The sad thing about news like this is that most people only pay attention at all because they've been bombarded with anti-Russian propaganda, not because this showcases Google's awful anti-privacy practices. Despite years of warnings, examples and analysis of where this can lead, the only thing that matters in the end is some emotional trigger word that makes the public think they are dealing with an "outgroup".
The cherry on top of it all is that ProPublica uses Google Search for their website. I am moderately sure that after I post this someone will jump in to comment and defend this practice, showing nothing has been learned.
Privacy is important precisely because after your data has been collected and stored, there is no telling where it will end up and what it will be used for.
According to Mr Bernays who wrote the book Propaganda. The best kind of propaganda is true. It’s not only propaganda when it’s nefarious or pernicious. Effective military cyber capability is an excellent example.
I have not read this book; based on the author’s definitions, what additional conditions are required for accurate reporting by media outlets of foreign cyber attacks against our nation to be considered propaganda?
It's interesting that you focused on this particular aspect of my message and replied with an assertion that rests on a whole stack of shaky assumptions. One, that I was talking about reporting of Russia's cyber activities. Two, that the reporting of such activities is generally accurate. Three, that accurate reporting cannot serve propaganda purposes. Such comments derail discussions, and it did exactly that here.
My point was that there is a logical discrepancy in how most people process statement about privacy. When presented with a specific example of an "outgroup" violating their privacy, there is quick condemnation and outrage. When presented with an example of an "ingroup" doing the same, people usually respond with some non sequitur like "I have nothing to hide". However, somehow, people mentally disconnect these two cases and see them as different. The reality is, they are profoundly connected. The simple fact is that after your private data has been collected and stored, you don't get to choose which group gets it.
I admit I honed in on a detail in your comment that is mostly unrelated to your actual argument - an argument I fullheartedly agree with would not typically want to distract or detract from. However, after spending probably an order of magnitude more time on work related to Russian cyber activity than time spent with friends or family lately, I sometimes have a kneejerk reaction to phrasing like this.
Regarding the assumptions you list:
1. Information regarding Russian activities in cyberspace is the most relevant category of "possible" anti-Russian propaganda related to the topic you bring up, and what I believe most people will imagine when reading the words "anti-Russian propaganda" in your comment, regardless of whether or not you had it in mind when writing them.
2. Do you have an example of reporting on this topic whose primary points have proven to be inaccurate, even if unintentionally? I would go as far to argue that the amount of realized and attempted damage caused by Russian cyber actors, and the audacity of some of the operations, would significantly reduce the need for entities pushing anti-Russian narratives to fabricate or twist facts.
3. There is a chance that, after arguing the semantics of the word propaganda, you could convince me that accurate reporting of facts regarding cyber attacks against our nation could be technically viewed as propaganda, based on some definition that doesn't include terms like "misleading" or a book on the topic that I have not read. However, I don't think that really matters here, because for the significant majority of people the term "propaganda" carries implications of incorrect or misleading information, and I believe the effects of these types of claim can do much more harm than a comment derailing a conversation, like mine.
If its done by the government or a government owned body it is by definition. That being said, Propublica is neither a government nor is it a government owned news agency. So its not propaganda.
Tho that's quite the overly specific, and dated, definition of "propaganda".
Public relations is a way more apt term for what's going on in modern times [0], and in the "cyber" manifestation of that field, private parties are recognized as the main contributors, and actors, for a number of nation states [1]
During WWI [0], and even WWII plenty of countries would openly run propaganda ministries distributing government news.
Which most people considered legitimate news, as new information from afar was not very easy to come by back then.
After WWII a lot of Nazi crimes were blamed on the efficiency of "Goebbels propaganda", so the term became stigmatized. Which put people like Edward Bernays [1], who had been working in the propaganda business for decades and literally wrote the book on it, in a bit of pickle.
So he came up with the rebranding of "Public Relations", which is basically privatized propaganda. Turning it from something strictly governments do, to a service that can be bought by anyone with enough money.
Thank you, this is thoughtful and considered. It took me a bit to understand exactly where it goes off kilter.
It's at "basically", namely "_basically_ privatized propaganda"
I see evidence someone did something that's defined as for the politics for the government during a war, then did similar work in private industry as not illuminating.
This is in fact expected. A quartermaster who now does logistics doesn't mean logistics is just a polite rebranding of supplying weapons
We also agree it is not evidence of a conscious rebranding of an entire field away from being named "propaganda" to "public relations"
If the government does it its propaganda. I don't see how that's dated. Unless you count misuse of the term as valid. People misuse propaganda to mean media describing a narrative they don't like all the time. But those people are wrong and shouldn't be encouraged.
Third parties working on behalf of a government to spread their message do count as Propaganda.
The difficult part is telling apart propaganda from organic content. People have this idea of propaganda being a bunch of communists making posters with slogans or something. But that is what's really dated. How do you know a group isn't being funded by a government or affiliated with them? Sometimes its easy to tell. Like with Russia Today. They have the veneer of a news outlet but they are state owned. But when a lot of people get their news from social media its impossible to know who is really on the other side.
Reporting negatively on the Iraq war or blackwater or Facebook isn’t “anti American propaganda”.
Just because you are anti establishment doesn’t mean you should instinctively support the Russian establishment which is incidentally many times more horrific and out of control than the people you claim are spreading “propaganda”. (I’m guessing NGOs, charities like amnesty international or anyone who reports on the war crimes and crimes against humanity of the Russian government).
I guess the point of the parent comment is that the real issue is not whether this is a anti American or pro Russia thing, but that Google's privacy practices are bad. Any government/institution doing the same would be bad, but the discussion tends to focus on whoever the public enemy currently is.
The implication in the parent comment is that “anti Russian” propaganda is warping the truth and the people have been brainwashed, the word propaganda isn’t being used to imply the issue is the opposite of “true”.
> The sad thing about news like this is that most people only pay attention at all because they've been bombarded with anti-Russian propaganda, not because this showcases Google's awful anti-privacy practices. Despite years of warnings, examples and analysis of where this can lead, the only thing that matters in the end is some emotional trigger word that makes the public think they are dealing with an "outgroup".
Please be more specific about who you're criticizing here. Presumably not ProPublica, as they've been reporting on Google privacy issues for 10+ years. I'm also not sure what you mean by "emotional trigger word" - this story is about illegal and unethical activity by a major corporation that stopped as a direct result of ProPublica's investigation. Who are these "most people" that care about this story but not any other privacy issue?
So if I write an article about say the North Korean government stealing money, or murdering, I’m using an emotional trigger word and an “out group”?
Have you ever watched Russian domestic tv, which is incidentally 100% controlled by the government? You’d find a new appreciation for emotional triggers and out groups!
> So if I write an article about say the North Korean government stealing money, or murdering, I’m using an emotional trigger word and an “out group”?
Yes. "We are psychologically predisposed to view group X as terrible" and "group X is actually terrible in real life" are in no way contradictory. It's almost as if humans are products of natural selection, and our psychological instincts serve a useful purpose
I think the point made by the original comment is that Google has been doing this basically forever, and the privacy concerns are unrelated to the fact that a Russian Ad company took advantage of them. While a Russian Ad company doing this is bad, people are only paying attention to it now, because Russia being bad[er than usual] is part of the current socio-political environment, so the activity has a higher S/N.
Yeah, I wasn't trying to make a statement on whether that claim is true or not. If you're asking, I think it's true but only to a small degree and only with certain cohorts (those likely to be emotionally inflamed or attached to the Russia issue). This website has seen lots of Google privacy articles pushed to the front page and No. 1 for a long time now, so it seems suspect this phenomenon is that common here. I have no idea how true that is outside of this self-selected group. It's possible it's true to a much larger degree in the general public, who are either unaware or don't care about the other privacy issues Google is (becoming?) famous for.
I'm sorry I'm not accusing you specifically, it's just very aggravating to hear people proclaim how ignorant "the public" is and how only they are wise enough to understand the real issues.
Interesting, I'm happy that more people are having concerns about this. I suppose it should be obvious that they are, since Apple started using that as a differentiation wedge between themselves and other tech companies.
>Privacy is important precisely because after your data has been collected and stored, there is no telling where it will end up and what it will be used for.
This can't be overstated. It's like a hole in the wall that can't be patched.
I've lived most of my life expecting an Orwellian life. While it was grounded in paranoia, complete transparency is pretty much the only lowest-stress way to live when anyone can theoretically dox you over just about anything if the fashions pendulum swings hard enough in one direction.
> This means Google may have turned over such critical information as unique mobile phone IDs, IP addresses, location information and details about users’ interests and online activity
Can someone help me to understand this?
I thought Google kept this kind of user-preference (interests/activity) data to itself, and used that as the sauce powering its ad auctions. If you run a site, GA will give you IP, location, etc. for inbound traffic, but I didn't think they would give you data on other users.
Does Google actually sell user preference data and IPs in bulk? What product are they referring to here?
