Google and several other advertising companies have allegedly been evading the privacy controls of Apple’s Safari browser by placing a special kind of tracking code on a handful of sites, according to new research done by Stanford grad student Jonathan Mayer.
To follow up on Mayer’s work, independent security researcher Ashkan Soltani scanned the most popular websites according to Quantcast and found that 22 of the top 100 had implemented the code on their sites while 23 of the 100 had installed it when viewed via Safari on an iPhone.
While Safari blocks most tracking by default, Google added code to its ads that mimicked users interacting with elements of a page, which overrides the no-tracking setting. To Safari, these ads appeared as invisible forms, in turn allowing Google to install a tracking cookie. Google has stressed however that these cookies “do not collect personal information.”
The code was disabled by Google shortly after they were contacted by the Wall Street Journal, which reported the findings on Friday.
In addition to Google, Vibrant Media and Media Innovation Group were all found serving similar scripts, according to Mayer’s research. Soltani also found that PointRoll Inc., a Gannett company, was using similar code on 10 of the top 100 U.S. sites he scanned.
This appears to be another bump in the road for Google in particular, which has had a tough go of it on the privacy front as of late. The company settled with the U.S. Federal Trade Commission last year, admitting it used “deceptive tactics” upon launching its Google Buzz social network. Google agreed to privacy audits every two years for 20 years following the settlement.
Last month Google announced it’d be tracking users across all of its services as of March 1, consolidating several dozen privacy agreements down to one.
For more on this, head to The Wall Street Journal.