This will be interesting to see how it plays out:
Google was sued on Tuesday in a proposed class action accusing the internet search company of illegally invading the privacy of millions of users by pervasively tracking their internet use through browsers set in “private” mode.
The lawsuit seeks at least $5 billion, accusing the Alphabet Inc unit of collecting information about what people view online and where they do their browsing, despite using what Google calls Incognito mode.
It’s really, really tough to be anything close to truly anonymous on the Internet these days. You can get close enough for all practice purposes but it takes a lot of effort and a certain amount of skill.
I think it should be much easier and that Google is a huge part of the problem in achieving anonymity just further confirms my opinion that they are evil (also here and here).
I hope the lawsuit is widely successful and is applied, as needed, to other Internet privacy violators.
Don’t care about the cash settlement. I want the offending managers, designers, marketers, programmers, HR reps, etc., to meet public gibbeting, impalements, wide-scale application of the cat ‘o nine tails, and lifetime sentences of listening to Yoko Ono albums at high volumes (on properly sound insulated ear muffs, of course ; I’m not a barbarian).
This will continue until the economic incentive to do it is removed. You can do that by making it criminal to use another person’s data without permission and payment. This would have to be for each use so it couldn’t be covered by abusive TOS.
We have been dealing with web page bugs for years and years and years.
The original bugs were 1×1 transparent gifs. When a browser loaded a page, it would load the gif image from an outside source. The outside source then was able to match that particular user/browser to looking at that particular page.
The problem happens if at any point a user manages to get their tracking bug attached in some way to something else.
Consider a person that walks into a wifi hotspot, sets up their computer and connects and reads their email on line. They then open a VPN and an “private” window. They go browsing around and find what they want all secure that their communications were not intercepted.
But in the mean time, their email program has reloaded the page with the right tokens. The mail reading website now knows that User A was using IP address x.y.z.w and is now using IP address a.b.c.d and shortly thereafter they know that User A is again using IP address x.y.z.w (It is even better if it is IPv6)
Now a person with the right skill set can look for those changes, and if they find that somebody was using IP a.b.c.d to connect to “bad actor site” during the time that USER A was checking their email, we have a pretty good idea that USER A is the person connecting to “bad actor site”
I like outbound firewalls to deal with a bunch of this. For example, I’ve run into some web pages that put up fraudulent popups; I just put the offending IP addresses in the permanent block list. Ditto with Google’s advertising machinery.
Mine is a Mac, the product is (rather curiously) named “Little Snitch”.