| 7:29 pm on Jul 12, 2004 (gmt 0)|
Previous version can be found at: [google.com...]
| 3:36 pm on Jul 13, 2004 (gmt 0)|
i am suprised at the lack of interest on this issue..
| 4:22 pm on Jul 13, 2004 (gmt 0)|
|i am suprised at the lack of interest on this issue |
I'm very interested, but you haven't said anything yet.
| 10:47 pm on Jul 13, 2004 (gmt 0)|
On April 6, Google vice president Wayne Rosing was asked about Gmail, and was quoted by the Associated Press as saying, "We don't use the data collected on one service to enhance another." The issue was whether the Gmail accounts info would be merged with your searching history from your Google cookie, or with your surfing history from the toolbar, for that matter.
Send Mr. Rosing a bar of soap so that he can wash out his mouth.
| 12:39 am on Jul 14, 2004 (gmt 0)|
Lie to the public while there's media interest then quietly clarify when it's died down. Looking forward to the next google-watch update Brandt.
| 2:15 am on Jul 14, 2004 (gmt 0)|
>i am suprised at the lack of interest on this issue>
I don't have the attention spam to read both Chndru.:(
I was hoping you would give us a summary of the juicy bits.:)
| 2:52 am on Jul 14, 2004 (gmt 0)|
That's what Scarecrow did. Basically Google said (in tricky wording) that they wouldn't be using the data from it's different services (ie. Gmail) as one. Now they say that they will. So now in theory the Government could subpoena- Your emails, your usage stats, what terms you have searched for, what sites you went to, what IP addresses you used, how much you spend on Adwords, how much you make on adsense, what news topics you read etc... They could do this in the past of course but now Google is saying that it has no problem clicking the pieces together as it where.
| 4:39 am on Jul 14, 2004 (gmt 0)|
At least they are upfront about it.
| 12:45 am on Jul 17, 2004 (gmt 0)|
|At least they are upfront about it. |
"Google will not disclose its cookies to third parties except as required by a valid legal process such as a search warrant, subpoena, statute, or court order."
"Please be aware, however, that we will release specific personal information about you if required to do so in order to comply with any valid legal process such as a search warrant, subpoena, statute, or court order."
"We do not rent or sell your personally identifying information to other companies or individuals, unless we have your consent. We may share such information in any of the following limited circumstances:
* We have your consent.
* We conclude that we are required by law or have a good faith belief that access, preservation or disclosure of such information is reasonably necessary to protect the rights, property or safety of Google, its users or the public."
Yes, Google is upfront about it. That's because the new California law, the Online Privacy Protection Act of 2003, which went into effect on July 1, 2004, requires that Google be upfront about it. Are we supposed to congratulate Google for complying with the law?
There are two significant steps backwards in Google's new policy. One is the sharing of information between all of Google's services, This wasn't an issue in the old policy because at that time Google only had one service.
But in addition to the fact that Google now officially admits that all data they collect will be shared between all their services, note the new wording in that last item above that starts out, "We conclude..." Note the wording carefully, especially the word "or." This means Google can give your personally identifiable information to anyone they want, whenever they want. All that's required is "good faith" on Google's part. How hard would it be to prove that Google lacks "good faith" in a court of law? How easy would it be for Google to spin things so that the judge decides in Google's favor?
The only assurance we have is that Google won't openly peddle our personally-identifiable information to other advertisers. But why would Google want to do this anyway? They'd naturally want to hold this information close to their chest, so that other advertisers have to go through Google to benefit from it.
| 12:59 am on Jul 17, 2004 (gmt 0)|
And as for commingling information: MSN and all its "partners" are one big happy family, and your sensitive information are a matter of family discussions whenever they feel like it. The partners are apparently not limited in what they can do with your information, so long as it profits their business; and after the partnership is over, exactly the same lack of restraints apply. MSN "won't sell your sensitive information," but who knows who its partners are or what they'll do for money (best guess: more than rats, but less than lawyers).
| 1:09 am on Jul 17, 2004 (gmt 0)|
Yahoo's policy is also interesting. Absolutely no limits on commingling information from any of their sources -- and since they have lots of commercial services, there are lots more opportunities to get especially sensitive information from you. They commingle information from and with "partners" (identity unspecified, but they give a list of industries involved, which reads like a roll-call of shame of the major spammers.) Unlike MSN, the partners have some kind of confidentiality agreement.
