Getting some semblance of control over my browsing habits and enabling the implementation of multiple-proxy-based browsing strategies is one reason why I wrote chrome-private.sh [1].
I go through hundreds of disposable browsing profiles every day.
Firefox containers does the same thing with a lot less work. If you get the multi-account-containers extension and the temporary containers extension, you won't have to log back into everything all the time but will still get isolation.
There is no hope of privacy on the internet today without some sort of "tumbling" strategy. It is wholely impossible for anyone to prevent all sources of their information from leaking, and once your data from one source is out there, the rest of your precautions are potentially useless. So the only viable strategy is to muddy the waters by creating enough spurious data that an attacker can't know what is real and what is fake.
I'm doing something similar but less ephemeral. I have many web profiles, but they are dedicated, for example I have a Google profile where I open Gmail, drive, photos, etc. I have an FB one, a reddit one, an HN one, etc. About 15. Then Firefox for my regular browsing.
That's pretty cool ... I'm left wondering what a visualization of the state accumulated by visiting different websites would look like, e.g. google, twitter, nytimes, etc.
"According to the suit, the company collects information, including IP addresses and browsing histories, whenever users visit web pages or use an app tied to common Google services, such as Google Analytics and Google Ad Manager."
I'd really appreciate some more technical details here.
Does this include web server logs that record incoming IP addresses?
Is the expectation here that Chrome would set a DNT header in incognito mode and Google properties would then obey that header?
Unless Google associates your anonymous browsing data from incognito mode, with your regular browsing data from regular mode, I don't see a case here. And I really doubt they do that, it would be such a clear and egregious violation of the reasonable expectation of privacy.
The other possible complaint could be that websites still can collect information on user behavior on the website, even if it is more anonymous in incognito mode. This is expressly what incognito mode says on the tin. You can use it to avoid saving your weird porn history locally, but not prevent websites from knowing what anonymous visitors are doing on their website. If the average consumer isn't tech-savvy enough to get this distinction, I'm not sure what Google could do besides putting this explicit warning in every new tab.
Summary: seems like this case will go nowhere, but still makes for soundbitey headlines and gives people an excuse to rehash their usual gripes that "my data is the next oil"
(IIUC, most ad targeting is still based on you explicitly searching for something you want to buy and ads matching those keywords, or retargeting from a website you've already visited but abandoned your shopping cart at, not some all-knowing profile of your deepest wants and desires).
Disclaimer: I work at Google but nowhere near the Analytics or Ads teams.
I know that Google is making money through use of my personal data. I wish they would be required boldly state on every page that my personal data is being used, and that they are profiting from it. Finally, there should be some steps offered to remedy some of the above such as requesting that parts of the data that would be convenient for me to have deleted would be deleted. And the parts that are inconvenient such as my ability to login to sites I commonly visit could be preserved since that minimum requirements are met so I can easily access those sites.
And while I have no big conspiracy theories at the moment about how Google is doing anything evil, there is certainly no guarantee that something in the future could impact me. For example there could be some bad players working inside Google, Google could be acquired, or the government could take control in some way. these are all things that could be dangerous to me in the future if Google continues to preserve large amounts of my personal information.
FYI - Google does offer a series of tools for you to manage your data. If you are signed in there is my activity[1], and takeout[2]. There are options to control targeted ads[3] and auto-delete location and activity data older than 3 months[4].
My core issue is the unfulfilled promise of the panopticon.
I'm still waiting for the recommenders, personalizers which help me.
Not boost engagement. Not amplify tiny differences. Not catalysts for virality.
I was on the recommender, personalization team for a high end fashion retailer. Joining, I thought "Woohoo! Teach the computer tell me which dress shirt to buy! Pick the right t-shirts! Find tasteful but understated socks! Finally!"
It took me a while to peel back all the layers to reveal the team's secret sauce. Turns out there isn't any. The most performant algorithm was "stuff you've looked at before" (~70%), followed by "what's hot" and "what's new".
While most of our effort was put into all the Big Data Machine Learning Booyah stuff, I'd characterize the attributable "lift" as little better than noise. Terrible ROI. We would have been MUCH BETTER off improving the data quality, search features, and browsing experience.
(I had some other more radical ideas. A whole thesis built around authenticity and actual engagement. Way past StitchFix. Alas, too weird for the brick & mortar types. Imagine explaining TikTok influencers to your great aunt. But I'd be happy to have someone pay me for a brain dump.)
In conclusion, nothing this last decade has shaken my hunch that digital ads are a giant con job. At least outside of political advertising. (My bro has worked in ad tech for 15+ (?) years. Our spirited debate has never stopped.)
WARNING! We use your personal data to improve your experience using Google products. We believe this will lead you using the service more often and, in doing so, see more ads which we profit from.
(Disclaimer: I have a big personal gripe with Google, but I don't hate the company in general)
Something has been on mind for a while.
I see lawsuits against Google collecting / selling personal data and ideas to combat its monopoly in search. What I don't see is a discussion about regulating companies that have data on the majority of the population.
I know for a fact that Google used search insights to inform strategy. By knowing what people search for and modeling our behavior, they have an unprecedented ability to forecast future events. I expect that Facebook and other, lesser-known companies do the same. I believe it is dangerous for a company to have this ability.
I am not an expert in public policy and politics. Would it make sense to have regulatory oversight over all companies that have data on, e.g., over 50% of a country's population?
Regulations, a lot of times, tend to have the opposite of the intended effect. In this case, you'd need to define what is meant by "having data".
Is having an email or phone enough to qualify?
Maybe yes.
In that case, think of a rapidly growing startup, which breaches that mark (50% or whatever the law says) - and now has to comply with the law.
But the startup is not capable of compliance, because the law was made for behemoths like google.
This startup will go belly over and die soon.
Google's monopoly saved.
Alternatively, leaving it in the public domain for civil suits to be filed has a tendency of natural selection. If a company is TRULY big enough, and has that kind of data, someone WILL sue.
"By knowing what people search for and modeling our behavior, they have unprecedented ability to forecast future events. I expect Facebook and other, lesser known companies do the same. I believe it is dangerous for a company to have this ability."
I have thought of this as "search-based front-running". How much of it goes on, I would like to know.
I wouldn't be surprised if over the years employees have been making canny decisions on the stock markets. Facebook also has a lot of information via its portfolio of services to enable this too.
How poetic. This lawsuit brought to you by Boies Schiller, the law firm that aggressively intimidated Theranos whistleblowers. I would argue that their actions contributed to the suicide of Ian Gibbons, as well as threatening his widow with legal action after his death.
This lawsuit is idiotic. They're claiming Google is doing something wrong by tracking users from websites using ad tech when someone uses their browsers private browsing mode.
Actually I think it nicely highlights the contradictions inherent in Google's monopolistic position. The user clearly expressed an intent to browse "privately" in one Google product - Chrome. The fact that this doesn't then completely block Google Analytics or forward the preference for privacy to other Google properties is a choice that conveniently aligns with Google's ad business but ignores the intent of what the user is trying to do.
Why is it idiotic to expect Google to respect a users wish not to be tracked? Half the world has laws that require Google to ask permission. Using private browsing mode is a very clear indication the the user does not want to give them that permission.
It's really not that hard. Google and Facebook just don't want to understand it.
It's not so idiotic. Google collects information that people don't want them to collect. That arguably objectionable, even if it's not strictly illegal. It will be interesting to see whether this case gets a sympathetic judge, but I imagine it will end up being dismissed like previous lawsuits of this variety. Nice bit of publicity for the law firm though.
I agree with you, but I think the problem is a disconnect between what incognito actually does and what people think it does. That distinction is pretty obvious to people who have done any sort of web development, but it's hard to explain to the average user.
There are the data privacy laws that mandate users be able to opt of tracking, and it should be pretty clear to a non-psychopathic company that a person using the private mode on their browser is opting out of any tracking.
Google is one of the biggest companies in the world. Do they really need to be wringing their users as hard as they can to milk out every last drop of ad revenue potential?
Google is just a digital Eye-of-Sauron[0] and very difficult to avoid if you do any meaningful surfing of the open web. They have their fingers in many different pies.
There is even small subcultures on the web dedicated to avoiding Google by doing things like running 'degoogled chromium' and blacklisting various Google domains in their /etc/hosts file. Sadly all these mitigations don't work because Google already has a dossier on many people and even if you don't have a Google account, Google keeps tabs on you via fingerprinting or other means and knows who 'you' really are (using simple correlation and heuristics).
Then this raises the issue of: what can be done? I prefer to just be nihilistic about it and accept that Google already has dirt on me, despite my mitigations (I have a bit of history blindly handing over personal data to Google for a number of years). I think young people these days in 2020 have a great opportunity to implement mitigations and are better suited than me to browse privately, since I'm already contaminated by Google. (I still mitigate however, but it's not enough).
> Google surreptitiously amasses billions of bits of information --every day -- about internet users even if they opt out of sharing their information, three consumers alleged in a proposed class action lawsuit.
a billion bits is only like 130Meg a day, seems like google is doing pretty good.
“We strongly dispute these claims and we will defend ourselves vigorously against them,” Castaneda said in an email.
I wonder what it is they actually dispute, when the claims are so basic? Most popular websites use GA, so of course Google is watching every single user action across the Internet, regardless of if they have tried to 'opt out' via any methods, laws, processed, etc.
I have a personal gmail and a work gmail (G Suite), each using my full name, but both run in separate browsers using the same IP address. I always wonder if Google keeps a "master record" of people and all their associations, if not for security or to work with law enforcement.
In my experience in adtech, not only can Google do this pretty accurately, but other third parties as well (e.g. DMPs and the like.) Even if they couldn't make a deterministic association, they have enough data points to make a probabilistic association with high likelihood (ex: "Given all these data points, we're 95% confident that these two people are the same. Therefore we're going to attribute the actions to the same person.")
Now, to qualify my response a bit, this isn't necessarily for security / law enforcement, but mainly for better targeting parameters. Example: frequency capping of ads (buyer specifies that you only see an ad X number of times in a given time period) or more relevant targeting (you don't see completely different ads in different browsers as if you're from two non-overlapping demographic groups.)
Facebook does this to build shadow profiles of everyone, even if they are not Facebook users. I'm sure Google does similar things. They certainly could.
IMO, that doesn't make a good trade off. The identity problem space is already super complicated due to ITP while the risk is very high. If you make mistakes, you will accidentally leak personal information to others while the benefits... are pretty minimal, probably having 1~2% more revenue from those people with dual accounts. Given that joining signed-in and signed-out identity is explicitly prohibited as a condition of Double Click acquisition, I doubt if there's any incentive to do this kind of joining for Google.
Probably. I recall Project Veritas showing hidden video of a Twitter dev speaking about databases that link all profiles of someone (using things like IPs, fingerprints, etc. to stitch the relationships together).
I don't think Google is doing fingerprint (at least for Ads AFAIK, but there's not much reasons to do so in other products) and Chrome blocks fingerprinting in order to make Facebook and other competitors' life harder.
> “We strongly dispute these claims and we will defend ourselves vigorously against them,” Castaneda said in an email.
I've seen this _exact_ phrasing so many times in responses to lawsuits that I'm now starting to wonder if future lawyers receive this template as a graduation fair well package.
[+] [-] metroholografix|5 years ago|reply
I go through hundreds of disposable browsing profiles every day.
[1] https://github.com/atomontage/chrome-private
[+] [-] jedberg|5 years ago|reply
https://addons.mozilla.org/en-US/firefox/addon/temporary-con...
https://addons.mozilla.org/en-US/firefox/addon/multi-account...
Edit: See below with a warning about using this with profile sync.
[+] [-] uniqueid|5 years ago|reply
[+] [-] jason0597|5 years ago|reply
https://github.com/Eloston/ungoogled-chromium
[+] [-] thinkloop|5 years ago|reply
[+] [-] chubot|5 years ago|reply
[+] [-] thinkloop|5 years ago|reply
> Disables 3D APIs / WebGL, GPU acceleration by default while allowing them to be re-enabled through command-line switches.
[+] [-] fouc|5 years ago|reply
[+] [-] tantalor|5 years ago|reply
[+] [-] simonw|5 years ago|reply
I'd really appreciate some more technical details here.
Does this include web server logs that record incoming IP addresses?
Is the expectation here that Chrome would set a DNT header in incognito mode and Google properties would then obey that header?
[+] [-] neil_s|5 years ago|reply
The other possible complaint could be that websites still can collect information on user behavior on the website, even if it is more anonymous in incognito mode. This is expressly what incognito mode says on the tin. You can use it to avoid saving your weird porn history locally, but not prevent websites from knowing what anonymous visitors are doing on their website. If the average consumer isn't tech-savvy enough to get this distinction, I'm not sure what Google could do besides putting this explicit warning in every new tab.
Summary: seems like this case will go nowhere, but still makes for soundbitey headlines and gives people an excuse to rehash their usual gripes that "my data is the next oil"
(IIUC, most ad targeting is still based on you explicitly searching for something you want to buy and ads matching those keywords, or retargeting from a website you've already visited but abandoned your shopping cart at, not some all-knowing profile of your deepest wants and desires).
Disclaimer: I work at Google but nowhere near the Analytics or Ads teams.
[+] [-] dvduval|5 years ago|reply
And while I have no big conspiracy theories at the moment about how Google is doing anything evil, there is certainly no guarantee that something in the future could impact me. For example there could be some bad players working inside Google, Google could be acquired, or the government could take control in some way. these are all things that could be dangerous to me in the future if Google continues to preserve large amounts of my personal information.
[+] [-] altgoogler|5 years ago|reply
FYI - Google does offer a series of tools for you to manage your data. If you are signed in there is my activity[1], and takeout[2]. There are options to control targeted ads[3] and auto-delete location and activity data older than 3 months[4].
[1] myactivity.google.com [2] takeout.google.com [3] https://support.google.com/ads/answer/2662922?hl=en [4] https://www.blog.google/technology/safety-security/automatic...
[+] [-] specialist|5 years ago|reply
I'm still waiting for the recommenders, personalizers which help me.
Not boost engagement. Not amplify tiny differences. Not catalysts for virality.
I was on the recommender, personalization team for a high end fashion retailer. Joining, I thought "Woohoo! Teach the computer tell me which dress shirt to buy! Pick the right t-shirts! Find tasteful but understated socks! Finally!"
It took me a while to peel back all the layers to reveal the team's secret sauce. Turns out there isn't any. The most performant algorithm was "stuff you've looked at before" (~70%), followed by "what's hot" and "what's new".
While most of our effort was put into all the Big Data Machine Learning Booyah stuff, I'd characterize the attributable "lift" as little better than noise. Terrible ROI. We would have been MUCH BETTER off improving the data quality, search features, and browsing experience.
(I had some other more radical ideas. A whole thesis built around authenticity and actual engagement. Way past StitchFix. Alas, too weird for the brick & mortar types. Imagine explaining TikTok influencers to your great aunt. But I'd be happy to have someone pay me for a brain dump.)
In conclusion, nothing this last decade has shaken my hunch that digital ads are a giant con job. At least outside of political advertising. (My bro has worked in ad tech for 15+ (?) years. Our spirited debate has never stopped.)
[+] [-] preommr|5 years ago|reply
We're like a metaphorical frog slowly being boiled alive.
[+] [-] criddell|5 years ago|reply
WARNING! We use your personal data to improve your experience using Google products. We believe this will lead you using the service more often and, in doing so, see more ads which we profit from.
[+] [-] dr_kiszonka|5 years ago|reply
Something has been on mind for a while.
I see lawsuits against Google collecting / selling personal data and ideas to combat its monopoly in search. What I don't see is a discussion about regulating companies that have data on the majority of the population.
I know for a fact that Google used search insights to inform strategy. By knowing what people search for and modeling our behavior, they have an unprecedented ability to forecast future events. I expect that Facebook and other, lesser-known companies do the same. I believe it is dangerous for a company to have this ability.
I am not an expert in public policy and politics. Would it make sense to have regulatory oversight over all companies that have data on, e.g., over 50% of a country's population?
[+] [-] VMisTheWay|5 years ago|reply
In fact, it's more likely Google will use the regulation to corner the market with regulatory capture.
[+] [-] utkarsh_apoorva|5 years ago|reply
Is having an email or phone enough to qualify?
Maybe yes.
In that case, think of a rapidly growing startup, which breaches that mark (50% or whatever the law says) - and now has to comply with the law.
But the startup is not capable of compliance, because the law was made for behemoths like google.
This startup will go belly over and die soon.
Google's monopoly saved.
Alternatively, leaving it in the public domain for civil suits to be filed has a tendency of natural selection. If a company is TRULY big enough, and has that kind of data, someone WILL sue.
[+] [-] ErikAugust|5 years ago|reply
I have thought of this as "search-based front-running". How much of it goes on, I would like to know.
[+] [-] hnhg|5 years ago|reply
[+] [-] dvfjsdhgfv|5 years ago|reply
[+] [-] guyzero|5 years ago|reply
[+] [-] ipython|5 years ago|reply
[+] [-] foota|5 years ago|reply
[+] [-] AlexandrB|5 years ago|reply
[+] [-] t0mas88|5 years ago|reply
It's really not that hard. Google and Facebook just don't want to understand it.
[+] [-] Veen|5 years ago|reply
[+] [-] dehrmann|5 years ago|reply
[+] [-] lanevorockz|5 years ago|reply
A Privacy mode that post the links you visit on twitter. ;)
[+] [-] brenden2|5 years ago|reply
[+] [-] Apes|5 years ago|reply
Google is one of the biggest companies in the world. Do they really need to be wringing their users as hard as they can to milk out every last drop of ad revenue potential?
[+] [-] dang|5 years ago|reply
[+] [-] diablo1|5 years ago|reply
There is even small subcultures on the web dedicated to avoiding Google by doing things like running 'degoogled chromium' and blacklisting various Google domains in their /etc/hosts file. Sadly all these mitigations don't work because Google already has a dossier on many people and even if you don't have a Google account, Google keeps tabs on you via fingerprinting or other means and knows who 'you' really are (using simple correlation and heuristics).
Then this raises the issue of: what can be done? I prefer to just be nihilistic about it and accept that Google already has dirt on me, despite my mitigations (I have a bit of history blindly handing over personal data to Google for a number of years). I think young people these days in 2020 have a great opportunity to implement mitigations and are better suited than me to browse privately, since I'm already contaminated by Google. (I still mitigate however, but it's not enough).
[0] https://lotr.fandom.com/wiki/Eye_of_Sauron
[+] [-] user00012-ab|5 years ago|reply
a billion bits is only like 130Meg a day, seems like google is doing pretty good.
[+] [-] noncoml|5 years ago|reply
I guess it doesn't make a difference to them, as long as they get the ad revenue from Pampers
[+] [-] ve55|5 years ago|reply
I wonder what it is they actually dispute, when the claims are so basic? Most popular websites use GA, so of course Google is watching every single user action across the Internet, regardless of if they have tried to 'opt out' via any methods, laws, processed, etc.
[+] [-] hashberry|5 years ago|reply
[+] [-] s3r3nity|5 years ago|reply
In my experience in adtech, not only can Google do this pretty accurately, but other third parties as well (e.g. DMPs and the like.) Even if they couldn't make a deterministic association, they have enough data points to make a probabilistic association with high likelihood (ex: "Given all these data points, we're 95% confident that these two people are the same. Therefore we're going to attribute the actions to the same person.")
Now, to qualify my response a bit, this isn't necessarily for security / law enforcement, but mainly for better targeting parameters. Example: frequency capping of ads (buyer specifies that you only see an ad X number of times in a given time period) or more relevant targeting (you don't see completely different ads in different browsers as if you're from two non-overlapping demographic groups.)
[+] [-] caymanjim|5 years ago|reply
[+] [-] summerlight|5 years ago|reply
[+] [-] Romanulus|5 years ago|reply
[+] [-] smithza|5 years ago|reply
0. https://brave.com/
[+] [-] neonate|5 years ago|reply
[+] [-] nojito|5 years ago|reply
It’s against the practice of fingerprinting users across products and services.
[+] [-] summerlight|5 years ago|reply
[+] [-] shock|5 years ago|reply
I've seen this _exact_ phrasing so many times in responses to lawsuits that I'm now starting to wonder if future lawyers receive this template as a graduation fair well package.
[+] [-] bawolff|5 years ago|reply
[+] [-] fred_is_fred|5 years ago|reply
[+] [-] thoraway1010|5 years ago|reply