Cookies和隐私

一周前,约翰巴特尔写了一篇好奇的回应华尔街日报报道关于谷歌绕过Safari(值得注意的是,Mobile Safari)的默认设置只接受cookie访问网站。

长话短说:网络饼干是网站可以存储在您的浏览器中的一小部分保存数据Cookies are restricted by domain; if example.com stores a cookie in your browser, the only website your browser sends that cookie back to is example.com但是,默认情况下,大多数桌面web浏览器允许“第三方”cookies这意味着如果页面上example.com从其他域加载JavaScript,JavaScript也能够使用cookieOne common use is by ad networks; an ad network can set a cookie and then access that same cookie from any website that uses the same ad networkGoogle利用此类Cookie来展示其广告以这种方式使用Cookie的广告网络会这样做,以便跨网站跟踪用户。

所有主流浏览器都允许用户控制cookie权限通常,有三个选项:

  • 从任何地方接受cookie(即允许第三方cookie)
  • 只接受cookie访问网站(不允许第三方饼干)
  • 根本不接受任何cookie

Safari的区别是在默认设置大多数主流浏览器默认为第一个选项,允许所有cookieSafari和Mobile Safari默认第二,只允许自身的饼干。

《华尔街日报》发现,谷歌和其他一些广告网络)找到了一种方法来存储第三方饼干在Safari和移动Safari即使选项设置只接受cookie访问网站,因为它是默认。

这让我们看到巴特尔的回应,“悲惨的互联网事务:谷歌,苹果和“隐私”杂志”(背景资料:Battelle是一个专家在谷歌,是该公司的创始人兼执行主席联合媒体,一个广告网络。)

巴特尔写道:

Here’s the lead in the Journal’s story, which requires a login/registration:

“谷歌公司and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers — tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.”

Now, from what I can tell, the first part of that story is true — Google and many others have figured out ways to get around Apple’s default settings on Safari in iOS — the only browser that comes with iOS, a browser that, in my experience, has never asked me what kind of privacy settings I wanted, nor did it ask if I wanted to share my data with anyone else (I do, it turns out, for any number of perfectly good reasons).

巴特尔有很好的点,《华尔街日报》的使用“目的”太宽阔的中风。一些Safari用户故意指定了他们的cookie隐私设置,但大多数(我几乎所有人都打赌)从未改变默认设置,甚至不知道什么是cookie但对于所有浏览器的用户来说都是如此,而不仅仅是Safari不仅适用于所有设置,饼干的偏好。大多数用户不会更改设置,只使用默认值。默认设置非常重要。

在使用之前,我无法回想起有关cookie隐私设置的任何浏览器。

Apple assumes that I agree with Apple’s point of view on “privacy,” which, I must say, is ridiculous on its face, because the idea of a large corporation (Apple is the largest, in fact) determining in advance what I might want to do with my data is pretty much the opposite of “privacy.”

Safari的不同之处并不在于苹果公司一个assumption about the user’s view regarding cookie privacy; it’s that Apple has made a不同假设比其他浏览器供应商的假设。

Then again, Apple decided I hated Flash, too, so I shouldn’t be that surprised, right?

iOS决定会更好没有Flash不一样的决定,所有iOS用户“恨”Flash。

In short, Apple’s mobile version of Safari broke with common web practice, and as a result, it broke Google’s normal approach to engaging with consumers.

我使用了“跟踪”代替“与”,但这是语义我的狡辩是因为Safari“打破了常见的网络习惯”所有主流浏览器都可以选择阻止第三方cookie而且我敢打赌Safari并不是第一个在默认情况下阻止它们的人新奇的是,Safari(a)块第三方饼干在默认情况下,和(b)是流行和发展(特别是在移动)。

Safari hasn’t broken the web; it has simply broken the heretofore safe assumption that an overwhelming majority of web surfers accepted third-party cookies.

Was Google’s “normal approach” wrong? Well, I suppose that’s a debate worth having — it’s currently standard practice and the backbone of the entire web advertising ecosystem — but the Journal doesn’t bother to go into those detailsOne can debate whether setting cookies should happen by default — but the fact is, that’s how it’s done on the open web.

