Being that its been such a disastrous few weeks for Google in the privacy violation department I thought I'd go back to the topic of its new privacy rules as well as get into some of the important technicalities associated with Do Not Track protections in light of the President's proposed Privacy Bill of Rights.
First, let's go to reigning anti-privacy global champion Google, who is changing its privacy policies this week, placing 60 of its 70 existing product privacy policies under
one blanket policy and breaking down the identity barriers between (to
accommodate its new Google+ social network software) them as well. In other words, Google will combine data from all its services, so when users are signed in, Google may
combine identity information users provided from one service with information
from other services. The goal is to treat each user as one individual across
all Google products, such as Gmail, Google Docs, YouTube and other Web
services. You can read more about this policy in a recent post of mine.
Then we find out that Google has been bypassing the privacy settings in Apple's Safari browser. This is of particular concern and importance because that system, and those users, are specifically INTENDING that such monitoring be BLOCKED.
So that was the "Google" backdrop for a few other related stories. First, the President proposed a Consumer Privacy Bill of Rights that has some potential, though numerous pitfalls (I'll get to that later). And second, while Google has agreed to offer a kind of "Do Not Track" mechanism on Chrome, this didn't stop The Electronic Privacy Information Center (EPIC) from attempting to make Google obtain its users permission BEFORE sharing their private information as a result of its new privacy policy.
Unfortunately, U.S. District Judge Amy Berman
Jackson said the court had no authority to force the FTC to keep Google in
check. As detailed by Courthouse News, this isn't Google's first brush with the law: In June 2011, a federal judge approved an $8.5
million class action settlement
brought by 31 million Gmail users who sued Google for exposing their personal
information through its recently discontinued email feature, Google Buzz. In
their lawsuit, users called the feature, which automatically shared their
information with their email contacts, an "indiscriminate bludgeon"
that could reveal the names of doctors'
patients or lawyers' clients, or
even the contacts of a gay person "who was struggling to come out of the
closet and had contacted a gay support group."
The judge also made it clear that her ruling should not be taken as
an endorsement of Google's privacy
policies or her opinion on whether they violate the consent order.
So what does Google's new policy mean to you and what are some ways to better protect your privacy?
Don't sign in
This is the easiest and most effective tip.Many of Google's
services -- most notably search, YouTube and Maps -- don't
require you to sign in to use them. If you're
not logged in, via Gmail or Google+, for example, Google doesn't know who you are and can't
add data to your profile.
But to take a little more direct action ...
Removing your Google search history
Eva Galperin of the Electronic Frontier Foundation has compiled a step-by-step guide to deleting and disabling
your Web History, which includes the searches you've
done and sites you've visited.
It's pretty quick
and easy:
-- Sign in to your Google account
-- Go to www.google.com/history
-- Click "Remove all Web History"
-- Click "OK"
As the EFF notes, deleting your history will not prevent
Google from using the information internally. But it will limit the amount of
time that it's fully accessible.
After 18 months, the data will become anonymous again and won't be used as part of your profile.
Clearing your YouTube history
Similarly, users may want to remove their history on
YouTube. That's also pretty quick
and easy.
-- Sign in on Google's
main page
-- Click on "YouTube" in the toolbar at the top of
the page
-- On the right of the page, click your user name and select
"Video Manager"
-- Click "History" on the left of the page and
then "Clear Viewing History"
-- Refresh the page and then click "Pause Viewing
History"
-- You can clear your searches on YouTube by going back and
choosing "Clear Search History" and doing the same steps.
Interestingly, just as the White House pushes a privacy bill of rights its new online privacy legislation for Congress to consider,
Google
(in the wake of its privacy invasions) decided to get behind "Do Not Track," for Google Chrome.
As Computerworld defines it, and how such a mechanism is eventually defined and operated is critical to its usefulness, "Do Not Track" is a "
technology that relies on information in the HTTP header, part of the requests and responses sent and received by a browser as it communicates with a website, to signal that the user does not want to be tracked by online advertisers and sites.
In the browsers that now support the Do Not Track header, a user tells sites he or she does not want to be tracked by setting a single option. In Mozilla's Firefox, for instance, that's done through the Options (on Windows) or Preferences (Mac) pane by checking a box marked, "Tell web sites I do not want to be tracked."." That of course...just how well it does that and how is the million dollar question."
So what did Google just agree to by adding its
support for Do Not Track to its Chrome browser?
Computerworld has more:
So, when I tell my browser to send the Do Not Track request,
no one will monitor my movements?
Hold on there, pardner. Thursday's commitment by Google to support Do Not Track in
Chrome may have been a clear win for the specific way that request is communicated,
but there's no such clarity on what
websites do -- or don't do -- when
they receive that signal.
"On the technology side, this is an unambiguous win,
but on the policy side there is still a lot of work to be done," Mayer
said yesterday. The Electronic Frontier Foundation (EFF), an online privacy
advocacy organization, said much the same. "While today was a great
advancement on the Do Not Track technology, it did not meaningfully move the
ball forward on the Do Not Track policy," said Rainey Reitman, the EFF's activism director, in a Thursday blog.
What have sites agreed to do with Do Not Track?
They'll stop using cookies to craft targeted ads, the
kind pointed at you based on your past surfing and other online behavior.
