Google's Quiet, Confusing Privacy Policy Change Is Why We Need More Transparency & Control

from the don't-hide-this-shit dept

Last week, I wrote about how privacy is about tradeoffs, and despite what some people claim, there’s no such thing as “absolute privacy,” nor would you actually want something approximating what people think they mean by it. The real issue is the tradeoff. People are quite willing to trade certain information in exchange for value. But, the trade has to be clear and worth it. That’s where the real problems come in. When we don’t know what’s happening with our data, or it’s used in a sneaky way, that’s when people feel abused. Give people a clear understanding of what they’re giving and what they’re getting and you eliminate most of the problem. Then give end users greater control over all of this and you eliminate even more of the problem.

This was our thinking in designing a Privacy Bill of Rights for companies to abide by in designing their services (along with EFF and Namecheap).

It appears that Google would fail to meet the standards of that bill of rights. Last week, ProPublica wrote about how Google quietly changed the privacy policy related to how it connects DoubleClick advertising to other data that it has about you, allowing the company to actually link your name and other identifying information to you as you surf around the web. And, on top of that, it apparently includes tying what you type in Gmail to the ads you might see.

The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on the keywords they used in their Gmail. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.

The move is a sea change for Google and a further blow to the online ad industry?s longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people?s real names. But until this summer, Google held the line.

Here’s the thing: a lot of privacy advocates I know will likely say that this move is de facto “bad.” And that any linkage between identity and ads is bad. But I’d argue that the real problem here is Google’s unwillingness to be clear and transparent. It slipped this change in and then made up some PR-speak about why it was doing it, in a way that wasn’t at all clear to basically anyone:

Google spokeswoman Andrea Faville emailed a statement describing Google?s change in privacy policy as an update to adjust to the ?smartphone revolution?

?We updated our ads system, and the associated user controls, to match the way people use Google today: across many different devices,? Faville wrote. She added that the change ?is 100% optional?if users do not opt-in to these changes, their Google experience will remain unchanged.? (Read Google?s entire statement.)

Existing Google users were prompted to opt-into the new tracking this summer through a request with titles such as ?Some new features for your Google account.?

The ?new features? received little scrutiny at the time. Wired wrote that it ?gives you more granular control over how ads work across devices.? In a personal tech column, the New York Times also described the change as ?new controls for the types of advertisements you see around the web.?

Blech. If this is really actually important, and provides more value, don’t give the bullshit explanation and confuse reporters. Tell people what’s happening and why. If Google is afraid to be upfront and honest about it (things that the company used to do) then it feels like the company recognizes that it’s not providing enough value to consumers with these moves. To paraphrase the old saying about it not being the crime but the coverup that gets people, in this case, it’s not the privacy policy change that’s the clear problem here, but the fact that Google tried to hide it and mislead people about it.

Thankfully, Google does provide the other prong of our test: giving users control.

To opt-out of Google?s identified tracking, visit the Activity controls on Google?s My Account page, and uncheck the box next to ?Include Chrome browsing history and activity from websites and apps that use Google services.” You can also delete past activity from your account.

But it would have been a lot better if the company could have just been upfront and honest about it. This is why transparency and clarity about intentions are so important. If companies don’t do that, then people will (rightly) assume that the moves are designed in a manner to be anti-consumer. If Google truly believes it’s providing a better product with such changes, explain why and how and let users decide for themselves.

Filed Under: , , , ,
Companies: google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Google's Quiet, Confusing Privacy Policy Change Is Why We Need More Transparency & Control”

Subscribe: RSS Leave a comment
Mason Wheeler (profile) says:

She added that the change “is 100% optional–if users do not opt-in to these changes, their Google experience will remain unchanged.”

To opt-out of Google’s identified tracking, visit the Activity controls on Google’s My Account page, and uncheck the box next to “Include Chrome browsing history and activity from websites and apps that use Google services."

