Google caught circumventing default Safari user privacy protection settings
Another chapter in the Monster of Mountain View’s War on Privacy is now being written:
Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.
The companies used special computer code that tricks Apple’s Safari Web-browsing software into letting them monitor many users. Safari, the most widely used browser on mobile devices, is designed to block such tracking by default.
Google disabled its code after being contacted by The Wall Street Journal.
Google would have no doubt been happy to continue exploiting the Safari loophole – which was discovered by Stanford grad student Jonathan Meyer – but it needed to contain the bad publicity, so it told the Journal it was removing the offending code. That hasn’t stopped privacy activists and consumer advocates from giving Google a well-deserved, harsh scolding.
“Google has clearly engaged in ‘unfair and deceptive’ practices,” said John M. Simpson, Consumer Watchdog’s Privacy Project director. “They have been lying about how people can protect their privacy in their instructions about how to opt out of receiving targeted advertising.”
“The original Google statement that users of Safari who have not changed their privacy settings ‘accomplishes the same thing as setting the opt-out cookie’ is a per se misrepresentation. Not only did the company know this not to be true, it took elaborate measures to circumvent the Safari privacy safeguards, and it benefited from the misrepresentations by the commercial value it surreptitiously obtained. The fact that Google removed the evidence and made it no longer available by means of a Google search (think about that for a moment) is an admission by the company as to its malfeasance,” EPIC’s Marc Rotenberg wrote in a letter to the Federal Trade Commission.
“Coming on the heels of Google’s controversial decision to tear down the privacy-protective walls between some of its other services, this is bad news for the company,” agreed staffers with the Electronic Frontier Foundation (EFF). “It’s time for Google to acknowledge that it can do a better job of respecting the privacy of Web users. One way that Google can prove itself as a good actor in the online privacy debate is by providing meaningful ways for users to limit what data Google collects about them. Specifically, it’s time that Google’s third-party web servers start respecting Do Not Track requests, and time for Google to offer a built-in Do Not Track option.”
The problem, of course, is that Google isn’t interested in doing a better job of respecting the privacy of Web users. It’s trying to do away with the very idea. And unless users take a stand by choosing to stop doing business with Google – as we have – it may very well succeed.
GooSniff is for real: Google offers to pay users who agree to constant surveillance of all their Internet traffic through a little black box
What will be next? A test of facial recognition technology? The Monster of Mountain View is doing all it can to destroy user privacy as we know it. This is just the latest proof.
Google is working to collect information about Internet users that it can’t get from just monitoring its own browser, services, and Android devices. The company has set up a new program called Screenwise, which offers money to users who install a black box on their home network to “measure Internet use.” A smaller amount of money will go to those who install a browser extension on their computers that will do the same thing.
Google quietly started up the Screenwise data collection program Tuesday night, taking the e-mail addresses of people who are interested in “add[ing] a browser extension that will share with Google the sites you visit and how you use them.” For their participation, Google offers the extension users a $5 Amazon gift card for signing up and another $5 gift card for every three months they stay with the program. Less publicly, Google also started looking for people who would install a piece of hardware on their network to do more extensive monitoring.
Daniel Brandt, who runs Google Watch, foresaw the eventuality of a device like this. In his satirical images gallery, he has a photo of a USB dongle called the GooSniff. It doesn’t exactly correspond to Google’s new black box for snooping, but it’s not far off.
Of course, this is a voluntary program. Unlike many of Google’s other spying activities, it’s opt-in. But that’s because it would be illegal for Google to forcibly install little black boxes in the home offices of every American household. To attract sheep – er, participants – Google is offering a small payout. The cost to them is small, and the potential payoff (in terms of the data collected) is huge.
The more data Google can collect, the better. That’s what they are after. And unless they are stopped, they will become a bigger threat to the privacy and security of millions of Americans than the National Security Agency.
Google to “revise” its privacy policies so that it can ramp up its spying and tracking
We hate to say, we told you so, but… we told you so!
In a move that could make it harder for Google users to remain anonymous, Google Inc. said it would start combining nearly all the information it has on its users.
This could mean, for instance, that when users search via Google, the company will use their activities on sister sites like Gmail and YouTube to influence those users’ search results. Google hasn’t done that before.
