Google Facing New Privacy Probe Over Safari Incident 134
An anonymous reader writes "Last month we discussed news of a controversial method Google was using to bypass Safari's privacy settings in order to enable certain features for users who were logged in to Google. Now, U.S. regulators are investigating Google's actions to see whether the search giant has violated the privacy protection agreement they signed last year that includes a clause prohibiting Google from misrepresenting how users control the collection of their data. 'The fine for violating the agreement is $16,000 per violation, per day. Because millions of people were affected, any fine could add up quickly, depending on how it is calculated. ... A group of state attorneys general, including New York's Eric Schneiderman and Connecticut's George Jepsen, are also investigating Google's circumvention of Safari's privacy settings, according to people familiar with the investigation. State attorneys general can have the ability to levy fines of up to $5,000 per violation.' European regulators are adding the Safari investigation to their review of Google's consolidated privacy policy."
Re:Bug? (Score:5, Informative)
It is a bug, and also seems very likely to be a (granted rather trivial) exploit. Google seems to be the primary target here, even though multiple sites have been identified using the workaround [webpolicy.org], because of previous agreements it has made regarding privacy.
What Google did (Score:5, Informative)
Google created an invisible form on a web page and then simulated a click on to bypass Safari's privacy controls. That didn't happen by accident. That's hostile code.
Safari treated a "submit" action as permission for the site to plant a cookie. It's hard to stop that in the browser without breaking some legitimate forms. As a result of this, all web forms which want to trigger a cookie event may have to have explicit "submit" buttons.
Re:Look at the monkey! (Score:5, Informative)
The thing people are continuously forgetting about all of this is that the bug in question was in the open source Webkit, which both Safari and Chrome are based on, and Google had already submitted a patch to fix the bug before any of this even became an issue.
This all seems a lot more about this [falkvinge.net] than any sort of legitimate complaint the government has about what Google is doing. If the government had literally done nothing, the problem had already been solved before they became involved -- but now we have a big dog and pony show. Cui bono? Microsoft.
Re:Investigate Apple (Score:2, Informative)
restrictions Apple claimed to have placed on their actions within the browser.
The user never decided anything. That's really half the problem: Apple created a stupid default that would have impaired significant functionality, and for the users who don't understand how to or are afraid to change browser settings, this was the only way to make that user-desired functionality actually work.
This would be a completely different thing if the default had been what it is in every other browser and it was being circumvented when the user had explicitly changed it, because in that case you have proof that the user knows how to change it and made a conscious decision. As it is they're just working around a bug in Safari that would otherwise break the functionality that users actually want.
Incidentally, do you see the damned-if-you-do-damned-if-you-don't problem here? Suppose they hadn't done this. So the functionality is broken in Safari, and for users who don't understand why or how to fix it, the easiest solution is to download Chrome. And the next thing you know they've got the antitrust authorities breathing down their necks because their service doesn't work with their competitor's web browser, even though there is a "standard" method of fixing it (namely the one they actually used) which is employed by various other similar websites.
Re:Alert W3C posting exploit code! (Score:2, Informative)