Risk
2/2/2012
11:18 AM
50%
50%

Google Calls Microsoft Privacy Claims 'Myth'

Microsoft attack ad draws quick retort from Google, as controversy over new privacy policies heats up.

12 Epic Tech Fails of 2011
12 Epic Tech Fails of 2011
(click image for larger view and for slideshow)
Hours after Microsoft launched an ad campaign slamming Google's privacy changes as invasive, the search giant hit back, calling Microsoft's charges inaccurate and claiming that it, not Redmond, has the best tools for protecting the confidentiality of Internet users' information.

"A number of myths are being spread about Google's approach to privacy," said Betsy Masiello, Google's manager for public policy, in a blog entry Wednesday. "We just wanted to give you the facts."

Masiello called out Microsoft spokesman Frank Shaw's assertion earlier this week that, "The changes Google announced make it harder, not easier, for people to stay in control of their own information." Not so, said Masiello. "Our privacy controls have not changed. Period," she said.

Masiello took particular issue with Shaw's claim that Microsoft's online services like Bing search and Hotmail e-mail offer superior privacy controls compared to Google search and Gmail.

"Our industry-leading Privacy Dashboard, Ads Preference Manager, and data liberation efforts enable you to understand and control the information we collect and how we use it. And we've simplified our privacy policy to make it easier to understand," said Masiello. "Microsoft has no data liberation effort or Dashboard-like hub for users."

[ Google tweaked its social network rules because of user complaints--but some remain frustrated. Read Google+ Name Policy Leaves Users Unsatisfied. ]

Masiello also dismissed as a "myth" Shaw's charge that Google reads its users e-mails in order to generate data for contextual advertising. "No one reads your e-mail but you. Like most major e-mail providers, our computers scan messages to get rid of spam and malware, as well as show ads that are relevant to you," said Masiello.

Her protests didn't stop Microsoft from taking a fresh shot with a new ad Thursday that bears the title "Email Is Important." The ad, which is slated to run in major newspapers, says that "many Gmail users are increasingly concerned about exactly how their private e-mail information might be used for ads." The spot entices Google users to try Hotmail and Office 365 if they're concerned.

The spat began last week, after a Google exec announced the changes in a blog post. "Our new privacy policy makes clear that, if you're signed in, we may combine information you've provided from one service with information from other services," said Alma Whitten, Google's director of privacy, product, and engineering.

"In short, we'll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience," said Whitten. Google said the changes would go into effect "in just over a month."

Google's plan has caught the attention of key lawmakers. Reps Ed Markey (D-Mass) and Joe Barton (R-Texas) last week asked the Federal Trade Commission to clarify whether the changes would violate an agreement that Google made with the commission last year to better protect user privacy. The lawmakers want a response from the FTC by Feb. 21.

Please join us on Feb. 15 for the InformationWeek & Dark Reading virtual event Clouds, Outsourcing, And Security Services: Making Providers Part of Your IT Security Strategy. When you attend, you will be able to access live and on-demand webcast presentations as well as virtual booths packed with free resources, and you can also be eligible to win great prizes! (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3407
Published: 2014-11-27
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

CVE-2014-4829
Published: 2014-11-27
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests tha...

CVE-2014-4831
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

CVE-2014-4832
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

CVE-2014-4883
Published: 2014-11-27
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?