Article just says they used cookies for tracking. Does anyone have a better article, indicating why this work a workaround, and they it affected iPhones in particular?
> The complaint is that for several months in 2011 and 2012 Google placed ad-tracking cookies on the devices of Safari users which is set by default to block such cookies.
Seems they used cookies for tracking despite Safari supposedly disabling those kind of cookies.
With a technical workaround. The thing is, when does improving browser compatibility count as hacking? Most major websites "hacked" IE with a fake P3P header. This is not that different.
I see it this way; in the US, if a content publisher chooses to apply DRM, this provides them additional legal protections - whether the DRM is broken or not. Even if stripping DRM is "click Next" simple, it's still illegal.
Here, we're applying similar benefit to the consumer. The consumer has expressed they do not wish to be tracked. The application of a loophole does not make it okay.
Is it a little over-reaching? Possibly. But it's about time things were over-reaching in the consumer's benefit, rather than the corporations'.
It's going to become increasingly expensive and politically complex to operate an Internet company at Internet scale. That process of country to country division (legally/politically), will continue to accelerate.
Although they're getting the first punches to the face because they're easy and obvious targets, companies like Google or Facebook, will trivially withstand it over time. They can afford whatever compliance cost and complexity is involved. It's everyone else that is going to suffer, including all start-ups attempting to offer an Internet-wide service (something that not so long ago could be mostly taken for granted). The effect will be to lock-in the position of the existing giants and protect them from new companies that might challenge their global dominance.
If I want to offer an Internet-wide service in the near future, I'll need to comply with dozens of different Internet-related legal/political frameworks to spread into dozens of nations. It'll be realistically impossible to accomplish for smaller entities, so start-ups will be stuck even more than they already are in struggling to reach beyond their local audiences. This will particularly harm start-ups in smaller countries in Latin America, Africa and Europe. Start-ups in the US and China will gain a further advantage (an advantage which they've already utilized to produce most of the Internet giants to this point), because they get to start out with massive home markets with heavily unified rules and then push to the rest of the world from their large base.
This process destroys the Internet as it has been known the last two decades and it appears nothing is likely to stop it from getting dramatically worse in the next 10-15 years.
I doubt it. The GDPR and other european privacy laws are a problem if you operate from overseas.
On the other hand, if you start in europe and are thusly aware of the privacy laws it becomes much easier to design as service that complies with them.
The Netzdurchsuchungsgesetz in Germany even goes as far as only making big social networks responsible for content and small startups get a free pass.
North America, the EU+Eurozone, Australia/New Zealand, Japan, and as much of Latin America & Africa as possible, should come up with a common framework that gets you an extremely high degree of compliance out of the gate if you follow it (with some expected smaller issues that are likely to be unavoidable on a nation to nation basis).
WTO for the Internet. It's probably an inevitable outcome in some manner. The difficulty (cost, compliance and just plain frustration) will get great enough such that this will happen. The primary question is what form it'll take, what authority body/bodies it falls under, who initiates it, who the stragglers are, and so on.
China would never sign on to it, and several dozen other nations also would likely lag or refuse. In China's case, they've always operated their own Internet, so they're irrelevant to the context that's occurring.
The nations set the consumer laws and the companies follow it; the most restrictive case is no unauthorised tracking, no unauthorised analytics, local warehousing.
If your system can cope with the most restrictive case, you can tag the data with the jurisdictions (easy), and then enable tracking / analytics / shared warehouses for more complex data.
It sounds like a reasonable startup idea to help manage this.
The internet has not been like this for two decades.
It has been like this since Google and Facebook became ubiquitous, which didn't start until the mid 2000's.
Before then, the internet was still the internet, only without most of the data hoovering.
I am totally in support of legislation that curtails this kind of thing. This isn't a case of the internet being made worse, it's a case of consumer protections catching up to technology.
The Internet has been globally widely open since the mid 1990s (except for a few countries like China), when it comes to commerce. That has only begun to slowly change in the last ten years.
Even now, the Internet is still widely globally open. Compliance challenges are still relatively modest. The point is, that's beginning to change at an accelerating rate.
The internet has been open for over two decades yes, but the ubiquitous surveillance of users and tracking and advertising across various websites and services is something that only really became a reality as Facebook and Google began to dominate.
Again, that seemed to start happening after the mid 2000's.
