Slashdot Mirror

← Back to Stories (view on slashdot.org)

How a Lone Grad Student Scooped the FTC On Privacy Issue

Posted by Soulskill on from the dear-ftc-please-hire-people-like-this dept.

Pigskin-Referee sends this excerpt from an article at ProPublica: "Jonathan Mayer had a hunch. A gifted computer scientist, Mayer suspected that online advertisers might be getting around browser settings that are designed to block tracking devices known as cookies. If his instinct was right, advertisers were following people as they moved from one website to another even though their browsers were configured to prevent this sort of digital shadowing. Working long hours at his office, Mayer ran a series of clever tests in which he purchased ads that acted as sniffers for the sort of unauthorized cookies he was looking for. He hit the jackpot, unearthing one of the biggest privacy scandals of the past year: Google was secretly planting cookies on a vast number of iPhone browsers. Mayer thinks millions of iPhones were targeted by Google."

120 comments

  1. What are "secret cookies"? by DogDude · · Score: 5, Interesting

    What are "secret cookies"? Does anybody know what in the hell this means? Last I checked, cookies were plain text files stores in a specific place on a computer. How can a cookie be "secret"?

    --
    I don't respond to AC's.
    1. Re:What are "secret cookies"? by Anonymous Coward · · Score: 1

      when the locked-down computer/device prevents you from seeing them?

      Not sure if that's what's going on here - but being plain-text does not necessarily mean readable. I don't know how to see/read cookies on my ebook reader, for example.

    2. Re:What are "secret cookies"? by Anonymous Coward · · Score: 0

      Without RTFA I'd guess they mean the use of hidden cookies despite you being 'opted-out'.

    3. Re:What are "secret cookies"? by BitZtream · · Score: 5, Insightful

      You don't use a cookie.

      You use an image and some nifty tricks to figure out if it was cached and long story short, you trick the browser into giving you info because of how it responds to cached documents.

      This was on slashdot when the story originally came out with a much better description.

      And I seem to recall that it was pretty clear at the time by looking at the java script that it was probably purely accidental rather than intentional.

      Unfortunately, with CmdrTaco gone, sensationalizing of stories has shot up tremendously. You pretty much have to assume the summary is a lie now days. Not an error, an intentional lie.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    4. Re:What are "secret cookies"? by Anonymous Coward · · Score: 0

      Unintentional? You need to check your sources.

    5. Re:What are "secret cookies"? by Anonymous Coward · · Score: 1

      There are no "secret cookies". Cookies are stored by your browser. Opting out means telling your browser not to store the cookies sent by the server. All other forms of "opting out" are doomed to fail anyway. It's as simple as that.

      If your browser still accepts cookies despite you have configured it not to do that, it's your browsers fault, not the fault of the website operator. Don't get me started on stupid things like "Do not track". There was a time when IT people laughed at things like that (remember the evil bit?).

    6. Re:What are "secret cookies"? by girlintraining · · Score: 0

      (Reply killer: I understand child molesting is far worse than undesired tracking.)

      I don't know about that. If child molesting is 10,000 times worse than web tracking, and web tracking is 100,000 times more common than child molesting, then web tracking is a problem 1,000 times worse than child molesting from a global standpoint.

      --
      #fuckbeta #iamslashdot #dicemustdie
    7. Re:What are "secret cookies"? by Teresita · · Score: 2

      Possible solution: run your browser from a custom partition sized just big enough for the browser executables. Let it fill the rest of the way up with Internet temp files until the OS reports no more space on the drive. Then Google won't be able to store cookies, secret or no.

    8. Re:What are "secret cookies"? by Anonymous Coward · · Score: 0

      And I seem to recall that it was pretty clear at the time by looking at the java script that it was probably purely accidental rather than intentional.

      Unfortunately, with CmdrTaco gone, sensationalizing of stories has shot up tremendously. You pretty much have to assume the summary is a lie now days. Not an error, an intentional lie.

      I seem to recall you didn't RTFA. But with CmdrTaco at the Washington Post, you have to pretty much assume he's correct NOW?

    9. Re:What are "secret cookies"? by AliasMarlowe · · Score: 5, Informative

      when the locked-down computer/device prevents you from seeing them?

      Not sure if that's what's going on here - but being plain-text does not necessarily mean readable. I don't know how to see/read cookies on my ebook reader, for example.

      A good argument for knowing something about how your device works. I don't have an e-Reader, so don't know whether it's even possible to clear cookies (maybe they're needed to maintain access to purchased ebooks). Anyway, this whole rigmarole strongly reinforces Eben Moglen's recent suggestion. The spying behavior of locked-down devices is making his case very clearly.

      On a PC (not yet locked-down by UEFI), it's not sufficient just to clear cookies and LSOs. We have Opera set to delete its entire cache as well when you exit, and the kids know to clear their browsing history regularly (curious how quickly they learned that one). Firefox is also set to clear its cache and browsing history automatically on exit. On Chromium and Chrome, it's necessary to manually clear the entire cache and browsing history.

      FWIW, this site will tell you what can be discerned from your browser just visiting a page. It's likely to increase your paranoia level a bit, especially when this site tells you just how unique your browser is. Ours all appear to be unique, probably largely due to the installed fonts and plugins.

