Risk

2/2/2012
11:18 AM
50%
50%

Google Calls Microsoft Privacy Claims 'Myth'

Microsoft attack ad draws quick retort from Google, as controversy over new privacy policies heats up.

12 Epic Tech Fails of 2011
12 Epic Tech Fails of 2011
(click image for larger view and for slideshow)
Hours after Microsoft launched an ad campaign slamming Google's privacy changes as invasive, the search giant hit back, calling Microsoft's charges inaccurate and claiming that it, not Redmond, has the best tools for protecting the confidentiality of Internet users' information.

"A number of myths are being spread about Google's approach to privacy," said Betsy Masiello, Google's manager for public policy, in a blog entry Wednesday. "We just wanted to give you the facts."

Masiello called out Microsoft spokesman Frank Shaw's assertion earlier this week that, "The changes Google announced make it harder, not easier, for people to stay in control of their own information." Not so, said Masiello. "Our privacy controls have not changed. Period," she said.

Masiello took particular issue with Shaw's claim that Microsoft's online services like Bing search and Hotmail e-mail offer superior privacy controls compared to Google search and Gmail.

"Our industry-leading Privacy Dashboard, Ads Preference Manager, and data liberation efforts enable you to understand and control the information we collect and how we use it. And we've simplified our privacy policy to make it easier to understand," said Masiello. "Microsoft has no data liberation effort or Dashboard-like hub for users."

[ Google tweaked its social network rules because of user complaints--but some remain frustrated. Read Google+ Name Policy Leaves Users Unsatisfied. ]

Masiello also dismissed as a "myth" Shaw's charge that Google reads its users e-mails in order to generate data for contextual advertising. "No one reads your e-mail but you. Like most major e-mail providers, our computers scan messages to get rid of spam and malware, as well as show ads that are relevant to you," said Masiello.

Her protests didn't stop Microsoft from taking a fresh shot with a new ad Thursday that bears the title "Email Is Important." The ad, which is slated to run in major newspapers, says that "many Gmail users are increasingly concerned about exactly how their private e-mail information might be used for ads." The spot entices Google users to try Hotmail and Office 365 if they're concerned.

The spat began last week, after a Google exec announced the changes in a blog post. "Our new privacy policy makes clear that, if you're signed in, we may combine information you've provided from one service with information from other services," said Alma Whitten, Google's director of privacy, product, and engineering.

"In short, we'll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience," said Whitten. Google said the changes would go into effect "in just over a month."

Google's plan has caught the attention of key lawmakers. Reps Ed Markey (D-Mass) and Joe Barton (R-Texas) last week asked the Federal Trade Commission to clarify whether the changes would violate an agreement that Google made with the commission last year to better protect user privacy. The lawmakers want a response from the FTC by Feb. 21.

Please join us on Feb. 15 for the InformationWeek & Dark Reading virtual event Clouds, Outsourcing, And Security Services: Making Providers Part of Your IT Security Strategy. When you attend, you will be able to access live and on-demand webcast presentations as well as virtual booths packed with free resources, and you can also be eligible to win great prizes! (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Get Serious about IoT Security
Derek Manky, Global Security Strategist, Fortinet,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.