Totally agree. It used to be that one could browse the internet, and the only ads you'd see were the ads that the webmasters had personally negotiated for. These days everywhere you go your data is sucked in, and your 'reward' is a 'targeted' ad. The degradation in quality of service is staggering and sad.
That said, I hope the legislation in this case will be sound. I hope that it at least leads to less invasive tracking. I hope it will be the combination of this legislation and the increasing amount of ad blockers that finally kill obtrusive ads and tracking.
When I use a computer without an adblocker(tracking blocking included) these days there's a major chilling effect. It's gotten so bad that I don't dare search for certain things on my mobile (andoid) because I know somewhere a model is being trained on what I do and type. It makes me uncomfortable and suspicious, and also angry at tech companies that are using my behavior to earn money. I already paid for your phone, you don't deserve anything more.
Cryptomining in a users browser, when not done through an exploit with hidden windows, is a perfect solution to website financing for larger websites. The smaller ones need to make up their mind about finding a balance between micro payments/subscriptions/patreon/free content.
> It'll be realistically impossible to accomplish for smaller entities, so start-ups will be stuck even more than they already are in struggling to reach beyond their local audiences.
Wasn't this always the case for businesses? If you are a physical company selling physical things then logistics, legal etc was always a huge barrier to expansion beyond your local market.
I think the misconception is that the "normal" state is that the internet is a single normalized market where anyone can grow from zero to global in a way that a physcal company can't. I don't think that's realistic. What happened was simply that regulators couldn't keep up, as is always the case in the beginning of something.
> This process destroys the Internet as it has been known the last two decades and it appears nothing is likely to stop it from getting dramatically worse in the next 10-15 years.
But wasn't the internet in the past decades just a wild west where things like privacy etc always took a back seat? Is this development really such a bad thing (for consumers, I mean)?
Absolutely it has mostly always been the norm, throughout business history. The last 20 some odd years with regards to the Internet have been a freak of history; in that sense it's not at all surprising to see that abnormality end, barriers go up, complexity and cost go up, and so on. It's a shame, it was an extraordinary experiment.
Normal is however things are/were. Atm, the norms are whatever environment Google, FB, etc. grew up under, over the last decade.
Before that, it was even more anarchic. Before that, the internet didn't exist. Global-scale many-to-many media and communications didn't exist.
I don't understand the desire to argue for an internet descibed by analogy to phone or radio or somesuch. The comparison isn't that strong, and the outcome is not desirable. The internet exposed the flaws in those, if anything has informed anything. Is this devils' advocacy?
I do understand incumbents. They're safer and more protected the more rules get made. I understand politicians who are trying to deal with some other problem (financing terrorism, child porn), and don't understand or care about side effects. I understand the naive public, who just want their leaders to just solve these problems they keep taalking about. I understand judges ruling on specific cases, without regard (not their job) for the delay facto policy implications. The HN-er who wants an internet rulebook, I don't get it.
> Before that, it was even more anarchic. Before that, the internet didn't exist.
Bulk data collection and massive privacy invasions weren't a problem, that's what I'm saying.
> I don't understand the desire to argue for an internet descibed by analogy to phone or radio or somesuch
Not sure that's what I did, but I'm definitely saying that states should be able to regulate/taxate all business, and internet business can't be excluded.
> The HN-er who wants an internet rulebook, I don't get it.
Not sure what your argument is, nor what you thought my argument was. The article is about a company (in this case Google) facing legal action for doing something that was (possibly) against a law somewhere. I think it sounds completely reasonable that this is possible.
I was commenting in the context of of the discussion, the article and the commentary (yours and the ones further up).
>>It's going to become increasingly expensive and politically complex to operate an Internet company at Internet scale. ...something something, incumbents will be fine. Like financial services, old media and other markets, the internet is at risk of becoming inaccessible in large part to upstart initiatives, commercial or noncommercial.
> Bulk data collection and massive privacy invasions weren't a problem, that's what I'm saying.
That's quite debatable, from Stasi methods to NSA trying to collect bulk phone calls, there've been plenty of examples for bulk data collections and massive privacy invasions predating social media and the Internet.
20 years ago nobody cared much what information you shared about yourself on the www, as it wasn't monetized, barely anything was as many users back then had been hoping for something like a "post-privacy society" to emerge. The problems started when companies wanted to commercialize the www, que ad-revenue economy and massive aggregation of personal information on-top of that.
Creating a situation where monolithic companies and governments suddenly have a very similar goal: Categorizing and collecting "people" in every imaginable way.
