Posts tagged as:

Did Google Defeat People’s Privacy Preferences?

by on February 19, 2012 · 3 comments

Given the importance of privacy self-help—that is, setting your browser to control what it reveals about you when you surf the Web—I was concerned to hear that Google, among others, had circumvented third-party cookie blocking that is a default setting of Apple’s Safari browser. Jonathan Mayer of Stanford’s Center for Internet and Society published a thorough and highly technical explanation of the problem on Thursday.

The story starts with a flaw in Safari’s cookie blocking. Mayer notes Safari’s treatment of third-party cookies:

Reading Cookies Safari allows third-party domains to read cookies.
Modifying Cookies If an HTTP request to a third-party domain includes a cookie, Safari allows the response to write cookies.
Form Submission If an HTTP request to a third-party domain is caused by the submission of an HTML form, Safari allows the response to write cookies. This component of the policy was removed from WebKit, the open source browser behind Safari, seven months ago by Google engineers. Their rationale is not public; the bug is marked as a security problem. The change has not yet landed in Safari.

Mayer says Google was exploiting this yet-to-be-closed loophole to install third-party cookies, the domain of which Safari would then allow to write cookies. After describing “(relatively) straightforward” cookie synching, Mayer says:

But we noticed a special response at the last step for Safari browsers. … Instead of responding with the “_drt_” cookie, the server sends back a page that includes a form and JavaScript to submit the form (using POST) to its own URL.

Third-party cookie blocking evaded, and users’ preferences frustrated.

Ars Technica has published Google’s response, which doesn’t seem to have gone up on any of its blogs, in full. Google says they created this functionality to deliver better services to their users, but doing so inadvertently allowed Google advertising cookies to be set on the browser.

I don’t know that I’m technically sophisticated enough to register a firm judgement, but it looks to me like Google was faced with an interesting dilemma: They had visitors who were signed in to their service and who had opted to see personalized ads and other content, such as ‘+1’s but those same visitors had set their browsers contrary to those desires. Google chose the route better for Google, defeating the browser-set preferences. That, I think, was a mistake.

I wonder if there isn’t some Occam’s Razor that a Google engineer might have applied at some point in this process, thinking, “Golly, we are really going to great lengths to get around a browser setting. Are we sure we should be doing this?” Maybe it would have been more straightforward to highlight to Safari users that their settings were reducing their enjoyment of Google’s services and ads, and to invite those users to change their settings. This, and urging Apple to fix the browser, would have been more consistent with the company’s credo of non-evil.

Now, to the ideological stuff, of which I can think of two items:

1) There is a battle for control of earth out there—well, a battle over whether third-party cookie blocking is good or bad. Have your way advocates. I think the consuming public—that is, the market—should decide.

2) There is a battle to make a federal case out of every privacy transgression. An advocacy group called Consumer Watchdog (which has been prone to privacy buffoonery in the past) hustled out a complaint to the Federal Trade Commission. I think the injured parties should be compensated in full for their loss and suffering, of which there wasn’t any. De minimis non curat lex, so this is actually just a learning opportunity for Google, for browser authors, and for the public.

Kudos and thanks are due to Jonathan Mayer, as well as ★★★★★ and Ashkan Soltani, for exposing this issue.

SHARE: 3 comments

European Regulators Think Consumers Too Stupid to Know How to Download a Different Browser

by on June 11, 2009 · 30 comments

According to Ina Fried of CNet News, Microsoft plans to remove its Internet Explorer web browser from the new versions of Windows 7 when it ships it in Europe later this year. [Additional coverage at ZDNet.]  MS is apparently doing so to assuage the concerns of EU antitrust officials, who have been obsessed with the company for the past decade. [Update: Here is MS official announcement.]

Apparently, European officials think their citizens are too stupid to find an alternative browser.  I mean, seriously, how hard is it?  Does the competition lack name recognition such that consumers can’t find them?  Hmmm… Google and Apple seem to be pretty well known brands, and their browsers (Chrome & Safari) are pretty easy to find.  And then there’s Mozilla’s Firefox browser (my PC favorite) and Opera (my mobile phone favorite), which are outstanding browsers. [Incidentally, Firefox already has 31% share of the European market.]

OK, OK, the regulators might say, but these competitors are just too expensive!  Uh, no, wait… every one of them is free. So, strike that theory.

Well, the regulators need another theory then. How about illegal tying of products and services! You know, there’s only certain sites or services you can use with IE, right?   Nope, that theory doesn’t work either.  And does anyone believe that MS could really tie OS functionality to the use of IE? How long would the world tolerate Outlook e-mails or Word documents that only allowed linking to URLs via IE??  Come on.

OK, any other theories left? Not that I can think of. Which brings us back to the only theory the Euro-crats have left: people are sheep. They’ll take whatever MS bundles into the OS free, you see, and they will use it more than they use competing products.  Thus, we regulators have to save them from their own stupidity! The masses just don’t know what’s good for them!  These free, integrated services are harming them! And, therefore, the only remaining solution is to kill innovation by crippling functionality and removing the free offering. That’s pro-consumer! … or so say the European antitrust bureaucrats.

Meanwhile, back in the real world, a whole lotta innovation continues to take place. But shhhh.. don’t tell the Euro-crats. They need a company to pick on. Welcome to the Theater of the Techno-Absurd.