But the companies that lined up Thursday to support Do Not
Track -- the ad networks, websites and corporations who belong to the latest
online ad industry trade group, the Digital Advertising Association (DAA) --
haven't promised to actually stop tracking
users' Web movements. Instead, they've pledged to not use tracking data to serve
targeted ads -- which the DAA calls "behavioral advertising" --
or use that tracking information "for the purpose of any adverse
determination concerning employment, credit, health treatment or insurance
eligibility, as well as specific protections for sensitive data concerning
children." (IDG, the parent company of Computerworld, is a member of
DAA, according to the association's list of participating companies and ad networks.
Other media firms that will hew to the DAA's
behavioral ad guidelines around Do No Track include Conde Nast, ESPN, Forbes
and Time.)
What? So Do Not Track doesn't
mean just that?
Right, which is why privacy groups are pushing for a stricter
interpretation. The EFF, for one, is leery of the advertising industry's sincerity.
"Historically, the DAA has eschewed providing users
with powerful mechanisms for choices when it comes to online tracking,"
said EFF's Reitman. "The
self-regulatory standards for behavioral advertising have offered consumers a
way to opt out of viewing behaviorally targeted ads without actually stopping
the online tracking, which is the root of the privacy concern."
Reitman worried that the DAA would mess with the simplicity
of Do Not Track, and try to turn it into "slippery legalese that doesn't promise to do much of anything about
tracking."
Anything else about the Do Not Track promises made by the
advertising industry I should know?
Yep, one interesting aspect: The DAA said
it would not honor the setting if "any entity or software or technology
provider other than the user exercises such a choice." EFF's Reitman
interpreted that as a pre-emptive strike against browser makers that may want
to turn on Do Not Track by default. (None do at this point.... It's off in Firefox, IE9 and Safari until the user
manually changes the setting.)
Click here for more.
With that,
let me take you to the New York Times article that
delves deeply into the Do Not Track concept and where the battle lines will likely be drawn: separating those that want privacy, and more control over their own data, versus those that want to profit off violating that privacy, and selling that data.
The issue of digital privacy, especially how users’ data is
collected online and then employed to show those users ads tailored to them,
has been hotly debated for years. The announcements represent the attempt to satisfy consumer
privacy concerns while not stifling the growth of online advertising, which is
seen as the savior of media and publishing companies as well as the advertising
industry. According to the Interactive Advertising Bureau, digital advertising
revenues in the United States
were $7.88 billion for the third quarter of 2011, a 22 percent increase over
the same period in 2010.
The industry’s compromise on a “Do Not Track” mechanism is
one result of continuing negotiations among members of the Federal Trade
Commission, which first called for such a mechanism in its initial privacy
report; the Commerce Department; the White House; the Digital Advertising
Alliance; and consumer privacy advocates.
Until now, methods for opting out of custom advertising
varied depending on the privacy settings of a user’s browser or whether a user
clicked on the blue triangle icons in the corners of some digital ads. Under
the new system, browser vendors will build an option into their browser
settings that, when selected, will send a signal to companies collecting data
that the user does not want to be tracked.
The agreement covers all the advertising alliance’s members,
including Google, Yahoo, AOL, Time Warner and NBCUniversal.
Privacy advocates complain that the mechanism does not go
nearly far enough in part because it affects only certain marketers. Many
publishers and search engines, like Google, Amazon or The New York Times, are
considered “first-party sites,” which means that the consumer goes to these Web
pages directly. First-party sites can still collect data on visitors and serve
them ads based on what is collected.
...
Some consumer privacy advocates, while offering measured
praise for the new privacy option, saw the move as an attempt to thwart a more
restrictive stance on data collection. Jeffrey Chester, the head of the Center
for Digital Democracy, which is pushing for more restrictions on data
collection, called the move a win for the advertising lobby.
In a statement, Mr. Chester said: “We cannot accept any
‘deal’ that doesn’t really protect consumers, and merely allows the
data-profiling status quo to remain. Instead of negotiations, C.D.D. would have
preferred the White House to introduce new legislation that clearly protected
consumers online.”
But advertisers have plenty to fear if consumers use Do Not
Track in large numbers. “If there’s a high rate of opt-out, it’s an issue,”
said George Pappachen, the chief privacy officer of the Kantar Group, the
research and consultant unit of WPP. “Our position is data should flow,” Mr.
Pappachen said, adding that data helps drive innovation and newer commercial
models.
...
And there are still unresolved technical issues regarding Do
Not Track, including what defines tracking and how that would apply to
first-party and third-party Web sites. Over the last few months the World Wide
Web Consortium, an international group that sets voluntary technical standards
for the Web, has been working with representatives from companies like
Microsoft, Google and Nielsen, along with academics, privacy advocates,
legislators and digital advertising groups, to define the technical standard of
Do Not Track.
The consortium is also considering whether sites like
Facebook, whose “like” button is used across multiple Web sites, would be
considered first-party or third-party sites.“I do think you will see a lot of contention going forward
about what Do Not Track means,” said Thomas Roessler, the technology and
society domain leader at the consortium.
Whether any companies should be allowed to collect data and
follow users online, regardless of who they are, remains “the million-dollar
question,” said Alex Fowler, the global privacy leader at Mozilla, the
nonprofit organization that created the Firefox browser. Firefox was one of the
first to include a Do Not Track option.“When you look at user testing, the expectation for the user
for Do Not Track means, don’t behaviorally target me and also don’t collect
information on me,” Mr. Fowler said.
Stay tuned...