Facebook is pretty much building a database of all the people of the world, governments have struggled to build something like that, on a national scale, for far longer and regularly failed.
At this point, I wouldn't be surprised about shady backroom deals along the lines of "We let you get away with breaking this immensely complex legal framework if you give us access to your database of phone numbers/selfies/whatever" actually being a thing.
If you respect the hardest privacy laws everywhere then you are fine, if you want to have different code paths like
this guys in EU I can't spam them, I can't store private data without permissions but the other guys there I can do whatever I want but the other guys I can only do X but not Y,
I suggest to just respect the best/strongest privacy law, a good product is one that helps people do their work and gain more free time, I do not see how invading privacy will affect good products.
P.S. I am wondering what laws made it so today most emails have an Unsubscribe link at the bottom, this is such a good thing, I would hate some companies not adding it for the countries where it is not mandatory.
The law in the US is the CAN-SPAM act in 2003. It requires email to have unsubscribe instructions at the bottom of the email and to take people off the list within 10 days of a request. There are similar laws, many of them stricter, in different jurisdictions.
This might work for the "privacy" topic in isolation, but I think the GP's point still stands. Laws are much more complex than a one-dimension easy-to-hard scale, and frequently plainly contradict each other. How does your right to be forgotten square with my right to protest your misdeeds? How does stopping fake news square with protecting free speech? Right to offend vs right not to be offended?
Each nation makes its own decisions about that, with a lot of overlap but also a lot of non-overlap. And internet businesses will more and more have to navigate all that, or opt out of foreign markets. Just like non-internet businesses.
I understand your point and yes it can be problematic in some countries, the solution is to not make business in the countries where local law contradicts most of the world and your believes. My opinion is that we should not give up on creating rules that help the consumer because some company will have a harder time, I understand is hard for a startup to build an airplane or a car because of safety regulation but those are necessary for the society at large. If EU will demand that your product comes with a warranty and US does not demand it you have the choice not to sell in EU or make a better product.
Back to software, as long as companies will find new ways to abuse the users the users will demand laws to get protected, the problem is the laws differ from country to country or appear later in other country, could the industry find a way to prevent the abuses to happen?
It's everyone else that is going to suffer, including all start-ups attempting to offer an Internet-wide service (something that not so long ago could be mostly taken for granted).
If a startup violates the privacy of their users intentionally and witth gusto they deserve to get smacked in the face; hard!
> If I want to offer an Internet-wide service in the near future, I'll need to comply with dozens of different Internet-related legal/political frameworks to spread into dozens of nations.
No, you don't. You'll have it a lot easier than Google or Facebook, because you don't have local offices in more than one country, and you should keep it that way as long as you possibly can. As long as you have offices in exactly one jurisdiction, you are only subject to the laws of that jurisdiction. You can generally safely ignore the attempted overreach of others.
It seems there were/are a couple of workarounds for setting third party cookies in Safari.
One was to send a POST request in a hidden iframe using javascript. This was supposedly what Google used to bypass Safari's blocking of third party cookies[1].
Another is (was?) to redirect to the third party domain, and then back again[2]. This would supposedly work since the restriction on third party cookies doesn't apply to already visited domains.
I suspect until there's a meaningful way for business executives to be extradited for violating another country's consumer protection laws, there will not be an adequate way to penalize corporations for international misconduct.
Functionally, a company's max losses for violating a country's laws is loss of assets and business in that country, is it not? For an international corporation, very few countries have the ability to hold them to any sort of meaningful penalty, especially when a company like Google can simply withhold service to that country until the country begs them to restore it. (See Google News in Spain.)
I find the current case involving Google in Canada interesting: After losing a right to be forgotten case in the Canadian Supreme Court, the highest law of that jurisdiction... Google filed (and 'won') a case in the Northern District of California to injunct it's ruling. ...I don't know about you, but I don't believe a US court can invalidate the Canadian Supreme Court's order... so doesn't that just put Google in contempt of court in Canada?
IANAL but Canada's supreme court should have jurisdiction only over Canada. It wanted to force Google to remove search results globally and not just from Canadian website. Which authority grants them such powers? I think Google just exposed their bluff by challenging that order in another sovereign jurisdiction.
As a sovereign nation, Canada can impose any restrictions or requirements on a business that exists in their country. (Google has three offices physically in Canada.) Presumably, Canada can pass any law or issue a judgement in keeping with their laws on how to punish an entity in it's borders for noncompliance with their commands.
