[Guest commentary by Kathy Gill]
It’s a key factor in any successful relationship, whether that relationship is between two people or a person and an organization.
Google today is as dangerous as Microsoft, and I wouldn’t bet on their trustworthyness [sic]… The technology industry is built on a foundation of arrogance and disdain for users. Google is too. You may not have seen it yet, but I have.
In 2007, Google told worried consumers that “the unique ID used by the Google Maps system can’t be connected to any ID for GMail.”
Almost two years ago, Google issued a mea culpa, admitting that it “wrongly collected information people have sent over unencrypted wi-fi networks.” And it had done so for three years.
Google entered into an FTC consent agreement only 11 months ago, “the first time an FTC settlement order has required a company to implement a comprehensive privacy program to protect the privacy of consumers’ information.” The culprit: Google Buzz.
Less than a month ago, Google announced it was consolidating its 60+ privacy policies into one, effective March 1, 2012. Any previous “no, we can’t/don’t” statements? Null and void. The only “opt out” to across-site tracking is to stop using Google products and services.
“There is no way anyone expected this,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy group. “There is no way a user can comprehend the implication of Google collecting across platforms for information about your health, political opinions and financial concerns.”
Then last week, we learned that Google engineers systematically and deliberately bypassed Safari’s rejection of third-party tracking cookies, on computers and iPhones, all in the name of making it possible for Google’s PlusOne (+1) system to compete with Facebook. And oh-by-the-way, the work-around allowed Google’s advertising network DoubleClick (with its own checkered privacy past) to set third-party tracking cookies.
This deceit seems to directly contradict the spirit, if not the terms, of Google’s FTC consent decree:
The settlement requires the company to obtain users’ consent before sharing their information with third parties if Google changes its products or services in a way that results in information sharing that is contrary to any privacy promises made when the user’s information was collected.
Ah. But DoubleClick, while a separate domain, isn’t technically a third party, is it?
However, the deceit clearly contradicts the intent of Google’s customer, who has chosen (explictly or implicitly) to block cookies from third-party sites.
Look. When I set my browsers to reject third-party cookies, I don’t mean “all third party cookies except those in the Google ad network.” I mean all third party cookies.
When I set my browsers to reject third-party cookies, I don’t mean “except when doing so enables Facebook and Google+ integration.” I mean all third party cookies. Period.
No means no.
Just like it did in high school.
I think my worldview is one that is difficult for engineers to grok. Privacy != secrecy. Privacy is me deciding what I share, when I share it and with whom I share it. As Danah Boyd explained at a W3C conference in 2010, privacy is contextual. Privacy is social, it’s a relationship, it’s not just information. And we “feel as though [our] privacy has been violated when [our] expectations are shattered.”
Although I don’t believe (don’t want to believe) that Google engineers deliberately set up a loophole for DoubleClick, I do believe that there are systemic cultural conditions that allowed this to happen.
Until those cultural conditions change, I no longer trust Google to act in a manner that honors its “don’t be evil” policy.
Google has morphed into Microsoft. Dave Winer was right.