This lawsuit is idiotic. They're claiming Google is doing something wrong by tracking users from websites using ad tech when someone uses their browsers private browsing mode.
Actually I think it nicely highlights the contradictions inherent in Google's monopolistic position. The user clearly expressed an intent to browse "privately" in one Google product - Chrome. The fact that this doesn't then completely block Google Analytics or forward the preference for privacy to other Google properties is a choice that conveniently aligns with Google's ad business but ignores the intent of what the user is trying to do.
Alternatively, this is working as intended since Google isn't acting as a monopoly by tying disparate products together. You get the same experience in chrome incognito as Firefox incognito.
Google runs both Chrome and Analytics. And they do not warn explicitly that other Google products may store the history even in the private mode. Which some may interpret that Google lies when claiming about their private mode. So the case may have merit in theory.
The confusion is that google makes chrome. Plain and simple. A feature (incognito) with a bypass (analytics) is a non-feature since they are both done by the same company. So the practical solution is for them to be not done by the same company.
If you start from the axiom that Google should be broken up, this is a reasonable conclusion. But punishing a company for keeping separate products separate would actually undermine most anti-monopoly law.
They are not separate in the monopoly sense though, are they ? Chrome, presumably a cost center, exists only to facilitate google's other businesses. Nobody has punished google for keeping products separate. Quite the contrary. It has always been about extending dominance in one segment to an unrelated one. So google could say that they treat all trackers equally in the incognito mode, and that would be correct, but if google analytics is the revenue center, and the cost center is giving it a free pass, the argument that other trackers can also bypass incognito seems weak.
Why is it idiotic to expect Google to respect a users wish not to be tracked? Half the world has laws that require Google to ask permission. Using private browsing mode is a very clear indication the the user does not want to give them that permission.
It's really not that hard. Google and Facebook just don't want to understand it.
> Using private browsing mode is a very clear indication the the user does not want to give them that permission.
How? Incognito is meant to keep your history clear from other people who use the computer. It explicitly does nothing about websites tracking your activity.
I was under the impression that it wasn't supposed to be possible for a website to tell that the page was loaded in incognito mode; in fact, I thought it was important that they not be able to. As such, how would the page with good analytics even know the user was incognito.
I think the OP doesn't mean it's idiotic for Google to respect a user's wish not be tracked. I believe he's referring to lawyers not understanding separation of browser and web services.
I was really hoping this would be a lawsuit about Google collection of information period, rather than a quibble like this. Please too remember that Boies etc are the same scumbags (and that's the correct term) who defended Theranos, harassing those who informed the government.
That every other website in existence is behaving "badly?" Do you think Chrome should tell the website that the user is browsing in incognito mode so that websites will treat them differently? For example, a paywall website with a free article limit would simply not show content to users saying they are in incognito mode.
Enabling incognito mode in Chrome and Firefox even explains that it doesn't stop server-side tracking, so it's not even misleading.
There is DNT for example, which can easily be used to transmit the user's intentions automatically and without unnecessary interaction. The technical means are there, they just need to be enforced, which maybe this lawsuit will improve...
It's the website's responsibility to respect DNT=1, then not load the ga script. DNT is not widely adopted and there are no legal mandates for it. It is simply an expression of preference. Blocking third party scripts and third party cookies is something you can set in all browsers which will block GA.
It's not so idiotic. Google collects information that people don't want them to collect. That arguably objectionable, even if it's not strictly illegal. It will be interesting to see whether this case gets a sympathetic judge, but I imagine it will end up being dismissed like previous lawsuits of this variety. Nice bit of publicity for the law firm though.
I think the debatable point here is that the lawsuit implies that the problem is that Google is not integrating analytics and Chrome enough. Analytics works in a certain way, and chrome works in another. The expectation that because both products belong to Google, they should treat each other in a special manner (i.e. Site-side Analytics should be behaving differently when encountering a chrome browser) is pretty iffy.
Not my proposal. Regardless, a case is being made that Google is in a position to ensure its analytics services comply with the GDPR when a browser has been put into a mode clearly intended to opt out of tracking.
Other websites or services may be able to say they can't control how those browsers in such modes communicate that intent. Google cannot.
I agree with you, but I think the problem is a disconnect between what incognito actually does and what people think it does. That distinction is pretty obvious to people who have done any sort of web development, but it's hard to explain to the average user.
If the issue is on the collection side, what technical mechanism does Google have for identifying incognito traffic? There's already a game of whack-a-mole being played because news sites are detecting if you're in incognito mode, but that's in JS, so the access logs were already collected, and the the hacks for detecting incognito are slowly getting fixed, so it's not a viable solution.
DNT is a header, but it's a preference and not legally binding.
The only thing Google did that was "wrong" is that incognito gave uses the impression that they weren't being tracked externally, when in reality the only thing it does is not save your history and start with no cookies.
What you're saying only serves to support the argument that the tracking is wrong in the first place, IMO. Google doesn't have a right to follow everyone around the web and flex their muscle just because they can. Since they have a monopoly and nobody is even close to challenging them, someone needs to step in and regulate them.
There are the data privacy laws that mandate users be able to opt of tracking, and it should be pretty clear to a non-psychopathic company that a person using the private mode on their browser is opting out of any tracking.
Google is one of the biggest companies in the world. Do they really need to be wringing their users as hard as they can to milk out every last drop of ad revenue potential?
That's not what incognito mode is. It literally says on the first page when you open incognito window. People want to skip reading technical details when provided but then get angry when a company does the exact thing they warned about.
Also where does this end? Should car dealerships be allowed to analyze your data? Cars you've bought, cars you test drove etc.?
A disclaimer that a technical vulnerability exists isn't some kind of implicit invitation for a company like Google to use that vulnerability for their benefit. It's true that it's technically possible to track users using a private browsing mode, but it is not ethical.
If you have a car with a broken lock, that's not some kind of open invitation to burglars to steal whatever they want from your car.
You are asking that browsers announce to websites that the user has incognito mode enabled, which immediately opens the door to websites refusing to serve users running incognito mode at all.
I think that's entirely fair: Websites should not track users who do not want to be tracked, but websites should decide whether or not to serve clients which aren't to be tracked.
Well, ideally yes, but let's be honest here. If we can't trust websites to not abuse data, how can we possibly trust them to respect a polite request not to gather the data in the first place? I would personally rather have an incognito mode feature that I have confidence performs the task it claims to do without alerting the website, than one that loudly announces its presence, on the hope that it might be respected.
I don't trust Google, but I certainly don't want Google to trust random websites on my behalf.