Did Google intentionally track you?

A few days ago, controversy erupted when news broke that Google and other online advertising companies bypassed privacy protections in order to track users of Apple’s Safari web browser and iOS mobile devices.

This is not the first time, nor likely the last time, that Google finds itself in hot water for questionable behavior. At a time when many companies (notably Facebook) try to come up with ingenious ways to hoard personal data about consumers for lucrative ends — undermining users’ privacy along the way — Google’sactions reflect what is becoming the norm in this hypercompetitive space.

Many compare tailored Internet advertising to the old small-town butcher, grocer and tailor. As relationships with these merchants developed over time, they learned about your preferences and were able to provide you with a higher level of service.

But this is a broken analogy, for several reasons.

I grew up in a small town, and guess what — you have no privacy in a small town. It wasn’t until I moved to a large city that I developed an appreciation for not being judged, spied upon and tracked by my community. When I moved to the city, I had a clean slate and something akin to true anonymity.

Similarly, the companies tracking your every move on the Web don’t stop tracking when you visit a new website, or even when you change Internet providers, computers or browsers.

In the nondigital world, this would be like having the butcher, grocer and tailor follow you to your workplace, your home and your family vacation destination. They bring along their children and some of their friends — not saying who, just people they know.

This might result in the perfect cut of meat for your mood, a recommendation for spring vegetables that just came in, and some really awesome workout clothes for your new Pilates classes — but I don’t think any of us would really find this an acceptable tradeoff.

Google knows too much about you

Google stopped using the offending technique after it was reported, although Microsoft is now reporting that Google is using a similar technique to bypass protections in Internet Explorer 9. Google said it had circumvented the protections against third-party cookies in Safari to allow Google+ users to click “+1” (instantly share) when they like an advertisement. That this technique allowed advertising tracking cookies to be placed as a result was just an accident.

Google further defends itself by saying the trackers were not collecting personal information. They were simply checking whether you were logged in to Google and what your preferences were with regard to its advertising.

The problem is that, as a result of this circumvention, Google’s ad networks were also able to start tracking users — an unintentional side effect, according to Google.

Therein lies the problem. Google and other advertising networks chose to circumvent built-in privacy technologies that were designed to prevent the very thing they were trying to do. Google’s own engineers recognized this as a security flaw in the browser code last summer and submitted a fix to the Webkit project.

It is hard to understand how this mistake could have happened, considering the intense scrutiny Google’s privacy policy has received in recent weeks. Clearly the testing of this code was either cursory or nonexistent.

I choose to use Gmail, but that doesn’t mean I expect Google to undo other privacy choices I’ve made in order to make social sharing more convenient. Google is heading in a direction that sounds a lot like Facebook’s frictionless sharing, which automatically shares your activities on the Web through social apps — and that’s scary.

The bottom line is that defining privacy using technical specifications will always lead to clever circumventions. Isn’t it time to take a page from the laws meant to restrict our digital freedoms and use that broad language to instead write laws that defend our privacy?

In the United States, the Digital Millennium Copyright Act restricts our ability to break digital locks like copy protection and encryption. It is illegal to bypass a “technological measure that effectively controls access to a work.”

Basically, this means if the author of a protected work intended to protect it, you must have a darn good reason to break that protection.

Shouldn’t this be the way privacy works? If I take an action that indicates my intention to avoid being tracked, shouldn’t you be required to honor it, even if you suppose it will diminish my “experience” with your products?

Jonathan Mayer, the researcher who described how these cookies exploited the Safari bug, concluded his disclosure by calling privacy protections a “cat and mouse game” or “arms race” with advertising companies.

Average Americans shouldn’t have to stay one step ahead of advertisers by understanding the complexities of how cookies work and the intimate details of how they are used.

Perhaps we should take a piece of advice from Howard Beale from the movie “Network”:

“I want you to get up right now, sit up, go to your windows, open them and stick your head out and yell — ‘I’m as mad as hell and I’m not going to take this any more!’ Things have got to change. But first, you’ve gotta get mad!”

Privacy isn’t dead, it’s just being pulled out from under our feet.

Japan Will Have a Space Elevator by 2050

It might the stuff of science fiction dreams, but a Japanese construction company has announced that it will have built a working space elevatorby 2050. Where can I join the queue?

According to the The Daily Yomiuri, construction company Obayashi Corp has announced it will have built a space elevator capable of shuttling passengers 36,000 kilometers above the Earth by 2050.

The company plans to use carbon nanontubes, which are 20 times stronger than steel, to produce the cables required for the elevator. Those cables will be stretched to a counterweight 96,000 kilometers above our planet, about one-fourth of the distance between the Earth and the moon.

The terminal station, 36,000 kilometers above Earth, will be reached by cars that can carry 30 people and travel at 200 kilometers per hour. An Obayashi official said:

“At this moment, we cannot estimate the cost for the project. However, we’ll try to make steady progress so that it won’t end just up as simply a dream.”

