Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK Apple Users Sue Google Over Safari Tracking

samzenpus posted about a year and a half ago | from the stop-tracking-me-bro dept.

Google 101

Dupple writes "After settling with the FTC, Google is under pressure again regarding user privacy. From the BBC: 'A group of Apple's Safari web browser users has launched a campaign against Google over privacy concerns. They claim that Google bypassed Safari's security settings to install cookies which tracked their movements on the internet. Between summer 2011 and spring 2012 they were assured by Google this was not the case, and believed Safari's settings to be secure. Judith Vidal-Hall, former editor of Index On Censorship magazine, is the first person in the UK to begin legal action. 'Google claims it does not collect personal data but doesn't say who decides what information is "personal,"' she said. 'Whether something is private or not should be up to the internet surfer, not Google. We are best placed to decide, not them.'"

cancel ×

101 comments

Sorry! There are no comments related to the filter you selected.

How is this news? (3, Interesting)

Anonymous Coward | about a year and a half ago | (#42717543)

Have you seen those small "Share" and "Like" buttons all over the web?

Thats right, Facebook, Google, and others, see every time a browser downloads those buttons and which URL it was loaded from. It the user happens to be logged on to their service, they also see the user's identity.

In otherwords, Facebook, Google can track almost every user and page load on the web!

Re:How is this news? (0, Funny)

Anonymous Coward | about a year and a half ago | (#42717647)

Nope, never seen them.

What default settings in NoScript, Ghostery, and Ad-Block+ would I need to change in order to participate in this Web 2.0 wonder?

Re:How is this news? (0)

Anonymous Coward | about a year and a half ago | (#42718089)

Obviously everyone is like you and those that don't are the exception. Otherwise your post is a cute attempt to try to feel better about yourself by one-upping someone you don't know and shouldn't really care about. That couldn't be the case though.

Re:How is this news? (0)

Anonymous Coward | about a year and a half ago | (#42719227)

Erm, you forgot Better Privacy :P

Re:How is this news? (3, Informative)

BasilBrush (643681) | about a year and a half ago | (#42717953)

The news is that in the EU it's illegal to track users with cookies without their consent. Google went out of their way to circumvent the security settings on Safari, such that they tracked users even when they's said no. And then on top of that Google lied about it, saying they weren't doing so.

It's illegal. There is no "it's already happening" defence.

Re:How is this news? (1)

Stewie241 (1035724) | about a year and a half ago | (#42718293)

So a website can override a browser's security settings? Nifty.

Re:How is this news? (1)

BasilBrush (643681) | about a year and a half ago | (#42718435)

The details were covered on Slashdot at the time, but here it is again: http://blogs.wsj.com/digits/2012/02/16/how-google-tracked-safari-users/ [wsj.com]

Re:How is this news? (0)

Anonymous Coward | about a year and a half ago | (#42720731)

At the time, many slashdotters went out of their way to justify why it was a good thing, and Google had every right to do this because without doing it, the poor people of the web wouldn't be able to participate in Google's AMAZING, LIFE CHANGING offerings!

Google knows best, after all. Why should they respect a user setting if it isn't good for Google's bottom line?

Re:How is this news? (2)

toutankh (1544253) | about a year and a half ago | (#42723673)

Because they can. The real problem here is that the browser cannot enforce its own security settings. The fact that Google is evil is beside the point. If I check a "don't track me" option in my browser then end up being tracked, my anger is directed toward the browser, not the tracker. Anything else doesn't make sense and is counter-productive.

Risky analogy: if my partner cheats on me, my anger should be directed toward my partner, not to anyone else (provided my partner cheated on me with someone who doesn't know me).

Re:How is this news? (1)

icebike (68054) | about a year and a half ago | (#42721783)

Have you seen those small "Share" and "Like" buttons all over the web?

Thats right, Facebook, Google, and others, see every time a browser downloads those buttons and which URL it was loaded from. It the user happens to be logged on to their service, they also see the user's identity.

In otherwords, Facebook, Google can track almost every user and page load on the web!

"Apple users: Only Apple can track us! Not Google [theregister.co.uk] " was the headline that The Register used to describe this story in their usually thinly veiled laughing up their sleeve sort of way.

Allegedly these clowns are suing for damages. Let them prove damages.

Really? (4, Insightful)

kullnd (760403) | about a year and a half ago | (#42717561)

Maybe Google should start charging us for their services that we get for free... They have to make their money from something, if you don't like it don't use it. Also, anyone who honestly believes that a toggle in their browser is going to prevent them from being tracked on the open internet needs an education on how things really work in the real digital world.

