If you plug the phrase remove tracking cookies into Google Search, a post I wrote nearly seven years ago comes up as one of the top results.
That 2005 post, titled How to completely eliminate tracking cookies, is woefully out of date. (How outdated is it? It contains instructions for Firefox 1.0.)
And yet that post is still one of the most popular I’ve ever written.
The gist of those instructions, which I have also included in every Windows book I have written for the past decade, is the recommendation that Internet users allow first-party cookies and block third-party cookies, making exceptions where necessary. This is an industry-standard, well-known method for expressing your privacy preferences, and it has worked for years and years.
The fact that so many people search for and find this page is a testament to the desire of so many people to have some control over their online privacy. They believe—rightly, in my opinion—that they should have a say in whether and how they are tracked as they move around the Internet.
And yet that task has become more difficult in recent years, when it should be getting easier.
Today’s case in point is Google’s transparent attempt to do an end run around user privacy concerns for customers who browse the web on Apple-branded devices running iOS and mobile Safari.
You can read all about the issue in this post by Peter Eckersley, Rainey Reitman, and Lee Tien at the Electronic Frontier Foundation:
Google Circumvents Safari Privacy Protections – This is Why We Need Do Not Track
The Safari and iOS browsers have a useful privacy feature: they automatically reject third-party tracking cookies unless a user actively interacts with a widget or clicks on the third party’s ads. This is a big step up from the default settings on most browsers. Advertisers typically use tracking cookies to create an invisible record of your online browsing habits, and large advertisers can track you across huge swaths of the web. Safari offers some protection against this type of passive tracking: it specifically prevents a site from setting cookies unless those cookies are from a domain name that you have visited or interacted with directly.
Unfortunately, that had the side effect of completely undoing all of Safari’s protections against doubleclick.net. It caused Safari to allow other DoubleClick cookies, and especially the main "id" tracking cookie that Safari normally blocked. Like a balloon popped with a pinprick, all of Safari’s protections against DoubleClick were gone.
In other words, this was deliberate.
And as if to make itself look even more guilty, Google has tried to erase some incriminating language it posted online. As CNET’s Elinor Mills notes:
Meanwhile, Google’s Chrome team offers an Advertising Cookie Opt-Out Plugin that lets people do exactly what Safari’s default setting provides – block third-party cookies. Oddly, the instructions for confirming the default settings in Safari on that page were removed as the Wall Street Journal was preparing its news report. This is at the core of a Consumer Watchdog complaint filed with the FTC today that accuses Google of unfair and deceptive practices.
This is why major advertising and tracking companies—and Google is the biggest of them all—cannot and should not be trusted to regulate themselves.
Now, if you’ll excuse me, I have an old blog post to update.
Update: Google is employing a different, equally underhanded tactic to work around default privacy protections in Internet Explorer as well. I have removed Google’s tracking pixel from this site.
7 thoughts on “Google forces tracking cookies down users’ throats”
I was interested to see Google say that they were following Apple’s guidelines for achieving what they wanted and didn’t understand what the impact would be. That’s a worrying level of ignorance about what your tracking code does…
Indeed, Mary. Perhaps they need to adjust their development processes accordingly, to emphasize security.
Neat way to block tracking cookies available here:
Works like a charm and uses little resources.
Does anyone have a good article on what the negative affects of tracking are? A real article, not just a tin foil hat garbage article?
I’m working on just such an article, Scott.
@Scott : Some negative effects are not being able to comment on certain sites. On other sites , not been able to see videos. I’m sure Ed has a lot more info about this. I do not agree with Leo Laporte – the Apple Guy from Twit – that we all pay a price for free content..
There are some nice browsers extensions like Ghostery. But i’ve noticed it does not work 100% in Chrome. As for now : Firefox is the browser with the best extensions. IE does stop tracking but it’s all rather complicated for the ordinary user.
Where can I see evidence of the google tracking when I use IE to search on google. I’m looking in my temp internet files and also run an httpwatch trace on the browser. I can’t see any evidence of doubleclick.net in the trace and can’t identify said cookie in the temp files.