Stanford CIS

Setting the Record Straight on Google’s Safari Tracking

By Jonathan Mayer on

Cross posted from Jonathan Mayer's Web Policy.

Our recent research on Google’s circumvention of the Safari cookie blocking feature has led to some confusion, in part owing to the company’s statement in response (reproduced in its entirety below). This post is an attempt to elucidate the central issues. As with the original writeup, I aim for a neutral viewpoint in the interest of establishing a common factual understanding.

To begin, I’d like to lend some structure to ongoing policy discussions by unpacking the four business practices that are at issue.

  1. Social advertising. Google is leveraging user account information to personalize its advertising on non-Google websites. To do that, Google now identifies its users when they view ads on non-Google websites.
  2. Social advertising circumvention. Google intentionally bypassed Safari’s cookie blocking feature to place an identifying cookie that it uses for social advertising.
  3. Ordinary advertising circumvention. Google’s social circumvention had a collateral effect: it enabled Google to place its ordinary advertising tracking cookie.
  4. Representation. A Google instructional webpage claimed that Safari’s cookie blocking feature “effectively accomplishes the same thing” as opting out of Google’s advertising cookies.


Safari Advertising Cookie Opt-Out Instructions

I’d next like to clarify some key points about our findings.


Social Advertising Default on Account Signup

My understanding is that users with accounts predating the +1 button have social advertising disabled, but are eventually prompted about the setting with “Enable” selected by default. Disabling the feature requires going to Accounts → Google+, locating the buried “+1 on non-Google sites” setting, then toggling it to “Disable”. Google’s description of the feature does not clearly communicate that it allows Google to identify the user on non-Google websites. The description also does not indicate that the feature would override a browser privacy setting.


Social Advertising Opt-Out Location




Social Advertising Opt-Out Page

Finally, I’d like to note a couple questions that remain open for Google.



Google circulated the following statement to media outlets and policymakers on Friday. The company did not post the statement on its website, and my understanding is that Google representatives declined to answer questions about the statement.

The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content–such as the ability to “+1” things that interest them.

To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between their personal information and the web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.

Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google’s Ads Preferences Manager.

Thanks to Arvind Narayanan, Ashkan Soltani, Lee Tien, and ★★★★★ for valuable input.

1. This discussion presumes Google would host its social advertising from doubleclick.netinstead of google.com. If Google hosted social advertising from google.com there would have been no need to circumvent Safari’s cookie blocking.

Published in: Blog , Do Not Track , Privacy