Google Faces Privacy Audits For Next 20 Years

Hugh Pickens writes "The San Francisco Chronicle reports that Google has reached a settlement with the Federal Trade Commission over Buzz, a social blogging service the company introduced through Gmail last year. The deal will require that Google have regular, independent privacy audits for the next 20 years. Buzz drew heavy criticism at launch in February 2010 for a glaring privacy flaw. When users turned it on, it suggested people to follow based on their Gmail contacts list and their most frequent email partners. 'Although Google led Gmail users to believe that they could choose whether or not they wanted to join the network, the options for declining or leaving the social network were ineffective,' says the FTC. Along with the 20 year oversight, the settlement also says that Google is barred from misrepresenting privacy or confidentiality of the user information it collects, Google must obtain user consent before sharing their information with third parties if it changes its privacy policy, and Google must establish and maintain a comprehensive privacy program."

Um...

Facebook? Hello?

Re:Um...

[smash]

At least Facebook is opt in - basically you need to become a member for a start. Google search does all sorts of tracking via non-expiring cookie, and realistically trying to avoid google in your usage of the internet is pretty difficult due to them having about 90% of the search market.

Re:Um...

[Idbar]

AT&T, Comcast... hello?

Re:Um...

Newsflash. Facebook does this too? FB Connect anyone?

Re:Um...

[coolmadsi]

The summary says it was over Google Buzz, which I'm pretty sure you have to have sign up for Google first to use, like you have to sign up for Facebook first to use that.

Not cool

[AlbertinaJane]

Not cool for so long now (Google). But, so is my country (Croatia).

facebook

[SpiralSpirit]

I'd suggest the same with facebook too. I'm not too sure the legality of presenting 12 year old with changes to user agreements, misleading games that collect your info, etc.

Re:facebook

[inpher]

I'd suggest the same with facebook too. I'm not too sure the legality of presenting 12 year old with changes to user agreements, misleading games that collect your info, etc.

That would not be a big problem for facebook because you have to be 13 to use facebook.

Re:facebook

[MickyTheIdiot]

This is stupid in light of the fact that Facebook is openly hostile to idea of user privacy and Google actually seems to care, at least a little bit.

Re:facebook

There are three things I've never done on the internet.

• Used my real name
• Used my real date of birth
• Read terms and conditions

Re:facebook

[clang_jangle]

I tried that for awhile but the people whose credit cards I "borrowed" for shopping got angry.

Re:facebook

[vivian]

These term that Google has to meet should be standard terms that ALL companies who collect information have to meet - especially the one about having to obtain user consent before sharing a user's private information with third parties.

Re:facebook

[similar_name]

I like this from the summary...

Google is barred from misrepresenting privacy or confidentiality of the user information it collects,

So does that mean it's normally ok for companies to misrepresent privacy or confidentiality of the user information they collects.

Re:facebook

[RoFLKOPTr]

These term that Google has to meet should be standard terms that ALL companies who collect information have to meet - especially the one about having to obtain user consent before sharing a user's private information with third parties.

You can always read a company's privacy policy before submitting personal information to them, and you can always simply not submit data to them if you disagree with it. Companies have to follow their privacy policy, because it is a legal contract. They have every right to include the possibility of distributing your information to third parties. Google just fucked up and rushed Buzz without thinking it through, so now they're getting boned by the privacy police.

Re:facebook

[Daniel+Phillips]

There are three things I've never done on the internet.

• Used my real name
• Used my real date of birth
• Read terms and conditions

...and nobody knows you're a dog.

Re:facebook

[Shompol]

Who do you think paid for this circus? Apparently one of Google 's competitors with a strong lobby group, and they don't happen to compete with Facebook. So what potential perpetrators do we have here..... ...-awkward silence-... ..... Microsoft?

Re:facebook

[smash]

You're fucking JOKING, right? Google may wave hands and publicly pretend to care about privacy, etc - but if you actually check what info they have about you on file via the never expiring cookie and your account (if signed in) its pretty damn invasive.

Re:facebook

[pelrun]

You seem to misunderstand what 'privacy' actually means here. It's nothing to do with what information they may or may not collect about you - it's what they DO with that information. That means not letting other people have access to it without your explicit permission or a court order.

Re:facebook

[Americium]

You're missing the point. Google REFUSED to share the information it gathered, that's why audits are required for the government to legally obtain all that juicy data.

