Forgot your password?
typodupeerror
Google Privacy

Google to Pay $17 Million to Settle Privacy Case 109

Posted by Unknown Lamer
from the lemme-dig-that-out-of-my-pocket dept.
cold fjord writes "The New York Times reports, 'Google agreed on Monday to pay $17 million to 37 states and the District of Columbia ... The case involved Google's bypassing of privacy settings in Apple's Safari browser to use cookies to track users and show them advertisements in 2011 and 2012. Google has said it discontinued circumventing the settings early last year, after the practice was publicly reported, and stopped tracking Safari users and showing them personalized ads. ... the case is one of a growing pile of government investigations, lawsuits and punishments related to privacy matters at the company. They include cases involving a social networking tool called Buzz, illegal data collection by Street View vehicles and accusations of wiretapping to show personalized ads in Gmail. '" From the DOJ, the settlement (PDF).
This discussion has been archived. No new comments can be posted.

Google to Pay $17 Million to Settle Privacy Case

Comments Filter:
  • violation of trust (Score:5, Interesting)

    by noh8rz10 (2716597) on Monday November 18, 2013 @11:14PM (#45460305)

    I'm still really upset that Google hacked my browser to install tracking beacons without my knowledge and against my expressed wishes. I think this is emblematic of how they do business and how lowly they think of their "users". I also uninstalled all the google apps from my iPhone after the tracker story from last week.

    What's the alternative? Hopefully, this monoculture will be replaced with a rich mix of companies and options.

    • by cheater512 (783349) <nick@nickstallman.net> on Monday November 18, 2013 @11:28PM (#45460389) Homepage

      There is a diverse range of companies. Alternatives include Microsoft or Yahoo.

      Yeah I'm sticking to Google too. Nothing prevents the alternatives from being worse.

      • Re: (Score:3, Informative)

        by Savage-Rabbit (308260)

        There is a diverse range of companies. Alternatives include Microsoft or Yahoo.

        Yeah I'm sticking to Google too. Nothing prevents the alternatives from being worse.

        Actually Google has pretty fierce competition these days from Bing, the caliber of Bings competitiveness is simply not acknowledged on Slashdot for religions reasons. While several recent studies have refuted Microsoft's BingItOn claim of two thirds of users preferring Bing results. Interestingly enough blind studies also suggest that that Bing actually delivers superior results to Google 41% of the time and 6% of the time they tied. Furthermore a lot of Bing's inferiority is largely perceived (i.e a 'halo'

        • by hairyfeet (841228)

          I switched to Bing after Google starting screwing users by changing their privacy policies and bugging the shit out of me to tie everything into my RealID through the craptastic G+ and I have to say....its pretty nice actually. I find its image search to be a HELL of a lot better than Google's, I don't know if its because SEOs have figured out how to game Google or what but with Google I always seem to get a lot more unrelated crap than I do with Bing.

          I also noticed there seems to be a lot more malware an

          • I switched to Bing because Google is evil

            And you know fer sure we can all trust Micro$oft with our data because of past behavior.

        • Bing does not do HTTPS.

      • by riis138 (3020505)
        They all do it. The only way to get around it is to use privacy-focused alternatives like duckduckgo.com and startpage.com
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      $17 million is smallchange to Google. And the affected man in the street never sees a penny, nor evven a reduction in taxes. Its a nice way for Google to "donate" $17 million for govt pet projects without it being seen as lobbying / bribes / etc.

    • Don't trust.

    • by Anonymous Coward

      What the monoculture like Apple?

      • What the monoculture like Apple?

        How can you be a monoculture within your own product line? Apple has fierce competition on the PC market, the smartphone market and the tablet market. Now sod off to Starbucks or something and try really hard to come up with a better troll.

    • They hacked your browser? Or did they make you install one they coded up themselves? I bet you're still on Facebook though. Realistically, when you are the product, their bosses, the investors, will stop at nothing for them to sell you better. Get used to it, or start paying for everything you do on the web.
      • by noh8rz10 (2716597) on Tuesday November 19, 2013 @12:24AM (#45460663)

        They hacked your browser? Or did they make you install one they coded up themselves? I bet you're still on Facebook though.