Re:Really? (5, Insightful)

Dexter Herbivore (1322345) | about a year and a half ago | (#42717675)

Also, anyone who honestly believes that a toggle in their browser is going to prevent them from being tracked on the open internet needs an education on how things really work in the real digital world.

When the law says that the user shouldn't be tracked, then the user shouldn't be tracked. In an ideal world, Google shouldn't be going out of the way to circumvent those laws.

Re:Really? (4, Insightful)

Anonymous Coward | about a year and a half ago | (#42717857)

However, the law says that you must inform users they are being tracked.

Which is the case here.

It's an astroturf movement. Apple getting at Google for Android.

It was a similar faked outrage when *33* people complained about Attenborough's bit on a polar bear giving birth which was done in a zoo for the safety of the cameramen and the polar bears and described on the BBC web site for the program. But, because it dared say that AGW was a problem, the daily hate mail insisted this was AN OUTRAGE.

Manufactured.

PS to use the BBC website, you are required to accept cookies or the site won't work. Mostly for technical reasons, but you still have to allow cookies.

They DO tell you "We use cookies" and that is all the law required.

It was a pretty useless law.

Re:Really? (1)

TapeCutter (624760) | about a year and a half ago | (#42720761)

Yeah the Daily Fail tried to discredit Attenborough but all they did was drag their own reputation deeper down the gutter. Why? - Because Attenborough's persona and 50yr track record is such that people see his face and they know it's legit.

Re:Really? (1)

Smauler (915644) | about a year and a half ago | (#42721715)

It wasn't legit. I don't know the Mail's take on the situation, I don't read it.

However, the BBC presented video from a zoo and implied it was in the wild. Attenborough should be ashamed for providing the voiceover, not try to defend it.

The problem was not that the BBC used footage from a zoo. The problem was that they deliberately tried to trick the viewer into thinking that the bear cubs filmed were in the wild. Just because they were open in saying that they did so after the event does not make it ok.

Re:Really? (1)

TapeCutter (624760) | about a year and a half ago | (#42724813)

I have the documentary in my collection, there is no "deliberate trickery". As the OP stated, it was a manufactured controversy intended to punish Attenborough for his views on AGW. You'd have to be a complete moron to fall for such a transparent attempt to assassinate his character.

Re:Really? (1)

Plumpaquatsch (2701653) | about a year and a half ago | (#42759493)

However, the law says that you must inform users they are being tracked.

Which is the case here.

It's an astroturf movement. Apple getting at Google for Android.

[...] PS to use the BBC website, you are required to accept cookies or the site won't work. Mostly for technical reasons, but you still have to allow cookies.

They DO tell you "We use cookies" and that is all the law required.

It was a pretty useless law.

Amazing that your post is rated so how while being so wrong. First of all, there is no information to the user that they are being tracked. The BBC doesn't require you to allow third party cookies to work. Google and assorted Advertising scum does. And remind me why Google has to pay a record fine to the FTC for doing this [huffingtonpost.com] (which the summary so cleverly avoids telling by calling it a settlement)

Re:Really? (0)

Anonymous Coward | about a year and a half ago | (#42718367)

tell that to the people who created cookies, the MAC on hardware and the user-agent-string

Re:Really? (0)

Anonymous Coward | about a year and a half ago | (#42727337)

The UK law states precisely what is and what isn't personal information. Under the UK law what google collected isn't personal information.

Re:Really? (1)

Anonymous Coward | about a year and a half ago | (#42717923)

I don't use Google services, and yet 99% of the websites on the 'net ping back to google-analytics.com informing them of every link I click on. Are you saying I should stop using the web completely?

This isn't about tracking people's use of Google's services, it is about tracking every single thing every single person does on the web. Apple added some privacy protection into Safari, and Google actively worked around it, bypassing the users' wishes to not be tracked.

Re:Really? (0)

Anonymous Coward | about a year and a half ago | (#42718083)

why is it so hard to redirect google-analytics.com to 127.0.0.1 using a hosts file? (ain't no place like home)

Re:Really? (0)

Anonymous Coward | about a year and a half ago | (#42718783)

I just use a firefox plugin to block shit like that. For instance facebook.com; and a few advert sites that serve flashvertisements with audio.

Re:Really? (1)

kullnd (760403) | about a year and a half ago | (#42720225)

I'm sorry, but blaming Google for the web site owners that by their own choice put Google code onto their websites is kind of retarded...

Re:Really? (0)

Anonymous Coward | about a year and a half ago | (#42721683)

I'm sorry, but supporting the largest spyware company in the world is kind of retarded...

Re:Really? (0)

Anonymous Coward | about a year and a half ago | (#42718041)

Perhaps I don't use ANY of google service but still cannot choose not to get tracked by google, because of their add services being embedded into every other site, their hosting javascript libraries, and about a half a dozen other possible tracking tools.

It's nearly impossible trying to surf the internet without google knowing every single site I visit, and believe me, I've been trying.

Re:Really? (0)

thetoadwarrior (1268702) | about a year and a half ago | (#42718477)

Google doesn't really provide anything for free other than other people's content or their complete ripoff of facebook.

Re:Really? (1)

tlhIngan (30335) | about a year and a half ago | (#42719275)

Maybe Google should start charging us for their services that we get for free... They have to make their money from something

It's called "advertising". Though perhaps Google should charge users who use NoScript/ABP/etc. to block ads from Google and Google-owned companies like DoubleClick, AdMob, etc. (Google owns basically the entire online adversing companies - from their AdSense ads to the companies that do all the annoying popover/popunder/interstitials and such - all owned by Google).

Also, anyone who honestly believes that a toggle in their browser is going to prevent them from being tracked on the open internet needs an education on how things really work in the real digital world.

It's a toggle that Google actively worked around. It's not a "Do Not Track" flag that people can ignore, it's an active protection that Safari attempts to do to give you a modicum of privacy including dumping cookies. What Google did was actively work around them so all those +1 buttons would attach your Google ID to them.

Google actually wrote their code to circumvent such settings (not just ignore DNT), then deny it happened. Sort of like Lance Armstrong and performance-enhancing drugs.

Re:Really? (1)

Nostromo21 (1947840) | about a year and a half ago | (#42719421)

So basically, you/they/crApple is sore that Safari security is weak as piss & worse than IE's? Gotcha.

Re:Really? (-1, Offtopic)

kiosjahu (2826723) | about a year and a half ago | (#42719531)

http://www.cloud65.com/ [cloud65.com] upto I looked at the paycheck of $4005, I didn't believe that my mom in-law was like actually earning money in their spare time at there computar.. there friends cousin has been doing this 4 only 17 months and a short time ago paid the loans on there apartment and bourt a brand new Honda NSX. I went here,

Re:Really? (1)

Stan92057 (737634) | about a year and a half ago | (#42719645)

Well Ya a toggle button should do the trick If they make spying on people painful enough. As in jail time and a billion dollar fine should get the point across. Thats what needs to be done because they are breaking the laws willfully.

Here's "the real world" for you... apk (0)

Anonymous Coward | about a year and a half ago | (#42719707)

LMAO - let 'em: They have competitors who won't. It's that simple.

* :)

(NOBODY & NOTHING, is 'indispensible'... isn't that the "thinking @ the top"? They lead, by example... an example we "lower ones" can use too, by example!)

APK

P.S.=> Hold an axe over my head? I'll remove your arm, along with the axe...

... apk

Re:Here's "the real world" for you... apk (0)

Anonymous Coward | about a year and a half ago | (#42722071)

APK

P.S.=> Hold an axe over my head? I'll remove your arm, along with the axe...

... apk

APK, Internet Tough Guy.

Holy cow, now I've seen everything.

Re:Really? (1)

Americano (920576) | about a year and a half ago | (#42720821)

Actually, I'd love it if Google offered a subscription-based, ad-free/tracking-free consumer version of their services. That's not much of a threat, I wish they'd start charging for services that we get for free.

They have to make their money from something, if you don't like it, don't use it.

The problem here is that people specifically set their browser in a way that said, "don't track me," and Google said, "Well, since you couldn't possibly have meant to exclude US with that setting, we'll just circumvent that setting and track you anyway using a known bug in your browser." People tried not to use it, and Google still tracked them.

Heh (1, Insightful)

benjfowler (239527) | about a year and a half ago | (#42717665)

Apple fanboi nerd rage is funny

Re:Heh (-1, Troll)

Anonymous Coward | about a year and a half ago | (#42717717)

Not as funny as Google apologists...

Re:Heh (1)

Anonymous Coward | about a year and a half ago | (#42718031)

Which are nowhere nears as pathetic as Apple apologists...(Offense intended)

Re:Heh (2)

Nostromo21 (1947840) | about a year and a half ago | (#42719447)

Last I checked, Google hasn't apologised for jack shit, not should they. OTOH, Samsung is still waiting for a proper one from crApple...

Re:Heh (0)

Anonymous Coward | about a year and a half ago | (#42721531)

So do you wipe your Samsung phone off when you pull it out of your ass prior to using it?

Re:Heh (1)

Plumpaquatsch (2701653) | about a year and a half ago | (#42759517)

Last I checked, Google hasn't apologised for jack shit, not should they. OTOH, Samsung is still waiting for a proper one from crApple...

Yeah, they only had to pay the biggest fine to the FTC ever. No reason to apologize after you paid for your sins, obviously.

Re:Heh (0)

Anonymous Coward | about a year and a half ago | (#42721555)

That can't be true... Just look at this thread.

Re:Heh (0)

Anonymous Coward | about a year and a half ago | (#42759511)

Which are nowhere nears as pathetic as Apple apologists...(Offense intended)

Yup, they are much more pathetic. No offence taken, buttfucker.

pot, kettle, black, etc. (4, Insightful)

dontbemad (2683011) | about a year and a half ago | (#42717667)

i find it mildly amusing that Apple product users are suing google over something related to tracking.

Re:pot, kettle, black, etc. (4, Insightful)

GodfatherofSoul (174979) | about a year and a half ago | (#42717701)

Regardless, Google lied and got busted lying. "She hit me first" didn't work for your mother, and it won't work in court either.

Re:pot, kettle, black, etc. (1)

BasilBrush (643681) | about a year and a half ago | (#42717873)

i find it mildly amusing that Apple product users are suing google over something related to tracking.

Why?

Re:pot, kettle, black, etc. (0)

Anonymous Coward | about a year and a half ago | (#42717957)

i find it mildly amusing that Apple product users are suing google over something related to tracking.

Why?

Becouse Apple was found to send locationdata from all user devices back to Apple, without consent from the users.

Re:pot, kettle, black, etc. (0)

Anonymous Coward | about a year and a half ago | (#42718103)

I smell a game of telephone there... Are we talking about the big hullabaloo a little over a year ago?

If that's the case, the issue was that the devices stored a cache of GPS coordinates of wifi hotspots and the like, and time stamped when they were cached/refreshed. And then stored it unencrypted in the backups. And set the cache size so large, the cache could contain timestamps going back well over a year. So, if you had access to the cache on the device, you could build up a nice log of where the person's been due to the timestamps. That's a pretty bad screw up.

However, because this was a cache, it was used before pinging Apple's servers asking "Hey, I've got these SSIDs and cell tower IDs around me, where am I?" Those servers would respond with a list of SSIDs and GPS coordinates for stuff in the area. Up to many, many miles in every direction. So once the device had this information in the cache, the device would stop pinging Apple for information until the cache expired or it needed new information (or it discovered an anomaly and reported it). It also limited the granularity of the information Apple could get by caching large regions off a single request.

So, Apple could get access to some amount of location data from devices, and could very likely piece it to a user if they recorded device ids on the server-end (not sure if they do). However, this is no different than any giant SSID/Cell Tower DB operated by any company at this point. The only real alternative is to provide every device with a whole copy of the DB and force down periodic updates.

I find it ironic that the giant cache was actually better for privacy than the smaller cache now being used. People flipping out over the privacy implications have actually created a situation where Apple is getting more location data, not less. I want my old location cache back, just encrypted.

Re:pot, kettle, black, etc. (0)

Anonymous Coward | about a year and a half ago | (#42719565)

chmod go-rw locations.txt
chown system:system locations.txt

OMG THAT FIX WAS SO HARD AND SO PRIVACY INVADING.

Literally, that was the problem as I remember it: the permissions on the database file were publicly available to any application looking at the file, where it was suppose to be accessible only through the Location services / GPS API (unless you root/jb and give applications privileged access, but that's a whole different can of worms)... You know, like how Android did it...

Except Android tells you that it's sending GPS / Wifi correlations in the background when you turn on the service (even when you use the phone from a factory reset - it's one of the first screens).

Re:pot, kettle, black, etc. (0)

Anonymous Coward | about a year and a half ago | (#42718139)

That's right. They were using the same service that was found in Android. Now Apple don't use it and you can switch off sending user data to apple

Re:pot, kettle, black, etc. (1)

gnasher719 (869701) | about a year and a half ago | (#42718277)

i find it mildly amusing that Apple product users are suing google over something related to tracking.

Why would you find that amusing? It's not amusing for users who have to go to court to avoid being tracked, it's not amusing for Google.

Re:pot, kettle, black, etc. (0)

Anonymous Coward | about a year and a half ago | (#42719611)

Because APL is doing precisely the same thing behind the users' backs? There's a website for i devices where you can opt out of location tracking. That's right, the toggle is NOT ON THE DEVICE itself, but on a web site. Remember though, you were told this website on page 28374982374982739487293 of the EULA... on your desktop when you installed the desktop software that's needed for full functionality...

At least with Google, you could see the "+1" (or the Like button in case of FB, since you know, that's the same thing except Google's getting singled out here) to know that Google has a presence there. Almost all of Google's ads have a little "Adchoices" logo on them to tell you all the information relevant (source of the ad, etc.).