Basically, the accusation is that a sanctioned Russian company is listed as an advertiser ("Demand Side Platform") on Google's real-time bidding platform for ads. This means they get a blob of data for each impression that there is a bid on (this is "the bidstream data"):
> These can include: The URL, website, or app the consumer is on, Information about the consumer’s device, The consumer’s geo-location, The consumer’s IP address, Various demographic or behavioral attributes about the consumer (as supplied by the ad exchange or third party data brokers), such as gender, age range, or job occupation
These user IDs are anonymized but there's machinery to link the bid data to a cookie that the advertiser already has in their own system ("cookie matching").
They provide some evidence that even though RuTarget was OFAC sanctioned in April, Google may still be providing them the bidstream (and therefore presumably is selling services to an OFAC-sanctioned entity). This would be quite surprising if so, since a company like Google surely has processes to monitor the OFAC watchlist and automatically deactivate companies that are sanctioned.
My summary here is that the ProPublica article is incomplete and that makes it a bit misleading; reading the article one would assume the Russians were getting a dump of de-anonymized data, whereas in fact the finding is around them getting access to the bidstream, which is provides anonymized user data, that may in some cases be hypothetically de-anonymizable, or assist with other de-anonymization efforts.
> Google allowed RuTarget, a Russian company that helps brands and agencies buy digital ads, to access and store data about people browsing websites and apps in Ukraine and other parts of the world
In other words, they collected data via websites and apps, just like any other JS or native ad library does. This wasn't data that Google collected, then handed over. It's a misleading headline IMO.
Imagine a Russian agent starting an ad campaign targeted at Ukrainian people who are interested in weapon systems. But... the actual ads are about an innocent thing, like cat food. An Ukrainian clicks the cat food ad, is directed to the Russian agent's fake cat food shop, places an order and fills in their address.
The whole "Google is not selling your data" excuse never held up to practical reality, it was always only a semantics argument along the lines of "They sell it, but not directly!".
This whole case exemplifies that very much, but it only garners attention due to who did it, Russia, not due to why and how this is actually possible.
I think it’s materially different though. Particularly when you contrast with the FB graph API and the Cambridge Analytica scandal where they were actually giving out the raw data.
There is a LOT more you can do with the raw data than with ads targeted on specific categories.
Like, I personally am never going to click the cat ad in the example above, but I very well could have had all my info leaked by a neighbor in my friend graph in the CA dump. So your ad-harvested data will always be sparse.
Can we get more specific on exactly what level of targeting is possible?
I see there is an attack here, but I’m still not exactly clear on the scope. I can’t see them getting very many conversions with a random cat food company. So did they dox 10 people? Or was this something that could actually get a meaningful amount of data?
The line you quoted is just a slight rephrasing of the headline with a little more detail. What are you finding misleading?
Google allowed [a Sanctioned Russion Ad Company = RuTarget, a Russian company that helps brands and agencies buy digital ads], to [Harvest = access and store] [User Data = data about people browsing websites and apps]
Is this really a complaint that a single, well-established Russian ad company got the same information from Google that they would give to any US company with an email address?
This is part of the cognitive dissonance that insists that Russia has the most effective intelligence services in the world, that can manipulate elections at will and subsume every US social movement to spread its propaganda, but is too stupid and helpless to create a US front company.
No, the complaint is that it was illegal to work with them.
> RuTarget was later listed in an April 6 Treasury announcement that imposed full blocking sanctions on Sberbank and other Russian entities and people. The sanctions mean U.S. individuals and entities are not supposed to conduct business with RuTarget or Sberbank.
> [Google spokesperson Michael Aciman] acknowledged the Russian company was still receiving user and ad buying data from Google before being alerted by ProPublica and Adalytics.
I mean to be fair you sound like the type that if they made homosexuality illegal that you'd be the first to start reporting people cause you don't care of the crime makes sense only that it is illegal.
I could go on a tangent about how the US makes anti-BDS laws, but the reality is that sanctioned companies are not easy to follow and track, and Google ceased doing business as soon as they were alerted. You're hyperbolic statement indicated that you only cared about what was illegal, not whether they were making legitimate efforts to follow the laws.
However, sanctions don't necessarily indicate a moral implication... merely a political one.
> that can manipulate elections at will and subsume every US social movement to spread its propaganda, but is too stupid and helpless to create a US front company
The first chapter of "Propaganda" is that the enemy is cunning and wicked while also weak and helpless at the same time.
It's also weird that Russia has been running out of ammunition for the last 5 years and is a weak enemy at the same time its able to fight a country supported by virtually the whole of west with NATO arms, NATO training and best of all NATO intelligence/spies with a sanction that was supposed to turn the "ruble" in to "rubble"
It's not strange. I had deep respect and even some fear of the Russian Army for what it could potentially do to my country.