      Has anyone else noticed the appalling sensationalism in headlines these days? Slashdot is in danger of becoming just another gutter-press gossip site.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    10. Re:What are "secret cookies"? by mwvdlee · · Score: 1

      I guess he just means fingerprinting, which has been known to happen for years now.
      Banning cookies does nothing to prevent tracking, but makes functionality harder to implement.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    11. Re:What are "secret cookies"? by phantomfive · · Score: 2

      Has anyone else noticed the appalling sensationalism in headlines these days? Slashdot is in danger of becoming just another gutter-press gossip site.

      The sensationalism comes from the story on Wired. And it just reminded me why I don't read that magazine.

      --
      "First they came for the slanderers and i said nothing."
    12. Re:What are "secret cookies"? by jo_ham · · Score: 1

      Accidental. Right.

      For sale: 1x bridge, no time wasters.

    13. Re:What are "secret cookies"? by phantomfive · · Score: 5, Informative

      No, that is a different technique. This one does use cookies, but it gets around the restrictions in Safari by doing a POST in the iframe. Details here, the Wired article is useless.

      --
      "First they came for the slanderers and i said nothing."
    14. Re:What are "secret cookies"? by Anonymous Coward · · Score: 3, Insightful

      Harm doesn't work like that. If it did, advertisers would be recognized as mass murderers, because they waste a few minutes of millions of people each day. If there are 300 millions people (let's take the US population) each of which watches 10 minutes of (unwanted) commercials each day, that is about 5704 people-years wasted every day. Divide that by a life expectancy of, say, 80 years, that is the equivalent of killing 71 people each day.

      Let 'Harm' be the unit of harm. Turns out inflicting c/n Harm on n people is not the same as inflicting c Harm on 1 person.

    15. Re:What are "secret cookies"? by Ol+Olsoc · · Score: 1

      What are "secret cookies"? Does anybody know what in the hell this means? Last I checked, cookies were plain text files stores in a specific place on a computer. How can a cookie be "secret"?

      There are Flash cookies, that are not stored in your cookies folder, and are not all flash cookies either, if ya know what I mean.

      Better Privacy add-on for Firefox is one fix, although I suspect the cookie problem is a moving target.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    16. Re:What are "secret cookies"? by JonySuede · · Score: 2

      there should have been a link to that to: https://panopticlick.eff.org/

      --
      Jehovah be praised, Oracle was not selected
    17. Re:What are "secret cookies"? by Anonymous Coward · · Score: 0

      shit according to that site my browser fingerprint appears to be unique among the 2,268,251 tested so far.

    18. Re:What are "secret cookies"? by JonySuede · · Score: 1

      they are killing at least that much people a day, look at the mental health of the average westerner and you'll will find that publicity is quite dangerous, anorexia, social anxiety and a vague feeling of emptiness are frequently caused by it's subconscious impact http://www.ncbi.nlm.nih.gov/pubmed?term=television%20advertisements . It so dangerous that advertisements targeting children are ban in most civilized countries.

      --
      Jehovah be praised, Oracle was not selected
    19. Re:What are "secret cookies"? by Anonymous Coward · · Score: 4, Interesting

      There are some things that need to be added to this.
      1) Browser history clearing should not be necessary. If a browser leaks history information that is a vulnerability that needs to be addressed. But I've found the ability to search the history very valuable and it isn't something you'd want to deprive yourself of.
      2) Most websites that would abuse potential leaks are blocked by ad blockers. You might also want to run PeerBlock.
      3) Sites don't need your browser history to fingerprint you anyway. (You hinted at this, but I might as well make explicit that clearing your history or using a secure browser ultimately may not matter.) Browsers send websites too much data; browser developers must put a stop to that. Stop sending user agents; stop sending plugin details.
      4) It doesn't matter if you can view the cookies you have. Most of the time they're filled with seemingly gibberish. If you can't read them, they're still secret. But remove them and the site stops working. This will only change if browser developers start blocking cookies by default, and make it impossible to simply whitelist all websites. Again, browser developers, get of your arses.
      5) What the EFF site you linked doesn't show is that there's potentially much more data to be harvested from the JavaScript environment. You can probably detect certain browser extensions that modify styles or inject elements for example. And you can check the size of the browser window (you can safely assume it will be maximised since nowadays almost no website works if it isn't, sadly). All harvested information can be passed back to the website silently through the magic of XmlHttpRequest. So either XmlHttpRequest will have to go, or we'll need to virtualise the environment a website's JavaScript sees (lie about active CSS and fonts, hide injected elements, ...) to a much larger extent than we're doing now.
      6) Carrying on from the previous point, I'd advise people to disable JavaScript altogether if I didn't know that most websites will break and it'll make you even more unique. But again, this will change if major browsers start blocking JavaScript.
      There are many more things, but they're not worth discussing until headway is made on the points above.

    20. Re:What are "secret cookies"? by Anonymous Coward · · Score: 0

      cookie cannot be hidden

    21. Re:What are "secret cookies"? by Anonymous Coward · · Score: 0

      last time i checked there were ways to see flash cookies on your PC also, not to mention that when you clear "normal" cookies on your PC flash cookies are also cleared as consequence

    22. Re:What are "secret cookies"? by AliasMarlowe · · Score: 4, Informative

      There are some things that need to be added to this.
      1) Browser history clearing should not be necessary. If a browser leaks history information that is a vulnerability that needs to be addressed. But I've found the ability to search the history very valuable and it isn't something you'd want to deprive yourself of.

