Google's Privacy Invasion: It's Your Fault Page 1

Advertise With UsAbout Us

Contact UsDigital Subscription

HomeNews & Commentary

AuthorsSlideshows

VideoReportsWhite Papers

EventsBlack Hat

Attacks/BreachesApp SecCloud

EndpointMobile

PerimeterRisk

OperationsAnalytics

Vulns/Threats

About UsContact Us

Digital SubscriptionAdvertise with Us

Search Dark Reading

FacebookTwitter

LinkedInGoogle+

Search Dark Reading

HomeNews & Commentary

AuthorsSlideshows

VideoRadio

ReportsWhite Papers

EventsBlack Hat

RSS

Follow DR:

Attacks/BreachesApp SecCloud

EndpointMobile

PerimeterRisk

OperationsAnalytics

Vulns/ThreatsRisk

2/17/201205:15 PM

31comments

Comment Now

50%50%Tweet

Thomas ClaburnCommentary

ConnectDirectly

Login

Google's Privacy Invasion: It's Your FaultIf we really wanted privacy, we would turn o JavaScript, block ads, and

browse in privacy mode through an anonymous proxy. But we would ratherhave free services.

Google stepped in it, again. The company was caught bypassing the privacy settings ofthose using Apple's Safari Web browser, which unlike other major browsers blocks

third-party cookies by default. Google, like just about every other online company, relieson cookie les to improve ad relevancy, to identify users, and to deliver online services.

The Wall Street Journal, which Friday broke the story as part of its ongoing investigationinto online privacy, reports that Google, along with at least three other advertising

companies--Vibrant Media, WPP PLC's Media Innovation Group, and Gannett'sPointRoll--"exploited a loophole in the browser's privacy settings" to place a cookie le on

OS X and iOS devices such as iPhones using Safari.The incident has prompted Consumer Watchdog, a consumer advocacy group critical ofGoogle's privacy practices, to call for intervention from the Federal Trade Commission.Another consumer advocacy group, the American Consumer Institute, said, "Googles

willful disregard for the privacy choices of consumers and the privacy policies of Apple isa new low even for Google."

Google insists the Wall Street Journal report "mischaracterizes what happened and why."The company says it "used known Safari functionality to provide features that signed-in

Google users had enabled" and that it did not collect personal information.[ Google has been under re for its planned privacy policy change. Read Google

1 of 2Comment | Email This | Print | RSS

Rejects EU Request On Privacy Policy Consolidation. ]Google hasn't helped its case by ceasing to use the HTML code that overrode Safari's

default behavior. That looks like an admission of guilt. But let's step back for a momentand examine the situation.

The American Consumer Institute's contention Google willfully disregarded "the privacychoices of consumers and the privacy policies of Apple" isn't accurate.

Google disregarded the privacy choices of Apple, which chooses to block third-partycookies by default in its browser. And Google has nothing to do with Apple's privacy

policies, which describe how Apple handles customer data.Google argues that it manipulated Safari to resolve contradictory browser settings. Safari

blocks third-party cookies by default. At the same time, Apple has implementedexceptions to Safari's third-party cookie blocking to allow social features like the +1

button to function.Rachel Whetstone, SVP of communications and public policy, said in a statement that

Google deployed its workaround code "to enable features for signed-in Google users onSafari who had opted to see personalized ads and other content--such as the ability to

'+1' things that interest them."The fact that other Google cookies got set, Google insists, was accidental. "The Safari

browser contained functionality that then enabled other Google advertising cookies to beset on the browser," Whetstone explained. "We didn't anticipate that this would happen,and we have now started removing these advertising cookies from Safari browsers. It's

important to stress that, just as on other browsers, these advertising cookies do notcollect personal information."

Were it not for the fact that Google's advertising cookie opt-out help page stated explicitlythat Safari's default setting was the functional equivalent of opting out, Google's

explanation might suce.But rewind now to the July 2011 release of OS X Lion. With Lion came Safari 5.1, which

included for the rst time third-party cookie blocking by default.Could Apple's decision to block third-party cookies by default have been inuenced by its

competition with Google, a company that depends on advertising and cookies?

More InsightsWebcasts

Conquer the Network Capacity ChallengeSuccessful Data Control in an Always-On World

More Webcasts

Newest First | Oldest First | Threaded View

Page 1 / 4 > >>

50%50%

Login

50%50%

Login

White Papers[Infographic] Is Your Datacenter Fit for Big Data?

