
Google faces UK legal action for bypassing iPhone privacy settings to target ads - davweb
http://www.bbc.co.uk/news/technology-42166089
======
ConfucianNardin
It seems there were/are a couple of workarounds for setting third party
cookies in Safari.

One was to send a POST request in a hidden iframe using javascript. This was
supposedly what Google used to bypass Safari's blocking of third party
cookies[1].

Another is (was?) to redirect to the third party domain, and then back
again[2]. This would supposedly work since the restriction on third party
cookies doesn't apply to already visited domains.

1: [https://stackoverflow.com/questions/9930671/safari-3rd-
party...](https://stackoverflow.com/questions/9930671/safari-3rd-party-cookie-
iframe-trick-no-longer-working)

2: [http://www.mendoweb.be/blog/internet-explorer-safari-
third-p...](http://www.mendoweb.be/blog/internet-explorer-safari-third-party-
cookie-problem/)

~~~
zencash
I work in adtech.

Google have recently rolled out a 'global tag' to replace the 'floodlight'
tracking code they usually use, this was last week.

[1]
[https://support.google.com/dcm/partner/answer/7570440?hl=en](https://support.google.com/dcm/partner/answer/7570440?hl=en)

~~~
dreamcompiler
Thanks for that! Always good to know how to block new trackers.

------
a_imho
_Google told the BBC: "This is not new - we have defended similar cases
before. We don't believe it has any merit and we will contest it."_

 _Google agreed to pay a record $22.5m (£16.8m) in a case brought by the US
Federal Trade Commission (FTC) on the same issue in 2012._

It will be interesting how this one ends, here's hoping for a pro consumer
verdict.

~~~
OwlsParliament
$20m is a drop in the ocean to Google. This really should be more impactful.

~~~
fhood
Yeah, but I suspect that the recent bad publicity is the truly damaging part.

~~~
JadeNB
> Yeah, but I suspect that the recent bad publicity is the truly damaging
> part.

Bragging about how they've done it before suggests that they don't think the
publicity is likely to hurt them, either.

------
adventured
It's going to become increasingly expensive and politically complex to operate
an Internet company at Internet scale. That process of country to country
division (legally/politically), will continue to accelerate.

Although they're getting the first punches to the face because they're easy
and obvious targets, companies like Google or Facebook, will trivially
withstand it over time. They can afford whatever compliance cost and
complexity is involved. It's everyone else that is going to suffer, including
all start-ups attempting to offer an Internet-wide service (something that not
so long ago could be mostly taken for granted). The effect will be to lock-in
the position of the existing giants and protect them from new companies that
might challenge their global dominance.

If I want to offer an Internet-wide service in the near future, I'll need to
comply with dozens of different Internet-related legal/political frameworks to
spread into dozens of nations. It'll be realistically impossible to accomplish
for smaller entities, so start-ups will be stuck even more than they already
are in struggling to reach beyond their local audiences. This will
particularly harm start-ups in smaller countries in Latin America, Africa and
Europe. Start-ups in the US and China will gain a further advantage (an
advantage which they've already utilized to produce most of the Internet
giants to this point), because they get to start out with massive home markets
with heavily unified rules and then push to the rest of the world from their
large base.

This process destroys the Internet as it has been known the last two decades
and it appears nothing is likely to stop it from getting dramatically worse in
the next 10-15 years.

~~~
alkonaut
> It'll be realistically impossible to accomplish for smaller entities, so
> start-ups will be stuck even more than they already are in struggling to
> reach beyond their local audiences.

Wasn't this always the case for businesses? If you are a physical company
selling physical things then logistics, legal etc was always a huge barrier to
expansion beyond your local market.

I think the misconception is that the "normal" state is that the internet is a
single normalized market where anyone can grow from zero to global in a way
that a physcal company can't. I don't think that's realistic. What happened
was simply that regulators couldn't keep up, as is always the case in the
beginning of something.

> This process destroys the Internet as it has been known the last two decades
> and it appears nothing is likely to stop it from getting dramatically worse
> in the next 10-15 years.

But wasn't the internet in the past decades just a wild west where things like
privacy etc always took a back seat? Is this development really such a bad
thing (for consumers, I mean)?

~~~
dalbasal
Normal is however things are/were. Atm, the norms are whatever environment
Google, FB, etc. grew up under, over the last decade.

Before that, it was even more anarchic. Before that, the internet didn't
exist. Global-scale many-to-many media and communications didn't exist.

I don't understand the desire to argue for an internet descibed by analogy to
phone or radio or somesuch. The comparison isn't that strong, and the outcome
is not desirable. The internet exposed the flaws in those, if anything has
informed anything. Is this devils' advocacy?

I _do_ understand incumbents. They're safer and more protected the more rules
get made. I understand politicians who are trying to deal with some other
problem (financing terrorism, child porn), and don't understand or care about
side effects. I understand the naive public, who just want their leaders to
just solve these problems they keep taalking about. I understand judges ruling
on specific cases, without regard (not their job) for the delay facto policy
implications. The HN-er who wants an internet rulebook, I don't get it.

~~~
alkonaut
> Before that, it was even more anarchic. Before that, the internet didn't
> exist.

Bulk data collection and massive privacy invasions weren't a problem, that's
what I'm saying.

> I don't understand the desire to argue for an internet descibed by analogy
> to phone or radio or somesuch

Not sure that's what I did, but I'm definitely saying that states should be
able to regulate/taxate all business, and internet business can't be excluded.

> The HN-er who wants an internet rulebook, I don't get it.

