Updated on January 11 with further information on Google’s new mobile privacy challenge in the U.S. courts, and parallels to its controversial digital fingerprinting now making a return.
An ironic dispute this week in the world of big tech. Google attacked Microsoft for “its long history of tricks to confuse users and restrict selections,” less than 3 weeks after it was accused of “narrowing the selection of people and the way their data is collected,” in reaction to its new digitization project. , not just Android and Chrome: the same old targets of such criticism. This follow-up is only six weeks away.
Two unrelated stories, barely two weeks apart and yet not unrelated. The common theme is that users are pawns, subject to the whims of the incredibly giant ecosystems they rely on every day.
Google slammed Microsoft after the Windows maker was caught “spoofing” the Google homepage when users searched for Google on Bing.com. Windows Latest was first to spot the spoof and described it as a “a genius move to keep you from Google search.” Bing has featured before in the Microsoft versus Google stakes playing out across Windows PCs, but it has mostly been Chrome versus Edge. Search is the prize, as should have been pretty clear when Apple went to court to help Google defend its default search spot on a billion iPhones. It’s not too many months ago that the iMaker released a video inspired by Hitchcock’s The Birds that essentially warned those iPhone users to steer clear of Chrome.
This was “a clear attempt by Microsoft to make Bing look like Google for this quick search query,” The Verge reported. “The Google result includes a search bar, a symbol that looks a lot like a Google Doodle, and even a little text below the search bar, just like Google does. Microsoft even automatically scrolls the page to hide its own Bing search bar, which seems to be the most sensible search result.
Chrome and Google Search are not the same thing, and they don’t come with privacy risks. And that’s why iPhone users use Google Search in Safari more than in Chrome, this becomes much less true if you sign in to a Google account. But Chrome doesn’t play a prominent role in Google’s most recent tracking warning that hit headlines just before the holidays. Still, Chrome has grabbed most of Google’s tracking headlines in recent years, with cookies, incognito mode, and its privacy sandbox with recurring roles.
The most recent factor when Google launched an update to its advertising ecosystem. The changes, it says, have been driven by “the wider diversity of surfaces on which classified ads are displayed (such as connected TVs and games consoles)” and mean being “less prescriptive with partners in the way they target and “they measure classified ads. “»
Fingerprinting is not just a browser issue anymore.
“This is a virtual fingerprint on connected devices,” the British data regulator was quick to point out. “Fingerprinting refers to the collection of data about a device’s software or hardware that, when combined, can uniquely identify a specific device and user. . . . The ICO’s view is that fingerprinting does not are a fair way to track users online, as it will most likely reduce the selection of people and the way their data is collected Google’s policy update means that fingerprints can update the. third party cookies. functions.
And given the nature of these other devices and that users won’t realize what’s taking place, there are serious implications. Identity Week warns that “organizations using Google’s advertising tech can implement fingerprinting without violating Google’s policies and complying with the requirements of data protection law… Fingerprinting is so hindering to privacy expectations because it relies on signals that are not easy to wipe. Even if data is ‘permanently’ deleted, fingerprinting biometrics could detect and recognize your identity.”
Interesting parallels between the return of virtual fingerprints (which are unfortunately difficult for a user to detect) and a new and unprecedented leak of user location knowledge, which also exposes a wide range of applications that collect device knowledge of users. The Gravy Analytics leak highlights the scale of the location awareness industry, a behind-the-scenes user tracking ecosystem that is difficult to stumble upon and that most users would probably disable if they could.
As 404Media neatly puts it, “the [Gravy Analytics] news is a crystalizing moment for the location data industry. For years, companies have harvested location information from smartphones, either through ordinary apps or the advertising ecosystem, and then built products based on that data or sold it to others. In many cases, those customers include the U.S. government… But collecting that data presents an attractive target to hackers.”
What I think will keep users coming back and paying attention beyond the scale of the leak is the number of popular apps that provide the knowledge in the first place. “Candy Crush, Tinder [and] MyFitnessPal,” Wired reports, are located among “thousands of apps hijacked to spy on your location… Some of the most popular apps in the world are likely to be co-opted by rogue members of the advertising industry to collect sensitive location data at scale.
There are various lists of these apps now doing the rounds — suffice to say it’s extensive. Per Wired, it includes “dating sites Tinder and Grindr; massive games such as Candy Crush, Temple Run, Subway Surfers, and Harry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo’s email client; Microsoft’s 365 office app; and flight tracker Flightradar24…. religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy.”
Users don’t like having scenes follow them. That’s why the Gravy leak made headlines and why virtual fingerprints are doing the same. And there’s another new twist reported via Reuters: “Google failed to convince a federal judge to dismiss a privacy class-action lawsuit that claimed it collected non-public information from people’s cellphones after they disabled a button to prevent follow-up”. This could result in a trial this summer. This follows Google’s destruction of billions of knowledge records last year, following a similar lawsuit over knowledge collection using Chrome’s incognito mode.
As ArsTechnica explains, Google “claims to treat user knowledge as pseudonyms by creating a randomly generated identifier that “allows Google to recognize the specific device and its upcoming advertising behavior. . . Google insists that it has created technical barriers to ensure, for example, ‘WAA-off users, that pseudonymous knowledge is dissociated from a user’s identity by first performing a ‘consent check’ on a user’s WAA settings. ‘
According to CNBC, “in a 20-page ruling on Tuesday, [Chief Judge Richard Seeborg of federal court in San Francisco] said that moderate users could find Google’s conduct ‘highly offensive,’ because the company collects knowledge despite from the considerations of several workers and knowing that its disclosures were ambiguous, cited internal communications that suggested that Google, a unit of Alphabet, deliberately did not distinguish between knowledge collected internally and from external Google accounts because users could find the fact as “alarming”.
So it all comes down to tempered expectations and what you understand or don’t understand, about which there are pretty transparent parallels with virtual fingerprints. Google says that “advances in privacy-enhancing technologies (PET), such as on-device processing, trusted execution environments, and secure multi-party computing, are opening up new tactics for brands to manage and enable their knowledge securely. PET also gives users the privacy coverage they expect. . . We see an opportunity to raise the level of privacy in the use of knowledge as intellectual property. We can achieve this by applying coverages that preserve. privacy and help companies succeed with their consumers on these new platforms without the need to identify them again.
But as the EFF says about this type of tracking, “when an individual uses their device, a third-party express tracker may be uploaded to multiple installed apps or stopover sites. This allows this company to track an individual in their use of multiple sites they scale on or applications they have installed. These trackers gain unprecedented insights into the user’s daily activities, aggregating data that is explicit enough to know what a user is doing at any given time and even where they are employing their device. . . Fingerprinting can use all sorts of probable mundane details about your device or browser, such as screen resolution, time zone, operating formula version, remaining battery life, etc. The explanation for why fingerprints exist is to circumvent the general controls that users have that allow them to control their own browsers. To regain control of our browsers and devices, we want to use special equipment that is fingerprint-resistant.
And so, since those fingerprints are notoriously difficult to detect, what do users really understand?And what can we expect them to understand? As the UK data regulator noted in its response, “this substitution is irresponsible. “We have already said that fingerprints do not meet users’ privacy expectations, as users cannot give consent without problems as they would with cookies. This means that they cannot control how your data is collected. To quote Google’s own position in 2019 on fingerprinting: “We think it alters user selection and that’s wrong. “
For its part, Google states that “even as technologies evolve, our privacy principles remain the same. We continue to offer users options when it comes to personalized ads. And we continue to require advertisers and publishers to be completely transparent with users about what insights they collect and how they are used. Policies will have to adapt to the speed of technological progress, placing privacy at the center of their concerns. With this update, we can help businesses large and small capture opportunities in the evolving virtual landscape, while meeting user expectations around privacy.
However, it’s an interesting time: two warnings, a court ruling, and a leak of knowledge that violates privacy, all in a few weeks. The risks, of course, fall on all the millions and millions of users, whether on Chrome, Edge, Android, Windows, or all of the above. I reached out to Google and Microsoft for feedback on the angles of all of this; there is nothing yet.
Fingerprinting begins on February 16; In the meantime, keep all of this in mind.
One Community. Many Voices. Create a free account to share your thoughts.
Our network aims to connect others through open and thoughtful conversations. We need our readers to share their perspectives and exchange ideas and facts in one space.
To do this, please comply with the posting regulations in our site’s terms of use. We summarize some of those key regulations below. In short, civilized.
Your message will be rejected if we notice that it appears to contain:
User accounts will be blocked if we notice or believe that users are engaged in:
So how can you be a user?
Thank you for reading our Community Guidelines. Please read the full list of posting regulations discovered in our site’s Terms of Use.