Google Bypasses User Privacy Settings on Safari and Internet Explorer

If knowledge is power then data is king, since it offers potential revenue stream when shaped and mined and is why the Internet has become a cesspool for malware and abuse. Many have learned the traps of malware makers who plant infections or spyware tools to violate the privacy rights of PC users worldwide. However, surprising is that this abuse is not limited to illegal businesses.

As web cookies used to track online behaviors exploded on the Internet scene, so increased the sweet tooth of legal businesses that desire to better target potential consumers and promote or sell their products. However, privacy laws allow PC users the option of blocking use of cookies and tracking, and this is where Google's hand was recently caught in the cookie jar.

A recent report released by the Wall Street Journal alleges Google bypassed default privacy settings designed to protect users. Google's below statement denies wrongdoing, although further reporting indicates they've since disabled the plug-in used to exploit a flaw in both Safari's and Internet Explorer's browser security settings.

The Wall Street Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information.

Cybercriminals use Trojans to install spyware functionality on clients (PCs) without the clear permission or knowledge of PC users or owners, constituting such acts as malicious and illegal. Reportedly, Google's plug-in was also found on popular websites such as youtube.com, ehow.com, aol.com and others. Similar to exploits carried out by malware, the plug-in inserted code into the browser to bypass the default security settings. If true, does this make Google a cybercriminal and will they be punished?

The thing is, Google is not the only legitimate business who enjoys the sweet treat called web cookies. Companies like Facebook are also reportedly exploiting the same browser flaw to bypass security settings. If you've ever downloaded a freeware or shareware program, chances are your cookie jar is full as vague end-user license agreements (EULA) foretell of spying on surfing habits and tracking cookies.

A web cookie is not a program but rather a text file housing set data, and transfer of the data it holds takes place in the background without fanfare. In other words, if your browser security settings are not able to block use of cookies, it too will not block transfer of the data it holds. Since no means no, tracking cookies without proper permission is no different from spyware, a malicious program meant to track a user's online behaviors without their consent or knowledge and send it to a remote server. The danger with cookies not only rests in what data is being stored, but the entity who 'retrieves' this data. Data in the wrong hands can mean identity theft or an assault of pop-up or pop-under advertisements while you use the Internet, an annoying strategy used by unscrupulous advertisers.

While both Apple and Microsoft have resigned to tighten their browser security belts, you should not rest on this promise. Instead, you should fortify your systems by installing a stealth anti-malware tool using a mixture of scanning techniques to weed out and flag suspicious behaviors. Next, you need to put into place the following online safety habits:

• Be slow to click. Most malicious attacks are at the hands of PC users, who click too fast and download infections onto their poorly protected systems.
• Do not pirate! Stealing is illegal and on the Internet is a bedsore for malicious programs.
• Do not open email spam and delete altogether.
• Verify the source of email links and attachments before clicking and downloading on your computer. Cybercriminals love to hack and spoof accounts to fool trusting PC users.
• Use strong passwords that are hard to crack.
• Be careful when web surfing lest you land on an infectious link that routes you to an awaiting Trojan downloader housed on a malicious or compromised website.
• Take time to read EULAs and reject downloads hinting of spyware or malicious intent.