Google Officially Responds to Safari-Tracking Lawsuit
Last winter, a Stanford researcher discovered Google was bypassing iPhone users’ privacy settings in the mobile Safari browser in order to serve them ads tailored to their browsing history. Even though Google apologized, paid $22.5 million in fines and chalked the whole thing up to a technical error, several people sued Google over the affair, which was consolidated into a class-action lawsuit.
Now Google is asking the court to tell those people to get lost. The search giant filed an official motion to dismiss the lawsuit this week, stating the plaintiffs’ claims “lack standing,” mainly because they suffered no demonstrable injury over the ads, and that Google never obtained anyone’s personal information via the tracking.
The case all comes down to cookies. Cookies, of course, are the snippets of code your browser uses to remember whether or not you’ve been to a site (or set of sites) before, helping to exchange things like login information. Cookies inform the site you’re browsing that you’re a returning visitor, and if it serves ads they can be tailored to your browsing history.
The thing is, ads often serve your browser their own cookies, separate from the site you’re on, in order to track you on their network. Those are what’s called third-party cookies, and since lots of people are creeped out by them (just search for “Do Not Track”), many browsers offer a way to opt out of receiving those cookies. Apple’s mobile Safari is one such browser.
Here’s where the problem began, as Google explains it: When it introduced Google+ in 2011, it also created a way for users to highlight specific ads on Google they liked. To let users do this while still remaining anonymous, Google had to create a new kind of “intermediary” cookie, which also bypassed user preferences.
However, not all of Google’s developers were up to speed on Safari’s “let ‘em all in” policy on cookies, and these new cookies use the ad-network domain. Because of that oversight, Google’s ad network suddenly had backdoor approval to put tailored ads in front of a whole slew of Google+ users who never gave that permission in the first place.
Of course the problem was spotted, Google apologized (and supposedly fixed it) and was fined a record $22.5 million by the FTC, and the lawsuits began. Users cried shenanigans, not buying that the world’s largest ad network somehow served them ads by mistake. In the lawsuit, they claim damages related to their personal information being used to add value to the ads served by Google.
Google says that’s bunk. In its motion, it (correctly) points out cookies by their nature don’t carry personal information, and that when they do things such as help a browser automatically log into a site, that’s only possible because the user had at some point in the past deliberately provided that site with the information.
The plaintiffs also claim Google benefited from serving them ads, and they should be compensated as such. Google is persuasive in its filing when it says any affected users suffered “no harm,” but the act of serving tailored ads certainly has some value, otherwise the technology wouldn't exist at all.
Is that value enough to justify real damages in a lawsuit? That’s up to the judge, and if Google fails at getting the case tossed, the world may see the first serious trial over “Do Not Track.” No word on when the judge will rule, but we’re staying tuned.
In the meantime, let us know what you think of the case in the comments. Google’s filing is below.
Now Google is asking the court to tell those people to get lost. The search giant filed an official motion to dismiss the lawsuit this week, stating the plaintiffs’ claims “lack standing,” mainly because they suffered no demonstrable injury over the ads, and that Google never obtained anyone’s personal information via the tracking.
The case all comes down to cookies. Cookies, of course, are the snippets of code your browser uses to remember whether or not you’ve been to a site (or set of sites) before, helping to exchange things like login information. Cookies inform the site you’re browsing that you’re a returning visitor, and if it serves ads they can be tailored to your browsing history.
The thing is, ads often serve your browser their own cookies, separate from the site you’re on, in order to track you on their network. Those are what’s called third-party cookies, and since lots of people are creeped out by them (just search for “Do Not Track”), many browsers offer a way to opt out of receiving those cookies. Apple’s mobile Safari is one such browser.
SEE ALSO: Google Caught Tracking Safari Users: What You Need to Know
What happened, according to Google, is that it used a common developer technique that lets it bypass those user preferences to serve cookies — even when the user has opted out – to ensure things like the Google+ “+1” buttons that appear on third-party sites still work. Now, because of the way this exception works, once any cookie from a specific domain is allowed, they’re all let in. But that’s OK since Google and its ad network use different domains.Here’s where the problem began, as Google explains it: When it introduced Google+ in 2011, it also created a way for users to highlight specific ads on Google they liked. To let users do this while still remaining anonymous, Google had to create a new kind of “intermediary” cookie, which also bypassed user preferences.
However, not all of Google’s developers were up to speed on Safari’s “let ‘em all in” policy on cookies, and these new cookies use the ad-network domain. Because of that oversight, Google’s ad network suddenly had backdoor approval to put tailored ads in front of a whole slew of Google+ users who never gave that permission in the first place.
Of course the problem was spotted, Google apologized (and supposedly fixed it) and was fined a record $22.5 million by the FTC, and the lawsuits began. Users cried shenanigans, not buying that the world’s largest ad network somehow served them ads by mistake. In the lawsuit, they claim damages related to their personal information being used to add value to the ads served by Google.
Google says that’s bunk. In its motion, it (correctly) points out cookies by their nature don’t carry personal information, and that when they do things such as help a browser automatically log into a site, that’s only possible because the user had at some point in the past deliberately provided that site with the information.
The plaintiffs also claim Google benefited from serving them ads, and they should be compensated as such. Google is persuasive in its filing when it says any affected users suffered “no harm,” but the act of serving tailored ads certainly has some value, otherwise the technology wouldn't exist at all.
Is that value enough to justify real damages in a lawsuit? That’s up to the judge, and if Google fails at getting the case tossed, the world may see the first serious trial over “Do Not Track.” No word on when the judge will rule, but we’re staying tuned.
In the meantime, let us know what you think of the case in the comments. Google’s filing is below.
Report by :
Pete Pachal
0 comments:
Post a Comment