Google caught bypassing Safari privacy feature, says it was an accident, FTC called.

I guess this is one that Google would like chalked up in the ‘oopps’ column but they been caught bypassing Apple’s Safari browser’s privacy feature that blocks third-party cookies by default.

Jonathan Mayer, a Stanford grad student, outlined this action in a study that showed Google’s method of bypassing Safari’s default setting works across all of Apple’s hardware where Safari is installed on: iPhones, iPads, iPod Touch, and desktop computers.

After being contacted by the Wall Street Journal, who first ran the story, Google has said that they have disabled the code that allowed for tracking cookies to be installed on Safari and that the action was unintentional.

The code that was disabled was part of the program that Google uses to pale its ‘+1’ button in advertisements which is was able to do because of a loophole in the way Safari deals with cookies that come from elsewhere – like advertising networks. That loophole is centered around your interaction with an advertisement that allows a cookie to be set even if you aren’t really visiting that site.

While the Consumer Watchdog advocacy group has called on the FTC to investigate the matter Google says that the whole thing is an accident and tries to shift the blame to how Safari functions. Here is Google’s full statement on the matter courtesy of Ars Technica:

“The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content–such as the ability to ‘+1’ things that interest them.

To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous—effectively creating a barrier between their personal information and the web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.

Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google’s Ads Preferences Manager.”

while Google still has to deal with the FTC complaint against it the company did note that two Google engineers have prepared an update to WebKit, the engine behind Safari, that closes the loophole. Apple has also said it is aware of the circumventing being done by third-parties and are working on a fix for it.