Google caught circumventing default Safari user privacy protection settings
Another chapter in the Monster of Mountain View’s War on Privacy is now being written:
Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.
The companies used special computer code that tricks Apple’s Safari Web-browsing software into letting them monitor many users. Safari, the most widely used browser on mobile devices, is designed to block such tracking by default.
Google disabled its code after being contacted by The Wall Street Journal.
Google would have no doubt been happy to continue exploiting the Safari loophole – which was discovered by Stanford grad student Jonathan Meyer – but it needed to contain the bad publicity, so it told the Journal it was removing the offending code. That hasn’t stopped privacy activists and consumer advocates from giving Google a well-deserved, harsh scolding.
“Google has clearly engaged in ‘unfair and deceptive’ practices,” said John M. Simpson, Consumer Watchdog’s Privacy Project director. “They have been lying about how people can protect their privacy in their instructions about how to opt out of receiving targeted advertising.”
“The original Google statement that users of Safari who have not changed their privacy settings ‘accomplishes the same thing as setting the opt-out cookie’ is a per se misrepresentation. Not only did the company know this not to be true, it took elaborate measures to circumvent the Safari privacy safeguards, and it benefited from the misrepresentations by the commercial value it surreptitiously obtained. The fact that Google removed the evidence and made it no longer available by means of a Google search (think about that for a moment) is an admission by the company as to its malfeasance,” EPIC’s Marc Rotenberg wrote in a letter to the Federal Trade Commission.
“Coming on the heels of Google’s controversial decision to tear down the privacy-protective walls between some of its other services, this is bad news for the company,” agreed staffers with the Electronic Frontier Foundation (EFF). “It’s time for Google to acknowledge that it can do a better job of respecting the privacy of Web users. One way that Google can prove itself as a good actor in the online privacy debate is by providing meaningful ways for users to limit what data Google collects about them. Specifically, it’s time that Google’s third-party web servers start respecting Do Not Track requests, and time for Google to offer a built-in Do Not Track option.”
The problem, of course, is that Google isn’t interested in doing a better job of respecting the privacy of Web users. It’s trying to do away with the very idea. And unless users take a stand by choosing to stop doing business with Google – as we have – it may very well succeed.
GooSniff is for real: Google offers to pay users who agree to constant surveillance of all their Internet traffic through a little black box
What will be next? A test of facial recognition technology? The Monster of Mountain View is doing all it can to destroy user privacy as we know it. This is just the latest proof.
Google is working to collect information about Internet users that it can’t get from just monitoring its own browser, services, and Android devices. The company has set up a new program called Screenwise, which offers money to users who install a black box on their home network to “measure Internet use.” A smaller amount of money will go to those who install a browser extension on their computers that will do the same thing.
Google quietly started up the Screenwise data collection program Tuesday night, taking the e-mail addresses of people who are interested in “add[ing] a browser extension that will share with Google the sites you visit and how you use them.” For their participation, Google offers the extension users a $5 Amazon gift card for signing up and another $5 gift card for every three months they stay with the program. Less publicly, Google also started looking for people who would install a piece of hardware on their network to do more extensive monitoring.
Daniel Brandt, who runs Google Watch, foresaw the eventuality of a device like this. In his satirical images gallery, he has a photo of a USB dongle called the GooSniff. It doesn’t exactly correspond to Google’s new black box for snooping, but it’s not far off.
Of course, this is a voluntary program. Unlike many of Google’s other spying activities, it’s opt-in. But that’s because it would be illegal for Google to forcibly install little black boxes in the home offices of every American household. To attract sheep – er, participants – Google is offering a small payout. The cost to them is small, and the potential payoff (in terms of the data collected) is huge.
The more data Google can collect, the better. That’s what they are after. And unless they are stopped, they will become a bigger threat to the privacy and security of millions of Americans than the National Security Agency.
Google to “revise” its privacy policies so that it can ramp up its spying and tracking
We hate to say, we told you so, but… we told you so!
In a move that could make it harder for Google users to remain anonymous, Google Inc. said it would start combining nearly all the information it has on its users.
This could mean, for instance, that when users search via Google, the company will use their activities on sister sites like Gmail and YouTube to influence those users’ search results. Google hasn’t done that before.
Google’s move—which was disclosed in a privacy policy that will take effect on March 1—is a sign of the fierce competition between Google and Facebook Inc. over personal data. Facebook has amassed an unprecedented amount of data about the lives of its more than 800 million members—information that is coveted by advertisers.
Years ago, Google began morphing from a search and advertising company into a tracking company that controls a vast treasure trove of information about people. This site, Leave Google Behind, was created as a response to the beginning of that metamorphosis. Since LGB’s founding almost three years ago, we have faithfully chronicled Google’s increasingly well-waged war on privacy, which the Monster of Mountain View seems determined to continue, one odious move at a time.
