or Connect
AppleInsider › Forums › General › General Discussion › Google agrees to pay largest fine in FTC history for bypassing Safari privacy settings [u]
New Posts  All Forums:Forum Nav:

Google agrees to pay largest fine in FTC history for bypassing Safari privacy settings [u]

post #1 of 90
Thread Starter 
Google on Thursday agreed to pay a record $22.5 million fine for ignoring security settings designed to prevent advertisers from tracking users with cookies in Apple's Safari web browser, bringing an end to a six month investigation aimed at better protecting consumers' privacy rights online.

FTC members conflicted over settlement

The penalty imposed by the United States Federal Trade Commission is the largest the agency has ever issued and the first for violations of its Internet privacy order.

Despite the record setting fine, FTC members issued a statement (PDF) noting that the fine posed no serious threat to the company, and that Google agreed to pay the fine only if it could "denial of the substantive allegations in the Commission?s civil penalty complaint."

Commissioner J. Thomas Rosch voted against the order, arguing that the FTC's settlement with Google was not in the public interest, primarily because it allowed Google to deny the allegations raised by the FTC.

The FTC wasn't just responding to Google's bypassing of Safari settings. Instead, the settlement involved the larger issue of an agreement the FTC made with Google last year addressing the privacy of users. Google's willful bypassing of Safari's settings violated that earlier consent order, the commission determined.

Allowing Google to deny liability while still paying a fine divided the Commission members 4 to 1 against Rosch. "We strongly disagree with Commissioner Rosch?s view that if the Commission allows a defendant to deny the complaint?s substantive allegations, the settlement is not in the public interest," other members wrote.

"Here, as in all cases, a defendant?s denial of liability in a settlement agreement has no bearing on the Commission?s determination as to whether it has reason to believe the defendant has violated the law or that a proposed settlement will afford appropriate relief for the Commission?s charges."

Google's lying to users deemed more serious than feeding them ads they didn't want

Commission members noted that the heart of the charges were aimed, not at Google's continuing to collect identifying data through cookies, but primarily at Google's false instructions to Safari users telling them that they didn't need to opt out because, Google had lied, Apple's default Safari settings were being respected by the company and that no further action on users' part was necessary.

Commissioners who voted for the deal wrote that "the historic $22.5 million fine is an appropriate remedy for our charge that Google violated a Commission order by misrepresenting to Safari browser users how to avoid targeted advertising by Google."

"In our view," they added, "the most important question is whether Google will abide by the underlying FTC consent order going forward."

There's more where that came from

"We firmly believe that the Commission?s swift imposition of a $22.5 million fine helps to promote such future compliance," the group stated in response to Rosch's opposition to the settlement. "With a company of Google?s size, almost any penalty can be dismissed as insufficient.

"But it is hardly inconsequential to impose a $22.5 million civil penalty when the accompanying complaint does not allege that the conduct at issue yielded significant revenue or endured for a significant period of time.

"This settlement is intended to provide a strong message to Google and other companies under order that their actions will be under close scrutiny and that the Commission will respond to violations quickly and vigorously."

Google remains under its consent order, and the FTC has left the door open to additional fines if the search giant continues to violate its agreement with the government not to bypass the rights of users and lie to them about what they are doing or provide false instructions about how to opt out of Google's data collections.

Busted by Old Media

Google's investigation by the FTC, initiated in February, followed a Wall Street Journal investigation that alleged Google and other ad networks had bypassed Safari's security protocols, violating its October 2011 privacy settlement with the FTC.

Specifically, the FTC charged that for several months in 2011 and 2012, Google placed a certain advertising tracking cookie on the computers of Safari users who visited sites within Google?s DoubleClick advertising network. It did so, the agency asserted, despite previous promises to Safari users that they would automatically be opted out of such tracking as a result of the default settings in Safari on Macs, iPhones and iPads.?

"The record setting penalty in this matter sends a clear message to all companies under an FTC privacy order," said FTC Chairman Jon Leibowitz.?"No matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place."

Google denied wrongdoing early and often

For its part, Google in a statement to AppleInsider previously denied the claims waged by the Journal, alleging the paper "mischaracterizes what happened and why." The company issued a statement saying:

We used known Safari functionality to provide features that signed-in Google users had enabled. It?s important to stress that these advertising cookies do not collect personal information.

Unlike other major browsers, Apple?s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as ?Like? buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to ?+1? things that interest them.