Wait, so is this opt-in or opt-out? That’s kind of a huge difference…

Manabi (profile) says:

Re: Re: Re:

I can confirm, had them try this twice on my phone and then I had to deal with it on mom’s and dad’s phones. It’s presented as no big deal, just something you should accept so you’ll have better service. They also make it difficult to figure out how to reject it. If I’m remembering it correctly, you have to select “more information”, and after that you can finally decline. (Also, you have to select more information to even find out what it changes.)

Google has done this change extremely underhandedly. I have no doubts it was done that way on purpose. I just don’t see how you could get it so confusing and tricky without actively trying to make it that way.

Anonymous Coward says:

I dislike the change as it makes it easier for courts and spooks to get an already-made-profile of everything you are via a court.

The legal realities of present-day make me wary of having *any* online activity of mine attached to my name.

I’ve lost trust in the courts, Federal law enforcement, and especially the Intelligence Community in regards to *anything* involving a computer. And this mistrust only gets worse every time they play word games to lie about what they do and why they do it.

Alex Stamos said the Snowden revelations set the hacker Fed relationship back by a decade. The followup responses by Feds have largely made this worse. Their only tactic to get trust back appears to be chanting “trust us” and “cyber” endlessly while releasing large amounts of legal documents that dance around the most important and substantive legal issues involved.

Manabi (profile) says:

Re: So....again a reason to ad block

And when it comes to Google, if you have a Google account, don’t search while logged in. I access my Gmail in a portable Firefox instance, and my main browser (where I do all my searching) isn’t logged in at all. So my Google searches aren’t being associated with my Google account. I also use Firefox on my phone instead of Chrome, but that’s more so I can adblock on mobile.

Anonymous Coward says:

Re: Re: So....again a reason to ad block

And when it comes to Google, if you have a Google account, don’t search while logged in.

What does the privacy policy say about this? Does anything prevent them from linking those together (e.g. by user-agent, IP, "supercookies", webRTC, DNS cache detection, etc.) and using that linkage for advertising?

Manabi (profile) says:

Re: Re: Re: So....again a reason to ad block

I don’t know about their privacy policy, but if you live in a household of multiple adults (like I do), linking them that way dilutes the value of the data. Since they can’t be certain the searches are by the same person, they’d be making the profile of your interests they’ve built worthless. Since they make their money on targeting ads to your interests, they’d be idiots to do this.

Jimb says:

absolute privacy

It is the opening sentence’s stance that diminishes privacy rights for everyone.

Our children may not be willing to give up their privacy, yet their parents have “screwed” them over by giving it up for them.

Privacy is what you do to attain it and keep it. If you don’t fight for it it will be taken away. Your privacy is absolute insofar as you fight for it. Your privacy is a human right.

This is precisely why everyone should have their own email server at home (and in their business). Email servers may be difficult to set up, especially without a guide, but there are enough guides to help everyone out (and people that can be hired to do it for you) to make it happen. Once it is set up it is quite insanely easy to maintain. In fact, it requires very little maintenance. And, don’t give me the shit reasoning about backing up the server or about keeping it online.

You don’t have it already in your home because of those bullshit excuses. Yes, Mike, total and utter bullshit.

What kept you from maintaining your own email servers were manyfold issues, however most of those issues no longer exist, especially the primary ones: Back in the day you had no 24/7 internet and hardware was expensive. Today most families have an overabundance of computers and they are cheap enough to set aside one as an email server. Nearly everyone with internet has 24/7 connection.

You force us to fall into the bigger pool of users giving government and criminal easier access to your privacy. Stop it Mike. Privacy is KING.

Anonymous Coward says:

Re: absolute privacy

First off I quite agree with your stance here.

But I have to encourage using LavaBit’s new DIME protocol ( over hosting your own eMail server. You can still self-host DIME (ofcourse), but that would theoretically make little difference.

The problem with self-hosted eMail is that, being an ancient protocol that’s been learning security as it went, it is trivial for your ISP to man-in-the-middle even if you set up proper security. So you might as well use their services.

