Hiding from the All-Knowing Googleplex

Download the authoritative guide: Cloud Computing 2018: Using the Cloud to Transform Your Business

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Analysis: The Federal Trade Commission's decision to approve Google's acquisition of DoubleClick without conditions runs counter to the warnings of a host of privacy and consumer advocates, as well as members of Congress. With a single dissenter, the FTC found that there was no cause to hold up the merger.

At the outset of the merger, the Electronic Privacy Information Center (EPIC), the Center for Digital Democracy, and the U.S. Public Interest Research Group filed a complaint, claiming "Google's proposed acquisition of DoubleClick will give one company access to more information about the Internet activities of consumers than any other company in the world," and that "Google will operate with virtually no legal obligation to ensure the privacy, security and accuracy of the personal data that it collects."

But the FTC has rejected those concerns, stating that they are not unique to Google and Doubleclick. "At the outset, we note that some have urged the Commission to oppose Google’s proposed acquisition of DoubleClick based on the theory that the combination of their respective data sets of consumer information could be exploited in a way that threatens consumers’ privacy," the commissioners wrote in their decision. "Of course, the consumer privacy issues presented by “behavioral advertising” are not unique to Google and DoubleClick. To the contrary, these issues extend to the entire online advertising marketplace."

The persistent growth of targeted online advertising and other, less savory methods and reasons for capturing identifying information today place the burden of privacy squarely on the shoulders of consumers. Personal data is freely given up by consumers, often, just as the price of entry into many commercial Web sites. As Scott McNealy, Sun Microsystem's chairman, once said: "Privacy is dead, get over it."

There are measures that users can take to cover some of their tracks. Web proxy servers, secure browsing sites, ad filtering tools, and "cookie busters" can all help users reduce the exposure of their identity and Web behaviors to potential aggregators of such information. EPIC provides links to a collection of privacy tools on its Web site. But the question is whether such measures are worth the effort. Should users just stop worrying and learn to love the Google- DoubleClick world?

Privacy concerns come from all corners for Internet users today, from the proliferation of spyware that captures user behavior (or even personal data) and sends it back surreptitiously to a remote computer, to the seemingly more benign behaviors of ad targeting like Google's AdSense. But the power of a united Google and DoubleClick is the kind of information that they can bring together from a combination of services that can tie your personal identity to where you travel on the Web through cookies.

Cookies, used to pass session data back and forth between a Web browser and a server, containing stored information that can be used to track movements within a site or pass back other information. Odds are, if you've visited a display-advertisment driven Web site, you've got a DoubleClick cookie on your system. And users of Google's search, GMail, and other services will find Google's tracking cookies as well.

A lightning rod for privacy advocates.

There's no doubt that the type of tracking done by online advertisers in general poses privacy concerns. But the Google-DoubleClick merger creates a uniquely large single lightning rod for privacy activists to get up in arms over. While the FTC's decision is not the final hurdle left for the merger to overcome, it now seems certain that it will proceed with much less restriction than advocates and some legislators had hoped.

"What Google [and the FTC are] claiming," said Jeff Chester, director of the the Center for Digital Democracy, "is that there are no specific privacy concerns intrinsic to the Google and DoubleClick merger, which frankly is absurd on the face of it when you're merging the two number ones, for the search and online advertising industries, with a vast apparatus for data collection and targeting and profiling across the globe." Chester calls Google an "ever-growing behemoth," and fears Google will use DoubleClick's existing ad tracking capabilities to further triangulate Internet users in the name of better targeted advertising.

According to Google's own privacy FAQ, the search giant captures cookie information and the Internet Protocol (IP) address that identify the user with each search request.

While many cookies used by Web applications –- and many of Google's and DoubleClicks's cookies -— expire and are removed at the end of a web browsing session, some of the two companies' cookies are set to stay active much longer. One Google cookie, the infamous "immortal cookie" —- which carries the name "PREF" -- has an expiration date of January 17, 2038. In July, the company announced that it would start replacing the 2038 cookie with one that expired after two years.

While users can clear these cookies from their browser, or set their browser not to receive cookies at all," some Web site features or services may not function properly without cookies," Google's privacy FAQ says.

Double trouble?

Because the data collected by the cookies from Google and DoubleClick could theoretically be cross-referenced to obtain further profiling data on users. Part of what privacy advocates had hoped to secure from the FTC was assurances that DoubleClick would remove user- identifier cookies and "other persistent pseudonymic" identifiers from all corporate records and databases prior to a Google merger.

In June, Google announced that it would remove user identification information from search logs after 18 months. By comparison, Microsoft also retains data for 18 months, while Yahoo has shortened its retention to 13 months and Ask.com allows users to opt out of search retention.

DoubleClick's DART ad-serving cookie doesn't get associated with searches. Instead, it tracks what sites that serve up DoubleClick ads a user visits, and controls how frequently you see specific ads and in which order you see them. While DoubleClick allows Web users to opt out of the unique tracking cookie, it still records data based on IP addresses. The company doesn't explicitly state its data retention policies in its privacy policy.

So, short of legislation or a legal challenge to the FTC approval of the merger, there's likely only one way to avoid Google knowing even more about you: by turning off cookies on your browser and searching the Web through a proxy to hide your IP address. But what's not to like about giving information to a company whose slogan is "Don't be evil"?

This article was first published on InternetNews.com.

Submit a Comment

Loading Comments...