Google has been actively circumventing the privacy settings of desktop and iOS Safari users, according to an investigation by the Wall Street Journal. The paper claims that even though Safari’s default setting blocks cookies from third parties, which are often used to track users' habits across the Web, Google and advertising companies Media Innovation Group, Vibrant Media, and Gannett PointRoll fooled Apple's browser into thinking "a person was submitting an invisible form to Google," thus letting the Internet giant install a tracking cookie on users' iPhones, iPads and PCs without consent.
Safari's default privacy settings only allow sites that the user is directly interacting with to save a cookie. However, Google contends that the browser also enables many web features for its users that rely on third parties and third-party cookies, such as "Like" buttons. The company said it used the workaround to attach a temporary cookie that would check if the user was signed-in to one of its services, and if so give them the ability to use the "+1" button and serve personalized ads to those who have opted for this program. Google accused the Journal of mischaracterizing what happened and stressed that the cookies did not collect personal information.
They did admit that other Google advertising cookies were being indadvertedly attached to users' machines due to a functionality within Safari, and said that upon finding out about it they have now started removing advertising cookies from the browser.
What they didn't mention is that in its own online privacy guide, Google represented to Safari users that they did not need to do anything to opt out of its advertising cookies because "Safari is set by default to block all third-party cookies. If you have not changed those settings, this option effectively accomplishes the same thing." The company has since removed that wording from its site.
That little fact doesn't paint a good picture for Google, which is already under government scrutiny regarding its privacy policies. Last year the company settled with the US Federal Trade Commission, agreeing not to "misrepresent" privacy practices to customers or pay a fine of $16,000 per violation per day.