How Google Tracks Apple iPhone Users Browsing

By Cesar Ortiz

Google and other advertising companies have been following iPhone and Apple users as they browse the Web, even though Apple’s Safari Web browser is set to block such tracking by default. By default, Apple’s Safari browser accepts cookies only from sites that a user visits; these cookies can help the site retain logins or other information. Safari generally blocks cookies that come from elsewhere, but Google, Vibrant, MIG, and PointRoll circumvented Safari cookie blocking, according to tweets by Stanford researcher Jonathan Mayer and his subsequent Wall Street Journal article, and to related research done by the Wall Street Journal Staff.

When a user “googles” contents related to sites that have Google generated advertising in the web and clicks for anything related in the search engine results, it starts a user tracking sequence. As long as a user clicks in the results for any reason, Google detects the clicks using their code embedded in their “+1” button in the browser.

In software development terminology, the word container is used to describe any component that can contain other components inside.  Examples of containers include Java applets, frames and windows. Some are visible, others are not. In our scenario it is a frame with an invisible form to be filled out. Google's invisible container is called “iframe” (InLine FRAME).

This iframe structure is very common in the industry and allows content from one web site to be embedded into another. As a general rule iframes are visible windows or ads. As we have explained before, In Google’s scenario iframe is created as an invisible container with a “form to be filled out”. The invisible iframe that was received in the user’s computers sent a flag to Google that identified the user as an Apple Safari user in a PC, laptop, iPhone or iPad Touch. This is not usual. When someone wants you to fill a form, it is sent as a visible form, of course. But this technique tricked Safari.

When Google received the ID flag identifying Safari as the browser, it sent the invisible form to the user device. The user did not see the form, let alone fill it out, it was blank anyway, but Google code sent the blank invisible form to the user device Safari browser nevertheless. Once the form was sent, Safari behaved as though the user had filled something out intentionally, and the browser allowed Google to put a cookie on the user’s machine. One cookie, in invisible form was sent back blank and the other invisible cookie form had user traffic data capture code (not personal data). The cookies were temporary; the blank one was set to expire in 12 hours, and the other expired in 24 hours. The end result is that users wind up visiting sites that they did not selected.

Google’s Rachel Whetstone said the temporary cookie served to create a “temporary communication link between Safari browsers and Google’s servers.” She said “the goal was to ensure that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between a user’s personal information and the web content they browse”. Google said the company tried to design the +1 ad system to protect people’s privacy and did not anticipate that it would enable tracking cookies to be placed on user’s computers.

An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.” An update to Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update.

Facebook Feud Takes Tragic Turn

By Cesar Ortiz

It was a matter of time, now we are facing a double murder and two detained suspects. Although this is not the first time that people have been killed with events regarding social networks, this is a flag that sour events involving social media are escalating and that we have to take the matter more seriously as a society and as parents. In this instance two suspects have been charged with the killing of two victims. The motive? Removing a person from the facebook friend list.

According to the Johnson City Press, in Mountain City, Tennessee a father who was upset after a Tennessee couple deleted his adult daughter as a friend on Facebook has been charged in the shooting deaths of the couple, authorities said. The victims had complained to police that Marvin's Potter's daughter was harassing them after they deleted her as a friend on the social networking site, Johnson County Sheriff Mike Reece stated. Potter, 60, has been charged with two counts of first-degree murder in last week's slayings of Billy Payne Jr. and his girlfriend, Billie Jean Hayworth. The couple was shot to death in their Mountain City home in the far northeast corner of the state.

Facebook does not issue a direct notification message that someone has removed you from his or her friend list but provides, of course, means for a facebook user to know who is in the user friends list or that someone had made a change (if you have the option enabled). Normally, if we are removed from a facebook friend list we take the removal as an action taken by the account holder exercising his or her privilege. That is the sensible and logical way to take it. The reasoning being, is that if I or my relative was removed, the user must have had some valid reason for the removal. It is the user facebook account after all. The reasoning is that if we or a relative are removed from a facebook friends list, the person that removed us or a relative will be missing all the attributes we, a relative or a friend have to offer to social media and to the specific news feed.

This sad event must serve a warning that we have to be more sensitive to our peers and close relatives concern that someone has done a detrimental action affecting their lives using social media. We have to project that Internet Social Media is just another form of communications like newspapers, radio or TV and as such, people have the right to express themselves, even if they are wrong. The event teaches us that we have to dig deeper into the effects of social media related to human nature and conduct. It also teaches us how variable the values are in our society.

Get 1 F.R.E.E. Walgreens Gift Card! (limited time only) ” IS A VERY SERIOUS facebook CRIMINAL SCAM

By Cesar Ortiz
Thousands of facebook users are receiving this message on their message post. This message is originated by one or more of their own friends that felt into the trap of the scam and will send them a copy of the message unwillingly. In the scam, users will receive a very, very professional looking post from a friend that claims to offer the certificate in a very professional looking Walgreen’s logo message box that requires users, as the first step in order to get the certificate, to “click Post to Profile” bottom to get the certificate. Please assume that you are the victim for clarity exposure purposes. The moment you click to the blue “Post to Profile” button, you will be sending the scam to all your friends in your facebook account. The scam was reported on the Hoax Slayer Web Site.

In our own tests, in the second step of the scam, in what the criminals call the “last step” you are then asked to “like” the post. You are then presented with a very real looking offer congratulating you and advising that you qualify for “the $50 Walgreens Gift card” and in order to claim the certificate you are asked to enter YOUR E-MAIL ADDRESS and the click the red “CLAIM NOW” button.

The script then changes and now you are required to, as a requirement to get the certificate, to complete a survey and a total of four sponsor offers. Let’s say that up to now, this portion of the scam have been able to get your e-mail so far. But now things gets worse, now the hackers are requiring that you provide your NAME, ADDRESS, PHONE NUMBER and DATE of BIRTH in order to get the Gift Card. Needless to say you will never receive any Walgreen’s $50 dollars Gift Card. The facebook security group is busy blocking the URL’s, but, the scammers are also busy switching to other URL’s (Internet addresses) to avoid blocking.

This is a VERY SERIOUS CRIMINAL hack. Users who fall into this trap are in serious problems and should do the following:
-Remove the post from your profile news feed, if you move the mouse to the right corner of the first line of the message, an “X” will show up, click on that “X” and delete the post, .. But first report to facebbok using the “report option” that shows up, and then, remove the post.
-Notify all your friends that you sent them the post unwillingly and help them remove it from their profile.
-Subscribe to one of the identity theft alert sites.
-Notify your phone provider.
-If in the USA, report the incident to the FBI and other US Agencies as a group by going to:
http://www.ic3.gov/complaint/default.aspx