Forgot your password?
typodupeerror
Google Privacy Security Your Rights Online

FTC Reportedly Fining Google $22.5 Million Over Safari Privacy Abuse 175

Posted by Unknown Lamer
from the 'tis-but-a-flesh-wound dept.
New submitter Slashbots writes "Google will settle with the FTC for nearly $22.5 million over its bypassing of Apple's Safari browser privacy settings. It would be the largest settlement with the FTC over privacy-related charges ever. By abusing a privacy hole in Safari, Google circumvented user settings to show them advertising and track the user. 'Safari, unlike other browsers, blocks cookies from ad networks like Google's. But because of a loophole, Google had been able to avoid the block, as researchers discovered in February. It installed cookies and tracked Safari users across the Web to show them personalized ads.'"
This discussion has been archived. No new comments can be posted.

FTC Reportedly Fining Google $22.5 Million Over Safari Privacy Abuse

Comments Filter:
  • Jail Time? (Score:5, Insightful)

    by war4peace (1628283) on Wednesday July 11, 2012 @09:58AM (#40614853)

    This thing of "We do something illegal, you fine us, everyone's happy" must stop. Somebody must serve some nice jail time (not much, say 6-12 months) and then maybe such fucked up practices would diminish.
    This is like me breaking into someone's house, pissing and shitting all over the place, then paying a 5 dollar fine for doing so. Would that stop me in the future? Hell no.

    • WTF was that you?!?

    • Re:Jail Time? (Score:4, Interesting)

      by ackthpt (218170) on Wednesday July 11, 2012 @10:21AM (#40615115) Homepage Journal

      This thing of "We do something illegal, you fine us, everyone's happy" must stop. Somebody must serve some nice jail time (not much, say 6-12 months) and then maybe such fucked up practices would diminish.
      This is like me breaking into someone's house, pissing and shitting all over the place, then paying a 5 dollar fine for doing so. Would that stop me in the future? Hell no.

      Geez, you and your rational views. Don't you know the corporate veil protects all within? I mean, just because Corporations are People .. seriously, they're about as accountable for their crimes as an indigent doing to your house, what you describe. You're hosed, you won't get anywhere prosecuting them. The bank crisis made this painfully clear - so many little crimes done by committee, what can you do, put the committee in jail? Fines are about the only way to punish and usually only punishes those left behind, because the people who committed the actions are now off somewhere with their big bonuses.

      I like the way they fine you in Germany .. it's based upon your ability to pay. It makes you really feel the pain. A rich guy gets drunk and drives across your lawn, he can be fined hundreds of thousands, because it's based upon his income or wealth, not some set, piddly amount. So we implement such a system and then pull back in the people who made these decisions and make them pay .. prevents making a mess and escaping, while others are left to clean up after you. Also encourages leaving your former place of business in good order, going concern looked after sorta thing.

    • wrong question (Score:5, Insightful)

      by Anonymous Coward on Wednesday July 11, 2012 @10:25AM (#40615161)

      question is, why aren't they fining anyone else who did this? Google is not the only one. I suppose nobody realized Microsoft made the complaint while doing it themselves along with facebook? [zdnet.com]

    • by epine (68316)

      This is like me breaking into someone's house, pissing and shitting all over the place, then paying a 5 dollar fine for doing so. Would that stop me in the future? Hell no.

      That why credit rating agencies were granted an exemption from prosecution for liability and slander, even if their files contain shit information, and they spread it around to anyone who asks, even after they've being pointedly informed that the information is false.

      You underestimate the power of a black eye well deserved, which is almos

    • well, you're off base. It's hard to jail a company. The problem here isn't the penalty being a fine... the problem is fining a company that's worth $185 Billion, $22 million. That'd be like fining your average person $5 to $10. It's not even a slap on the wrist. The fine should be a percentage of the businesses market cap plus all gross revenue generated by the offending activity. Fines in the neighborhood of a Billion dollars would have a more dramatic affect on operations I'd think.
    • by aztektum (170569)

      Not all like you suggest. In the case of someone breaking into your house and smearing shit all over, you have cost of clean up, replacement of items that were damaged beyond repair, etc.

      What monetary cost did Safari users incur by Google's actions?

      I don't disagree it was a shitty practice, but your analogy is flawed.

    • by shentino (1139071)

      Thing is I think they only did it for people who already had a google account, and there's a very plain opt out mechanism.

    • "we want the MONEY, lebowski!"

      yeah, carpet pissers won't be deterred by fines.

    • by moeinvt (851793)

      The fact that companies like Barclays, Goldman Sachs, et al. have been fined millions when their criminal activity nets them BILLIONS makes it difficult for me to think jail time is appropriate for the Google employees in this case.

      Is it up to the company serving web advertisements to respect the "intended" functionality of the browser as opposed to the "actual" functionality?

      Hopefully you would refrain from shitting all over people's houses for free.

      • My post wasn't aimed at Google specifically but rather all companies who mess up like this intentionally.

    • There are some downsides to jailtime, as others pointed out.