That fear is now largely gone for me. If they can't blitzkrieg the Ukraine, good luck coming here. It would be hell of course, but we could keep them at bay.
"The west" have supported the Ukraine, but only really with a trickle of arms compared to its resources in reserve. The combined air forces alone of the west would totally mop up the Russian forces at this stage of the war.
The santions have driven up the Ruble, true, but how much is really transacted with that Ruble? It's also problematic to have a strong currency. Russian soldiers are for some strange reason paid a war risk premium calculated in dollar equivalents, which means less rubles when exchanged at the current rate.
Google has a deep issue here. It shows again and again that they aren't concerned about legalese.
- don't check if their customer is on the sanctions list.
- make it possible for their GA users to ignore GDPR
- knowingly ignore tax regulations to own benefit
- many other illegal practices / dark patterns / monopolistic behaviour
At this point, it's clear that Google being Google is not going to change of itself, as long as it is allowed to proceed like this. The only solution is to regulate Google and force it to comply with legal systems, using billion dollar fines if nothing else works, and splitting Google to avoid further monopolization.
> Google Play has policies in place that prohibit using this data for purposes other than advertising and user analytics. Any claims that advertising ID was created to facilitate data sales are simply false.
How do policies _prevent_ data sales exactly? Their policies can say whatever they want—if the data is available in the first place, it _will_ be misused, regardless of whatever your policies say. If your enforcement hinges on your detection algorithms that data is being misused, you can't guarantee that violations aren't taking place.
This is Google's Cambridge Analytica.
It's insane that these privacy abuses happen again and again, and people have no protection or ways of stopping it. At the very least, we deserve a cut of the profits they're making by selling our data on these scummy markets.
As all business focused companies, Google and its shareholders cares only for money. If they only could, they would sell newborn children as target practice for muscal cолдат-s. All sanctions can be easily avoided with resellers and “good will” from management and creative paperwork. Here they even didn't try.
Google should be made to donate a few $M (or 10s/100s) to help defend Ukraine then, although it's still a completely shitty situation that a country fighting for its freedom is being "traded" for the temporary economical benefit of certain parties.
How about Western telecom carriers and IT resources stop providing services to Russian military complex? We still have Western telecommunications providers supplying IT and communications services to companies directly related to Russian Ministry of Defense and its war machine.
What the hell does the recent Russian hostility has to do with this? Sanctions? You mean that the privacy laws that have been ignored and laughed at are not a bad enough violation? Apparently it's not, huh.
Google and Facebook have been extremely anti-privacy since practically their inception but suddenly NOW it's a problem because an attached Russian company has been doing what Google has been enabling any company to do, for decades?
Gosh. If that's how humanity can be made to react to public safety issues that I am seriously not impressed by our race, to put it diplomatically and mildly.
> Google and Facebook have been extremely anti-privacy since practically their inception but suddenly NOW it's a problem because an attached Russian company has been doing what Google has been enabling any company to do, for decades?
Propublica has been reporting on Google and Facebook (and others) privacy issues for most of their 15 year history. See their Dragnets series: https://www.propublica.org/series/dragnets
> Why would this topic be suddenly out of bounds now that Russia is involved?
I did not say that. I am saying: everybody makes use of that info and that's the real issue that must be fought tooth and nail. Not "hey, just now we realized that the Russians have access to this info, sh1t is real, let's stop them!". Meh. What about China? What about a lot of other countries that definitely don't mean you well?
My point was that Russia having access to this info is (1) nothing new, and (2) the smaller issue because everybody with some money and having the ear of Google/Facebook has access to the info.
Suddenly going back to the Cold War mentality of "Russia bad" is not helping the world at all. There are other villains out there and we must be vigilant. I cynically know that people rally when they have a singular big villain but that's a laughable view of the world that never worked in practice.
It's not about privacy from companies who want to sell you vitamins, it's about Russian government wanting to know who you are so they can target you with political misinformation etc..
If the US had serious privacy protection rules there would be no data to sell to russian companies. Obviously that also means there would be no data to pass to 3 letter agencies, so probably we won't see them any time soon.
> it's about Russian government wanting to know who you are so they can target you with political misinformation
Which is something not only Russia is doing with that information, it's a very widespread practice [0] and one that many think should be considered a bigger issue itself, rather than who makes use of it.
I get that. But what makes people think this has not been going on -- with many other governments (plus Russia) -- since Google and Facebook ads became a thing?
I am pretty sure it was happening for a long time.
Of course it did, it was profitable for them. Google doesn't care about laws, they have a mountain of lawyers and piles of cash that ensure they will never be held accountable at any level.
Get off Google if you can, you're the product, not the customer.
