Apple users: Only Apple can track us! Not Google UK Apple fans are suing Google for tracking them online against their will over a five-month period. iThing owners who used the Safari browser between September 2011 and February 2012 allege that Google bypassed the web browser's security settings to plant a temporary cookie that skimmed information from them to personalise …
Let's deflect attention with childish sarcastic headlines.
Let's gloss over the fact that Google knowingly wrote code to achieve their end goal by calling it a "cookie slip-up".
No mention of sinister war driving SSID slurping sinister Google tactics then? No, of course not.
Boot. Other foot. Usual standard of journalism.
I wish people would get over the fact that privacy when you're using technology doesn't really exist.
Of course, paranoid people wearing tin hats will always spend time and effort trying to keep what they think is their privacy intact. Personally, I've got better things to do with my life - governments and tech companies can judge what I do with that life as much as they want.
Sorry but I'll have to see your lawyers before you can have a "skinny soymilk frappucino" as that is a method outlined in Apple's patent iCaff.
As for a lawsuit over this, I wonder what sort of ads Google ended up targetting at these clueless Safari users (pardon my tautology)? I'm willing to bet they were mainly for wildly over-priced brushed aluminium-clad laptops and fruity phones. Oh and trendy coffee bars where the punters cogitate deeply on what kind of cow soymilk comes from...
I wonder what sort of ads Google ended up targetting at these Safari users
Privacy protection software, I'd imagine. And thank you for labelling normal computer users who like some quality as "trendy" - let me know when you've looked up the word usability. I know it's not a common word in the world of Linux and Windows.
Don't forget that the same kind of thing also happened on MSIE (link to El Reg article), I quote: "“When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too?” Dean Hachamovitch, VP of Internet Explorer wrote in a blog post. “We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.”".
Only Microsoft has also released data which should show this behaviour.
Hmm, Apple and Microsoft against Google, now that's a somewhat odd combination IMO.
But if that's the case, it means that Apple is irrelevant to the story. It's rather sloppy reporting for the media to go on about Apple users, when it affects a far larger number of IE users (and possibly others - wonder if it affects Chrome!), and the issue was noticed on IE almost a year ago.
"seriously you think Google are the only ones to have tracking cookies... it's just that Safari is such an insecure browser that they are easy to write for!
get a real browser and then you won't have the problems :)"
Does it matter what tech you like? You're all being tracked no matter what you do.
Probably because everyone decided to make voluntary? It is a W3C proposal, y'know those people who look after http standards.
So Apple is following standards and Google is choosing to ignore them.
http://en.wikipedia.org/wiki/Do_Not_Track
Both Google Search and Microsoft's Bing ignore it.
They circumvented it by writing code that went out of its way to fake what looked like a legitimate response to user action (posting data to a third party domain). They explicitly did this to get around the fact that Safari (unlike any other browser including Chrome and Firefox) defaults to reject third-party cookies.
Similar to the long-running furore over :visited links it's really not just as simple as 'just stop it'. If you stop this kind of thing (by doing deep analysis on exactly what every script is doing for example), you break thousands of websites who are doing this kind of thing perfectly legitimately to do things users actually WANT. At that point everyone says "this browser's rubbish" and simply switches to another less privacy-conscious one.
Google circumvented this deliberately, and justified it internally by saying that if a user hadn't consciously opted out (it was the default) then how were they to know if it was actually the users' preference or not... until they got caught of course, when they promptly admitted it and stopped. For the latest round of this particular argument, look at the response to IE10 defaulting to Do Not Track.
The Apple haters blaming Safari or iOS for "insecurity" are showing their ignorance. Google didn't exploit a security hole to do this, they were just acting like a spoiled child whose parents told him he couldn't have a cookie and took one while his parents weren't looking. The "do not track" standard is rather like the "do not call" list. There is nothing in the protocol to enforce it, but one should be able to assume that companies which violate it are up to no good. Google's "oops it was an accident" excuse might possibly have been believable, if they hadn't been caught doing exactly the same thing (but in a slightly different way) to IE.
The fact is, Google is all about standards and freedom, until something comes along to threaten what they make most of their money on: knowing as much as possible about its users to serve it's customers' needs. Note that "customers" to Google isn't us, it is the advertisers who pay them. People can whine about Apple, Microsoft or IBM being soulless profit motivated corporations all they want, but while they're right the "soulless profit motivated" part was redundant to the word "corporation". The problem is, those who think Google is any different are just as delusional as those who think Apple occupies some special slot in the tech world.
They've got two hopes. The data protection act very clearly defines what is classed as "personal" information, and your shopping history, once anonymised, ain't it. Besides, just about every major UK-based website has had the requisite "BY USING THIS SITE YOU AGREE TO OUR COOKIES" notification popup in place for the best part of a year now.
We have warnings on some beaches that sand is dangerous and can kill - because who knew that digging a hole in sand and crawling inside it could suffocate you :/
Additionally we have these wondeful LED road signs that impart such useful information as "Caution Low Temperature" and "Snow Forecast" - I'm pretty sure we all have the ability to determine if the air feels cold and therefore there is likely to be cold and perhaps icy roads, and I'm fairly sure when we see snow on the ground - we can suspect that there will be snow on roads - but my favourites are things like "Winter Driving, drive to road conditions" - which suggests that we don't drive to the road conditions unless told to. There is also a drink that comes in a carton which has "instructions for use" and a push chair with instructions on how to fold which begin - "Step 1, Remove baby" - the saddest part of this whole post though - is that these instructions came about because someone, somewhere was stupid enough - that they honestly didn't know :/
...things like "Winter Driving, drive to road conditions" - which suggests that we don't drive to the road conditions unless told to.
Hear, hear! How dare they suggest such a thing, when the reality is that most of us don't drive to road conditions even when told to!?
By the way, have you ever seen the instructions on a packet of toothpicks?
I doubt if anyone expects any compensation, it is probably enough for the claimants that Google incurs a large legal bill, some bad publicity and a spell on the naughty step. . Oh, did I forget the claimant's lawyers? No doubt any settlement will include a massive wodge of moolah for them. These things are usually lawyer driven.
So yes, you are right, the UK is getting like the US :(
As someone else has already mentioned the Cookie law - I thought I would just pop in.
I'm much more concerned that us smaller websites have had to bend over backwards to implement what is arguably the most stupid tech law ever conceived - while I still see no signs of the likes of Google, Facebook, Twitter complying with it - they have a UK presence and they certainly have an EU presence - we are now almost a year into the new law - and I see no sign that they even plan to comply with it..... I take it - it is just small websites that are going to be fined for not complying then?
"... if it is hosted outside the uk, then you don't need to worry about the silly cookie law.
Holland has good latency to the UK"
Isn't Holland in the EU, and it was an EU directive? I haven't checked, maybe it wasn't implemented in such a way in the Netherlands, but it might just be a matter of time.
Two things: firstly, you obviously don't seem to know much about jurisdiction in the EU; secondly, the UK law is only the national version of EU-wide legislation. But, please do carry on with your feckless approach to stuff. You might even want to start a Facebook group about it.
That is the dumbest reply to a post I have ever seen on ElReg
Well, while it's pretty stupid it's nowhere near as dumb as some of the stuff we get. Some of our commentards are, er, really gifted when it comes to getting the wrong end of the stick.You obviously don't read enough. Don't worry, stick around long enough and you'll soon lose the will to live and any hope you might have left for humanity!
I have seen a lot of trolls come and go in the comments but rarely see genuinely dumb responses like the fool above
I fear it's you who is the fool here. For what I've seen so far of Google, that's EXACTLY what they do.
Take, for instance, their statement that the cookie doesn't contain personal information which is completely irrelevant. That's almost as bad as the BS they put in their mail service explanation that has to explain away that they are in essence running a service that as far as I can tell is fully in breach of privacy laws (actually they already have convictions for that outside Europe, so it's only a matter of time before it hits them in the EU too).
A cookie doesn't have to CONTAIN personal information to violate Data Protection, all it needs to do is to act as a reference to such information which allows to tie together various otherwise separate bits of information.
It's exactly this kind of bullshit that has made me distrust *anything* that Google does. Their preference to serve up large gobs of BS instead of coming right out indicates to me an attitude of "as long as we're getting away with it it's legal" instead of looking what the law actually says.
Which is the point the original OP made.
This is the Google MO.
Break the law openly, brazenly and on a massive scale, thus rendering the law useless. Why should anyone else comply when the web's largest presence openly flaunts the law.
No fine can hurt them, because the politicos who make the law simply do not understand, or have been paid to misunderstand.
I can't be asked to re-read the whole thing, but the containment conditions for your information are exceptionally weak. As long as you have any sort of business relation with Google, the terms allow them to share your information. Thus, if you supply toilet paper to Google it's enough.
There is, however, a much more dangerous aspect which Google is skirting. Under UK as well as EU data protection laws, accessing "sensitive" information about you (i.e. what medicine you look up, or which financial service you use for, say, debt management) requires EXPLICIT permission from the user (let me spell that out for you: Google needs to ask your permission in a separate, isolated statement, not embedded in light grey 6 point on white font somewhere down in the ToS). As far as I know, it has not done so for the majority of its current users in Europe which seems to put them in breach - yet again.
They really seem to consider fines just the cost of doing business, and given what the FTC fined them you cannot really blame them for having that opinion. I call that a Wall Street spillover - after all, that's the attitude that gave us global economic crisis III.
The Location Tracking icon appears in the upper right of my iPhone's screen even though *all* individual apps have Location Services disabled.
*They* (the 'Them-They' They with the capital 'T') are tracking me.
So I'll have to spend the evening driving around to places that do not interest me in the slightest, to throw Them off the track.
This post has been deleted by its author
"The Location Tracking icon appears in the upper right of my iPhone's screen even though *all* individual apps have Location Services disabled.
*They* (the 'Them-They' They with the capital 'T') are tracking me.
So I'll have to spend the evening driving around to places that do not interest me in the slightest, to throw Them off the track."
Best way. Throw them nonsense.
"engagements, presents and holidays were destroyed when partners looked at their computers and saw display ads based on sites previously visited"
Whiners! Real men do the online shopping from work, and wouldn't dream of looking on their partners iThingy
On an unrelated note, why does my popular! webmail! provider! serve me up adverts for Asian dating and a certain tubular video sharing site serve me adverts for mature dating? It makes no sense - I've only been browsing latex bdsm sites.
"It took a Stanford researcher to spot the cookie planting gaffe by Google."
Err no it was not a gaffe. The code was specifically designed to submit a page to Google, fooling Safari into thinking the user had submitted the page, thus bypassing the "only allow cookies from sites I visit" security setting. There was absolutely no gaffe at all, Google knew exactly what they were doing. Get it right, and perhaps the pro-Google, anti-Apple bias should be toned down a bit too?
"It could mean for many users that surprises such as engagements, presents and holidays were destroyed when partners looked at their computers and saw display ads based on sites previously visited. There are many examples of the inappropriate consequences of such intrusion"
would this only happen if they were using the same account and therefore password sharing?
hmmm
would this only happen if they were using the same account and therefore password sharing?
I dont know a huge number of people who have password management policies established for their families use of their home IT assets, but you make a good point.
Unfortunately, I dont think the cool iShiny has the ability to set up multiple users so it is only one account - password sharing is broadly irrelevant (assuming it has been configured to use a password in the first place).
Nothing is free on this planet. Even your death will cost your next of kin a bomb. If you don't want Google trying to make a living off supplying products and services to you then stop using all google products FFS.
Maybe you could try Bing?!
Queue maniacal evil laugh muhahahahahaaaaaa
The problem with that is you really can't avoid Google's ad-pushing services (and Google Analytics) on 3rd party web pages. These are (or can be) used to collect profiles as well (IPs which Analytics collects and keeps are as good as cookies in most cases, or actually better in that they are globally unique identifiers at a given point in time).
You may think no one gives a shit what you have been looking at, but people will pay good money for that information so they must actually give a shit.
The fact you are selling it for a lot less than other people are selling it on is a totally different matter. The fact is that you are the only person losing out on the deal.
"It could mean for many users that surprises such as engagements, presents and holidays were destroyed when partners looked at their computers and saw display ads based on sites previously visited. There are many examples of the inappropriate consequences of such intrusion."
Glad they could come up with an excuse they could use in front of their wives. They probably won't be served with adverts for large plugs but may wonder why the advert for the Lesbian Advice Line pops up so regularly.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
