X

Internet privacy snafus that left us speechless (images)

Think your information is safe with "them"? Think again. The words may change but the song has remained the same.

Charles Cooper
Charles Cooper was an executive editor at CNET News. He has covered technology and business for more than 25 years, working at CBSNews.com, the Associated Press, Computer & Software News, Computer Shopper, PC Week, and ZDNet.
James Martin Managing Editor, Photography
James Martin is the Managing Editor of Photography at CNET. His photos capture technology's impact on society - from the widening wealth gap in San Francisco, to the European refugee crisis and Rwanda's efforts to improve health care. From the technology pioneers of Google and Facebook, photographing Apple's Steve Jobs and Tim Cook, Facebook's Mark Zuckerberg and Google's Sundar Pichai, to the most groundbreaking launches at Apple and NASA, his is a dream job for any documentary photography and journalist with a love for technology. Exhibited widely, syndicated and reprinted thousands of times over the years, James follows the people and places behind the technology changing our world, bringing their stories and ideas to life.
Expertise photojournalism, portrait photography, behind-the-scenes Credentials
  • 2021 Graphis Photography Awards, Gold Award, Journalism, 'The Doorway' Graphis Photography Awards, Silver Award, Portrait, 'Cast of film '1917'' Graphis Photography Awards, Silver Award, Environmental, 'Upper Lola Montez' ND Awards, Architecture, 'Taj Mah
Charles Cooper
James Martin
secpriv.jpg
1 of 13 Josh Long/CNET

The new normal: Internet privacy snafus

Let's not beat around the bush: Welcome to the new normal.

The Federal Communications Commission recently wrapped up its probe of Google Street View, another in a series of examples where governments and privacy advocates butted heads with tech companies over their propensity to overstep certain -- perhaps, ill-defined -- red lines governing user privacy and information on the Internet.

But Google's not the only offender. Though the names change, the song remains the same over the last decade and a half. Indeed, there has been no shortage of "mistakes" to remind us that Internet privacy remains a work in progress -- as the following slides make painfully clear.

APP_ipadstreetview.jpg
2 of 13 Apple

Google Street View

Give it up to Google for thinking big. And indeed there was major ambition behind Street View, a Google project to photograph and map out the streets of the world. Cool, right? What was uncool was the revelation that Google wound up secretly scarfing up personal locations from millions of people during the process of its information gathering.

Turns out that this particular case was one of several government investigations examining how Google's Street View cars actually collected the personal and private data of individuals via wireless networks while mapping cities in more than 30 countries. The cars were supposed to collect just the locations of Wi-Fi access points but inadvertently also collected e-mail and text messages, passwords, Internet-usage history, and other data from unsecured wireless networks for four years. Google said that it didn't do anything purposely untoward while the government countered that, yes, there actually was a much bigger problem in the way companies treat the (supposedly) private information of people in our ever-increasing cyber lives.

Google blamed a lone engineer acting without authorization, though the government claims that several people -- including a manager -- had been informed. The Federal Communications Commission was exasperated with Google's cooperation, ultimately fining the company $25,000 and complaining in a report that Google had obstructed its investigation.

facebook-social-graph-9513_610x610.jpg
3 of 13 James Martin/CNET

Facebook

On a scale of 1 to 10, Facebook rates a solid 5. Over its brief history, the company has time and again managed to annoy its users by announcing tweaks to the service that invariably raised all sorts of privacy concerns with nearly everyone not named Mark Zuckerberg.

Early on, there was the uproar over the advertising program Beacon. "We've made a lot of mistakes building this feature, but we've made even more with how we've handled them," Zuckerberg wrote after backing down.

The company has promised to keep its nose clean and signed off on a settlement with the FTC late in November, requiring Facebook to give “prominent notice” and first obtain consumers' “express consent before their information is shared beyond the privacy settings they have established.” The list of particulars compiled by the FTC goes back to 2009 when Facebook changed the site so that certain information users may have designated as private was made public. Without advance approval. Other highlights from the hit parade include:

• Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data -- data the apps didn't need.

• Facebook said it complied with the U.S.- EU Safe Harbor Framework governing data transfer between the U.S. and the European Union. Untrue, said the FTC.

• Facebook told users they could restrict sharing of data to limited audiences. The reality, according to the FTC: Electing "Friends Only" did not prevent their information from being shared with third-party applications their friends used.

• Facebook had a "Verified Apps" program which it claimed certified the security of participating apps. Untrue, said the FTC.

• Facebook promised users that it would not share their personal information with advertisers. Untrue, said the FTC.

• Despite claiming that photos and videos would be inaccessible after users deactivated or deleted their accounts, Facebook allowed access to the content, according to the FTC.

Screen_shot_2012-05-01_at_3.55.16_PM.png
4 of 13 CNET

Twitter

In March 2011, Twitter signed off on a deal with the FTC resolving charges that it had deceived consumers by failing to safeguard their personal information. The company was essentially put on extended probation for the next 20 years during which it is forbidden from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.”

Its security program is also subject to an independent audit every other year for the next decade.

Screen_shot_2012-05-01_at_3.57.09_PM.png
5 of 13 CNET

Path

I’m quite sure that Path CEO Dave Morin would have forgone his 15 minutes of fame without anyone twisting his arm. In February, the popular photo-sharing app was found to upload users' entire address books to its servers without first asking permission. Morin didn’t make his life any easier when he first responded by saying that Path’s actions were an “industry best practice.” After the inevitable Internet uproar, Morin apologized and said the company would delete the data it collected and would henceforth ask permission before taking address book information.
Screen_shot_2011-04-20_at_1.14.png
6 of 13 Josh Lowensohn/CNET

Apple iPhone tracking

Apple was found to be keeping a log of information on user whereabouts that was freely available for anyone who managed to get their hands on the data. The April 2011 controversy arose after researchers discovered what looked to be secret files on the iPhone that tracked user location stored on the device, without the permission of the device owner. Apple said that the data was not for the purposes of tracking where people are. Instead it was to help the company's devices zero in on their location using information from part of a larger database. The company promised that a future software update would cut down the time this data was stored on the phone, and that it would be encrypted.
Screen_shot_2012-05-01_at_3.50.07_PM.png
7 of 13 CNET

Hotmail

In 1999, Microsoft Hotmail suffered a glitch which made private e-mail accounts available to anyone with a Web browser. Microsoft was forced to black out most of the site, leaving millions of users without access. This was about 12 hours after the company was notified of the security hole.
1984-1.jpg
8 of 13 CNET graphic

Intel: Big Brother inside

In 1999, Intel found itself in the crosshairs after acknowledging that the Pentium III chip would carry a unique serial number that can be read by the computer's software. The company said this would help promote "digital content protection" and prevent counterfeiting of Intel processors. Privacy advocates didn’t buy that argument. Instead, they said, Intel was trying to install the equivalent of a “super-cookie” that would follow people as they surfed around the Internet and result in more spam. It didn't take long, however, before the outcry grew so loud that Intel backed down and disabled the Pentium ID feature.
sony-rootkit-6617.jpg
9 of 13 James Martin/CNET

Sony rootkit

In 2005, Sony BMG got into trouble when copy protection software got installed automatically on Windows PCs when customers played their CDs. Like other record labels at the time, Sony was seeking ways to crack down against people making unauthorized copies of music files and then uploading them to the Internet.

However, the installation of a so-called rootkit was found to interfere with the operating system and left the door open to malware infection. The blowback was intense and led to several lawsuits. Critics said that rootkits were frequently used by virus makers to burrow inside of Windows. It got so bad that Microsoft felt compelled to label part of the copy protection Sony used as spyware. Sony was forced to recall more than 4.7 million CDs as well as offer to replace 2.1 million CDs that it sold.

newsfdCIQ.jpeg
10 of 13 CNET

Carrier IQ

In late 2011, software from a Mountain View, Calif.-based startup called Carrier IQ, which provides tracking tools to carriers and phone vendors, was found to be collecting data without consumers' knowledge and without their ability to opt out of the data collection. There had also been speculation that the content of the messages and keystrokes was being logged, but Carrier IQ denied those claims. And independent security experts also found no evidence of keylogging by the software.

The company was also incorrectly accused of being a "rootkit keylogger." While that turned out not to be true, the software raised other privacy concerns, such as being able to record and transmit a list of URLs visited when using Wi-Fi, when the contents of encrypted HTTPS URLs are leaked, and so on. Sprint later disabled the software in devices running on its network. (Sprint also said at the time that it would not use any of the information collected from Carrier IQ.)

Jerry_Yang_mug_(Farber).jpg
11 of 13 CNET

Yahoo

Yahoo suffered a huge PR black eye after it cooperated with Chinese officials who sought the e-mail accounts of political dissidents. The company was later sued by several Chinese political activists who complained that Yahoo’s collaboration led to their imprisonment for allegedly distributing state secrets over the Internet. During a televised congressional hearing in 2007, Yahoo Chief Executive Jerry Yang and General Counsel Michael Callahan suffered a public tongue lashing -- at one point being told that their company’s China policy was “spineless.”
AOLearnings.jpg
12 of 13 CNET

AOL

Talk about your legendary "ops" moments. In 1998, a customer service representative at America Online -- that was the official name back then -- gave a Navy investigator private information about a subscriber. The Navy used that info to order the subscriber's military discharge for supposedly admitting that he was gay. Even more outrageous, during a court hearing, the investigator said he never identified himself. AOL later said that its representative had made a mistake. "This was a case of human error under very unusual circumstances," AOL explained.
privacy.jpg
13 of 13 CNET

AOL search log

AOL also figured in in one of 2006's bigger privacy scandals when it published the search histories of more than 650,000 of its users . Even though AOL apologized and removed the file from its Web site, the database had already been mirrored, exposing life stories expressed in some 21 million search queries.

The database did not include names or user identities. But it did list a unique ID number for each user thus making it possible to view the search terms that users of a single account typed in while using AOL Search during a three-month period.

More Galleries

My Favorite Shots From the Galaxy S24 Ultra's Camera
A houseplant

My Favorite Shots From the Galaxy S24 Ultra's Camera

20 Photos
Honor's Magic V2 Foldable Is Lighter Than Samsung's Galaxy S24 Ultra
magic-v2-2024-foldable-1383

Honor's Magic V2 Foldable Is Lighter Than Samsung's Galaxy S24 Ultra

10 Photos
The Samsung Galaxy S24 and S24 Plus Looks Sweet in Aluminum
Samsung Galaxy S24

The Samsung Galaxy S24 and S24 Plus Looks Sweet in Aluminum

23 Photos
Samsung's Galaxy S24 Ultra Now Has a Titanium Design
The Galaxy S24 Ultra in multiple colors

Samsung's Galaxy S24 Ultra Now Has a Titanium Design

23 Photos
I Took 600+ Photos With the iPhone 15 Pro and Pro Max. Look at My Favorites
img-0368.jpg

I Took 600+ Photos With the iPhone 15 Pro and Pro Max. Look at My Favorites

34 Photos
17 Hidden iOS 17 Features You Should Definitely Know About
Invitation for the Apple September iPhone 15 event

17 Hidden iOS 17 Features You Should Definitely Know About

18 Photos
AI or Not AI: Can You Spot the Real Photos?
img-1599-2.jpg

AI or Not AI: Can You Spot the Real Photos?

17 Photos