      A better penalty may be a temporary sales ban. In the case of Google, I would say a good penalty would be to disconnect them from the internet for a week or so.

      And of course, we adhere to the adagium: three strikes and you're out!

  • by Daniel Dvorkin (106857) on Wednesday July 11, 2012 @10:03AM (#40614923) Homepage Journal

    ... like most corporate fines, the number seems absurdly low. $22.5 million is about 0.06% (not 6%, 0.06%, six hundredths of a percent) of Google's 2011 revenue. This would be equivalent to fining the average person about twenty bucks, which isn't much of a deterrent when there's serious money to be made by breaking the rules. Until fines for these kinds of violations at least come close to matching the potential profit, the behavior isn't going to change.

    • by nedlohs (1335013)

      You're mixing two different things. Either the fine should be based on income in order to make the punishment be of similar "pain", in which case that it can make "serious money" is irrelevant. Or the fine should be based on how much money can be made by breaking the rules, in which case the income of the rule breaker is irrelevant. Or some combination (just you can have both a compensatory and a punitive damages award) of course, but arguing for the former based on the later makes no sense.

      If breaking the

    • ... like most corporate fines, the number seems absurdly low.

      Its actually not a fine, its a settlement without admission of wrongdoing. An actual fine would require the FTC to prove that Google had done something for which it could be fined, which would have involved more public expense at greater risk. (If they had a really strong case, they would have held out for at least a settlement with an admission of wrongdoing, since when finalized such a settlement would have greater value in future proceedings.)

    • by timeOday (582209) on Wednesday July 11, 2012 @10:52AM (#40615483)
      This is all so arbitrary. Oddly enough google's fine of $22.5 million is exactly 1000 times the fine of $22,500 [wikipedia.org] that US courts recently upheld as a reasonable fine for pirating songs - that's per song. So if we held "stealing" a user's surfing habits to be equivalent to "stealing" a copy of a song, google's fine would only cover the first 1000 affected users.
    • ... like most corporate fines, the number seems absurdly low.

      Commensurate with the offense.

      Apple: "The pOwed our thingy!"

      Government: "You pOwed their thingy!"

      Google: "We didn't know and we didn't mean to. It was an intern."

      Government: "You are fined. Now you know."

  • Is this illegal because of the DMCA? It is very common for people and companies to circumvent application security. It is usually up to the application to secure itself.

    Does this mean that I could sue someone for using some form of XRay glasses? Because my clothes are supposed to prevent people from seeing me naked...

    • by Shompol (1690084)
      ...someone like TSA. They finally installed naked scanners in JFK. I am not even sure if i can opt out, or if i should.
    • Re:Illegal? (Score:5, Informative)

      by msauve (701917) on Wednesday July 11, 2012 @10:22AM (#40615121)
      No. It wasn't any sort of active attempt at hacking. It wasn't breaking any encryption. Even the EFF [eff.org] admits it was probably unintended.

      Saying Google "used a loophole" is just a loaded way of saying Safari had a bug. The technique had been known for at least two years [wsj.com], and was used by companies other than Google.
      • by gl4ss (559668)

        look, if you find a loophole in say a forums code and start using that to host your files, you're pretty much going to get hosed in court for that even if it didn't include hacking and was just working as intended, while you were using the service in unintented fashion.

        why should a corp be different?

        • by msauve (701917)
          Since when is a browser a website?
          • by Raenex (947668)

            The browser runs on my computer. If I hosted a site that hacked into your computer when you browsed it, by all accounts, legally and ethically, I should be held liable for computer fraud and abuse.

            • by msauve (701917)
              Nothing about the cookies Google placed had anything remotely to do with hacking or computer abuse or fraud.
    • by Baloroth (2370816)

      It probably wasn't illegal. Google just realized it would be easier to pay up-front than get involved in a legal dispute over who did what when that would drag out and be all over the news for the next month with headlines like "Did Google Hack Apple Products?" Which you know would happen.

    • The DMCA only applies to security measures intended to restrict access to copyright-protected works. It doesn't apply to security in general.
  • Google will settle with the FTC for nearly $22.5 million over its bypassing of Apple's Safari browser privacy settings. Google, the largest settlement with FTC over privacy related charges ever.

    The part that begins with "Google, the largest settlement" isn't a sentence. Either it's missing a verb or it's a wrongly split part of the first sentence: "Google will settle with the FTC for nearly $22.5 million, the largest settlement with the FTC over privacy-related charges."

    • Google will settle with the FTC for nearly $22.5 million over its bypassing of Apple's Safari browser privacy settings. Google, [????] the largest settlement with [the] FTC over privacy related charges ever. By abusing [a] privacy hole in Safari, Google circumvented user settings to show them [the user settings] advertising and track the users, 'Safari, unlike other browsers, blocks cookies from ad networks like Google's. But because of a loophole[^Wvulnerability], Google had been able to avoid[^Wcircumvent
  • ...and will be taken as the a cost of doing business. Nuf said.

