Google sneg sig til at tracke iPhone- og Safari-brugere

The Wall Street Journal kan fortælle, hvordan Google har brugt en form for bagdør i Safari-browseren på iPhone og computere til at få sat cookies, der kunne tjekke om brugeren var logget ind med en Google-konto.

Hos det danske it-medie ComON har Karim Pedersen skrevet artiklen Google smugler cookies ind i Safari, der beskriver sagen.

The Wall Street Journal-artiklen forklarer, hvordan Google rent teknisk har gjort – og det er ikke uden snilde.

Last year, Google added a feature to put the +1 button in ads placed across the Web using Google’s DoubleClick ad technology. The idea: If people like the ad, they could click “+1” and post their approval to their Google social-networking profile.

But Google faced a problem: Safari blocks most tracking by default. So Google couldn’t use the most common technique—installation of a small file known as a “cookie”—to check if Safari users were logged in to Google.

To get around Safari’s default blocking, Google exploited a loophole in the browser’s privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

The cookie that Google installed on the computer was temporary; it expired in 12 to 24 hours. But it could sometimes result in extensive tracking of Safari users. This is because of a technical quirk in Safari that allows companies to easily add more cookies to a user’s computer once the company has installed at least one cookie.

Det lyder lidt anderledes end Googles udmelding om, at man har brugt “kendt funktionalitet i Safari”.

Efter The Wall Street Journal rettede henvendelse har Google fjernet koden. Det kan du læse mere om hos The Washington Post.