Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/31/2012
04:20 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Defends Privacy Policy Consolidation

Google sends letter to congressional representatives to clarify pending privacy policy revisions.

Responding to concerns expressed by members of Congress about its forthcoming privacy policy consolidation, Google on on Monday sent a 13-page letter to eight members of the House of Representatives.

Pablo Chavez, Google's director of public policy, characterized the letter in a blog post as an attempt to clear up confusion about what the company is trying to do by combining more than 60 separate privacy policies into a single policy and similarly unifying multiple terms of service documents.

When Google last week announced its intent to clean up its privacy policies on March 1, Google privacy director for products and engineering Alma Whitten explained that the company "may combine information you've provided from one service with information from other services." This will allow service personalization in one Google service to be informed by data from a different Google service, and hopefully provide a better user experience across products.

As an example, Google in its letter notes that its current privacy policies would not allow it to recommend cooking videos on YouTube to a signed-in user who had previously been searching for cooking recipes.

[ Google's service policies don't please everyone. Read Google+ Name Policy Leaves Users Unsatisfied. ]

Harmless though that may sound, Google's plan has elicited concern from government officials, in part because Google is under the microscope at the moment. Regulators in the U.S. and Europe are presently investigating whether the company is conducting its search business in an anti-competitive manner. Google has also invited such scrutiny through the introduction of a search feature called Search plus Your World, which mixes Google+ posts and images in Google search results, to the potential detriment of competitors like Facebook and Twitter.

Congressman Edward J. Markey (D-Mass.), among others, issued a statement last week questioning how much control Google users have over their personal information and asserting that users must be able to decide whether they want their information shared across Google services.

Google's letter assures lawmakers that its commitment to protecting the privacy of its users has not changed and that the upcoming changes will lead to a better experience for users. At the same time, the letter confirms that users will not be able to opt-out of the forthcoming change.

"If people continue to use Google services after March 1, they'll be doing so under the updated privacy policy," the letter states in response to a question about the possibility of opting out. "The use of a primary privacy policy that covers many products and enables the sharing of data between them is an industry standard approach adopted by companies such as Microsoft, Facebook, Yahoo, and Apple."

But the letter goes on to point out that more than 30 Google services, such as Google Search and YouTube, can be used without signing in to a Google Account, thereby precluding the collection of personal data beyond the user's IP address.

It also points out some of the tools Google provides to help users control how their personal information is stored and used, like Google's Dashboard and Ad Preferences Manager, the privacy features supported in Chrome and Gmail, and the company's Data Liberation service, which provides a way to export most Google data.

How can companies find and fix vulnerabilities before they lead to a breach? Better yet, how can software developers identify flaws in their applications before the new software is ever deployed? In this report, Eliminating Vulnerabilities In Enterprise Software, Dark Reading offers a look at some tips and tricks for software development and vulnerability assessment. (Free registration required.)

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Healthcare Industry Sees Respite From Attacks in First Half of 2020
Robert Lemos, Contributing Writer,  8/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: It's a technique known as breaking out of the sandbox kids.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20383
PUBLISHED: 2020-08-13
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...
CVE-2020-24342
PUBLISHED: 2020-08-13
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.