Home > All, Security Issues > Google, thy name is hypocrite

Google, thy name is hypocrite

January 25, 2014 Leave a comment Go to comments

Do no evil is best known today as a Google reference; but it occurs earlier in the Bible (2 Corinthians 13:7 King James):

Now I pray to God that ye do no evil; not that we should appear approved, but that ye should do that which is honest, though we be as reprobates.

Do as you would be done by is an immediately recognisable biblical reference (Matthew 7:12 King James):

Therefore all things whatsoever ye would that men should do to you, do ye even so to them: for this is the law and the prophets.

Google has claimed the former, but ignores the latter.

It recently removed two extensions from its Chrome webstore: Add to Feedly and Tweet this Page. This was a good thing. Although the extensions originally did what’s described on the tin, they had been bought by advertising companies of the worst sort. Those advertising companies subsequently slipped in, via automatic updates, adware engines.

Automatic updates are a double-edged sword. In the hands of a supplier you trust they can be a tremendous boon — security patches and software improvements just happen. But in the hands of a dubious firm, automatic updates are a troublesome problem. They can, and in the case of these two extensions, did covertly install all manner of things.

To get round the problem Google has changed its terms of service. In future, extensions will need to be clearly defined — the new terms state that extensions must have “a single purpose,” and be “narrow and easy-to-understand”. Adding a new function secretly, such as adware, clearly breaches these rules.

Google invoked these rules to remove the extensions. In general, however, the company says the new terms won’t be enforced widely until the summer. That implies there will then be some form of enforcement methodology — extension auditing, for example.

Again, this is a good thing. Google is saying that its users should know what the software they use actually does, and it should be easily understood, and their privacy should not be abused.

Which is more or less what the European Union is saying to Google itself. Two European data protection regulators (France and Spain) have already fined the company the maximum possible for breaking privacy laws. Four others (Germany, Italy, The Netherlands and the UK) have agreed that the privacy laws have been broken. Germany, Italy and The Netherlands are expected to levy fines. The UK is more likely to discover some weasel way to avoid fining Google (because of the UK’s traditional thrall to big business), but nevertheless holds Google in breach of the law.

The issue is Google’s privacy policy. It is deemed to be confusing, obscure, and lacking in the means for users to understand or control Google’s use of their personal data. In other words, it is neither of a single purpose nor simple and easy to understand. “Google spins an invisible web of our personal data, without our consent. And that is forbidden by law,” says Jacob Kohnstamm, chairman of the Dutch Data Protection Authority.

Google is doing unto Europe what it won’t allow its app providers to do unto Google: confuse, break the rules and dissemble. It is clearly hoping and expecting that its sheer size will prevent Europe smacking it in the same way it smacked those that disobeyed its own rules. Here’s hoping…

Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s