Trending: Expedia cuts 3,000 jobs, including 500 at new Seattle HQ — read the internal email to employees

[Guest commentary by Kathy Gill]


It’s a key factor in any successful relationship, whether that relationship is between two people or a person and an organization.

Although Google hasn’t been battered with privacy-related consumer trust headlines as frequently as Facebook, it has flirted with trust issues since at least 2004. That’s when Dave Winer warned:

Google today is as dangerous as Microsoft, and I wouldn’t bet on their trustworthyness [sic]… The technology industry is built on a foundation of arrogance and disdain for users. Google is too. You may not have seen it yet, but I have.

In 2007, Google told worried consumers that “the unique ID used by the Google Maps system can’t be connected to any ID for GMail.”

Almost two years ago, Google issued a mea culpa, admitting that it “wrongly collected information people have sent over unencrypted wi-fi networks.” And it had done so for three years.

In 2009, Google rejected South Korea’s real names policy when it came to YouTube accounts because of privacy concerns. Then in 2011, it demanded “real names” for its Google+ network.

Google entered into an FTC consent agreement only 11 months ago, “the first time an FTC settlement order has required a company to implement a comprehensive privacy program to protect the privacy of consumers’ information.” The culprit: Google Buzz.

Less than a month ago, Google announced it was consolidating its 60+ privacy policies into one, effective March 1, 2012. Any previous “no, we can’t/don’t” statements? Null and void. The only “opt out” to across-site tracking is to stop using Google products and services.

“There is no way anyone expected this,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy group. “There is no way a user can comprehend the implication of Google collecting across platforms for information about your health, political opinions and financial concerns.”

Then last week, we learned that Google engineers systematically and deliberately bypassed Safari’s rejection of third-party tracking cookies, on computers and iPhones, all in the name of making it possible for Google’s PlusOne (+1) system to compete with Facebook. And oh-by-the-way, the work-around allowed Google’s advertising network DoubleClick (with its own checkered privacy past) to set third-party tracking cookies.

This deceit seems to directly contradict the spirit, if not the terms, of  Google’s FTC consent decree:

The settlement requires the company to obtain users’ consent before sharing their information with third parties if Google changes its products or services in a way that results in information sharing that is contrary to any privacy promises made when the user’s information was collected.

Ah. But DoubleClick, while a separate domain, isn’t technically a third party, is it?

However, the deceit clearly contradicts the intent of Google’s customer, who has chosen (explictly or implicitly) to block cookies from third-party sites.

Look. When I set my browsers to reject third-party cookies, I don’t mean “all third party cookies except those in the Google ad network.” I mean all third party cookies.

When I set my browsers to reject third-party cookies, I don’t mean “except when doing so enables Facebook and Google+ integration.” I mean all third party cookies. Period.

When I set my browsers to reject third-party cookies, I don’t mean “but it’s OK to use javascript in place of a cookie.” I mean do not track me. Period.

No means no.

Just like it did in high school.

And just like in high school, the boys at Google (yes, I’m being sexist) seem to have a hard time hearing the word.

I think my worldview is one that is difficult for engineers to grok. Privacy != secrecy. Privacy is me deciding what I share, when I share it and with whom I share it. As Danah Boyd explained at a W3C conference in 2010, privacy is contextual. Privacy is social, it’s a relationship, it’s not just information. And we “feel as though [our] privacy has been violated when [our] expectations are shattered.”

Although I don’t believe (don’t want to believe) that Google engineers deliberately set up a loophole for DoubleClick, I do believe that there are systemic cultural conditions that allowed this to happen.

Until those cultural conditions change, I no longer trust Google to act in a manner that honors its “don’t be evil” policy.

Google has morphed into Microsoft. Dave Winer was right.

A longer version of this post appears on WiredPen.

Like what you're reading? Subscribe to GeekWire's free newsletters to catch every headline


Job Listings on GeekWork

Executive AssistantRad Power Bikes
Find more jobs on GeekWork. Employers, post a job here.