Our protocols in general must be upgraded to leak near no information, while being more resilient to other attacks. This is possible, the technology exists! We just need to do so while maintaining some backwards compaibility.

That said there’s some truth to what Masnick’s saying here. But in most situations “approximating absolute privacy” will not inconvenience anyone (e.g. publishing and reading these Techdirt articles). And where it does, we can certainly avoid handing out certain information (does Techdirt really need to be told my browser and operating system to publish a comment underneath this article? Your browser will give that information out without asking)

Thad (user link) says:

Re: absolute privacy

It is the opening sentence’s stance that diminishes privacy rights for everyone.

I take it you didn’t read the previous article that the sentence in question links to?

Because here’s what it says:

The idea of "perfect" privacy makes no sense, because people reveal all sorts of stuff about themselves all the time because the tradeoff is worth it. For example, just walking out of your house to go to the grocery store is a tradeoff. You give up some amount of privacy (someone can see you leaving your house, others can see what you’re buying), because we think it’s worth that minimal loss of privacy to get food. But it’s an individual tradeoff based on our own individual decision making — people who are famous celebrities or hiding from someone who wants to kill them may view the tradeoffs differently. That’s why it always bothers me a little when people focus on privacy as if it’s a thing, rather than looking at the cost-benefit tradeoffs that each individual needs to make.

What is it that you believe is inaccurate about that series of statements? Because it seems pretty straightforward to me.

Moving on to your next point:

This is precisely why everyone should have their own email server at home

You keep saying this. It is absurd.

I’m not a Gmail user, precisely because of the kinds of privacy concerns we’re talking about.

But what, exactly, would I gain from running my own e-mail server? Sure, if I used PGP, and everybody else who I ever exchanged e-mails with also used PGP, then my e-mail couldn’t be observed by a third party in transit. But that’s completely independent of whether I’m running my own server or using somebody else’s.

If I’m not using PGP, then I’ve got, what, SMTP/STARTTLS? An encryption protocol that sends e-mail that can be decrypted at any relay between me and the destination? In other words, it’s better than no encryption at all, but sort of requires that I trust my ISP not to read my e-mails. And if I trust my ISP not to read my e-mails, then why do I need a private server in the first place?

And that’s before I even get into spam filtering, DDoS attacks, joe jobs, or even really basic stuff like closing your relay.

I’ve run e-mail servers, both business and personal. I’m glad that I’m not doing either one anymore; too much hassle for not enough benefit.

And that’s coming from a guy who knows how to do it. That you expect end users to figure out how to do it ("just read a guide online!") suggests to me that you don’t deal with a lot of end users.

We are talking about people who do not know the difference between Windows and Office. People who call tech support for help before they try rebooting their computer to see if it fixes the problem. People whose password is "Password123456!" You are suggesting that these nice people should be expected to learn to set up an e-mail server.

If you want to run your own e-mail server, that’s great; enjoy. It probably doesn’t help protect your privacy nearly as much as you think it does, but it’s a useful skill, and an interesting personal project.

But it is a wildly impractical suggestion for 99% of computer users.

And that’s if I round down.

Anonymous Coward says:

Re: Re: absolute privacy

Not every bit of info that’s recorded on the wire is kept indefinitely. Storage technology has not reached that level yet.

Running your own server means you’d need to have a warrant handed to you for a change rather than having a warrant served to Google and you never knowing that your information was sifted through by countless numbers of Feds. If the info they want on you hasn’t already been pre-recorded, they’d need to get it from your sever or that of someone you’ve e-mailed.

In either case, it’s still a privacy benefit for you to run your own server. It forces Feds to do more legwork to get information on you. More legwork and potentially less reward depending on your archival practices.

That’s the pr

Thad (user link) says:

Re: Re: Re: absolute privacy

Running your own server means you’d need to have a warrant handed to you for a change rather than having a warrant served to Google and you never knowing that your information was sifted through by countless numbers of Feds. If the info they want on you hasn’t already been pre-recorded, they’d need to get it from your sever or that of someone you’ve e-mailed.