It should be obvious by now that many of Google’s offerings don’t directly generate revenue and have nothing to do with its core business. Consider Chrome, Google’s browser. Google doesn’t make money on Chrome. But it is able to use Chrome to track the web surfing habits of millions of people. Google made Chrome by taking freely available open source software, making some improvements, and adding a proprietary payload of spyware on top. That payload is distributed with each copy of Google Chrome. But of course, it is missing from community builds of Chromium, because Google has no interest in open-sourcing its spyware.
Chrome and other offerings are intended to expand Google’s reach, so the Monster of Mountain View knows more about everybody. Google’s own executives have admitted this. On multiple occasions.
“I actually think most people don’t want Google to answer their questions…They want Google to tell them what they should be doing next… We know roughly who you are, roughly what you care about, roughly who your friends are.“
- Eric Schmidt, chief executive of Google, August 14th, 2010
Fortunately, Google’s war on privacy is starting to receive more pushback. The European Union is weighing a strong new user data privacy law that companies like Google would be required to comply with. The current incarnation of the law has some particularly strong and useful provisions in it. Perhaps if Europe can act, it will help at least spark a conversation about something similar in the U.S.
Google kills off Wave, announces that existing conversations will be deleted if they aren’t exported
In a few short weeks, Google Wave will be history… and the data contained within Wave conversations will become inaccessible (though Google will probably retain copies):
As we announced in August 2010, we are not continuing active development of Google Wave as a stand-alone product. Google Wave will be shut down in April 2012. This page details the implication of the turn down process for Google Wave.
Stage 1: Google Wave is read-only — January 31, 2012
In this stage, you will no longer be able to create or edit waves. Marking a wave as read will also not be saved.
Robots that try to write to a wave will stop functioning.
During this time, you will continue to be able to export your waves using the existing PDF export feature. You’ll still be able to read existing waves and access the Google Wave client.
If you want to continue using Wave, there is an open source project called Walkaround that includes an experimental feature to import all your waves from Google.
Stage 2: Google Wave shut down — April 30, 2012
In this stage, all the Google Wave servers will be shut down and you will no longer be able to get to your waves. Make sure to export any waves you want to save before that time.
Once upon a time, Google Wave had the tech press enthralled. But that was in 2009. Now it’s 2012, and Google, having made the decision that Wave is expendable, is shutting down the service – though the underlying software has been open sourced and will live on, maintained by the Apache Foundation, the proprietary software industry’s favorite receptacle for orphaned and abandoned projects.
(The Foundation assumed control of the Wave codebase late last year; it also received control of OpenOffice.org from Oracle. Consequently, Google Wave is now Apache Wave, short for Wave-in-a-box).
Surprise! Google violates its own policies to promote Chrome
Don’t be evil… be hypocritically evil!
Google, the company that has been fighting against paid links and “thin” content, seems to be behind a campaign that’s generating both on behalf of its Chrome browser. File this under “what were they thinking.”
Aaron Wall wrote about the campaign today at SEO Book, spotting how a search for “This post is sponsored by Google” brings back over 400 pages written apparently as part of a Google marketing campaign.
We’re checking with Google for confirmation that the company is behind the campaign, but expect a response to be delayed, as Google’s PR department, like much of Google, is off today. But it certainly appears to be Google-backed.
Google is increasingly relying on advertising to try to win over converts to its spyware-laden browser, Chrome, which is built on top of open source software originally derived from the KDE Software Compilation (KHTML). Google’s “ChromeOS” and Chromebooks aren’t doing so well, but Google has successfully convinced millions to download Chrome (the browser) by relentlessly hyping it on its web properties and bundling it with other downloads (like Google Earth).
Though Google is undoubtedly hoping that Chrome’s market share will continue to grow at Mozilla’s expense, it decided against parting ways with the nonprofit software maker recently, choosing instead to renew an agreement that will keep Google as the default search engine in Firefox for a few more years. But we believe Google’s executives didn’t sign off on the agreement out of the kindness of their hearts. They did so because they didn’t want to see Microsoft’s Bing become the default search engine in Firefox. (Microsoft had apparently made an offer and had put money on the table). Microsoft, of course, happens to make its own browser – Internet Explorer. But it has been working hard to integrate Bing into Firefox recently.
Google places misleading ads designed to steal Yelp’s traffic on its mobile search engine
The Monster of Mountain View continues to engage in anticompetitive behavior:
If you search for “Yelp” on Google from your mobile phone the top paid result, even above the organic result to Yelp.com, takes you to Zagat. I am only seeing this on mobile searches. While it is a common practice for companies to advertise against their competitors’ names in search advertising, in this case it is Google itself which is bidding for that search term and taking the top spot. A classy move.
TechCrunch has a screenshot of the ad. The link is titled “Yelp”, but it goes to Zagat, which was recently purchased by Google and is now a subsidiary.
Because AdWords ads appear above what are known as the “organic” search results (which is a misnomer, there’s no such thing as “organic” search results), the real Yelp will always appear below the fake Yelp link as long as Google continues running its ad for Zagat. And of course, Google can run its Zagat ad forever… because Google can give itself as much advertising space as it likes.
TechCrunch notes that Yelp could fight back by buying its own Google ad. But then it’s just forking over money to a competitor.
What Google is doing here is a perfect example of why it is a menacing monopoly, and should be boycotted.
Google’s support for Android sucks
Blogger Michael DeGusta has published an illuminating chart which shows just how bad Google is at pushing out updates to phones running its spyware-laden Android operating system. He writes:
I went back and found every Android phone shipped in the United States1 up through the middle of last year. I then tracked down every update that was released for each device – be it a major OS upgrade or a minor support patch – as well as prices and release & discontinuation dates. I compared these dates & versions to the currently shipping version of Android at the time. The resulting picture isn’t pretty.
From the chart, he extrapolated some devastating numbers:
- 7 of the 18 Android phones never ran a current version of the OS.
- 12 of 18 only ran a current version of the OS for a matter of weeks or less.
- 10 of 18 were at least two major versions behind well within their two year contract period.
- 11 of 18 stopped getting any support updates less than a year after release.
- 13 of 18 stopped getting any support updates before they even stopped selling the device or very shortly thereafter.
- 15 of 18 don’t run Gingerbread, which shipped in December 2010.
- In a few weeks, when Ice Cream Sandwich comes out, every device on here will be another major version behind.
- At least 16 of 18 will almost certainly never get Ice Cream Sandwich.
DeGusta goes on to discuss why Google is unable to match Apple in terms of support for users of older hardware. His piece is definitely worth reading.
Another high-profile YouTube account hacked
First it was the Sesame Street YouTube account. Now it’s Microsoft’s:
Microsoft’s official YouTube channel appears to have been taken over by someone not affiliated with the company, who has removed all of the videos and posted solicitations for sponsorships, apparently anticipating an influx of traffic as the news spreads.
I subscribe to the company’s YouTube updates and received notification this morning of two new uploads by the company, both of them rudimentary videos apparently soliciting advertisements for the channel. Since then a third video has been uploaded, along the same lines.
A YouTube account is, of course, a Google account – meaning that someone who signs up for YouTube isn’t just creating an identity on YouTube; they’re creating an identity that can be used with other Google offerings, such as Gmail, Blogger, Picasa, or Google Maps. The list goes on… and on… and on…
Who knows what else the hackers compromised that was in that Google account?
This is why it’s a bad idea to do business the Google way. Google’s account security sucks, as demonstrated by these recent break-ins.
When you trust one company to handle your emails, chat, videos, documents, pictures, credit card data, and other sensitive information, you’re asking for trouble. A lot of trouble.
City of Los Angeles demands partial refund from Google; LAPD says Google Apps not secure
The City of Los Angeles made a big mistake when it decided to do business with the Monster of Mountain View. Now the city is trying to get a partial refund from Google because some of its departments refuse to use Google’s insecure Apps offering:
Two years after the City of Los Angeles approved a $7.25 million deal to move its e-mail and productivity infrastructure to Google Apps, the migration has still not been completed because the Los Angeles Police Department and other agencies are unsatisfied with Google’s security related to the handling of criminal history data.
Los Angeles officials originally expected to roll Google Apps out to its 30,000 users by June 2010, in partnership with systems integration contractor CSC. But that number has been reduced to about 17,000 employees, largely because of security objections raised by the LAPD and other safety-related departments. Advocacy group Consumer Watchdog opposed the deal, and this week released a letter LA officials sent to CSC in August, which states “The City is in receipt of your letter dated May 13, 2011, wherein CSC indicates that it is unable to meet the security requirements of the City and the Los Angeles Police Department (LAPD) for all data and information, pursuant to U.S. DOJ Criminal Justice Information Systems (CJIS) policy requirements.”
Google has a poor reputation when it comes to privacy and security. That’s because Google’s business model is built on collecting as much user data as possible and monetizing it. Google’s response to security problems has been to collect even more personal information; these days, Gmail users are asked to associate their mobile phone numbers with their Google accounts, all in the name of improved security.
Of course, if a person who uses only GoogleTech loses their Android phone, their email, contacts, web history, and so much more could all be compromised simultaneously. That’s the danger of trusting one company with your data.
Google kills off Buzz, several other products
Goodbye, Google Buzz. You won’t be missed:
According to a new post by Google VP of Product Bradley Horowitz, on the official company blog, Google is delivering the death blow to several more products and services, including its code search engine, Buzz, Jaiku, iGoogle features and the University Research Program for Google Search, the latter which provides API access to Google Search results for a small number of academic institutions.
This is hardly the first time Google has killed off products. It previously axed Google Wave and Blogger’s FTP publishing, for instance.
Of course, in the case of Buzz, Buzz is no longer necessary now that Google has its bigger and better Facebook clone, Google+.
The Monster of Mountain View’s latest moves are just more proof that it doesn’t pay to be a Google early adopter. Google has bought a great many promising startups, only to shut them down and assign the talent to work somewhere else in the Googleplex.
The lesson for startups? If Google comes knocking, slam the door in their face and tell them to go away. Yelp and Groupon both spurned Google takeover offers, and they were wise to do so.