        Not sure I follow... yes, they hacked my Safari browser. I do not use the Chrome browser for obvious reasons considering this discussion. I also don't use Facebook for obvious reasons. What did you mean?

        Realistically, when you are the product, their bosses, the investors, will stop at nothing for them to sell you better. Get used to it, or start paying for everything you do on the web.

        I agree. Which is why I work to minimize my exposure to that sort of monetization.

        Get used to it, or start paying for everything you do on the web.

        There's a middle way where you get treated with respect. For example, Apple has a google apps competitor and a google maps competitor that is free and they're not scheming to monetize you. They win by giving you a reason to buy their hardware. In short, no, I'm not going to get used to it.

        • Re: (Score:1, Troll)

          by icebike (68054)

          No, they didn't hack Safari.
          The put a cookie on your phone, just like every other cookie.
          Safari, unlike other browsers, blocks cookies from ad networks like Google’s. But Google had been exploiting a loophole to avoid the block, install cookies and track Safari users to show them personalized ads. It was a BUG in Safari. It was not a hack in any sense.

          • It was a BUG in Safari. It was not a hack in any sense.

            So if I take advantage of a BUG in Slashcode in order to download the user and password tables for Slashdot, then I'm not really hacking Slashdot, right?

            • by icebike (68054)

              Right.
              If it's available to everyone and you don't need to brut force a password or steal one, it's Dice's fault.

            • by Anonymous Coward

              So if I take advantage of a BUG in Slashcode in order to download the user and password tables for Slashdot, then I'm not really hacking Slashdot, right?

              They didn't take advantage of it. It was an unintended consequence of the way Safari handled cookies for people who had already accessed a site. That's why they got a slap-on-the-wrist negligence fine instead of real punishment.

              "We used known Safari functionality to provide features that signed-in Google users had enabled," says Rachel Whetstone, Google's senior vice president of communications and public policy. If you were logged in, Google could then deliver personalized advertising and perform other

            • by Xest (935314)

              It's not straightforward. Intent matters.

              If you were sent a link on Facebook and it led to an HTML dump of all the usernames and passwords then no, you wouldn't be hacking, you wouldn't even be at fault. Similarly if you click a link on Slashdot itself, or clicked back and forward a bit and triggered a bug or whatever and this happened then again, not your fault. Slashdot's fault entirely.

              If you were maliciously searching for exploits to exploit and you found one and exploited it intentionally for personal

              • So in this particular case it depends if Google was intentionally exploiting the bug, or if Google's code was doing what it always did but because Apple fucked up it resulted in unintentional behaviour. It depends if Google implemented code specifically to exploit this bug.

                Google had three different implementations; one specifically for Safari to exploit the bug that when a form was submitted, even though it was invisible, Safari believed the form was submitted by the user and used different rules for cookies based on that false belief. One specifically for Internet Explorer, where they figured out that passing certain malformed information to Internet Explorer made it allow cookies when it shouldn't. And one "normal" one.

          • Was it also a BUG in Google's documentation when they stated that they didn't track Safarai users?

            "In Google's case, the findings appeared to contradict some of Google's own instructions to Safari users on how to avoid tracking. Until recently, one Google site told Safari users they could rely on Safari's privacy settings to prevent tracking by Google." source [wsj.com]

          • by noh8rz10 (2716597)

            you may find this link interesting to explain the lengths they went through to exploit this bug. WSJ made a good infographic. It's paywalled, so this link has an accessible version.

            Still think this isn't a hack?

            http://www.macrumors.com/2013/11/18/google-to-pay-17-million-settlement-to-states-in-safari-privacy-circumvention-case/ [macrumors.com]

        • by AmiMoJo (196126) *

          I agree with most of what you said, but have to take issue with this:

          For example, Apple has a google apps competitor and a google maps competitor that is free and they're not scheming to monetize you.

          That's nonsense. They lock you in to their revenue stream and do thinks like roll out software updates that break 3rd party cables to force you to buy theirs. They collect personal data via their platform and use it to sell you to other companies, e.g. through their ad network or via iTunes recommendations. They even sign you up for their products without even asking - an iCloud account was created for me that I didn't even know existed un

          • by noh8rz10 (2716597)

            I agree with most of what you said, except for this:

            They collect personal data via their platform and use it to sell you to other companies, e.g. through their ad network or via iTunes recommendations.

            True, Apple tries to monetize you and lock you in as a customer. But for Google, their customers are the ad companies, and you are the product they sell to them. I think Apple treats its customers with respect. Many people agree with me so they have a very high customer satisfaction score, compared to ATT, Comcast, etc which just try to rip you off.

            I've never found any links that Apple sells me to other companies. They have their iAds which are a very smal

    • by steelfood (895457)

      Hopefully, this monoculture will be replaced with a rich mix of companies and options.

      There is none. You can keep hoping, but nothing better is going to appear. You can either pay for the convenience out of your own pockets, or you can give up some of the information you possess on yourself so that the companies who provide the convenience can sell it to subsidize the convenience. The only other option is to rely on charity, but who's going to provide that charity? You?

      The only sure way to win is to not play. And in this society, I'm not sure I'd call that winning.

    • "I think this is emblematic of how they do business and how lowly they think of their "users". I also uninstalled all the google apps from my iPhone after the tracker story from last week."

      "... discontinued... after the practice was publicly reported" says everything that needs to be said.

    • Here is the problem...

      Google provides a ton of services to you for "free".

      Except, they aren't free, they cost Google a lot of money. So who is actually paying them?

      *That* is Google's customer, not you...

      You are the product to be sold...

      If you want to be the customer, you have to pay up.

      • by noh8rz10 (2716597)

        agreed, which I why I don't use gmail, I don't use google apps, I don't use chrome, I don't use android, and I don't use google maps. Bing is my default browser search engine. I do use google search regularly, but in those cases I humbly bow to the ass probing they give me when I use it.

        • by Nerdfest (867930)

          You do understand that you can use Android with any ties to Google whatsoever? Many of the same things you're avoiding with Google search are also there in Bing. As someone else mentioned, if you're not paying for the service with money, you're paying for it with something else.

          • by noh8rz10 (2716597)

            You do understand that you can use Android with any ties to Google whatsoever?

            you know, that's what people say. To tell you the truth I don't believe it, and I don't see how anybody could be sure. It's like saying you can boff a prosty without getting a disease as long as you wear a rubber.

            Many of the same things you're avoiding with Google search are also there in Bing.

            you're right here. on my desktop, the bing thing is more of an eff you. on my iPhone, apple has eliminated google as the default search engine for their browser, so it's an eff you from them!

            Agreed, which is why I try to eliminate / minimize the use of those services whenever possible. Other people

    • Google hacked your browser? Or they just used a standard web technique to get results for a +1 button and Safari piled on a bunch of extra cookies?

      Why would Google do this? If we assume that it was intentional, they must have known that, with all the scrutiny the company faces, someone was going to figure it out? And what would they get in return? A little bit of data on the handful of people who upped their Safari privacy settings and are unlikely to click on ads.

      Does that make sense?

  • $17M? (Score:2, Insightful)

    by Anonymous Coward

    Isn't that what Page and Brin piss out the window on a daily basis at their lunch breaks?

    • by Anonymous Coward

      $17M to g00gle

      That would be like $.17 (seventeen cents) from a normal person's pocket, right?

      Oh, that's gonna really hurt. Teach them that privacy lesson, yeaH

      • by ibwolf (126465)

        $17M to g00gle

        That would be like $.17 (seventeen cents) from a normal person's pocket, right?

        Actually, assuming the average person earns about fifty thousand dollars a year, a comparable amount would be 17 dollars, not 17 cents. This is easy to see as Google's 2012 revenue was about 50 thousand million (i.e. 50 billion) dollars.

  • by turkeydance (1266624) on Monday November 18, 2013 @11:24PM (#45460373)
    that's a nice search engine you have there. it would be a shame if something happened to it. my cousin, NSA, would like to have a meeting.
    • by Anonymous Coward

      the case is one of a growing pile of government investigations, lawsuits and punishments related to privacy matters at the company

      Oh the IRONY of that statement. "government protecting your privacy"

    • that's a nice search engine you have there. it would be a shame if something happened to it.

