I am rushing off to meetings, but this is disturbing news and I figured folks around here would want to know about it/have an interest in discussing it.
From the Electronic Frontier Foundation by Kurt Opsahl (posted July 2nd):
Yesterday, in the Viacom v. Google litigation, the federal court for the Southern District of New York ordered Google to produce to Viacom (over Google’s objections):
all data from the Logging database concerning each time a YouTube video has been viewed on the YouTube website or through embedding on a third-party website
The court’s order grants Viacom’s request and erroneously ignores the protections of the federal Video Privacy Protection Act (VPPA), and threatens to expose deeply private information about what videos are watched by YouTube users. The VPPA passed after a newspaper disclosed Supreme Court nominee Robert Bork’s video rental records. As Congress recognized, your selection of videos to watch is deeply personal and deserves the strongest protection.
Various MSM sources are just starting to roll out their own coverage (e.g., BBC).
I guess those – must be many – who watch YouTube without a user ID or without logging in to the service have less to lose, but forget the privacy of the more avid and loyal users.
As to the source code, Google does get to keep that. It’s interesting to see which news item (the user ID issue vs source code) is being covered where.
{ 38 comments }
noen 07.03.08 at 2:59 pm
News items like this sort of kick in my worst paranoia fears.
Ragtime 07.03.08 at 3:17 pm
Oh no! When my two-year old is crying, the best way to calm her down is to tell her we’re going to look at “Baby Ducks on Youtube.” She then says, “Baby Ducks” about a dozen times, and can spend almost a full hour watching ducklings hatch, ducklings following their mommy in various British back yards, ducklings in the swimming pool, etc. We have favorites we go to for particularly bad crying jags.
I hope none of those were Copyrighted videos of baby ducks!
john i 07.03.08 at 3:39 pm
Since the ruling ignores the VPPA, one would assume Google’s well-payed lawyers would file an appeal?
Matthew Kuzma 07.03.08 at 4:13 pm
I guess those – must be many – who watch YouTube without a user ID or without logging in to the service have less to lose, but forget the privacy of the more avid and loyal users.
That was not my interpretation of the ruling, since IP addresses are still logged for “anonymous” viewers.
The weakest link 07.03.08 at 4:22 pm
Ragtime: So long as they weren’t Huey, Dewey and Louie, I think you are in the clear.
eszter 07.03.08 at 4:39 pm
since IP addresses are still logged for “anonymous†viewers.
Indeed, my point was that the identity is not quite as obvious necessarily as with a user ID. Of course, user ID xhrui897 isn’t that obvious either. (Yes, I know that IP addresses can be enough to identify someone as well, I was pointing out a bit of difference among the cases.)
Skeptical 07.03.08 at 6:08 pm
I think that I am likely to be busted for about a thousand viewing of Mahnamahna.
Demosthenes 07.03.08 at 6:48 pm
Muppets are owned by Disney now.
I’d, er, be careful.
As for this ruling? Well, my reaction was “get a proxy”. When source code is protected, but the viewing records of everybody who’s ever used YouTube is not?
Yeah, I think we know what time it is.
marcel 07.03.08 at 7:33 pm
What have you been watching on YouTube lately?
This
jim 07.03.08 at 7:59 pm
We should be asking why Google is keeping 12 terabytes of data on who watched what youtube video. If Google hadn’t kept it, they wouldn’t be being ordered to hand it over to Viacom. Our privacy is compromised by Google keeping the data on the first place.
virgil xenophon 07.03.08 at 8:22 pm
Boy, your right about that, jim. I’ve always been amazed at the psychological processes involved wherein people go Able Sugar over the gathering of information by government bureaucrats who are at least theoretically responsible to the public via elected officials(even if many layers removed) while not batting an eye over usually much more intrusive actions by private organizations officially responsible to no one (except at great expense via lawsuit).
Down and Out of Sà i Gòn 07.03.08 at 8:52 pm
Yes, I know that IP addresses can be enough to identify someone as well…
When Network Address Translation is involved, the IP address is necessary but not sufficient for identifications. Individual users of an ISP can access YouTube, but from Google’s perspective, it appears they’re using the same gateway address.
Maurice Meilleur 07.03.08 at 9:04 pm
Agreed with #10. Many librarians in the US, for example, quite sensibly decided that the best way to prevent the FBI snooping through their patrons’ records was to stop keeping them. In fact, behind the central circulation desk at the University of Illinois at Urbana-Champaign’s main library is a rather prominent bin for the call slips attached to patron requests to be collected and shredded.
If firms like Google gave a shit about privacy, they’d do the same. But, let’s be fair, firms like Google can say in their defense that their customers effectively demand it: we want to keep track of what we’ve viewed, bought, sent, and so forth forever; we want our credit card numbers stored for quick purchases; we want integrated online calendars, email, web bookmarks, picture and video sharing, shopping, and all the rest. Or at least that’s what we tell them when they ask. There is a lot of information out there about us that we never gave anyone permission to collect, but there’s also a lot out there we gave up ourselves quite voluntarily.
So it seems like there is a more fundamental question we have to ask ourselves: why do we citizens and consumers prize convenience so much that we are willing to give up so many other values in exchange for it?
Maurice Meilleur 07.03.08 at 9:07 pm
‘Their customers effectively demand the opposite’, that is.
eszter 07.03.08 at 9:25 pm
why do we citizens and consumers prize convenience so much that we are willing to give up so many other values in exchange for it?
Yes, this is an important question, but I’d say at least some of it has to do with both online skill and more general knowledge about how these things work. Some of it is Internet-specific (what’s an IP address, how can it be used to trace anyone?), and some of it is ignorance at a different level.
I’m always fascinated by how willingly people give out their phone number at the cash register even though you know they hate getting marketing phone calls. People don’t make the connection.
wissen 07.03.08 at 9:59 pm
#12. Does that mean Google/Youtube will know of an individual surfer only his/her ISP?
Maurice Meilleur 07.03.08 at 10:01 pm
I agree ignorance is a problem, Eszter, but even less-savvy folks have heard by now dozens of stories about identity theft, hackers stealing records from online retailers, and so on. Indeed, being less well informed is likely if anything to magnify those threats. And many technothrillers that Hollywood has put out over the past 25+ years have made the availability of and access to sensitive digitized data about people a plot point, if not the central theme of the movie. (Wargames is the first I remember seeing.) They succeed at the box office in large part because they play on existing fears in their audiences.
So I’m not convinced that the people telling the person behind cash registers their phone numbers are all that ignorant in ways relevant to this question. Of IP addresses, sure. But not knowing about people gathering data on the sly in what seems to most folks obscure and hypertechnical ways is one thing; why do we keep helping these firms sort and label all the data they collect?
Laura 07.03.08 at 10:45 pm
Someone stole my youtube login and used it to watch the talking cats video seven or eight thousand times.
vivian 07.04.08 at 1:34 am
From watching people in line at cash registers, I’m pretty sure a lot of people give their numbers because they’re intimidated about saying “no”. Whether they think it is required for a purchase, and saying “no” would be like being told your card was canceled, or whether they’re just too polite to refuse, it’s just high-pressure sales.
My first reaction to today’s decision was not that Viacom would try to collect royalties, but that they wanted the information for their own marketing databases. Although a really evil person would combine them: instead of demanding royalties, just punish the people with a sea of junk mail. Or credit checks at the right interval to lower a credit rating.
idlemind 07.04.08 at 5:08 am
Stores use phone numbers as universal identifiers. Thus they can keep records of all of your purchases to mine for marketing purposes.
As for Viacom getting all of Youtube’s logs, I think Vivian is on to something. And I’m sure that Viacom’s competitors have noted that that data would include information on their own videos, and that they, like Viacom, could mine it to better target the videos they produce. Thus Disney, et al, can lay claim to the same data, lest Viacom achieve some advantage with it. And no doubt they will…
Alex 07.04.08 at 4:00 pm
I know of at least one British telecoms company that adopted the librarian’s approach; they altered the source code of a proxy they were using so it no longer logged anything. MI5 want the logs? What logs?
salientdowns 07.04.08 at 8:57 pm
If firms like Google gave a shit about privacy, they’d do the same. But, let’s be fair, firms like Google can say in their defense that their customers effectively demand it
Yes.
Those customers are advertisers.
Google customers are not the same as Google service users. Naturally, the paying advertisers would like to have as much information about potential clients as possible. That doesn’t justify misleading the users, and it doesn’t justify using the data that Google collects in a manner inconsistent with the wishes of their users. This kind of behind-the-scenes data-sharing may turn out to be legal (if so, the VPPA was useless) but it’s definitely unethical.
abb1 07.04.08 at 9:12 pm
Individual users of an ISP can access YouTube, but from Google’s perspective, it appears they’re using the same gateway address
Not the ISP you use at home, that ISP gives you a real WAN IP; your ISP has records linking customers to the IPs they leased at any given time and he will identify you with a court order (or, I suppose, without it as well these days).
At work you probably do have a single WAN IP for the whole office, sure. But your IT guys have logs and they can use them to identify you.
Also, if you logged into your gmail account in one browser tab while accessing youtube in another tab – it wouldn’t surprise me if your gmail account id gets passed to youtube and saved in some database there. Seems like a natural thing to do.
Jake 07.04.08 at 11:11 pm
Also, if you logged into your gmail account in one browser tab while accessing youtube in another tab – it wouldn’t surprise me if your gmail account id gets passed to youtube and saved in some database there. Seems like a natural thing to do.
I’m quite sure that browsers make this nearly impossible.
idlemind 07.04.08 at 11:19 pm
No, it’s quite common. In fact, every single site you visit that shows Google’s ads (and they seem to be nearly everywhere) will log your visits in Google’s databases.