Anticipating Cyber AttacksMore White Papers

Reports[Strategy] Monitoring Security in Cloud Environments[Infrastructure Insights] The Frictionless Enterprise

More Reports

Comments

ProsecondA338,User Rank: Apprentice9/8/2014 | 10:47:39 PM

Google invading our privacyBurn these CEO's to the ground already people! Including the Gates. Time to shut this

new world disorder down for good.Reply | Post Message | Messages List | Start a Board

Tom LaSusa,User Rank: Apprentice7/12/2012 | 3:32:39 PM

re: Google's Privacy Invasion: It's Your FaultFolks,

A friendly reminder that you are encouraged to be as vocal and opinionated as youwant to be, so long as you do so in a respectful manner. Insulting/derogatory/oensive

language will not be tolerated. Usage of such dialogue can result in your commentbeing edited or removed -- and potentially having your prole blocked.

ThanksTom LaSusa

Community ManagerReply | Post Message | Messages List | Start a Board

50%50%

Login

50%50%

Login

duke,User Rank: Apprentice

7/12/2012 | 12:21:39 PM

re: Google's Privacy Invasion: It's Your FaultThomas Claburn is a douchebag. His "blame the victim" mentality is appalling and

insulting. Giving away something for free does not allow ANYBODY, let alone ajuggernaut like Google to invade OUR privacy. He also blames the victim for acceptingTOS contracts (ne print), which are usually written in gobbledygook or in a way thatmost laymen would not understand. Using Tom Claburn's logic, that would actually bethe consumers' fault for being retarded (basically what Claburn thinks of everybody)

and not the company's fault for invading your privacy. To give an example of whatClaburn is trying to say, if you were to use the telephone and it happened to be

tapped, it would be YOUR fault for using it and not the telephonecompanies/government's fault. He also mentions in the article that there is not a clear

consensus on what the denition of privacy is. How convenient! If the word privacydoesn't even mean anything, then how can you invade it? Funny, after a quick scan ofthe dictionary, privacy is dened as such: "being free from being observed". Now, thatseems like a denition that we all can accept "to our collective satisfaction". Again and

not surprisingly, Claburn uses an illogical argument to justify an invasion of privacy.Last, but not least, Claburn implies that Google's privacy invasion is necessary for theconsumer to keep getting free Google. Sorry, but privacy does not cost money - it is afundamental human right (unless you are a tyrant). Claburn uses the black and whiteargument that it's either no privacy and free Google, or privacy and no free Google. If

that were true, it doesn't change the fact that Google is invading YOUR privacy tomake a quick buck (and who knows what else they're up to) when they could stillmake billions of dollars doing things that don't require invading the consumers'

privacy. Good to know that Claburn puts corporation above consumer.Reply | Post Message | Messages List | Start a Board

jdoncaster570,User Rank: Apprentice2/21/2012 | 5:39:18 PM

re: Google's Privacy Invasion: It's Your FaultFunny.. I have Do not track Plus on my browser and this information Week page shows20 tracking devices (cookies) .. the highest I have seen on any one page... glass houses

and all...Reply | Post Message | Messages List | Start a Board

50%50%

Login

50%50%

Login

Michael_,User Rank: Apprentice

2/20/2012 | 10:10:34 PM

re: Google's Privacy Invasion: It's Your FaultWho's fault is it that you have come to rely on Google for just about everything? It'syour own fault. "Google baited with a free service". You mean "I took advantage of a

free service and now I'm complaining they want to run it the way they want to run it".It's called advertising and it's been around for quite a while now.

How many wealthy senior citizens do you think depend on Google's free services? Gotell them they can't um-encumber themselves from Google's inuence. Get ready to be

laughed at and called a fool."Trying to get your old emails back that are archived on Google not so easy." Really?

How about taking two seconds to actually gure it out. http://lmgtfy.com/?q=download+... Since you are too lazy to search on your own, I will help you out

even more, click on the very rst link.Again, who's fault is it that you are ignorant or too lazy to gure out how to do

something or use the tools that you use? It took me all of less than a minute to nd outhow to do what you consider "not so easy". Is it Google's fault or the fault of anybodyelse that you are ignorant or lazy? (I could have used any search engine to gure thisout btw). You just prove my point even more. People are either too lazy or ignorant to

gure out how to use the tools they use. It's not judgemental like DAGOSTA000 states,it's pointing out the facts, big dierence.