They do cookies (which nobody but a total moron complains about -- if you don't like cookies, you block them and go about your business). Unlike Google, but like MSN, Yahoo cookies are required for some functionality (this may be legit: for instance, shopping carts). Like MSN and unlike Google, they also do spy-gifs, , which can't be blocked so easily.
Unlike Google, they let their advertisers set cookies at you. Again, not a big problem: if you don't like cookie monsters, let Mozilla eat them.
| 1:14 am on Jul 17, 2004 (gmt 0)|
AOL -- not that different from Yahoo. Less about partners.
And ... Is Google the ONLY major site that DOESN'T (yet) use spy-gifs?
Are there any good spy-gif blockers out there?
| 1:26 am on Jul 17, 2004 (gmt 0)|
But none of those companies have ever promised to "Do No Evil". In fact, many of us expect evil from MSN. That doesn't mean I don't like them, just that I should be aware of the fact when dealing with them. I no longer trust Google. Not because of this event, but because of a series of changes like this among all of their programs. It doesn't mean I don't like them, just that I have to be aware of it when bringing it up. It means I now use IE, with the toolbar, much less, and Firebird much more when using Google. And I delete the cookies much more frequently.
| 1:56 am on Jul 17, 2004 (gmt 0)|
Powdork has a point. Google has been telling us, either explicitly ("Don't be evil"), or by omission (not spelling things out that should have been spelled out long ago), that Google, Inc. is not like all the other scum out there.
Google has been playing games with our heads. They've been jerking us around for public relations reasons. Or, maybe they really believe that they're Not Capable of Evil, which is the worst possible, and most creepy scenario of all possible scenarios.
Why is it that I feel dirty when I visit MSN or Yahoo or Alexa or Amazon, but I feel dirty and suckered too, when I visit Google?
| 2:11 pm on Jul 17, 2004 (gmt 0)|
|They do cookies (which nobody but a total moron complains about -- if you don't like cookies, you block them and go about your business). |
Allow me to disagree, Hutcheson. Cookies are, and will remain, a very important issue because the average internet user has no idea what cookies are, even less how to reject or delete them.
| 3:20 pm on Jul 17, 2004 (gmt 0)|
>Allow me to disagree: Cookies are, and will remain, a very important issue because the average internet user has no idea what cookies are, even less how to reject or delete them.
The "average internet user" uses the Internet Explorer, and in its collection of security holes loosely tied together with security platitudes from technically clueless marketroids, cookies are the smallest and most trivial security issue: you might say cookies are the most secure feature of the IE. But, of course, the "AIE" doesn't care about security. So for him cookies are not a problem.
But if the "average internet user" ever decides to be concerned about security issues, cookies will still remain just as totally trivial an issue as they are now, because anyone who goes to the "privacy and security" area of any real browser will be able to figure out in mere minutes all they need to know to clear them out.
Anyone that cares, can control them trivially. For anyone who doesn't care, by definition, they are even less important than "absolutely trivial".
Where on earth could you find an issue more obviously and totally trivial than that?
| 5:36 pm on Jul 17, 2004 (gmt 0)|
Google started using a cookie that expires in 2038 no later than year 2000. That was when I first noticed it. Maybe it was in there by the end of 1999 -- I don' t know. Their first toolbar (which reads the cookie and sets one if you don't have one) came out in December 2000.
Cookies were a big issue in 1999 and 2000. In 1999 privacy advocates lobbied against the DoubleClick / Abacus merger on the grounds that Doubleclick planned to match their vast cookie database with personally-identifiable information from Abacus. DoubleClick backed down.
In June, 2000 the White House issued an order prohibiting all federal agencies from using persistent cookies. It's still in effect.
Google waltzed into this environment by setting a cookie with a unique ID that expires in 2038. No one said anything (except me) because Google is so "cool." Google was the first major domain to use a maximum cookie. I say this because I was looking at a lot of cookies from major websites in 2000, and Google's was the first I had seen that expired in 2038. Most expired in 10 years. In 2000 I even helped pressure the New York Times into improving their cookie with better encryption. They were using a simple transposition cipher to place your password in their cookie, which took about 30 minutes to figure out. Most versions of Explorer leaked cookies across domains at that time, if you knew how to do one of several simple exploits.
