Slashdot Mirror
EU Authorities To Demand Reversal of Google Privacy Policy
judgecorp writes "Google's privacy mechanism, which combines personal data from around 60 products, and gives users only one opportunity to opt out, was rolled out in March against requests from privacy regulators in Europe. Now they want the policy reversed, and user data from the different Google products, including Gmail, Search and YouTube, to be separated. The EU attack is lead by French regulator CNIL, which has historically taken a tough line on privacy matters."
The French may save us yet.
"Yeah, so what if YouTube let you register with a user name before we bought it. We see you don't use a real name. WTF is up with that? Are you a criminal?
[x] My name is ___________________________
[ ] I'm a criminal."
This will surely deter the far better free market solution from being developed.
Whatever it might be. My Capitalist gods haven't told me yet.
What do you mean we had an opportunity to opt out?? It was take it or leave it scenario. Lose your data, change your email, disrupt your life or let us assemble your data.
I switched to DuckDuckGo for search. I did not like adverts for the things I'd been searching for, being presented to me and my family. I've tried to block Google tracking too.
I don't like that I receive an email on [obscure thing] and see adverts for [obscure thing], and I hate the fact that some spotty faced oik in Google can pull up my searches at the tap of a key.
I don't like the fact my Android tablet won't let me remove the Google email account from it, which I wanted to do as soon as they made this change. Next tablet will be Android, but won't be Google Android, it will be some Taiwanese clone.
If they want the Facebook crowd that's up to them, but I don't use Facebook, it's a privacy disaster, and I'm looking for an out to Google if they are trying to copy the crap that Facebook does.
I don't want this privacy invasion, and I'm not French.
Really, I don't see this as an issue if you're volunteering your personal info to Google anyway. I'm more worried by the tracking that Google does even if you're not logged in, say, via its ad and recaptcha services.
Really though, unlike with Intel or Microsoft, I've never felt like I have been wronged by Google, which is probably why my knee jerk reaction is that this is just another extortion racket and an organization hired to cause a stir.
while(1) attack(People.Sandy);
All these web sites are owned by the same people. Are the EU saying a company can't mine the data the EU says it is allowed to collect? How on earth do you even police that?
Besides, it's a non-issue, as it is under the users control anyway. If you don't want Google tying the data together use different use names on each site. It is not like it is rocket science.
There's one other source of tracking. Firefox has a 'block reported phishing sites'. The way it works is they download a block of partial (32bit) hash keys, WITH A TRACKING COOKIE, each Firefox user gets their own cookie. If a site is in the set of 32bit keys, Firefox asks if the 256 bit hash matches a phishing site to determine if the site actually is a phishing site, or just a hash collision.
In this way, Google can track any website simply by adding its partial key to the list and Firefox will dutifully report it back to Google.
Why does this need a session cookie? why does it need to update the list so incredibly frequently? Why send only partial keys?
A million blocked urls is 8mb of data with 256 bit hashes, that's just a few seconds of youtube video. An incremental update, would be, say 100 urls/day, that's 800 bytes. Firefox could request 'changes since version X', and it would be tiny data.
The way Google implemented it, and the way Firefox uses it means that they gave Google a tracking tool for Firefox users.
I know its throwing the baby out with the bathwater, I turned off the malware warning in Firefox. When I used tamperdata to see data connections on a website, and saw how frequently Firefox was reporting back to Google, I was quite shocked.
Interesting, why don't they also require Microsoft to reverse its recent privacy policy change which is essentially the same (unification of the company's services).
It's too bad people can't opt out of the intrusive data collection and privacy invasion schemes of the European governments. Frankly, I greatly prefer Google having my private data than the German or French government.
I don't like Google tying together all these services. I think it is a privacy nightmare and it's risky too. For example, if your Google account gets disabled because of a blog post, you lose access to all your Android apps and Google movies. But you know what? You have a choice.
The sooner people realize this, the better, because that means it keeps alternative services viable. And there still are plenty of alternatives to every service Google offers.
But we don't need European "privacy regulators". Slaps on the fingers of companies like this are thoroughly ineffective in terms of protecting your privacy. And if European privacy regulators succeed in legitimizing the single-service-for-everything, we are worse off, because terms of service don't protect you from criminal or governmental misuse of your aggregated data.
We have had law about privacy and IT and database for about as long as it started to become a phenomenon, I think back in the 80ies. For example you may not in certain circumstance do a join on database, or have races, skin color, religion, political affiliation, or whatnot mentioned in some database (I don't recall exactly when it is allowed, but you can take for granted that in a commercial database it is msotly not allowed). There is something similar on EU level.