Not sure what your argument is, nor what you thought my argument was. The
article is about a company (in this case Google) facing legal action for doing
something that was (possibly) against a law somewhere. I think it sounds
completely reasonable that this is possible.

~~~
freeflight
> Bulk data collection and massive privacy invasions weren't a problem, that's
> what I'm saying.

That's quite debatable, from Stasi methods to NSA trying to collect bulk phone
calls, there've been plenty of examples for bulk data collections and massive
privacy invasions predating social media and the Internet.

20 years ago nobody cared much what information you shared about yourself on
the www, as it wasn't monetized, barely anything was as many users back then
had been hoping for something like a "post-privacy society" to emerge. The
problems started when companies wanted to commercialize the www, que ad-
revenue economy and massive aggregation of personal information on-top of
that.

Creating a situation where monolithic companies and governments suddenly have
a very similar goal: Categorizing and collecting "people" in every imaginable
way.

Facebook is pretty much building a database of all the people of the world,
governments have struggled to build something like that, on a national scale,
for far longer and regularly failed.

At this point, I wouldn't be surprised about shady backroom deals along the
lines of "We let you get away with breaking this immensely complex legal
framework if you give us access to your database of phone
numbers/selfies/whatever" actually being a thing.

------
lumisota
"UK" is a bit misleading -- the representative action applies to residents of
England and Wales only.

------
chiefalchemist
On the surface this new incident says Google doesn't care about privacy. Most
agree with this assessment.

But taken a step further it seems fair to ask:

\- Has Google lost its edge? Why has nefarious replaced innovation?

\- What else are they doing that we don't yet know about?

\- Is it time for Google to update its biz model so it isn't so dependent on
being so driven (to desperation)?

\- Finally, is it time for the market to reconsider Google's role in defining
our collective future?

On a personal note, if I can be fairly certain Apple isn't going to "pimp my
data" I would give an iphone a serious consideration.

~~~
pdimitar
The only non-Apple tech I now use is my PC that I use for work and gaming. I
also use DuckDuckGo 99% of the time for web search.

NOT giving Google my data is a good starting point IMO.

------
LeeHwang
Good. It's time for the us government to also start regulating Google at home
for this kind of nonsense.

------
rubyfan
Is this why I can’t sign out of Google on my phone? I never sign into Google
and never sign into their apps. After I began using a Google Home I began
noticing Google maps is automatically signing me in.

------
comstock
Article just says they used cookies for tracking. Does anyone have a better
article, indicating why this work a workaround, and they it affected iPhones
in particular?

~~~
strawcomb
From the article:

> The complaint is that for several months in 2011 and 2012 Google placed ad-
> tracking cookies on the devices of Safari users which is set by default to
> block such cookies.

Seems they used cookies for tracking despite Safari supposedly disabling those
kind of cookies.

~~~
abdullahi1
How were they able to set tracking cookies, if the browser had them disabled?

~~~
lozenge
With a technical workaround. The thing is, when does improving browser
compatibility count as hacking? Most major websites "hacked" IE with a fake
P3P header. This is not that different.

[https://stackoverflow.com/questions/8048306/what-is-the-
most...](https://stackoverflow.com/questions/8048306/what-is-the-most-
broad-p3p-header-that-will-work-with-ie)

[http://alexanderhiggins.com/google-fined-22-5m-for-
hacking-s...](http://alexanderhiggins.com/google-fined-22-5m-for-hacking-
safari-to-track-you/)

~~~
soneil
I see it this way; in the US, if a content publisher chooses to apply DRM,
this provides them additional legal protections - whether the DRM is broken or
not. Even if stripping DRM is "click Next" simple, it's still illegal.

Here, we're applying similar benefit to the consumer. The consumer has
expressed they do not wish to be tracked. The application of a loophole does
not make it okay.

Is it a little over-reaching? Possibly. But it's about time things were over-
reaching in the consumer's benefit, rather than the corporations'.

------
danschumann
The fact that it was for ads and not for a more legit app, makes me bias
against them. Normally, it wouldn't matter at all. There's an app, it doesn't
work in safari for some reason, and you figure out a workaround.

------
coldcode
In 2011-2012

------
SomeStupidPoint
So Google deployed malware against... tens of millions of people?... in order
to steal confidential data for profit, by bypassing security mechanisms on
those devices as they interacted with Google servers, exceeding authorized
access, and using installed code to track the activities of people against
their efforts to raise technical barriers?

That sounds like an international criminal act on a scale most malware authors
would wet themselves over.

It's also not surprising that the public is getting fed up with the wanton
criminality that seems to be embodied by modern capitalism.

~~~
pmlnr
I don't know why this is getting downvoted. They did, in fact, acted against
someone's setting not to do this, and I completely agree, this is a criminal
act, not just a technical glitch.

~~~
JorgeGT
IMHO storing cookies in a machine _explicitly_ configured to block them seems
to fit the "exceeds authorized access" language of the Computer Fraud and
Abuse Act.

------
Cthulhu_
Yeah uh, it's pretty obvious this guy doesn't really care about the privacy
thing, but cares about getting a lot of money from Google. How many people
does he even represent that want to be compensated?

~~~
alexasmyths
If he's a lawyer he's acting on behest of his clients.

It's definitely a problem in consumer culture that big companies can rip
people off and break the law without facing consequences - so long as they are
only jacking people a little bit at a time.

If Google was caught breaking the law, it would be appropriate if one of their
officers went to jail over it.

~~~
dmoo
'so long as they are only jacking people a little bit at a time.'

or

so long as they are only jacking the little people.

