Google caught overriding Safari users’ privacy settings

User privacy has been a hot button issue over the past few months thanks to high profile scandals like the CarrierIQ fallout, and the more recent Path debacle. And now it looks like we can add Google to the list of violators.

In a recent investigative report, The Wall Street Journal claims that the search giant has been intentionally overriding the privacy settings of both desktop and iOS Safari users to better track their web browsing activity…

The article says that Google, along with several other smaller advertising networks, is guilty of executing code that tricks Safari into thinking its web tracking is user-approved. The code was discovered by Jonathan Mayer, a Stanford researcher, and confirmed by the Journal’s technical adviser.

“The companies used special computer code that tricks Apple’s Safari Web-browsing software into letting them monitor many users. Safari, the most widely used browser on mobile devices, is designed to block such tracking by default…

…Ashkan Soltani [a technical adviser to the Journal] found that ads on 22 of the top 100 websites installed the Google tracking code on a test computer, and ads on 23 sites installed it on an iPhone browser. The technique reaches far beyond those websites, however, because once the coding was activated, it would enable Google tracking across the vast majority of websites.”

Does Google’s unauthorized web tracking put anyone in danger? No. But is it wrong? Absolutely. And even Google knows it. The WSJ says that after it contacted Google for a comment on the story, the Mountain View company disabled the code.

“In Google’s case, the findings appeared to contradict some of Google’s own instructions to Safari users on how to avoid tracking. Until recently, one Google site told Safari users they could rely on Safari’s privacy settings to prevent tracking by Google. Google removed that language from the site Tuesday night.”

Wow. We’re not sure what to make of all of this. It sounds like with the tracking code disabled, the issue is resolved. But we’re not sure Google is going to get off that easy. And they probably shouldn’t. Should they?

How do you feel about your web activity being secretly tracked?