Re:pot, kettle, black, etc. (2)

RocketRabbit (830691) | about a year and a half ago | (#42719881)

Why? Google is the biggest data miner on the planet, and they make more money as they refine their profile of you. They are the Internet Gestapo.

Apple, by comparison, is rather innocent.

Re:pot, kettle, black, etc. (0)

Anonymous Coward | about a year and a half ago | (#42720489)

I do hope your post is because you're another of Google's shills and not just that you're really that stupid.

Re:pot, kettle, black, etc. (1)

dontbemad (2683011) | about a year and a half ago | (#42722941)

not a shill, and even if i really am that stupid, at least i don't hide behind being an AC.

Re:pot, kettle, black, etc. (0)

Anonymous Coward | about a year and a half ago | (#42725073)

So dontbemad is your real name?

Can't let every consumer dictate what privacy is (2, Insightful)

Anonymous Coward | about a year and a half ago | (#42717713)

Much as I can agree with the sentiment, we cannot allow every single consumer out there to dictate what constitutes privacy data. Perhaps google should publish what it deems as privacy information, and then allow the consumer to decide to play along or not.

Re:Can't let every consumer dictate what privacy i (4, Informative)

icebike (68054) | about a year and a half ago | (#42717991)

Much as I can agree with the sentiment, we cannot allow every single consumer out there to dictate what constitutes privacy data. Perhaps google should publish what it deems as privacy information, and then allow the consumer to decide to play along or not.

What an excellent Idea. I wonder why Google Never Thought About That. [google.com]

I find Google far more forthcoming than most companies, and offering a much finer grained level of control.

I would also wager, that Judith Vidal-Hall has a facebook page, a Linkedin page. As far as I'm concerned, anyone signing up for either of those two services has abdicated all semblance of Privacy. Living in a country with CCTV cameras on every street corner, and a government hell bent on capturing every keystroke on your computer forever, how can she object if Google complies with her country's laws?

Re:Can't let every consumer dictate what privacy i (1)

Anonymous Coward | about a year and a half ago | (#42718145)

I would also wager, that Judith Vidal-Hall has a facebook page, a Linkedin page. As far as I'm concerned, anyone signing up for either of those two services has abdicated all semblance of Privacy.

A Judith Vidal-hall [facebook.com] is on Facebook, but provides no additional information to strangers. Despite the Slashdogma, it is possible to have a Facebook page and not spend your entire day posting your SSN and rapid status updates about what you ate for lunch and how it is propogating through your digestive system.

As far as I'm concerned, anyone making poorly educated sweeping generalizations based on bad stereotypes has abdicated all semblance of Trust on public forums.

Re:Can't let every consumer dictate what privacy i (1)

penix1 (722987) | about a year and a half ago | (#42718543)

Despite the Slashdogma, it is possible to have a Facebook page and not spend your entire day posting your SSN and rapid status updates about what you ate for lunch and how it is propogating through your digestive system.

That is not the default for FB and never was. You have to jump through hoops to set it up so that a small semblance of privacy (or more accurately the illusion of it) is maintained there. And every time they update something the privacy settings for that something is always "Show it to the whole wide world!"

Also, we aren't talking about what is shown to other users but what is shown and recorded forever and tracked by the company behind it. That was a nice bit of sleight of hand you did with that by the way. FB does record, aggregate and sell your user data no matter what your security settings.

Re:Can't let every consumer dictate what privacy i (1)

EasyTarget (43516) | about a year and a half ago | (#42718389)

Apparently there is a facebook page where you can sign up to support this..
My ironyometer went off-scale when I saw that.

Re:Can't let every consumer dictate what privacy i (1)

nschubach (922175) | about a year and a half ago | (#42718037)

I read that line and thought... great. Someone out there is going to think that their screen height is private and break every website that uses scroll effects. That's not a major loss, but what if they decided that the browser is private? People can't be allowed to determine everything that's private... can they?

Re:Can't let every consumer dictate what privacy i (1)

Mister Whirly (964219) | about a year and a half ago | (#42718079)

Yes if only there was some sort of policy regarding privacy that sites like Google would make public... Something that was easy to find, perhaps right on the bottom of every page. Something that said something like Privacy & Terms [google.com] that you could simply click on to get information.

A group of Apple's Safari web browser users (1)

DeathToBill (601486) | about a year and a half ago | (#42717807)

"Both of Apple's Safari web browser users..."

FTFY

Re:A group of Apple's Safari web browser users (2)

thetoadwarrior (1268702) | about a year and a half ago | (#42718491)

Given how many more iphone users use the internet over android users it's by far the most userd mobile / tablet browser.

Re:A group of Apple's Safari web browser users (0)

Anonymous Coward | about a year and a half ago | (#42719291)

Here [wikipedia.org]

Re:A group of Apple's Safari web browser users (0)

RocketRabbit (830691) | about a year and a half ago | (#42719917)

To be fair, we don't even know how many Android devices are even sold to consumers, let alone turned on. Google shovels out its fake, massaged activation numbers but they can not be trusted.

Re:A group of Apple's Safari web browser users (1)

thetoadwarrior (1268702) | about a year and a half ago | (#42721047)

It could explain why the numbers don't match up with web stats or some people are just wasting their time with a smart phone. I wouldn't bother with a mobile phone at all if I couldn't use the internet every day. Even with my old G1 I'd surf Slashdot even if it was the worst possible way to view the site.

Re:A group of Apple's Safari web browser users (1)

RocketRabbit (830691) | about a year and a half ago | (#42731145)

Wikipedia does an interesting breakdown on the devices used to visit their site and Android usage is much lower than one might expect from Google's and that shady ass StatCounter's numbers.

"group of Apple's Safari web browser users"? Hmmm (2)

Ian.Waring (591380) | about a year and a half ago | (#42717997)

It is of course perfectly coincidental that the lawyer firm involved is the same one who previously acted for Microsoft in a case against unlicensed X-Box accessories.

Why not sue Apple? (4, Insightful)

TheSkepticalOptimist (898384) | about a year and a half ago | (#42718021)

I mean ultimately its Safari's problem that Google could find a way to circumvent their privacy settings and write cookies to their user profile. If Safari was written properly then no website should be able to access private information or write to profile.

What is at fault here is the users thought Safari was secure, but Google found a way around the security. Its Safari's issue, period.

Re:Why not sue Apple? (1)

Anonymous Coward | about a year and a half ago | (#42718067)

No. That's a ridiculous line of reasoning. When someone breaks into your house you don't go after the manufacturer of the lock, you go after the thief.

As stupid as this law suit or maybe even the idea of do not track is, your idea is considerably more stupid.

Re:Why not sue Apple? (1)

Kenja (541830) | about a year and a half ago | (#42718273)

Depends, if the lock company made a point about how using their locks would make your house burgle proof I get people would sure them.

Re:Why not sue Apple? (1)

smash (1351) | about a year and a half ago | (#42721813)

Apple has made no such claims about safari. They've played the "mac's don't get viruses" card. This isn't a virus.

Re:Why not sue Apple? (0)

Anonymous Coward | about a year and a half ago | (#42722417)

No. That's a ridiculous line of reasoning. When someone breaks into your house you don't go after the manufacturer of the lock, you go after the thief.

As stupid as this law suit or maybe even the idea of do not track is, your idea is considerably more stupid.

And the level of Google Fanboyism in /. is shown by the Insightful mod GP got, simply because the point (however ridiculous) is in favor of Google.

Re:Why not sue Apple? (2)

thetoadwarrior (1268702) | about a year and a half ago | (#42718509)

Because you prosecute the one who did the crime. Do you sue you car manufacturer when your car gets broke into?

Re:Why not sue Apple? (0)

Anonymous Coward | about a year and a half ago | (#42718675)

If the locks are deemed to have design flaws, yes. You go after both the manufacturer and the burglar. In the U.S.A., the private citizen generally focuses more on the manufacturer, since they're more likely to have money. The police go after the burglar, since that's where they make their money.

Re:Why not sue Apple? (1)

cbhacking (979169) | about a year and a half ago | (#42721151)

The entire Internet, including (especially, in this case) the WWW, is based on published specifications that describe how clients and servers are supposed to interact with each other. Some of these specifications relate to privacy. In particular, there is a thing called a "compact privacy policy" which is a very shorthand way of indicating many of the most salient points of a privacy policy in a machine-readable format. This is a published specification, part of the Platform for Privacy Preferences (P3P), described in http://www.w3.org/TR/P3P/ [w3.org] .

The goal of P3P is to provide a way for the user of an HTTP client (generally, a web browser) to specify automatic behaviors based on privacy settings. It's not a security feature at all; it's a convenience feature for sites where the user trusts the server to not lie about what its privacy policy is. The idea is that the server sends a compact privacy policy, and the user agent decides what to do based on that policy. It removes the need for the user to manually review each cookie, etc. and decide, based on the info it contains and the policy of the site, what to do with it.

