homepage Welcome to WebmasterWorld Guest from 107.20.37.62
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Google / Google News Archive
Forum Library, Charter, Moderator: open

Google News Archive Forum

    
Google Privacy Policy Updated
Chndru




msg:83875
 7:29 pm on Jul 12, 2004 (gmt 0)

Complete rehaul of wordings in the new Privacy Policy.
[google.com...]

Previous version can be found at: [google.com...]

 

Chndru




msg:83876
 3:36 pm on Jul 13, 2004 (gmt 0)

i am suprised at the lack of interest on this issue..

Amygdala




msg:83877
 4:22 pm on Jul 13, 2004 (gmt 0)

i am suprised at the lack of interest on this issue

I'm very interested, but you haven't said anything yet.

Scarecrow




msg:83878
 10:47 pm on Jul 13, 2004 (gmt 0)

On April 6, Google vice president Wayne Rosing was asked about Gmail, and was quoted by the Associated Press as saying, "We don't use the data collected on one service to enhance another." The issue was whether the Gmail accounts info would be merged with your searching history from your Google cookie, or with your surfing history from the toolbar, for that matter.

In the new privacy policy this has quietly been cleared up by Google, now that the Associated Press isn't particularly interested anymore. The new privacy policy says, "If you have an account, we may share the information submitted under your account among all of our services in order to provide you with a seamless experience and to improve the quality of our services."

Why did Google even confess this? There's a new California law that went into effect on July 1, the same day as the new privacy policy, that could have meant trouble if Google kept lying about this.

Send Mr. Rosing a bar of soap so that he can wash out his mouth.

Teknorat




msg:83879
 12:39 am on Jul 14, 2004 (gmt 0)

Lie to the public while there's media interest then quietly clarify when it's died down. Looking forward to the next google-watch update Brandt.

cabbie




msg:83880
 2:15 am on Jul 14, 2004 (gmt 0)

>i am suprised at the lack of interest on this issue>

I don't have the attention spam to read both Chndru.:(
I was hoping you would give us a summary of the juicy bits.:)

Teknorat




msg:83881
 2:52 am on Jul 14, 2004 (gmt 0)

That's what Scarecrow did. Basically Google said (in tricky wording) that they wouldn't be using the data from it's different services (ie. Gmail) as one. Now they say that they will. So now in theory the Government could subpoena- Your emails, your usage stats, what terms you have searched for, what sites you went to, what IP addresses you used, how much you spend on Adwords, how much you make on adsense, what news topics you read etc... They could do this in the past of course but now Google is saying that it has no problem clicking the pieces together as it where.

cabbie




msg:83882
 4:39 am on Jul 14, 2004 (gmt 0)

Thanks Teknorat.:)
At least they are upfront about it.

Scarecrow




msg:83883
 12:45 am on Jul 17, 2004 (gmt 0)

At least they are upfront about it.

Old privacy policy 2000-08-14:

"Google will not disclose its cookies to third parties except as required by a valid legal process such as a search warrant, subpoena, statute, or court order."

...

"Please be aware, however, that we will release specific personal information about you if required to do so in order to comply with any valid legal process such as a search warrant, subpoena, statute, or court order."

New privacy policy 2004-07-01:

"We do not rent or sell your personally identifying information to other companies or individuals, unless we have your consent. We may share such information in any of the following limited circumstances:

* We have your consent.

* We provide such information to trusted businesses or persons for the sole purpose of processing personally identifying information on our behalf. When this is done, it is subject to agreements that oblige those parties to process such information only on our instructions and in compliance with this Privacy Policy and appropriate confidentiality and security measures.

* We conclude that we are required by law or have a good faith belief that access, preservation or disclosure of such information is reasonably necessary to protect the rights, property or safety of Google, its users or the public."

________________________

Yes, Google is upfront about it. That's because the new California law, the Online Privacy Protection Act of 2003, which went into effect on July 1, 2004, requires that Google be upfront about it. Are we supposed to congratulate Google for complying with the law?

