Earlier this week it was reported that Google and other ad companies have been using special code to bypass privacy settings in Apple's Safari browser and track web users on computers and iPhones.

The privacy-skirting code, which Google disabled after being contacted by the paper, appears to have been used to let members of the Google+ social network sign in and then, while moving around the Web, click +1 buttons in ads that are part of Google's DoubleClick ad network. The +1 buttons let a user give a thumbs-up to an item and automatically share that approval with friends via a message on the user's Google+ profile.

But Safari's default privacy settings prevented the +1/DoubleClick setup from placing a tracking cookie to determine if a user had signed in to Google+. Safari normally blocks cookies used by ad networks and others to track people (though it allows other types of cookies--such as those that remember visitors so they can return to a site without having to log back in).

The code reportedly tricked Safari into letting a tracking cookie be placed. Safari lets sites place tracking cookies if a user interacts with the site, such as by filling out a form, and the workaround code essentially tricked Safari into thinking people were submitting a form to Google.

After hearing about this news, Microsoft denounced Google's actions, and a few days later they checked to see whether their browser, Internet Explorer, was vulnerable as well. After checking they found that IE's privacy settings were indeed being bypassed in a similar way.

In technical details, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies. The P3P specification (in an attempt to leave room for future advances in privacy policies) states that browsers should ignore any undefined policies they encounter. Google sends a P3P policy that fails to inform the browser about Google's use of cookies and user information. Google's P3P policy is actually a statement that it is not a P3P policy.

For more details, see these sources:
Safari Security Bypassed
IE Security Bypassed