Those restrictions or requirements need not be limited to their borders. (For instance, the US prohibits companies from doing business with certain entities or persons in foreign countries. That continues to be true even if the person is not inside US borders.)
So, insofar as Google, as a company that does business in Canada, has refused to obey Canadian law, I suspect that Canada would be entirely in keeping with the law to charge Google with any civil or criminal penalties for refusal to comply. A US court's ruling has no authority or interest in the matter of Canada telling a company in Canada what to do.
I presume the end cap of Canada's powers (similarly to any sovereign nation) would be the seizure of all assets and closure of any business in Canada proper. Of course, within the grounds of whatever Canada's own laws allow. So while Canada may not have the sovereign right to force a company operating in another country to comply, it could presumably shut down all of Google's Canadian offices, ban them from doing business with the country, and any other penalty they feel like inside the country.
If you want to do business in a country, you must follow that country's laws, even if you think it's unfair the country is imposing them. This is why Google decided to leave China.
> I suspect until there's a meaningful way for business executives to be extradited for violating another country's consumer protection laws
Why should executives, who are with Google USA, be extradited if they are not breaking any law in the USA? Whatever Canada wants to do should be confined to Canadian borders (so I agree with your current comment that only Google Canada's assets are within Canada's influence).
Also, US prohibits companies from doing business with certain entities only if they have certain leverage (like access to USD). Tomorrow, if some Chinese govt owned enterprise were to deal with Iran or North Korea, I doubt US can do much there.
That's exactly my point: The penalties foreign countries can exact upon the company is pretty limited, as far as a giant international corporation is concerned.
I definitely think Canada has the right to require that Google obey it's judgement (because, again, as a sovereign nation, Canada can demand anything it wants of entities that do business there), but the cost of noncompliance isn't high enough in most cases. The Canadian Supreme Court has three Google offices worth of leverage to hold over Google to get them to comply, but most countries don't have that sort of power.
In many cases, corporations are currently more powerful than sovereign nations, and I don't think that's a good thing.
Now I am confused - where exactly do you stand? Should company executives be extradited for not obeying some random country's law even if they haven't broken any law in their home country? If so, I vehemently disagree with you.
> In many cases, corporations are currently more powerful than sovereign nations, and I don't think that's a good thing.
Why not? Tuvalu has a population of 11,000 and a GDP of $34MM. Why should it have more power than Apple, who has 120K employees and $230B revenue in 2017? There are 140 other countries whose GDP is less than Apple, and 40 whose population is less than Apple. Why should they have more power than Apple?
Google doesn't believe the case for avoiding an Orwellian dystopia has any merit either. They want to track all your activities they possibly can, laws and consumer expectations be damned.
So Google deployed malware against... tens of millions of people?... in order to steal confidential data for profit, by bypassing security mechanisms on those devices as they interacted with Google servers, exceeding authorized access, and using installed code to track the activities of people against their efforts to raise technical barriers?
That sounds like an international criminal act on a scale most malware authors would wet themselves over.
It's also not surprising that the public is getting fed up with the wanton criminality that seems to be embodied by modern capitalism.
I don't know why this is getting downvoted. They did, in fact, acted against someone's setting not to do this, and I completely agree, this is a criminal act, not just a technical glitch.
IMHO storing cookies in a machine explicitly configured to block them seems to fit the "exceeds authorized access" language of the Computer Fraud and Abuse Act.
..as opposed to the lily-white lack of criminality of communism or socialism? Criminality occurs everywhere within every system, the only difference is who is committing it and the degree of which it it reported.
Yeah uh, it's pretty obvious this guy doesn't really care about the privacy thing, but cares about getting a lot of money from Google. How many people does he even represent that want to be compensated?
If he's a lawyer he's acting on behest of his clients.
It's definitely a problem in consumer culture that big companies can rip people off and break the law without facing consequences - so long as they are only jacking people a little bit at a time.
If Google was caught breaking the law, it would be appropriate if one of their officers went to jail over it.
He's the former director of the Consumer's Association - a charity dedicated to protecting consumer rights across the UK and that runs Which? magazine. There's a few things I disagree with about Which? but if there's anyone with impeccable credentials to run this type of lawsuit, it's him.
The fact that it was for ads and not for a more legit app, makes me bias against them. Normally, it wouldn't matter at all. There's an app, it doesn't work in safari for some reason, and you figure out a workaround.