Re:facebook

[rvw]

This is stupid in light of the fact that Facebook is openly hostile to idea of user privacy and Google actually seems to care, at least a little bit.

It's not stupid. It's a feature! And this time it's a good one. And it's one that Google can use: Privacy guaranteed by FTC approval!

Re:facebook

You should Google Eric Schmidt.

Re:facebook

[swillden]

You're fucking JOKING, right? Google may wave hands and publicly pretend to care about privacy, etc - but if you actually check what info they have about you on file via the never expiring cookie and your account (if signed in) its pretty damn invasive.

Google also provides an extensive set of privacy controls. Check out the Google privacy tools. You can opt out of ads tracking, personalized ads, etc. You can install a Google-provided plugin that ensures your opt-outs don't get lost and are always honored even if you're not logged in. You can look at the dashboard which shows you all of the information Google is tracking about you, and you can opt out of it.

Google's not perfect. Occasional significant mistakes are made, and there is a lot more that needs to be done, but Google does care about user privacy.

It's worth noting that the result of the FTC investigation is that Google will have to continue doing exactly what it's already doing. After the Buzz fiasco that drove this, Google has put in place a privacy design review process and established teams specifically focused on ensuring privacy is handled correctly across the whole company.

Disclaimer: I'm a Google employee, so I'm hardly a disinterested bystander. But I'm an engineer, not a spokesperson, and I'm an engineer whose spent most of his career on security and privacy work (this isn't what I do at Google). FWIW (not much, since I can't offer details), I'll also say that what I see from the inside about Google's focus on privacy is very impressive to me. I think the company is doing all the right things. There have been and will be missteps, but they'll be mistakes.

Re:facebook

[yuhong]

For example, while Google did it once, Facebook tricked users into sharing more data than they expected several times!

Re:Google, meet Samsung

[kvvbassboy]

At least they are not as evil. The problems with Google Buzz were quite obvious.

Smack their knuckles with a ruler for good measure

[WiglyWorm]

This basically amounts to "now don't you do that again, Google!" I don't know why I'm constantly surprised by how infective our corporate oversite is.

Good

[gman003]

Honestly, these kinds of things should be mandatory for any large company with that much personal information. Regular independent audits? Sounds like the kind of oversight we need. Can't lie about how private your info is? Sounds like something that should be a law. Need to get consent again after changing the terms? Again, I'm surprised you could get away with it before.

Now let's just get these things applied everywhere else like Google. Facebook, for one, deserves even more oversight.

Re:Good

[binaryseraph]

I've said it before, and I'll say it again (even though it's not popular), but no one is holding a gun to anyone's head and telling them to use facebook "or else." They can only use the personal info you give them- and rightly so. They make it glaringly obvious that is how they make their money. Government oversight in this case will only lead to more laws. More laws will lead to less internet(personal) freedom. After all, the Internet is a privilege not a right (and should remain as such).

Re:Good

The problem with making it mandatory is that it punishes companies like Microsoft, where Bing was built from the ground up to treat user's privacy as the number one priority.

Re:Good

[mug+funky]

sounds like every telecom ever.

i like it when they fabricate bills, ring you at work asking if you are [some person] and not telling you what it's about because you're not [some person].

but you still get harassed by collection agencies...

and no matter how often you chew their ears off, they don't get the hint.

Re:Good

[martin-boundary]

They make it glaringly obvious that is how they make their money.

Actually, they don't. They don't tell anyone just what exactly will be done with their information, and just exactly who will get to see/copy it. That's something we don't know, only Zuck and his minions knows that. And without knowing exactly that information, there's no true basis for consent.

Re:Good

[countertrolling]

Oversight, over computer data.. hilarious!

Re:Good

[martin-boundary]

The problem with making it mandatory is that it advantages companies like Microsoft, where Bing was built from the ground up to treat user's privacy as the number one priority.

FTFY. If M$ already do all this, they'll be able to innovate while Google wastes time catching up.

Re:Good

[gman003]

Hahaha! I'd rate you +5 Funny if I could.

Re:Good

[similar_name]

Actually, they don't. They don't tell anyone just what exactly will be done with their information, and just exactly who will get to see/copy it

They're selling it to advertisers and marketing firms. They're cross referencing it with everybody elses information to create 'may like/dislike' lists/ads and more complicated demographic sets. There could be other things but what exactly do you think they could be doing with it that would be different than any other company that gets your information?

Re:Good

[martin-boundary]

Reread my comment. Which advertisers? Which marketing firms? What factors are cross referenced with what other factors using what models?

Unless Facebook answers those questions, there's no transparency, and certainly the claim that it's pretty obvious what they do with people's data is just handwaving and waffling.

Re:Good

[similar_name]

I'm just wondering what makes that differentfrom any other company. In general who they sell your information to is a moving target. It might be one company today and another tomorrow so if you want to use Facebook you agree that anyone might be able to buy your information and use it however they can. What factors they use are also going to change depending on what they're trying to learn. I guess I don't understand why it matters who they sell it to or how they use it as long as you know they are going to sell it and they are going to use it. I know you're wanting more transparency but could you give me an example of a company that sells your information and tells you exactly who they are selling it to? I'm curious to see how they present it.

Re:Good

[memnock]

Right. This makes me wonder why this was imposed on Google but not other companies that do the same thing. Like the first post noted, Facebook does all sorts of shit with people's details. How come no one is throwing the book at Facebook? I'm no fanboy of Google, but they're not all evil. On my scorecard, they're far less evil than Facebook.

Re:Good

[martin-boundary]

First, I think it's wrong to equate privacy protection with simply doing the same as other companies are doing. What's to ensure that those other companies are actually protecting their customers' data any better? This IMHO is a major problem with the US lack of standards similar to the EU data protection principles.

There are several reasons why it matters what will be learned from the data, and who gets it.

Suppose there's a (deliberate or otherwise) mistake in your data, it will be replicated everywhere the data is copied. If you don't know who has access to your data, then you can't tell them to fix it, and it may travel widely causing you damage. In fact, there's no way to prevent some unknown company from changing your data fraudulently, or mixing your data with someone else's data who has the same name. Moreover, what if you (don't) find out that some company you wish to do business with has bought information about you from some random source that's not reliable. You could be penalized without ever knowing why (eg credit records, insurance premiums).

Now besides knowing who gets your data, it's also important to know how data is combined and learned. When data travels and gets learned, it always loses context and is transmogrified. You could have a juvenile shoplifting record, and by the time it ends in some company's database, it has been transformed into "criminal offense" which could be anything. The same is true with medical conditions. You might have some harmless recurring problem, but the computer simplifies that into a generic category, and in that category you are lumped with much more serious diseases, and penalized.

Data never stays 100% the same when it moves from one computer to another. It's important for people to be able to know what data a company has about them, and be able to do something about it. Companies should be held accountable about this.

Re:Good

[mgiuca]

but no one is holding a gun to anyone's head and telling them to use facebook "or else."

I am finding it increasingly hard to buy this argument. Now that I see billboards telling me not to visit myproduct.com, but facebook.com/myproduct. Bars and cafes offering discounts if I like them on Facebook. Invites to parties coming exclusively through Facebook, no longer by email. This is just the beginning. We are quickly moving into a world where you need to be on Facebook to stay in touch (you are a social outcast) and to access information (businesses prefer to be on Facebook than the open web).

Nobody is holding a gun to anyone's head, but then again nobody ever holds guns to peoples heads any more. There are plenty of other ways to effectively force people to use a product.

Note that Google never had this power. Nobody was ever forced to use a Google product: we just did because they were useful. Every Google product has viable competitors, they just aren't as good. Don't want to use Google search? Use Bing or Yahoo. Don't want to use Gmail? Use Hotmail or Yahoo Mail. Unlike Facebook, Gmail is compatible with other email providers. So I can function perfectly well in society without Google (I just choose to use them). But the same cannot be said about Facebook.

the Internet is a privilege not a right (and should remain as such)

That line of thinking is also quickly dying out. These days, I am expected to do my banking and my taxes on the Internet. I search for houses online. I apply for jobs online. If I don't have email, I can't function in nearly any job. I sure as hell wouldn't want that "privilege" taken away from me. You might have said in the 1900s that electricity was a privilege, not a right, yet these days you complain if the power goes out for an hour, and see third-world countries with villages that "don't even have basic electricity." As offline services like analog telephone get switched off, you'll wish the Internet was a basic right and not a "privilege".

Re:Good

[binaryseraph]

From Facebooks Terms of service:
Sharing Your Content and Information

You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:

For content that is covered by intellectual property rights, like photos and videos ("IP content"), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook ("IP License"). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.


