Slashdot Mirror
Google Facing FTC Fine Over Safari Privacy Breach
suraj.sun writes "Bloomberg is reporting on Google's negotiation with the U.S. Federal Trade Commission over 'how big a fine, which could amount to more than $10 million, it will have to pay for its breach of Apple's Safari browser. The fine would be the first by the FTC for a violation of Internet privacy as the agency steps up enforcement of the Web.' Last year, Google agreed to a settlement in which the FTC would monitor Google's privacy practices for an extended period of time. 'The 20-year settlement bars Google from misrepresenting how it handles user information and requires the company to follow policies that protect consumer data in new products.' This February, Google was found to be bypassing privacy controls in Safari by making the browser think a user was submitting a form, when they actually weren't. '(The code used by Google was part of its program to place the "+1" button in advertisements.) At the time, the company issued a statement saying that the circumvention wasn't intentional, but privacy groups were still quick to file complaints with the FTC over Google's actions. That was quickly followed by a class-action lawsuit and an investigation by European regulators.'"
They were using a legitimate feature of the browser. It's not as if they were hacking/etc.. anyone can do this and submitting forms has been around since the web was born. If Apple wants to block cookies on 3rd party form submissions they can go right ahead. Until they do the blame is on Apple not Google.
AccountKiller
If you forget to lock your car door and someone steals your car, should you be arrested as an accessory to grand theft?
Do you even lift?
These aren't the 'roids you're looking for.
(Guy who thinks that copyright infringement is stealing)
Safari lets the user choose in which situations cookies are accepted from a website. One of those situations is when the user fills out a form on the website, so clearly the user has knowingly interacted with the website. Google subverted this by secretly creating a form and pretending that it was filled out by the user, tricking Safari into accepting cookies. That was no accident, that was a deliberate trick to get around the user's privacy settings.
Since Google was on the hook for previous privacy violations, and had agreed to a settlement where they agreed that the FTC should check for further violations, a fine at this time is quite correct.
Google gets big, makes powerful enemies. News at 11.
Funny how we only really vague, trivial shit gets Google in to the court room.
For all those with a clue, Google's actions are really a workaround to a broken, stupid browser privacy scheme that does nothing to protect users from the real bad guys. Just a way to fix web pages for a browser that's not standards compliant. Many times less harmless to the hackery you have to commit to get a web page to work properly in IE6.
While all software has bugs and suffers from poor design decisions in some way, web browsers (and web technologies in general) are utterly rife with some of the stupidest mistakes known to mankind. These aren't mild mistakes, either. They're mindbogglingly stupid boondoggles. JavaScript is the biggest, filthiest computing mistake of all time, for example. But others, like cookies, are close behind. While the security implications are usually less severe, CSS is yet another example of one stupid decision after another.
It's time for the browser developers to get their acts together. Stop adding useless new features that are riddled with security flaws. Fix some of the existing problems, for crying out loud!
Microsoft only got 10 years, and they were not merely spying on people but also abusing their monopoly position to drive competitors out of business. (Kinda like what Comcast is doing now with Hulu, Amazon video streaming.) Google should receive a more-lenient settlement than 20 years.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Posts like yours are why people think Slashdot's readers are biased in favor of Google.
"Sufferin' succotash."
Punitive fines are a thing. They are designed to discourage bad behavior.
If fines only made you pay back damages, then there is no disincentive to fuck people over.
WHILE(1){
Cheat();
IF(CAUGHT) Pay Fine();
}
With punitive damages:
WHILE(IsProfitable(totalFines, totalIllicitGains)){
Cheat();
IF(CAUGHT) Pay Fine();
}
If you forget to lock your car door and someone steals your car, should you be arrested as an accessory to grand theft?
Poor car analogy, not least because your insurance company might not be very sympathetic, and also because it isn't the end user's fault in the Safari case. Better analogy:
If your car manufacturer builds a faulty door lock, and the car gets stolen, should the manufacturer have liability (i.e. should you be able sue them for loss of your car when you had some expectation of security)? Probably, the answer is "yes" (but probably you can leave the insurance guys to take them to task instead, since they're the ones losing more than CDs and fluffy dice that you got from Auntie Mavis).
There is no expectation of privacy on the internet, irrelevant of the browser you use or the site you visit. I would LOVE for the government to pass a law specifically stating there were such an expectation... but to do so would mean they would have to obey the law as well. For the government to fine a business for privacy violations when the government itself is collecting far more sensitive information about us, for much more nefarious purposes than profits, is just silly.
