Google will delete data collected from 'private' browsing In hopes of settling a lawsuit challenging its data collection practices, Google has agreed to destroy web browsing data it collected from users browsing in Chrome's private modes – which weren't as private as you might have thought. The lawsuit [PDF], filed in June, 2020, on behalf of plaintiffs Chasom Brown, Maria Nguyen, …
Why would they need to? The data collection in question was enabled at the browser side (Chrome) and Firefox isn't Chromium-based at all. If Moziila is guilty of the same tricks as Google then that's a completely different lawsuit.
But Google. Continuing to track you even if you ask them not to. Colour me surprised! Next thing you know we'll have honest politicians and THEN what will the world come to??!
Firefox users clearly weren't included in the complaint and would have to file separately. Unless, of course, Firefox includes more robust protection that would have prevented Google collecting the information in the first place - somebody with more knowledge of Firefox's security provisions than I possess would be able to answer that.
AlphaGoo has never deleted anything, because keeping data is what they do, and has been what they do for the quarter century of their existence. They aren't going to start deleting stuff now. Anybody who thinks otherwise is a fool. Even if they very publicly go out of their way to "prove" that the data is off their systems ... well, that's what backups are for. And you know they have backups. They may even "prove" they delete the backups. That's what off-site backups are for. And you know they have those, too. In duplicate.
Oh, I believe they do delete the data.
Think (as a hypothetical example) about this sentence when user12345abcdef (Peter Vermout living at this street in that town having this telephone number) typed on a web form:
"My friend Jack and I were going last Saturday to the Irish pub by bike"
Becomes for Google:
* Check lists of all people named Jack having reported the same location as user12345abcdef on Saturday -> Identify "Jack" as userxyz12345abc; Create and store link between user12345abcdef and userxyz12345abc; add tags "friendship", "drinking buddies"; add or increase probabilities.
* Check location history to determine name and location of pub. -> Increase probability that building location at coordinates (X, Y) is of type "pub". Increase probability that subtype is "Irish pub".
* Check location history of nearby people in expected pub location. Cross reference with list of known contacts of user12345abcdef and userxyz12345abc. -> Add tag "mutual friends; user12345abcdef; userxyz12345abc) and assign probability to users x, y and z or update and increase probability if tag exists already.
* Check location history of user12345abcdef and userxyz12345abc. -> Add or update probability of tag "owned vehicle types; non motorized bike" on both.
...
...
* Check location history after leaving pub. Determine differential in bike speed before and after drinking. Update tag "alcohol tolerance", "alcohol consumption profile" and "pub consumption profile".
* Check location history of x, y, z after leaving pub. If starting and ending at same building, update tag on "likely sexual partners" and "sexual preferences".
Then if Google is ordered to delete the user browsing data, at best the phrase "My friend Jack and I were going last Saturday to the Irish pub by bike" is deleted. The analysis of that sentence in correlation with all other data, dream on. That is Googles confidential property and you have zero right to know about it according to them or have "their" data deleted.
When Google acquires medical data for "research purposes", expect the same behaviour. All data they acquired is deleted. All useful bits are added to the victims profile and probabilities and cross links are updated. The contract for sharing and deleting the original data didn't explicitly stipulated that. If governments happy to spill such confidential information with them ever demanded that, Google will find other weasel ways around it.
"And it is becoming more outdated every day and thus much less valuable, they will delete it."
The data going stale at all or how fast can vary quite a lot. Some basic information is going to be good forever and previous addresses are also permanent. A current address will go stale, but buying data from various sources (dark web from hacked DB's) can ping/reset the validity of a current address. Marital status can change, but any progeny won't. Sexual preference(s), religion, politics and all sorts of stuff that might change is often more steady and still valid forever as a snapshot in time. I like reading stories that have detective stuff in them and the sort of look you can get into somebody based on some innocuous data is fairly amazing. Big Data is much like totalitarian regimes in the amount of data they like to keep on everybody. It can be worth good money if a company is willing to pay for the "Insights" package along with the full suite of details on somebody they are looking to hire or investigating for fraud.
No matter what Google tracks and does not track, nothing prevents third-party websites or your ISP from tracking you when you are in incognito mode; and there's nothing Google can do about that. Incognito has never been about tracking; the only use it to hide your surfing habits from your wife.
No matter what Google tracks and does not track, nothing prevents third-party websites or your ISP from tracking you when you are in incognito mode; and there's nothing Google can do about that.
