Article 43

 

Broadband Privacy

Friday, March 29, 2024

YouTube Shares Viewer Data With Feds

pc-eye.jpg image: pc eye border=0

If you watched certain YouTube videos, investigators demanded your data from Google
Shared YouTube data prompts civil liberty worries.

By Chase DiBenedetto
Mashable
March 23, 2024

If you’ve ever jokingly wondered if your search or viewing history is going to “put you on some kind of list,” your concern may be more than warranted.

In now unsealed court documents reviewed by RORBES, Google was ORDERED TO HAND OVER the names, addresses, telephone numbers, and user activity of Youtube accounts and IP addresses that watched select YouTube videos, part of a larger criminal investigation by federal investigators.

The videos were sent by undercover police to a suspected cryptocurrency launderer under the username “elonmuskwhm.” In conversations with the bitcoin trader, investigators sent links to public YouTube tutorials on mapping via drones and augmented reality software, Forbes details. The videos were watched more than 30,000 times, presumably by thousands of users unrelated to the case.

YouTube’s parent company Google was ordered by federal investigators to quietly hand over all such viewer data for the period of Jan. 1 to Jan. 8, 2023, but Forbes couldn’t confirm if Google had complied.

The mandated data retrieval is worrisome in itself, according to privacy experts. Federal investigators argued the request was legally justified as the data “would be relevant and material to an ongoing criminal investigation, including by providing identification information about the perpetrators,” citing justification used by other police forces around the country. In a case out of New Hampshire, police requested similar data during the investigation of bomb threats that were being streamed live to YouTube - the order specifically requested viewership information at select time stamps during the live streams.

“With all law enforcement demands, we have a rigorous process designed to protect the privacy and constitutional rights of our users while supporting the important work of law enforcement,” Google spokesperson Matt Bryant told Forbes. “We examine each demand for legal validity, consistent with developing case law, and we routinely push back against over broad or otherwise inappropriate demands for user data, including objecting to some demands entirely.”

Privacy experts, however, are worried about the kind of precedent the court’s order creates, citing concerns over the protections of the first and fourth amendments. “This is the latest chapter in a disturbing trend where we see government agencies increasingly transforming search warrants into digital dragnets,” executive director of the Surveillance Technology Oversight Project Albert Fox-Cahn told the publication. “Its unconstitutional, itҒs terrifying, and its happening every day.”

SOURCE

Posted by Elvis on 03/29/24 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Saturday, February 10, 2024

Community Broadband

image: wired earth

America Tires Of Big Telecoms Shit, Driving Boom In Community-Owned Broadband Networks

By Karl Bode
TechDirt
February 8, 2024

For decades, frustrated towns and cities all over the country have responded to telecom market failure by building their own fiber broadband networks. Data routinely shows that not only do these networks provide FASTER, BETTER, AND CHEAPER SERVICE, the networks are generally more accountable to the public - because they’re directly owned and staffed by locals with a vested interest in the community.

Despite relentless industry lobbyist efforts to paint these networks as some kind of SOCIALIST BOONDOGGLE HELLSCAPE, such community ISPs continue to see massive, bipartisan popularity. Case in point: The Institute For Local Self Reliance, which tracks community networks, SAYS THEY SAW A DRAMATIC UPTICK IN SUCH NETWORKS after COVID lockdowns highlighted the importance of affordable access.

According to a DATABASE of such networks tracked by the organization (disclosure: I’ve worked with the nonprofit researching municipal broadband projects), there are now 450 municipal broadband networks in the U.S. Since January 1, 2021, at least 47 new networks have come online, with dozens in the planning or pre-construction phases. And this may be an undercount given the FCC’s failure to track them all.

There are now more than 400 communities all over the country served by such networks, which can take a variety of forms, whether its a local cooperative, a city-owned broadband utility, an extension of the existing city-owned electrical utility, or a direct municipal build. Closer to a thousand if you include local public-private partnerships.

In rural North Dakota, local cooperatives have driven the kind of AFFORDABLE FIBER ACCESS many city residents in more populous states still haven’t seen. In Vermont, numerous municipalities have fused to CREATE COMMUNITY UTILITY DISTRICTS to deploy affordable fiber to long neglected rural markets. In Tennessee, the city-owned utility in Chattanooga has created one of the most popular ISPs in the nation providing speeds upwards of 25 GIGABITS PER SECONS TO LOCAL RESIDENTS.

They all represent local, grass roots’ responses to local market failure caused by often-mindless consolidation, stifled competition, and feckless federal policymakers unwilling to address (or OFTEN EVEN ACKNOWLEDGE) the problem of unchecked monopoly power. ILSRҒs Chris Mitchell put it this way:

“The monopoly cable and telephone companies frequently claim that there are no problems with broadband in the U.S., even as millions of students cannot access the Internet from their homes, whether in rural or urban areas. These cities remind us of the work that has to be done to make sure everyone can take advantage of modern technologies.”

During peak pandemic lockdowns, a viral photo made the rounds featuring POOR KIDS FORCED TO HUDDLE IN THE DIRT OUTSIDE OF TACO BELL, just to attend class. As somebody who has covered U.S. broadband policy for decades, I watched as that photo did more to move the needle on U.S. telecom policy and broadband affordability than any activism campaign or press release crafted in the last quarter century.

Many of these municipalities have been greatly buoyed by billions in both COVID relief money (The American Rescue Plan Act) and infrastructure funding (The Infrastructure Investment and Jobs Act). As a result, countless communities are now deploying cutting edge, affordable, gigabit-capable fiber networks for the first time to customers long trapped on the wrong side of the digital divide.

It’s a movement that could have been pre-empted at any time by the likes of Comcast and AT&T if they’d been willing to expand service, improve speeds, and compete on price. Instead, such companies quickly got to work trying to pass ANTI-DEMOCRATIC STATE LAWS banning such networks, spreading disinformation VIA FAKE CONSUMER GROUPS, or FLINGING LAWSUITS at towns and cities across America.

Even during the peak of the pandemic, when such networks were busy showcasing their benefit to affordable access for telecommuting and home education, the telecom lobby convinced House Republicans to try and BAN SUCH NETWORKS NATIONWIDE. It didn’t work, again, because nearly everybody in America dislikes Comcast, and these locally owned alternatives have significant, bipartisan support.

Our collective disdain for the local cable and broadband monopoly is one of the few things that bridges America’s ugly (and intentionally well cultivated) partisan divide. And this kind of local activism is going to be increasingly important as corporate efforts at the Supreme Court to unravel what’s left of federal corporate oversight GAIN STEAM in the months and years to come.

None of this is to say community broadband is a magic panacea. Such efforts require competent leadership, a good plan, plenty of money, and public support. But it is a very cool example - 100 years after a similar backlash played out with rural electrification - of locals banding together to combat regional monopolies (and the corruption that protects them) to dramatically improve their quality of life.

SOURCE

Posted by Elvis on 02/10/24 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Monday, January 22, 2024

Netflix and Net Neutrality

ISPs with rival streaming services have ‘clear incentive’ to flout net neutrality rules, Netflix claims

Netflix cites Peacock’s recent stream of the AFC Wild Card game between the Miami Dolphins and the Kansas City Chiefs as a prime example of why the FCC is justified in restoring network neutrality rules.

By Jeff Baumgartner
Light Reading
January 22, 2024

Netflix weighed in on the network neutrality debate this week, holding that new FCC rules are necessary in order to keep a watchful eye on broadband operators that have affiliated pay-TV or content services that compete directly with “independent” streamers.

A prime example that Netflix cited in REPLY COMMENTS filed Wednesday (January 17) was Peacock’s exclusive stream (outside of the local Miami and Kansas City TV markets) of the AFC Wild Card game between the Miami Dolphins and Kansas City Chiefs on January 13. Touted by Comcast/NBCU (Peacock’s owner) as the most streamed event in US history, the game DREW an average audience of about 23 million viewers across Peacock, NBC stations in Miami and Kansas City and on mobile via NFL+. PolicyBand was FIRST TO SPOT first to spot the reference.

“[M]any ISPs have affiliated Pay TV and/or streaming content services that directly compete with independent, online content companies,” Netflix argued. “ISPs with affiliated services have a clear incentive to advantage their affiliated services by either (1) degrading the quality of their competitors’ content or (2) increasing their competitors’ costs.”

