Google reportedly fined $22.5M for bypassing Safari privacy settings
The U.S. Federal Trade Commission will order Google to pay a $22.5 million civil penalty for sidestepping security settings in Apple's Safari web browser, bringing an end to a nearly six month long investigation.
According to Reuters sources, members of the FTC voted to approve a consent decree, allowing the internet search giant to settle the investigation without admitting liability. The claims are in-line with an early July report that said Google's settlement would be the largest in FTC history.
The FTC probe was initiated after a February Wall Street Journal investigation alleged Google and other ad networks bypassed Safari's security protocols. In order to override the browser's privacy settings the companies implemented code which misrepresented their ads as user form submissions, a method that proved to be an effective workaround against Safari's third-party cookie-blocking measures.
A subsequent report in May said government talks with Google could result in "tens of millions of dollars" in fines.
In a comment to AppleInsider, Google said:
The FTC declined to comment on the matter and Google offered only a brief explanation, saying the government investigation was in regard to an out-of-date 2009 help center web page which didn't reflect changes made to Apple's cookie-handling policy.
"We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple's browsers," a Google spokeswoman said.
According to Reuters sources, members of the FTC voted to approve a consent decree, allowing the internet search giant to settle the investigation without admitting liability. The claims are in-line with an early July report that said Google's settlement would be the largest in FTC history.
The FTC probe was initiated after a February Wall Street Journal investigation alleged Google and other ad networks bypassed Safari's security protocols. In order to override the browser's privacy settings the companies implemented code which misrepresented their ads as user form submissions, a method that proved to be an effective workaround against Safari's third-party cookie-blocking measures.
A subsequent report in May said government talks with Google could result in "tens of millions of dollars" in fines.
In a comment to AppleInsider, Google said:
Other ad networks that purportedly used the workaround include Vibrant Media, Media Innovation Group and Gannett PointRoll, though government action against the companies has yet to surface.
The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It?s important to stress that these advertising cookies do not collect personal information.
Unlike other major browsers, Apple?s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as ?Like? buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content--such as the ability to ?+1? things that interest them.
To enable these features, we created a temporary communication link between Safari browsers and Google?s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user?s Safari browser and Google?s servers was anonymous--effectively creating a barrier between their personal information and the web content they browse.
However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn?t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It?s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.
The FTC declined to comment on the matter and Google offered only a brief explanation, saying the government investigation was in regard to an out-of-date 2009 help center web page which didn't reflect changes made to Apple's cookie-handling policy.
"We have now changed that page and taken steps to remove the ad cookies, which collected no personal information, from Apple's browsers," a Google spokeswoman said.
Comments
Shame that money doesn't go to Apple.
That's a few hours of profit for Apple. While I don't agree with the decision the UK judge made toward Apple I do like the punishment. Having companies pay a fine that is a few million dollars will not discourage this behavior in the future.
So I wonder how many dollars that represents for each Safari user affected by this?
Obviously expressly stealing people's private data against their wishes mustn't hold much value.
Quote:
Originally Posted by hill60
So I wonder how many dollars that represents for each Safari user affected by this?
Obviously expressly stealing people's private data against their wishes mustn't hold much value.
Can you prove which data was stolen from you? How much harm was done you specifically?
Quote:
Originally Posted by SpamSandwich
Shame that money doesn't go to Apple.
Quote:
Originally Posted by hill60
So I wonder how many dollars that represents for each Safari user affected by this?
Obviously expressly stealing people's private data against their wishes mustn't hold much value.
Shouldn't the money go to the Safari users whose rights were infringed upon instead of either Apple or the FTC?
$22.5 million per user should just about cover it...
Quote:
Originally Posted by lotones
Shouldn't the money go to the Safari users whose rights were infringed upon instead of either Apple or the FTC?
$22.5 million per user should just about cover it...
It's a free browser. Your rights haven't been infringed in the slightest.
Still, at least its negative publicity, which is a positive thing. Or more precise, it should make people aware of privacy issues while surfing. Before surfing, actually.
What a stupid argument.
Quote:
Originally Posted by SpamSandwich
It's a free browser. Your rights haven't been infringed in the slightest.
What's the price of the browser have to do with anything? I can prove that I used Safari within the time specified. I can prove that I used Google within the time specified. If Google was infringing upon my rights within that time, that should be easy to prove according to court documents, or otherwise the FTC wouldn't have a case.
But hey, I'm a reasonable person. I'm willing to take my share in installments…
Given that though, doesn't that say something about their views on spying on people?
We've never heard anything like that before...
Eric S's and other Google bigwig's opinions on the matter are known.
I sign out of GMail as soon as I'm done using it. Facebook too. Am I paranoid?
Quote:
Originally Posted by lotones
What's the price of the browser have to do with anything? I can prove that I used Safari within the time specified. I can prove that I used Google within the time specified. If Google was infringing upon my rights within that time, that should be easy to prove according to court documents, or otherwise the FTC wouldn't have a case.
But hey, I'm a reasonable person. I'm willing to take my share in installments…
Can you prove which data was stolen from you? How much harm was done you specifically?
Quote:
Originally Posted by jragosta
What a stupid argument.
It was in response to a far more stupid claim that everyone who used the browser was owed money. Re-read for clarification.
Quote:
Originally Posted by Just_Me
Can you prove which data was stolen from you? How much harm was done you specifically?
If he looked in his cache and searched for all of the doubleclick cookies created at times when he didn't interact with an ad at all (likely all of them), then determined how many websites he visited in each browsing session after those cookies were created (using his history), then determined the market value of selling that browsing information to advertisers, it would give a rough estimate of how much Google profited off him without his consent.
Might as well have been a $12 fine.
Quote:
Originally Posted by Just_Me
Can you prove which data was stolen from you? How much harm was done you specifically?
Exactly. The government has issued a punishment for allegedly flouting the law, thus it claims harm and collects the fee. Seems pretty darn fishy to me.
A very good question that I asked myself at the time. I installed a Cookie Tracker/Blocker (Abine. com) and was shocked at the numbers (over 115,000 to date!). Like most people I get thousands of spam emails per month and even with a spam filter it takes me about 6 hours per month to sort through that junk. So that's 72 hours per year (or just under two weeks of work time).
So I now ask YOU - what is two weeks of your time worth each year? Oh and this number is only growing, so that time commitment is sure to increase.
This is a pathetically small fine for such an egregious act (remember that Google had agreed last fall NOT to do this, so this was a blatant act in violation of a federal order). The fine should have been much more and it be nice if the FTC directed those fines to the Electronic Frontier Foundation (a long time advocate for the protection of online rights).
I'm not at all surprised that Google got a hand slapped for this. As one of the largest aggregators of personal data they need to be reminded often. Of course just because Google stopped this months ago, others are still bypassing Safari settings last I had read. One of those was Facebook IIRC and I've not seen an article yet claiming they had stopped.
The miniscule amount that would go to each Safari user is like that which goes to each one in a class-action suit. Except the government is the lawyer and there is no primary plantiff. Either way you get nothing worth your time to file.
Quote:
Originally Posted by TimmyDax
In all fairness, this could have been a case of carelessness or negligence on Google's part, rather than cynical malicious profiteering intent.
Impossible! They had to write some vary specific Javascript code that would have had no other purpose or use other than to circumvent the Safari cookie settings.
Quote:
Originally Posted by SpamSandwich
It was in response to a far more stupid claim that everyone who used the browser was owed money. Re-read for clarification.
The browser was free from Apple. How does that give Google the right to hack my privacy settings?
Quote:
Originally Posted by TimmyDax
In all fairness, this could have been a case of carelessness or negligence on Google's part, rather than cynical malicious profiteering intent.
Given that though, doesn't that say something about their views on spying on people?
We've never heard anything like that before...
Eric S's and other Google bigwig's opinions on the matter are known.
I sign out of GMail as soon as I'm done using it. Facebook too. Am I paranoid?
While you're white knighting Google let's look at the scorecard here (a partial scorecard anyway): Google has been caught harvesting scads of personal information, including email, by driving by peoples houses to allegedly map the area. Then they get caught hacking people's privacy settings. How are these not DMCA violations? Then all the Feds do is give them multimillion dollar slaps on the wrist, which is ludicrous. If you don't talk in multibillion dollar fines these corporations will not even acknowledge the trouble.
But hey, four easy payments of $5.6 million and I'm willing to let it slide too...