I can estimate the cost: ridiculously, needlessly expensive. But I don’t much care: I mean, it’s a space elevator. Whether this claim can actually become a reality is up for discussion—but they’renot the only horse in the race. I just hope it happens in my lifetime. [The Daily Yomiuri; Image:Michael Evans]

Apple’s New Data Center Is Powered by the Sun

This is Apple’s new data center in Maiden, North Carolina. Unlike most power-hungry centers, this won’t be gobbling up energy from the grid: it’s going to be powered by the sun. If you can’t get your products made 100 per cent ethically, at least you can try and be eco-friendly, right?

In fact, the building actually has two power sources: a giant 100-acre, 20-megawatt solar array on the surrounding land, which will be joined later this year by a 5-megawatt fuel cell system. Apple claims that the fuel cell system is the largest non-utility installation in the world. When you’re rich, you can do that kind of thing.

All told, the plant will generate between 42 and 40 kilowatt hours of power every year: enough power for about 7,400 American homes. [Apple]

Will a standardized system for verifying Web identity ever catch on?

My neighbor recently discovered a four-digit passcode that unlocks the front doors to our apartment building.

He shared the code with me, as well as with his girlfriend, buddies and a few other neighbors. I shared it with some people, and so did others. Within a few weeks, the building’s security system was buzzing constantly for people who didn’t actually have one of the dozen or so physical keys given to tenants.

My apartment building’s security is not all that different from the password-protected login system that forms a chain-link fence around Facebook, Google, iTunes or any other Internet service. Passwords are often shared among family, friends and spouses, and people typically use the same passwords for everything. Many experts say passwords are cybersecurity’s weak link.

To minimize identity theft, the Obama administration is urging Internet companies to agree upon and adopt a standard, reliable identity-verification system that people can use for any website. Each person would choose one company, perhaps their e-mail service provider, to handle credentials for sensitive personal or financial information on other sites.

In this hypothetical digital world, someone could buy books on Amazon.com using a Google account, while another person could sign up for a social network using a PayPal account. Because the U.S. government is involved, Americans might be able to download their tax forms by signing into, say, their Microsoft accounts.

President Obama introduced the initiative in spring 2011, and development of the technology seems to be moving at the speed of Washington, not Silicon Valley. Almost a year later, there’s no consensus among Web companies and government about what exactly this should look like and when we should expect to see it.

Some websites have already embraced an idea similar to what is being proposed, without the government giving them a push. For example, users of TripIt, a travel organizer from Concur Technologies, can log in using their Facebook, Google or Yahoo accounts.

But this typically involves small utilities piggybacking on the networks of larger companies. The biggest Internet players, such as Amazon, Apple, Facebook and Google, do not play well with each other.

Instead, Facebook and Google boast about how quickly they are convincing users to volunteer their personal information in setting up profiles. Apple regularly mentions how many credit cards its iTunes service has on file — at last count, more than 225 million.

People involved in the government initiative said the major players have informally expressed interest. But a Google spokesman declined to make executives available for comment for this story. A Facebook spokesman declined to comment and a PayPal spokeswoman didn’t respond to a request for comment.

These companies may view their respective platforms as a competitive advantage, said Don Thibeau, the executive chairman for the OpenID Foundation. His organization has been trying to provide a sort of universal login system that includes Google and Yahoo, but some users find the system’s row of tiny buttons confusing. OpenID will launch a simplified, single-button alternative called Connect in the next few months, Thibeau said.

Thibeau said he believes technology companies may eventually realize the limits of their identity silos. Similar to how people can now send text messages to friends on different cellular networks, or how a Mac user can open a Microsoft Word file, Internet login systems should one day standardize, he said.

“This notion of standards, as boring as it is, is really the plumbing of the Internet economy,” Thibeau said. “It turns out that you can only go so far with business and Internet services until you come up with standards. Standards build markets. Standards help the pie grow bigger.”

Internet giants have not been eager to unite on their own. For various reasons, having the government involved either provides the best possibility for bringing rivals together or will poison the well, according to people involved. Companies and citizens alike can sometimes have an allergic reaction to government intervention, especially when privacy is involved.

When President Obama announced last year that he was handing over the keys for an online identity initiative to the U.S. Commerce Department, talk of an “online driver’s license” ensued. Observers say that’s not an apt analogy because the identity system, as proposed, wouldn’t be required for using the Web, nor would it be issued by the government. But the idea of a government-controlled database spooked many people.

What Obama’s proposal describes is a series of security problems on the Internet, such as insecure passwords and people handing over sensitive data to dozens of companies, as well as some vague suggestions for how to solve them.

“It’s not a piece of legislation,” said Aaron Brauer-Rieke, a fellow at the Center for Democracy and Technology, an Internet privacy group in Washington. “Instead, it’s the federal government saying here is our vision of how to improve identity on the Internet.”

A year ago, Jeremy Grant inherited the project. He is a senior executive for the Commerce Department’s National Institute of Standards and Technology, and he is playing government liaison to tech companies and privacy advocates as part of the National Strategy for Trusted Identities in Cyberspace, or NSTIC.

