The sad thing about news like this is that most people only pay attention at all because they've been bombarded with anti-Russian propaganda, not because this showcases Google's awful anti-privacy practices. Despite years of warnings, examples and analysis of where this can lead, the only thing that matters in the end is some emotional trigger word that makes the public think they are dealing with an "outgroup".
The cherry on top of it all is that ProPublica uses Google Search for their website. I am moderately sure that after I post this someone will jump in to comment and defend this practice, showing nothing has been learned.
Privacy is important precisely because after your data has been collected and stored, there is no telling where it will end up and what it will be used for.
Reporting negatively on the Iraq war or blackwater or Facebook isn’t “anti American propaganda”.
Just because you are anti establishment doesn’t mean you should instinctively support the Russian establishment which is incidentally many times more horrific and out of control than the people you claim are spreading “propaganda”. (I’m guessing NGOs, charities like amnesty international or anyone who reports on the war crimes and crimes against humanity of the Russian government).
> The sad thing about news like this is that most people only pay attention at all because they've been bombarded with anti-Russian propaganda, not because this showcases Google's awful anti-privacy practices. Despite years of warnings, examples and analysis of where this can lead, the only thing that matters in the end is some emotional trigger word that makes the public think they are dealing with an "outgroup".
Please be more specific about who you're criticizing here. Presumably not ProPublica, as they've been reporting on Google privacy issues for 10+ years. I'm also not sure what you mean by "emotional trigger word" - this story is about illegal and unethical activity by a major corporation that stopped as a direct result of ProPublica's investigation. Who are these "most people" that care about this story but not any other privacy issue?
>Privacy is important precisely because after your data has been collected and stored, there is no telling where it will end up and what it will be used for.
This can't be overstated. It's like a hole in the wall that can't be patched.
I've lived most of my life expecting an Orwellian life. While it was grounded in paranoia, complete transparency is pretty much the only lowest-stress way to live when anyone can theoretically dox you over just about anything if the fashions pendulum swings hard enough in one direction.
> This means Google may have turned over such critical information as unique mobile phone IDs, IP addresses, location information and details about users’ interests and online activity
Can someone help me to understand this?
I thought Google kept this kind of user-preference (interests/activity) data to itself, and used that as the sauce powering its ad auctions. If you run a site, GA will give you IP, location, etc. for inbound traffic, but I didn't think they would give you data on other users.
Does Google actually sell user preference data and IPs in bulk? What product are they referring to here?
Basically, the accusation is that a sanctioned Russian company is listed as an advertiser ("Demand Side Platform") on Google's real-time bidding platform for ads. This means they get a blob of data for each impression that there is a bid on (this is "the bidstream data"):
> These can include: The URL, website, or app the consumer is on, Information about the consumer’s device, The consumer’s geo-location, The consumer’s IP address, Various demographic or behavioral attributes about the consumer (as supplied by the ad exchange or third party data brokers), such as gender, age range, or job occupation
These user IDs are anonymized but there's machinery to link the bid data to a cookie that the advertiser already has in their own system ("cookie matching").
They provide some evidence that even though RuTarget was OFAC sanctioned in April, Google may still be providing them the bidstream (and therefore presumably is selling services to an OFAC-sanctioned entity). This would be quite surprising if so, since a company like Google surely has processes to monitor the OFAC watchlist and automatically deactivate companies that are sanctioned.
My summary here is that the ProPublica article is incomplete and that makes it a bit misleading; reading the article one would assume the Russians were getting a dump of de-anonymized data, whereas in fact the finding is around them getting access to the bidstream, which is provides anonymized user data, that may in some cases be hypothetically de-anonymizable, or assist with other de-anonymization efforts.
> Google allowed RuTarget, a Russian company that helps brands and agencies buy digital ads, to access and store data about people browsing websites and apps in Ukraine and other parts of the world
In other words, they collected data via websites and apps, just like any other JS or native ad library does. This wasn't data that Google collected, then handed over. It's a misleading headline IMO.
Is this really a complaint that a single, well-established Russian ad company got the same information from Google that they would give to any US company with an email address?
This is part of the cognitive dissonance that insists that Russia has the most effective intelligence services in the world, that can manipulate elections at will and subsume every US social movement to spread its propaganda, but is too stupid and helpless to create a US front company.
No, the complaint is that it was illegal to work with them.
> RuTarget was later listed in an April 6 Treasury announcement that imposed full blocking sanctions on Sberbank and other Russian entities and people. The sanctions mean U.S. individuals and entities are not supposed to conduct business with RuTarget or Sberbank.
> [Google spokesperson Michael Aciman] acknowledged the Russian company was still receiving user and ad buying data from Google before being alerted by ProPublica and Adalytics.
