cancel
Showing results for 
Search instead for 
Did you mean: 

Google Bypassing Privacy

Midnight_Caller
Rising Star
Posts: 4,143
Thanks: 7
Fixes: 1
Registered: 15-04-2007

Google Bypassing Privacy

Hi All
Google is back in the news all for the wrong reasons again!
[quote="The Wall Street Journal"]
Google's iPhone Tracking
Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.'s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.
The companies used special computer code that tricks Apple's Safari Web-browsing software into letting them monitor many users. Safari, the most widely used browser on mobile devices, is designed to block such tracking by default.
Read More Here

[quote="Electronic Frontier Foundation"]
Google Circumvents Safari Privacy Protections - This is Why We Need Do Not Track
Earlier today, the Wall Street Journal published evidence that Google has been circumventing the privacy settings of Safari and iPhone users, tracking them on non-Google sites despite Apple's default settings, which were intended to prevent such tracking.
This tracking, discovered by Stanford researcher Jonathan Mayer, was a technical side-effect—probably an unintended side-effect—of a system that Google built to pass social personalization information (like, “your friend Suzy +1'ed this ad about candy”) from the google.com domain to the doubleclick.net domain. Further technical explanation can be found below.
Coming on the heels of Google’s controversial decision to tear down the privacy-protective walls between some of its other services, this is bad news for the company. It’s time for Google to acknowledge that it can do a better job of respecting the privacy of Web users. One way that Google can prove itself as a good actor in the online privacy debate is by providing meaningful ways for users to limit what data Google collects about them. Specifically, it’s time that Google's third-party web servers start respecting Do Not Track requests, and time for Google to offer a built-in Do Not Track option.
Read More Here

[Edit]
Some more info at:
Safari Trackers.
[Edit] Update
[quote="The Guardian"]
Google admits tracking Safari users
Internet giant says it circumvented security settings in browser to track users on desktops and iPhones
Google has come under attack for violating users' privacy and ignoring their wishes after admitting that it intentionally circumvented security settings in Apple's Safari browser to track users on both desktop computers and iPhones.
A number of other advertisers exploited the loophole it had created to track those users too.
"Our data suggests that millions of users may have been affected," Jonathan Mayer, the independent researcher at Stanford University who discovered the workaround by the search giant, told the Guardian.
An Apple spokesman said: "We are aware that some third parties are circumventing Safari's privacy features and we are working to put a stop to it."
Read More Here
20 REPLIES
Midnight_Caller
Rising Star
Posts: 4,143
Thanks: 7
Fixes: 1
Registered: 15-04-2007

Re: Google Bypassing Privacy

Update
[quote="IEBlog"]
Google Bypassing User Privacy Settings
When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies. Below we spell out in more detail what we’ve discovered, as well as recommendations to IE users on how to protect their privacy from Google with the use of IE9's Tracking Protection feature. We’ve also contacted Google and asked them to commit to honoring P3P privacy settings for users of all browsers.
We’ve found that Google bypasses the P3P Privacy Protection feature in IE. The result is similar to the recent reports of Google’s circumvention of privacy protections in Apple’s Safari Web browser, even though the actual bypass mechanism Google uses is different.
Read More Here
VileReynard
Seasoned Pro
Posts: 10,583
Thanks: 192
Fixes: 9
Registered: 01-09-2007

Re: Google Bypassing Privacy

Is Firefox safe from Google, provided it blocks 3rd party cookies?

Midnight_Caller
Rising Star
Posts: 4,143
Thanks: 7
Fixes: 1
Registered: 15-04-2007

Re: Google Bypassing Privacy

I don't know!
Community Veteran
Posts: 38,251
Thanks: 937
Fixes: 56
Registered: 15-06-2007

Re: Google Bypassing Privacy

In the case of P3P firefox can be set to follow the same rules as IE but you need to modify the about:config file to do it
http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html
Quote
Allow cookies based on privacy (P3P) settings - this option will make Firefox automatically decide whether to accept a cookie or not based on the site's P3P privacy policy. If third-party sites (like e.g. advertising banners) want to set cookies, their privacy policies are also taken into account. To activate this preference, edit the following preferences:
network.cookie.cookieBehavior - set this preference to 3. To set the privacy level, change
network.cookie.p3plevel / network.cookie.p3p to:
0 / afafaaaa for low, 1 / ffffaaaa for medium or 2 / frfradaa for high.
Checked mine and it is set to 1 so not allowed
VileReynard
Seasoned Pro
Posts: 10,583
Thanks: 192
Fixes: 9
Registered: 01-09-2007

Re: Google Bypassing Privacy

network.cookie.cookieBehavior means
0 = All cookies are allowed. (Default)
1 = Only cookies from the originating server are allowed.
2 = No cookies are allowed.
3 = Cookies are allowed based on the cookie P3P policy
Mine is set to 1; I think that means no 3rd party cookies?
Option 3 was obviously hacked by Google.
2 = "No cookies" is too hard...

IanSn
Grafter
Posts: 492
Thanks: 5
Registered: 25-09-2011

Re: Google Bypassing Privacy

Anyone ever noticed - should you leave your firewall log visible - that Google IPs will continue to hit your system (in and out) long after you've quit the browser.
It annoys me so much I now block Google IPs until I really need them (YouTube, etc.).
I'm curious - what part of my system is Google still hitting once the browser is closed?
Same thing happens on Twitter actually, certain 217.156.*.* hits rattle on and on for 10 - 15 mins after closing the browser.
Sometimes I feel they should be paying us for the privilege of making money out of us.
If someone had given me the phone or computer for free I wouldn't complain, as it is it feels like someone snooping around in your house. (No, I've nothing to hide but... what the hell are you doing in my house!!!HuhAngry
sorry... rant over....
Midnight_Caller
Rising Star
Posts: 4,143
Thanks: 7
Fixes: 1
Registered: 15-04-2007

Re: Google Bypassing Privacy

Get a Firewall on your computer and get a Router to connect to your modem, that will block Google from hitting your pores on your computer.
IanSn
Grafter
Posts: 492
Thanks: 5
Registered: 25-09-2011

Re: Google Bypassing Privacy

Yep, use the firewall to block the IPs which use the standard port 80. Or the secure 443. Sometimes 51***
Have router.
Just wondered where these hits are going to if the browser isn't live.... and where they are coming from on the way out.
Flags are coming up as 'A', 'AF' and 'AR' - don't know what that means.
Midnight_Caller
Rising Star
Posts: 4,143
Thanks: 7
Fixes: 1
Registered: 15-04-2007

Re: Google Bypassing Privacy

Check your Firewall at Shields Up! your ports should be showing as Stealth.
IanSn
Grafter
Posts: 492
Thanks: 5
Registered: 25-09-2011

Re: Google Bypassing Privacy

Yes, I'll check that.
The firewall does show 'deny' for steath hits.
But port 80 isn't a 'stealth' port. (I think?)
How does it happen when the browser is quit though?
I always delete cookies after a session, btw. And use 'Better Privacy' to get rid of LSOs, etc.
Getting paranoid in my old age!
Midnight_Caller
Rising Star
Posts: 4,143
Thanks: 7
Fixes: 1
Registered: 15-04-2007

Re: Google Bypassing Privacy

Port 80 does not need to be open, you only need Port 80 open if you are running a web server or have a CCTV that you access online.
IanSn
Grafter
Posts: 492
Thanks: 5
Registered: 25-09-2011

Re: Google Bypassing Privacy

Just shows how much I know! I thought 80 was standard web stuff.
Although Google is still at it  Angry I just ran ShieldsUp
Results --
Cheesy
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Your system wisely remained silent in every way. Very nice.
YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Thanks for pointing that out Smiley
Whatever Google is up to after I've quit the browser I feel happy its just bouncing off the wall. Cheers!
VileReynard
Seasoned Pro
Posts: 10,583
Thanks: 192
Fixes: 9
Registered: 01-09-2007

Re: Google Bypassing Privacy

Google got your ip address when you used Google (or via their claws into other systems).
They probably cache it as it is unlikely to change often.
Any traffic they send comes out of your allowance, of course.  Cry
It would be useful if you ran a program which spoofed the address of another Google server;
That way Google could bounce traffic off of itself all day long.  Cheesy

pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: Google Bypassing Privacy

I have a firefox add on to show what is running while you browse
just three of them below