Friday, February 17, 2012

How Google Tracks Apple iPhone Users Browsing

By Cesar Ortiz
Google and other advertising companies have been following iPhone and Apple users as they browse the Web, even though Apple’s Safari Web browser is set to block such tracking by default. By default, Apple’s Safari browser accepts cookies only from sites that a user visits; these cookies can help the site retain logins or other information. Safari generally blocks cookies that come from elsewhere, but Google, Vibrant, MIG, and PointRoll circumvented Safari cookie blocking, according to tweets by Stanford researcher Jonathan Mayer and his subsequent Wall Street Journal article, and to related research done by the Wall Street Journal Staff.

When a user “googles” contents related to sites that have Google generated advertising in the web and clicks for anything related in the search engine results, it starts a user tracking sequence. As long as a user clicks in the results for any reason, Google detects the clicks using their code embedded in their “+1” button in the browser.


In software development terminology, the word container is used to describe any component that can contain other components inside.  Examples of containers include Java applets, frames and windows. Some are visible, others are not. In our scenario it is a frame with an invisible form to be filled out. Google's invisible container is called “iframe” (InLine FRAME).


This iframe structure is very common in the industry and allows content from one web site to be embedded into another. As a general rule iframes are visible windows or ads. As we have explained before, In Google’s scenario iframe is created as an invisible container with a “form to be filled out”. The invisible iframe that was received in the user’s computers sent a flag to Google that identified the user as an Apple Safari user in a PC, laptop, iPhone or iPad Touch. This is not usual. When someone wants you to fill a form, it is sent as a visible form, of course. But this technique tricked Safari.


When Google received the ID flag identifying Safari as the browser, it sent the invisible form to the user device. The user did not see the form, let alone fill it out, it was blank anyway, but Google code sent the blank invisible form to the user device Safari browser nevertheless. Once the form was sent, Safari behaved as though the user had filled something out intentionally, and the browser allowed Google to put a cookie on the user’s machine. One cookie, in invisible form was sent back blank and the other invisible cookie form had user traffic data capture code (not personal data). The cookies were temporary; the blank one was set to expire in 12 hours, and the other expired in 24 hours. The end result is that users wind up visiting sites that they did not selected.


Google’s Rachel Whetstone said the temporary cookie served to create a “temporary communication link between Safari browsers and Google’s servers.” She said “the goal was to ensure that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between a user’s personal information and the web content they browse”. Google said the company tried to design the +1 ad system to protect people’s privacy and did not anticipate that it would enable tracking cookies to be placed on user’s computers.


An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.” An update to Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update.

16 comments:

tegel outlet said...

Wonderful post Thanks for sharing

Restaurant Brugge said...

thanks 4 sharing this post with us

john cena said...

Restaurant Bruges

awesome and really a fantastic post

john cena said...

Silver Jewelry Jaipur
fantastic post nice words

john cena said...

finance managment tips
nice and really great words fun and amazing one

property dealer in delhi said...

nice post

JewelleryDesignServices Rhinojewelcaddesignmatrix said...

Nice Post.

I'm Seshu Gopal Vundavalli, chennai India author of http://rhinocadjewelrydesignservices.blogspot.in/

Sir ackent said...

I would be flattened if all websites gave articles like that.
Apple iPhone 4 price

Cm punk said...

I would be flattened if all websites gave articles like that.
iphone 5 parts

Andrew hall said...

I have been intelligent for hours and I haven't gone through such awesome stuff.
dui

Brain Lara said...

I guess I have selected a mind blowing and interesting blog.
medical malpractice attorneys in Florida

buy saheli contraceptive pill said...

Really interesting details shared this post and thanks

Sir sheamus said...

I guess I have selected a mind blowing and interesting blog.
dui vs. dwi

Sir Thom said...

Hi to everybody, here everyone is sharing such knowledge, so it’s fastidious to see this site, and I used to visit this blog daily.visitor counter

Sir ackent said...

You have shared the best blog. This is what I really need immediately.ckls

Sam Walton said...

Such a wonderful blog...and information security courses
provide the great information that we require...
Thanks for sharing..!!!!