To enable these features, we created a temporary communication link between Safari browsers and Google?s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user?s Safari browser and Google?s servers was anonymous--effectively creating a barrier between their personal information and the web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn?t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It?s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.



Google floats above the law, pays millions only when caught

Google's FTC fine pales in comparison to the $500 million forfeiture settlement it paid the US government after allowing a Canadian pharmacy to illegally advertise drugs in the United States, supporting the illegal import of prescription drugs and controlled substances into the country.

That forfeiture, to avoid further litigation with the government, was also described as the largest ever of its kind. Google's criminal activity was only discovered after David Whitaker, the target of a multimillion dollar financial fraud scheme, was apprehended and confessed to federal investigators that he had been advertising illegal drugs using Google's AdWords program.

Whitaker demonstrated to investigators how he had set up a number of websites using Google's AdWords to advertise illegal drugs. Further investigation revealed that Google knew about the fraudulent advertising as early as 2003, but failed to stop the online pharmacies because it was making money on them.

The Canadian pharmacies Google assisted were not just skirting inconvenient laws to provide Americans with cheaper drugs. Instead, investigators noted that "Google was also on notice that many pharmacies accepting an online consultation rather than a prescription charged a premium for doing so because individuals seeking to obtain prescription drugs without a valid prescription were willing to pay higher prices for the drugs."

Government investigators specifically noted that Google had acknowledged ?that it improperly assisted Canadian online pharmacy advertisers," not only allowing them to place illegal AdWords advertisements, but that also "from 2003 through 2009, Google provided customer support to some of these Canadian online pharmacy advertisers to assist them in placing and optimizing their AdWords advertisements and in improving the effectiveness of their websites."
post #2 of 90
They took a risk, they got caught, they have a slap on the wrist fine. It doesn't matter if this is the FTC largest's fine it's still not enough to keep large companies like Google from taking these risks again.

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply
post #3 of 90
What a joke. Article titles acts like it was a big fine.
That is pocket change.
Not going to stop Google from doing it again.
post #4 of 90
"Do no evil." - Google
post #5 of 90

Exactly. $22M is a pocket change for google. This is not going to stop them or anybody else from doing the same thing again.

post #6 of 90

how soon until all your "private" google services (+, mail, etc.) be accidentally made available to the general public.

post #7 of 90

Google stock holders must feel the pain. The price didn't go up a lot today!

lol.gif

post #8 of 90
Quote:
Originally Posted by Patranus View Post

What a joke. Article titles acts like it was a big fine.
That is pocket change.
Not going to stop Google from doing it again.

 

This.

Of course they agreed. Drop in the bucket. I guess we know what our privacy is worth these days...

I'm not a pessimist. I'm an optimist, with experience.
Reply
I'm not a pessimist. I'm an optimist, with experience.
Reply
post #9 of 90

Google's lawyers cost more than that fine. You have to laugh to stop from crying sometimes. The RIAA and movie studios can legally sue you hundreds of thousands of dollars per infringement for sharing songs and movies. Yet when a corporation steals information from any number of systems, it's charged some arbitrary lump sum.

 

Imagine if Google had to pay hundreds of thousands per infringement of data collected from each WIFI network. Justice.

When a company stops chasing profit and start chasing the betterment of their products, services, workforce, and customers, that will be the most valuable company in the world.
Reply
When a company stops chasing profit and start chasing the betterment of their products, services, workforce, and customers, that will be the most valuable company in the world.
Reply
post #10 of 90

"many times what it would have cost to comply in the first place"

 

:D 

 

So, all the money Google made (still makes?) off tracking people without their permission adds up to only a small fraction of this amount? We may never know, but I doubt it. Why would they bother “being evil” if that were true?

post #11 of 90
Quote:
Originally Posted by Patranus View Post

What a joke. Article titles acts like it was a big fine.
That is pocket change.
Not going to stop Google from doing it again.

All corporate fines should be based on a percentage of gross revenue.  No fine would be less than 5%.  

That would get their attention.

post #12 of 90
Where's my check?
post #13 of 90
Originally Posted by lkrupp View Post
"Do no evil." - Google

 

Gotta correct that to "Don't be evil", because a member of the Anti-Apple Brigade will surely come along and explain how even those these actions are evil, Google's allowed to do it by some obscure loophole in the difference between "do no evil" and "don't be evil".

 

🙈🙉🙊

Originally Posted by silverpraxis View Post
Imagine if Google had to pay hundreds of thousands per infringement of data collected from each WIFI network. Justice.

 

I think $100 per infringement would have been something I accepted. This $22.5 million is completely and utterly meaningless.

post #14 of 90

I'll pay $22 million for all your privacy.  That is a SUPER deal.
 

post #15 of 90

That's not even a slap on the wrist.  It's more like the FTC blew Google a kiss to the wrist.

Mac user since August 1983.
Reply
Mac user since August 1983.
Reply
post #16 of 90
Quote:
Originally Posted by AppleInsider View Post

Google on Thursday agreed to pay a record $22.5 million fine for illegally sidestepping security settings in Apple's Safari web browser, bringing an end to a six month investigation aimed at better protecting consumers' privacy rights online.
[...]
The settlement with Google comes amid pressure on the FTC to step up its enforcement of consumers privacy rights online.
Developing...

 

$22.5 million is now the current record.  But, as we all know, records are meant to be broken.

I wonder how big Google's next privacy rights-related fine will be...

Sent from my iPhone Simulator

Reply

Sent from my iPhone Simulator

Reply
post #17 of 90
Quote:
Originally Posted by KA47 View Post

Exactly. $22M is a pocket change for google. This is not going to stop them or anybody else from doing the same thing again.

True... but what did Google gain from this? Or what would they have gained if it had gone unnoticed?

My point is... $22 million may be pocket change to Google. But unless they would have made $22 million from these kinds of stunts... why bother?
post #18 of 90

Do consumers get anything for Google's privacy breach?

post #19 of 90
Quote:
Originally Posted by Michael Scrip View Post


True... but what did Google gain from this? Or what would they have gained if it had gone unnoticed?
My point is... $22 million may be pocket change to Google. But unless they would have made $22 million from these kinds of stunts... why bother?

 

You're almost there.  No one here is going to understand this, but it wasn't an intentional undermining on Google's part.  They made a mistake that was turned into an exploit by 3rd parties and for that error $22M is the penalty.

post #20 of 90
Quote:
Originally Posted by Neo42 View Post

You're almost there.  No one here is going to understand this, but it wasn't an intentional undermining on Google's part.  They made a mistake that was turned into an exploit by 3rd parties and for that error $22M is the penalty.

Ah... I see.
post #21 of 90

They want info on us whether we are comfortable giving it to them or not. Why else deliberately side-step my privacy settings?

 

This is why Google offers "free services". They want their greasy fingers in every area of your life. The advertisers are their real customers, not us. Google see you and I as nothing more than food for their real customers.

 

I just bought the RRS app "Reeder" for Mac OS and iOS. It's a great app, but you are "required" to sign in with Google. What is that all about? I don't care about logging in on a web browser to check my RRS feeds. I don't need it and I don't want it. There is NO reason for signing into Google to be mandatory, except that Google wants to know what's in my RRS feed. 

post #22 of 90

"We bypassed your privacy settings to help you, Joe Consumer, have a better internet experience. All for you. We promise."
 

post #23 of 90
Originally Posted by BostonBri View Post
Do consumers get anything for Google's privacy breach?

 

Continued breaches since they really have no incentive to stop.

post #24 of 90
Quote:
Originally Posted by silverpraxis View Post

...  Imagine if Google had to pay hundreds of thousands per infringement of data collected from each WIFI network. Justice.

 

This is a totally separate thing from the European Wi-Fi debacle.  

post #25 of 90

Obviously too low of a fine, our pathetic government continues

post #26 of 90
Quote:
Originally Posted by Neo42 View Post

 

You're almost there.  No one here is going to understand this, but it wasn't an intentional undermining on Google's part.  They made a mistake that was turned into an exploit by 3rd parties and for that error $22M is the penalty.

 

What nonsense. Not only is your description completely false, bearing no relation to reality, but Google's actions were certainly intentional, and not at all "inadvertent". Not only that, but Google's statement is nothing but self-serving double speak -- i.e., a lie.

post #27 of 90
Quote:
Originally Posted by Bilbo63 View Post

They want info on us whether we are comfortable giving it to them or not. Why else deliberately side-step my privacy settings?

 

This is why Google offers "free services". They want their greasy fingers in every area of your life. The advertisers are their real customers, not us. Google see you and I as nothing more than food for their real customers.