      Actually, it's still best to clear out your history regularly. The old methods for a web site to trawl through it using Javascript and CSS exploits (tested in the browserspy.dk site I linked to) don't work with relatively modern browsers, but this method does.

      4) It doesn't matter if you can view the cookies you have. Most of the time they're filled with seemingly gibberish. If you can't read them, they're still secret. But remove them and the site stops working.

      I remove my cookies regularly (all of them), and they are always deleted when the browser exits. Sites don't "stop working"; at most, you have to log in again the next time you visit. However, this should be the default (as it is for banking sites and for making purchases at reputable sites), and not the "keep me logged in so I can forget my userID and password" option that is preferred by those who don't know or don't care about how easily they can be tracked.

      Some of your other points are partly valid (the parts alluded to in my post), but there is much that you got wrong, also. For example, I don't use any of my browsers maximized on any of our Linux PCs at home or on the Windows PC at work, and have never encountered a website which required my browser to be maximized. Are you perhaps using a screen with an insufficient resolution, and making an unsupportable generalization therefrom?

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    23. Re:What are "secret cookies"? by Anonymous Coward · · Score: 0

      Yes, and the user had specifically signed up for that functionality. Ridiculous sensationalism.

    24. Re:What are "secret cookies"? by Anonymous Coward · · Score: 0

      They're something that can only be understood by "gifted" computer scientists, and they can only be detected with "clever" techniques.

      I wonder what that says about the people who were actively exploiting these things before this "gifted" computer scientist "cleverly" exposed what they were doing.

    25. Re:What are "secret cookies"? by Raenex · · Score: 1

      Unfortunately, with CmdrTaco gone, sensationalizing of stories has shot up tremendously.

      Oh please. There was plenty of crap posted under Taco's watch. Submitters like theodp were consistently getting posted to the front page while Taco was around. If anybody knows how to write a biased rant, it's theodp.

    26. Re:What are "secret cookies"? by Raenex · · Score: 2

      Yes, and the user had specifically signed up for that functionality. Ridiculous sensationalism.

      Wrong on two counts. 1) They were opted-in by default. They did not "specifically" sign up for this. 2) Even if you didn't "sign up" for this by not having an account, you still got tracked "unintentionally" and were displayed ads enhanced by the tracking:

      http://cyberlaw.stanford.edu/blog/2012/02/setting-record-straight-google%E2%80%99s-safari-tracking

    27. Re:What are "secret cookies"? by Anonymous Coward · · Score: 0

      I use Firefox with noscript and those sites are largely inoperative or can't find much of anything unique. The only identifying information in the second link was the user agent and the HTTP_REQUEST header. The only tests from the first link that didn't fail or didn't return results were the tests that would identify my ip address and what browser/os I'm using. That said, I'd love if there was a browser tooled towards privacy and security I could point family members towards, but I can't see them doing a better job of it than firefox+noscript and a competent user.

    28. Re:What are "secret cookies"? by profplump · · Score: 1

      You mean SecureBoot. UEFI is a very good thing, finally bringing PCs into the 1980s in terms of pre-boot environments. Decrying UEFI because you don't like SecureBoot is like decrying encryption because you don't like DRM.

    29. Re:What are "secret cookies"? by nahdude812 · · Score: 1

      but this method [techworld.com] does.

      It doesn't seem to any longer at least for Chrome 19.

      --
      Slay a dragon... over lunch!
    30. Re:What are "secret cookies"? by Fred_A · · Score: 1

      >(you can safely assume it will be maximised since nowadays almost no website works if it isn't, sadly).

      What kind of strange sites do you browse ? I haven't maximised my browser ever since I upgraded my 800×600 screen. And that was quite some time ago.

      --

      May contain traces of nut.
      Made from the freshest electrons.
    31. Re:What are "secret cookies"? by bobbutts · · Score: 2

      Agree about Wired, there was an article not too long ago about something I have inside personal knowledge of. Their story was factually incorrect and downright fabricated in places.

    32. Re:What are "secret cookies"? by Ixitar · · Score: 1

      You actually expect the press to get their reporting correct? That would mean doing actual research and checking sources.

    33. Re:What are "secret cookies"? by viperidaenz · · Score: 1

      this will change if major browsers start blocking JavaScript.

      The only thing that will change if this happens is who the major browser vendors are.

    34. Re:What are "secret cookies"? by viperidaenz · · Score: 1

      Then Google won't be able to store cookies, secret or no.

      You're right, no one can store cookies after the browser crashes.

    35. Re:What are "secret cookies"? by kmoser · · Score: 1

      You forgot to host the entire OS in a VM that gets reinitialized daily from a fresh install.

    36. Re:What are "secret cookies"? by Anonymous Coward · · Score: 0

      It's the stash of Oreos you keep in the toolbox so that your spouse doesn't know you're cheating on the diet your cardiologist / dietician / spouse made you start.

  2. from the dear-ftc-please-hire-people-like-this.. by Anonymous Coward · · Score: 5, Insightful

    from the dear-ftc-please-hire-people-like-this dept.

    I doubt that the FTC would pay them well enough to make it worth their while.

  3. Privacy assured... by Dins · · Score: 1

    The only way to ensure complete privacy is to stay offline and stay indoors. Oh, and probably keep all of your curtains closed too, now...

    1. Re:Privacy assured... by betterunixthanunix · · Score: 4, Insightful

      Why do people keep pushing these ridiculous false dichotomies? Nobody is saying that we should all be isolated, secretive hermits who keep everything we do secret from everyone else. The problem is that we have these companies amassing vast amounts of information on people, with horribly inadequate limitations on how that information can be used, how long it can stored, or what should be done if a person objects to the storage of that information. It is clear that these companies do not really respect the wishes of their users to not be tracked, because they are using these sorts of tricks to evade browser settings.

      If you think there is no difference between people in my town knowing who I am dating and a company like Google keeping track of everything I read, watch, purchase, and say, then you are not paying attention. We are not talking about gossip here, we are talking about companies amassing power over everyone (by collecting information) without any check on that power.

      --
      Palm trees and 8
    2. Re:Privacy assured... by sjames · · Score: 1

      You'll need countermeasures against police thermal imaging as well.

    3. Re:Privacy assured... by Anonymous Coward · · Score: 0

      LOL i see that you do not have much experience, but even if you are offline all you see on your computer screen can easily be copied with few thousand dollars worth of equipment (except if you live in Faraday cage) not to mention they can listen to any sounds in house using simple laser measuring device and measuring vibrations of your windows glass from few KM away, curtains are good start but most are partially transparent and can still be seen trough with good multi-frequency cameras and good image reconstruction software, not to mention that terahertz camera can record you even trough several meters of concrete ... privacy (if your life is interesting to someone with enough resources/money) is impossible.

    4. Re:Privacy assured... by mrchaotica · · Score: 4, Insightful

      Or in other words, the analogy here is not that we're trying to isolate ourselves from casual observation, but rather that we're trying to fight back against a stalker.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    5. Re:Privacy assured... by hairyfish · · Score: 1

      If you think there is no difference between people in my town knowing who I am dating and a company like Google keeping track of everything I read, watch, purchase, and say, then you are not paying attention. We are not talking about gossip here, we are talking about companies amassing power over everyone (by collecting information) without any check on that power.

      I'm still to see how this is bad? Yeah it's bad from a perspective of 'this is different to how things were when I was younger', but how is it bad from a 'this will negatively impact your life' way? Privacy is a modern concept, maybe it isn't meant to be permanent and rather than the world ending, younger generations will simply adapt to this new reality and adjust accordingly (like we did with rock n roll music and drugs and porn and all the other major cultural shifts that we were told were the end of the world)?

    6. Re:Privacy assured... by betterunixthanunix · · Score: 1

      Well, let's put it this way: when someone is looking for a job, if the companies that make an offer know that the person has a greater-than-normal need for money, the company can reduce the salary they offer -- desperate people often take whatever they can get. It may not even be the case that you are in a vulnerable position; if there is one job opening, and two candidates, it would not be unreasonable for a corporation to choose the candidate who needs the job more -- the candidate who cannot afford to quit, who cannot afford to stand up to his boss, who is more likely to accept a lower salary, etc.

      This is not exactly news in terms of strategy. Sun Tzu said, "If you know your enemy and you know yourself, you will not be endangered in 100 battles." Authoritarian governments often compile information about their citizens (even before the computer age) as a way of protecting their own power. Whenever you have an adversarial situation, information can be a deciding factor; unfortunately, we live in a very adversarial society (by design).

      The problem here is that we, as individuals, have less power over our own lives as a result of this sort of tracking. We cannot decide what image of ourselves we want to present, because we cannot hide details of our past or present lives -- your fetishes, your political views, your medical problems, your family life, etc. The people who are using the information that is collected about us can, of course, present whatever image they want -- the effort required for you to see through their facade is generally greater than what any single person is capable of.

      Sure, society will learn to cope -- I already know people who get angry when their picture is taken at a party, because they are afraid of that picture being posted to Facebook and hurting their chances of landing a job. People brag about lying to Facebook and Google, painting an image of themselves that excludes the details they would prefer to keep private. That is not society learning to cope with the end of privacy, it is society learning to cope with companies who are trying to bring about the end of privacy.

      --
      Palm trees and 8
  4. google's chrome by jaiteace · · Score: 1, Interesting

    Why does chrome on windows phone home so often? I doubt that it is to check for updates, Once a day should be more than enough for that. Now that google is integrating all their services, what happens to the safebrowsing info that they must be collecting. Guess it goes into the pot too.

    1. Re:google's chrome by Quince+alPillan · · Score: 5, Informative

      http://www.mattcutts.com/blog/google-chrome-communication/

      http://www.google.com/chrome/intl/en/privacy.html

      Really? The Google paranoia is pretty heavy around here and is completely unnecessary. If you're not going to bother to become informed, you should avoid telling the world how uninformed you are.

    2. Re:google's chrome by Anonymous Coward · · Score: 0

      Why? Why does it bother you so much what anyone says about Google?

    3. Re:google's chrome by Anonymous Coward · · Score: 0

      Have you actually read and comprehended the Google privacy policy that you linked to? They explicitly give themselves authorization to share whatever the fuck they want about you to anyone they want, including personally identifiable information. Whether you care or not is up to you, but some people don't like it.

  5. Shocker by Stickerboy · · Score: 4, Insightful

    Always follow the money... do you think Google, or Facebook, or any other company that feeds itself on ad revenue really cares about your privacy? Their hard work is to find new ways to either take it from you or sell it to them for a new shiny widget. Is the big money from Google TV and Apple TV going to be selling low-margin boxes, or in selling your viewing habits?

    You are not the customer. You have never been the customer. You're just the meat.

    --
    Light a fire for a man and he'll be warm for a day. Light a man on fire and he'll be warm for the rest of his life.
    1. Re:Shocker by Stirling+Newberry · · Score: 2, Insightful
      Two old adages: if you aren't paying, then you aren't the customer, you are the product, as well as "if you aren't at the table, you are on it."

      When people stop wanting to consume corporate culture, then they are far freer from the fretters that come with it.

      --
      Fugue for Aaron Swartz
    2. Re:Shocker by reboot246 · · Score: 1

      'fretters'?

      Did you mean 'fetters'?

    3. Re:Shocker by Stirling+Newberry · · Score: 0

      http://www.merriam-webster.com/dictionary/fretter Google, do you speak it?

      --
      Fugue for Aaron Swartz
    4. Re:Shocker by phantomfive · · Score: 1

      When people stop wanting to consume corporate culture

      What does that mean? I'm really curious what you mean by 'corporate culture.' Usually it will refer to the interactions between people at a given corporation, but you are giving it a different meaning.

      --
      "First they came for the slanderers and i said nothing."
    5. Re:Shocker by Anonymous Coward · · Score: 0

      Clearly you haven't checked Google+ privacy settings and their privacy agreement, because what you say, only applies to Facebook and Microsoft.

    6. Re:Shocker by swillden · · Score: 1

      Is the big money from Google TV and Apple TV going to be selling low-margin boxes, or in selling your viewing habits?

      Google doesn't sell customer data, except in aggregate, statistical form, and not much of that.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    7. Re:Shocker by Anonymous Coward · · Score: 0

      I think he meant "corporate content", or the stuff produced by corporations. Meh, either way the output ends up with the purpose of inculcating leftist values.

    8. Re:Shocker by Undead+Waffle · · Score: 1

      Two old adages: if you aren't paying, then you aren't the customer, you are the product, as well as "if you aren't at the table, you are on it."

      When people stop wanting to consume corporate culture, then they are far freer from the fretters that come with it.

      Even if you are paying, you may still be the product. Do you really think your TV provider isn't tracking everything you do with those nifty little boxes?

    9. Re:Shocker by peawormsworth · · Score: 1

      But we, "the people", are the commodity, not the product. Without us, google is nothing. Its lucky for them we havent got wind of this info yet. Some day, one company will go to far. And there will be mass defection and it will die. And all of these service suppliers who are selling us to advertisers will take note and be scared and display respect. But before that happens, we must become aware of what we are. We are the supply.

  6. Sheeple by Eyezen · · Score: 0

    Unleash the "normal people won't care" crowd in 5...4...3...

  7. Pig Brother is Tracking by Stirling+Newberry · · Score: 0

    You.

    --
    Fugue for Aaron Swartz
  8. Wired distorts it by phantomfive · · Score: 4, Interesting

    If the annoying "gifted computer scientist" and "scooping the FTC" rhetoric is too much for you, the tone come from the Wired article.

    The original post by the 'gifted' man is much more reasonable. Safari by default blocks third-party cookies (you can turn it off in the settings). This post explains how Google, and others, get around it. Quote, "if a cookie is sent with an HTTP request, Safari’s blocking policy will allow the response to write cookies." So when they load their iframe in the background, the first thing it does is a POST. If that doesn't make sense to you, the summary is Google used technical means to get around Safari's limitations. Here is Google's response.

    Most hilarious, irrelevant, line from the article, "Earlier this year, it was revealed that Target realized a teenage customer was pregnant before her father knew; the firm identifies first-term pregnancies through, among other things, purchases of scent-free products."

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Wired distorts it by fast+turtle · · Score: 1, Interesting

      irrelevant line huh? Guess that means I'm pregnant and in the first trimester. If I am, it's a damn problem because I've been buying Scent/Dye Free products for over a decade and I still haven't given birth to my baby. Main reason I buy them is the scent/dye free are classified as HypoAlergenic - meaning they're tested as allergen free. Of course I'm a guy with a great sense of smell and dislike the number of perfumes being added to things that don't need it like laundry soap. All I want my clothes to smell like is clean. No god damn perfumens to make my clothes stink like most Americans. Due to my job, I pretty much have to stick with perfume free products as my nose is to damn important and the stinking scents screw me up while trying to do my job.

      It's gotten so bad that I actually bought a book on soap making just so I can ensure I've got something completely scent free. If I need extra cleaning power, I'll add a small bit of pumice (2 grams) to a 1 oz bar of soap. I keep them that small (travel size) because I add no damn preservatives or anything else and they general get used before they go bad. If not, then no big loss of product as the others are in vacuumn sealed packaging (food sealers work great).

      --
      Mod me up/Mod me down: I wont frown as I've no crown
    2. Re:Wired distorts it by phantomfive · · Score: 1
      It's irrelevant to Google circumventing a technological barrier in Safari.

      I'm sorry that you have trouble with cents, but you're not likely to be identified as pregnant by Target. They use 25 or so different products to give a pregnancy score. Here is an example:

      Take a fictional Target shopper named Jenny Ward, who is 23, lives in Atlanta and in March bought cocoa-butter lotion, a purse large enough to double as a diaper bag, zinc and magnesium supplements and a bright blue rug. There’s, say, an 87 percent chance that she’s pregnant and that her delivery date is sometime in late August.

