Google's embarrassing Safari exploit
The Wall Street Journal led its paper Friday with a story on what appeared to be an egregious privacy violation by Google: The advertisements from its DoubleClick subsidiary found a way to track users of Apple's Safari browser even if it was set to block tracking. The article produced the requisite call for a federal investigation and plenty of bad publicity for the erstwhile "Don't be evil" corporation. But Google's actions, although (ahem) aggressive, raise a different question from the one most observers seem to be asking. To wit: What should companies do when a user's privacy settings in one arena clash with those in another?
The problem started with Google trying to compete with Facebook's "Like" button, which can be incorporated into display ads to add some viral juice. Google wanted to let DoubleClick, its display-ad subsidiary, put a "+1" button in its customers' pitches. The button would let anyone who saw the ad tell the people in their Google+ circles (Google's equivalent of Facebook friends) that they liked it.
To keep the data about its users separate from that collected by advertisers, Google uses a separate, "third party" cookie to tell its servers whether the visitor to a site is logged into Google, in which case it adds a +1 button to the DoubleClick ad. But Safari is set by default to block third-party cookies, which often are used to track users for targeted advertising. That's what led Google to circumvent Apple's block in order to place a temporary third-party cookie and enable the +1 button. Google says it didn't realize that doing so would, under the rules set by Apple, open the door to DoubleClick sending more cookies, in particular the non-temporary kind that are used for ad targeting.
Even if the consequences were unintentional, it's not the least bit uncommon for bad things to happen when companies develop seemingly clever workarounds to the barriers placed in other companies' software. So I don't have a whale of a lot of sympathy for Google on this one.
Nevertheless, it's worth wondering why Apple's privacy settings should trump the preferences people set in Google. The latter's software tries to place a +1 button on ads because people who sign up for Google+ elect to be shown personalized content and ads. That's the default setting, but Google argues that people are given plenty of notice should they want to change it.
So, if you elect to be shown "personalized" ads -- i.e., targeted ones -- but you use the Safari browser, are you saying that you don't want to be shown personalized ads after all? Or were you simply unaware that Safari's default settings blocked the cookies needed to do the personalization?
Google, not too surprisingly, assumed the latter was true. In doing so, though, it overrode the preferences of people who used Safari precisely because they didn't want to be tracked by third-party cookies of any kind. Granted, some of the tracking that resulted might have been by happenstance. Rachel Whetstone, a senior vice president at Google, said the company hadn't intended to unleash full-blown tracking and targeting by DoubleClick, just the sort of personalization enabled by the +1 button. But that's what was happening, at least until the Journal called Google with its findings and Google stopped the +1 workaround.
As part of its settlement with the Federal Trade Commission over Google Buzz, Google agreed to make privacy a design principle in its new products. If that's the test, Google should start assuming that when preference settings clash, the most restrictive one should be respected unless users explicitly say otherwise. In other words, they have to use a different set of assumptions than they did when they tried to sneak their +1 button past Safari's cookie barriers.
-- Jon Healey