Google’s Ad Tracking Is Just As Creepy As Facebook's

Google in June deleted a clause in its privacy settings that said it would not combine cookie information with personal information without consent.

Since Google changed the way it tracks its users across the internet in June 2016, users’ personally identifiable information from Gmail, YouTube and other accounts has been merged with their browsing records from across the web.

An analysis of the changes conducted by Propublica details how the company had previously pledged to keep these two data sets separate to protect individuals’ privacy, but updated its privacy settings in June to delete a clause that said “we will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent”.

ProPublica highlights that when Google first made the changes in June, they received little scrutiny. Media reports focused on the tools the company introduced to allow users to view and manage ad tracking rather than the new powers Google gained.

DoubleClick is an advertising serving and tracking company that Google bought in 2007. DoubleClick uses web cookies to track browsing behaviour online by their IP address to deliver targeted ads. It can make a good guess about your location and habits, but it doesn’t know your true identity.

Google, on the other hand, has users’ (mostly) real names, email accounts and search data. At the time of the acquisition, a number of consumer groups made a complaint to the Federal Trade Commission arguing that bringing these data sets together would represent a huge invasion of privacy, giving the company access to more information about the internet activities of consumers than any other company in the world.

Sergey Brin reassured privacy campaigners, saying: “Overall, we care very much about end-user privacy, and that will take a number one priority when we talk about advertising products.”

In 2012, Google made a controversial update to its privacy policy to allow it to share data about users between different Google services, but it kept DoubleClick separate.

In practice, this means that Google can now, if it wanted to, build up even richer profiles of named individuals’ online activity. It also means that the DoubleClick ads that follow people on the web could be personalized based on the keywords that individuals use in Gmail.

Google isn’t the first company to track individuals in this way. Facebook has been tracking logged-in users (and even non-users) by name across the internet whenever they visit websites with Facebook “like” or “share” buttons.

Google says that the change is optional and is aimed at giving people better control over their data. “Google is actually quite late to this game. By now, most of the websites you visit are already sharing your activity with a wide network of third parties who share, collaborate, link and de-link personal information in order to target ads,” said Jules Polonetsky from Future of Privacy Forum.

“Some users may appreciate relevant advertising, many others may not. What’s critical is that there are easy ways for those who want to avoid the more robust types of data targeting to be able to take easy steps to do so.”

Technology companies argue that such tracking allows them to deliver much more targeted, relevant advertising across the internet. Paul Ohm from the Center of Privacy and Technology at Georgetown law school told Propublica that the fact that Google kept personally identifiable information and DoubleClick data separate was “a really significant last stand”.

“It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy. That wall has just fallen.”

A Google spokeswoman said that its advertising system had been designed before the smartphone revolution, and that the update in June made it easier for users to control their ad preferences across multiple devices.

The company says that more than one billion Google users have accessed the ‘My Account’ settings that let them control how their data is used.

“Before we launched this update, we tested it around the world with the goal of understanding how to provide users with clear choice and transparency,” Google said. “As a result, it is 100% optional - if users do not opt-in to these changes, their Google experience will remain unchanged. Equally important: we provided prominent user notifications about this change in easy-to-understand language as well as simple tools that let users control or delete their data.”

Users that don’t want to be tracked in this way can visit the activity controls section of their account page on Google, unticking the box marked “Include Chrome browsing history and activity from websites and apps that use Google services”.

Guardian:

« Trickle Down Cybercrime
China’s Plan To Organise Society Using Big Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BSI Group

BSI Group

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

WatchGuard

WatchGuard

WatchGuard is a leader in network security, secure Wi-Fi, and network intelligence products and services for SMBs and Enterprises worldwide.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

Cyber Academy

Cyber Academy

Cyber Academy is one of the first institutions in the SE Europe region that provides a hands-on program in cyber security, blockchain and AI.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

Base Cyber Security

Base Cyber Security

Base Cyber Security is an information and cyber security talent service provider and career specialist.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

HEQA Security

HEQA Security

HEQA Security (formerly QuantLR) offer the world’s most cost-effective, easy-to-integrate, and secure Quantum Key Distribution (QKD) solution

SilverEdge Government Solutions

SilverEdge Government Solutions

SilverEdge is a next generation provider of innovative and proprietary cybersecurity, software, and intelligence solutions for the Defense and Intelligence Communities.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.

AirMDR

AirMDR

Designed by experts, AirMDR solutions cater to the unique demands of security operations centers.