I do too and it literally saved me not an hour ago. Why does Google publish guidelines on what is and isn't acceptable on their ad network when they don't fucking enforce any of them? They might not be distributing malware directly, but they're (IMV knowingly) allowing it to continue.
It's cheaper to write a set of guidelines and not enforce them than to enforce them, which might actually reduce revenue. The incentives for them are such that it's better for them not to enforce their own guidelines.
If Google was getting fined say $1000 per offending ad impression, they'd clean up their act really quickly. As it is currently, they don't have a real incentive to do so.
Why is it so hard not to share user data? Is sharing user data the lazy path you take when you cannot use that data to create a product and provide value yourself?
Well this just backs up something I've said before, that its possible to intimidate and harass individuals with the type of adverts only Google could deliver. Does that make Google an accessory to crimes, or does business to business provide the perfect cover?
HN is flooded by "archive.ph" campaign which injects Russian (and other) tracking scripts to copies of crawled 3rd party sites and requires JS to load on Firefox/Linux (and some other browsers) while pretending to be "archiving".
It does do archiving, and it does it very well. It's fast, provides short URLs, blocks ads in the archived pages, tries to bypass paywalls and login walls, and resists censorship. That's why people use it.
And it's funded by ads, so yes, it does have tracking scripts, just like a good chunk of the internet.
If you are privacy-conscious (or just don't like ads), then you can use uBlock Origin to get rid of them.
Two reasons. One is that ads probably aren't worth archiving, and removing the bloat makes the service run smoother (and it's easier to block the archive.today ads, than it is to block all those popups, random redirects, etc.).
The other is that "content producers" aren't necessarily good guys. Depriving all those clickbait manufacturers of clicks when you are hate-reading them is probably a good things.
Why would I want to go to JS-infested copy of a site which original version does not _require_ JS? Advice to do so and use uBlock to block something that wouldn't be run on original site is ridiculous.
If you guys do archiving, stop spamming HN with links that are fresh and don't need archiving, just to run your tracking on victims' devices for profit. How is it not just stealing content from other sites?
> It's fast, provides short URLs, blocks ads
> And it's funded by ads, so yes, it does have tracking scripts
> If you guys do archiving, stop spamming HN with links that are fresh and don't need archiving
Just because a link is fresh, does not mean that it does not need archiving.
If that link is a news article that is then taken offline, or changed, it will trivially be forgotten like it never existed, and you will have no evidence to prove that ever happened.
And it very much does happen, the www of the year 2022 has gotten scarily good in forgetting and burying stuff trough SEO and delisting.
I’ve posted archive.is links to HN because TFA was paywalled or hugged. Glad to know I joined up with a “campaign” to flood HN with Russian tracking. /s
Guess why people don’t post web.archive.org links more? Because it’s frigging slooooow and frequently 500s itself. God forbid people flock to a more reliable service.
Neither. It bypasses paywalls and opens the discussion up to everyone, which is the main reason why it's used on HN, or the discussion on each article would only be between the (relatively few) subscribers of that particular site and those who haven't used up the "3 free views for this month" quota.
Fire up search on the bottom on the page and tell me what percent of "archived" sites don't require JS at all (so don't have any "pay us or fu" overlays popping up). I can tell you right now that 0% of those tracking-infested archive.ph copies of original sites work without JS on Firefox on Linux and certain other configurations.
As in: without JS, you can't see the stolen content on archive.ph while you can see it w/o JS (in most cases) under original addresses.
Archive links get posted in the comments to bypass paywalls and make sure the OP is available if the site gets hugged to death. It's not some conspiracy. Also, I usually see it used for sites that are absolutely bloated with javascript, so I don't know what you're stalking about there.
Simply go to archive.ph and look at a website you get google.com (on front page only), buysellads.net (based in US from a quick search), mail.ru (this one Russian obviously). At least that's what I see on a couple of tries.
Apologies but at the moment I'm on Firefox on Linux and can't see anything past a page pretending to look like Cloudflare's but with Google's recaptcha.
> Last April, a bipartisan group of U.S. senators sent a letter to Google and other major ad technology companies warning of the national security implications of data shared as part of the digital ad buying process. They said this user data “would be a goldmine for foreign intelligence services that could exploit it to inform and supercharge hacking, blackmail, and influence campaigns.”
The US (or insert <domestic entity>) for sure has more information on US citizens so Russia can’t compete with them when it comes to influence.
The cherry on top of it all is that ProPublica uses Google Search for their website. I am moderately sure that after I post this someone will jump in to comment and defend this practice, showing nothing has been learned.
Privacy is important precisely because after your data has been collected and stored, there is no telling where it will end up and what it will be used for.