      That's unfair - the Mafia has some sense of honor.

  • by whisper_jeff (680366) on Monday November 18, 2013 @11:28PM (#45460393)

    As a Safari user, where's my cheque?

    Oh. That's right. My privacy was invaded but governments are going to get the money.

    That seems fair. ...

    • Yup, so you can pay less tax... MUHAHAHA!
    • by Anonymous Coward

      Hey, your government spent a lot of money invading your privacy; they have to recoup it somehow!

    • $17 million to 37 states, let's see...

      That's $459,459 per state.
      That would almost pay for one mile of a 4-lane interstate to be paved with 2" of black-top.
  • by TrollstonButterbeans (2914995) on Monday November 18, 2013 @11:36PM (#45460437)
    Anyone know? I tried to view the PDF, but it crashes my browser.

    Extra: Why is exploiting a browser weakness an offense for a company? If I make a web page that crashes IE6, am I at fault? Anyone know the rationale for why browser settings in this particular case are some sort of "holy grail" that if Google violates there is hell to pay?

    Can I now sue Verizon for crapwares that make my phone vulernable?

    I guess I am asking others: What line the sand did Google step across?
    • by Anonymous Coward

      I guess I am asking others: What line the sand did Google step across?

      "We used known Safari functionality to provide features that signed-in Google users had enabled," says Rachel Whetstone, Google's senior vice president of communications and public policy. If you were logged in, Google could then deliver personalized advertising and perform other functions, such as sending +1's back to a user's Google+ social networking profile.

      "However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser," Whetstone say

    • Re: (Score:3, Informative)

      by Anonymous Coward

      First four entries in Appendix A on the PDF that you are having trouble with:

      • Alabama Deceptive Trade Practices Act, Ala. Code 8-19-1 through 8-19-15
      • Arizona Consumer Fraud Act, Ariz. Rev. Stat. Ann. 44-1521, et seq.; Ariz. Rev. Stat. Ann. 13-2316(A)(6) and (D); Ariz. Rev. Stat. Ann. 44-7301, et seq
      • Arkansas Deceptive Trade Practices Act, Ark. Code Ann. 4-88-101 through 115; Arkansas Computer-Related Crimes Act, Ark. Code Ann. 5-41-106; Consumer Protection Against Computer Spyware Act, Ark. Code Ann. 4
    • by ljw1004 (764174)

      : Why is exploiting a browser weakness an offense for a company? If I make a web page that crashes IE6, am I at fault?

      Just to note, exploiting a website weakness, or a crummy website that ends up exposing people's accounts through crafted http requests, is also an offense - counts as unauthorized access I think. So I'm happy to see things going the other way as well.

    • by NoKaOi (1415755)

      Extra: Why is exploiting a browser weakness an offense for a company? If I make a web page that crashes IE6, am I at fault?

      Ok, since you're throwing out hypotheticals, how about if a company exploits a browser weakness to root your computer in order to track your browsing habits? How about if they root your phone in order to track your physical whereabouts? How about if they root your computer to steal your credit card info?

      The fact that it was a browser weakness is irrelevant. It was the fact that they exploited it to do something the browser was clearly trying to prevent them from doing. If your door locks have a weakness

      • by Xest (935314)

        I think you're inadvertently hit the problem - the question is whether they intentionally exploited the vulnerability, or whether the vulnerability failed to stop their code working as intended.

        There's a fine line between the two as to blame. If I intentionally search for an exploit in a browser that lets me still their browsing history then that's me being malicious, if however I write some code to gather all data the browser will let me have and then a browser with a bug that bundles the browsing history

        • by Nerdfest (867930)

          It sounds to me like they intentionally used a browser's weaknesses to run something against the users wishes, or more accurately, without asking them. A definite 'evil' in either case, and a criminal act of some sort in at least one of them.

    • If I make a web page that crashes IE6, am I at fault?