There are two significant steps backwards in Google's new policy. One is the sharing of information between all of Google's services, This wasn't an issue in the old policy because at that time Google only had one service.

But in addition to the fact that Google now officially admits that all data they collect will be shared between all their services, note the new wording in that last item above that starts out, "We conclude..." Note the wording carefully, especially the word "or." This means Google can give your personally identifiable information to anyone they want, whenever they want. All that's required is "good faith" on Google's part. How hard would it be to prove that Google lacks "good faith" in a court of law? How easy would it be for Google to spin things so that the judge decides in Google's favor?

The only assurance we have is that Google won't openly peddle our personally-identifiable information to other advertisers. But why would Google want to do this anyway? They'd naturally want to hold this information close to their chest, so that other advertisers have to go through Google to benefit from it.

This is not a privacy policy, it's legal insurance for Google, Inc. It wasn't written for the benefit of the users of Google, but for the benefit of the owners of Google. The only benefit for users is that now they know where Google is really coming from. And we have the California legislature to thank for that, not Google.

hutcheson




msg:83884
 12:59 am on Jul 17, 2004 (gmt 0)

To put this in some kind of rational context, has anyone compared Google's privacy policy to anyone else's?

But...has anyone compared the google privacy notice to, say, the one on msn.com? (now THERE'S a scary one. MSN won't sell your address to anyone, but they'll spam you themselves, if someone else pays for it. They use cookies; they track advertising; they decide which information about you is "sensitive" and which they can give out to anyone -- let's hope you're sensitive about the same things they are! They use spy-gifs as well as cookies -- cookies can be blocked, if you care; spy-gifs can't. (Don't want Big Brother inconvenienced by you not wanting him to track you.)

And as for commingling information: MSN and all its "partners" are one big happy family, and your sensitive information are a matter of family discussions whenever they feel like it. The partners are apparently not limited in what they can do with your information, so long as it profits their business; and after the partnership is over, exactly the same lack of restraints apply. MSN "won't sell your sensitive information," but who knows who its partners are or what they'll do for money (best guess: more than rats, but less than lawyers).

But Google is competing with hotmail, and must therefore be an Instantiation of Evil Incarnate. And that goes double for its privacy policy.

hutcheson




msg:83885
 1:09 am on Jul 17, 2004 (gmt 0)

Yahoo's policy is also interesting. Absolutely no limits on commingling information from any of their sources -- and since they have lots of commercial services, there are lots more opportunities to get especially sensitive information from you. They commingle information from and with "partners" (identity unspecified, but they give a list of industries involved, which reads like a roll-call of shame of the major spammers.) Unlike MSN, the partners have some kind of confidentiality agreement.

They do cookies (which nobody but a total moron complains about -- if you don't like cookies, you block them and go about your business). Unlike Google, but like MSN, Yahoo cookies are required for some functionality (this may be legit: for instance, shopping carts). Like MSN and unlike Google, they also do spy-gifs, , which can't be blocked so easily.

Unlike Google, they let their advertisers set cookies at you. Again, not a big problem: if you don't like cookie monsters, let Mozilla eat them.

Google has one privacy policy -- Yahoo has half a dozen, which makes one nervous, since all of them can share data anyway.

hutcheson




msg:83886
 1:14 am on Jul 17, 2004 (gmt 0)

AOL -- not that different from Yahoo. Less about partners.

And ... Is Google the ONLY major site that DOESN'T (yet) use spy-gifs?

Are there any good spy-gif blockers out there?

Powdork




msg:83887
 1:26 am on Jul 17, 2004 (gmt 0)

True Hutcheson,
But none of those companies have ever promised to "Do No Evil". In fact, many of us expect evil from MSN. That doesn't mean I don't like them, just that I should be aware of the fact when dealing with them. I no longer trust Google. Not because of this event, but because of a series of changes like this among all of their programs. It doesn't mean I don't like them, just that I have to be aware of it when bringing it up. It means I now use IE, with the toolbar, much less, and Firebird much more when using Google. And I delete the cookies much more frequently.

