Google’s Ad Tracking Is Just As Creepy As Facebook's

Google in June deleted a clause in its privacy settings that said it would not combine cookie information with personal information without consent.

Since Google changed the way it tracks its users across the internet in June 2016, users’ personally identifiable information from Gmail, YouTube and other accounts has been merged with their browsing records from across the web.

An analysis of the changes conducted by Propublica details how the company had previously pledged to keep these two data sets separate to protect individuals’ privacy, but updated its privacy settings in June to delete a clause that said “we will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent”.

ProPublica highlights that when Google first made the changes in June, they received little scrutiny. Media reports focused on the tools the company introduced to allow users to view and manage ad tracking rather than the new powers Google gained.

DoubleClick is an advertising serving and tracking company that Google bought in 2007. DoubleClick uses web cookies to track browsing behaviour online by their IP address to deliver targeted ads. It can make a good guess about your location and habits, but it doesn’t know your true identity.

Google, on the other hand, has users’ (mostly) real names, email accounts and search data. At the time of the acquisition, a number of consumer groups made a complaint to the Federal Trade Commission arguing that bringing these data sets together would represent a huge invasion of privacy, giving the company access to more information about the internet activities of consumers than any other company in the world.

Sergey Brin reassured privacy campaigners, saying: “Overall, we care very much about end-user privacy, and that will take a number one priority when we talk about advertising products.”

In 2012, Google made a controversial update to its privacy policy to allow it to share data about users between different Google services, but it kept DoubleClick separate.

In practice, this means that Google can now, if it wanted to, build up even richer profiles of named individuals’ online activity. It also means that the DoubleClick ads that follow people on the web could be personalized based on the keywords that individuals use in Gmail.

Google isn’t the first company to track individuals in this way. Facebook has been tracking logged-in users (and even non-users) by name across the internet whenever they visit websites with Facebook “like” or “share” buttons.

Google says that the change is optional and is aimed at giving people better control over their data. “Google is actually quite late to this game. By now, most of the websites you visit are already sharing your activity with a wide network of third parties who share, collaborate, link and de-link personal information in order to target ads,” said Jules Polonetsky from Future of Privacy Forum.

“Some users may appreciate relevant advertising, many others may not. What’s critical is that there are easy ways for those who want to avoid the more robust types of data targeting to be able to take easy steps to do so.”

Technology companies argue that such tracking allows them to deliver much more targeted, relevant advertising across the internet. Paul Ohm from the Center of Privacy and Technology at Georgetown law school told Propublica that the fact that Google kept personally identifiable information and DoubleClick data separate was “a really significant last stand”.

“It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy. That wall has just fallen.”

A Google spokeswoman said that its advertising system had been designed before the smartphone revolution, and that the update in June made it easier for users to control their ad preferences across multiple devices.

The company says that more than one billion Google users have accessed the ‘My Account’ settings that let them control how their data is used.

“Before we launched this update, we tested it around the world with the goal of understanding how to provide users with clear choice and transparency,” Google said. “As a result, it is 100% optional - if users do not opt-in to these changes, their Google experience will remain unchanged. Equally important: we provided prominent user notifications about this change in easy-to-understand language as well as simple tools that let users control or delete their data.”

Users that don’t want to be tracked in this way can visit the activity controls section of their account page on Google, unticking the box marked “Include Chrome browsing history and activity from websites and apps that use Google services”.

Guardian:

« Trickle Down Cybercrime
China’s Plan To Organise Society Using Big Data »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

Nardello & Co

Nardello & Co

Nardello & Co. is a global investigations firm with experienced professionals handling a broad range of issues including Digital Investigations & Cybersecurity.

GajShield

GajShield

GajShield Infotech provides Data Security Firewall solutions to Corporate’s and Government agencies.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

CyBourn

CyBourn

Cybourn's diverse offerings include engineering, analysis, product development, assessment, and advisory services in the cybersecurity space.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.

CoGuard

CoGuard

CoGuard is a patented solution that uses AI driven automation to provide fast, cost effective white-box penetration testing, infrastructure audits and infrastructure design services.

Amnet Technology Solutions (Amnet Systems)

Amnet Technology Solutions (Amnet Systems)

Amnet Systems is a technology services organization that provides Managed IT, Cloud Computing, Cyber Security, Data Center and Audio Visual services since 1995.

Western Balkans Cyber Capacity Centre (WB3C)

Western Balkans Cyber Capacity Centre (WB3C)

WB3C is a programme founded by France, Slovenia and Montenegro with the mission of building a secure and connected Western Balkans region through enhancing its cyber capabilities and resilience.