ProPublica

Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking

When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company’s “number one priority when we contemplate new kinds of advertising products.” And, for nearly a decade, Google did in fact keep DoubleClick’s massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts. But this summer, Google quietly erased that last privacy line in the sand – literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default.

In its place, Google substituted new language that says browsing habits “may be” combined with what the company learns from the use Gmail and other tools. The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer. The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on the keywords they used in their Gmail. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.

What Facebook Knows About You

We live in an era of increasing automation. Machines help us not only with manual labor but also with intellectual tasks, such as curating the news we read and calculating the best driving directions. But as machines make more decisions for us, it is increasingly important to understand the algorithms that produce their judgments. We’ve spent the year investigating algorithms, from how they’ve been used to predict future criminals to Amazon’s use of them to advantage itself over competitors. All too often, these algorithms are a black box: It’s impossible for outsiders to know what’s going inside them. Sept 28 we’re launching a series of experiments to help give you the power to see inside. Our first stop: Facebook and your personal data.

Facebook has a particularly comprehensive set of dossiers on its more than 2 billion members. Every time a Facebook member likes a post, tags a photo, updates their favorite movies in their profile, posts a comment about a politician, or changes their relationship status, Facebook logs it. When they browse the Web, Facebook collects information about pages they visit that contain Facebook sharing buttons. When they use Instagram or WhatsApp on their phone, which are both owned by Facebook, they contribute more data to Facebook’s dossier. And in case that wasn’t enough, Facebook also buys data about its users’ mortgages, car ownership and shopping habits from some of the biggest commercial data brokers. Facebook uses all this data to offer marketers a chance to target ads to increasingly specific groups of people. Indeed, we found Facebook offers advertisers more than 1,300 categories for ad targeting — everything from people whose property size is less than .26 acres to households with exactly seven credit cards.

Today’s Quote 09.27.2016

Trump is more hostile to the legal and constitutional rights of the press than any major presidential candidate of the last two centuries.

Donald Trump and the Return of Seditious Libel

[Commentary] In 2016, for the first time since at least Richard Nixon, the leader of one of our major political parties has pledged to limit press freedom by restricting criticism of his prospective rule. But Nixon’s threats were private, revealed only by his own taping system, while Donald Trump’s are very public, loud and clear. And to be fair to Nixon, he never made good on his private threats, and in the one Supreme Court case he argued personally as a lawyer, he seemed to accept modern constitutional protections for libel.

In fact, Trump is more hostile to the legal and constitutional rights of the press than any major presidential candidate of the last two centuries. What he proposes is reminiscent of the Alien and Sedition Acts of 1798 championed (to his immortal disgrace) by President John Adams. It is cold comfort—although it may be some warning to Republicans inclined to go along—that Adams was not only defeated for re-election after passage of those laws, but lost the White House to Thomas Jefferson and his close associates James Madison and James Monroe for a quarter of a century, while Adams’ Federalist Party never really recovered.

Leaked Docs Show Spyware Used to Snoop on US Computers

Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the US, the UK, Germany, Russia, Iran and Bahrain.

The leaked files -- which were posted online by hackers -- are the latest in a series of revelations about how state actors, including repressive regimes, have used Gamma's software to spy on dissidents, journalists and activist groups.

The leaked files contain more than 40 gigabytes of confidential technical material including software code, internal memos, strategy reports and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones.

Meet the Online Tracking Device That is Virtually Impossible to Block

A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites. This type of tracking, called canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image.

Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.

It’s Complicated: Facebook’s History of Tracking You

[Commentary] For years people have noticed a funny thing about Facebook's ubiquitous Like button. It has been sending data to Facebook tracking the sites you visit.

Each time details of the tracking were revealed, Facebook promised that it wasn't using the data for any commercial purposes. No longer. Facebook announced it will start using its Like button and similar tools to track people across the Internet for advertising purposes.

Facebook said on Sept 27, 2011, not to worry, telling the New York Times that it doesn't use data from Like buttons and other widgets to track users or target advertising to them, and that it deletes or anonymizes the data within 90 days.