Google, in their infinite not-evilness, decided that P3P is old and broken (somewhat debatable, but they make some good points) and they weren't going to respect the specification. Of course, the usual way that somebody would do this is to not implement it on their end at all; i.e. don't send any compact privacy policy and let the browser do whatever it does with cookies that don't come with privacy info attached. Google thought differently, and decided to instead send a CPP that is interpreted in the following way by P3P-compliant user agents:
We have a privacy policy, it is all-inclusive and has no exceptions.
Of course, this is a complete lie - Google does do various things which may compromise your privacy, such as track you with cookies. However, they decided that rather than indicate this in the machine-readable format specified in P3P, they would instead send a human-readable English text string, utterly meaningless under the specification, telling people to go read their actual privacy policy. The problem is, the user is never supposed to read the raw CPP. It's a bunch of meaningless characters to anybody unfamiliar with the specification, and generally isn't ever displayed to the user. The end result is that, if the user's browser is configured to use P3P to decide how to handle cookies, Google's cookies are going to be automatically accepted regardless of whether what Google uses those cookies for is actually acceptable to the user.

In a very real sense, Google has published a false security policy. It's not a security exploit - the entire specification is built on trust, as is true of any security policy - but it's a very flagrant violation of that trust and, in the EU, is illegal. That's what they're in hot water for. Apple is only relevant to this story because they use P3P, presumably by default (how many Safari users are going to customize their privacy settings?), and adhere to the specification as written.

"Don't be evil" my ass. By the way, I own zero Apple products and am generally not a fan of the way they treat their users. That does not absolve Google of this kind of bullshit, however.

Re:Why not sue Apple? (1)

smash (1351) | about a year and a half ago | (#42721845)

This post pretty much sums it up. IIRC, IE was affected too, for complying with P3P.

And yes. "don't be evil" my arse.

Re:Why not sue Apple? (1)

viperidaenz (2515578) | about a year and a half ago | (#42722093)

4. Compact Policies

Compact policies are summarized P3P policies that provide hints to user agents to enable the user agent to make quick, synchronous decisions about applying policy. Compact policies are a performance optimization that is OPTIONAL for either user agents or servers. User agents that are unable to obtain enough information from a compact policy to make a decision according to a user's preferences SHOULD fetch the full policy.

The text Google sends is obviously not a valid CPP, so the browser is incorrectly implementing an optional part of the spec to the detriment of the users.

They don't incorrectly add any of the defined compact tokens to the CP header. No correct implementation should be able to determine a policy from what is returned.

Re:Why not sue Apple? (0)

Anonymous Coward | about a year and a half ago | (#42721197)

Wrong. Just because you can, doesn't mean you can. In Google's case if they found a way around Safari security then it is GOOGLE'S responsibility not to exploit it.

But the bigger issue is that Google apparently has some sort of project related to bypassing browser security. Is this why my IE9 Internet Zone goes from High security to Custom, every time I open a website using Google code?

Re:Why not sue Apple? (1)

smash (1351) | about a year and a half ago | (#42721857)

This isn't a security exploit. No software was "exploited". It is Google being a dick with internet standards.

Why not sue Apple too... (0)

Anonymous Coward | about a year and a half ago | (#42718137)

They were the ones who allowed the cookies to be installed. Their security settings obviously had a gap large enough that someone was able to install cookies without the user's consent or browser's permission. Had it been a security company monitoring someone's home or protecting a family and they allowed someone to track their whereabouts or break in, what do you think would happen? If this security company had said they would prevent such a thing, don't you think they would be a possible target for a lawsuit? Granted you would be paying for such a service, but then I've seen what folks pay for Apple products.

Possibly 90% (0)

Anonymous Coward | about a year and a half ago | (#42718295)

Of those UK Apple users probably have no idea what cookies are but only go along because they want to be trendy screaming MYPRIVACYOMFG because everybody does so, and to make some money as well. Those people should only be allowed to surf apple.com and nothing else...

Whether (2)

TsuruchiBrian (2731979) | about a year and a half ago | (#42718381)

"'Whether something is private or not should be up to the internet surfer, not Google. We are best placed to decide, not them.'"

Fulfilling the expectation that the internet surfer's privacy wishes are being honored is the job of a browser without security, not a massive corporation whose primary income source is targeted advertisements.

Re:Whether (0)

Anonymous Coward | about a year and a half ago | (#42721431)

Complying with the law is Google's job, and if the law says it should respect browser settings then it should respect them or pay the penalty.

And actually, the law itself [legislation.gov.uk] defines what constitutes "personal data". There's no need for either Google or the individual to devote so much brainpower to the question.

Re:Whether (0)

Anonymous Coward | about a year and a half ago | (#42722439)

"'Whether something is private or not should be up to the internet surfer, not Google. We are best placed to decide, not them.'"

Fulfilling the expectation that the internet surfer's privacy wishes are being honored is the job of a browser without security, not a massive corporation whose primary income source is targeted advertisements.

Cool, so if I start a new company called Foogle, and its primary income source is selling pictures of inside of homes which I took by picking the lock of your door and sneaking in, all the while proclaiming I do no such thing, then would you still say that "Fulfilling the expectation of a home-owner's privacy wishes being honored is the job of the door lock, not a massive corporation..."?

When it comes to Google and their fanboys, all aversion to giant corporations misbehavior instantly evaporates, we are witnessing a new RDF in the making!

Re:Whether (0)

Anonymous Coward | about a year and a half ago | (#42722995)

Lots of Google stockholders on Slashdot would be the obvious assumption.

Since when.... (1)

Dcnjoe60 (682885) | about a year and a half ago | (#42718809)

Since when is Google storing a cookie on your local computer the same as Google collecting data on you. Collecting, by its very definition, would mean that they are storing the data on their computer. Now, if Google then harvests the data stored locally and does something with it, that is a different story, but just having Google store a cookie, does not in and of itself mean that they are collecting personal data, even if the cookie contains personal data. If that were the case, then just about every website you visit would be guilty of the same thing as almost all of them store cookies.

Here is another problem with the legal action being brought. It is being done so by somebody who knows and understands how computers work. Therefore, if you know that Google, or anybody else, is storing cookies and you allow it to persist, when your browser allows you to refuse cookies from certain sites, isn't their a form of contributory fault there? I'm not talking about John Q. Public, but a so called expert in the field (whether self proclaimed or not).

I know that you have a much more difficult time getting an insurance company to pay a claim for a valuable stolen item if it was left on the front seat of a car with the windows rolled down and the door unlocked. It doesn't mean that the person should have stolen it, but that you should have protected it. If that is accepted, then why would an "expert" in the field of computer security not be held to the same standard?

Re:Since when.... (1)

Stan92057 (737634) | about a year and a half ago | (#42720077)

Google took extra actions to ignore the users request and his country's laws stating they could not do it. Who ever brought the suit is makes no difference. i just wonder why no one from Google was arrested for willingly breaking the law.

Re:Since when.... (0)

Anonymous Coward | about a year and a half ago | (#42720693)

Since when is Google storing a cookie on your local computer the same as Google collecting data on you.

Since 1994. Welcome to the Internet.

Re:Since when.... (0)

Anonymous Coward | about a year and a half ago | (#42721231)

Um, log files? They can record the stored cookie event on the server plus all the cookie updates AND sync the cookie data with their other domain, Doubleclick. If the cookie is blocked, they can't collect that cookie data.

Re:Since when.... (0)

Anonymous Coward | about a year and a half ago | (#42722029)

If the browser did what it said it was doing, none of this would be a problem.

If you tell your browser not to store cookies and cookies get stored, it doesn't matter how they got there, there is a fault with the browser.

And Slashdot is no better (0)

Anonymous Coward | about a year and a half ago | (#42718915)

And Slashdot is no better

OS 10.8.2, Safari 6.0.2
Private Browsing enabled
Preferences > Security, Block cookies: Always, Remove all website data
Reset Safari: all enabled except clear name and passwords, and close all Safari windows
Remove all website data (again)
refresh the window
select security tab, then back to Privacy tab to re-trigger the Privacy display

= 15 websites stored cookies or other data

Re:And Slashdot is no better (0)

Anonymous Coward | about a year and a half ago | (#42719667)

So, Shit browser is shit?

Re:And Slashdot is no better (0)

Anonymous Coward | about a year and a half ago | (#42722015)

When Apple designed the Preferences dialog, it was thought to be more intuitive to rename "Nearly Always" to "Always" and "Remove most website data" to "Remove all website data"

slashdot is no better (0)

Anonymous Coward | about a year and a half ago | (#42719325)

check for cookies loaded by refreshing the this slashdot page

check for slashdot page cookies (0)

Anonymous Coward | about a year and a half ago | (#42719375)

despite private browsing, block cookies all; slashdot page still loads cookies

Cookies vs ANPR (0)

Anonymous Coward | about a year and a half ago | (#42719501)

Do these same people drive motor vehicles? I wonder if they worry the same about being tracked via ANPR (number plate recognition) cameras?

Worse than the Muslims (0)

Anonymous Coward | about a year and a half ago | (#42720863)

"Anything for Jobs, anything in the name of Jobs. We will do your bidding Apple."

Wrong target (0)

Anonymous Coward | about a year and a half ago | (#42721915)

Apple users are suing Google over a fault in Apple's browser. I could say more, but really no more needs be said.

This is absolutely (0)

Anonymous Coward | about a year and a half ago | (#42722347)

Shocking news about Google? Google?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?