Google Building Privacy Red Team 92
Trailrunner7 writes "Google, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy 'red team,' a group of people charged with finding and resolving privacy risks in the company's products. The concept of a red team is one that's been used in security for decades, with small teams of experts trying to break a given software application, get into a network or circumvent a security system as part of a penetration test or a similar engagement. The idea is sometimes applied in the real world as well, in the form of people attempting to gain entry to a secure facility or other restricted area."
Re:I think... (Score:3, Informative)
And that is exactly what I wanted to say. I'm more worried about Google than anyone else.
Long live Adblock and Ghostery.
Re:Intentional vs. Unintentional (Score:5, Informative)
No, it wasn't intentional. A workaround was intentionally used to make a particular non-tracking cookie work on Safari (it was a simple preference cookie used for user functionality). However, the browser reacted to the workaround by allowing *all* third-party cookies involved, including the DoubleClick cookie. That was unexpected and unintentional. Nobody realized it was going to happen, and the team responsible for the workaround had nothing to do with the advertising cookie.
Posting anonymously because I work for Google.
Re:Intentional vs. Unintentional (Score:5, Informative)
And if you need a reference, read the original [webpolicy.org] analysis that spawned this entire debacle. It makes it very clear that one cookie, "_drt_" (which is fairly innocuous), is the only one that is deliberately set using the workaround. The unintended side-effect is that on future page loads, the "id" cookie (and others) can be directly set (no workaround needed) because Safari considers a domain whitelisted if it has *any* cookies set, and allows all further cookies.
Re:Intentional vs. Unintentional (Score:4, Informative)
c.f. the wifi sniffing debacle. I'm pretty sure that what transpired was the developers of the product downloaded a public source program, like AirSnort. And then used it, probably with the intention of just collecting unencrypted SSIDs, but accidentally left on the more intrusive features as well.
They should have noticed that it was collecting data at a rate greater than SSIDs would indicate, but I can see overlooking that as well.