Google’s Ad Tracking Is Just As Creepy As Facebook's

Google in June deleted a clause in its privacy settings that said it would not combine cookie information with personal information without consent.

Since Google changed the way it tracks its users across the internet in June 2016, users’ personally identifiable information from Gmail, YouTube and other accounts has been merged with their browsing records from across the web.

An analysis of the changes conducted by Propublica details how the company had previously pledged to keep these two data sets separate to protect individuals’ privacy, but updated its privacy settings in June to delete a clause that said “we will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent”.

ProPublica highlights that when Google first made the changes in June, they received little scrutiny. Media reports focused on the tools the company introduced to allow users to view and manage ad tracking rather than the new powers Google gained.

DoubleClick is an advertising serving and tracking company that Google bought in 2007. DoubleClick uses web cookies to track browsing behaviour online by their IP address to deliver targeted ads. It can make a good guess about your location and habits, but it doesn’t know your true identity.

Google, on the other hand, has users’ (mostly) real names, email accounts and search data. At the time of the acquisition, a number of consumer groups made a complaint to the Federal Trade Commission arguing that bringing these data sets together would represent a huge invasion of privacy, giving the company access to more information about the internet activities of consumers than any other company in the world.

Sergey Brin reassured privacy campaigners, saying: “Overall, we care very much about end-user privacy, and that will take a number one priority when we talk about advertising products.”

In 2012, Google made a controversial update to its privacy policy to allow it to share data about users between different Google services, but it kept DoubleClick separate.

In practice, this means that Google can now, if it wanted to, build up even richer profiles of named individuals’ online activity. It also means that the DoubleClick ads that follow people on the web could be personalized based on the keywords that individuals use in Gmail.

Google isn’t the first company to track individuals in this way. Facebook has been tracking logged-in users (and even non-users) by name across the internet whenever they visit websites with Facebook “like” or “share” buttons.

Google says that the change is optional and is aimed at giving people better control over their data. “Google is actually quite late to this game. By now, most of the websites you visit are already sharing your activity with a wide network of third parties who share, collaborate, link and de-link personal information in order to target ads,” said Jules Polonetsky from Future of Privacy Forum.

“Some users may appreciate relevant advertising, many others may not. What’s critical is that there are easy ways for those who want to avoid the more robust types of data targeting to be able to take easy steps to do so.”

Technology companies argue that such tracking allows them to deliver much more targeted, relevant advertising across the internet. Paul Ohm from the Center of Privacy and Technology at Georgetown law school told Propublica that the fact that Google kept personally identifiable information and DoubleClick data separate was “a really significant last stand”.

“It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy. That wall has just fallen.”

A Google spokeswoman said that its advertising system had been designed before the smartphone revolution, and that the update in June made it easier for users to control their ad preferences across multiple devices.

The company says that more than one billion Google users have accessed the ‘My Account’ settings that let them control how their data is used.

“Before we launched this update, we tested it around the world with the goal of understanding how to provide users with clear choice and transparency,” Google said. “As a result, it is 100% optional - if users do not opt-in to these changes, their Google experience will remain unchanged. Equally important: we provided prominent user notifications about this change in easy-to-understand language as well as simple tools that let users control or delete their data.”

Users that don’t want to be tracked in this way can visit the activity controls section of their account page on Google, unticking the box marked “Include Chrome browsing history and activity from websites and apps that use Google services”.

Guardian:

« Trickle Down Cybercrime
China’s Plan To Organise Society Using Big Data »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

Dark Cubed

Dark Cubed

Dark Cubed is an easy-to-use cyber security software as a service (SaaS) platform that deploys instantly and delivers enterprise-grade threat identification and protection at a fraction of the cost.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

Securepoint

Securepoint

Securepoint is the market leader in the development of professional “Unified Threat Management” solutions in Germany.

Secon Cyber Security

Secon Cyber Security

Secon Cyber Security is an Advanced Managed Security Services Provider with long standing experience of providing cyber security solutions to customers ranging from small to large enterprises.

Bitfury Group

Bitfury Group

Bitfury Group is the largest full-service blockchain technology company in the world.

Lexsynergy

Lexsynergy

Lexsynergy is a global domain name management and online brand protection company.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

FAIR Institute

FAIR Institute

The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.

Hudson Cybertec

Hudson Cybertec

Hudson Cybertec are an internationally recognized Subject Matter Expert for cyber security in the Industrial Automation & Control Systems (IACS) domain.

BalkanID

BalkanID

BalkanID is an Identity governance solution that leverages data science to provide visibility into your SaaS & public cloud entitlement sprawl.

Neosoft

Neosoft

Néosoft is an independent digital transformation consulting group with expertise in Consulting & Agility, Cybersecurity, Data, DevOps, Infrastructure & Cloud and Software Engineering.

Hummingbird International

Hummingbird International

Hummingbird International, LLC offers services for the collection, audit, computer recycling and safe disposal of laptops, monitor/LCD, hard drives, and IT disposal.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.

ClearSale (CLSA3)

ClearSale (CLSA3)

Clearsale’s innovative fraud solutions combine advanced technology with a passionate team of seasoned experts that understand every client’s unique needs.