Google’s move—which was disclosed in a privacy policy that will take effect on March 1—is a sign of the fierce competition between Google and Facebook Inc. over personal data. Facebook has amassed an unprecedented amount of data about the lives of its more than 800 million members—information that is coveted by advertisers.
Years ago, Google began morphing from a search and advertising company into a tracking company that controls a vast treasure trove of information about people. This site, Leave Google Behind, was created as a response to the beginning of that metamorphosis. Since LGB’s founding almost three years ago, we have faithfully chronicled Google’s increasingly well-waged war on privacy, which the Monster of Mountain View seems determined to continue, one odious move at a time.
It should be obvious by now that many of Google’s offerings don’t directly generate revenue and have nothing to do with its core business. Consider Chrome, Google’s browser. Google doesn’t make money on Chrome. But it is able to use Chrome to track the web surfing habits of millions of people. Google made Chrome by taking freely available open source software, making some improvements, and adding a proprietary payload of spyware on top. That payload is distributed with each copy of Google Chrome. But of course, it is missing from community builds of Chromium, because Google has no interest in open-sourcing its spyware.
Chrome and other offerings are intended to expand Google’s reach, so the Monster of Mountain View knows more about everybody. Google’s own executives have admitted this. On multiple occasions.
“I actually think most people don’t want Google to answer their questions…They want Google to tell them what they should be doing next… We know roughly who you are, roughly what you care about, roughly who your friends are.“
- Eric Schmidt, chief executive of Google, August 14th, 2010
Fortunately, Google’s war on privacy is starting to receive more pushback. The European Union is weighing a strong new user data privacy law that companies like Google would be required to comply with. The current incarnation of the law has some particularly strong and useful provisions in it. Perhaps if Europe can act, it will help at least spark a conversation about something similar in the U.S.
Google kills off Buzz, several other products
Goodbye, Google Buzz. You won’t be missed:
According to a new post by Google VP of Product Bradley Horowitz, on the official company blog, Google is delivering the death blow to several more products and services, including its code search engine, Buzz, Jaiku, iGoogle features and the University Research Program for Google Search, the latter which provides API access to Google Search results for a small number of academic institutions.
This is hardly the first time Google has killed off products. It previously axed Google Wave and Blogger’s FTP publishing, for instance.
Of course, in the case of Buzz, Buzz is no longer necessary now that Google has its bigger and better Facebook clone, Google+.
The Monster of Mountain View’s latest moves are just more proof that it doesn’t pay to be a Google early adopter. Google has bought a great many promising startups, only to shut them down and assign the talent to work somewhere else in the Googleplex.
The lesson for startups? If Google comes knocking, slam the door in their face and tell them to go away. Yelp and Groupon both spurned Google takeover offers, and they were wise to do so.
Stay away from Google and Google+ if you value your privacy
A Network World editor who normally writes about Microsoft has chronicled several alarming tales which describe how the Monster of Mountain View is taking its data-mining to the next level. Here’s story one:
For a few months, whenever this editor used Google search, Google would show him relevant tweets from people he was following on his Twitter account within search results. But, he never actually gave Google his Twitter handle. In fact, it would always ask him to verify his Twitter name even as it served up the Tweets. Google was guessing about his Twitter identity, probably using the fact that the editor gave Twitter his Gmail account. Google saw messages from that Twitter account coming into his Gmail, correlated the two and started serving up unasked for Tweets. Yes, Google is correlating your Google profile with data from public social networks. You must opt out if you want it to cut it out.
Story two:
As for my story, a couple of weeks ago I fired up my Gmail and noticed my name with a little “plus” sign at the top. It turns out it was a Google+ account and Google had filled what it could of my public profile with the data I had shared when I tried out Buzz. This was not my full real name but the name I had been using with all my Google accounts. No one I knew was on Plus yet, so a few days later, I returned, found a few co-workers and tried to post a “hello world” status update. I got an error message. The message didn’t tell me I was banned … it simply said that it couldn’t post my status at this time and I should try again later. Which I did, several times … to the same effect.
After trying everything I could think of, I thought Plus was either ridiculously hard to use or just plain broken (when in truth, the answer was neither, as my account had been suspended).