OK, worry… On June 12, 2014, Facebook told Ad Age that it will start tracking users across the Internet using its widgets such as the Like button. It's a bold move. Twitter and Pinterest, which track people with their Tweet and PinIt buttons, offer users the ability to opt out. And Google has pledged it will not combine data from its ad-tracking network DoubleClick with personally identifiable data without user's opt-in consent.

Facebook does not offer an opt-out in its privacy settings. Instead Facebook asks members to visit an ad industry page, where they can opt out from targeted advertising from Facebook and other companies. The company also says it will let people view and adjust the types of ads they see.

Why Online Tracking Is Getting Creepier

Online marketers are increasingly seeking to track users offline, as well, by collecting data about people's offline habits -- such as recent purchases, where you live, how many kids you have, and what kind of car you drive.

Here's how it works, according to some revealing marketing literature we came across from digital marketing firm LiveRamp:

  • A retailer -- let's call it The Pricey Store -- collects the e-mail addresses of its high-spending customers.
  • The Pricey Store brings the list to LiveRamp, which locates the customers online when the customers use their email address to log into a website that has a relationship with LiveRamp. (The identity of these websites is a closely guarded secret.) The website that has a relationship with LiveRamp then allows LiveRamp to "tag" the customers' computer with a tracker.
  • When those high-spending customers arrive at PriceyStore.com, they see a version of the site customized to "show more expensive offerings to them." (Yes, the marketing documents really say that.)
  • Tracking people using their real names -- often called "onboarding" -- is a hot trend in Silicon Valley. "The marriage of online and offline is the ad targeting of the last 10 years on steroids," said Scott Howe, chief executive of broker firm Acxiom. The Direct Marketing Association, which represents the data broker industry, doesn't offer a specific opt-out for onboarding. It does offer a global opt-out from all of its members' direct mail databases, but it only requires members to remove people's data for three years after they opt-out.

House Committee Puts NSA on Notice Over Encryption Standards

An amendment adopted by a House committee would, if enacted, take a step toward removing the National Security Agency from the business of meddling with encryption standards that protect security on the Internet.

The amendment adopted by the House Committee on Science, Space, and Technology would remove an existing requirement in the law that National Institute of Standards and Technology (NIST) consult with the NSA on encryption standards.

The amendment’s sponsor, Rep Alan Grayson (D-FL), quoted our story on the NSA from 2013. “NIST, which falls solely under the jurisdiction of the Science, Space, and Technology Committee, has been given ‘the mission of developing standards, guidelines, and associated methods and techniques for information systems,’” Rep Grayson wrote. “To violate that charge in a manner that would deliberately lessen standards, and willfully diminish American citizens’ and businesses’ cyber-security, is appalling and warrants a stern response by this Committee.”

Rep Grayson’s amendment, which is part of a bill that funds NIST, was approved by a voice vote.

Labor Department Intervenes on Behalf of Hearst Interns

For the first time, the US Labor Department has gotten involved in a high-profile lawsuit brought by unpaid interns.

The federal agency filed an amicus brief in support of eight former interns suing Hearst Corporation for back wages.In the brief, the department urges the 2nd US Circuit Court of Appeals to adopt a narrower interpretation of the federal standard governing when for-profit employers may legally hire unpaid interns.

The Labor Department expresses particular concern that the sluggish economy has made "the promise of free labor...both tempting and available," allowing unpaid internships to proliferate.

"The department seeks to file amicus briefs when doing so can promote the department's interests (worker protection) and further its activities, such as enforcement of, in this case, wage and hour laws," a Labor Department spokesman wrote.

The former Hearst interns, led by Xuedan Wang, allege that they worked without pay for various Hearst magazines with little supervision or training. Wang said she worked between 40 and 55 hours a week for Harper's Bazaar, coordinating deliveries of accessories samples, doing clerical work such as expense reports and managing other unpaid interns.