      --
      "First they came for the slanderers and i said nothing."
    3. Re:Wired distorts it by Anonymous Coward · · Score: 0

      Modded you up for being a human drug sniffing dog!

    4. Re:Wired distorts it by swalve · · Score: 1

      It's not the fact that someone buys scent free stuff. It's the fact that someone changes their behavior. They have figured that in some high percentage of cases, if a customer starts buying scent free detergent, more fruit, and stops buying booze, that person is pregnant.

    5. Re:Wired distorts it by ldobehardcore · · Score: 1

      Just curious:

      What is it that you do that requires a great sense of smell?

      I've always had a good nose, and I've wondered about jobs that would take advantage of that.

      --
      Hectice, baby, Mercator says hello to you
    6. Re:Wired distorts it by Anonymous Coward · · Score: 0

      I thought hippies didn't use soap.

    7. Re:Wired distorts it by donatzsky · · Score: 2

      Here's the full story on how they figured it out: http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?_r=4&hp&pagewanted=all
      Quite interesting (and a little scary), actually.

      --
      VPS-like shared hosting, on under-crowded servers.
    8. Re:Wired distorts it by DriedClexler · · Score: 1

      Whoa whoa whoa, Stanford is now doing PR for Google? Yikes, I didn't know they were *that* close.

      I first thought that maybe you merely used that link because it reproduces Google's response (which it does, or claims to) and that was more convenient to get, but then I found this line:

      Google circulated the following statement to media outlets and policymakers on Friday. The company did not post the statement on its website, and my understanding is that Google representatives declined to answer questions about the statement.

      Wow, they don't want to respond publicly, but they get to have Standford shills go to bat for them? Scary.

      Respect for Google: waning.

      --
      Information theory is life. The rest is just the KL divergence.
    9. Re:Wired distorts it by Anonymous Coward · · Score: 0

      I hope they also include "is female" in their calculation. ;)

    10. Re:Wired distorts it by phantomfive · · Score: 1

      It's on a guy's blog

      --
      "First they came for the slanderers and i said nothing."
    11. Re:Wired distorts it by Protoslo · · Score: 1

      I wouldn't say that the Stanford blogger was "go[ing] to bat for" Google, since his findings are that Google's statement is highly disingenuous and, in part, outright false. I doubt that his actual conclusions will increase your respect for Google either, but reading them would at least allow you to dislike Google for the right reasons.

    12. Re:Wired distorts it by viperidaenz · · Score: 1

      So Google used a documented method of storing a cookie in Safari. Safari has no method of blocking this cookie without blocking first-party cookies as well so who's fault is it? I vote Safari, and I recall this same bollocks being sensationalised months ago.

    13. Re:Wired distorts it by phantomfive · · Score: 1

      It's interesting to know what other web programmers are doing out there. The world in general would be better without Wired, though.

      --
      "First they came for the slanderers and i said nothing."
    14. Re:Wired distorts it by coolmadsi · · Score: 1

      It's not the fact that someone buys scent free stuff. It's the fact that someone changes their behavior. They have figured that in some high percentage of cases, if a customer starts buying scent free detergent, more fruit, and stops buying booze, that person is pregnant.

      I would suspect "recently brought pregnancy test" and "stops buying sanitary products" would also be a good indicator.

  9. FTC by Nova+Express · · Score: 1

    "We could for sure do more if we had more people," says FTC official. "There are a lot of opportunities that we have to let go by because we don't have the people to seize them ... opportunities to measure and evaluate what's happening every day in people's computers and phones."

    I don't want the FTC to have more people and monitor more people's computers and phones. I trust them far less than I trust Google, since the scope for abuse is so much higher. I don't recall Google ever imprisoning or shooting someone for violations of their TOS...

    --
    Lawrence Person (lawrencepersonh@gmailh.com (remove all "h"s to mail)

    http://www.lawrenceperson.com/

    1. Re:FTC by betterunixthanunix · · Score: 1

      I don't recall Google ever imprisoning or shooting someone for violations of their TOS...

      Sure, I doubt that any of these data mining companies are doing such things, but that brings up an interesting question: what are those companies doing? How are they using the information they collect? Who are they selling it to, and how is it being sold?

      How do you know that some email you sent a few years ago will not become a deciding factor in a job application, a loan application, being allowed to board an airplane, or any number of other situations where one of these companies might be asked to supply information about you?

      --
      Palm trees and 8
    2. Re:FTC by Anonymous Coward · · Score: 0

      When has the FTC ever shot anyone, for anything?

  10. HA-HA !! YOU'VE BEEN GOOGED !! by Anonymous Coward · · Score: 0

    Now get lost !!

  11. better than facebook by Gnaythan1 · · Score: 1

    Google's worst is better than Facebook's best. Hell, Facebook has gotten caught hiring PR agents to smear google in the past. Who's to say they aren't doing that now with this?

    1. Re:better than facebook by jo_ham · · Score: 1

      Because Google admitted to doing it. Or are you saying that Facebook hired people to apply for jobs at Google so that they would be able to admit to what they did "from the inside" and thus smear Google?

    2. Re:better than facebook by Cyberllama · · Score: 2

      The thing is, this is like the 19th time we've rehashed this issue on Slashdot. Periodically there will be a new article about it, and it will inevitably get posted on Slashdot and I'm pretty sure at least a certain percentage of readers assume its a new thing, and not just a discussion about something we've already discussed a dozen times or more.