> that can manipulate elections at will and subsume every US social movement to spread its propaganda, but is too stupid and helpless to create a US front company
The first chapter of "Propaganda" is that the enemy is cunning and wicked while also weak and helpless at the same time.
It's also weird that Russia has been running out of ammunition for the last 5 years and is a weak enemy at the same time its able to fight a country supported by virtually the whole of west with NATO arms, NATO training and best of all NATO intelligence/spies with a sanction that was supposed to turn the "ruble" in to "rubble"
Google has a deep issue here. It shows again and again that they aren't concerned about legalese.
- don't check if their customer is on the sanctions list.
- make it possible for their GA users to ignore GDPR
- knowingly ignore tax regulations to own benefit
- many other illegal practices / dark patterns / monopolistic behaviour
At this point, it's clear that Google being Google is not going to change of itself, as long as it is allowed to proceed like this. The only solution is to regulate Google and force it to comply with legal systems, using billion dollar fines if nothing else works, and splitting Google to avoid further monopolization.
> Google Play has policies in place that prohibit using this data for purposes other than advertising and user analytics. Any claims that advertising ID was created to facilitate data sales are simply false.
How do policies _prevent_ data sales exactly? Their policies can say whatever they want—if the data is available in the first place, it _will_ be misused, regardless of whatever your policies say. If your enforcement hinges on your detection algorithms that data is being misused, you can't guarantee that violations aren't taking place.
This is Google's Cambridge Analytica.
It's insane that these privacy abuses happen again and again, and people have no protection or ways of stopping it. At the very least, we deserve a cut of the profits they're making by selling our data on these scummy markets.
As all business focused companies, Google and its shareholders cares only for money. If they only could, they would sell newborn children as target practice for muscal cолдат-s. All sanctions can be easily avoided with resellers and “good will” from management and creative paperwork. Here they even didn't try.
Google should be made to donate a few $M (or 10s/100s) to help defend Ukraine then, although it's still a completely shitty situation that a country fighting for its freedom is being "traded" for the temporary economical benefit of certain parties.
How about Western telecom carriers and IT resources stop providing services to Russian military complex? We still have Western telecommunications providers supplying IT and communications services to companies directly related to Russian Ministry of Defense and its war machine.
What the hell does the recent Russian hostility has to do with this? Sanctions? You mean that the privacy laws that have been ignored and laughed at are not a bad enough violation? Apparently it's not, huh.
Google and Facebook have been extremely anti-privacy since practically their inception but suddenly NOW it's a problem because an attached Russian company has been doing what Google has been enabling any company to do, for decades?
Gosh. If that's how humanity can be made to react to public safety issues that I am seriously not impressed by our race, to put it diplomatically and mildly.
> Google and Facebook have been extremely anti-privacy since practically their inception but suddenly NOW it's a problem because an attached Russian company has been doing what Google has been enabling any company to do, for decades?
Propublica has been reporting on Google and Facebook (and others) privacy issues for most of their 15 year history. See their Dragnets series: https://www.propublica.org/series/dragnets
It's not about privacy from companies who want to sell you vitamins, it's about Russian government wanting to know who you are so they can target you with political misinformation etc..
Of course it did, it was profitable for them. Google doesn't care about laws, they have a mountain of lawyers and piles of cash that ensure they will never be held accountable at any level.
Get off Google if you can, you're the product, not the customer.
I do too and it literally saved me not an hour ago. Why does Google publish guidelines on what is and isn't acceptable on their ad network when they don't fucking enforce any of them? They might not be distributing malware directly, but they're (IMV knowingly) allowing it to continue.
Why is it so hard not to share user data? Is sharing user data the lazy path you take when you cannot use that data to create a product and provide value yourself?
Well this just backs up something I've said before, that its possible to intimidate and harass individuals with the type of adverts only Google could deliver. Does that make Google an accessory to crimes, or does business to business provide the perfect cover?
HN is flooded by "archive.ph" campaign which injects Russian (and other) tracking scripts to copies of crawled 3rd party sites and requires JS to load on Firefox/Linux (and some other browsers) while pretending to be "archiving".
It does do archiving, and it does it very well. It's fast, provides short URLs, blocks ads in the archived pages, tries to bypass paywalls and login walls, and resists censorship. That's why people use it.
And it's funded by ads, so yes, it does have tracking scripts, just like a good chunk of the internet.
If you are privacy-conscious (or just don't like ads), then you can use uBlock Origin to get rid of them.
> Last April, a bipartisan group of U.S. senators sent a letter to Google and other major ad technology companies warning of the national security implications of data shared as part of the digital ad buying process. They said this user data “would be a goldmine for foreign intelligence services that could exploit it to inform and supercharge hacking, blackmail, and influence campaigns.”
