By default, Safari blocks cookies from third parties. Most browsers allow users to block cookies, but don’t set it as a default. Google happens to operate many of its advertising services, including DoubleClick, from a domain outside Google.com — a domain which Safari treats as a third party. So even if a user was logged into Google, DoubleClick was blocked from serving ads to the user — unless that user approved the cookie by, say, filling out a form.
How did Google get around that?
The company put a hidden field in some of its sites that essentially acted as a form, even though the user never filled out anything. That told Safari it was OK for DoubleClick to serve ads to the unknowing, unwitting user.
Why would Google do that?
Google says it’s all an accident. Even though Google’s primary business is advertising and the Safari browser on iPhones and iPads is said to account for more than 50% of mobile browsing, Google says it was merely taking advantage of a known workaround in Safari that lets do things like use Google’s “+1″ buttons on sites outside the Google.com domain.
Modules like the “+1″ button and the Facebook Like button appear on many different sites, and users generally expect them to work without changing their browser settings. Facebook even encourages developers to exploit the same Safari quirk Google targeted here. Google says it was only trying to enable such functionality with those hidden fields, and it “didn’t anticipate” advertising cookies to be set on Safari.
Is Google doing anything about it?
Yes, it says it’s started removing these cookies from Safari browsers.
What does Google do with the information it collected?
Until it started removing the cookies, the company used the information mainly to tailor ads based on the websites you visited. The cookie doesn’t track personal information, such as your address or phone number.
Will Google face any penalties for this?
It’s unclear. Google is under close watch by the FTC for privacy violations, and this might qualify. For its part, the FTC acknowledged to Mashable that it was aware of the issue, but didn’t say if it would do anything about it.
Is Google the only one doing this?
No. The original testing by Stanford grad student Jonathan Mayer pointed the finger at three other companies — Vibrant Media, Media Innovation Group and PointRoll — all of which exploit Safari’s quirks to serve ads to unsuspecting users.
Can Apple do anything about this “quirk?”
Apple says it’s working on a way to “put a stop” to third parties circumventing Safari’s privacy settings.
What can I do if I’m concerned about this?
To ensure that no one puts unwanted cookies on your device, simply go into your browser settings and choose the option to never accept cookies.
However, that will also mean you’ll have a hard time logging into many sites.
Another option is to simply clear your browser of cookies regularly. You can do that in you settings as well.