Pfft whatever... If Google broke the law, they should be fined. It will be a slap on the wrist anyway. If not, write a nasty press release about them, and let god sort it out. This is like the senate wasting an infinite amount of time on steroids in professional sports.
“He’s not deformed, he’s just drunk!”
Please allow me to explain. First, submitting forms via javascript is NOT anything new. Many sites do this, and for a variety of legitimate reasons. Hell, half the API's which insert remote JS files use forms for one thing or another, and if it's multipart and you want a progress bar, hey, look at that, a legitimate reason for using javascript to submit the form!
Just because Google did this does not mean it was intentional. But, sure, go ahead, keep your tin foil hat on and keep hiking that pitchfork in the air.
I wish it was more - Google deserves it. I don't get why they're allowed to NEGOTIATE their fine, though.
NOW will the tech community stop fawning over them? Google does NOTHING for the betterment of the web - it's all about money, data, and advertisers.
Second,
Google subverted this by secretly creating a form and pretending that it was filled out by the user, tricking Safari into accepting cookies.
So.. you think it's acceptable for Apple software engineers to rely on poor trigger mechanisms, but it's not acceptable for Google engineers to make a mistake and possibly be publicly humiliated for what was an honest engineer's decision regarding a common and fairly legitimate implementation?
You admit that Google was being deceptive but that Apple is responsible for Google's having to be even more devious in the future. Nice.
Hi, this is Rupert with Fox News. We love the spin you applied to the story, it's nearly unrecognizable! We'd really appreciate it if you sent us your resume, we could use more reports of your caliber.
Yeah, but these were users with Google accounts. They presumably *also* wanted their Gmail to work. So, what happens when the user wants two incompatible things? No cookies, but web services that need cookies?
What the fuck is this shit. When did they get authority over every fucking thing.
Whatever privacy violation Google committed here is diminutive in comparison to what our government does. Ironic that I just finished perusing this: http://yro.slashdot.org/story/12/05/04/1935210/fbi-we-need-wiretap-ready-web-sites-now
So, what about the defective Safari?
Did Google actually violate the law any more so than Apple by expecting all websites to behave?
As someone who has spent quite a bit of time dealing with quirks between the different browsers, it seems (barring evidence to the contrary) entirely possible that the developer may not even have just assumed they were working around a quirk.
$10 million, even $50 or $100 million isn't going to phase a company with google's revenues. they'll pay, admit to nothing, "promise" to do better (but not really do it).. life will go on and google will continue to trample on its users' privacy.
Last year, Google agreed to a settlement in which the FTC would monitor Google's privacy practices for an extended period of time
Does facebook have a similar agreement? This safari thing seems like peanuts compared to some of the stuff they pull. If I am wrong please feel free to explain to me how, I am not claiming to be an expert merely asking a question.
Can we just kill all these old fucks who don't know anything about computers?
I think it would be time for law enforcement agencies to step in and do something about Google's constant abuse. They have shown their constant blatant abuse of the law for a long while already. Google has also got one of the largest fines government has put on any company when they were allowing rogue pharma ads on AdWords (500$ million fine).
The next step is to break up the company. Leave Google as search engine and remove their advertising business as separate one. Do the same for YouTube, Chrome and other parts. Monitor that they actually work independently and that they also work with other advertisers than the old Google advertising arm. Make it clear that if this shit continues, their whole operation will be shut down and the owners and CEO's jailed.
This is the only way that works and how we can stop Google's abuse.
Now why do you suppose he agreed to pay $1.1 billion in fines. You know nothing of what happened. From your own link he made over $1 billion in 4 years. he only had four losing months in 17 years of trading. Yeah all that insider trading and racketeering only caused less than half a million in damages. You'd have to be really dense to believe that. Plus you (and I) are off-topic.
While I don't totally disagree that this is a good idea, I can think of quite a lot of companies that should be higher up the list for this kind of intervention. For example, almost every telecoms or energy company...
I am TheRaven on Soylent News
No, more accurately –if the manufacturer builds a faulty lock, and bill steals the car, should bill still go to jail for theft ;)
Do they now?
Every story about Google has 85% of the posts bashing Google, even if you look back as far as 2006.
I'm so tired of Google's arrogance that I will be very happy if they get fined 10million, even if that's pocket change for them. Bunch of arrogant assholes.
--
Sundar Pichai is the utter asshole whose incompetence has resulted in the shutdown of Google's Atlanta office.