street Journal reported that Google has purposefully circumvented Safari’s privacy settings, allowing it to track the behavior of users on non-Google sites. These findings contradicted Google’s own instructions as to how users worried about privacy settings could avoid tracking. The report was based off
of research at Stanford that had identified four different advertising companies who utilize known exceptions to Safari’s privacy feature that blocks third-party cookies.

Naturally, the idea that Google wrote code to evade Safari’s privacy settings has not sat well with many. The Electronic Freedom Frontier dubbed Google’s actions “just as paternalistic as ad networks” and posited that Google needed a new approach to privacy to “restore [its] users’ trust.” Several Congressmen have asked the FTC to investigate whether these actions violate the Google Buzz settlement, which prohibits Google from making “future privacy misrepresentations.” One user has filed a class action suit against Google, claiming violation of federal wiretapping laws and other computer-related statutes.

Tensions often run high when privacy is threatened. Nevertheless, amidst the outcry, it is important to identify the contours of the threat and know what exactly it is we are upset about.

Circumvention Explained

Apple Inc.’s Safari is the only web browser that blocks third-party cookies by default. Cookies are essentially helper-files that websites commonly use to store things like user preferences and session information (for example, the state of a shopping cart). When a site contains third-party content (for example, a banner advertisement on your favorite news site), that third-party (in our example, the advertising company) can write its own cookie. Third-party advertisers commonly use this feature to record where and for whom  their advertisements have been displayed, allowing them to build a history of the sites an individual user visits.

Last September, in an effort to compete with Facebook’s “like” functionality, Google added a “+1” button to certain Google ads, which Google+ users could click on to indicate they “liked” those ads. However, because Google has set up its services such that Google+ and Google Ads reside on different domains, interfacing between the two required the use of third-party cookies. Because Safari blocks these by default, Google faced the prospect that most Safari users – a sizeable user base – would not be able to use this new feature.

To address this problem, Google exploited a known exception to Safari’s no third-party cookie policy. Safari allows third-party cookies when a user submits an HTML form, so Google created an invisible form, never seen by the user, which it submitted any time the user clicked “+1.” This triggered Safari’s form exception, allowing the creation of third-party cookies by Google Ads. The Stanford study showed that, in practice, Google used this backdoor method to create cookies that not only enabled the  “+1 Ads” functionality, but also set up the general Google Ads tracking cookie, which monitors the browsing behavior of users going forward. Google stated that they “didn’t anticipate that this [(setting up the general Google Ads tracking cookie)] would happen” and that they have “now started removing these advertising cookies from Safari browsers.”

So We Are Fighting For?

It’s true the technical facts aren’t flattering for Google: its code uses an invisible form to emulate Little Red Riding Hood and gain access to Grandma’s house, exposing the user to whatever tracking Google Ads decides to subject her to.  It’s true that Google’s primary motivation was enabling the “+1” feature for Safari users, but can we really say the end justifies the means in this case?

Still, this begs the question: what is it about Google’s actions that render them so troubling? Is it the fact that Google can track a user’s browser history? This seems unlikely. Google already tracks search history and processes electronic mail information in Gmail – how much more of an invasion can ad tracking be? Moreover, this backdoor is not triggered until a user actually clicks on “+1” – arguably this surveillance involves some kind of consent, albeit uninformed in most cases. Even if we can’t call this consent, enabling tracking involves some affirmative act by the user, and avoiding this is much easier than with search or Gmail.

If, then, it’s not the tracking itself that is particularly disquieting, perhaps the issue goes to some more fundamental idea of respect. By circumventing Safari’s privacy settings to enable the “+1 Ads” feature, one could say that Google ignored the express desires of its users, elevating its own commercial interests over the user’s personal privacy interests. This kind of disregard may be particularly troubling given the relative bargaining power that an individual consumer has against a monolith like Google.  At the same time, however, it may be hard to say that Google was ignoring express interests – blocking third-party cookies is Safari default behavior that most users are not aware of. Moreover, as one blog points out, Safari’s policy may just be a strategic move by Apple to curb the information its competitors can glean from its customers. Viewed in this light, Google’s actions could be understood as commonplace competitive behavior rather than neglect towards individual privacy concerns.

In this case, prudential arguments may bolster the respect rationale. Even if Safari’s default settings were not actual expressions of most users’ real desires, they nonetheless provide the interface through which these preferences can be expressed. Much like a court artificially thinks about Congress as a unified body with “wishes” and “intentions,” it makes sense for Google to treat browser preferences as a real expression of user preferences. Otherwise, it seems unclear what forum users have left. If browser settings are indeed an expression of real user preferences, then, slippery slope arguments counsel against tolerance of any disregard for them. If Google can violate privacy preferences in this area, what is to stop violations in other areas? And, if Google can do it, why can’t Apple or Microsoft do it too?

Looking Ahead

Clearly, slopes are not always slippery and it is possible to draw lines. Context is also useful – why privacy was breached, the extent of the harm caused by the breach, and the basis under which we deem that harm problematic should all be considered in determining whether that breach should be tolerated. In the case of Google, much uncertainty remains in at least two of these areas – nevertheless, consumers, policymakers, and Google executives alike should think critically about these questions in developing rules and recourse available for internet privacy violations.

About the Author

Kristen Lovin

Kristen Lovin is a Staffer for the Columbia Science and Technology Law Review. She is a 2L at Columbia Law School.
  • http://hughw.net/ hughw

    “it makes sense for Google to treat browser preferences as a real expression of user preferences. Otherwise, it seems unclear what forum users have left. ” 

    Google maintains that its users had expressed their preference, not in the Safari  browser, but in agreeing to Google’s TOS. They executed their third party cookie trick only for  ’signed-in Google users on Safari who had opted to see personalized ads and other content–such as the ability to “+1″ things that interest them.’

blog comments powered by Disqus