Category Archives: Google

Google Says They Don’t Sell Your Data – That is True, They Give it Away!

Google is being sued. Again. This is not news. What is news is why they are being sued.

Google says that they don’t sell your data. While that may be accurate, they do, according to a new lawsuit, give it away to anyone who wants it.

How does that work?

Google sells ads. While some of those ads are blind, meaning that the buyer does not know who it is being presented to, those ads don’t sell for much. My kids are fully grown. Showing me a diaper ad is not terribly useful to the diaper company. I am highly unlikely to buy any diapers any time soon.

Most ads are sold using Google’s real time bidding system. This bidding happens in a blink of an eye.

It works something like this.

You visit a web page. The site owner has a deal to buy ads from Google. While the page is loading, the site owner tells Google that it has a box that is so many inches by so many inches available.

They also tell Google everything they know about you. This includes everything the browser tells them like your system information and IP address and any other information the site owner has about you. Then Google adds information it knows about you based on other data they have collected from other sites you have visited and other data that they have bought.

So far, it would appear, they are not lying.

But they also have not sold any ads.

What happens next is this. Google provides all of this information to anyone who is bidding for ads at the moment. That entire collection of data is provided, free of charge, the lawsuit says, to all of the potential buyers.

In the blink of an eye, someone wins the bid and Google charges them and gives the ad to the website to display. This could be Facebook. Or your web site if you display ads.

But what happens to all that data that was sent to the losers?

According to the lawsuit, they get to keep it.

Some people bid on ads with the intention of NOT winning. All they want is your data. They offer to pay a penny knowing that they will never win. Maybe they have to shell out a few pennies if literally no one else bids.

After the bidding period (blink) is over, they can take that data, aggregate it and sell it. Or use it in some other way.

This is the crux of the lawsuit.

If there are a hundred bidders for that ad. Or a thousand – they all get to keep the data according to the plaintiffs.

You would think Google would care, but maybe, because they collect some much data every second, they don’t.

I guess we will see how this plays out in court. Credit: Law Street Media

Google Accused of Selling Your Data – SHOCKING!

Google is facing a class action lawsuit for, the plaintiffs say, selling your data.

The law firm that filed the case knows a bit about these kind of lawsuits. The firm, Bleichmar Fonti & Auld LLP has previously won settlements in the tens and hundreds of millions of dollars. The were part of the team that separated Volkswagen from $17 billion, so if I were Google, I would be at least a little concerned.

The case centers around how Google’s real time ad bidding process works.

Apparently, Google hands potential advertisers a whole portfolio of information about you like Google ID, IP address, cookie match, user agent, location, device ID, race, identity, health, divorce and other key ad match criteria.

In exchange, in those few milliseconds, the advertiser decides if they want to bid on an ad for you.

If they don’t, they get to keep your data. For free.

They can, apparently, aggregate that information and sell it. Companies like Venntel do just that.

You don’t ever have to make a bid, never mind win one.

Government agencies like ICE and Customs buy this data too.

Google, of course, says that this isn’t selling your data.

In a sense they are right.

If you are not the winning bidder, they are giving it away for free.

This case was just filed in March, so we are a long way from a decision, but maybe this law firm could separate Google from a few of those billions of dollars.

It will be interesting to see if Google changes the way bids work. They are damned either way. If they do, they are admitting to what they are accused of. If they don’t and they lose, it probably increases their liability.

Stay tuned and get y our popcorn out.

Credit: Vice

Google to Test Replacement for Third Party Cookies

First, what are cookies? For those who don’t know, they are small text files, often encrypted, placed on your phone or computer by web sites so that they can track your actions. Cookies come in two flavors. FIRST PARTY cookies are cookies placed on your device by the website that you are visiting. THIRD PARTY cookies are those cookies put on your device by others, trying to track your broader activities across websites.

While first party cookies are usually used to track what you are doing on the web site you are visiting, tracking your “state” on that site, third party cookies are used to track you as you move from site to site.

Many browsers are completely blocking third party cookies, making this method of tracking you less effective. Many users have installed blocking software like Ad Block Plus which also blocks many cookies.

Some companies are using first party cookies in a covert manner to replace third party cookies. In this case, lets say you are visiting XYZ.Com . XYZ sets up a subdomain called, lets say, TRACKME.XYZ.Com and lets the tracking company control what is in there. If a lot of companies do the same thing then these covert first party subdomains work in the same manner to track your actions. One company detected 6,000 web sites doing this.

Since Google need to protect its ad revenue, it is trying to come up with a replacement for third party cookies that will satisfy at least some privacy folks.

FLoC or Federated Learning of Cohorts is a technique that Google is about to test. Instead of tracking your individual actions, it instead categorizes your activities and puts you in a FLoC Cohort. Each cohort has an ID and advertisers can pay to show their ads to a particular cohort. Since cohorts have similar surfing patterns, maybe they have similar buying habits.

Of course, this is far from perfect and there are concerns that people could wind up being put in cohorts based on say, race or sexual orientation, since it is possible that those characteristics could have similar browsing habits.

At this point even Google doesn’t know if this will work, but you are soon become a guinea pig, whether you know it or not.

The EFF is not fond of the idea saying that websites might uniquely fingerprint FLoC users to better target ads.

Personally, I think the whole thing is a losing battle. I visit hundreds of websites a week and I cannot recall the last time I clicked on any ad. Still, it must work to some degree as companies continue to buy these ads. Credit: The Hacker News

U.S. v. Google – Let the Games Begin!

In a fight the likes of which we have not seen since the battle between Microsoft and the DoJ that ended around 20 years ago, the Justice Department sued Google this week, accusing it of using its market dominance to hobble its rivals.

Just to be clear from the beginning, I am not a huge fan of Google’s actions and I think its motto of do no evil is probably a bit tarnished at best.

Like the Microsoft case, which distracted the company for close to a decade, this fight is likely to go on for a long time. And be at least equally distracting.

The downside for Google, which is likely pretty clear to them, is that the government can literally print money to fight this battle and Google has to use its investor’s cash for their defense. Also, the government probably doesn’t care much if the case takes a decade to resolve. Google, on the other hand, probably does not want to be burdened by a decade of litigation by a legal team that has unlimited resources.

What we don’t know is what might happen if there is a change in teams in Washington in January. It may not make any difference.

The DoJ and the Attorneys General of 11 states say that Google used its monopoly power to crush competitors in the search and search advertising business.

While Facebook does have a very thriving advertising business, most other competitors have withered.

And, when it comes to search, Google has become a verb, as in “go Google it”. That cannot be a factor in their favor.

The Government says that Google has 90% of all general search engine traffic in the U.S. and 95% of all mobile search.

When asked if DoJ wants to break up Google, the attorneys said that they will leave that up to the court. Fat chance; it is just that this is not the time to show your hand.

Justice says that Americans have been hurt by having less choice, less innovation and less competitive pricing.

Not surprisingly, Google said nah!, that’s not true. What else might they say?

There is some truth to the suggestion that Google or Alphabet, Google’s parent, is incredibly intertwined with hundreds of entities and would be ridiculously hard to unwind. A few hundred billion dollars in cash (to fund competitors) as a penalty is a possible alternative.

Given that this was done a couple of weeks before a Presidential election, it could be seen as a political move and probably Bill Barr did push for the filing to occur before the election since Trump has, on many occasions, threatened to crack down on tech companies that he sees as his enemies. Still, it is HIGHLY unlikely that DoJ filed this lawsuit if it didn’t think it had a reasonable chance of getting something out of it.