在这里,我认为巴特尔脱落没有人批评谷歌一般使用第三方跟踪cookie没有人被批评的是谷歌设计并实施了一种在网络浏览器中存储第三方cookie的方法,这些方法设置为不接受第三方cookie这不是偶然发生的谷歌编写的代码专门用于规避Safari中的此设置。

The Journal article does later acknowledge, though not in a way that a reasonable reader would interpret as meaningful, that the mobile version of Safari has “default” (ie not user activated) settings that prevent Google and others (like ad giant WPP) to track user behavior the way they do on the “normal” WebThat’s a far cry from the Journal’s lead paragraph, which again, states Google bypassed the “the privacy settings of millions of people.” So when is a privacy setting really a privacy setting, I wonder? When Apple makes it so?

:我们都是一致的,这是一个争论默认settings, not which settings are available for user tweaking所以让我们承认,巴特尔有一个观点,即谷歌没有绕过数百万的隐私设置他们绕过了数百万的隐私设置网络浏览器Battelle在这里暗示的是,如果大多数用户没有手动指定这些设置,Google可以绕过浏览器隐私设置,或者至少不是那么糟糕(There’s no way for Google to tell which Safari users block third-party cookies simply by default and which ones block them because they understand what’s going on and have made an explicit choice.)

Since this story has broken, Google has discontinued its practice, making it look even worse, of course.

我认为,如果谷歌继续这种做法,即使在公布之后,谷歌也会变得更糟。

But let’s step back a second here and ask: why do you think Apple has made it impossible for advertising-driven companies like Google to execute what are industry standard practices on the open web (dropping cookies and tracking behavior so as to provide relevant services and advertising)? Do you think it’s because Apple cares deeply about your privacy?

真?

但他们并没有让它变得不可能他们只改变了默认但事实是默认设置是谷歌和其他的一切巨大的广告网络,因为他们所在乎的是聚合用户跟踪,不是个人用户跟踪。1

我当然不能证明Apple为了用户隐私而指定了这个默认设置,而不是出于对谷歌的竞争。2But I’m thinking that if you took a thousand random iOS and Mac users, sat them down and explained to them in layman’s terms what browser cookies are and how Google uses them to track their behavior across the web, and then conducted a survey among them as to what Safari’s default cookie privacy setting should be, we’d find out that Apple chose well to break with tradition here.

In this case, what Google and others have done sure sounds wrong — if you’ve going to resort to tricking a browser into offering up information designated by default as private, you need to somehow message the user and explain what’s going on.

声音错了,或者错了吗?

Then again, in the open web, you don’t have to — most browsers let you set cookies by default.

So Safari isn’t part of the “open web” because it doesn’t allow ad networks to track users across websites by default? Used to be that all major browsers allowed websites to create pop-up (and pop-under) windows for advertising; are browsers that block such pop-ups by default not part of the “open web” as well?

我在Google的行为中发现的(以及Battelle的或多或少的防御)是一种权利感,因为在过去的广告网络可以跟踪几乎所有用户通过饼干,他们有权继续跟踪几乎所有用户在网络上通过饼干,即使数量大(增长)的他们开始使用一个web浏览器,默认情况下,试图阻止它。

认为谷歌没有做错任何事 - 或者说错了 - 是一回事但试图旋转成一个论点,苹果所做的错事,谷歌只是自然反应,是别的东西。


  1. 这同样适用于FlashMobile Safari浏览器不是第一船不支持Flash或其他媒体插件是什么让Mobile Safari缺乏Flash支持有争议的是,它是第一个受欢迎的浏览器的船没有Flash的支持,因此首先破坏的假设“几乎所有”浏览器已经支持Flash。↩︎

  2. 这将是有趣的知道这个设置默认最初的iPhone上早在2007年,当时苹果和谷歌非常亲密的,埃里克•施密特(Eric Schmidt)甚至出台了在iPhone的介绍和讨论伟大的企业朋友苹果和谷歌。

    更新1:这是iPhone OS 1.0.2的iLounge截图库建议默认设置一直是禁止在Mobile Safari中使用第三方Cookie。

    更新2:我还没有找到任何证据可以链接,但是几个DF读者证明Safari Mac首次在2003年同样的饼干隐私默认设置。这也是由乔纳森·迈耶斯坦福,隐私/安全研究员首先发现了谷歌的规避Safari浏览器的cookie隐私设置。↩︎

以前: Mountain Lion
下一个: 只有Apple