Google violated users’ privacy on Apple’s Safari Web browser, Stanford University research found, adding to mounting criticism from consumer groups over how the search giant tracks people online.
Using its DoubleClick ad network, Google has been dodging a privacy setting in Safari, the primary Web browser on the iPhone and iPad, according to a report Friday by Stanford’s Security Lab and the Center for Internet and Society. The study named three other companies — Vibrant Media, Media Innovation Group and PointRoll — that also evaded privacy settings.
“Apple’s Safari Web browser is configured to block third-party cookies by default,” Stanford graduate student Jonathan Mayer said in the report. “Google and Vibrant Media intentionally circumvent Safari’s privacy feature.”
Google, the world’s biggest Internet-search company, has drawn regulatory scrutiny and pressure from consumer advocates for the way it handles personal information. Last year it agreed to settle claims with the Federal Trade Commission that Google used deceptive tactics and violated its own privacy policies when it introduced its Buzz social-networking service in 2010.
In the Stanford study, Mayer said Google’s software employed cookies, or small pieces of code, that can be used to follow users’ activities on the Web. Blocking them is supposed to prevent the cookies from tracking behavior. The actions potentially affected millions of users, Mayer said. Safari is the top browser for mobile devices, with 55 percent of the market, according to January data from Net Applications.
The findings of the Stanford study were reported earlier Friday by the Wall Street Journal. Reacting to the report, three lawmakers asked the FTC whether Google has violated its settlement with the agency.
“Google’s practices could have a wide sweeping impact because Safari is a major web browser used by millions of Americans,” said the letter by Reps. Edward Markey, D-Mass., Joe Barton, R-Texas, and Cliff Stearns, R-Fla. “As members of the Congressional Bi-Partisan Privacy Caucus, we are interested in any actions the FTC has taken or plans to take to investigate whether Google has violated the terms of its consent agreement.”
Google’s actions also prompted Consumer Watchdog to send a letter to the FTC and demand action against Google.
“Safari users with the browser set to block third-party cookies thought they were not being tracked,” John Simpson, privacy project director of Consumer Watchdog, said in the letter. “Nonetheless, because of an element invisible to the user, but designed to mimic a form, DoubleClick was able to set tracking cookies in an obvious violation of the set preference.”
Google has started removing the cookies from Safari browsers, Rachel Whetstone, senior vice president of communications and public policy at the Mountain View, Calif.-based company, said in an e-mailed statement.
“It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information,” she said.
Google said it began to use the functions in the Safari browser last year to enable its “+1” feature, which lets surfers easily identify content that interests them. Google created a temporary communication link between its servers and Safari’s, so the company could know whether a user had signed up for +1, she said.
“But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous — effectively creating a barrier between their personal information and the Web content they browse,” she said. “However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen.”
Tom Neumayr, a spokesman for Cupertino, Calif.-based Apple, didn’t immediately respond to a request for comment.