As far as who the information is sold to- who cares? Your data has been bought, sold, traded, bargained and raped LONG before facebook even came into existence. Its just a little easier to send a zip file online than a few stacks of paper over snail mail. The moment you opened up a credit card, bought a house, went to school, went to college, were born, died- all that information exists in a public domain and has been bought up, parsed compiled and there exists a digital file somewhere of "you" It may or may not have your name, but you can bet it has all the other data on it. Now, is it right? Depends. If you have submitted data to the "public sphere" then you have it coming to you. I myself, don't mind if the data I conciously provide is used. All they have is a name, an email address (which I use specific for social networking) my age and geographic location. Beyond that they may be able to piece together some complicated logic scrips to pull out some of my likes and dislikes (oh, and yes, facebook sells that tidbit of data when you click on something saying you like pickels, or hate cats- why wouldn't they?).

I'm going to pause on that tantrum (as I expect a plethora of responses and picking out of lines i've written for rebuttal and move to an alternate way to look at things:


What if the ad's you saw online were suddenly realevant to you? You got ads for upcoming software releases, music events for bands I actually want to know about, cheap computer parts or even low air fares to my favorite destinations. All of a sudden I am being given marketing data that I actually might be interested in. Like turning on the TV and having really awesom comercials for products I give a rats ass about. At the end of the day, that is what marketing firms are doing here. They are not taking your data so they can make sure the only ads you get are for pampers diapers and coupons for grade C tuna fish that expired last year.

Anyway, enough of my playing devils advocate. I am a champion of privacy- but I also understand why and how my data is shared- I just make a point to control what data I put out into the world. Others should take this mindset too.

Re:Good

I've said it before, and I'll say it again

Dammit people! This guy has said it before; why isn't anyone listening to him?!?

Re:Good

[Ja'Achan]

Which advertisers?

All of them

Which marketing firms?

All of them

What factors are cross referenced with what other factors using what models?

All of them

Does that make it any clearer?

Re:Good

If you give your non-anonymous data to some company without personally ensuring they won't do anything with it you don't approve of, then you get to live with the consequences of them having data about you. Why don't you take some personal responsibility rather than crying to big mommy government to fix all of your problems for you?

Why is this limited to google?

Does that mean that companies that aren't Google are not barred from misrepresenting privacy or condientiality of the user information they collect? That seems like it should be a law for everyone. Similarly for the requirement to get user consent if it changes its privacy policy.

Dupe.

A dupe - with both articles appearing on the slashdot front page at the same time!

http://tech.slashdot.org/story/11/03/30/1517238/Google-Agrees-To-Biennial-Privacy-Reviews

Google got hit before Facebook?

[KlomDark]

Not fair. Google's been a lot better at protecting info than Zuckerberg's famous pig.

Re:Google got hit before Facebook?

[macshit]

Not fair. Google's been a lot better at protecting info than Zuckerberg's famous pig.

Google's a lot better than most companies -- but their success has made them some powerful enemies, who do a lot of lobbying...

Re:Google got hit before Facebook?

[Target+Drone]

Don't worry. Just as soon as the next "pro business" administration gets into office Google won't have to worry about these left wing communist job killing audits anymore.

Re:Google got hit before Facebook?

[lanner]

Did it not occur to you that Google may have WANTED a relatively "harsh" punishment to set precedent specifically so that it might be applied to Facebook as well?

It's a wild idea, but I like wild ideas.

But yea, Buzz was a serious fuck-up and it's a good thing the dude who directed that disaster ain't working at Google any more.

Re:Google got hit before Facebook?

[mldi]

Did it not occur to you that Google may have WANTED a relatively "harsh" punishment to set precedent specifically so that it might be applied to Facebook as well?

That's a very high possibility, considering other things they wanted to push through. Google's baby is advertising, obviously. They do some location guessing (or, not guessing if you consented and are using a mobile device with GPS) for advertising purposes but I don't believe they use anything else. Facebook's advertising methods are a bit more liberal with your personal info. It'd be beneficial to Google to set a precedent to knock Facebook's advertising revenue back a few paces.

But of course, that's only if you honestly believe they're actually competing with each other for the same advertising dollars.

Re:Google got hit before Facebook?

[cbope]

Very fair I'd say. Especially when Google has been caught re-handed in multiple countries with data sniffed from unsecured access points collected without any user consent.

Sure, you can argue all you want that unsecured connections are bad, but that does not justify widespread data collection like Google was doing via their street view cars. They were doing something they should not be and got caught. The worst part is their defense, at least in the beginning... that they did not know they were collecting data. Pure BS and they should have gotten slapped a lot harder for that breach of privacy.

