Google to Pay $17 Million to Settle Privacy Case

cold fjord writes "The New York Times reports, 'Google agreed on Monday to pay $17 million to 37 states and the District of Columbia ... The case involved Google's bypassing of privacy settings in Apple's Safari browser to use cookies to track users and show them advertisements in 2011 and 2012. Google has said it discontinued circumventing the settings early last year, after the practice was publicly reported, and stopped tracking Safari users and showing them personalized ads. ... the case is one of a growing pile of government investigations, lawsuits and punishments related to privacy matters at the company. They include cases involving a social networking tool called Buzz, illegal data collection by Street View vehicles and accusations of wiretapping to show personalized ads in Gmail. '" From the DOJ, the settlement (PDF).

violation of trust

[noh8rz10]

I'm still really upset that Google hacked my browser to install tracking beacons without my knowledge and against my expressed wishes. I think this is emblematic of how they do business and how lowly they think of their "users". I also uninstalled all the google apps from my iPhone after the tracker story from last week.

What's the alternative? Hopefully, this monoculture will be replaced with a rich mix of companies and options.

Re:violation of trust

[cheater512]

There is a diverse range of companies. Alternatives include Microsoft or Yahoo.

Yeah I'm sticking to Google too. Nothing prevents the alternatives from being worse.

Re:violation of trust

$17 million is smallchange to Google. And the affected man in the street never sees a penny, nor evven a reduction in taxes. Its a nice way for Google to "donate" $17 million for govt pet projects without it being seen as lobbying / bribes / etc.

Re:violation of trust

[noh8rz10]

They hacked your browser? Or did they make you install one they coded up themselves? I bet you're still on Facebook though.

Not sure I follow... yes, they hacked my Safari browser. I do not use the Chrome browser for obvious reasons considering this discussion. I also don't use Facebook for obvious reasons. What did you mean?

Realistically, when you are the product, their bosses, the investors, will stop at nothing for them to sell you better. Get used to it, or start paying for everything you do on the web.

I agree. Which is why I work to minimize my exposure to that sort of monetization.

Get used to it, or start paying for everything you do on the web.

There's a middle way where you get treated with respect. For example, Apple has a google apps competitor and a google maps competitor that is free and they're not scheming to monetize you. They win by giving you a reason to buy their hardware. In short, no, I'm not going to get used to it.

Re:violation of trust

[icebike]

4 hours worth of revenue, someone figured out.

Tax write off, cost of doing business, and all the money went to the lawyers.

Re:violation of trust

[steelfood]

Hopefully, this monoculture will be replaced with a rich mix of companies and options.

There is none. You can keep hoping, but nothing better is going to appear. You can either pay for the convenience out of your own pockets, or you can give up some of the information you possess on yourself so that the companies who provide the convenience can sell it to subsidize the convenience. The only other option is to rely on charity, but who's going to provide that charity? You?

The only sure way to win is to not play. And in this society, I'm not sure I'd call that winning.

Re:violation of trust

[rsmith-mac]

It was a BUG in Safari. It was not a hack in any sense.

So if I take advantage of a BUG in Slashcode in order to download the user and password tables for Slashdot, then I'm not really hacking Slashdot, right?

Re:violation of trust

[FlyHelicopters]

Here is the problem...

Google provides a ton of services to you for "free".

Except, they aren't free, they cost Google a lot of money. So who is actually paying them?

*That* is Google's customer, not you...

You are the product to be sold...

If you want to be the customer, you have to pay up.

Re:violation of trust

[Savage-Rabbit]

I'm still really upset that Google hacked my browser...

You seem to misunderstand the meaning of the work "hacked". Google did no such thing.

Google harvested data on peoples web surfing habits against the express wishes of their customers and they did it by quite deliberately circumventing browser settings. I don't care what you name you choose to call this behaviour, the fine should have been at least one order of magnitude higher. A penalty of $17 million is a pitiful amount.

Re:violation of trust

[Savage-Rabbit]

There is a diverse range of companies. Alternatives include Microsoft or Yahoo.

Yeah I'm sticking to Google too. Nothing prevents the alternatives from being worse.

Actually Google has pretty fierce competition these days from Bing, the caliber of Bings competitiveness is simply not acknowledged on Slashdot for religions reasons. While several recent studies have refuted Microsoft's BingItOn claim of two thirds of users preferring Bing results. Interestingly enough blind studies also suggest that that Bing actually delivers superior results to Google 41% of the time and 6% of the time they tied. Furthermore a lot of Bing's inferiority is largely perceived (i.e a 'halo' effect of the Google brand), people actually pick Bing results over Google results much of the time when you swap the brands on the search results. Myself I prefer Bing image results to Googles much of the time, the image search results from Bing often contain less noise.

