Google, which is already under FTC scrutiny for privacy issues, is now being sued for violating users’ privacy rights on Apple’s Safari web browser. On Friday it was revealed that Google and several advertising companies were evading the browser’s privacy controls by placing a special kind of tracking code on a handful of sites.
Google disabled the code after it was contacted by the Wall Street Journal – which broke the story. The code was discovered by Stanford researcher Jonathan Mayer and confirmed by security consultant Ashkan Soltani.
Google put code in its ads that mimicked users interacting with elements of a page – which overrides the browser’s no-tracking setting.
To Safari, these ads appeared as invisible forms, in turn allowing Google to install a tracking cookie. …The technique reaches far beyond those websites, however, because once the coding was activated, it could enable Google tracking across the vast majority of websites. Three other online-ad companies were found using similar techniques: Vibrant Media Inc., WPP PLC's Media Innovation Group LLC and Gannett Co.'s PointRoll Inc.
Yesterday, Microsoft accused Google of doing a similar thing to users of Internet Explorer. The software giant said Google was bypassing a company privacy standard called P3P privacy protection. The P3P standard allows Web sites to explain how they intend to use the information they collect about users. Google admitted it was using a known workaround for IE but said Microsoft’s policy is “widely non-operational.” Google said the workaround is in widespread use, citing a 2010 report that claimed more than 11,000 websites were not issuing valid P3P policies.
In the lawsuit, filed in a federal court in Delaware, attorneys for Matthew Soble said, “Google’s willful and knowing actions violated” federal wiretapping laws and other computer-related statutes.
Google was already in trouble with the government over its privacy practices. Last year, as part of a settlement with the FTC the company pledged not to "misrepresent" its privacy practices to consumers. The fine for violating the agreement is $16,000 per violation, per day.