Google is continuing its campaign to increase transparency around its targeted advertising and privacy practices.
The latest volley: "How we make ads better," a video that highlights its staffers policing scam advertisers (which didn't help avert the recent Valentine's Day florist AdWords fiasco). The pitch: "Did you know that hundreds of Googlers work around the clock to make sure the ads you see on Google are safe? David Baker, Engineering Director at Google, explains more about our fight against scam ads and our process for keeping you safe."
Google's past around display ad scammers and consumer privacy is a thorny one, to be sure.
While Google updated its privacy settings in January with a big consumer push to broadcast those changes, Microsoft browser chief Dean Hachamovitch recently penned a blog post that accused Google of bypassing a feature in Internet Explorer enabling users to set cookie preferences, suggesting that Google is knowingly deceiving Microsoft’s browser. (Update: the Wall Street Journal reports that Google is facing new privacy probes in Europe and the the U.S., and details how its browser-tricking may work.)
Lorrie Cranor, a professor at Carnegie Mellon University, wrote in a blog post that “lots of companies do this” including Google and Facebook. “Back in 2010, Ms. Cranor’s research team found that thousands of sites, including a few of Microsoft’s own, had problems in their P3P policies that allowed them to set cookies in IE. Many of the problems were due to typos and other mistakes; others were found to be deliberate misrepresentations,” reports the Wall Street Journal.
"It is well known — including by Microsoft — that it is impractical to comply with Microsoft's request while providing modern web functionality," Rachel Whetstone, Google's head of policy, said in a written statement. "We have been open about our approach, as have many other websites."
The problem dates back to a now-outdated and ignored standard tied to a 2002 "P3P" a protocol. Many websites, including Facebook, Amazon, AOL, GoDaddy, Hulu, IMDB, and some of Microsoft's sites like msn.com, live.com, windows.com and microsoft.com utilize a P3P loophole to circumvent privacy settings – in fact as many as 33,000 according to a September 2010 paper published by Carnegie Mellon CyLab researchers.
Facebook, for its part, argued that "P3P was developed 5 years ago and is not effective in describing the practices of a modern social networking service and platform. We have reached out directly to Microsoft in hopes of developing additional solutions."
A recent study by Stanford’s Security Lab and the Center for Internet and Society Stanford University research confirmed that Google has indeed been circumventing (via Double Click ad network a privacy setting in Safari) the primary browser on the iPhone, iPad and Apple computers. The study also named Vibrant Media Inc., Media Innovation Group LLC and PointRoll Inc. for the same evasive action.
Consumer Watchdog sent a formal complaint to the FTC demanding action against Google, and the company has begun removal of advertising cookies from Safari browsers according to Whetstone. “It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information,” she said, adding that Google used the Safari browser function to enable its Google+ “+1” feature, temporary communication link between its servers and Safari’s signaling when a user signed up for +1.
“Consumers are outraged at news reports today that Google used a work-around hack to ‘trick’ the Apple Safari browser into allowing the dominant Internet and advertising company to track the Web browsing habits of millions of Apple users,” commented Steve Pociask, president of the American Consumer Institute, to Bloomberg.
A class action suit has been filed against Google by Matthew Soble in federal court in Delaware. “Google’s willful and knowing actions violated” federal wiretapping laws and other computer-related statutes says the complaint. “We are taking immediate steps to address concerns, and we are happy to answer any questions regulators and others may have,” Google’s Chris Gaither said in an e-mailed response to the Wall Street Journal.
Bottom line, as WSJ writes: Maintaining online privacy is virtually not viable. “Every time a tool attempts to block something – like tracking cookies – companies come up with workarounds. And sometimes these privacy tools end up creating problems for honest Web developers, further complicating the situation…But the privacy arms race seems likely to rage on.”