Google are evil, but everyone else is OK
So here it begins... the Wall Street Journal report that Google are bypassing security settings on certain versions of Safari, specifically the iPhone version. Cue the shitstorm as hundreds of "privacy advocates" start bleating about how Google are 'evil'. Well I'm not going to make excuses, nor am I going to claim two wrongs make a right, but there are a few points that need to be addressed and nobody seems to be doing so.
Firstly, an analysis of what Google are actually doing. In order to make their 'Google Plus' code work, they need to be able to drop what's known as third party cookies on peoples' web browsers. You don't need to know what these are or how they work, but the default security model on lots of browsers these days is to disallow this, as it's a common method that advertising sites use to track you round the web. Maybe Google are doing this, maybe they aren't. Truth be told, they probably are, seeing as how advertising is how they make all their money. But the fact is that Google used this exploit to drop cookies on versions of Safari for which they had been disabled. You'll notice that the exploit was is over a year old, and since then it's become common in Facebook applications, which also rely on passing cookies between IFRAME elements.
So my first point: are Google really doing anything wrong? It's not hacking, it's computer science. They hit a problem, they solve it. The problem in this case is that they can't drop cookies on some browsers. They learn that it's possible to do so using a clever form hack as described in the previous link, and implement it. Problem sorted, they can now drop the cookie they needed, let's move on to the next problem without even batting an eyelid. By the same logic, Google Maps is 'evil' as it uses clever hacks to generate dynamic scrolling maps in an otherwise static web page.
My second point: even if the practice is slightly shady, why is everyone having a go at Google when the exploit has clearly been working on Facebook for over a year? If it really is such a problem, why have Apple not patched the hole? They've had a year to do it. Even if you do consider this frankly quite clever workaround to a programming problem to be wrong, let's bash Facebook as much as Google, and certainly let's bash Apple for not patching a one-year-old vulnarability in their web browser. It's certainly a genuine shame to see Google getting so much stick rather when openly privacy-apathetic organisations like Facebook and companies with a piss-poor reputation for fixing security vulnerabilities like Apple seem to be able to get away with anything these days.