Cookies and privacy, Google and Safari

“Web cookies are small bits of saved data that websites can store in your browser,” John Gruber writes for Daring Fireball. “Cookies are restricted by domain; if stores a cookie in your browser, the only website your browser sends that cookie back to is”

“But, by default, most desktop web browsers allow ‘third-party’ cookies,” Gruber explains. “That means if a page on loads JavaScript from a different domain, that JavaScript is able to use cookies too. One common use is by ad networks; an ad network can set a cookie and then access that same cookie from any website that uses the same ad network.”

Gruber writes, “Google makes use of such cookies to display its ads. Ad networks that use cookies in this manner do so in order to track users across websites.”

All major browsers give the user control over cookie permissions. Usually, with three options:

• Accept cookies from anywhere (i.e., allow third-party cookies)
• Accept cookies only from visited websites (disallow third-party cookies)
• Don’t accept any cookies at all

Gruber explains, “The difference with Safari is in the default for this setting. Most major browsers default to the first option, allowing all cookies. Safari and Mobile Safari default to the second, allowing only first-party cookies.”

Much more in the full article – recommended – here.

[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]

Related articles:
Obama’s privacy plan puts pinch on Google – February 24, 2012
Obama administration outlines online privacy guidelines – February 23, 2012
Google sued by Apple Safari-user for bypassing browser privacy – February 21, 2012
Google responds to Microsoft over privacy issues, calls IE’s cookie policy ‘widely non-operational’ – February 21, 2012
Google’s tracking of Safari users could prompt FTC investigation – February 18, 2012
WSJ: Google tracked iPhone, iPad users, bypassing Apple’s Safari browser privacy settings; Microsoft denounces – February 17, 2012


  1. In other words Safari defaults to protecting its users from being spied on by Google and Google defaults to hacking around this protection and spying anyway, and when they get caught, they blame Apple’s settings.

    Google severely needs to get massively punished. There’s no other way to stop this monster.

    1. Agreed. And on top of the default issue, what about those of us who have specifically selected our settings to avoid 3rd party cookies? When doing web searches to do research for new product development is a trail of cookies compromising the ability to maintain confidentiality?

      Google should have to pay for this “theft” of privacy. Reasonable damages, IMO, should start at 3 times all ad revenue generated using the code that allowed unauthorized collection of cookie data.

    2. No, I don’t think so, twilightmoon. Google can (and does) install lots of cookies if you visit a Google site, even with Safari set to block cookies from third parties and advertisers. As long as they use their domain to control the cookie, it doesn’t get blocked. And they can then share that information with third parties.

      I admit that I got into the habit of turning to Google search over the years. I am in the process of breaking that habit. I refuse to continue supporting that company.

  2. I gave up everything Google for Duck Duck Go nearly a year ago and have never regretted that decision. Google’s increasing vacuuming of data to try to fix the statistical problems behind big data (and earn more advertising dollars in the process) is an evil I can live without.

    Try Duck Duck Go … they don’t track or bubble you at all.

    1. Duck Duck Go sucks. I tried a search on that site and was greeted by a slew of garbage links of the kind Google learned to filter out at least five years ago.

      Seriously, that site is total amateur hour. I half believe the unregistered posters on this site pushing it are paid shills.


      1. not sure what you’re on about, results I’m getting are always spot-on. wouldn’t call it amateur hour at all.

        also hate clicking on next results where duckduckgo loads more via ajax as you scroll down

        I guess you suck with your search queries

        1. Put in a simple word for a search, and you’re likely to get garbage links full of nonsense phrases that include your search word. This is a search-engine gaming trick that Google learned how beat ages ago.


    1. I don’t think Apple tightened its default cookie string in Safari to punish Google. They were simply protecting themselves from future litigation from Privacy groups. Has everyone forgotten all the anxiety over what computers were allowing to pass to third parties? Apple attempts to do the socially responsible thing of making your browsing more private by default. What Google has done doesn’t bother me in its effect, because if I am going to see ads I prefer them to be relavent. But, in principle, it is really nasty and shitty.

  3. I do believe Apple means to safe guard the user and our privacy.
    By default – consumers view Apple as a better safer platform on all its products. Yes, Apple has chosen well with these settings. And, Google definitely, has wronged immensely by creating a work-around for its own gain.

    Being “different” is at the core of Apple.

    I wager (that the average consumer) who buys Apple – believe they have chosen a safer, better, simpler, different product. Its all encompassing and implied.