Scarecrow




msg:83888
 1:56 am on Jul 17, 2004 (gmt 0)

Powdork has a point. Google has been telling us, either explicitly ("Don't be evil"), or by omission (not spelling things out that should have been spelled out long ago), that Google, Inc. is not like all the other scum out there.

Alexa has an ugly privacy policy. Scares the daylights out of me. Yet it is extremely detailed, and I give them credit for not hiding anything.

Amazon's www.a9.com has an ugly privacy policy, also very detailed and scary. They fully intend to track you to the ends of the earth. I give Amazon credit for telling it like it is, and for offering a generic.a9.com that provides a less-scary alternative.

Google has been playing games with our heads. They've been jerking us around for public relations reasons. Or, maybe they really believe that they're Not Capable of Evil, which is the worst possible, and most creepy scenario of all possible scenarios.

Why is it that I feel dirty when I visit MSN or Yahoo or Alexa or Amazon, but I feel dirty and suckered too, when I visit Google?

Spica




msg:83889
 2:11 pm on Jul 17, 2004 (gmt 0)

They do cookies (which nobody but a total moron complains about -- if you don't like cookies, you block them and go about your business).

Allow me to disagree, Hutcheson. Cookies are, and will remain, a very important issue because the average internet user has no idea what cookies are, even less how to reject or delete them.

hutcheson




msg:83890
 3:20 pm on Jul 17, 2004 (gmt 0)

>Allow me to disagree: Cookies are, and will remain, a very important issue because the average internet user has no idea what cookies are, even less how to reject or delete them.

The "average internet user" uses the Internet Explorer, and in its collection of security holes loosely tied together with security platitudes from technically clueless marketroids, cookies are the smallest and most trivial security issue: you might say cookies are the most secure feature of the IE. But, of course, the "AIE" doesn't care about security. So for him cookies are not a problem.

But if the "average internet user" ever decides to be concerned about security issues, cookies will still remain just as totally trivial an issue as they are now, because anyone who goes to the "privacy and security" area of any real browser will be able to figure out in mere minutes all they need to know to clear them out.

Anyone that cares, can control them trivially. For anyone who doesn't care, by definition, they are even less important than "absolutely trivial".

Where on earth could you find an issue more obviously and totally trivial than that?

Scarecrow




msg:83891
 5:36 pm on Jul 17, 2004 (gmt 0)

Google started using a cookie that expires in 2038 no later than year 2000. That was when I first noticed it. Maybe it was in there by the end of 1999 -- I don' t know. Their first toolbar (which reads the cookie and sets one if you don't have one) came out in December 2000.

Cookies were a big issue in 1999 and 2000. In 1999 privacy advocates lobbied against the DoubleClick / Abacus merger on the grounds that Doubleclick planned to match their vast cookie database with personally-identifiable information from Abacus. DoubleClick backed down.

In June, 2000 the White House issued an order prohibiting all federal agencies from using persistent cookies. It's still in effect.

Google waltzed into this environment by setting a cookie with a unique ID that expires in 2038. No one said anything (except me) because Google is so "cool." Google was the first major domain to use a maximum cookie. I say this because I was looking at a lot of cookies from major websites in 2000, and Google's was the first I had seen that expired in 2038. Most expired in 10 years. In 2000 I even helped pressure the New York Times into improving their cookie with better encryption. They were using a simple transposition cipher to place your password in their cookie, which took about 30 minutes to figure out. Most versions of Explorer leaked cookies across domains at that time, if you knew how to do one of several simple exploits.

In July 2000, Microsoft announced that it was developing a set of cookie management features for Explorer. Netscape and Opera were already able to block third-party cookies. Note that the initial movement here was in response to third-party cookies because DoubleClick, which was the biggest offender, was in the news at the time. I believe that Explorer 5.5 was the first to have some management features, including designating sites as "restricted," which prevented cookies from that site. In Explorer 6.0 the cookie management was refined, so that you can specifically block cookies from specific domains, and it's easier than designating a site as "restricted." You still have to click pretty deep to find it, but it's much better than version 5.5. You have to click pretty deep to do anything on Explorer. Try this in version 6.0: Tools - Internet Options - Privacy - Edit (at bottom of box).