Forget Facebook...

...how about getting our own GOVERNMENT to follow these guidelines? I'd have a hard time following an edict by someone who won't follow it themselves.

Re:Forget Facebook...

...how about getting our own GOVERNMENT to follow these guidelines? I'd have a hard time following an edict by someone who won't follow it themselves.

What are you talking about, government transparency is fine.

Re:Forget Facebook...

[ArundelCastle]

I'd have a hard time following an edict by someone who won't follow it themselves.

You look thirsty, here, have some more kool-aid. I'll have mine later.

Dupe!

[Jstlook]

I know, it's slashdot, but don't dupes usually wait a day or a week before getting posted?
http://tech.slashdot.org/story/11/03/30/1517238/Google-Agrees-To-Biennial-Privacy-Reviews

20 years seems excessive

[Nimey]

Five years and then a checkup now and again, sure, but 20 years is /forever/, even in the non-technical space.

Re:20 years seems excessive

[shutdown+-p+now]

What's wrong with permanent long term oversight like that? Privacy is a sensitive thing, and even if Google only makes honest mistakes, such audits would flush them out earlier, minimizing damage.

Only this needs to be applied consistently to all companies dealing wit significant amount of private data - Facebook, MS, Amazon etc.

Re:20 years seems excessive

[Nimey]

Well, that's precisely it: it's unfair to single out Google for such an unbelievably long time.

Then, too, who watches the watchers?

Re:20 years seems excessive

Indeed. For a duration of 20 years, maybe they should think about making it a law, so it can be applied to a greater range. Get your privacy check-up or lose business license kind of deal.

Impromptu check ups, like fire marshals. Could very well see something like this \/

Privacy Consultant: *Puts on latex glove, making sure to snap it* I'm here for the check up!
Company Employee: We didn't call for a doctor.
Privacy Consultant: I'm here to probe you to make sure you aren't probing others. *grins*

Re:20 years seems excessive

Then, too, who watches the watchers?

Rorschach.

Re:20 years seems excessive

[willoughby]

I'm not sure it's excessive & I can even see it being used as a selling point; not too much different than seeing on a meat package "Packed under constant supervision of the USDA".

"Googles privacy practices are scrutinized by the US Government and we are the only online service provider who can offer that assurance"

Re:20 years seems excessive

Well, you could always google them...

This does seem a bit excessive.

[Rifter13]

This seems a little excessive to me. They recognized the problem, and took care of it, fairly quick. They didn't realize they had a problem on launch. It seems to MY eyes, that Google TRIES to do the right thing. Unlike Facebook, that does the wrong thing, until OVERWHELMING complaints roll things back. The privacy issues caused by the Buzz launch seemed to not big a big deal, except for a few outliers.

Re:This does seem a bit excessive.

[Nerdfest]

On the plus side, they probably won't have a big problem with it, and if they're very smart (which much of the time, they are) they can use this privacy review as a feature if they want to push any of their own social services over some of their competitors. Worst case, it may push some other to volunteer for the same sort of reviews.

Re:This does seem a bit excessive.

[jrumney]

Google tries to do what they can get away with. Don't be fooled by the "don't be evil" motto.

Re:This does seem a bit excessive.

[LordLucless]

So what, they can get away with placing clearly-marked advertisements on their own pages? The horror...

I notice the top organic results point straight to MS

Re:This does seem a bit excessive.

[jrumney]

The advertisement may be clearly marked as "Ad", but it is also clearly marked "Download Internet Explorer 9", clicking on which will take you to the Chrome download page. This kind of deceptive advertising is unethical, and in most countries illegal. The European and US sites do not have this Ad at the top, so Google are clearly aware of that.

Re:This does seem a bit excessive.

[Anubis+IV]

Unlike Facebook, that does the wrong thing, until OVERWHELMING complaints roll things back.

Actually, if you look, they never roll things back to how they were. They always take two steps past the line of acceptability, then take one back when the complaints come in, but they never go back completely. They've been using this strategy for the last couple of years, as many folks on Slashdot have noticed with the last few major violations of ethics/privacy/decency.

Re:This does seem a bit excessive.

[LordLucless]

The one I see doesn't mention "Download" at all.

Re:This does seem a bit excessive.

[pelrun]

No, it's not marked "Download Internet Explorer 9". It's marked "Internet Explorer 9", which is the search term that the ad is targeted at. And it explicitly shows the true destination of the ad link - which is pretty much the polar opposite of 'deceptive'.