 

I just bought the RRS app "Reeder" for Mac OS and iOS. It's a great app, but you are "required" to sign in with Google. What is that all about? I don't care about logging in on a web browser to check my RRS feeds. I don't need it and I don't want it. There is NO reason for signing into Google to be mandatory, except that Google wants to know what's in my RRS feed. 

 

On the same note, there is no reason at all to force you to sign in just to use the detailed options on search but they do that too.  

 

For instance, you can search for images and you can click various options on and off, but they aren't saved unless you sign in, so if you don't sign in you have to re-click to enable disable all the options. every. single. time.   As someone who uses image search a lot and doesn't sign in, this drives me absolutely batty!

 

It's also very underhanded the way they try to get you to link your phone and your personal info every single time you try to use Gmail (if you haven't already relented).  Before you can use your mail they present you with a screen with all kinds of scary talk about how your information could be in danger if you don't "authenticate" yourself (give them all your personal info like phone number etc.).  There is a dialogue so you can say no, but the button to say yes is large, in your face, and positioned right under your cursor, whereas the "opt out" button is a teeny, teeny, tiny text link on the bottom that it's easy to miss.  Most people would just reflexively click the big blue button that links their phone to the account.  

 

Also interesting is that with Mountain Lion you can see that Google has their fingers in your contacts application even if you have never signed in at all.  Chrome now requests access to your contacts.  For what?  I've never used Chrome as anything other than my second string browser for Flash related content, but apparently it's been accessing my contacts in the background all this time.  Bastards.  

post #28 of 90
Quote:
Originally Posted by Gazoobee View Post

 

On the same note, there is no reason at all to force you to sign in just to use the detailed options on search but they do that too.  

 

For instance, you can search for images and you can click various options on and off, but they aren't saved unless you sign in, so if you don't sign in you have to re-click to enable disable all the options. every. single. time.   As someone who uses image search a lot and doesn't sign in, this drives me absolutely batty!

 

It's also very underhanded the way they try to get you to link your phone and your personal info every single time you try to use Gmail (if you haven't already relented).  Before you can use your mail they present you with a screen with all kinds of scary talk about how your information could be in danger if you don't "authenticate" yourself (give them all your personal info like phone number etc.).  There is a dialogue so you can say no, but the button to say yes is large, in your face, and positioned right under your cursor, whereas the "opt out" button is a teeny, teeny, tiny text link on the bottom that it's easy to miss.  Most people would just reflexively click the big blue button that links their phone to the account.  

 

Also interesting is that with Mountain Lion you can see that Google has their fingers in your contacts application even if you have never signed in at all.  Chrome now requests access to your contacts.  For what?  I've never used Chrome as anything other than my second string browser for Flash related content, but apparently it's been accessing my contacts in the background all this time.  Bastards.  

I have Little Snitch installed on my iMac at home. Guess who routinely keeps trying to call home? If you guessed Google, you get a gold star. Every day when I get home from work, there is at least a couple of alerts that Google is trying to phone home. No browser windows were open and I think that the only full-blown Google app that I have installed (but not running) is Google Earth and I might just dump that one too. Little Snitch is a wonderful app for monitoring what apps are trying to call home and lets you set your own rules, so you are in control.  (Reeder is not yet installed on this computer)

post #29 of 90
Quote:
Originally Posted by Gazoobee View Post

 

Also interesting is that with Mountain Lion you can see that Google has their fingers in your contacts application even if you have never signed in at all.  Chrome now requests access to your contacts.  For what?  I've never used Chrome as anything other than my second string browser for Flash related content, but apparently it's been accessing my contacts in the background all this time.  Bastards.  

 

How do you do that?  I'm running ML but am not sure how this works.

 

Thanks,

John
Reply
John
Reply
post #30 of 90
Full disclosure: AppleInsider uses Google ads and is bypassing your Internet privacy settings as a result.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #31 of 90
Quote:
Originally Posted by Gazoobee View Post

 

This is a totally separate thing from the European Wi-Fi debacle.  

 

Sorry, I worded my original post very poorly. A fine per violation of privacy settings in Safari on each home/business network. There are millions of Safari users, and assuming they are all on individual personal networks, that could be at least hundreds of millions of dollars in fines.

 

Using arbitrary numbers: $100 fine per violation + 1 million Safari users violated = $100 million. And I'm using extremely conservative estimates.