      It wasn't a big deal then, it's not a big deal. This article is just more shrilly alarmist in its language choice than others. I can't tell if that's a product of not truly understanding the issues or just a lack of integrity on the part of the writer.

    3. Re:better than facebook by Anonymous Coward · · Score: 0

      A smear is usually false or misleading. You (nor anyone else) has presented information that contradicts the fact that Google intentionally instructed their employees to create a method to bypass the users intention of *not* being tracked.

  12. Not really news... by mschaffer · · Score: 1

    It would be news if the FTC discovered this and it wasn't about devices that use Apple's Safari.

    1. Re:Not really news... by amiga3D · · Score: 1

      True, if you're on android then google doesn't have to go to the trouble of working around any limitations in tracking.

    2. Re:Not really news... by mschaffer · · Score: 1

      Well, it's the whole bug or feature thing.

  13. Privacy had it's funeral years ago by AtomicAdam · · Score: 1

    WHAT! An advertising company acting in self interest by tracking?! Impossible! This guy forgot to take his pill. Now everyone, take their pills.

    All joking aside, I wonder if privacy is dead now. Please say it isn't I don't want to have to browse every site through 7 proxies. Please reply for good ideas on keeping privacy. I don't even want to touch G+ or FB anymore... I don't want them to have more info on me.

  14. Welcome to the Machine by hillbluffer · · Score: 1

    http://en.wikipedia.org/wiki/Person_of_Interest_(TV_series)

  15. Run Ghostery to see trackers by Morgaine · · Score: 3, Informative

    Directly relevant to this topic, if you use Firefox, try installing the Mozilla add-on Ghostery and monitor the little ghost icon which display a number greater than zero whenever the current web page contains one or more trackers.

    If you've never seen it before, it's quite eye-opening how virtually every site contains trackers these days, some sites using large numbers of them. Ghostery blocks every tracker unless told not to, but even if you don't want them blocked, it can be interesting to monitor them and watch how they interact with NoScript.

    Good add-on. I wonder whether Chrome and Chromium provide anything equivalent.

    --
    "The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
    1. Re:Run Ghostery to see trackers by number11 · · Score: 1

      Good add-on. I wonder whether Chrome and Chromium provide anything equivalent.

      Ghostery is available for Firefox, Chrome(ium), Safari, Opera, IE, and iOS.

    2. Re:Run Ghostery to see trackers by Johann+Lau · · Score: 1

      uhm, what? did you even read the article you linked to?

    3. Re:Run Ghostery to see trackers by Anonymous Coward · · Score: 0

      Based on the description of Ghostery on their website, it seems like their detection is default-permit. They seem to imply that it only catches known forms of tracking (1x1 pixels etc) which means that its developers are playing catch-up with the developers of tracking techniques.

      RequestPolicy blocks ALL third-party content by default (well, if you deselect "trusted" sites such as youtube during the plugin installation process), regardless of whether it tries to track you or not.

      When it comes to security, as soon as you use a default-permit rule you are doing something wrong, regardless of which Firefox plugin you use.

    4. Re:Run Ghostery to see trackers by LienRag · · Score: 1

      Would you have a way to prevent the Ghostery cookie list cloud the top of any new tab I open?

    5. Re:Run Ghostery to see trackers by coolmadsi · · Score: 1

      As mentioned, Ghostery is available in Chrome. So is one called "collusion" that shows you what sites you visit are communication with other ones. There is also a recently added option to "block known tracking sites".

  16. LEAVE GOOGLE ALONE! by tapspace · · Score: 0

    How dare anyone criticize /.'s ordained non-evil multinational! It was just an accident, duh. Google doesn't do anything unethical. And even if it was slightly unethical, you gave up your privacy when you joined the web. It's kinda like how you basically lose all consititutional rights when you enter an airport. It's just the price of progress, guys!

  17. LEAVE GOOGLE ALONE by tapspace · · Score: 1

    How dare anyone criticize /.'s ordained non-evil multinational! It was just an accident, duh. Google doesn't do anything unethical. And even if it was slightly unethical, you gave up your privacy when you joined the web. It's kinda like how you basically lose all consititutional rights when you enter an airport. It's just the price of progress, guys!

  18. Chrome transfers every action to google by goombah99 · · Score: 4, Informative

    How do you think google is able to have the bowser on your phone, computer and tablet sync the open taps and pre-fetch all the entries in each instances history? Chrome definitely records every webpage you look at and sends it to google.

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:Chrome transfers every action to google by Guidii · · Score: 1
      +4 informative for misinformation?

      How do you think google is able to have the bowser on your phone, computer and tablet sync the open taps and pre-fetch all the entries in each instances history? Chrome definitely records every webpage you look at and sends it to google.

      Okay, first point: pre-fetch is done at the browser. You're hovering over a link? Pre-fetch downloads the link and has it ready for you if you do indeed click on it. Google isn't involved.

      Second point: If you turn on browser sync, then yes, your browser operations get tracked so they can be synchronized.... how else would you expect this to work? If you don't like it, turn it off.

      If you think that chrome is mis-behaving, by all means download the source (www.chromium.org) and check for yourself.

    2. Re:Chrome transfers every action to google by Anonymous Coward · · Score: 0

      Hi.
      you are ignorant and pretend to know more than the GP. Google themselves said that they ptr-fetch the bowser history so they can retain a copy. dumbass.

    3. Re:Chrome transfers every action to google by Anonymous Coward · · Score: 0

      Second point: If you turn on browser sync, then yes, your browser operations get tracked so they can be synchronized.... how else would you expect this to work? If you don't like it, turn it off.

      This would be trivial to implement in a privacy-friendly way, but Google has no intention of doing so because they would not make as much money then.

      I am not sure, but I think Mozilla is already doing this in a privacy-friendly way.

  19. Anyone that has browsed the web by SilverJets · · Score: 1

    Could have already told him that. Not much of a discovery.

    Also, despite pop-up blocking turned on in my browsers many sites still manage to do it. Gee....look at me I'm a gifted computer scientist because I figured out that advertisers have managed to get around that as well.

  20. Brave New Progesss by Anonymous Coward · · Score: 0

    The trend will be very hard to stop.

    As more and more industrial and technology jobs shift to offshore locations, there will nothing left in the continental US other than retail, services, services to retail, services to services, and etc. Ultra-specialized advertising services will make up a considerable chunk of the new service-oriented economy. Soon there will be only two major service classes: those who flip burgers and those who statistically analyze the flippers.

  21. I think we can say that Google by Stan92057 · · Score: 1

    I think we can say that Google is in fact an evil corp now. Or how many more times must it be proven that are in face Evil.

    --
    Jack of all trades,master of none
    1. Re:I think we can say that Google by Cyberllama · · Score: 2

      It should be proven at least once. This article is terrible. It refers to a non-issue as a "major privacy scandal" and talks about google "secretly" doing something that was such a good secret that Google didn't even know about it. The writer just doesn't have a good understanding of the issues, or he/she is intentionally misstating them to be alarmist. Either way, though, there was nothing evil about what Google did in either "scandal". Google was indeed subverting Safari's privacy settings to set a Cookie, but it was an OPT-IN cookie. Apple was blocking Google from doing something that Google's users wanted done, and Google used a work-around and then apologized for it and stopped when people freaked out even though it was totally a non-issue.

    2. Re:I think we can say that Google by Smallpond · · Score: 1

      So who do we use for search?

    3. Re:I think we can say that Google by Stan92057 · · Score: 1

      Good question, an answer i dont have. Getting ads in exchange for search is very reasonable to me. Its the saving spying that isnt

      --
      Jack of all trades,master of none
  22. Re:from the dear-ftc-please-hire-people-like-this. by zoloto · · Score: 2

    Believe it or not, there are many people that do work for work's sake and because it presents itself as a challenge. It's not just about the money.

  23. we just need a law... by Anonymous Coward · · Score: 0

    we just need a law that makes companies criminally liable for unauthorized access to personal information, and to have "personal information" classified as anything that can uniquely identify an individual to the point of being able to predict behavior or identify the user as a member of a specific class.

    once the liability outweighs the profit companies will stop doing this kind of shit.

  24. Doesn't matter. by Anonymous Coward · · Score: 0

    Nobody will work for any government agency for $40K / year unless it can't be helped.

    It's just not worth it considering the bureaucracy you have to deal with.

  25. Just a lone rogue employee by Anonymous Coward · · Score: 0

    After all, Google Does No Evil (TM)

  26. What a terrible fluffy article by Cyberllama · · Score: 1

    What is it doing here?

  27. Slashdotter Assumptions Don't Count by theshowmecanuck · · Score: 2

    Most people don't want to understand how their device works. Nor should they have to. To most people all cookies are hidden because most people don't know what they are, other than occasionally being told they have to allow them for a site to work. And most people don't want to know what they are. They just want their device to work. Most people are not slashdotters. So even pointing them to a web site explaining how to keep everything private is a waste of time. If there is any term that they don't know and is perceived to be computer geekish, their eyes will glaze over and they'll switch back to facebook or twitter... or watching cute kittens dry humping the dog or something equally adorable. Your sentiment is good, but ultimately pointless.

    --
    -- I ignore anonymous replies to my comments and postings.
  28. This will stop being news by viperidaenz · · Score: 1

    Every two months when Safari stops allowing third party cookies when the user disables third party cookies.

  29. No One Cares About You by Anonymous Coward · · Score: 0

    Don't fear advertisers, fear governments and ISPs. Advertisers are collecting a limited set of your interests in the hopes that you'll be interested in purchasing something; that "personal information" you seem to care so much about is translated into a demographic comprised of keywords that have absolutely nothing to do with you individually; they aren't tracking you, they're tracking a virtual set of tags that you don't own. And, on top of that, the value of this information is questionable. The bit about Google "knowing" that a girl was pregnant before her father, based on her buying trends-- Google didn't "know", it guessed, based on an algorithm, and algorithm's don't care about you. Right now, it thinks I want a new phone, but guess what, I don't! I agree that there should be clearly defined limits on what information advertisers are able to collect, but "no track" options potentially cripple a multi-billion dollar business that funds the free Web.

  30. A little help here? by hicksw · · Score: 1

    On unique fingerprints for browsers and the tracking thereof.

    Each browser has a unique set of information routinely passed back to web servers.

    Marketeers use a hash of that information to identify and track us as we skip merrily from site to site about the web.

    Is there a simple way to twiddle that browser information to generate a new unique hash every time we go to another site?

    It needs to be easy for us to do and hard for the servers to adapt to.

    The only reason real fingerprints are used for identification is that they don't change.

    Just asking.