Google reportedly fined $22.5M for bypassing Safari privacy settings

Posted:
in General Discussion edited January 2014
The U.S. Federal Trade Commission will order Google to pay a $22.5 million civil penalty for sidestepping security settings in Apple's Safari web browser, bringing an end to a nearly six month long investigation.

According to Reuters sources, members of the FTC voted to approve a consent decree, allowing the internet search giant to settle the investigation without admitting liability. The claims are in-line with an early July report that said Google's settlement would be the largest in FTC history.

The FTC probe was initiated after a February Wall Street Journal investigation alleged Google and other ad networks bypassed Safari's security protocols. In order to override the browser's privacy settings the companies implemented code which misrepresented their ads as user form submissions, a method that proved to be an effective workaround against Safari's third-party cookie-blocking measures.

A subsequent report in May said government talks with Google could result in "tens of millions of dollars" in fines.



In a comment to AppleInsider, Google said:

The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It?s important to stress that these advertising cookies do not collect personal information.

Unlike other major browsers, Apple?s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as ?Like? buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to ?+1? things that interest them.

To enable these features, we created a temporary communication link between Safari browsers and Google?s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user?s Safari browser and Google?s servers was anonymous--effectively creating a barrier between their personal information and the web content they browse.

However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn?t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It?s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.
Other ad networks that purportedly used the workaround include Vibrant Media, Media Innovation Group and Gannett PointRoll, though government action against the companies has yet to surface.

The FTC declined to comment on the matter and Google offered only a brief explanation, saying the government investigation was in regard to an out-of-date 2009 help center web page which didn't reflect changes made to Apple's cookie-handling policy.

"We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple's browsers," a Google spokeswoman said.
«134

Comments

  • Reply 1 of 68
    SpamSandwichSpamSandwich Posts: 29,066member


    Shame that money doesn't go to Apple.

  • Reply 2 of 68
    solipsismxsolipsismx Posts: 19,566member
    Shame that money doesn't go to Apple.

    That's a few hours of profit for Apple. While I don't agree with the decision the UK judge made toward Apple I do like the punishment. Having companies pay a fine that is a few million dollars will not discourage this behavior in the future.
  • Reply 3 of 68
    hill60hill60 Posts: 6,989member


    So I wonder how many dollars that represents for each Safari user affected by this?


     


    Obviously expressly stealing people's private data against their wishes mustn't hold much value.

  • Reply 4 of 68
    just_mejust_me Posts: 591member

    Quote:

    Originally Posted by hill60 View Post


    So I wonder how many dollars that represents for each Safari user affected by this?


     


    Obviously expressly stealing people's private data against their wishes mustn't hold much value.



    Can you prove which data was stolen from you?  How much harm was done you specifically?

  • Reply 5 of 68
    lotoneslotones Posts: 20member

    Quote:

    Originally Posted by SpamSandwich View Post


    Shame that money doesn't go to Apple.



     


    Quote:

    Originally Posted by hill60 View Post


    So I wonder how many dollars that represents for each Safari user affected by this?


     


    Obviously expressly stealing people's private data against their wishes mustn't hold much value.



     


    Shouldn't the money go to the Safari users whose rights were infringed upon instead of either Apple or the FTC?


     


    $22.5 million per user should just about cover it...

  • Reply 6 of 68
    SpamSandwichSpamSandwich Posts: 29,066member

    Quote:

    Originally Posted by lotones View Post


     


     


    Shouldn't the money go to the Safari users whose rights were infringed upon instead of either Apple or the FTC?


     


    $22.5 million per user should just about cover it...



     


    It's a free browser. Your rights haven't been infringed in the slightest.

  • Reply 7 of 68
    philboogiephilboogie Posts: 7,387member
    solipsismx wrote: »
    That's a few hours of profit for Apple. While I don't agree with the decision the UK judge made toward Apple I do like the punishment. Having companies pay a fine that is a few million dollars will not discourage this behavior in the future.

    Still, at least its negative publicity, which is a positive thing. Or more precise, it should make people aware of privacy issues while surfing. Before surfing, actually.
  • Reply 8 of 68
    jragostajragosta Posts: 10,473member
    It's a free browser. Your rights haven't been infringed in the slightest.

    What a stupid argument.
  • Reply 9 of 68
    lotoneslotones Posts: 20member

    Quote:

    Originally Posted by SpamSandwich View Post


     


    It's a free browser. Your rights haven't been infringed in the slightest.



     


    What's the price of the browser have to do with anything? I can prove that I used Safari within the time specified. I can prove that I used Google within the time specified. If Google was infringing upon my rights within that time, that should be easy to prove according to court documents, or otherwise the FTC wouldn't have a case.


     


    But hey, I'm a reasonable person. I'm willing to take my share in installments…

  • Reply 10 of 68
    timmydaxtimmydax Posts: 284member
    In all fairness, this could have been a case of carelessness or negligence on Google's part, rather than cynical malicious profiteering intent.

    Given that though, doesn't that say something about their views on spying on people?

    We've never heard anything like that before...

    Eric S's and other Google bigwig's opinions on the matter are known.

    I sign out of GMail as soon as I'm done using it. Facebook too. Am I paranoid?
  • Reply 11 of 68
    just_mejust_me Posts: 591member

    Quote:

    Originally Posted by lotones View Post


     


    What's the price of the browser have to do with anything? I can prove that I used Safari within the time specified. I can prove that I used Google within the time specified. If Google was infringing upon my rights within that time, that should be easy to prove according to court documents, or otherwise the FTC wouldn't have a case.


     


    But hey, I'm a reasonable person. I'm willing to take my share in installments…



    Can you prove which data was stolen from you?  How much harm was done you specifically?

  • Reply 12 of 68
    SpamSandwichSpamSandwich Posts: 29,066member

    Quote:

    Originally Posted by jragosta View Post





    What a stupid argument.


     


    It was in response to a far more stupid claim that everyone who used the browser was owed money. Re-read for clarification.

  • Reply 13 of 68
    auxioauxio Posts: 1,823member

    Quote:

    Originally Posted by Just_Me View Post


    Can you prove which data was stolen from you?  How much harm was done you specifically?



     


    If he looked in his cache and searched for all of the doubleclick cookies created at times when he didn't interact with an ad at all (likely all of them), then determined how many websites he visited in each browsing session after those cookies were created (using his history), then determined the market value of selling that browsing information to advertisers, it would give a rough estimate of how much Google profited off him without his consent.

  • Reply 14 of 68
    alexmitalexmit Posts: 111member


    Might as well have been a $12 fine.

  • Reply 15 of 68
    SpamSandwichSpamSandwich Posts: 29,066member

    Quote:

    Originally Posted by Just_Me View Post


    Can you prove which data was stolen from you?  How much harm was done you specifically?



     


    Exactly. The government has issued a punishment for allegedly flouting the law, thus it claims harm and collects the fee. Seems pretty darn fishy to me.

  • Reply 16 of 68
    emoelleremoeller Posts: 340member


    A very good question that I asked myself at the time.   I installed a Cookie Tracker/Blocker (Abine. com) and was shocked at the numbers (over 115,000 to date!).   Like most people I get thousands of spam emails per month and even with a spam filter it takes me about 6 hours per month to sort through that junk.  So that's 72 hours per year (or just under two weeks of work time).  


     


    So I now ask YOU - what is two weeks of your time worth each year?  Oh and this number is only growing, so that time commitment is sure to increase.


     


    This is a pathetically small fine for such an egregious act (remember that Google had agreed last fall NOT to do this, so this was a blatant act in violation of a federal order).  The fine should have been much more and it be nice if the FTC directed those fines to the Electronic Frontier Foundation (a long time advocate for the protection of online rights).

  • Reply 17 of 68
    gatorguygatorguy Posts: 18,461member


    I'm not at all surprised that Google got a hand slapped for this. As one of the largest aggregators of personal data they need to be reminded often. Of course just because Google stopped this months ago, others are still bypassing Safari settings last I had read. One of those was Facebook IIRC and I've not seen an article yet claiming they had stopped.

  • Reply 18 of 68
    davezdavez Posts: 1member


    The miniscule amount that would go to each Safari user is like that which goes to each one in a class-action suit. Except the government is the lawyer and there is no primary plantiff. Either way you get nothing worth your time to file.

  • Reply 19 of 68
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by TimmyDax View Post



    In all fairness, this could have been a case of carelessness or negligence on Google's part, rather than cynical malicious profiteering intent.


    Impossible! They had to write some vary specific Javascript code that would have had no other purpose or use other than to circumvent the Safari cookie settings.

  • Reply 20 of 68
    lotoneslotones Posts: 20member

    Quote:

    Originally Posted by SpamSandwich View Post


     


    It was in response to a far more stupid claim that everyone who used the browser was owed money. Re-read for clarification.


     




     


    The browser was free from Apple. How does that give Google the right to hack my privacy settings?


     


    Quote:


    Originally Posted by TimmyDax View Post



    In all fairness, this could have been a case of carelessness or negligence on Google's part, rather than cynical malicious profiteering intent.

    Given that though, doesn't that say something about their views on spying on people?

    We've never heard anything like that before...

    Eric S's and other Google bigwig's opinions on the matter are known.

    I sign out of GMail as soon as I'm done using it. Facebook too. Am I paranoid?


     


    While you're white knighting Google let's look at the scorecard here (a partial scorecard anyway): Google has been caught harvesting scads of personal information, including email, by driving by peoples houses to allegedly map the area. Then they get caught hacking people's privacy settings. How are these not DMCA violations? Then all the Feds do is give them multimillion dollar slaps on the wrist, which is ludicrous. If you don't talk in multibillion dollar fines these corporations will not even acknowledge the trouble.


     


    But hey, four easy payments of $5.6 million and I'm willing to let it slide too...

Sign In or Register to comment.