Google’s Ad Tracking Is Just As Creepy As Facebook's

Uploaded on 2016-11-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY-Key Areas-Social Media

Google in June deleted a clause in its privacy settings that said it would not combine cookie information with personal information without consent.

Since Google changed the way it tracks its users across the internet in June 2016, users’ personally identifiable information from Gmail, YouTube and other accounts has been merged with their browsing records from across the web.

An analysis of the changes conducted by Propublica details how the company had previously pledged to keep these two data sets separate to protect individuals’ privacy, but updated its privacy settings in June to delete a clause that said “we will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent”.

ProPublica highlights that when Google first made the changes in June, they received little scrutiny. Media reports focused on the tools the company introduced to allow users to view and manage ad tracking rather than the new powers Google gained.

DoubleClick is an advertising serving and tracking company that Google bought in 2007. DoubleClick uses web cookies to track browsing behaviour online by their IP address to deliver targeted ads. It can make a good guess about your location and habits, but it doesn’t know your true identity.

Google, on the other hand, has users’ (mostly) real names, email accounts and search data. At the time of the acquisition, a number of consumer groups made a complaint to the Federal Trade Commission arguing that bringing these data sets together would represent a huge invasion of privacy, giving the company access to more information about the internet activities of consumers than any other company in the world.

Sergey Brin reassured privacy campaigners, saying: “Overall, we care very much about end-user privacy, and that will take a number one priority when we talk about advertising products.”

In 2012, Google made a controversial update to its privacy policy to allow it to share data about users between different Google services, but it kept DoubleClick separate.

In practice, this means that Google can now, if it wanted to, build up even richer profiles of named individuals’ online activity. It also means that the DoubleClick ads that follow people on the web could be personalized based on the keywords that individuals use in Gmail.

Google isn’t the first company to track individuals in this way. Facebook has been tracking logged-in users (and even non-users) by name across the internet whenever they visit websites with Facebook “like” or “share” buttons.

Google says that the change is optional and is aimed at giving people better control over their data. “Google is actually quite late to this game. By now, most of the websites you visit are already sharing your activity with a wide network of third parties who share, collaborate, link and de-link personal information in order to target ads,” said Jules Polonetsky from Future of Privacy Forum.

“Some users may appreciate relevant advertising, many others may not. What’s critical is that there are easy ways for those who want to avoid the more robust types of data targeting to be able to take easy steps to do so.”

Technology companies argue that such tracking allows them to deliver much more targeted, relevant advertising across the internet. Paul Ohm from the Center of Privacy and Technology at Georgetown law school told Propublica that the fact that Google kept personally identifiable information and DoubleClick data separate was “a really significant last stand”.

“It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy. That wall has just fallen.”

A Google spokeswoman said that its advertising system had been designed before the smartphone revolution, and that the update in June made it easier for users to control their ad preferences across multiple devices.

The company says that more than one billion Google users have accessed the ‘My Account’ settings that let them control how their data is used.

“Before we launched this update, we tested it around the world with the goal of understanding how to provide users with clear choice and transparency,” Google said. “As a result, it is 100% optional - if users do not opt-in to these changes, their Google experience will remain unchanged. Equally important: we provided prominent user notifications about this change in easy-to-understand language as well as simple tools that let users control or delete their data.”

Users that don’t want to be tracked in this way can visit the activity controls section of their account page on Google, unticking the box marked “Include Chrome browsing history and activity from websites and apps that use Google services”.

Guardian:

« Trickle Down Cybercrime
China’s Plan To Organise Society Using Big Data »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Recruiters

Cyber Security Recruiters

Cyber Security Recruiters is a niche recruiting firm who finds impact players for our clients in the Information Security Space.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

The ai Corporation

The ai Corporation

The ai Enterprise Fraud Solution is an on-prem or cloud-based self-service, machine learning fraud detection and prevention tool set.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications and Information Protection is the technical security and intelligence service of Ukraine, under the control of the President of Ukraine.

Evina

Evina

Evina offers the most advanced cybersecurity and fraud protection for mobile payment.

BreachQuest

BreachQuest

BreachQuest brings together cybersecurity experts with decades of experience identifying security flaws, penetrating networks, and responding to incidents.

Perygee

Perygee

Perygee is a fully integrated platform for operational security. Companies depend on Perygee to identify and streamline the most important security practices for their operations.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

MS Tech Solutions

MS Tech Solutions

MS Tech Solutions is a Jamaican-based, multinational consulting company that specializes in the architecture, implementation and management of key network and Information technologies.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

Theos Cyber Solutions

Theos Cyber Solutions

Theos Cyber provides service-first cybersecurity solutions to digital businesses in Asia.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

Sherweb

Sherweb

Sherweb are a marketplace of leading cloud solutions and value-added services delivered by a team of passionate experts invested in MSP growth.