SHARE: 30 comments

Privacy Solutions (Part 4): Firefox Privacy Features

by on March 16, 2009 · 631 comments

Firefox logoAs noted in the first installment of our “Privacy Solution Series,” we are outlining various user-empowerment or user “self-help” tools that allow Internet users to better protect their privacy online-and especially to defeat tracking for online behavioral advertising purposes. These tools and methods form an important part of a layered approach that we believe offers an effective alternative to government-mandated regulation of online privacy.

In the last installment, we covered the privacy features embedded in Microsoft’s Internet Explorer (IE) 8. This installment explores the privacy features in the Mozilla Foundation’s Firefox 3, both the current 3.0.7 version and the second beta for the next release, 3.5 (NOTE – The name for the next version of Firefox was just changed from 3.1 to 3.5 to reflect the large number of changes, but the beta is still named 3.1 Beta 2). We’ll make it clear which features are new to 3.1/3.5 and those which are shared with 3.0.7. Future installments will cover Google’s Chrome 1.0, Apple’s Safari 4, and some of the more useful privacy plug-ins for browsers . The availability and popularity of privacy plug-ins for Firefox such as AdBlock (which we discussed here), NoScript and Tor significantly augments the privacy management capabilities of Firefox beyond the capability currently baked into the browser.  In evaluating the Web browsers, we examine:

(1) cookie management; (2) private browsing; and (3) other privacy features

Continue reading →

SHARE: 631 comments

Privacy Solutions (Part 3): Internet Explorer Privacy Features

by on March 6, 2009 · 615 comments

By Adam Thierer, Berin Szoka, & Adam Marcus

IE logoAs noted in the first installment of our “Privacy Solution Series,” we are outlining various user-empowerment or user “self-help” tools that allow Internet users to better protect their privacy online-and especially to defeat tracking for online behavioral advertising purposes.  These tools and methods form an important part of a layered approach that we believe offers an effective alternative to government-mandated regulation of online privacy.

In some of the upcoming installments we will be exploring the privacy controls embedded in the major web browsers consumers use today: Microsoft’s Internet Explorer (IE) 8, the Mozilla Foundation’s Firefox 3, Google’s Chrome 1.0, and Apple’s Safari 4. In evaluating these browsers, we will examine three types of privacy features:

(1) cookie management controls; (2) private browsing; and (3) other privacy features

We will first be focusing on the default features and functions embedded in the browsers. We plan to do subsequent installments on the various downloadable “add-ons” available for browsers, as we already did for AdBlock Plus in the second installment of this series. Continue reading →

SHARE: 615 comments

IE’s Browser Market Share Down by 8-10% in 2008

by on January 5, 2009 · 9 comments

Microsoft’s share of the browser market across all versions of Internet Explorer has dropped, by one estimate, dropped from 78.58%  in December 2007 to 68.15% in December 2008 (or by just under 8% in another estimate).

[IE’s] share dropped from 69.77% in November to 68.15% in December. [During the same period,] Firefox gained more than half a point and ended up at 21.34%, Safari approaches the [10%] hurdle with 7.93% and Chrome came in at 1.04%, the first time Google was able to cross the 1% mark.

This is particularly interesting: 

Since IE6 is used primarily within corporations, its market share is much higher during the week than it is on weekends. As a result, all other browsers gain on weekends and especially during a holiday. Because of that circumstance, Net Applications noted that the December numbers should be taken with a grain of salt. However, it is worth the note that IE6 achieved … market share numbers of about 28% during the week and about 21% on weekends in early 2008. In December, these numbers were down to about 20% during the week and 15% on weekends.    

So, Microsoft still has an established base among corporate users, where IT administrators  generally prevent employees from installing new applications (including browsers) and the sysadmins often don’t roll out alternative browsers across a corporate network for any one of several possible reasons, including:

  • They just don’t want to bother having to install, regularly upgrade and support another piece of software;
  • They may overestimate the security vulnerability of such alternative browsers compared to Internet Explorer;
  • The crustier sysadmins may not realize that today’s browsers are not only free for individual users, but also for corporate users–unlike the old Netscape Navigator; and
  • Corporate intranets may be designed for IE, in which case rolling out an alternative browser might cause confusion among less tech-savvy employees.

Microsoft may still have an advantage that could be considered “unfair,” but so what?   Continue reading →

SHARE: 9 comments

Googlephobia: Part 5 – Google at Ten & Its Competition

by on September 11, 2008 · 0 comments

By Berin Szoka & Adam Thierer

As we noted in our intro to this ongoing series, Google’s tenth anniversary has passed with Googlephobia reaching new heights of hysteria.

But is Google really too big and dangerous, or are people just too lazy to find other alternatives to each of the wonderful services that Google offers?  If one is truly paranoid about the firm’s supposed dominance, it doesn’t take much effort to live a Google-free life. To prove it, we set out to find alternatives to each of the services that Google provides.  After awhile, we got a little tired of compiling alternatives in each category and just provided links for the additional choices at your disposal.  It’s tough to see what the fuss is about with the cornucopia of choices at our disposal.  If you don’t like Google, then just don’t use it or any of its services.  The choice is yours.

In each case, we’ve listed Google first, even though Google may not be the market leader ( e.g., Google’s relatively unknown social network Orkut).

Search Engines

Continue reading →

SHARE: 0 comments