[Rjevski]

I would not trust any opt-out offered by a company who's bottom line is directly dependent on violating people's privacy. The only opt-out that can be trusted is one that does send any network requests to the stalking company until consent is given.

That's the same reason why you wouldn't want to ask an alcoholic to guard a warehouse full of vodka at night, as you'd probably find a few empty bottles the next day. Same thing with an advertising company, even if they claim to respect your privacy, nothing guarantees they're not secretly looking at it anyway (and using it to adjust their ad tracking in a way that's undetectable from the outside, as to not be sued for it). It's even worse, because at least with alcohol you can count the bottles and find the empty ones. With data collection, if they're careful, you have no way to know whether your privacy has been violated.

[tinco]

And who is going to build that illegal feature into Google's services? And how much are that person, and the other persons that know about it, going to be paid for them to not be a liability?

Maybe I'm naieve, but I feel building automated law breaking systems is not something corporations do. I have no doubt individuals within corporations break laws whenever they feel like they can get away with it, but leaving trails like checked-in source code, and operating services that other services depend on, that just sounds like too much of a liability to me..

[badestrand]

> Maybe I'm naieve, but I feel building automated law breaking systems is not something corporations do

Did you already forget the VW diesel scandal? That was exactly that - a huge corporation systematically breaking the law with lots of people even in the highest ranks aware of and supporting it.

[tinco]

Well yeah, and it was ridiculously dumb, lots of people go to jail and big fines were levied. I suppose that you have a point and corporations might do it. At the same time I like to believe it's just not worth it for them.

[benologist]

https://www.motherjones.com/politics/1999/09/top-100-corpora...

    Exxon, Royal Caribbean, Rockwell International, Warner-
    Lambert, Teledyne, and United Technologies each pled 
    guilty to more than one crime during the 1990s.

https://www.alternet.org/economy/17-worst-corporate-crimes-2...

    Five banks (Citigroup, JPMorgan Chase, Barclays, Royal 
    Bank of Scotland and UBS) had to pay a total of $2.5 
    billion to the Justice Department and $1.8 billion to 
    the Federal Reserve in connection with charges that they 
    conspired to manipulate foreign exchange markets.

https://www.cheatsheet.com/money-career/4-of-the-biggest-cri...

    In 2008 and 2009, a salmonella outbreak killed nine 
    people across the U.S. and sickened hundreds more. The 
    source of the contamination was traced back to the 
    Peanut Corporation of America (PCA), a Virginia company 
    run out of its CEO’s garage. The salmonella outbreak 
    turned out not to be a tragic accident, but rather the
    direct result of PCA’s and CEO Stewart Parnell’s 
    decision to intentionally ship contaminated products. In 
    2014, Parnell was convicted for his role in the crime.

The list just goes on and on and on and on.

[contravariant]

I can find a few small fines, but as far as I can tell nobody went to jail for that one.

[consumer451]

> A Volkswagen AG compliance executive who pleaded guilty in the U.S. for his role in the company’s $30 billion emissions cheating scandal was sentenced to 7 years in prison.

https://www.bloomberg.com/news/articles/2017-12-06/vw-execut...

[detaro]

And Germany temporarily jailed a bunch of executives (including Audi's CEO, who is still in jail as far as I know) this year to stop them interfering with investigations, and results of those investigations might lead to more being sentenced once they're done.

[bryanrasmussen]

yes, VW was small fines. GDPR, especially for something like what is being suggested here, would be astronomical. Not saying nobody will do it, because humans are stupid.

to quote vincent vega re: the keying of his car, it would be worth having them do it, just to catch them doing it.

[carlmr]

>VW was small fines

https://money.cnn.com/2017/09/29/investing/volkswagen-diesel...

$30 billion is not small fines, add to that that it isn't over yet. It's already more than what BP paid for their oil spill, and the oil spill is thousand times worse in terms of its environmental effect.

At least in this article it's the biggest fine for any corporate crime levied.

https://www.alternet.org/economy/17-worst-corporate-crimes-2...

There are very few fines that have been higher. Hyundai only paid $100 million for their emission scandal one year before, with not much fanfare: http://time.com/3555696/hyundai-kia-fined-carbon-emissions/

[drewmol]

Or Uber using Greyball to try and evade regulatory enforcement in specific locations?

[Arainach]

Don't frame it as "build an illegal feature". Frame it as "build a feature" and hand it off to an enthusiastic junior dev eager to please their manager and get ahead. At a previous employer, I had a manager ask if, when implementing certain functionality, I could do it in such a way that it coincidentally broke third party tools attempting to interact with the component. They were very careful to phrase this in an offhand manner and never discuss it over legally discoverable mediums (only face to face). The entire matter seemed dubious and I certainly didn't want my name associated with such a move in the source control history, so I never implemented that request, it was never mentioned again, and nothing ever came of it - but a different dev might have jumped much faster at it.

[throwaway6789]

I take great care to separate my browsing sessions. Still I find YouTube recommendations on my main account on topics that I watched on another machine in my home network. My typical setup involves:

1. Virtualbox VM restored to a snapshot after each usage (browser completely clean, never uses my main Google accounts here)

2. Firefox on main machine with clear all cookies set, ublock origin. Rarely logs into my main Google account, if I do, always in incognito.

