Naked Security Naked Security

Google sued over iPhone ‘Safari Workaround’ data snooping

Did you use an iPhone in the UK between 1 June 2011 and 15 February 2012? If so, you’re one of an estimated 5.4 million who may be in line for compensation.

Did you use an iPhone in the UK between 1 June 2011 and 15 February 2012?

If you did, you’re one of an estimated 5.4 million people who might one day be in line for a compensation payment from Google over a long-running controversy known as the “Safari Workaround”.

The legal barebones are that a campaign group called Google You Owe Us has launched a “representative action” (similar to a class action in the US) alleging that the search giant:

Took our data by bypassing default privacy settings on the iPhone Safari browser which existed to protect our data, allowing it to collect browsing data without our consent.

Specifically, Google used a bit of JavaScript code – the workaround – to bypass Safari’s default blocking of third-party cookies (set by domains other than those being visited) in order to allow sites within its DoubleClick ad network to track users.

This was despite Google giving assurances that this would not happen to users running Safari with its default privacy settings.

The case involves Safari because it was a browser that by default imposed restrictions on the cookies set by ad networks.

By this point, some US readers might be feeling a sense of déjà vu – all over again.

The origins of the British case lie with the discoveries made by a Stanford University researcher called Jonathan Mayer in 2010, which eventually led to legal cases by the Federal Trade Commission (FTC) and 38 US states in 2012 and 2013 which concluded with Google paying fines of $22.5m (then £15m) and $17m respectively.

Google’s defence has always been that the feature was connected to allow Safari users who’d signed into Google, and opted to see personalised content, to interact with features such as the company’s Google+ button or Facebook likes.

In 2012 it said:

To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalisation.

Which seemed like a way of saying that internet services, and people’s interaction with them, was getting so complex that strict lines of privacy and consent were blurring.

The latest UK case will, essentially, see these arguments re-run with a few more years’ hindsight to sharpen the case on both sides.

It’s not the first UK Safari workaround case Google has had to fight: in 2015 the Court of Appeal ruled that the issue had enough merit to allow the litigants involved to sue the company (reportedly settled out of court).

As for iOS users who might qualify for any settlement, there are conditions.

Assuming you were using Safari on a lawfully-acquired iPhone, and didn’t opt out of seeing Google’s personalised ads, you must have been resident in England or Wales both during the period covered by the case, and on 31 May 2017 (Scotland has a separate legal system and isn’t covered).

How users prove this years after the event is not clear, but having used an Apple ID with an iPhone during the period mentioned will probably be enough.

The case is specifically about iPhone users and doesn’t include iPads and OS X computers. Naked Security understands this is for legal reasons (including additional devices complicates matters even though they might also have been affected).

Is this just a dose of bad publicity about mistakes long past?

The possibility of pay-outs from a company like Google will grab headlines, but in the UK in 2017 this has become about deeper issues. As Google You Owe Us states:

Together, we can show the world’s biggest companies are not above the law.

Recently, sentiment has turned against large tech companies for a variety of reasons, including attitudes to privacy, the alleged non-payment of taxes, and the popular perception that some companies have become too big for their boots.

It’s a seeming paradox that describes our age. Millions of us use Google’s software, yet for some at least this is building not love and respect, but suspicion.