Cable operators, of course, don’t share that view. NCTA The Internet & Television Association and eight state cable organizations ARGUED in their reply comments this week that cable operators, faced with today’s competition, have no incentive to flout net neutrality principles.

Those comments flowed into the docket this week as the FCC moves ahead with a proposal to restore network neutrality rules that apply a more heavily regulated Title II (telecommunications services) classification on broadband. The Democrat-controlled FCC is widely expected to vote in favor of the rules later this year.

Netflix likewise believes that open Internet rules are necessary to ensure that access to legal content is available without interference.

“ISPs should not be permitted to block or throttle such access or engage in paid prioritization, and should be required to be transparent about their network management practices,” said the company, which estimates it has invested more than $60 billion in content alone over the past five years ֖ about 50% of its total revenue.

Peering concerns

Netflix also believes that such rules and requirements should not be imposed on content delivery networks (CDNs) and other “non-mass-market BIAS [Broadband Internet Access Service] offerings, such as web hosting and data storage services.” Those fall outside the scope of the rulemaking, Netflix argued.

But Netflix does want the FCC to ensure the rules apply to interconnection practices and peering, holding that large ISPs “exploit the size of their networks” by demanding fees for the ability to interconnect directly to their networks to deliver content to subscribers. Some of that reasoning stems from a PAID PEERING AGREEMENT WITH COMCAST that Netflix reluctantly agreed to about a decade ago.

Netflix continues to point to its own Open Connect edge caching platform as an option for ISPs to access and deliver Netflix content more efficiently and economically. Netflix said it has spent more than $1 billion on Open Connect (offered free to ISPs) at more than 700 caching locations in the US.

Until the restriction lifted in May 2023, Charter Communications was banned from employing usage-based home broadband data policies and striking paid peering deals as conditions of its 2016 acquisition of Time Warner Cable and Bright House Networks. Charter TOLD LIGHT READING at the time that the operator had no plans to change its policies on data caps and paid peering.

SOURCE

Posted by Elvis on 01/22/24 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Tuesday, August 15, 2023

The Dot In An Email Address

image: bad pc

It was bad enough learning EMAILS LEFT UNOPENED on a providor’s email server are officially “abandoned” after 180 days, giving the government and ISPs the legal right to open and read them.  The last effort to put an end to that - HR 387 - didn’t pass congress.

It was a hundred times worse to realize that email SPAM filters peek and read inside emails, and there may no way to SHUT THEM OFF.

The automated systems scan the content of emails for spam and malware detection, as many other email providers automatically do, but also as part of Google’s “priority inbox” service and tailored advertising.

Google’s ads use information gleaned from a user’s email combined with data from their Google profile as a whole, including search results, map requests and YouTube views, to display what it considers are relevant ads in the hope that the user is more likely to click on them and generate more advertising revenue for Google.

Are you one of those people who has a GMAIL ADDRESS like firstname.lastname[at]gmail.com?

Read THIS:

Dots don’t matter in Gmail addresses

If someone accidentally adds dots to your address, you’ll still get that email. For example, if your email is johnsmith[at]gmail.com, you own all dotted versions of your address:

john.smith[at]gmail.com
jo.hn.sm.ith[at]gmail.com
j.o.h.n.s.m.i.t.h[at]gmail.com

Your Gmail address is unique. If anyone tries to create a Gmail account with a dotted version of your username, they’ll get an error saying the username is already taken.

For example, if your address is , no one can sign up for .

Your account is still private and secure. Emails sent to any dotted version of your address will only go to you.

For example, johnsmith[@]gmail.com and j.o.h.n.s.m.i.t.h[@]gmail.com are the same address and go to one inbox.

GMAIL SNOOPING

Posted by Elvis on 08/15/23 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Saturday, April 29, 2023

And You Were Worried About Cookies

image: google ceo schmidt
 
One of the ways [reCAPTCHA] v3 checks validity is through examining whether you already have a Google cookie installed on your browser. Cookies are stored data about your interactions with a site, generally so elements can load again faster. Sign into a Google account, and reCAPTCHAs like you already…
 
but due to v3’s wider scope, a more comprehensive online profile must be in place too… The service gathers software and hardware information about site visitors, like IP address, browser plug-ins, and the device you’re using.
- Google’s ReCAPTCHAs Also Capture Your Private Information, MakeUseOf, 2018
 
reCAPTCHA Enterprise helps state governments reduce false claims by preventing adversaries from automatically reusing credentials on unemployment claims portals.
- How reCAPTCHA Enterprise protects unemployment and COVID-19 vaccination portals, Google Cloud Blog, 2021
 
Can’t get past captcha to request unemployment check
- Reddit Thread, 2021

I’m one of those that tries to practice good web surfing habits.  A noble, but USELESS exercise.

The FLORIDA UNEMPLOYMENT WEBSITE used to only use Google’s recaptcha - making it easy for them to learn whose filing for unemployment - but then during Covid, they got a validation service from ID ME

Dealing with that website was painful. I couldn’t sign up because it insisted on texting a code to my mobile phone number on file at the unemployment office, but the only number they have for me is a land-line that doesn’t have text. The system kept telling me to answer the text I never got, and never will get.

There was no number for tech support, and only a web form to fill out that kept kicking me out with a 500 ERROR - leaving me wondering if it actually worked.  I wrote to Governor DeSantis and the local news for help.  It took six weeks to finally sign up.  Now that place has copies of my driver’s license, mortgage bills, social security number, my face, etc.  Wait until these guys get hacked.

It brought back memories of the government’s 2015 OPM LEAK that included me and 20 million other Americans whose records were stolen.  For that the government gave us a lousy year of free credit monitoring.  Gee thanks.  They could have given us new social security and driver’s license numbers.  It’s not like after a year the files will disappear.  Although I bet they can set them up with self-destructs like OFFICE 365’S DATA RETENTION

If those files were MP3S or KINDLE EBOOKS they’d be locked down with DRM.

Since they’re not, the OPM files may be out there forever.  Here, protecting things like music and ebooks is more important than ANY PERSONALLY IDENTIFIABLE DATA OF OURS

Computer analytics are OUT OF CONTROL, infosec is a LAUGH, and internet privacy even more laughable.

We need laws with teeth protecting privacy.  And better oversight of these companies with government contracts.

What do we do about GOOGLE who may know more about us - government and public - than the AKASHIC RECORDS?

Where is the public discussion?

---

Google Promises reCAPTCHA Isn’t Exploiting Users. Should You Trust It?
An innovative security feature to separate humans from bots online comes with some major concerns

By Owen Williams
One Zero
July 19. 2019

A surprising amount of work online goes into proving you’re not a robot. Its the basis of those CAPTCHA questions often seen after logging

They come in many forms, from blurry letters that must be identified and typed into a box to branded slogans like “Comfort Plus” ON THE DELTA WEBSITE - as if the sorry state of modern air travel wasnt already dystopian enough. The most common, however, is Google’s reCAPTCHA, which launched ITS THIRD VERSION at the end of 2018. It’s designed to drastically reduce the number of challenges you must complete to log into a website, assigning an invisible score to users depending on how “human” their behavior is. CAPTCHA, after all, is designed to weed out bot accounts that flood systems for nefarious ends.

But Google’s innovation has a downside: The new version monitors your every move across a website to determine whether you are, in fact, a person.

A necessary advancement?

Before we get into the how of this new technology, its useful to understand where it’s coming from. The new reCAPTCHA disrupts a relatively ancient web technology that has been harnessed for plenty of things beyond security.

CAPTCHA - which stands for Completely Automated Public Turing test to tell Computers and Humans Apart first appeared in the late ‘90s, and it was DESIGNED BY A TEAM at the early search engine AltaVista. Before CAPTCHA, it was easy for people to program bots that would automatically sign up for services and post spam comments by the thousands. AltaVista’s technology was based on a printer manual’s advice for avoiding bad optical character recognition (OCR), and the iconic blurry text in a CAPTCHA was specifically designed to be difficult for a computer to read but legible for humans, thereby foiling bots.

By the early 2000s, these tests were everywhere. Then came reCAPTCHA, developed by researchers at Carnegie Mellon and purchased by Google in 2009. It used the same idea but in an innovative way: The text typed by human users would identify specific words that programs were having trouble recognizing. Essentially, programs would scan text and flag words they couldn’t recognize. Those words would then be placed next to known examples in reCAPTCHA tests - humans would verify the known words and identify the new ones.