Would you give your 16 old kid a new 100k Harley Davidson Motorcycle and tell himto go use it when they don't know anything about driving a motorcycle? With your

logic, the kid should already know how to use/drive a motorcycle from the start, and ifhe doesn't it's Harley Davidson's fault if anything bad happens huh?

"There's a sucker born every minute". Which category do you t in? Don't answer that,I think we all know.

Reply | Post Message | Messages List | Start a BoardTuleeGirl,

User Rank: Apprentice2/20/2012 | 5:42:07 AM

re: Google's Privacy Invasion: It's Your FaultI hate being tracked by Google with their "above the rest" attitude. I thought they

were 'special' when it came to using users personal information. In the end it's every

50%50%

Login

50%50%

Login

man for him self. Which translates to every search engine will track you and keepcookies stored on your computer so they can market products that you seem to be

interested in. Which is ne because I regularly delete them. I delete all the L.S.O.'s aswell. I think those are worse. If not for some research I wouldn't even know about theL.S.O's. I've disabled my updates with Adobe so I won't have to worry about some newtechnology development that I'll have to keep up with in order to maintain my privacy.

And I thought the Patriot Act was bad!Reply | Post Message | Messages List | Start a Board

Eschewing Obfuscation,User Rank: Apprentice2/20/2012 | 4:30:47 AM

re: Google's Privacy Invasion: It's Your FaultHow about rather than hoping for Google to oer a paid membership option we hopefor transparent disclosure and honesty? Privacy hawks aside, Google's shareholders

have a right to accurate information regarding Google's solicitation, use of, andstrategies for gaining personal information. You can go back and forth about Safari

settings and Google opt-outs all day, but that's disingenuous. Yes, every aspect of 'free'web services hinges on user data. But when a publicly traded company purports to beabove all of that and subscribe to the idea of 'don't be evil'', any failure to live up to

that standard is an ethical failure to live up to stockholder expectations.In terms of whether or not people care about privacy, and where blame rightfully

belongs, the issue breaks in much the same way. If Google didn't make such a largeissue of their trustworthiness and adherence to privacy standards, then yes, average

internet users would be to blame for sacricing their own privacy. BUT Googleadvertises itself as being above such shenanigans. This is not a 'blame the dumbusers, they don't know what they're doing' issue. This is a clear issue of bait and

switch. Google draws in users with promises of ethical behavior, responsible usage ofdata, and respecting privacy. If it is not prepared to live up to those promises,regardless of why, it should not make them; When it fails to live up to its own

promises, its users should rightfully throw a t and demand change.Don't blame users for expecting companies to act as advertised. Blame companies for

making false promises.Reply | Post Message | Messages List | Start a Board

Johnnythegeek,User Rank: Apprentice2/20/2012 | 4:11:14 AM

re: Google's Privacy Invasion: It's Your Fault

50%50%

Login

50%50%

Login

Their are ways to access the web more privately. But most user I am sure do not takeadvantage of it. We choose to demand free sites and in the end the devil is marketingtracking cookies. Their are some sites I prefer have less ads such as Hotmail. I hate

those right side bar ads. So now I pay a little every year to make them go away. Theirare some free ways such as AdBlock and they work well. But for me the most annoying

was pop ups and almost any browser blocks those if you want. Otherwise I really donot care so much about ads. Their are ads everywhere in life. So why should we think

the internet would be any dierent?Reply | Post Message | Messages List | Start a Board

Howt,User Rank: Apprentice

2/19/2012 | 10:39:32 PM

re: Google's Privacy Invasion: It's Your FaultBy my own choice, I have chosen to exchange personal data for Google services. Thatis, when they are dealing o the top of the deck. In this instance, their errant actions

were purposeful and hopefully will be found to be criminal.More concerning is that Google is taking the sole hit. Why no mention of the other

three advertising entities? Often, that which goes unspoken tells most.For example, WPP is a holding company which owns many of the world's largest

advertising rms. Is InformationWeek holding them to account? DoesInformationWeek receive advertising revenue from WPP or its subsidiaries? Both

advertising and journalism need to adhere to ethical practices.There's a lot of shame to go around here and InformationWeek itself remains in

question.Reply | Post Message | Messages List | Start a Board

Tom Mariner,User Rank: Apprentice2/19/2012 | 9:09:39 PM

re: Google's Privacy Invasion: It's Your FaultMore than my fault -- I encourage it! I like it when I browse for something and

everything else I do for a while gives me suggestions on alternate products or where Ican get it for less! Yeah, I know , heresy in a world of ultraprivacy. Wait, it gets worse

