The Wall Street Journal has caught Google using another questionable online tracking technique, one that will likely further inflame those who think the company is evil.

Larry Page

Google has been "tricking" Apple's Safari browser into letting Google monitor Apple users' web-surfing behavior, the WSJ reports--even users who want this kind of tracking to be blocked.

Google says the WSJ is "mischaracterizing" its behavior.

But Apple and advertisers are furious.

And after the WSJ brought the tactic to Google's attention, Google immediately stopped doing it.

Specifically, according to WSJ reporters Julia Angwin and Jennifer Valentino-Devries, Google found a way to drop tracking "cookies" on Safari users even when Safari was set to block cookies.

These cookies, which were invisible to users, could then be controlled by Google and used to store additional information about the users' behavior, including information like the users' Google login information.

More specifically, the "trick" Google used to fool Safari was to use ads served by Google's Doubleclick unit to make Safari think that the users were intentionally interacting with the ads. This allowed Google to drop temporary cookie on the users' computer, which then allowed Google to follow the user around the web.

The Safari hack helped Google by allowing Google to recognize Safari users who were logged into Google, which Google would otherwise not have been able to do.

Other companies have taken advantage of the same Safari loophole, including Vibrant Media and PointRoll, which are ad networks.

The WSJ took its findings to Apple and some advertisers. Some were furious.

  • "We were unaware [PointRoll ad tracking] was happening on WSJ.com and are looking into it further," a Journal spokeswoman said.
  • "We were not aware of this behavior," said Michael Balmoris, AT&T Inc. spokesman. Google's code was found on AT&T's YellowPages.com. "We would never condone it," he said.
  • An Apple official said: "We are working to put a stop" to the circumvention of Safari privacy settings.

Google, meanwhile, defended the practice by saying that they were just trying to make Safari work the way other browsers work--and provide features that signed-in Google users wanted:

"The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."

Nevertheless, Google has since stopped using the technique.

And, given the scrutiny of the company and its intentions, Google decision to use a secret "workaround" like this to circumvent Safari's privacy settings can only be characterized as idiotic.

Kudos to the WSJ for discovering and airing this one.

You can read all the details as the WSJ >