Yes, exactly.

Don’t you see the number of caveats you just used?

If they’re not currently monitoring your e-mail, if your ISP hasn’t already agreed to intercept your e-mail, and if they don’t just go and spy on the recipients of your e-mails instead of you, then at least you’ll know they’re reading your e-mail when they knock on your front door to seize your server (and probably every electronic device in your house).

And this is better than just using PGP in what way, exactly?

Thad (user link) says:

Re: Re: Re:3 absolute privacy

You yourself said not everyone uses PGP.

Yes, and not everyone uses their own e-mail server.

Setting up PGP is both easier than setting up your own e-mail server and a more effective way of securing your data. Not that the two things are mutex, but if I’m going to start with one of them, it’s pretty obvious which one it should be.

JBDragon (profile) says:

This is why a limit myself of Google stuff. I have a gmail account and that’s enough spying I need from them. Let alone all the rest including spying on me everywhere I go.

So I have my iPhone. Apple has no need to spy. They don’t own a search engine. They don’t make their money selling ad’s! I use DuckDuckGo most of the time. I use Ad blockers like Ghostery Which blocks ad’s and tracking, etc. Sometimes I turn on my VPN access.

I limit the best I can. I sure don’t want 1 company to know my whole life. No NEST for me. I don’t want Google knowing when I’m home walking past the freeken thing. I limit to very little of anything on my on Facebook. Just enough so that old friends can reach me. I don’t post my life or anything at all on Twitter.

There are things you can do, and not just accept it. Right now with this for Google, it’s opt Out and not clear and hidden. At some point you will have NO CHOICE!!! You privacy rights are slowly going away. It’s like boiling crap in hot water. Stick them in cold water, turn on/up the heat, and it gets warmer and warmer and before they know it, it’s to late and they’re DEAD. Your privacy gets less and less every year and before you know it you have NONE!!! They do it FAST and people are up in arms big time. Do it slowly and you can get away with it.

The same has been happening to this country as we lose more and more of our rights and Government grows larger and larger. They won’t be happy until you’re paying 80-90% of your money in taxes. It keep creeping up. People would be up in arms if they had to write one big tax bill every month, instead of it taken out of your paycheck, and out of everything you buy, and all the services, and Property taxes and on and on and on.

You could tax the so called Rich, the top 10%, 100% of their money and it would be a drop in the bucket to paying off the 20 trillion dollar debt.

This is how it works. Do things Slowly and it becomes NORMAL over time!! If you don’t like it, now you’re called the CRAZY person!!!

Anonymous Coward says:

Is this really that surprising?

Google is, first and foremost, an advertising company. The search engine, YouTube, emails, Docs, Drive, all those other nice things Google gives you for free? It’s so they can show you more ads.
And if there’s a way to show you even more ads or collect more data about you (for ads), why wouldn’t Google take it?

Thad (user link) says:

Re: Re:

One: Anyone who uses the word "sheeple" unironically should not be taken seriously.

Two: No, everybody trades certain information in exchange for value. Every time you leave your house, you’re doing exactly that.

I take it you’re another person who’s responding to the article without following the link in the first sentence? Because it covers all that.

Anonymous Coward says:

All this past month, advertising companies in my country have been using the hours Techdirt staff spend sleeping to assault me with auto-playing video ads for British school-leavers, with adverts for joining the army, becoming an apprentice, and various ads for just-left-home necessities like cleaning products.
I get ads for movies I don’t watch, booze I don’t drink, games I don’t play and sports I can’t even conceive of wasting time out of my day thinking about.

I’m no fan of giving the corporatocracy a full hold of my personal information but they’re getting it anyway and at least it might help divert some fraction of the river of pure shit that flows my way every time I try to support a site by turning off my ad-blocker.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...