this post was submitted on 01 Apr 2024
449 points (98.5% liked)

Privacy

31996 readers
662 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Not sure which news website I should be using for the link, sorry! I'm happy to change it if anyone has a better one.

Google agreed to destroy or de-identify billions of records of web browsing data collected when users were in its private browsing “Incognito mode,” according to a proposed class action settlement filed Monday.

The proposal is valued at $5 billion, according to Monday’s court filing, calculated by determining the value of data Google has stored and would be forced to destroy and the data it would be prevented from collecting. Google would need to address data collected in private browsing mode in December 2023 and earlier. Any data that is not outright deleted must be de-identified.

all 37 comments
sorted by: hot top controversial new old
[–] Knasen@lemmy.world 202 points 7 months ago

Sounds like a genuine April's fools joke..

[–] bigkahuna1986@lemmy.ml 69 points 7 months ago

Well how generous of our overlords...

[–] NaibofTabr@infosec.pub 65 points 7 months ago (2 children)

Hmm, it is nice to see an outcome from a lawsuit that is practical and not just a cost-of-doing-business fine.

But "de-identify" doesn't inspire a lot of confidence... anonymized data can be de-anonymized pretty easily most of the time. Also have they kept accurate internal records on all the places pieces of that data have gone inside their various projects and systems? Who would be capable of verifying that it had all been deleted?

[–] oce@jlai.lu 15 points 7 months ago* (last edited 7 months ago) (1 children)

I think in European law, for data to be anonymous, not only there should be no personal identifying information but also there should be no identifiers that allow to link non personal data together to trace the behavior of a single person. https://www.edps.europa.eu/system/files/2021-04/21-04-27_aepd-edps_anonymisation_en_5.pdf

[–] NaibofTabr@infosec.pub 15 points 7 months ago* (last edited 7 months ago) (1 children)
[–] oce@jlai.lu 4 points 7 months ago (1 children)

Do you mean not aggregated? Do you mean aggregating different kinds of data, or do you mean grouping together the same data for a category?

[–] NaibofTabr@infosec.pub 0 points 7 months ago (1 children)

I mean that when lots of data is compiled, you can remove specific identifiers such as names, emails, IP addresses, phone numbers, etc (anonymization) but it's been demonstrated that it's relatively easy to re-identify specific individuals from "anonymized" data.

[–] oce@jlai.lu 3 points 7 months ago

I think this means you still have some identifier that allows to link those data to a single person. This is quite explicitly not considered anonymization by the gdpr.

[–] MeetInPotatoes@lemmy.ml 14 points 7 months ago

I've verified throughout our fox network that there are no foxes in any henhouses at the moment. They've been instructed to take steps to ensure that no foxes end up in any henhouses accidentally going forward and the foxes tell me that they are truly sorry this time. Despite past reassurances of not being evil, they were in fact..evil. We are rolling out an internal audit system with the help of a 3rd party partner who owes us lots of stuff. We plan on letting the advocacy groups check out our henhouses as long as they agree to be bound by an NDA.

[–] Linkerbaan@lemmy.world 56 points 7 months ago

Are they pinky promising they deleted it? Then I totally trust them now...

[–] rageagainstmachines@lemmy.world 42 points 7 months ago (1 children)

This would only be meaningful if it wasn't collected in the first place.

[–] Dsklnsadog@lemmy.dbzer0.com 21 points 7 months ago

And if it wasn't a lie from the guys who already lied before.

[–] dmtalon@infosec.pub 41 points 7 months ago (2 children)

why is incognito transmitting anything to anyone. Glad I switched to FF a while back.

[–] WarmSoda@lemm.ee 2 points 7 months ago

Why did you think it didn't?

[–] some_guy@lemmy.sdf.org 27 points 7 months ago (1 children)

After they've already benefitted by collating it.

[–] No1@aussie.zone 10 points 7 months ago* (last edited 7 months ago)

Yep, even says in the article 'destroy or de-identify'. So, they will summarize or transform/anonymize the data and just throw away the source.

[–] Scolding0513@sh.itjust.works 26 points 7 months ago

not a nothing burger, but very close. de-identify means that they will absolutely not do it in an effective manner lol. sorry but this will affect very little in the longterm.

[–] MonkderDritte@feddit.de 24 points 7 months ago

What "agrees", they have a choice?

[–] Zerush@lemmy.ml 9 points 7 months ago

Most people misunderstand what incognito mode means in the browser. It has nothing to do with anonymous browsing, incognito mode, the only thing it does is delete the browsing data that is saved in the browser and locally, but it does not prevent web pages and search engines from logging the activity on their servers. Extensions like SiteBleacher or Cookie Autodelete do exactly the same thing as browsing in incognito mode. If you want to browse anonymously, at least you can only do it with a VPN and certainly not using Google to search or using it's services with an account.

[–] LWD@lemm.ee 9 points 7 months ago

Let me get this straight, the data is worth $5 billion to Google, but they aren't even necessarily deleting any of it?

[–] autotldr@lemmings.world 3 points 7 months ago

This is the best summary I could come up with:


If approved by a California federal judge, the settlement could apply to 136 million Google users.

The 2020 lawsuit was brought by Google account holders who accused the company of illegally tracking their behavior through the private browsing feature.

Google would need to address data collected in private browsing mode in December 2023 and earlier.

Google spokesperson José Castañeda said in a statement that the company is “pleased to settle this lawsuit, which we always believed was meritless.” Though the plaintiffs valued the proposed settlement at $5 billion, which was the amount they originally sought in damages, Castañeda said that they are “receiving zero.” The settlement does not include damages for the class, though individuals can file claims.

Part of the agreement includes changes to how Google discloses the limits of its private browsing services, which the company has already begun rolling out on Chrome.

Individuals can still file claims for damages in California state court, according to the settlement terms.


The original article contains 382 words, the summary contains 161 words. Saved 58%. I'm a bot and I'm open source!

[–] darkmogool@feddit.de 1 points 7 months ago

yeah... sure...