In July 2000, Microsoft announced that it was developing a set of cookie management features for Explorer. Netscape and Opera were already able to block third-party cookies. Note that the initial movement here was in response to third-party cookies because DoubleClick, which was the biggest offender, was in the news at the time. I believe that Explorer 5.5 was the first to have some management features, including designating sites as "restricted," which prevented cookies from that site. In Explorer 6.0 the cookie management was refined, so that you can specifically block cookies from specific domains, and it's easier than designating a site as "restricted." You still have to click pretty deep to find it, but it's much better than version 5.5. You have to click pretty deep to do anything on Explorer. Try this in version 6.0: Tools - Internet Options - Privacy - Edit (at bottom of box).
Basically, it was the fact that Microsoft got on board that made cookie management a reality in most browsers by 2004. And Microsoft got on board because privacy advocates made it an issue in 1999-2000.
Many, many webmasters were saying that cookies were trivial in 1999 and 2000 -- I remember this very clearly from the forums in 2000. I'm glad the trivializers did not prevail back then, or we wouldn't have had any cookie control today.
And Google did nothing, nothing, nothing on this issue the entire time. Advanced and aware users have some control over Google's cookie by now, but Google deserves absolutely zero credit for this. In fact, Google's approach is really offensive. If you don't accept Google's cookies and try to set preferences, they tell you that "Your cookies seem to be disabled. Setting preferences will not work until you enable cookies in your browser."
The fact of the matter is that you can set all your preferences in a bookmark for the Google home page, if you know how. But Google won't tell you how. The other fact is that even if cookies were needed to set preferences, you sure as heck wouldn't need a unique ID in the cookie to do this.
Who's the not-so-bad guy in this little story? A reluctant, lumbering, clumsy giant called Microsoft who finally put something into gear back in July 2000, or the limber "don't be evil" Google who did nothing except ignore, mislead, and obfuscate from then right up to this very minute?
| 6:11 pm on Jul 17, 2004 (gmt 0)|
Excellent post for those of us who weren't online back in the day, Scarecrow.
| 6:23 pm on Jul 17, 2004 (gmt 0)|
| 6:31 pm on Jul 17, 2004 (gmt 0)|
Ah, so now I know who to blame for all the problems I have with tracking usage on my website!
| 7:13 pm on Jul 17, 2004 (gmt 0)|
Bingo. They all mean squat. The only thing that impresses Google, Microsoft, Alexa, Amazon, Yahoo and all the others is the long arm of regulation.
Even public opinion doesn't matter; these companies can weather bad press. Public opinion only matters if it encourages regulation.
There's also a question of whether governments - the U.S., Europe, Japan - even have enough clout to regulate Microsoft.
But at the moment Google is still responsive to regulation. They show every indication that they will comply with California laws, actual and proposed. On a federal level, they have twice revised their S-1 statement - most likely in response to SEC comments. (Hard to say, since the SEC keeps their comments private. In the future, the SEC will make them public, but that's too far into the future to affect the current S-1 situation with Google.)
Also on a federal level, Google's AdWords policies were changed slightly in response to federal pressure on gambling and rogue pharmacy ads. Too little, too late on the pharmacy issue, but there were some changes made by Google, and tougher federal laws about this may be coming soon.
In it becomes law, California's SB 1822 will set an important precedent for Google, Yahoo, Ask Jeeves, and any other corporation located in California, with respect to practices regarding the handling of email, and the retention of deleted email. It will probably influence legislation in other jurisdictions as well. It deserves your support.
| 10:30 pm on Jul 17, 2004 (gmt 0)|
| 11:14 pm on Jul 17, 2004 (gmt 0)|
|We may share such information in any of the following limited circumstances: (...) |
access, preservation or disclosure of such information is reasonably necessary
>> Note the wording carefully, especially the word "or."
Dunno... i especially noted the word preservation.
It sort of slips out of context like, say a piece about oranges that also must mention "tuna fish" for some reason.
The words "share" (1st line) and "preservation" doesn't even refer to the same kind of concepts on an abstract level. Otoh, "access" and "disclosure" are quite similar to "share".