A few days later, when it still wasn’t fixed, I tried to update my profile and when I hit save, I was finally told what the problem was. It didn’t like my name. I was told the account was being investigated for possible violations for Google’s profile policies.
Story three:
So I posted a photo. I was horrified to discover that although I had set the privacy settings on my photos to default to be visible only to specific circles, the photo was marked as publicly visible. No amount of searching or clicking would get Google to declare that photo not public. I was even more horrified to discover that the photo somehow geolocated itself to the exact location it was taken … which is amazingly creepy as it was taken on a trail in a state park on the iPhone of a friend and sent as a text to my Android phone.
What Julie (the author of the above stories) calls “watching” or “correlating”, we call data-mining. Data-mining is the harmful, invasive activity that underpins pretty much Google’s entire business model. Data-mining means stitching together publicly-available information about people with information that people have volunteered to either Google or its partners at some point to create nearly complete profiles. The commercial purpose of the profiles is to make it possible to serve up behavioral advertising.
Google believes that by destroying the privacy of billions of people, it can reap more than a tidy profit. Its settings to allow people to opt out are just a sop to pacify people who would be otherwise critical of the company.
Google knows it doesn’t have any chance of mollifying its real critics. But right now, it’s not too concerned about this since it has more (deluded) fans than critics.
As long as Google can get away with quietly encroaching upon people’s privacy and making loss of privacy the new norm, it will.
Google chairman Eric Schmidt has already admitted that the Monster of Mountain View has developed facial recognition technology it hasn’t released because it is too creepy. But of course, that research hasn’t been destroyed. It’s still there. Google could start putting this technology into its Picasa offering anytime it wanted – or create new offerings that use it. It’s likely only a matter of time before that happens.
Microsoft skewers Google’s Gmail for insensivity to privacy with parody video
Microsoft may not be a privacy watchdog, but somebody inside the company definitely agrees with us that Gmail is creepy:
On July 20 during the MGX opening sessions, the Softies showed off their “Gmail Man” spoof, meant to spur the troops selling Office 365 against Google Apps, and specifically, Gmail. In the video, Gmail man riffles through mail to find keywords for serving up ads. The message: Google cares more about advertising revenues than privacy.
ZDNet’s Mary Jo Foley couldn’t get Microsoft to confirm that the video is legit. But it seems to be. It would have more credibility coming from an organization like Consumer Watchdog than a Google rival (in this case, Microsoft, which has its own free, ad-supported email service – Hotmail).
The video itself is well-done, and manages to be funny and sobering at the same time.
Google confirms it will forcibly make all Google Profiles public by the end of the month
Google is adopting another privacy-encroaching, opt-out, Facebook-style policy:
The purpose of Google Profiles is to enable you to manage your online identity. Today, nearly all Google Profiles are public. We believe that using Google Profiles to help people find and connect with you online is how the product is best used. Private profiles don’t allow this, so we have decided to require all profiles to be public.
Keep in mind that your full name and gender are the only required information that will be displayed on your profile; you’ll be able to edit or remove any other information that you don’t want to share.
If you currently have a private profile but you do not wish to make your profile public, you can delete your profile. Or, you can simply do nothing. All private profiles will be deleted after July 31, 2011.
What they really meant to say was that private profiles – and privacy in general, for that matter – just don’t fit in with their business model of monetizing people.
People who care about their privacy should stay away from Google’s offerings.
Our front page provides a pretty exhaustive guide which explains how users can Leave Google Behind. Many of the alternatives to Google’s products aren’t well known, which is why we’ve gone to the trouble of listing some of them. We encourage you to try them out for yourself. The Web’s a big place… discover how much fun it is to explore it without Google.
Google tries to build a social network again with “Google+”
Well, we knew this was coming.
Today, the Monster of Mountain View finally unveiled its latest effort to create a data-mining Facebook clone: Google+, which appears be an amalgamation of older Google products (Wave, Buzz, Voice) combined with some Facebook-like features and wrapped in a slick interface.