By 2011, GOOGLE HAD DIGITIZED the entire archive of the New York Times through reCAPTCHA alone. People would type in text from newspaper scans one blurry CAPTCHA at a time, ultimately allowing Google to make the Times back catalog searchable forever. While creating a velvet rope to keep bots off sites, Google had managed to conscripthuman users into doing the company’s grunt work.

There’s no way to opt out of reCAPTCHA on a site you need to use, forcing you to either accept being tracked or stop using a given service altogether.

With that achievement under its belt, reCAPTCHA switched to showing pictures from Google’s Street View software in 2014, as it does today. After pressing the “Im not a robot” box, you might be prompted to recognize which of nine images contain bicycles or streetlights. Behind the scenes, Google reduced the frequency at which people were asked to complete these tests by PERFORMING BAHAVIORAL ANALYSIS - reCAPTCHA can now run in the background and track how people use websites.

If a Google cookie is present on your machine, or if the way you use your mouse and keyboard on the page doesn’t seem suspiciously bot-like, visitors will skip the Street View test entirely. But some privacy-conscious users have complained that clearing their cookies or browsing in incognito mode DRASTICALLY INCREASES the number of reCAPTCHA tests they’re asked to complete.

Users have also pointed out that browsers competing with Google Chrome, LIKE FIREFOX, require users to complete more challenges, which naturally raises a question: Is Google using reCAPTCHA to cement its own dominance?

Google’s perspective

To use its latest version of reCAPTCHA, Google asks that DEVELOPERS INCLUDE ITS TRACKING TAGS on as many pages of their websites as possible in order to paint a better picture of the user. This doesn’t exist in a vacuum: Google also offers GoogleAnalytics, for example, which helps developers and marketers understand how visitors use their website. It’s a fantastic tool, included on more than 100,000 OF THE TOP ONE MILLION visited websites according to “Built With,” but its also part of a strategy to monitor users’ habits across the internet.

The new version of reCAPTCHA fills in the missing pieces of that picture, allowing Google to further reach into those sites that might not use its Analytics tool. When pressed on this, GOOGLE TOLD FAST COMPANY that it won’t capture user data from reCAPTCHA for advertising and that the data it does collect is used for improving the service.

But that data remains sealed within a black box, even to the developers who implement the technology. The DOCUMENTATION for reCAPTCHA doesn’t mention user data, how users might be tracked, or where the information ends up - it simply discusses the practical parts of the implementation.

I asked Google for more information and what its commitment is to the long-term independence of reCAPTCHA relative to its advertising business - just because the two aren[t bound together now doesn[t mean they couldnt be in the future, after all.

“It will not be used for personalized advertising by Google.”

A Google representative says “reCAPTCHA may only be used to fight spam and abuse” and that ғthe reCAPTCHA API works by collecting hardware and software information, such as device and application data, and sending these data to Google for analysis. The information collected in connection with your use of the service will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalized advertising by Google.”

That’s great, and hopefully Google maintains this commitment. The problem is that there’d no reason to believe it will. The introduction of a powerful tracking technology like this is a move that should come with public scrutiny because we’ve seen in the past how easily things can go sour. Facebook, for example, promised in 2014 that WhatsApp would remain independent, separate from its backend infrastructure but WENT BACK ON THAT DECISION after just two years. When Google acquired Nest, it promised to keep it independent but RECANTED FIVE YEARS LATER, requiring owners to migrate to a Google account or lose functionality.

Unfortunately, as users, there’s little we can do. There’s no way to opt out of reCAPTCHA on a site you need to use, forcing you to either accept being tracked or stop using a given service altogether. If you dont like those full-body scanners at airports, you can at least still opt out and get a manual pat-down. But if a site has reCAPTCHA, thereҒs no opting out at all.

If Google intends to build tools like this with the public good in mind rather than its bottom line, then the company must find better ways to reassure the world that it won’t change the rules when it’s convenient. If it were willing to open-source the project (as it has with many, many others), move it outside the company, or, at the very least, establish third-party oversight, perhaps we could start building that trust.