Is this why I can’t sign out of Google on my phone? I never sign into Google and never sign into their apps. After I began using a Google Home I began noticing Google maps is automatically signing me in.
69 comments
[ 2.0 ms ] story [ 138 ms ] thread> The complaint is that for several months in 2011 and 2012 Google placed ad-tracking cookies on the devices of Safari users which is set by default to block such cookies.
Seems they used cookies for tracking despite Safari supposedly disabling those kind of cookies.
https://stackoverflow.com/questions/8048306/what-is-the-most...
http://alexanderhiggins.com/google-fined-22-5m-for-hacking-s...
Here, we're applying similar benefit to the consumer. The consumer has expressed they do not wish to be tracked. The application of a loophole does not make it okay.
Is it a little over-reaching? Possibly. But it's about time things were over-reaching in the consumer's benefit, rather than the corporations'.
Although they're getting the first punches to the face because they're easy and obvious targets, companies like Google or Facebook, will trivially withstand it over time. They can afford whatever compliance cost and complexity is involved. It's everyone else that is going to suffer, including all start-ups attempting to offer an Internet-wide service (something that not so long ago could be mostly taken for granted). The effect will be to lock-in the position of the existing giants and protect them from new companies that might challenge their global dominance.
If I want to offer an Internet-wide service in the near future, I'll need to comply with dozens of different Internet-related legal/political frameworks to spread into dozens of nations. It'll be realistically impossible to accomplish for smaller entities, so start-ups will be stuck even more than they already are in struggling to reach beyond their local audiences. This will particularly harm start-ups in smaller countries in Latin America, Africa and Europe. Start-ups in the US and China will gain a further advantage (an advantage which they've already utilized to produce most of the Internet giants to this point), because they get to start out with massive home markets with heavily unified rules and then push to the rest of the world from their large base.
This process destroys the Internet as it has been known the last two decades and it appears nothing is likely to stop it from getting dramatically worse in the next 10-15 years.
On the other hand, if you start in europe and are thusly aware of the privacy laws it becomes much easier to design as service that complies with them.
The Netzdurchsuchungsgesetz in Germany even goes as far as only making big social networks responsible for content and small startups get a free pass.
North America, the EU+Eurozone, Australia/New Zealand, Japan, and as much of Latin America & Africa as possible, should come up with a common framework that gets you an extremely high degree of compliance out of the gate if you follow it (with some expected smaller issues that are likely to be unavoidable on a nation to nation basis).
WTO for the Internet. It's probably an inevitable outcome in some manner. The difficulty (cost, compliance and just plain frustration) will get great enough such that this will happen. The primary question is what form it'll take, what authority body/bodies it falls under, who initiates it, who the stragglers are, and so on.
China would never sign on to it, and several dozen other nations also would likely lag or refuse. In China's case, they've always operated their own Internet, so they're irrelevant to the context that's occurring.
If your system can cope with the most restrictive case, you can tag the data with the jurisdictions (easy), and then enable tracking / analytics / shared warehouses for more complex data.
It sounds like a reasonable startup idea to help manage this.
It has been like this since Google and Facebook became ubiquitous, which didn't start until the mid 2000's.
Before then, the internet was still the internet, only without most of the data hoovering.
I am totally in support of legislation that curtails this kind of thing. This isn't a case of the internet being made worse, it's a case of consumer protections catching up to technology.
The Internet has been globally widely open since the mid 1990s (except for a few countries like China), when it comes to commerce. That has only begun to slowly change in the last ten years.
Even now, the Internet is still widely globally open. Compliance challenges are still relatively modest. The point is, that's beginning to change at an accelerating rate.
The internet has been open for over two decades yes, but the ubiquitous surveillance of users and tracking and advertising across various websites and services is something that only really became a reality as Facebook and Google began to dominate.
Again, that seemed to start happening after the mid 2000's.
That said, I hope the legislation in this case will be sound. I hope that it at least leads to less invasive tracking. I hope it will be the combination of this legislation and the increasing amount of ad blockers that finally kill obtrusive ads and tracking.
When I use a computer without an adblocker(tracking blocking included) these days there's a major chilling effect. It's gotten so bad that I don't dare search for certain things on my mobile (andoid) because I know somewhere a model is being trained on what I do and type. It makes me uncomfortable and suspicious, and also angry at tech companies that are using my behavior to earn money. I already paid for your phone, you don't deserve anything more.
