It's been nearly a month since Google found itself in a quite npleasant situation: the company was caught off guard violating people's privacy. The bad thing for Google was the stroy was dug up by Well Street Journal that immediately published it, striking another blow to the company's not-so-good-anymore reputation.
The rub of the whole story is that Google used to exploit a vulnerability in the Safari web-browser privacy settings that allowed to place cookies onto a user's machine. Using tricks was just necessary for the search giant: Safari blocks out all cookies from the third-party sites by default, which means that the Google famous AdSense target ads system wouldn't work the way it is meant to. Moreover, blocking out the Google cookies meant that the Google '+1' button would't work either, making this social networking feature of the Palo Alto company a useless junk on about 61% of the mobile devices (that's the approximate current share of Safari on the mobile browser market).
Of course, sending cookies to users in an aboslutely legal and morally impeccable way is sill possible for Larry Page's guys, but that could happen only in case the user changed his or her browser default settings. And honestly, how many of the general users would even cast a single glance at the settings in their browser? Not so much, I believe.
So, Google devised a brilliant plan. They found out that Safari would allow placing temporary cookies onto the user's computer without his explicit consent if the user fills out a form. As soon as the Google's engineers pondered how they could make use of it, some of the DoubleClick ads (a Google's subsidiary company) started to be treated by Safari not quite like ads. Instead the browser was made to think that a person was sending an invisible form to the advertisers, i.e. Google. That's how cookies landed on people's computers for the next 12 — 24 hours.
At a first glimpse, not that much: but there is another Safari vulnerability at hand. This vulnerability exploited, the web-sites that have managed to send user a cookie once, have a fat chance of pulling out this trick again. That's what Google took adavantage of up to the full, at the same time promptly informing Safri users on its sites that they could not opt-out for the advertising plug-in because it doesn't work by default.
Google… I used to believe you.