3. pfsense with block lists for Google & Microsoft

4. Mobile with Disconnect tracking blocker (mobile wide) plus Firefox focus & Firefox set to clear all history on exit.

Still Google manages to track me. Whenever I see those recommendations in YouTube, I feel like Google is mocking me - "ha ha do whatever you want, you can never hide from us".

[rnhmjoj]

Check how unique your fingerprint is using panopticlick[1] and try to fix it by adopting more common settings. Also don't use Firefox Focus: it has telemetry and shares data with a third party[2]. Use the german version[3] if you must, it has telemetry disabled by default.

[1]: https://panopticlick.eff.org

[2]: https://www.ghacks.net/2017/02/12/firefox-focus-privacy-scan...

[3]: https://f-droid.org/packages/org.mozilla.klar/

[tinco]

Maybe you ended in the "people that put too much effort in anti-tracking" bin, and you get recommendations for those kinds of people :p

[fapjacks]

You jest, but having worked in the ad tech industry, I can say this is actually a completely viable means of tracking people. This is why you don't load uBlock Origin into your Tor Browser or use a custom User-Agent string while using your VPN. Everything you do that is different than what everyone else does (i.e. the default) is a means of identifying you. And if I could do it at that startup, certainly Google can do it in a million more ways a million times more accurately.

[AstralStorm]

If the bin is big enough or merges with other bins, it becomes the new norm.

Tor Browser has a strong "disable JavaScript" option that is relatively popular; the remaining vector is then tracking images and the rule would be to check for Tor exit node that hasn't downloaded the image cookie.

Even with JS on TB tries to reduce impact of such history based attacks.

Pretty targeted and obviously possible to fuzz.

[ReverseCold]

Changing your user agent is also probably a bad idea. There are other ways to detect browser, so you're pretty unique of you're using Firefox on MacOS with a Chrome for Windows user agent.

[fapjacks]

Yes, don't use any custom extensions in TB or any custom user-agent string or otherwise deviate from the default.

[mtgx]

You're right. Google probably wouldn't build an outright illegal feature. However Google would and has built features that are at the very least in legal grey areas/haven't been explicitly regulated. Thing like the WiFi tracking feature, bypassing safari's cookie restrictions, tracking android users' location even when they opted out of that or had their GPS feature turned off, and so on.

They did and will do that again because they know whenever they get caught they have to pay several million dollars at most after years of such violations and then they can be on their way to rinse and repeat with something else like that.

[zzzcpan]

Google was fined billions for outright illegal practices and is mostly concerned about power, not illegality.

Furthermore, in hierarchical structures people only care what those above them think. "Illegality" of the feature is something for lawyers, not them. At best they rely on morals, but even that is screwed by perks, incentives, the environment they work in, peer pressure, management, corporate propaganda, etc. Generally in such structures you can make people do anything, even kill other people and be ready to get killed.

[mtgx]

I dont think Google was fined billions over privacy violations, just antitrust ones and only in the EU. In the US Eric Schmidt's constant lobbying to Obama got them off the hook for the antitrust investigation even though the FTC staff investigating their violations recommended antitrust action against Google.

[antpls]

Google is a corporation responsible for thousands people job (so your analogy is irrelevant) that complies with the European Union laws. If Google does things under the hood, it will be noticed, and it will be exposed to a potential 4% fine of global revenue.

By the law, opt-out is the default.

They are proposing an industrialized solution for new and old businesses to transition to EU regulations more easily. Trust Google or not, but in the meantime, they are proposing new services to answer businesses and legals needs.

[fatjokes]

Unless you let that alcoholic guard two warehouses, and allow him to have a few bottles from one of them. In that case, he'd be stupid to take from the one where's he not suppose to.

[kabouseng]

I assume you are extending the analogy by implying that one "warehouse" would be paying users, and the other "warehouse" is free to use / advertising / giving up private data users.

This analogy falls flat, because unlike an alcoholic which can be satiated at some point, FAANG can never be satiated. More information is always good. Thus taking data from both warehouses is better than restricting yourself to only one.

Secondly it also falls flat because your paying users is often the more juicy targets (from an advertising point of view), since they are already well enough off to pay for ad-free internet services, thus also well enough off to target for more lucrative advertising.

Getting back to the analogy, it is like an alcoholic guards two warehouses, one stocked with free budweiser beer, and the other stocked with the finest scotch, and hoping he wont take a swig from the scotch.

[NeedMoreTea]

Man, there must be the really good stuff in that other warehouse. Won't do any harm to go look...

[busterarm]

I hear so-and-so's private stash is in that warehouse. A lot of people can get in that warehouse. They'll never know it was me.

[Rjevski]

Unless the alcoholic is the only employee that will do the job (zero competition), which means he can steal from both warehouses and still not get fired. Same situation with Google/Facebook/etc, they're too big to fail and can do nasty things without any consequences.

[yuhong]

I actually mentioned "opt-out" links in spam in the essay.