SOURCE - ARCHIVE

---

The IRS wants your selfie. ID.me CEO says don’t worry about it.

By Irina Ivanova
CBS News
January 28, 2022

“ID me”, the verification service that most U.S. states turned to during the pandemic to confirm the identity of people applying for unemployment aid, attracted public scrutiny this month when it was revealed that the Internal Revenue Service would start requiring anyone wanting to check their tax information online to register for an account with the private company.

The IRS move has sparked outrage among civil liberties advocates and ordinary taxpayers over concerns that the system - which requires users to upload their ID and submit a selfie or video chat with an agent - could expose troves of personal information to hackers. Some lawmakers also expressed reservations, with Senator Ron Wyden of Oregon SAYING he is “very disturbed” by the IRS’ plan. The agency is paying $86 million on the contract.

Blake Hall, “ID me’s” founder and CEO, sees it differently. In an interview with CBS MoneyWatch, he described the company’s verification technology as both more inclusive than other identification options - many of which won’t verify anyone who lacks a credit report, for instance - and more secure.

“What we’re doing is simply the digital equivalent of what every American does to open up a bank account,” Hall said.

In Hall’s view, the IRS is under assault from burgeoning criminal gangs. ID.me has already stopped would-be fraud in “tens of thousands” of cases, he said.

Over a Zoom interview, Hall shared images of several would-be fraudsters who he said tried to fool “ID dot me” by wearing a mask to take a selfie. “If that check didn’t exist, those people would have become victims of identity theft,” Hall said.

Hall said that just 10% of the people who sign up with “ID me” can’t complete the company’s selfie process and need to move on to verify their identity with a video agent.

No alternative route

However, with 70 million Americans already signed up with the system, even 10% can add up to a lot. State officials have documented complaints of people being unable to prove their identity and being wrongly cut off from benefits. A REPORT from Community Legal Services of Philadelphia called the process “extremely difficult and tedious to complete.”

Several people reached out to CBS MoneyWatch to describe being caught in limbo after they were unable to verify themselves on “ID me”.

Arizona resident Michelle Ludlow said she tried to get a new driver’s license last summer at the HEIGHT OF THE PANDEMIC. Because government offices were closed for in-person business, Ludlow tried verifying herself online with “ID me” - trying for half an hour, over several days, with and without glasses. But the system wouldn’t recognize her face as the one on her license, she said.

“There was no alternative route to go if “ID me” couldn’t make a match with a selfie,” she said in an email.

Ludlow works in a tax-preparation office and is concerned the selfie step will make it impossible for some of her clients to access their IRS records.

“Some of our clients have trouble sending us documents via email, so I can only imagine their frustration at the new system - especially if it doesn’t work,” she said.

Mandatory arbitration

Critics of “ID me” also question the wisdom of having a private company that isn’t subject to open-records laws be the gatekeeper for Americans’ access to vital government services. They point out that “ID me” is required to keep users’ data for seven years - even when a person asks for its deletion - to comply with government requirements.

Users who sign up for “ID me” also have to agree to a mandatory arbitration provision, giving up their right to sue the company in court or join a class-action lawsuit if, for instance, their identity is stolen.

To this, Hall said that Americans could access government services without going online. For instance, taxpayers can request their IRS records and wage transcripts by calling the agency - assuming they[re in the 1 in 4 callers who can get through.

“There are alternative ways to interact with virtually every federal agency that we support,” he said.

“We’ve never been in favor of being the only way to get in,” he continued. “One day,” he suggested, “online identity verification will be much like credit cards, with several options users can choose from.”

“It should be more like Visa and banking,” he said of the emerging industry and its technology. “As long as you can meet the standards, folks should be able to pick who they want their login provider to be.”

SOURCE

---

Google ‘wiretapped’ tax websites with visitor traffic trackers, lawsuit claims
And this wiretap, is it in the room with us right now?

By Thomas Claburn
The Register
August 18, 2023

Google was sued on Thursday for allegedly “wiretapping” several tax preparation websites and GATHERING PEOPLE’S PERSONAL SENSITIVE DATA.

And by wiretapping, they mean Google Analytics code added by the tax firms themselves to their own websites to measure visitor traffic and demographics.