Re:This does seem a bit excessive.

[jrumney]

OK. My original search had the word download in it, so a slightly different ad was shown. But calling that "the polar opposite of deceptive" shows your bias. Why is this ad only showing up for localised google sites for countries with weak consumer protection laws? European and US law would not see this as the polar opposite of deceptive.

They are not simply displaying the search terms as the link either, they have deliberately crafted the ads to have those deceptive links in a way which would cause other advertisers to have their ads removed under the terms and conditions of the service.

20 years of reviews for a12.5 year old company

[Sir_Sri]

What's amazing to me is that google, being not quite 13 years old, is being slapped with requirements that will extend for 20 years. Who knows, by then they could be a completely different company.

Re:20 years of reviews for a12.5 year old company

Not long enough. It only lasts for one year after the singularity arrives. By then Google should be a company entirely owned and operated by the machines. That's when we'll really need it. Need to be more forward thinking folks!

Re:20 years of reviews for a12.5 year old company

[mldi]

Well, none of that will matter since the world is ending in a bit under 2 years now.

Re:Google, meet Samsung

[larry+bagina]

Obvious to you, obvious to me, apparently not obvious to google.

Slashdot needs a duplicate post audit

[yelvington]

        The soldier who saw everything twice nodded weakly and sank
back on his bed. Yossarian nodded weakly too, eyeing his talented
roomate with great humility and admiration. He knew he was in the
presence of a master. His talented roomate was obviously a person to
be studied and emulated. During the night, his talented roomate died,
and Yossarian decided that he had followed him far enough.
        'I see everything once!' he cried quickly.

-- Joseph Heller, Catch-22

spies like us spy on each other to keep us safe..

from the wrath of; god? chosen ones? aliens? terrorists? queers? the clergy? each other? tag team? .5 billion, here we come....

there's only one *real* way to have privacy

And that's not give them your data to begin with. Anything else and it's out of your hands: they might or might not act reasonably, and there's fuckall you can do about it either way.

That means: no using google service. Don't run their tracker scripts. No gmail.

There are plenty of alternatives out there without the privacy problems. If you don't want your every personal detail to be fodder for data miners, *don't bloody give it to them*. It's the only way to be sure.

Also, privacy gets worse when a single entity aggregates a large amount of separate kinds of data. Google has been doing this in spades.

It amazes me that in 2011, anyone is still willingly giving their personal data over to internet data miners. In 2000 I might have understood it for general lack of awareness about the extent of it. But it's been the lead story on bloody CNN on many occasions. It isn't a mystery now to anyone who hasn't been living in a cave for the last decade.

Putting some legal blinders on google only slows the tide a tiny bit. The only way to stop it is to stop running trackers, stop downloading web bugs, stop giving all your personal data to sites that sell it on down the stream.

Re:there's only one *real* way to have privacy

[RoFLKOPTr]

It amazes me that in 2011, anyone is still willingly giving their personal data over to internet data miners. In 2000 I might have understood it for general lack of awareness about the extent of it. But it's been the lead story on bloody CNN on many occasions. It isn't a mystery now to anyone who hasn't been living in a cave for the last decade.

Exactly. I know how much of my data companies like Google and Facebook have -- a fuckton. And you know how much that concerns me? Very little. What's the big deal? Why are people so hellbent on keeping things private? Newsflash: GOOGLE DOES NOT CARE ABOUT YOUR DATA, ONLY DATA. Nobody at Google is reading through your emails or browsing habits. It's all automated. Nobody knows anything about you because nobody cares about you.

Re:there's only one *real* way to have privacy

[mldi]

Unless of course you happened to be a jaded employee that gets all upset over people deleting him from their contact lists and you have the equivalent of GOD power in terms of access. Yep. Happened at Google.

Re:Google, meet Samsung

[lgw]

Evil or not, it's pretty cool to see the US Government siding with consumer privacy against a major corporation. Is this a sign of an attitude change, or merely a sign that Google is (relatively) new and hasn't figured out who they need to bribe yet?

Thank you Schmidt.

[unity100]

For screwing up so bad. There's yet the wireless sniffing incident to deal with.

Thank you for screwing up the ethics of a company that had maintained acceptable ethics for a long time and having it obliged to something that no other company is put through.

And about you, good riddance.

sun, apple, oracle .... what would you expect from someone who took on the culture of those companies.

Re:Thank you Schmidt.

[slimjim8094]

Jesus are people still talking about "wireless sniffing" like it's a terrible thing? That's like calling it my fault that I'm forced to smell it when you rip ass.

In fact, that's a more apt analogy than I intended. The recipient has no control, in each case, of whether it gets to them. Can they be faulted for collecting? Sure, it would make them a little creepy if they delibrately inhaled, but there's absolutely no evidence than they intended to. In any case, it's not their fault for having it be there in the first place.

I'm so sick of this WiFi shit. IT'S FUCKING RADIO WAVES! THEY ARE **BROADCASTED**. BROAD ... CAST.... If you don't want it to get out there, then DON'T SPEND MONEY AND ELECTRICITY TO PUT IT OUT THERE! Or at least encrypt it!

Re:Thank you Schmidt.

[unity100]

pipe down buster. easy. easy ....

Re:Thank you Schmidt.

[auLucifer]

Not only were google inhaling, they were jaring it otherwise how could someone prove google sniffed it to start with? If they had no intention to further inhale from the source then why were they storing what they sniffed? If they never had any intention to retrieve the "ass ripping" output then why even walk around sniffing for it?

I don't care if google has an affinity for a bit of sniffing and the bystanders were caught with their pants down but to say google didn't intend to inhale just seems a bit naive to me.

Re:Thank you Schmidt.

[slimjim8094]

They didn't, or at least there's absolutely no evidence that they did. On the contrary, actually, the software they were using (Kismet) saves unencrypted packets by default. You have to go and turn it off. So it sounds to me like they forgot to do that, which is something that I've done myself so I can relate.

Add to that the fact that *nobody knew about this* until Google said "yeah, we did this by accident and we're deleting it". If they were trying to be sneaky and collect people's information, why would they come and reveal something that had been a secret? That's not how I hush something up, that's how I try to stave off potential misunderstandings. But apparently it didn't work.

I guess the lesson here is that when corporations screw something up, they should never come clean and instead just hush it up. At least that way they stand a chance of not being ripped apart for it. Frankly, I thought we wanted to discourage that behavior as a society, but maybe that's just me.

I think Google makes a good search engine and good products, and I am happy to "pay" my eyeballs and habits for that. But I am *very* wary of the amount of power they have, so I watch their actions very closely. I have seen no evidence for more than 5 years that they are anything other than upstanding - and like I said the bar has been set higher for them. In fact, when stuff like the WiFi thing above, and the Buzz thing in the OP is the worst anybody can come up with, I'm pretty confident that they're not a "bad guy".

Re:Thank you Schmidt.

[slimjim8094]

Troll? Come on, it was more like a flamebait (though I'd argue it was just flame...:p ). Troll means something, people.

Re:Thank you Schmidt.

[Jah-Wren+Ryel]

I think Google makes a good search engine and good products, and I am happy to "pay" my eyeballs and habits for that.

I wish they would offer a simple option to pay with money instead and gave a binding guarantee of absolutely no advertising, data mining, sharing or storage of log info beyond the barest minimum required for technical (troubleshooting, et al) reasons, like 7 days or so.

I'd gladly pay 50+ bucks/year for something like that with

Re:Thank you Schmidt.

[mldi]

Yep, it's "my fault" that when I took photos from a public street for the purposes of collecting data on house exterior colors that I caught photos of you jerking off to animal porn because you had the blinds open and just trusted that nobody would look.

Re:Thank you Schmidt.

[adolf]

I wish they would offer a simple option to pay with money instead and gave a binding guarantee of absolutely no advertising, data mining, sharing or storage of log info beyond the barest minimum required for technical (troubleshooting, et al) reasons, like 7 days or so.

I'd gladly pay 50+ bucks/year for something like that with

Perhaps you and your data are already worth more than "50+ bucks/year."

Re:Thank you Schmidt.

[Jah-Wren+Ryel]

Perhaps you and your data are already worth more than "50+ bucks/year."

Not with adblock installed and me only using their generic services - google sells eyeballs but they aren't selling mine. At best I'm worth a few bucks to them as part of trend analysis.

hrm

[spottedkangaroo]

I can't see any reason this shouldn't apply to all companies.

Can we hold the federal govt to the same standard?