When a company stops chasing profit and start chasing the betterment of their products, services, workforce, and customers, that will be the most valuable company in the world.
Reply
When a company stops chasing profit and start chasing the betterment of their products, services, workforce, and customers, that will be the most valuable company in the world.
Reply
post #32 of 90
Quote:
Originally Posted by Gazoobee View Post

It's also very underhanded the way they try to get you to link your phone and your personal info every single time you try to use Gmail (if you haven't already relented).  Before you can use your mail they present you with a screen with all kinds of scary talk about how your information could be in danger if you don't "authenticate" yourself (give them all your personal info like phone number etc.).  There is a dialogue so you can say no, but the button to say yes is large, in your face, and positioned right under your cursor, whereas the "opt out" button is a teeny, teeny, tiny text link on the bottom that it's easy to miss.  Most people would just reflexively click the big blue button that links their phone to the account.  

 

I opened a YouTube account years ago, before Google purchased them, just so I could make an occasional comment. Then a while back I was presented with this risible canard - the chances of me losing or forgetting my settings are zero - so I have always sought out the very small font option to bypass this 'security' measure. It occurred  to me that your mobile phone is a tracking device - give Google your number and they will know where you are at all times. This is not a good thing. It's depressing how many people are sleepwalking into this dystopia of total information awareness.

Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
post #33 of 90
Quote:
Originally Posted by Tallest Skil View Post

 

Continued breaches since they really have no incentive to stop.

 

I only disagree because I think the "do not track" feature in browsers is changing the game.  Since a browser now (edit: or will soon) let you request greater privacy, what to do about  companies that disregard that request has become an issue.  California is already considering laws that would force companies to honor "do not track" or face fines.  Google and Facebook are arguing it would ruin them and the industry can self regulate.  If Google and/or Facebook keep showing disregard for privacy, they will loose that argument.  

 

So I believe this does far more damage than you may believe.  If Google continues to make mistakes (whether intentional or not) like this, some states will start to step in.  That's the last thing Google (or Facebook) wants...

post #34 of 90
Originally Posted by Suddenly Newton View Post
Full disclosure: AppleInsider uses Google ads and is bypassing your Internet privacy settings as a result.

 

700

 

lol, Little Snitch.

post #35 of 90
Quote:
Originally Posted by Suddenly Newton View Post

Full disclosure: AppleInsider uses Google ads and is bypassing your Internet privacy settings as a result.


Full disclosure: Adblocker, Ghostery and Better Privacy maintain my internet privacy settings.

Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
post #36 of 90

Folks get two programs Saft which allows you to block any and all advertising hitting your web browser. Second program is Little Snitch and block all things google. I do not block the actual google.com but all it derivative service this they use to track you like google analytics which the use to analysis your habbits on the web.

 

I surf the web and search without google having any feed back from my computer and I do not see their target advertising which is fine with me. The other program you can use is net shade which will mask you home IP from google knowing your locations, but that can bring up some prettying interesting search results.

post #37 of 90
Quote:
Originally Posted by allblue View Post


Full disclosure: Adblocker, Ghostery and Better Privacy maintain my internet privacy settings.

 

Full disclosure:  Take it from a programmer: the only way to guarantee online privacy...never get online.

post #38 of 90
Quote:
Originally Posted by BostonBri View Post

Do consumers get anything for Google's privacy breach?

Nope, not even an admission of guilt it seems.

Which is why I want to limit adding anything more to google of my life and removing as much as I can

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #39 of 90
Quote:
Originally Posted by rednival View Post

 

I only disagree because I think the "do not track" feature in browsers is changing the game.  Since a browser now (edit: or will soon) let you request greater privacy, what to do about  companies that disregard that request has become an issue.  California is already considering laws that would force companies to honor "do not track" or face fines.  Google and Facebook are arguing it would ruin them and the industry can self regulate.  If Google and/or Facebook keep showing disregard for privacy, they will loose that argument.  

 

So I believe this does far more damage than you may believe.  If Google continues to make mistakes (whether intentional or not) like this, some states will start to step in.  That's the last thing Google (or Facebook) wants...

California already proposed some rules changes, which is why Safari, Firefox, Explorer and Chrome all now offer Do Not Track settings. Here's how to set' em up:

https://www.eff.org/deeplinks/2012/06/how-turn-do-not-track-your-browser

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #40 of 90

Google's the most evil company. They've paid more privacy-related fines than any other tech company in the history.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Google agrees to pay largest fine in FTC history for bypassing Safari privacy settings [u]