Google as Bogeyman

Is Google the new Microsoft? That is, is Google now the company that "people love to hate," so that - no matter what they do - there's sure to be criticism of them? Ten years or so ago Google was seen as the "white knight" that would vanquish the Microsoft dragon as a worthy successor to Apple in that role. Now, though, it appears that Apple has risen from the ashes and is the valiant warrior that the Google "dark lord" is trying to usurp. Here in the western hemisphere, the gathering of personal data in order to present ads to you which reflect your interests is considered by many to be a bad thing.

The latest round was a recent story in the Wall Street Journal purporting to show how Google had undermined and sidestepped the privacy settings on iOS devices (and computers) using Apple's Safari browser.

It would appear that there are two possibilities: 1) the Safari mechanism was flawed; or 2) Google used a loophole or "backdoor". In fact, both are true but the real culprit here may be the user, aided and abetted by the media - and Apple!

Safari is the only web browser which, by default, blocks third-party cookies. At least, they say they block them. In reality, Apple only blocks brain dead third party cookies since they very happily tell all and sundry under which conditions third party cookies may be allowed. According to Stanford University researcher Jonathan R. Mayer, in fact, Safari's cookie blocking policy is less restrictive than many competing browser vendors. Specifically:

Reading Cookies Safari allows third-party domains to read cookies.
Modifying Cookies If an HTTP request to a third-party domain includes a cookie, Safari allows the response to write cookies.
Form Submission If an HTTP request to a third-party domain is caused by the submission of an HTML form, Safari allows the response to write cookies.

Third-party cookies, by the way, are defined as those served by a domain different from the one in your browser's URL bar. So if, for example, your browser is reading from mail.google.com, then any server identified as *.google.com could place a cookie, but a server at any other URL could not. As Mayer points out, though, "Google Analytics is served from google-analytics.com, Google software libraries are hosted at googleapis.com, Google static content is at gstatic.com, and Google's advertising services are on doubleclick.net." All of these would be considered "third parties," even though all are Google owned and operated properties. In the real world, the non-digital world, no one gives a thought to a retailer, say, sharing a buyer's information with the vendor who made the product. Few, if any, would object to Best Buy telling Apple that I bought a new iPad, even though they are a "third party."

On the other hand, many of the services that Google offers its users, particularly in the realm of personalization, require that cookies be placed to identify the user, their location, their settings, etc. Many of the services we've come to rely on require that cookies be used. Google's "+1" and Facebook's "Like" buttons, which are becoming ubiquitous across the net, are third party tools yet no one seems to complain about them.

If there were an easy way to allow some third party cookies in Safari, and if Google (and others) chose to ignore that method, then there might be reason for the outcry. But Apple tells Safari users why they block these cookies by default: "Some companies track the cookies generated by the websites you visit, so they can gather and sell information about your web activity." If that's what I'm told, then I certainly wouldn't want those cookies placed on my machine! Unfortunately, while the statement is true it is very far from the entire truth. Most cookies, the very vast majority, are not used to gather data to be sold but to tailor, or personalize, the user's experience.

Rachel Whetstone, senior vice president of communications and public policy at Google, was quoted by the Washington Post: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."

Not to be outdone, Microsoft jumped on the "kick Google" bandwagon when Dean Hachamovitch, Microsoft corporate vice president of Internet Explorer, declared Google was bypassing user privacy settings in Internet Explorer, also. Perhaps true, but so were tens of thousands of other websites, all using methods that Microsoft itself painfully outlined in a Knowledge Base article (since removed, but available on the Wayback Machine).

In what appears to be the final straw, a class-action complaint has now been filed against Google for its circumvention of Safari's privacy features. The lawsuit, filed in the US District Court for Delaware, accuses Google of willfully violating of the Federal Wiretap Act, the Stored Electronic Communication Act, and the Federal Computer Fraud and Abuse Act.

It's time for a dose of reality, folks.

The internet and the content it provides costs money to produce. There are five possible ways to fund those costs:

Subscription paid by the user (popular with sports-centric sites)
Product purchase by the user (Amazon, eBay and the like)
Advertising placed by third parties (95%+ of the web)
Self-funded by web site owner (such as our own kuppingercole.com)
Funding by a donor, foundation, NGO or government body (religious and charitable sites, for example)

While there are good examples of all five, it's number 3, the advertising model, which is most prevalent at this time. Much of the advertising we see, though, is irrelevant to our circumstances and lifestyle. Some of it can be annoying, irritating and even offensive. To combat this, vendors have unleashed "ad blocking" software for our browsers which is then combated with advertisers creating different ways of launching ads in a never ending cycle. It becomes more annoying and more offensive all the time. It's a war that won't end.

Now it's possible that some people, those who are weak willed for example, prefer to have non-relevant advertising shown to them as it decreases the possibility that they might click through and - maybe - purchase something that they really don't need. Most of us, though, I'd guess would rather be shown relevant advertising, for products that we might possibly use. But in order to show us relevant advertising the vendors (or, better, the ad-placing entity such as Google's DoubleClick) need to know something about us. They could ask us what we like and don't like, and Google does this in a limited way through the Google Ads Preference Manager. But it's easier, and less intrusive, for Google to simply note where you go on the web and where you spend time. Using its knowledge of these web sites allows Google to personalize (or "tailor") the advertising you see so that it's relevant. For the full story of Google and ads, read Google's Advertising and Privacy policy.

It never ceases to amaze me that so many people confuse privacy with anonymity. It's a subject I've been writing for a dozen years, but is probably best summed up in this 2006 blog post, "Anonymity, identity - and privacy". Privacy means that only those whom I wish to know something (or who because of their role - doctor, judge, spouse - need to know something) know it. Trying to keep everyone from knowing anything about you is attempting to be anonymous - and there is no true anonymity on the internet. There really never has been nor will there ever be.

But telling people the honest truth evidently doesn't sell newspapers. So even the Wall Street Journal will resort to sensationalism - and a bit of biased reporting - to get itself talked about. And they'll be abetted by commercial enterprises (in this case, Apple and Microsoft) who see a distinct advantage in having a competitor savaged. Fortunately, I'm here to set you straight. Your comments are welcome.