Basically, it was the fact that Microsoft got on board that made cookie management a reality in most browsers by 2004. And Microsoft got on board because privacy advocates made it an issue in 1999-2000.

Many, many webmasters were saying that cookies were trivial in 1999 and 2000 -- I remember this very clearly from the forums in 2000. I'm glad the trivializers did not prevail back then, or we wouldn't have had any cookie control today.

And Google did nothing, nothing, nothing on this issue the entire time. Advanced and aware users have some control over Google's cookie by now, but Google deserves absolutely zero credit for this. In fact, Google's approach is really offensive. If you don't accept Google's cookies and try to set preferences, they tell you that "Your cookies seem to be disabled. Setting preferences will not work until you enable cookies in your browser."

The fact of the matter is that you can set all your preferences in a bookmark for the Google home page, if you know how. But Google won't tell you how. The other fact is that even if cookies were needed to set preferences, you sure as heck wouldn't need a unique ID in the cookie to do this.

Who's the not-so-bad guy in this little story? A reluctant, lumbering, clumsy giant called Microsoft who finally put something into gear back in July 2000, or the limber "don't be evil" Google who did nothing except ignore, mislead, and obfuscate from then right up to this very minute?

Powdork




msg:83892
 6:11 pm on Jul 17, 2004 (gmt 0)

Excellent post for those of us who weren't online back in the day, Scarecrow.

dmorison




msg:83893
 6:23 pm on Jul 17, 2004 (gmt 0)

Surely if you update a privacy policy then you must destroy all data collected under the terms of the previous privacy policy (or treat it in accordance with the privacy policy under which it was collected); otherwise a privacy policy means squat.

blaze




msg:83894
 6:31 pm on Jul 17, 2004 (gmt 0)

Ah, so now I know who to blame for all the problems I have with tracking usage on my website!

;)

Scarecrow




msg:83895
 7:13 pm on Jul 17, 2004 (gmt 0)

...otherwise a privacy policy means squat

Bingo. They all mean squat. The only thing that impresses Google, Microsoft, Alexa, Amazon, Yahoo and all the others is the long arm of regulation.

Even public opinion doesn't matter; these companies can weather bad press. Public opinion only matters if it encourages regulation.

There's also a question of whether governments - the U.S., Europe, Japan - even have enough clout to regulate Microsoft.

But at the moment Google is still responsive to regulation. They show every indication that they will comply with California laws, actual and proposed. On a federal level, they have twice revised their S-1 statement - most likely in response to SEC comments. (Hard to say, since the SEC keeps their comments private. In the future, the SEC will make them public, but that's too far into the future to affect the current S-1 situation with Google.)

Also on a federal level, Google's AdWords policies were changed slightly in response to federal pressure on gambling and rogue pharmacy ads. Too little, too late on the pharmacy issue, but there were some changes made by Google, and tougher federal laws about this may be coming soon.

In it becomes law, California's SB 1822 will set an important precedent for Google, Yahoo, Ask Jeeves, and any other corporation located in California, with respect to practices regarding the handling of email, and the retention of deleted email. It will probably influence legislation in other jurisdictions as well. It deserves your support.

HughMungus




msg:83896
 10:30 pm on Jul 17, 2004 (gmt 0)

Unless you can get your information removed from a company's database if they change their privacy policy, aren't privacy policies basically meaningless as they can be changed from day to day?

claus




msg:83897
 11:14 pm on Jul 17, 2004 (gmt 0)

We may share such information in any of the following limited circumstances: (...)
access, preservation or disclosure of such information is reasonably necessary
(...)
>> Note the wording carefully, especially the word "or."

Dunno... i especially noted the word preservation.

It sort of slips out of context like, say a piece about oranges that also must mention "tuna fish" for some reason.

The words "share" (1st line) and "preservation" doesn't even refer to the same kind of concepts on an abstract level. Otoh, "access" and "disclosure" are quite similar to "share".

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google News Archive
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved