Daring Fireball: Cookies and Privacy
A week ago, John Battelle wrote a curious response to this Wall Street Journal report about Google circumventing Safari’s (and, notably, Mobile Safari’s) default setting only to accept cookies from visited websites.
All major browsers give the user control over cookie permissions. Usually, with three options:
Accept cookies from anywhere (i.e., allow third-party cookies)
Accept cookies only from visited websites (disallow third-party cookies)
Don’t accept any cookies at all
The difference with Safari is in the default for this setting. Most major browsers default to the first option, allowing all cookies. Safari and Mobile Safari default to the second, allowing only first-party cookies.
What the WSJ discovered is that Google (and a few other ad networks) found a way to store third-party cookies in Safari and Mobile Safari even when the option was set only to accept cookies from visited websites, as it is by default.
Read it all if you are interested. The reason that Google is getting heat over this is because they specifically wrote code to circumvent Safari and Mobile Safari’s default setting of disallowing third party cookies so that they could track users across websites. That should not have happened. That is Google at it’s worst.