Risk
2/2/2012
11:18 AM
50%
50%

Google Calls Microsoft Privacy Claims 'Myth'

Microsoft attack ad draws quick retort from Google, as controversy over new privacy policies heats up.

12 Epic Tech Fails of 2011
12 Epic Tech Fails of 2011
(click image for larger view and for slideshow)
Hours after Microsoft launched an ad campaign slamming Google's privacy changes as invasive, the search giant hit back, calling Microsoft's charges inaccurate and claiming that it, not Redmond, has the best tools for protecting the confidentiality of Internet users' information.

"A number of myths are being spread about Google's approach to privacy," said Betsy Masiello, Google's manager for public policy, in a blog entry Wednesday. "We just wanted to give you the facts."

Masiello called out Microsoft spokesman Frank Shaw's assertion earlier this week that, "The changes Google announced make it harder, not easier, for people to stay in control of their own information." Not so, said Masiello. "Our privacy controls have not changed. Period," she said.

Masiello took particular issue with Shaw's claim that Microsoft's online services like Bing search and Hotmail e-mail offer superior privacy controls compared to Google search and Gmail.

"Our industry-leading Privacy Dashboard, Ads Preference Manager, and data liberation efforts enable you to understand and control the information we collect and how we use it. And we've simplified our privacy policy to make it easier to understand," said Masiello. "Microsoft has no data liberation effort or Dashboard-like hub for users."

[ Google tweaked its social network rules because of user complaints--but some remain frustrated. Read Google+ Name Policy Leaves Users Unsatisfied. ]

Masiello also dismissed as a "myth" Shaw's charge that Google reads its users e-mails in order to generate data for contextual advertising. "No one reads your e-mail but you. Like most major e-mail providers, our computers scan messages to get rid of spam and malware, as well as show ads that are relevant to you," said Masiello.

Her protests didn't stop Microsoft from taking a fresh shot with a new ad Thursday that bears the title "Email Is Important." The ad, which is slated to run in major newspapers, says that "many Gmail users are increasingly concerned about exactly how their private e-mail information might be used for ads." The spot entices Google users to try Hotmail and Office 365 if they're concerned.

The spat began last week, after a Google exec announced the changes in a blog post. "Our new privacy policy makes clear that, if you're signed in, we may combine information you've provided from one service with information from other services," said Alma Whitten, Google's director of privacy, product, and engineering.

"In short, we'll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience," said Whitten. Google said the changes would go into effect "in just over a month."

Google's plan has caught the attention of key lawmakers. Reps Ed Markey (D-Mass) and Joe Barton (R-Texas) last week asked the Federal Trade Commission to clarify whether the changes would violate an agreement that Google made with the commission last year to better protect user privacy. The lawmakers want a response from the FTC by Feb. 21.

Please join us on Feb. 15 for the InformationWeek & Dark Reading virtual event Clouds, Outsourcing, And Security Services: Making Providers Part of Your IT Security Strategy. When you attend, you will be able to access live and on-demand webcast presentations as well as virtual booths packed with free resources, and you can also be eligible to win great prizes! (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

CVE-2014-2716
Published: 2014-12-19
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

CVE-2014-5212
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.