Cryptomining in a users browser, when not done through an exploit with hidden windows, is a perfect solution to website financing for larger websites. The smaller ones need to make up their mind about finding a balance between micro payments/subscriptions/patreon/free content.
Wasn't this always the case for businesses? If you are a physical company selling physical things then logistics, legal etc was always a huge barrier to expansion beyond your local market.
I think the misconception is that the "normal" state is that the internet is a single normalized market where anyone can grow from zero to global in a way that a physcal company can't. I don't think that's realistic. What happened was simply that regulators couldn't keep up, as is always the case in the beginning of something.
> This process destroys the Internet as it has been known the last two decades and it appears nothing is likely to stop it from getting dramatically worse in the next 10-15 years.
But wasn't the internet in the past decades just a wild west where things like privacy etc always took a back seat? Is this development really such a bad thing (for consumers, I mean)?
Before that, it was even more anarchic. Before that, the internet didn't exist. Global-scale many-to-many media and communications didn't exist.
I don't understand the desire to argue for an internet descibed by analogy to phone or radio or somesuch. The comparison isn't that strong, and the outcome is not desirable. The internet exposed the flaws in those, if anything has informed anything. Is this devils' advocacy?
I do understand incumbents. They're safer and more protected the more rules get made. I understand politicians who are trying to deal with some other problem (financing terrorism, child porn), and don't understand or care about side effects. I understand the naive public, who just want their leaders to just solve these problems they keep taalking about. I understand judges ruling on specific cases, without regard (not their job) for the delay facto policy implications. The HN-er who wants an internet rulebook, I don't get it.
Bulk data collection and massive privacy invasions weren't a problem, that's what I'm saying.
> I don't understand the desire to argue for an internet descibed by analogy to phone or radio or somesuch
Not sure that's what I did, but I'm definitely saying that states should be able to regulate/taxate all business, and internet business can't be excluded.
> The HN-er who wants an internet rulebook, I don't get it.
Not sure what your argument is, nor what you thought my argument was. The article is about a company (in this case Google) facing legal action for doing something that was (possibly) against a law somewhere. I think it sounds completely reasonable that this is possible.
>>It's going to become increasingly expensive and politically complex to operate an Internet company at Internet scale. ...something something, incumbents will be fine. Like financial services, old media and other markets, the internet is at risk of becoming inaccessible in large part to upstart initiatives, commercial or noncommercial.
That's quite debatable, from Stasi methods to NSA trying to collect bulk phone calls, there've been plenty of examples for bulk data collections and massive privacy invasions predating social media and the Internet.
20 years ago nobody cared much what information you shared about yourself on the www, as it wasn't monetized, barely anything was as many users back then had been hoping for something like a "post-privacy society" to emerge. The problems started when companies wanted to commercialize the www, que ad-revenue economy and massive aggregation of personal information on-top of that.
Creating a situation where monolithic companies and governments suddenly have a very similar goal: Categorizing and collecting "people" in every imaginable way.
Facebook is pretty much building a database of all the people of the world, governments have struggled to build something like that, on a national scale, for far longer and regularly failed.
At this point, I wouldn't be surprised about shady backroom deals along the lines of "We let you get away with breaking this immensely complex legal framework if you give us access to your database of phone numbers/selfies/whatever" actually being a thing.
Internet has become the dominative media in the past decade, it is naive to think the powers in real world will give it a free pass.
https://www.ftc.gov/tips-advice/business-center/guidance/can...
Each nation makes its own decisions about that, with a lot of overlap but also a lot of non-overlap. And internet businesses will more and more have to navigate all that, or opt out of foreign markets. Just like non-internet businesses.
No, you don't. You'll have it a lot easier than Google or Facebook, because you don't have local offices in more than one country, and you should keep it that way as long as you possibly can. As long as you have offices in exactly one jurisdiction, you are only subject to the laws of that jurisdiction. You can generally safely ignore the attempted overreach of others.
One was to send a POST request in a hidden iframe using javascript. This was supposedly what Google used to bypass Safari's blocking of third party cookies[1].
Another is (was?) to redirect to the third party domain, and then back again[2]. This would supposedly work since the restriction on third party cookies doesn't apply to already visited domains.
1: https://stackoverflow.com/questions/9930671/safari-3rd-party...
2: http://www.mendoweb.be/blog/internet-explorer-safari-third-p...
