Hacker News new | past | comments | ask | show | jobs | submit login
Privacy activist Max Schrems claims Google Advertising ID on Android is unlawful (theregister.com)
110 points by samizdis 6 days ago | hide | past | favorite | 19 comments





Baidu places a unique identifier for tracking on Androids SDcard which can be read by other apps that have storage permissions.

Exactly when is this ID used? Is it transmitted with every request chrome makes? What is I remove Google apps and use Firefox?

Personally I think you should choose your battles. We have bigger issues with Google than this. Like the unlawful location gathering that is getting more scary every year.


>Exactly when is this ID used? Is it transmitted with every request chrome makes?

No, it's part of google play services, so any app installed on the phone can access it.

https://support.google.com/googleplay/android-developer/answ...


The opt-out bit is interesting:

>How to opt out of personalized ads

Open your device's Settings app Settings app > Google, or open the the Google Settings app (differs depending on your device). Under “Services,” select Ads. Turn on “Opt out of Ads Personalization” by moving the switch to the right until it turns blue. Note: If you clear your cache, you'll lose your opt-out setting.

Especially that note at the bottom. What cache? Why is this setting only in a cache?


It is likely referring to the app specific cache for the "Google Settings" app that every app on Android has.

https://www.cashify.in/how-to-clear-app-data-and-cache-on-an...

I'm not sure why it would be in cache and not data though.

Edit: More context on Data vs Cache: https://android.stackexchange.com/questions/108926/what-is-t...

It seems arbitrary and they could have included it in data if they wanted to. That said, I don't think the cache will ever be cleared automatically so probably not a huge deal.

Perhaps not getting tracked could be seen as a bug that clearing your cache would fix? /s


> Especially that note at the bottom. What cache? Why is this setting only in a cache?

It means it's not synced to the server or your account for whatever reason. If you nuke the Play Services storage as a user, the setting (like all other local files and settings for that app) will get deleted and reset.


They want to make it as easy as possible to wipe out saved privacy settings. This also gives them justification when wiping out privacy settings during operating system updates, which are often out of the user's control.

A very important detail is that this only opts out of ad personalisation. It doesn't actually stop exposing this unique identifier as iOS does. Next to the id, there's also a flag that basically says "am I allowed to use it?".

Tangentially: I've noticed that when you turn off application notifications via android settings, that setting is also saved in cache. That seems odd to me, because it is set from outside the application.

So that you will reenable the ads more often.

Is there any reason not to fight the privacy war on every front possible? The only way I would think one could fight a company with the resources of an entire nation state would be with as many nation states legal systems as possible.

> Is there any reason not to fight the privacy war on every front possible?

I guess the hard part of a privacy war is determining the line between desired features / convenience and protection of privacy. This line is (despite seeming so on HN) very blurry in reality. Typical example, Google Maps is commonly praised as the best navigation system because it can dynamically route around traffic based on their location data collection. Many people fighting the privacy war would demand that feature to be destroyed since it collects private data. Many people would consider that feature essential to their lives. Many people would perhaps want a better balance between those two extremes.


Boycott’s have occasionally been successful.

https://www.theguardian.com/vital-signs/2015/jan/06/boycotts...


Any App can access it.

By AGB's the Apps are required to not abuse it.

But there is a long track record of Apps which where clearly found to abuse it, and given that finding so requires advanced skills most which do where probably not found. A well known example was if I remember correctly TickTock.

Furthermore abusing the id (literally braking the developers app store AGBs/contract) has rarely any consequences. Apps are often not even temporary removed from the app store.


It's accessible by apps via API and they can use it to track users (as long as they pinky swear that they'll listen to the Opt-out switch as well).

Apples analogue is IDFA for which noyb also already filed a complaint - https://noyb.eu/en/noyb-files-complaints-against-apples-trac...


One aspect of "picking your battles" is choosing battles that are win-able. The case against Advertising ID is much easier to make than location tracking. Advertising ID can fall under the scope of ePD (ePrivacy Directive), not just GDPR, and the ePD is more strict and does not have the same allowance for balancing competing interests.

Schrems is definitely strategic about the battles that he fights. He's been waging this war for close to a decade now. He puts a value on precedent, and will take on more clear-cut-but-lower-stakes cases to help build case law towards the higher-stakes cases later.


Is there a legal difference between unlawful and illegal?

Illegal in particular doesn't really have a proper legal meaning in many juristictions.

Generally, in lay terms, unlawful means to act in contrary to the law, so it covers anything where a) the police come after you and charge you with a crime b) a governmental body charges you with an offense or imposes a penalty for a breach of the law or c) you are in a situation where a third party can sue you and win for damages etc due to you acting in contrary to your legal obligations.

Generally speaking "illegal" is only used to describe a and b, or just a.

But to be honest so many people get them wrong that there's a legitimate argument that the layperson difference is meaningless nowadays.


The US doesn't really have the distinction legally, it's from English Common law.

Something is illegal if it breaks criminal law (aka you can be punished for it). Unlawful just means something is not lawful.

If you take something reasonably believing it is yours (pickup the wrong coat), you've acted unlawfully: you can be made to give the coat back or pay recompense. If you take a coat knowing it isn't yours, that's illegal.

Everything illegal is unlawful, but not everything unlawful is illegal.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: