To get around Safari’s default blocking, Google exploited a loophole in the browser’s privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.
This is downright shameful behavior. It isn’t just Google doing this, either. But I expected better from Google. I used to really like the company, but in the last couple years many of their moves have left me considering closing off my account.
Thankfully, this loophole is already patched in Webkit (by two Google engineers, no less) and should make it’s way to a shipping version of Safari soon, according to a companion piece by the WSJ:
An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.”
An update to the software that underlies Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update. The people who handled the proposed change, according to software documents: two engineers at Google.