Google have recently rolled out a 'global tag' to replace the 'floodlight' tracking code they usually use, this was last week.
[1] https://support.google.com/dcm/partner/answer/7570440?hl=en
Google agreed to pay a record $22.5m (£16.8m) in a case brought by the US Federal Trade Commission (FTC) on the same issue in 2012.
It will be interesting how this one ends, here's hoping for a pro consumer verdict.
The firm also settled out of court with a small number of British consumers.
They should drop "Don't be evil" and change it to "You didnt need that privacy anyway".
Functionally, a company's max losses for violating a country's laws is loss of assets and business in that country, is it not? For an international corporation, very few countries have the ability to hold them to any sort of meaningful penalty, especially when a company like Google can simply withhold service to that country until the country begs them to restore it. (See Google News in Spain.)
I find the current case involving Google in Canada interesting: After losing a right to be forgotten case in the Canadian Supreme Court, the highest law of that jurisdiction... Google filed (and 'won') a case in the Northern District of California to injunct it's ruling. ...I don't know about you, but I don't believe a US court can invalidate the Canadian Supreme Court's order... so doesn't that just put Google in contempt of court in Canada?
Those restrictions or requirements need not be limited to their borders. (For instance, the US prohibits companies from doing business with certain entities or persons in foreign countries. That continues to be true even if the person is not inside US borders.)
So, insofar as Google, as a company that does business in Canada, has refused to obey Canadian law, I suspect that Canada would be entirely in keeping with the law to charge Google with any civil or criminal penalties for refusal to comply. A US court's ruling has no authority or interest in the matter of Canada telling a company in Canada what to do.
I presume the end cap of Canada's powers (similarly to any sovereign nation) would be the seizure of all assets and closure of any business in Canada proper. Of course, within the grounds of whatever Canada's own laws allow. So while Canada may not have the sovereign right to force a company operating in another country to comply, it could presumably shut down all of Google's Canadian offices, ban them from doing business with the country, and any other penalty they feel like inside the country.
If you want to do business in a country, you must follow that country's laws, even if you think it's unfair the country is imposing them. This is why Google decided to leave China.
> I suspect until there's a meaningful way for business executives to be extradited for violating another country's consumer protection laws
Why should executives, who are with Google USA, be extradited if they are not breaking any law in the USA? Whatever Canada wants to do should be confined to Canadian borders (so I agree with your current comment that only Google Canada's assets are within Canada's influence).
Also, US prohibits companies from doing business with certain entities only if they have certain leverage (like access to USD). Tomorrow, if some Chinese govt owned enterprise were to deal with Iran or North Korea, I doubt US can do much there.
I definitely think Canada has the right to require that Google obey it's judgement (because, again, as a sovereign nation, Canada can demand anything it wants of entities that do business there), but the cost of noncompliance isn't high enough in most cases. The Canadian Supreme Court has three Google offices worth of leverage to hold over Google to get them to comply, but most countries don't have that sort of power.
In many cases, corporations are currently more powerful than sovereign nations, and I don't think that's a good thing.
> In many cases, corporations are currently more powerful than sovereign nations, and I don't think that's a good thing.
Why not? Tuvalu has a population of 11,000 and a GDP of $34MM. Why should it have more power than Apple, who has 120K employees and $230B revenue in 2017? There are 140 other countries whose GDP is less than Apple, and 40 whose population is less than Apple. Why should they have more power than Apple?
Bragging about how they've done it before suggests that they don't think the publicity is likely to hurt them, either.
That sounds like an international criminal act on a scale most malware authors would wet themselves over.
It's also not surprising that the public is getting fed up with the wanton criminality that seems to be embodied by modern capitalism.
It's definitely a problem in consumer culture that big companies can rip people off and break the law without facing consequences - so long as they are only jacking people a little bit at a time.
If Google was caught breaking the law, it would be appropriate if one of their officers went to jail over it.
or
so long as they are only jacking the little people.
But taken a step further it seems fair to ask:
- Has Google lost its edge? Why has nefarious replaced innovation?
- What else are they doing that we don't yet know about?
- Is it time for Google to update its biz model so it isn't so dependent on being so driven (to desperation)?
- Finally, is it time for the market to reconsider Google's role in defining our collective future?
On a personal note, if I can be fairly certain Apple isn't going to "pimp my data" I would give an iphone a serious consideration.
NOT giving Google my data is a good starting point IMO.