Sure there is. Preventing ISP tracking is a bit harder, especially given the legal requirement for ISPs to retain communications data. That one can be kinda fixed by governments by legislating to throw ISP execs in jail for a minimum of 5-10yrs, if that data is shared outside of the LEA that's allowed to collect it. So in the UK, after tightening up rules on lawful intercepts, for bulk/automatic data collection that's pretty much just GCHQ. And they have better things to do than lol about our pron habits. Plus ISPs generally don't want to track you anyway because it's a PITA to do, and without DPI it doesn't really tell you much other than the basic TCP/IP header info. Sure, if the ISP runs DNS, they could maybe log DNS requests but a lot of ISPs outsource that to.. guess who? From my experience though, the only 'tracking' I've ever wanted or needed to do is collecting src/dst IP addresses for routing & peering analysis. Which is also where legislation can get FUN!, ie a few times I've needed to dig deeper in to packets to troubleshoot weird problems, which is generally legal given I'd got the users consent, and any data was deleted once I'd figured out what the heck was going on.
But AlphaGoo has many more options-
"must delete and/or remediate billions of data records that reflect class members' private browsing activities"; block third-party cookies in Incognito mode for the next five years (separately, Google is phasing out third-party cookies this year);
Hmm.. let me think for a second. How about blocking all cookies, and actually implement a real privacy mode? But then AlphaGoo's already in the process of changing Chrome to block anyone's cookies than it's own, as the report says. Funny how that works, AlphaGoo shutting out it's competitors..
"they have better things to do than lol about our pron habits"
Come on, you are talking about government. They want to know everything about your viewing preferences. At least they want to know if you are also in politics and they need some dirt to throw at you in the next round of elections. Just the basics in a file is handy if you ever do get into politics. With storage so cheap, they can confront you with a fat folder of facts if they ever need to. I am reminded of Neo being interrogated by Smith. The folder on the table was rather thin compared to what can be developed on somebody today for a measly $14.95 or less with a subscription.
Come on, you are talking about government. They want to know everything about your viewing preferences. At least they want to know if you are also in politics and they need some dirt to throw at you in the next round of elections. Just the basics in a file is handy if you ever do get into politics.
This is always the danger with security systems like this. When the UK cracked down on who could access bulk intercept data and changes to lawful intercept, it prevented a lot of government bodies from doing things like initiating surveillance campaigns to see if people were sending kids to the wrong school etc. I think one council, from memory Brighton (where else?) wanted to test dog poop for DNA so they could fine the dog's owner. Pretty sure we don't have a national dog DNA database though, or the resources & budget to test dog poop samples.
So access to bulk data is pretty much restricted to LEAs like the Police and Security Services, and even they have to jump through hoops to justify accessing the data. For now, at least. But politics being politics, neither the police nor security services are supposed to access or surveil MPs, even though they're at the most risk of compromise, or can do the most damage if compromised.
The folder on the table was rather thin compared to what can be developed on somebody today for a measly $14.95 or less with a subscription.
Yep. Which is why I think 'Big Tech' needs to be reigned in. They're the real danger. Plus anyone who's been through enhanced vetting would have lol'd at the size of Neo's file. So, this is your life <thud>, tell us about... Then again, maybe they've also seen Blade Runner and 3/4 of the file are sheets of kevlar.
Of course. You don't think that Google (or any other massive conglomerate) is going to see a lawsuit in one country and think "oh, we'd better apply the consequences to the rest of the world as well before they wake up", now do you ?
If the rest of the world wants the same thing, they can sue in their own countries. One by one. Only if a dozen important countries (market-wise, obviously) start the same procedure at roughly the same time would any multi-billion dollar company trot out a statement where it will apply consequences globally, but that is only to diminish the number of lawsuits it'll have to pay for to get the same result.
It's always a question of return on investment. Multi-billionaire business basics 101 : investing in lawsuits works until the number of lawsuits outrun the amount of money that can be made in that way.
"Only if a dozen important countries (market-wise, obviously) start the same procedure at roughly the same time would any multi-billion dollar company trot out a statement where it will apply consequences globally, but that is only to diminish the number of lawsuits it'll have to pay for to get the same result."
It only means the data will be collected, collated and sold from small island nations where a special tax has been paid to make sure such business practices are kept perfectly legal.
The shitty thing is that until very recently (when the EU told them to stop sharing data amongst the various apps), if you were signed into your Google account on your phone (for the app store and updates and such), it automatically signed you in in Chrome, and the only way to sign out (in Chrome) was to sign out (on your phone).
Bastards. I'm glad the EU slapped that shit down.
Thank <random deity> I mostly use Firefox...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