Basically, what Google is trying to do with Google+ is get people to give it all the information they currently provide willingly to Facebook… like activities, interests, relationships, and so forth. Google already has a good guess as to what people who naively use its search engine like or do, but having a user confirm his or her preferences in a Google profile is better.
Google+ will be incorporated into all Google properties through a toolbar, which will encourage people to populate their Google profiles with lots of personal information and identify their friends to Google. A “feature” called Circles supposedly makes it easy to categorize contacts that already exist in Gmail into groups – the examples Google provided were “Family” and “Bike Geeks” and “Friends”. Google wants people to fill out these relationship webs so it can dramatically improve its data-mining abilities. (It doesn’t have access to Facebook’s internal data, which is why it is so desperate to build its own Facebook clone).
There’s also an app which integrates with Android and automatically uploads photos a user shoots with the phone to Google’s servers, and pushes those photos into Google+.
As you might expect, Google+ will not respect the wishes of people who want to have nothing to do with it.
Another twist is that people in your circles don’t have to be members of Google’s social net. If Aunt Mary refuses to opt in, you can include her anyway, and she can still get the pictures you post to the circle via e-mail.
Amusingly, none of the promotional materials we’ve seen for Google+ even attempt to talk about protecting user privacy. That’s because the whole point of Google+ is to help Google do a better job of waging war on people’s privacy. What Google is asking is that people trust it with all the information they currently give to Facebook in addition to what Google can automatically collect from people using its products.
That’s just too much data for one company to have, period.
People concerned about Google opting them in to Google+, as it did with Buzz, should take this opportunity to Leave Google Behind.
Google shuts down Google Health
But don’t think that means Google isn’t interested in people’s medical records:
Now, with a few years of experience, we’ve observed that Google Health is not having the broad impact that we hoped it would. There has been adoption among certain groups of users like tech-savvy patients and their caregivers, and more recently fitness and wellness enthusiasts. But we haven’t found a way to translate that limited usage into widespread adoption in the daily health routines of millions of people. That’s why we’ve made the difficult decision to discontinue the Google Health service. We’ll continue to operate the Google Health site as usual through January 1, 2012, and we’ll provide an ongoing way for people to download their health data for an additional year beyond that, through January 1, 2013. Any data that remains in Google Health after that point will be permanently deleted.
Translation: We couldn’t convince the masses to trust us with their sensitive medical records, so we’re done with this approach. When we figure out a better way to mine medical information, we’ll be back with a new offering.
Google takes Android spying to next level with Google Wallet
When Google launched its Android phone operating system, it gained the ability to track the movements and activities of millions of gullible people who would eventually be persuaded by “Droid Does” advertising that they needed a Google-powered smartphone.
But spying is addictive, and Google is always looking for ways to do more spying. With Google Wallet, the Monster of Mountain View intends to leverage Android to track what people are buying:
Among other things, Google Wallet will be able to store your credit card information (Google’s launch partners include MasterCard and Citi) as well as loyalty rewards, purchase points, and any saved-up Google Offers that might apply. Then, users who have Near Field Communications (NFC) enabled Android phones will be able to simply whip out their devices when shopping and tap them on electronic payment processors in order to get deals and pay for their goods.
Google is also suggesting that makers of other phones and phone systems (Microsoft, Apple, Research in Motion) could integrate Google Wallet into their own offerings.
But that’s probably just wishful thinking on Google’s part.
Still, with Android as pervasive as it is, it won’t take Google too long to deploy its new spying capabilities. The average life of a phone, even a smartphone, is pretty short. Whether Wallet becomes as ubiquitous as Android remains to be seen. MasterCard is not an exclusive Google partner; it has other irons in the fire as far as the future of payment goes. And embedding credit cards into phones may simply be too uncomfortable for many people. Hopefully, it will be.
There is no particularly good reason why credit cards should be embedded in phones. Next, Google will be signing up governments to make driver’s licenses electronic and embedded in its phones.
Where does this end?
The contents of one’s wallet do not need to be in one’s phone. There are very good reasons for keeping both separate. Foremost is privacy and security. For instance, phones are only going to become more attractive to thieves if they contain more identifying information and means of payment.
Google Wallet provides an insignificant benefit to people who might use it. Like so many other Google products, it is primarily designed to benefit Google, and not users.