      If you make a web site and it happens to crash IE6, then you're not at fault. If you make a web site that intentionally crashes IE6 and encourage IE6 users to visit it, then I don't see why it would be treated any differently from any other DoS attack. If I find a bug that crashes Apache from a malformed URL and then stick a link to someone's Apache server with such a URL on my web page, I don't think there's any doubt that it's malicious.

      In the case of Google, they intentionally exploited a security hol

  • by Anonymous Coward

    Don't Be Evil, So Said the Google

  • by Anonymous Coward

    Google had $50 billion in revenues in 2012. If they use 3 significant figures, the fine rounds to $zero on their financial statements.

    • by NoKaOi (1415755)

      Google had $50 billion in revenues in 2012. If they use 3 significant figures, the fine rounds to $zero on their financial statements.

      Exactly. $17 Million is just a small cost of doing business and really won't do anything to make them think twice next time. Change that M to a B and then it might make a difference. Or better yet, hold the C's directly responsible.

  • by Anonymous Coward

    I had no idea how concerned they were about preservation of privacy.

  • by Anonymous Coward

    You have zero privacy now. GET OVER IT.

    - Scott McNealy

    McNealy (then CEO of Sun Microsystems) said that back in 1998! But I guess the children of the Facebook generation will be accustomed to living on a 24x7 web cam, permanently archived, transcripted and searchable. They'll belch and shit and have sex and masturbate in public, and everyone will be like, OK so what.

  • by WeeBit (961530)
    They got off lite
  • by Anonymous Coward

    For similar reasons, I've changed my browser to DuckDuckGo as the default search engine. I'm also in the process of deleting all my accounts with them including adsense and gmail.

    They've gotten too big. It's like a privately owned NSA.

    Scary shit.

    DuckDuckGo appreciates my business by specifically respecting my privacy both in policy and by specifically not recording what I search for. I recommend anyone who cares to check them out.

    https://www.duckduckgo.com

    • DuckDuckGo appreciates my business by specifically respecting my privacy both in policy and by specifically not recording what I search for.

      For now.

      Right now they ride on the anti-NSA wave, and they're still small. When they get bigger and the lure of advertising money becomes irresistible... well, we'll see.

      DDG is great, I use it too, but I'm watching them, and I'll switch to another search engine the minute they do something rotten.

      Google used to be small and trustworthy too...

      • Yeah, it is really nice to have DDG out there. It is my default search box. However, it still happens quite regularly that it doesn't return a result which I absolutely expected. And in those cases Goggle usually does show that result.

        And even if I attempt to help DDG, say by including a few more terms that I actually *copy* from the site I'm hoping to find, still nothing most of the time. It's as if their index just doesn't cover nearly as many pages.

        Would be great if it improves, and for now I'll just kee

  • by antifoidulus (807088) on Tuesday November 19, 2013 @01:37AM (#45460925) Homepage Journal
    TFA doesn't actually contain any details on how they did that, but (ironically) with the help of Google, I was able to find a page that details the process [webpolicy.org]. The short answer is they took advantage of the fact that any form submitted from the browser to a site would allow that site to install cookies, so they added a hidden form submit to their ads.
  • > Get used to it, or start paying for everything you do on the web.

    They said it was a search engine, and would keep getting better.
    They didn't say it was going to be better and better at searching _me_.

    I didn't sign up for that.
    Anybody want to retry FIDOnet and Usenet?
      This Web stuff is running backward and overheating.

  • by Kaz Kylheku (1484) on Tuesday November 19, 2013 @02:04AM (#45461031) Homepage

    I use Google+, and Chrome, and Google Apps, Mail, AdWords, etc.

    Google loves me as a result and respects my privacy.

    • by riis138 (3020505)
      Thats right, you have to level up your Google character and then they stop tracking you.
  • by seebs (15766) on Tuesday November 19, 2013 @02:07AM (#45461043) Homepage

    And today I got a G+ event invitation to a suspended G+ account (they don't consider "seebs" a real name). Since it's suspended, I can't opt out of notifications or mailings, nor can I use the help forums to contact them. Or anything else, so far as I can tell.

  • Fining Google $17M is like fining me $1. It is a funking joke fine.
  • In capitalist America, Google search you!
  • So, about 5 minutes of income then.

There is no distinction between any AI program and some existent game.

Working...