[mykos]

I have a feeling they're retaining a lot more unnecessary information than google.

if we don't spy on each other, won't it kill us

we don't think any of our friends & neighbors want to hurt god or america, but without sneaking around, how will we know? scary to think how many of our (former?) friends & neighbors from all over the world really just want to kill us, even though they say they just want to try having their life, without our unrefusable help? even the still unproven dead could come back to cause more trouble? shooters+targets+buyers+sellers = .5 billion? this doesn't include possible religious aliens, euganatics, the deities themselves etc... what a spectacle? almost biblical?

The illusion that we care

[khallow]

Smack their knuckles with a ruler for good measure

Why? Overpunishment is just as unproductive when applied to businesses as it is to poor, desperate saps. And "now don't you do that again, Google!" is a reasonable response when you have, as in this case, a reasonable expectation that Google indeed won't do it again.

Re:The illusion that we care

[clang_jangle]

But we brought our pitchforks and torches, we can't back down now! Man, what a rip...

nice dupe, morons

[MichaelKristopeit408]

slashdot = stagnated

Re:Google, meet Samsung

[countertrolling]

Yes, and it will be so easy enforce and verify.. What they got caught with so far amounts maybe to one one thousandth of what they have. This is a silly distraction. You will not have privacy on a networked computer.. never...

oh good . . .Comprehensive

Conservatives are always comprehensive

Liberals are always comprehensive

Bipartisanship is comprehensive

Def: Comprehensive ! "When you care enough to use four syllables and never follow through"

The Settlement Bars Misrepresentation?

[Bob9113]

From the article:

"The proposed settlement bars Google from misrepresenting the privacy or confidentiality of individualsâ(TM) information or misrepresenting compliance with the U.S.-E.U Safe Harbor or other privacy, security, or compliance programs."

I am confused. The article is from the FTC itself, so it seems unlikely that they got this part wrong.

Is this really saying that companies are not, by default, barred from misrepresenting their handling of individuals' information?

That seems so strikingly wrong that I am having a hard time believing that I am reading it correctly.

Do no evil, do some evil?

[BunkAsInBed]

My conclusion after reading this. They didn't pay enough on lobbyists. This of course is scary once you see how much they already pay for lobbying and how fast its grown. Here's the question I pose to you. Is Google, the company of do no evil, doing evil by putting this many resources towards these efforts or is that just par for the course when you get that big?

Re:Do no evil, do some evil?

[Confusador]

failing to do enough good != doing evil.

Clearly there are times when inaction can be evil, but I can't see where this is one. And as you point out, they are trying (though I'm a bit skeptical that what Google's lobbying for and what I would want are the same, at least they're closer than e.g. Facebook), so even if this were one of those situations, they would still not be doing evil. At least in regard to your question.

New Google Mission Statement

[MasterOfGoingFaster]

Do less evil....

(meant to poke fun - I actually like Google)

Re:Google, meet Samsung

[Jah-Wren+Ryel]

Evil or not, it's pretty cool to see the US Government siding with consumer privacy against a major corporation. Is this a sign of an attitude change, or merely a sign that Google is (relatively) new and hasn't figured out who they need to bribe yet?

Or its just a cover for a secret agreement to feed everything they collect to a bunch of three letter agencies bypassing all judicial oversight.

Re:Google, meet Samsung

[mldi]

I'm going to side with the argument that Google hasn't paid them enough or given them what they wanted.

The US Government isn't exactly a huge privacy advocate. Oh, unless it pertains to their own bullshit.

Why stop at Google?

[DarkOx]

I am not sure its a sound expansion of FTC powers to start conducting privacy audits of companies. If they are going to do it though Google is really the least of my concerns. I'd like to see Financials, Insurers, Cellular Carriers, and Utilities audited more so than Google. Google is going to use the information they have on me to try and market stuff to me and of course there is a risk it could get leaker. Those other guys are all in a position to do things of much greater consequence to my life with that same data and if anything more likely to leak it.

Re:Facebook vs Google

[TaoPhoenix]

This is almost a false dichotomy like the current US political party situation.

Trying to stay even handed, I absolutely agree that Google is *one of* the companies that needs privacy oversight.

But then one of the Google SuperLawyers needs to turn this around into a precedent, so that the other 10 (more?) companies that need oversight get it.

Re:Google, meet Samsung

[Luckyo]

You mean meet the moronic researcher whose "deep investigation" couldn't notice that the false positive given by his antivirus hit a windows localization folder and just test the file in question on a different scanner?

This could be a selling point

[Rambo+Tribble]

"Google has the only government-reviewed privacy and security policy."