The US (or insert <domestic entity>) for sure has more information on US citizens so Russia can’t compete with them when it comes to influence.
[+] [-] BrainVirus|3 years ago|reply
The cherry on top of it all is that ProPublica uses Google Search for their website. I am moderately sure that after I post this someone will jump in to comment and defend this practice, showing nothing has been learned.
Privacy is important precisely because after your data has been collected and stored, there is no telling where it will end up and what it will be used for.
[+] [-] apstls|3 years ago|reply
[+] [-] barrbid8|3 years ago|reply
Just because you are anti establishment doesn’t mean you should instinctively support the Russian establishment which is incidentally many times more horrific and out of control than the people you claim are spreading “propaganda”. (I’m guessing NGOs, charities like amnesty international or anyone who reports on the war crimes and crimes against humanity of the Russian government).
[+] [-] coffeefirst|3 years ago|reply
[+] [-] burkaman|3 years ago|reply
Please be more specific about who you're criticizing here. Presumably not ProPublica, as they've been reporting on Google privacy issues for 10+ years. I'm also not sure what you mean by "emotional trigger word" - this story is about illegal and unethical activity by a major corporation that stopped as a direct result of ProPublica's investigation. Who are these "most people" that care about this story but not any other privacy issue?
[+] [-] 1shooner|3 years ago|reply
What specifically are you referring to?
[+] [-] Phileosopher|3 years ago|reply
This can't be overstated. It's like a hole in the wall that can't be patched.
I've lived most of my life expecting an Orwellian life. While it was grounded in paranoia, complete transparency is pretty much the only lowest-stress way to live when anyone can theoretically dox you over just about anything if the fashions pendulum swings hard enough in one direction.
[+] [-] theptip|3 years ago|reply
Can someone help me to understand this?
I thought Google kept this kind of user-preference (interests/activity) data to itself, and used that as the sauce powering its ad auctions. If you run a site, GA will give you IP, location, etc. for inbound traffic, but I didn't think they would give you data on other users.
Does Google actually sell user preference data and IPs in bulk? What product are they referring to here?
[+] [-] theptip|3 years ago|reply
The original research is linked in the OP: https://adalytics.io/blog/sanctioned-ad-tech-user-data -- this is much more informative than the ProPublica writeup. It includes a technical explanation of what's going on.
Basically, the accusation is that a sanctioned Russian company is listed as an advertiser ("Demand Side Platform") on Google's real-time bidding platform for ads. This means they get a blob of data for each impression that there is a bid on (this is "the bidstream data"):
> These can include: The URL, website, or app the consumer is on, Information about the consumer’s device, The consumer’s geo-location, The consumer’s IP address, Various demographic or behavioral attributes about the consumer (as supplied by the ad exchange or third party data brokers), such as gender, age range, or job occupation
These user IDs are anonymized but there's machinery to link the bid data to a cookie that the advertiser already has in their own system ("cookie matching").
They provide some evidence that even though RuTarget was OFAC sanctioned in April, Google may still be providing them the bidstream (and therefore presumably is selling services to an OFAC-sanctioned entity). This would be quite surprising if so, since a company like Google surely has processes to monitor the OFAC watchlist and automatically deactivate companies that are sanctioned.
My summary here is that the ProPublica article is incomplete and that makes it a bit misleading; reading the article one would assume the Russians were getting a dump of de-anonymized data, whereas in fact the finding is around them getting access to the bidstream, which is provides anonymized user data, that may in some cases be hypothetically de-anonymizable, or assist with other de-anonymization efforts.
[+] [-] jonny_eh|3 years ago|reply
In other words, they collected data via websites and apps, just like any other JS or native ad library does. This wasn't data that Google collected, then handed over. It's a misleading headline IMO.
[+] [-] yunohn|3 years ago|reply
This is not “provided” by Google. It’s normal web server traffic data, collected by Google Analytics instead of your own scripting.
[+] [-] pessimizer|3 years ago|reply
This is part of the cognitive dissonance that insists that Russia has the most effective intelligence services in the world, that can manipulate elections at will and subsume every US social movement to spread its propaganda, but is too stupid and helpless to create a US front company.
[+] [-] burkaman|3 years ago|reply
> RuTarget was later listed in an April 6 Treasury announcement that imposed full blocking sanctions on Sberbank and other Russian entities and people. The sanctions mean U.S. individuals and entities are not supposed to conduct business with RuTarget or Sberbank.
> [Google spokesperson Michael Aciman] acknowledged the Russian company was still receiving user and ad buying data from Google before being alerted by ProPublica and Adalytics.
[+] [-] jaywalk|3 years ago|reply
Sure we can't catch everything, but we can at least stop the obvious stuff like this.
[+] [-] ClumsyPilot|3 years ago|reply
this is just so easy, we have noone to blame but ourselves
[+] [-] balderdash|3 years ago|reply
“Why’d you sell vodka to that 12 year old? Ahh well it’s trivial for them to go out and get a fake ID…so I don’t bother checking ID”
[+] [-] ShivShankaran|3 years ago|reply
The first chapter of "Propaganda" is that the enemy is cunning and wicked while also weak and helpless at the same time.
It's also weird that Russia has been running out of ammunition for the last 5 years and is a weak enemy at the same time its able to fight a country supported by virtually the whole of west with NATO arms, NATO training and best of all NATO intelligence/spies with a sanction that was supposed to turn the "ruble" in to "rubble"
[+] [-] tut-urut-utut|3 years ago|reply
- don't check if their customer is on the sanctions list.
- make it possible for their GA users to ignore GDPR
- knowingly ignore tax regulations to own benefit
- many other illegal practices / dark patterns / monopolistic behaviour
At this point, it's clear that Google being Google is not going to change of itself, as long as it is allowed to proceed like this. The only solution is to regulate Google and force it to comply with legal systems, using billion dollar fines if nothing else works, and splitting Google to avoid further monopolization.
[+] [-] stefan_|3 years ago|reply
[+] [-] daniel_reetz|3 years ago|reply
[+] [-] imiric|3 years ago|reply
How do policies _prevent_ data sales exactly? Their policies can say whatever they want—if the data is available in the first place, it _will_ be misused, regardless of whatever your policies say. If your enforcement hinges on your detection algorithms that data is being misused, you can't guarantee that violations aren't taking place.
This is Google's Cambridge Analytica.
It's insane that these privacy abuses happen again and again, and people have no protection or ways of stopping it. At the very least, we deserve a cut of the profits they're making by selling our data on these scummy markets.
[+] [-] smsm42|3 years ago|reply
[+] [-] Jolliness7501|3 years ago|reply
[+] [-] blackhaz|3 years ago|reply
How about Western telecom carriers and IT resources stop providing services to Russian military complex? We still have Western telecommunications providers supplying IT and communications services to companies directly related to Russian Ministry of Defense and its war machine.
[+] [-] pdimitar|3 years ago|reply
Google and Facebook have been extremely anti-privacy since practically their inception but suddenly NOW it's a problem because an attached Russian company has been doing what Google has been enabling any company to do, for decades?
Gosh. If that's how humanity can be made to react to public safety issues that I am seriously not impressed by our race, to put it diplomatically and mildly.
[+] [-] burkaman|3 years ago|reply
Propublica has been reporting on Google and Facebook (and others) privacy issues for most of their 15 year history. See their Dragnets series: https://www.propublica.org/series/dragnets
A few examples:
2010: https://www.propublica.org/article/governments-increasingly-...
2012: https://www.propublica.org/article/the-best-reporting-on-fac...
2012/2014: https://www.propublica.org/article/no-warrant-no-problem-how...
2014: https://www.propublica.org/article/its-complicated-facebooks...
2016: https://www.propublica.org/article/google-has-quietly-droppe...
2016: https://www.propublica.org/article/facebook-doesnt-tell-user...
Why would this topic be suddenly out of bounds now that Russia is involved?
[+] [-] jollybean|3 years ago|reply
[+] [-] bastardoperator|3 years ago|reply
Get off Google if you can, you're the product, not the customer.
[+] [-] downrightmike|3 years ago|reply
[+] [-] tjpnz|3 years ago|reply
[+] [-] legrande|3 years ago|reply
I find blocking at the DNS level breaks some sites, which is why in uBlock Origin you can whitelist a domain that is causing problems.
[+] [-] 2OEH8eoCRo0|3 years ago|reply
[+] [-] freeflight|3 years ago|reply
"Oil of the 21st" century and all that.
[+] [-] sroussey|3 years ago|reply
[+] [-] Terry_Roll|3 years ago|reply
[+] [-] hericium|3 years ago|reply
[+] [-] cato_the_elder|3 years ago|reply
And it's funded by ads, so yes, it does have tracking scripts, just like a good chunk of the internet.
If you are privacy-conscious (or just don't like ads), then you can use uBlock Origin to get rid of them.
[+] [-] jjulius|3 years ago|reply
Source?
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] unity1001|3 years ago|reply
[deleted]
[+] [-] avgcorrection|3 years ago|reply
The US (or insert <domestic entity>) for sure has more information on US citizens so Russia can’t compete with them when it comes to influence.
[+] [-] judge2020|3 years ago|reply