Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Reportedly Fining Google $22.5 Million Over Safari Privacy Abuse

Posted by Unknown on from the 'tis-but-a-flesh-wound dept.

New submitter Slashbots writes "Google will settle with the FTC for nearly $22.5 million over its bypassing of Apple's Safari browser privacy settings. It would be the largest settlement with the FTC over privacy-related charges ever. By abusing a privacy hole in Safari, Google circumvented user settings to show them advertising and track the user. 'Safari, unlike other browsers, blocks cookies from ad networks like Google's. But because of a loophole, Google had been able to avoid the block, as researchers discovered in February. It installed cookies and tracked Safari users across the Web to show them personalized ads.'"

25 of 175 comments (clear)

  1. Jail Time? by war4peace · · Score: 5, Insightful

    This thing of "We do something illegal, you fine us, everyone's happy" must stop. Somebody must serve some nice jail time (not much, say 6-12 months) and then maybe such fucked up practices would diminish.
    This is like me breaking into someone's house, pissing and shitting all over the place, then paying a 5 dollar fine for doing so. Would that stop me in the future? Hell no.

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    1. Re:Jail Time? by aristotle-dude · · Score: 3, Insightful

      How do you imprison a corporation?

      The "buck" is supposed to stop with the CEO of the company so you imprison/fine the CEO and/or the C-level exec who signed off on the project personally.

      Some exec should be seeing either a personal fine, jail time or both.

      --
      Jesus was a compassionate social conservative who called individuals to sin no more.
    2. Re:Jail Time? by Buccaneer+Waggerstrm · · Score: 2

      You freeze Google's assets and jail anyone involved. Problem solved.

    3. Re:Jail Time? by Daniel+Dvorkin · · Score: 2

      How do you imprison a corporation?

      "Corporations are people, my friend." Except when they're not. Convenient how that works.

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    4. Re:Jail Time? by ackthpt · · Score: 3, Interesting

      This thing of "We do something illegal, you fine us, everyone's happy" must stop. Somebody must serve some nice jail time (not much, say 6-12 months) and then maybe such fucked up practices would diminish.
      This is like me breaking into someone's house, pissing and shitting all over the place, then paying a 5 dollar fine for doing so. Would that stop me in the future? Hell no.

      Geez, you and your rational views. Don't you know the corporate veil protects all within? I mean, just because Corporations are People .. seriously, they're about as accountable for their crimes as an indigent doing to your house, what you describe. You're hosed, you won't get anywhere prosecuting them. The bank crisis made this painfully clear - so many little crimes done by committee, what can you do, put the committee in jail? Fines are about the only way to punish and usually only punishes those left behind, because the people who committed the actions are now off somewhere with their big bonuses.

      I like the way they fine you in Germany .. it's based upon your ability to pay. It makes you really feel the pain. A rich guy gets drunk and drives across your lawn, he can be fined hundreds of thousands, because it's based upon his income or wealth, not some set, piddly amount. So we implement such a system and then pull back in the people who made these decisions and make them pay .. prevents making a mess and escaping, while others are left to clean up after you. Also encourages leaving your former place of business in good order, going concern looked after sorta thing.

      --

      A feeling of having made the same mistake before: Deja Foobar
    5. Re:Jail Time? by vlm · · Score: 2

      If Google had to teach a certain number of man-years in IT lessons in public schools it would be a deterrent to Google and a benefit to education.

      OK, your punishment makes sense for the Mighty GOOG, but what if you wanted to punish Microsoft? Having them "teach" kids is just going to screw the kids up even worse. Also "real programmers" don't have degrees, but public schools require not just bachelors but masters legally to teach.

      Now what would work, is using existing community service programs. The corp has to provide 200000 paid hours of recyclables sorting, soup kitchen labor, park and roadside cleanup labor, etc. Emphasis on paid hours. Most corps such as mine already demand workers put in completely unpaid "volunteer" hours as part of our jobs, part of our official job evaluations.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    6. Re:Jail Time? by MickyTheIdiot · · Score: 2

      If the CEO is important enough to get millions of dollars, then he is important enough to jail, though I would say it would be reserved for more grevious crimes.

      Rick Scott, the idiot governor of Flordia, made himself rich off what was then the biggest medicare scam in history. He is a great example of someone who should of gotten personal jail time.

    7. Re:Jail Time? by Charliemopps · · Score: 2

      well, you're off base. It's hard to jail a company. The problem here isn't the penalty being a fine... the problem is fining a company that's worth $185 Billion, $22 million. That'd be like fining your average person $5 to $10. It's not even a slap on the wrist. The fine should be a percentage of the businesses market cap plus all gross revenue generated by the offending activity. Fines in the neighborhood of a Billion dollars would have a more dramatic affect on operations I'd think.

    8. Re:Jail Time? by the+eric+conspiracy · · Score: 2

      > Don't you know the corporate veil protects all within?

      Actually it doesn't.

      http://en.wikipedia.org/wiki/Piercing_the_corporate_veil#United_States

    9. Re:Jail Time? by vlm · · Score: 2

      How do you imprison a corporation?

      There's X active employees around the time of the crime and that crime earns a Y month prison term if a mere citizen did it instead of a corp. There are practical issues with sending individuals to prison, but GOOG could hire/outsource A number of unemployed and/or homeless people to attend prison in their employees place for B months where X*Y = A*B and the monthly "wage" of attending prison as an honorary GOOG employee floats as a free market but never declines below 40 hours a week at minimum wage. "Inmate employees" legally required to get the same benefits as non inmate employees. Its crazy, but not too crazy.

      I would imagine, since you're only being paid while you attend prison, security at corporate prison would be pretty light and cheap other than keeping the scum from killing each other. Build next to a hospital because plenty of uninsured will be signing up to be goog employees, build next to a college (and GED high school) since many inmates would like to learn while incarcerated and they've got a guaranteed income, build next to a gym because many inmates are fat, build next to a detox center because many volunteer inmates will be there because of addiction, build next to a mental hospital because many homeless are completely nuts...

      There is a political desire, by some anyway, to drug test welfare recipients. Well, as GOOG employees, voluntary inmates would have to pass a drug screen like any other employee, I suppose. Some employers don't drug screen. Whatever. I donno about prison life, but don't they drug test "inside"?

      This also works around the hire and fire issues, where if the Mighty GOOG hired me next week, there seems no point in imprisoning me if I had nothing to do with it.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    10. Re:Jail Time? by geminidomino · · Score: 3, Interesting

      Supposedly it costs $70K per prisoner per year (hmm, I bet it depends where and what security level) so 22.5 million is 321 person-years of prison. That seems a little excessive since you can kill someone and only get a decade or so...

      Not excessive at all when you consider that no one actually has to do the time, live with the felony conviction, etc...

      A better comparison might be:

      Google 2011 Revenues (Income): 37,905,000,000
      Fine: 22,500,000
      Fine as % of Income: 0.06%

      Compare to a "comfortable" person making $100K
      Gross Income: 100,000
      Fine @ 0.06%: $60

      Yeah, somehow I don't think that's much of a disincentive there...

  2. Okay, I'm glad to see this, but ... by Daniel+Dvorkin · · Score: 5, Insightful

    ... like most corporate fines, the number seems absurdly low. $22.5 million is about 0.06% (not 6%, 0.06%, six hundredths of a percent) of Google's 2011 revenue. This would be equivalent to fining the average person about twenty bucks, which isn't much of a deterrent when there's serious money to be made by breaking the rules. Until fines for these kinds of violations at least come close to matching the potential profit, the behavior isn't going to change.

    --
    The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    1. Re:Okay, I'm glad to see this, but ... by MachDelta · · Score: 2

      "Google slashes 10% of workforce in order to recoup costs from fines to keep shareholders happy"

      Shit, like water, always runs downhill.

    2. Re:Okay, I'm glad to see this, but ... by timeOday · · Score: 3, Interesting

      This is all so arbitrary. Oddly enough google's fine of $22.5 million is exactly 1000 times the fine of $22,500 that US courts recently upheld as a reasonable fine for pirating songs - that's per song. So if we held "stealing" a user's surfing habits to be equivalent to "stealing" a copy of a song, google's fine would only cover the first 1000 affected users.

  3. Designated Felon by Aqualung812 · · Score: 5, Interesting

    The EPA already attempts to do this using what has been termed the "designated felon".

    The idea is that if there are severe environmental damages, the company has to have someone designated as the person that will do jail time. The idea is that this person is in charge of setting and enforcing the policies that will keep her out of jail.
    It even allows someone that violates the policies to be the one that serves jail time. In other words, the DF says "you must do this", and if you ignore that, you do the time.