    Default setting for firewall and sharing on a Mac differed Windows long ago for similar reasons – to safe guard the consumer – still – you could not change those settings if you understood what you needed.

    In the best interest to the consumer, Apple takes the “responsibility” to protect its product and user from the vulnerabilities internet. The safest scenario approach – at the simplest upstart.

    It’s approach to simplify settings; not to force the buyer to understanding all the technicalities or all vulnerabilities from cookies, flash, ads and tracking. And one of the bigger culprits was Flash. Flushing out Flash from day one – was not merely for performance and battery life.

      1. A person can argue, if they travelled in time to when the “automated transmission” came into production.. it wasn’t “new”, it was still a transmission just with a simplified I/O , one that made a driver who found manual to be too challenging, daunting or intimidating. Having put automatic trans in the market made more people comfortable and willing to buy and use vehicles equipped with automatic.
        WHoever “invented” the engineering behind automatic transmissions, is so similar to apple… take something hard for the majority, and simplify it.
        Yes, it IS better to learn and understand a car using manual first, it really helps understand so much.. but fact is the world is full of people who are more than happy to live ignorant of the whys or hows.. they just want it to work. This ignorance is the only reason Android is being chosen by people who don’t know better. Heck, I showed an inlaw my iMac when i got Snow Leopard the day it was released.. we sat for less than an hour, and she was blown by the speed and ease of use… floored with everything.. u can do on a mac, and better! Even the simplicity of creating a pdf from the print page screen. You can’t do that with Windows, they still try to make you pay how much again to adobe?? 300? whatever the price, when its on a mac, and its free ( or even for a fee nothing is over priced with mac). Sadly she ended up having to get another windows computer because her credit was maxed out, and as per the Best Buy “tech” her almost new HP was unrepairable. *coughbullshattt*.
        wait, no it was.. it was windows! 🙂

    1. From DaringFireball:
      Jonathan Mayer, the researcher who first uncovered Google’s circumvention of Safari’s cookie privacy settings:

      “Apple’s purpose was not messing with Google. The default cookie blocking feature that Google circumvented was implemented in Safari 1.0, which shipped in 2003 — long before Google was in the third-party display advertising business, and long before relations between the companies soured over smartphones. Furthermore, Safari has repeatedly been a pioneer in browser privacy. Safari 1.0 included a simple “privacy reset” choice for clearing browser settings; the other major browsers followed with similar features. Safari 2.0, released in 2005, was the first browser to provide a “private browsing” mode; again, all the other major browsers followed.”

  4. All good arguments here. To deepen your understanding about user tracking and data aggregation about you and your personal information, I highly recommend that you buy and read a fabulous book, “I know who you are and I saw what you did” (available on iBooks and Amazon).

    Be sure to wear brown pants when you read this book. You’ll need them.

    Let’s put it this way: Google, arrogant and evil as it is, is merely the tip of the iceberg.

    Then, there’s Facebook. Where do I begin? That’s for another rant.

    I also highly recommend that you read “What they know” a terrifying series of articles that appeared in the Wall $treet Journal. You will never want to visit ever again.

    Remember to change your Goigle privacy settings and flush your cookies before the end of the month. Nuke any compromising emails from Gmail this month too. After February, you’re fair game.

    Consider yourself warned.

  5. The internet is a virtually lawless territory, like the Wild West in the 1880’s. Anyone who goes there does so at their own risk. Some might say that the gov’t has no interest in protecting the right of internet users because it exists primarily to serve the interests of big business, which sees consumers as a food source.

  6. Great comments. I checked my Safari settings, emptied my 2,951 cookies (except for one I want), refreshed my MDN page and was rewarded with 55 new cookies?!? Almost all advertisers.

    1. There’s advertising on MDN? I thought that was landscaping. I just looked, and low and behold, ads. I couldn’t understand a single one, but there they were, like lawn.

    2. Get the Safari extension called Ghostery. It blocks all advertising cookies on every page you visit, and it lists them as it does so. You can then selectively accept them if you want to. Go to Safari>Preferences>Extensions. It’s a free download through the Apple web site.

  7. The one thing I wish Safari would add is a setting to prompt me for cookies as I visit sites. That’s the biggest reason why I still use Firefox. I don’t have to accept all first-party cookies. I get to choose which ones are accepted, which are declined, and which are accepted only for the current session. Safari only offers me the options of blocking all cookies, accepting all first-party cookies only, or accepting all cookies.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.