“To the rich, parking fines are just price tags” [1]
While annoying for Google, this is a mosquito bite.
Google Annual Revenue:
$279,800 Million
And today they’ll be fined:
.. .. $93 Million
It’s about “an hour” of their annual income.
At these prices it’s pretty much worth it to be pulling all sorts of unethical moves. This is not even the price to play but rather the price if you get caught.
Comparing the entire company's revenue to the fine is a bit misleading. Arguably, the more relevant comparison is to consider how much marginal revenue the violating feature actually produced. Granted, probably no one besides Google knows that number, but it's surely orders of magnitude lower. If those numbers are comparable, this starts to look like a reasonable penalty.
I definitely don’t ascribe to the notion that crimes should be punished equally to their benefit to the party. Otherwise bank thieves would just give it all back when caught, and the risk to reward is minimal. It should be enough to dissuade a company from ever doing these illegal acts
I don't think the marginal revenue is directly relevant. The relevant question is how big does the fine have to be to discourage illegal behavior in the future? The marginal revenue of the behavior is somewhat relevant because the fine should obviously be at or higher than that amount, but that's really a lower bound.
They lost a similar case in 2012 about lying to Safari users about privacy settings and were fined $22.5M (~$31M today). They lost one in 2010 about violating the Wiretap Act for collecting packets from unencrypted wifi networks. They lost another one in 2010 for Google Buzz. Some of those were settled, but I would consider it roughly equivalent to losing if they'd rather buy their way out than have to present a case.
Given that they previously lost a case (to California, again, no less) with similar underlying issues, I would consider this to be flagrant flouting of the law and it should be punished proportionally to that flagrancy. Roosevelt said to "speak softly and carry a big stick". Google didn't listen to the soft speaking, so California should hit them with the big stick hard enough to remind them that they only exist in California at the pleasure of the people of California.
My proposal would be a fine equal to 100% of revenue derived from Californians for the period they were violating the law. They need a fine big enough that the C-levels start asking legal whether they can use the bathroom or not, and a promise that all future violations will be treated the same way. For pity's sake, California has a 3 strikes system for individuals. It's not like the state doesn't do disproportionate punishment. If Google were a person, they would've been in jail a decade ago and probably staring down California's 3-strike law and life in prison.
Not defending the comparison against revenue, but we’d need to compare the value produced by the illegal tracking against the probability of getting caught and fined.
Given google are unlikely to be the only one doing this, the expected value of breaking the law could still be quite high
That lets them use the revenue from the other business units (that didn't get caught that year) as insurance against the loss when one business unit does get caught. The punishment has to hurt the whole company, or it's pointless.
exactly - people each time there is a fine they continue to regurgitate the usual "but what bout their revenue" - people on the orange site thinking they know better than a panel of expert regulators
Google's net income is something like 60b, so more like half a day which is a bit more significant. Multiply that by all the different angles regulators are going to be coming for big tech and it might start to add up enough that it shapes internal policy further.
Since almost all of their revenue is from tracking users, that implies we'll need over of these rulings per day if we want it to be economically rational for them to stop violating people's privacy.
When we as externals are at “if enough fines are issued it might start to shift behaviour” we’re very much dealing with a party for whom this is a mere inconvenience.
> Revenue: $279,800 Million > about “an hour” of their annual income
Nitpick: mistaking revenue for income(profit) is a very common error most of us make when talking about businesses. If you wish to own a business or invest, it is well worthwhile to program the difference into your head. It matters less for high margin businesses, but it is crucial to delineate the difference for low margin businesess (such as retail).
Folks talking about how easy it is to see and change these settings, remember that many of the patterns and practices being litigated go back years to when these settings were less clearly stated, if they were stated at all. The reason there is such transparency now is because of years of pressure from lawsuits, regulators, and reporting.
For me it's less about knowing how to turn them off and the constant worrying fear they'll be reset with the latest update, or some random feature that I actually need will get turned off along with it.
When considering bad faith actors, I tend to consider taking extreme: I worry that the toggles don't actually do anything at all. Or there's some other means of exfiltration in use that's not covered by the existing controls.
> the constant worrying fear they'll be reset with the latest update
Which happens a lot and is very annoying.
A fantastic example is how Twitter defaulted everyone's DMs to only allow them from people that pay for subscriptions. It is also buried. Settings > Privacy and Safety > Direct Messages. What a fucking crazy dark pattern. It's so bad I see recruiters routinely post "DM me" and they have their inbox closed.
Probably. Though they can also change their settings.
While I agree with you, at the same time I think we need to recognize that most people are very uncomfortable with switching platforms. There's a lot of opportunity costs to most people. People tend not to be long term thinkers and aren't considering the consequences of their actions. For example, look at how many people here on HN -- where tech literacy is high as well as capabilities -- complain about Google's domination of the internet yet at every turn are quick to go after Mozilla and Firefox. The main alternatives are still Chromium based browsers. Same is true about Apple's walled garden. The sad truth is that things won't change unless we can convince the __average__ person, not __a__ person. Hell, I can't even get the most paranoid big brother boomer to use Signal despite it being rather trivial. I just don't know anymore tbh.
Many people don't understand this in the same way that many people don't understand the tweaks you can make to your car engine.
Sometimes they make changes which undoes the settings and sometimes settings are per device. It is quite difficult to keep track of it all.
And sometimes turning off an ad feature cuts out a ton of non ad features. Example I can't turn off Google location tracking ad features without turning off googles ability to show me recent locations I drove to which I find quite helpful.