The 11 AGs that joined the suit are all Republicans. That doesn’t mean that the Democratic AGs love Google. It may mean that they want to file their own competing lawsuit. All this is great news for law firms. There will be hundreds of thousands of billable hours. Credit: Reuters

The Cloud is NOT Disasterproof – Are You

Over the weekend, Google suffered an outage that lasted about 4 hours. (See Google Appstatus Dashboard)

The good news is that the outage happened on a Sunday afternoon because that reduced the impact of the outage.   Next time it could happen on a Monday morning instead.

The outage took down virtually every Google service at some point during the outage.

But worse than that, it took down all of those companies that depended on one Google service or another.  Examples include Snapchat, Shopify, Discord and even a number of Apple services went down because Apple is not in the data center business.  iCloud mail and drive and iMessage were all affected.

This is not to beat up on Google.  Both Amazon and  Microsoft have had similar meltdowns and so have much smaller providers.

And they will again.  Human beings design computers, build computers and operate them.  And, after all, humans are, well, just human.

One more time, this is a lesson for users of cloud services.  

Maybe you can deal with a 4 hour outage on a Sunday.

But can you deal with an 8 hour or 24 hour outage on a Wednesday (like Microsoft had recently)?

What is the cost in lost productivity when users can’t get to their email or their office documents?

What is the impact to your customers if they can’t get to your service?  Will they move to a competitor?  And stay there?

I am not proposing any solution.  What I am proposing that you consider what the impact is of an outage like this.  Impact on both YOU and also on your CUSTOMER.

Then you need to consider what the business risk is of an inevitable outage and what your business continuity plan is.  Will your BC plan sufficiently mitigate the risk to a level that is acceptable to your company.

Finally, you need to look at your Vendor Cyber Risk Management program.  

Apple’s systems went down on Sunday NOT due anything Apple did, but rather something their vendor (Google) did.

At this point Google has not said what happened, but they said they will provide an after action report soon.  But, remember, this is not, ultimately, a Google problem, but rather a problem with cloud consolidation.  When there are only a handful of cloud providers hosting everything (3 tier one providers — Google, Microsoft and Amazon) and a slightly larger handful of tier two providers, if one of them burps, a lot of companies get indigestion.

Source: Vice 


Well THAT Didn’t Take Long

Last Week Microsoft Announced Microsoft Azure Sentinel, a cloud based Security Information and Event Management System (SIEM) and a Threat Hunting and Analysis Service called Microsoft Threat Experts.

As Ray and I discussed on a recent video, available on Youtube, the best outcome of that announcement is if Google and Amazon make a similar announcement.

Well guess what?

One of those two made an announcement this week at RSA.

Google’s Chronicle Backstory is a direct competitor to Azure Sentinel.  Chronicle is Google’s security arm.

Chronicle says that they have tested Backstory on organizations up to 500,000 users.  For a year,  THAT is big data.

Based on work that Google’s Threat Analysis Group used internally, this system is designed to allow a company to store petabytes of data in the Google cloud,analyze it and detect threat patterns.

The tools leverage Google’s Virus Total, which analyzes millions of malware samples, probably every day,  and includes a dashboard called Nirvana.

Google says that you can upload your data –  DNS traffic, Netflow data from your firewalls, endpoint logs, proxy data, etc. and it will be indexed and analyzed.  Google SAYS that your data will remain private, but Google doesn’t have a great track record in that department.  Of course, this is a different Alphabet company, Chronicle, and they will not be ad supported.

One thing that Google did at launch that Microsoft has not done, except vaguely, is announce what they call an Index Partner program – companies that have agreed to integrate with Backstory.  They are demonstrating Carbon Black (an endpoint security product) and their integration with Backstory.  They will be demoing Backstory at booth 2251 at RSA this week.

CAVEAT:  Both of these technologies are young;  neither has announced pricing.

Still this is nothing short of wonderful for the user community.

Maybe Amazon will be next.  Surely, even with Mr. Bezos’ current personal distractions, he didn’t miss this one-two punch.

Stay tuned – closely tuned.  This is good for you and me.

Source: Medium