    However, this isn't enforced as much as it should be, and I'm not aware of any other use of this idea outside EPA regulations.

    --
    Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
  4. So Safari's privacy setting doesn't work as by Scyber · · Score: 2, Interesting

    it is supposed to and Google gets fined? Shouldn't Apple also get fined? Submitting hidden forms is not an unknown concept in web development. Its not like Google hacked the users computer and changed the Safari settings. The settings were broken if they didn't block this. I'm not saying I agree with what Google was doing, I just think there were some serious issues with Safari's privacy settings if they allowed this in the first place.

    I also don't think Google is the only company doing this. I actually had an interview with an ad company a few months back where they actually bragged about how they could track Safari users despite the default privacy settings. I never followed up on it, but I'd imagine it is something similar. I didn't take the job (for other reasons).

    1. Re:So Safari's privacy setting doesn't work as by gnasher719 · · Score: 4, Insightful

      it is supposed to and Google gets fined? Shouldn't Apple also get fined?

      You go to jail for burglary. You don't go to jail for selling locks that a highly experienced burglar can open. Apple did provide security against Random J. Hacker, they just didn't provide enough security against a multi billion dollar company working hard to break the security.

      I bet if you built a safe then Google could find someone who manages to open it as well.

    2. Re:So Safari's privacy setting doesn't work as by jo_ham · · Score: 2

      If a thief breaks into your house should you be fined because your door was too easy to open?

      The attempts to justify Google's actions on slashdot over this whole affair have been staggering.

      They did something they weren't supposed to, and are now facing the consequences. Sometimes that happens

  5. Re:Illegal? by msauve · · Score: 4, Informative

    No. It wasn't any sort of active attempt at hacking. It wasn't breaking any encryption. Even the EFF admits it was probably unintended.

    Saying Google "used a loophole" is just a loaded way of saying Safari had a bug. The technique had been known for at least two years, and was used by companies other than Google.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  6. Lauren Weinsteins explanation by IamTheRealMike · · Score: 2

    This article has an interesting writeup of what happened, for those who are interested in the details.

  7. wrong question by Anonymous Coward · · Score: 5, Insightful

    question is, why aren't they fining anyone else who did this? Google is not the only one. I suppose nobody realized Microsoft made the complaint while doing it themselves along with facebook?

  8. Government's Role in "Internet Freedom" by eldavojohn · · Score: 4, Insightful
    After seeing how Slashdot reacted to Ron Paul realigning his priorities, I think it's worth noting that "internet freedom" means taking the bad with the good. On the one hand, everyone noticed that SOPA would be an impossibility with the Pauls' new proposition. On the other hand, fines like these or even investigations to what Google or Safari or users are doing on the internet would be completely outside of the government's jurisdiction and as such would requires users to punish Google for these Safari abuses. And it is my opinion that the free market would not only care little about such an issue but be powerless to stop the largest online search provider.

    So remember when you get excited about things like:

    The manifesto, obtained yesterday by BuzzFeed, is titled "The Technology Revolution" and lays out an argument — in doomsday tones —for keeping the government entirely out of regulating anything online, and for leaving the private sector to shape the new online space.

    You need to consider this story and how the private sector will abuse privacy left and right if it drives up revenues. With not even a public slap on the wrist from the government, you are faced with individuals playing a PR campaign against massive corporations. That rarely ends well for the individuals and the users.

    --
    My work here is dung.
  9. Re:Illegal? by SuricouRaven · · Score: 2

    The DMCA only applies to security measures intended to restrict access to copyright-protected works. It doesn't apply to security in general.

  10. What about everyone else? by Col.+Klink+(retired) · · Score: 2
    Google wasn't the only one using this widely publicized bug in Safari? According to the original WSJ article:

    The coding also has a role in some Facebook games and "apps"---particularly if the app wants to store a user's login information or game scores. In fact, a corporate Facebook page for app developers called "Best Practices" includes a link to Mr. Garg's blog post.

    So, how large of a fine is Facebook going to pay?

    --

    -- Don't Tase me, bro!

  11. Re:Google was on probation by Col.+Klink+(retired) · · Score: 2

    > The thing was, Google was already under an FCC settlement because of violating privacy policies in the past

    Uh huh. And so is Facebook:

    http://www.ftc.gov/os/caselist/0923184/111129facebookagree.pdf

    --

    -- Don't Tase me, bro!