[cite]
[cite]

That last link seems pretty negative at first but it also concludes:

There are two potential, contradictory reactions to the Ayers study:

It either conclusively or largely disproves the Bing preference claims;
  * Putting aside the Bing advertising claims, the search engine performed relatively well vs. Google.
  * Google won 53 percent of the time and Bing won 41 percent of the query tests, with a tie in 6 percent of instances. That suggests that Bing has the capacity to gain much more market share than it currently has (67 percent vs. 18 percent).

Ayers points out that the more assertive "prefer Bing 2:1 claim has been replaced on the Bing It On website with the more limited claim that "people prefer Bing."

I remember when Bing's market share was far down in the sub 10% range not that long ago.

Re:violation of trust

[Xest]

It's not straightforward. Intent matters.

If you were sent a link on Facebook and it led to an HTML dump of all the usernames and passwords then no, you wouldn't be hacking, you wouldn't even be at fault. Similarly if you click a link on Slashdot itself, or clicked back and forward a bit and triggered a bug or whatever and this happened then again, not your fault. Slashdot's fault entirely.

If you were maliciously searching for exploits to exploit and you found one and exploited it intentionally for personal gain then yes.

So in this particular case it depends if Google was intentionally exploiting the bug, or if Google's code was doing what it always did but because Apple fucked up it resulted in unintentional behaviour. It depends if Google implemented code specifically to exploit this bug.

So stop using such simplistic examples that only tell half the story, it reeks of bias.

$17M?

Isn't that what Page and Brin piss out the window on a daily basis at their lunch breaks?

Google's gonna play ball now

[turkeydance]

that's a nice search engine you have there. it would be a shame if something happened to it. my cousin, NSA, would like to have a meeting.

As a Safari User...

[whisper_jeff]

As a Safari user, where's my cheque?

Oh. That's right. My privacy was invaded but governments are going to get the money.

That seems fair. ...

Re:As a Safari User...

[flyingfsck]

Yup, so you can pay less tax... MUHAHAHA!

What law did Google break?

[TrollstonButterbeans]

Anyone know? I tried to view the PDF, but it crashes my browser.

Extra: Why is exploiting a browser weakness an offense for a company? If I make a web page that crashes IE6, am I at fault? Anyone know the rationale for why browser settings in this particular case are some sort of "holy grail" that if Google violates there is hell to pay?

Can I now sue Verizon for crapwares that make my phone vulernable?

I guess I am asking others: What line the sand did Google step across?

Re:What law did Google break?

First four entries in Appendix A on the PDF that you are having trouble with:

• Alabama Deceptive Trade Practices Act, Ala. Code 8-19-1 through 8-19-15
• Arizona Consumer Fraud Act, Ariz. Rev. Stat. Ann. 44-1521, et seq.; Ariz. Rev. Stat. Ann. 13-2316(A)(6) and (D); Ariz. Rev. Stat. Ann. 44-7301, et seq
• Arkansas Deceptive Trade Practices Act, Ark. Code Ann. 4-88-101 through 115; Arkansas Computer-Related Crimes Act, Ark. Code Ann. 5-41-106; Consumer Protection Against Computer Spyware Act, Ark. Code Ann. 4-111-101 through 105
• California - Cal. Bus & Prof. Code 17200, et seq.; Cal. Bus. & Prof. Code 17500; Comprehensive Computer Data Access and Fraud Act, Cal. Penal Code 502

All 37 states plus the District of Columbia are represented in the appendix.

Re:What law did Google break?

[Xest]

I think you're inadvertently hit the problem - the question is whether they intentionally exploited the vulnerability, or whether the vulnerability failed to stop their code working as intended.

There's a fine line between the two as to blame. If I intentionally search for an exploit in a browser that lets me still their browsing history then that's me being malicious, if however I write some code to gather all data the browser will let me have and then a browser with a bug that bundles the browsing history into that data when it shouldn't hits it and sends me that data, then that's not my fault.

$17 million out of $50 billion

Google had $50 billion in revenues in 2012. If they use 3 significant figures, the fine rounds to $zero on their financial statements.

The dear government

I had no idea how concerned they were about preservation of privacy.

For those looking for a technical explanation

[antifoidulus]

TFA doesn't actually contain any details on how they did that, but (ironically) with the help of Google, I was able to find a page that details the process. The short answer is they took advantage of the fact that any form submitted from the browser to a site would allow that site to install cookies, so they added a hidden form submit to their ads.

Google would never do that to me.

[Kaz+Kylheku]

I use Google+, and Chrome, and Google Apps, Mail, AdWords, etc.

Google loves me as a result and respects my privacy.

They seem to be getting worse, rather than better.

[seebs]

And today I got a G+ event invitation to a suspended G+ account (they don't consider "seebs" a real name). Since it's suspended, I can't opt out of notifications or mailings, nor can I use the help forums to contact them. Or anything else, so far as I can tell.