The COMPLAINT [PDF], filed in a US federal district court in San Jose, California, on behalf of plaintiff Malissa Adams and others, accuses Google of collecting personal data from US taxpayers using online tax filing websites offered by H&R Block, TaxAct, and TaxSlayer, among others.

Google was sued on Thursday for allegedly “wiretapping” several tax preparation websites and gathering people’s sensitive personal data.

And by wiretapping, they mean Google Analytics code added by the tax firms themselves to their own websites to measure visitor traffic and demographics.

The >COMPLAINT [PDF], filed in a US federal district court in San Jose, California, on behalf of plaintiff Malissa Adams and others, accuses Google of collecting personal data from US taxpayers using online tax filing websites offered by H&R Block, TaxAct, and TaxSlayer, among others.

“What made this wiretapping possible is Google Analytics’ tracking pixel, which is embedded in the JavaScriptof online tax preparation websites,” the complaint stated.

Google Analytics works like this, mainly: Google generates a snippet of JavaScriptcode to INCLUDE in your pages; when people visit those pages, the code pings home to Google, allowing the ads giant to record details of those individual visits. Site owners can then view dashboards summarizing their traffic: how many people were looking at what times, which countries they were in, what kind of device they used, and so on. There are other ways to add pages to Analytics.

“These tax preparation companies sent private tax return information to Google through Google Analytics and its embedded tracking pixel,” the lawsuit continued, “which was installed on their websites. These pixels sent massive amounts of user data to Google to improve its ad business and enhance its other business tools.”

Doing so is illegal, the complaint contended, because UNDER AMERICAN LAW tax-return information cannot be disclosed to unauthorized parties without consent from the payer. It will be interesting to see if the courts rule that Analytics actually vacuums up tax-return info.

Google Analytics can collect as many as 200 different metrics, according to the complaint, which says that while the ad giant maintains such information is not associated with individuals, “a Stanford and Princeton study [PDF] found that Googles tracking software is able to ‘successfully carry out de-anonymization’ through a simple process that leverages a user’s web browsing history collected by Googles tracking tools.”

Google did not immediately respond to a request for comment. (Full disclosure: Yes, like many websites, The Register uses Google Analytics among other tools to keep track of readership size.)

The tax privacy lawsuit follows a REPORT [PDF] released LAST MONTH by seven US lawmakers that said TaxAct, H&R Block, and TaxSlayer had admitted “that they shared taxpayer data via their use of the Meta Pixel and Google’s tools.”

The legislators’ dossier built on investigative work done by The Markup in early 2022, with the help of Mozilla Rally, to STUDY THE META PIXEL and how it collects data. A subsequent report from the news non-profit FOCUSED on tax company websites.

Though privacy concerns about “wiretapping” from tracking pixels and related scripts date back more than two decades, when they were referred to as “web bugs” or more euphemistically “web beacons,” government officials didn’t really get serious about raising the alarm and doing very little until Facebook’s Cambridge Analytica scandal in 2018.

More Context

“Though privacy concerns about “wiretapping” from tracking pixels and related scripts date back more than two decades, when they were referred to as “web bugs” or more euphemistically “web beacons,” government officials didn’t really get serious about raising the alarm and doing very little until Facebook’s Cambridge Analytica scandal in 2018. [WEB]

SOURCE | COMMENTS

Posted by Elvis on 04/29/23 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home
Page 1 of 29 pages  1 2 3 >  Last »

Statistics

Total page hits 13233776
Page rendered in 2.0882 seconds
41 queries executed
Debug mode is off
Total Entries: 3645
Total Comments: 341
Most Recent Entry: 06/16/2024 08:48 am
Most Recent Comment on: 06/14/2023 06:21 pm
Total Logged in members: 0
Total guests: 7
Total anonymous users: 0
The most visitors ever was 588 on 01/11/2023 03:46 pm


Email Us

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

The difference between genius and stupidity is that genius has limits. - Albert Einstein

Search


Advanced Search

Sections

Calendar

June 2024
S M T W T F S
           1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

Most recent entries

Must Read

RSS Feeds

BBC News

ARS Technica

External Links

Elvis Favorites

BLS and FRED Pages

Reference

Other Links

All Posts

Archives

RSS


Creative Commons License


Support Bloggers' Rights