That you in the US (or any other country) don't care that you are the "product" is your problem. but if google want to have a commercial presence in EU it better respect our privacy laws. And No it is not YOUR responsibility to use different usernames, it is google responsibility to respect law and not join DB.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
I only remember one where the result was, that yes, playing violent video games increases your aggressivity. The effect in size was comparable to drinking a pot of coffee.
They can do that. If Google does not play by their rules, they can put penalties on Google or even exclude Google from doing business in the EU. Sure, Google can still do business in other legislations, but no revenue will come to them from the EU.
...and what happens if this works and google reverts the policy?
You'd have ten bleeding passwords to remember instead on one sign-on
"There is a cookie for anti-DoS purposes"
You gave yourselves permission to link that cookie to other data. You say, its to continue providing service while a DOS attack is in progress (from my IP presumably, since you'd know by IP address where the queries are from). Why wouldn't you issue the cookie only if there was a DOS attack from my IP and you'd asked me to fill in a captcha?
Understand this, having misused my data, having changed the privacy agreement between you and me, you DON'T GET TO BE THE GOOD GUYS. You don't get to say (in essence) "trust us because [technical reason] we promise not to misuse the system", because having done a Facebook you don't get trust by default. The argument will never be now if [technical reason] is the best solution because you changed your privacy agreement, it will be if there's a [technical reason] that doesn't involve sending you data then your [technical reason] is now [technical excuse].
"And let's face it - the anti-phishing system is designed to frustrate criminals, the kind of people who wouldn't hesitate to use DDoS attacks against a blacklisting service"
I've turned it off. I saw the volume of connections from Firefox to your servers was frequent.
I didn't like what I saw. I'd been told this was just a hash table from Google, I imagined a hash table with daily updates, I imagined Firefox trying different components of the URL and the table containing a hash at the level of trust, and flagging it to me if there was a match for that domain, that folder, that url. Yet no, it's a systems that hands Google a lot of data. A [technical reason] where other [technical reason]s would achieve the same result yet not hand you data.
Cyber criminals phishing for my data is almost non existent, I've never had a correct report from that service, yet its been sending data to Google all the time. I turned it off, I've stopped the biggest case of data phishing.
"If there was no partial server-side matching you could defeat the blocklist by simply using random filenames"
And you can't think of any other approach? Seriously? You can't think of an approach that doesn't require URL analysis of any url on Google server, at Googles request?
As I said, I'm extracting myself from Google services one by one.
"Are you parnoid yet? I am."
Only if he watches me look at porn.... Then not only am I paranoid, but really creeped out.
Do not look at laser with remaining good eye.
Like it or not, it is not unreasonable to unify their policies. This idea to break it up again seems the wrong track, address what you don't like about the over arching policy, as presumably any new services will come under that.
Now imagine that same guy doing that to tens maybe hundreds of millions of people.
Your info is now just a tiny speck in an ocean of data. Other than being tied into a set of grouped profiles that include hundreds of thousands of similar people you are insignificant and completely anonymous (unless you draw attention to yourself in a malicious way - at which point various gov agencies will be crawling through your trash and your data).
Now how are individuals being abused? Oh that's right, targeted ads. The end is nigh.
A fool throws a stone into a well and a thousand sages can not remove it.
So you got nothing? Well done.
The Kruger Dunning explains most post on
No, that new metaphor you are offering is the bad metaphor, unless Google made some commitment not only as to the current terms, but explicitly limiting future changes to the terms for current users.
They did. You seem to want to pretend that they agreed to prospective future terms that they never, in fact, agreed to.
Sure they can, they can issue whatever orders they want to Google but if Google is convinced that the EU lack jurisdiction someplace they can choose to ignore those orders. BUT since Google currently funnels most of it's global profits through Ireland because of the low corporate tax there life could become VERY difficult for Google if the EU decides to order that those funds be frozen which it can do since Ireland is within it's jurisdiction, it's the same as when the US govt sizes .com address from people/businesses with no presence in the US.
I WANT Google sharing data between services, because that is what makes using all the products under the Google umbrella a unified experience. I LIKE that my Google+ and GMail and Drive and Calendar and Picasa YouTube accounts are all linked and I don't have to manually cross-post things all the time.
If you don't like it, then don't use Google's services. I don't see what business the EU has in this, it is not like there are not plenty of free alternatives to all of Google's services.
Opt out of the policy and don't use any of Google's services. Problem solved? Google is not a monopoly, there are a plethora of alternatives for any of their services. If you don't like their terms then they might as well take their ball and go home.