Google tricks iOS Safari into tracking you

Google and other online advertising companies like Vibrant Media, Media Innovation Group, and PointRoll, are using a flaw in Safari on iOS to track you despite your privacy settings.

iOS Safari is set by default to reject tracking cookies from 3rd party websites. That means that unless you are directly and intentionally interacting with a site it should not be able to cookie and track you. Specifically that is intended to prevent tracking by advertisers displaying banner ads on websites.

The hack is that these advertisers use a script within the website to cause submit an invisible web form to the advertising website, which looks to Safari like you directly interacted with that site and so allows the site to send a cookie. Another flaw in Safari causes those cookies to be returned to the 3rd party sites once they have been set.

Apple is saying that they will address the issue. Google is blaming Apple for breaking with web standards (even though almost all browsers support blocking 3rd party cookies iOS Safari is unusual in making this the default).

My suggestion:

  1. On your iOS device (iPhone, iPad, iPod Touch) go to “Settings”, select “Safari”, scroll down and “Clear Cookies and Data”. Do this frequently.
  2. Don’t log into Google or other social media sites through the browser, only use the dedicated apps.
  3. Use those social media apps to “like” or “+1″ content, rather than doing so in the browser.
  4. Protect your IP address with a tool like Anonymizer Universal so these sites can’t just use your IP address in place of cookies to track you when you are at home or work on a WiFi connection with a long term IP address.

The WSJ had the first article I saw on this, but it is paywalled.

9 to 5 Mac has a nice article on it.

John Battelle’s searchblog tries to look at this issue from both sides.

The Privacy Blog

Leave a Response