-- in an age where a hospital can get ned $50,000 per name for even the hint of aleak, I would rather have a health professional nd out everything that has happened

to me so they can help me get better faster. There, I've said it!

/ 4 > >>

White Papers

More White Papers

If I get these benets and the icing on the cake is that it lets me get all this great stuon the Internet for free, get to the bad part. Granted, I am way beyond the age of

posting revealing pictures or text of stupid acts on a social site, but am worried thatour young are going to nd themselves denied something later because of youthful

indiscretion.And here's a really bad part -- we elect our public ocials based not on how good theywould be at the job, but on who has done less stu we can nd out about. I'm not real

happy about he "National Enquirer" method of getting a President -- or TownSupervisor, but Americans seem adverse to actually investigating, so maybe the

Internet watching those folks is not good for all of us.Reply | Post Message | Messages List | Start a Board

Subscribe to Newsletters

[Infographic] Is Your Datacenter Fit for Big Data?Eyes Wide Open: Open Source Analytics Software

The State of Wi-Fi NetworksCybercriminals Wreak Havoc Beyond Big Enterprises

Stop Password Sprawl with SaaS SSO via Active Directory

Cartoon

Live Events Webinars

More UBM TechLive Events

The Destination for ConnectingTechnology, Ideas and Canadians

- GTEC 2015

Cartoon ArchiveCurrent Issue

Download This Issue! Subscribe Now!

Dark Reading Tech Digest, June 2015

Back Issues | Must Reads Flash PollAll Polls

Latest Comment: i just like the way you write

Video

All VideosSlideshows

1 comments | Read | Post a Comment21

More Slideshows

Quantifying Shadow Data In The Cloud

10 Security Questions To Ask A CloudService Provider

Twitter's Top 10 Social CISOs

Twitter FeedTweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug ReportEnterprise Vulnerabilities

From DHS/US-CERT's National Vulnerability DatabaseCVE-2014-8603

Published: 2015-06-10cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!allows remote administrators to execute arbitrary code via shell metacharacters in

the (1) le name when creating a backup or vectors related to the (2)$_CONFIG[tarpath], (3) $exclude, (4) $_CONFIG['tarcompress'],...

CVE-2014-8604Published: 2015-06-10

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns the MySQLpassword in cleartext to a text box in the conguration panel, which allows remote

Archived Dark Reading RadioHow to Develop a Data Breach Incident Response Plan

From Target to Sony to Anthem, they are happening all around you: the big databreaches that compromise critical data and threaten the welfare of the corporate

brand. Is your organization ready to respond?UPCOMING!

Wednesday, June 24, 1pm EDTWhat You Probably Missed In The Latest Verizon Data Breach Investigations

Report (DBIR)FULL SCHEDULE | ARCHIVED SHOWS About Us

Contact UsCustomer Support

SitemapReprints

TwitterFacebookLinkedInGoogle+

RSS

attackers to obtain sensitive information via unspecied vectors.CVE-2014-8605

Published: 2015-06-10The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database

backup les with predictable names under the web root with insucient accesscontrol, which allows remote attackers to obtain sensitive information via a direct

request to a backup le in administrators/backups/.CVE-2014-8606

Published: 2015-06-10Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1

for Joomla! allows remote administrators to read arbitrary les via a .. (dot dot) inthe le parameter in a json_return action in the xcloner_show page to

wp-admin/admin-ajax.php.CVE-2014-8607

Published: 2015-06-10The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQLusername and password on the command line, which allows local users to obtain

sensitive information via the ps command.

Dark Reading Radio

FeaturedUBMTechSitesInformationWeek|NetworkComputing| Dr.Dobbs

Google's Privacy Invasion: It's Your Fault Page 1

Documents

Transcript of Google's Privacy Invasion: It's Your Fault Page 1