    • I think you're talking about Microsoft. Google is not nearly that far gone... they can still be shamed into doing the right thing.

  • The FTC should be on top of this stuff. But 22 million dollars is nothing for Google. They make that in about ten minutes.
  • by Scyber (539694) on Wednesday July 11, 2012 @10:20AM (#40615105)
    it is supposed to and Google gets fined? Shouldn't Apple also get fined? Submitting hidden forms is not an unknown concept in web development. Its not like Google hacked the users computer and changed the Safari settings. The settings were broken if they didn't block this. I'm not saying I agree with what Google was doing, I just think there were some serious issues with Safari's privacy settings if they allowed this in the first place.

    I also don't think Google is the only company doing this. I actually had an interview with an ad company a few months back where they actually bragged about how they could track Safari users despite the default privacy settings. I never followed up on it, but I'd imagine it is something similar. I didn't take the job (for other reasons).
    • by Flipao (903929)
      Well maybe others were doing it but Google did get caught red handed.
    • by gnasher719 (869701) on Wednesday July 11, 2012 @10:41AM (#40615343)

      it is supposed to and Google gets fined? Shouldn't Apple also get fined?

      You go to jail for burglary. You don't go to jail for selling locks that a highly experienced burglar can open. Apple did provide security against Random J. Hacker, they just didn't provide enough security against a multi billion dollar company working hard to break the security.

      I bet if you built a safe then Google could find someone who manages to open it as well.

      • by Scyber (539694)
        You would be fined if you sold locks that were advertised as "Blocking all burglars" and they didn't.

        And don't think what google did was that innovative. As other articles linked in these comments show, this methodology is used by at least a half dozen other ad firms. The fact that form submissions get around the 3rd party blocking rules is something that was discussed in webkits bug tracking system in 2010 and is publicly available. Apple employees even commented on the policy and seemed to be ok
      • they just didn't provide enough security against a multi billion dollar company working hard to break the security

        I do believe you're exaggerating the difficulty of setting an evil Safari cookie.

      • by moeinvt (851793)

        Putting cookies on people's computers is hardly analogous to stealing stuff from people's house.

        This is more like Apple building an invisibility cloak (i-Cloak?) and then fining Google because they're able to see you and follow you around.

    • by jo_ham (604554)

      If a thief breaks into your house should you be fined because your door was too easy to open?

      The attempts to justify Google's actions on slashdot over this whole affair have been staggering.

      They did something they weren't supposed to, and are now facing the consequences. Sometimes that happens

  • i mean, er, don't be really evil*

    *we made need to add another really in there at some point

  • by eldavojohn (898314) * <eldavojohn AT gmail DOT com> on Wednesday July 11, 2012 @10:28AM (#40615197) Journal
    After seeing how Slashdot reacted to Ron Paul realigning his priorities [slashdot.org], I think it's worth noting that "internet freedom" means taking the bad with the good. On the one hand, everyone noticed that SOPA would be an impossibility with the Pauls' new proposition. On the other hand, fines like these or even investigations to what Google or Safari or users are doing on the internet would be completely outside of the government's jurisdiction and as such would requires users to punish Google for these Safari abuses. And it is my opinion that the free market would not only care little about such an issue but be powerless to stop the largest online search provider.

    So remember when you get excited about things like:

    The manifesto, obtained yesterday by BuzzFeed, is titled "The Technology Revolution" and lays out an argument — in doomsday tones —for keeping the government entirely out of regulating anything online, and for leaving the private sector to shape the new online space.

    You need to consider this story and how the private sector will abuse privacy left and right if it drives up revenues. With not even a public slap on the wrist from the government, you are faced with individuals playing a PR campaign against massive corporations. That rarely ends well for the individuals and the users.

    • by Bigby (659157)

      The people won't think twice because we don't really care. It is a freakin' cookie. Just because you and some others don't like it, doesn't mean it should be enforced by a government.

      I swear we are going to wind up with laws that prevent a person from staring at someone for more than 10 seconds. It will be punishable with community service, which will be to clean the parking lot of some major private corporation.

  • by Col. Klink (retired) (11632) on Wednesday July 11, 2012 @10:55AM (#40615541)
    Google wasn't the only one using this widely publicized bug in Safari? According to the original WSJ [wsj.com] article:

    The coding also has a role in some Facebook games and "apps"---particularly if the app wants to store a user's login information or game scores. In fact, a corporate Facebook page for app developers called "Best Practices" includes a link to Mr. Garg's blog post.

    So, how large of a fine is Facebook going to pay?

  • If you reverse things this is like a person getting fined because they purposely accessed information on a public web server that was exposed by accident.

  • It's an election year. Better pay up on your protection money *cough* "campaign contributions" sometime between now and November.

  • Wasn't there something about an opt out/opt in setting on your google account for off-site tracking?

    I think here the FTC just wanted an excuse to fine GOOG.

    I think people are just surprised google was able to track them on an iphone, whether or not they consented to it or not.

That does not compute.

Working...