> While Google is not admitting any fault as part of the settlement, the company did agree to several other terms in addition to paying $93m. Those conditions include being more transparent about its location tracking practices; notifying users before location information is used to build ad profiles to target specific people; and getting approval from Google’s internal privacy working group before making any material changes to privacy.
That last line is oddly reminiscent of the government delegating safety audits to the airplane manufacturers themselves.
> is used to build ad profiles to target specific people
I was wondering how they'd comply for logged out users. I'll bet the phrase "specific people" explicitly excludes pseudonymous profiles (which are trivial to de-anonymize) and explicitly allows them to use clustering algorithms with arbitrarily fine granularity. ("This isn't a profile for a specific user. It's a cluster that could contain an arbitrary number users. It currently only contains one, but that's bound to happen, given the number of clusters...")
Yeah, but it makes me wonder if an internal privacy working group already existed, and they weren't approving changes in privacy rules, what were they actually doing?
It's not as if privacy teams are reviewing each code change at Google. The teams making changes are generally responsible for knowing if and when to seek out approval/advice.
You can find hordes of shills to state otherwise but alas tech has become an industry that is based on deception.
Its a fateful turn of events. It means that the fundamental and very powerful information engineering skill, something that is in-principle vital, neutral and promising, is lost to the world as a force for good.
You cant put lipstick on a pig. That moral deficit at the core of the industry is fatal. Nothing good or lasting will be built on it.
They likely made way more than $93M doing this, which means this is just a cost of business, and does nothing for consumer protections going forward, nor does it discourage google from continuing this behavior.
You need fines with real teeth or pass laws that make this illegal.
this location timeline page https://timeline.google.com/maps/timeline should be included up along in there. if not deceptive, it's certainly badly designed and confusing enough for you to overlook what options are available to you. in dark mode, these little buttons (that actually manage your data and obscure important options) are almost unnoticeable. and this is somehow the only way to delete your location data, both web and mobile. even on android it's still just a redirect to that same web page. there is no native 'delete location history' button. (and if you do open that page on android, you might have to sign in to your account again before even seeing anything lol. as always, burying and obscuring controls. it couldn't be that hard to implement a 'delete all' button on activity controls page right before, but oh nooo, what if people would actually deprive google of location data.)
For me there's a big "Manage Location History" button on the main page, which has a clear option to turn off or turn off and delete, as well auto-delete setting. Not sure how dark mode would affect how visible it is, but in the default view, it's pretty in your face.
I'd say the trickiest bit is probably finding your timeline in the first place if you don't regularly make use of it, but I get periodic emails about it — at least a monthly summary.
EDIT: Looks like, at least in Firefox, the page doesn't respect Dark Mode at all.
EDIT 2: Here's the top and bottom of my monthly email from them: https://imgur.com/a/oUez8ZC — multiple direct links to the page to turn off and delete location data.
This has to be the most visible privacy control Google offers. Nobody is in Location History unless they turned it on, and if you have it turned on you get a reminder every month by email that says right at the top, in the snippet, "You're receiving this email because you turned on Location History, a Google Account-level setting that creates Timeline, a personal map of your visited places, routes, and trips. You can view, edit, and delete this data anytime in Timeline."
I deleted my history several times back when I used a google account. It can be done in two places, but the easier is, starting from any google application, click ProfileImage > Manage your Google Account > Data and Privacy. On that page is Location History, in the Things you've done and places you've been category. In there your options are Delete all, or Delete activity older than <range>. And it can be recurring deletion as well.
In the same Privacy page, you can easily delete or download anything you want.
I'm confused. What is the Android or app configuration necessary to enable this tracking? "Web and app activity", the only setting mentioned in the article, doesn't ring a bell. Is it all assuming the creation and use of a Google account?
Yes, however most people have google accounts. For example, with an android, it is impossible to download an app from the Play Store without a google account (assuming you aren't using a mirror, and other stipulations), so that alone encapsulats half of Americans, and google has several other products unrelated to android you could be using.
The people in developed countries who this doesn't affect could be negligible.
The fine reflects the weakness of the state's case. The defendants whittled it down to where the expected value of litigating it was equal to the cost of settling it.
No, this slap on the wrist only changed this bad behavior, so they'll try again with something else.
What needs to be done is not a slap on the wrist but a whack over the head with a cluebat that it's been enough and that the next fine will put them out of business so we can stop this endless game of whackamole.
Two weeks ago i was in San Francisco with a friend that works in "big tech" discussing "profit motives" in technology.
They told me that the lobby behind their company had all sorts of tricks to help government "ignore" all the clearly negative things they are doing in the name of revenue. Lobbying, anonymous stock trading "tips" (see Pelosi), influence pedding, etc..
Modern technology companies are all doing what the Tobacco companies did, only they have more plausible deniability.
So a friend of yours told you that Pelosi accepted insider information to make a bundle and both you and your friend did nothing about it? Are you aware that the SEC will reward you for such information assuming it is true?
While annoying for Google, this is a mosquito bite.
Google Annual Revenue: $279,800 Million
And today they’ll be fined: .. .. $93 Million
It’s about “an hour” of their annual income.
At these prices it’s pretty much worth it to be pulling all sorts of unethical moves. This is not even the price to play but rather the price if you get caught.
1. https://i.pinimg.com/564x/a6/06/ec/a606ec5c539472182cf126226...
2. https://www.statista.com/statistics/266206/googles-annual-gl...