The government’s prospective standard for online identity is not expected to result in a law, as long as companies can come to an agreement among themselves. The system could be regulated by the Federal Trade Commission, said people involved in the planning.

“The way that Washington tends to affect change is to either pass a law or to pass a regulation to make something happen,” Grant said. “NSTIC is a bit of a policy experiment.”

After failed government experiments, the United States has observed that an online ID has to be driven by companies, not countries, and has to keep Internet anonymity intact, Grant said.

“We could, on paper, come up with what would be the perfect mousetrap, and no one would want to buy it,” Grant said. “The federal government doesn’t care if you’re a dog [online] or not. Anonymity and pseudonymity have always been hallmarks of the Internet.”

Bidding will begin this month on NSTIC pilot programs that should launch in the summer to demonstrate what an online identity framework could look like, Grant said. The government will carefully determine what safeguards will be implemented in the identification process and the punishments for violators, he said. Some sites could begin launching NSTIC login options in about two years, he said.

Others were not so optimistic.

Persuading every major Internet company and then every Web user to sign up will be a massive undertaking, said Brauer-Rieke, from the Center for Democracy and Technology. “The work of herding cats is just beginning,” he said.

Because this is such an unusual policy experiment, the government cannot point to a similar program in the past that has been successful, said Thibeau, who is also the chairman of the Open Identity Exchange, which counts AT&T, Google, PayPal and Verizon among its members. Also, other countries may object to an initiative led by the United States, he said.

What this system will look like remains undefined. People may have to type in a temporary password received via text message, answer quiz questions or identify friends in photographs, according to people involved in the initiative. NSTIC could even require a hardware dongle that users plug into their computers, though that’s unlikely as people increasingly move to mobile devices that don’t have standard inputs, they said.

Just about everyone involved is in agreement that today’s model of people picking their own passwords will not survive much longer.

“The greatest threat to security and the greatest threat to privacy are passwords,” Thibeau said. “Passwords are really yesterday’s news.”

Apple ‘determined’ to improve conditions at plants in China

Apple CEO Tim Cook on Tuesday said that the world’s most valuable tech company is doing everything it can to address growing concerns over working conditions at its Chinese manufacturing plants.

“We know people have a very high expectation of Apple,” he told hundreds of investment professionals at the annual Goldman SachsTechnology and Internet Conference in San Francisco. “No one in our industry is doing more to improve working conditions than Apple.”

Cook’s comments came one day after the announcement that an independent watchdog group, the Fair Labor Association, hasbegun auditing conditions at plants in China that make most of Apple’s products, including iPhones and iPads.

Cook called it “probably the most detailed factory audit in the history of mass manufacturing.” Apple is taking the “unprecedented step” of recording the results monthly on its website, he said.

Abuses at Chinese plants run by manufacturer Foxconn have gained recent attention amid news reports of long working hours, underage workers and a secretive, militaristic culture. The news has become a rare public relations problem for the computer giant.

But Apple’s chief sounded defiant on Tuesday.

“We think the use of underaged labor is abhorrent. It’s extremely rare in our supply chain, but our top priority is to eliminate it totally. We’ve done that with our final assembly and we’re now working with vendors farther down in the supply chain. If we find a supplier that intentionally hires underage labor, it’s a firing offense,” he told the audience.

Cook conceded there have been widespread violations of the number of hours employees should be allowed to work. He said the Apple’s code of conduct allows for no more than 60 hours a week — 20 more hours than a typical week for American workers.

“We’re determined to drive widespread change,” he said.

Appearing on stage with Goldman Sachs hardware analyst Bill Shope, the 51-year-old Apple CEO fielded questions on a range of topics.

When the subject turned to Apple’s $98 billion in cash, Cook said the company’s board of directors is in “active discussions” on what to do with it.

“I think it’s clear to everyone we have more cash than we need to run the business,” he said.

Still, Cook gave no indication on whether Apple would begin issuing dividends to shareholders, something the company has long avoided.

Cook also declined to go into detail about speculation on whether the company intends on entering the TV business. But he spoke enthusiastically about the company’s $99 dollar set-top box, which the company labels “a hobby.”

“It’s clearly ramping [up],” he said, noting that Apple increased its sales to 3 million units last year. Still, that number pales in comparison to other Apple products. The company sold 37 million IPhones last quarter alone.

“We’ve always thought there was something there [in TV],” he said.

As for tablets, Cook bristled at the suggestion that lower prices from its competitors could hurt its business. Amazon’s popular tablet, the Kindle Fire, for example, sells for $199 compared with $399 for the iPad.

“Price is rarely the most important thing,” he said. “A cheap product might sell some units. Then they get home and use it and the joy is gone.”

Cook ended the 45-minute session by talking about the philosophy driven by his predecessor, Steve Jobs, who died in October.

“Steve drilled in all of us over many years that the company should revolve around a few great products, ” he said. “Don’t think about how great things were yesterday.”