Righteous Bubba 07.05.08 at 12:58 am
This seems like the time to mention NoScript for Firefox.
For java stuff you can set it to only allow your trusted sites access to run java on your browser. It’s initially a pain in the ass to keep allowing certain domains you like, but eventually you develop a nice set of domains you like and a bunch of ad crap you don’t.
Jake 07.05.08 at 3:11 am
No, it’s quite common. In fact, every single site you visit that shows Google’s ads (and they seem to be nearly everywhere) will log your visits in Google’s databases.
What does this have to do with passing your Gmail id to YouTube’s databases?
Martin Bento 07.05.08 at 5:34 am
If I’m logged into gmail in one tab or window and go to google in another, it knows I’m logged in – says so right atop the screen. That must be the cookie, which should be visible to any site that uses or aliases to “google.com” – google sees google cookies, that’s in the cookie spec. Google ads also come from google domains wherever they appear, so all those sites are one from the cookie perspective. People kind of gave up on being paranoid about cookies, which was foolish.
idlemind 07.05.08 at 8:08 am
Just as a test, I went over to talkingpointsmemo.com and clicked on an in-page YouTube video. Several new connections were made when I clicked on that video, including some to “video-stats.video.google.com” — which would have sent all my “google.com” cookies including my Gmail ID. Did they log that cookie when they received it? I have no idea. But they could have.
Similarly, Google recorded through Google Analytics that I visited this site. Now in this case the “google.com” domain wasn’t used and so my Gmail ID wasn’t sent. Of course, my visit here could then be connected to my visit to other sites (like TPM) via the anonymous identifier given me the first time I encountered the “google-analytics.com” domain (assuming i didn’t purge that cookie). And perhaps at some point that identifier could be linked to a less-anonymous one through a visit to a site that has access to it.
We’re putting a lot of trust in Google, whether we know it or not, not to make a near-comprehensive dossier of our Internet activities.
jholbo 07.05.08 at 8:15 am
It’s terrifying to think that the Man knows how many times you’ve been Rickrolled, when how and by whom.
abb1 07.05.08 at 8:30 am
Idlemind, how do you know that google.com domain wasn’t used? It could’ve been used from some invisible frame or via javascript/applet or some other way.
Have you noticed how sometimes you visit a site where you’ve never been before, there is an amazon ad on the page and this amazon ad knows who you are and addresses you by name?
Martin Bento 07.05.08 at 11:09 am
“Did they log that cookie when they received it? I have no idea. But they could have.”
Ha ha, I’d love to bet if there were a way to settle it. Anyone think there’s a chance in hell that google is going to just not bother logging this?
cm 07.05.08 at 7:22 pm
jake: In case other commenters have not made it clear – all traffic going through your DSL/cable has the same IP number (unless you have a multi-IP “business tier” service which most people don’t). When you are “logged in” to Google, Yahoo, or anything else, that ties your Google/Yahoo/XYZ ID to your IP number, at that time or period. When you access anything else “anonymously”, that exposes your IP number, and Google/Yahoo can correlate e.g. any Doubleclick or other “tracker” hits from that IP number to you.
There is still the possibility that they cannot distinguish between you and your family member/roommate who is on the same “line”. But how much of a difference does that make? If e.g. your spouse/kid/parent is “logged in” to Google, you can surf “anonymously” as much as you like, it can be correlated to their ID.
Jake 07.05.08 at 10:36 pm
I do have some familiarity with the concept of logs correlation.
My point was that the data Viacom just got the court to order YouTube/Google to produce does not in fact contain your GMail ID, and that “if you have GMail open in another tab, it’s easy enough to send your GMail ID to YouTube” is not in fact correct. Viacom would have a hard time claiming that surfing habits for other Google properties were in any way relevant to their case.
Martin Bento 07.06.08 at 1:08 am
Jake, yes and no. What the court ordered does not seem like it would include any unique identifiers for gmail users. But the gmail cookie, which is the unique identifier for user and session, is accessible from youtube, even embedded youtube, because, as idlemind points out, youtube videos make connections to the google domain, and gmail aliases to mail.google. Your cookie is actually in the google, not a specific gmail, domain. If by “gmail ID” you mean the gmail username, I doubt google stores that in the clear in cookies, but the cookie can identify you to the google servers, including when you watch youtube. In short, no the judgement doesn’t turn this info over, but yes, google can and (I would bet money) is tracking it.
roac 07.06.08 at 1:20 am
Since the ruling ignores the VPPA, one would assume Google’s well-payed lawyers would file an appeal?
Discovery rulings cannot ordinarily be appealed.
It seems to me that practically anyone who has ever downloaded a video could ask the Court of Appeals — anonymously — for a writ of prohibition. With what chance of success, I can’t say, but I wouldn’t be surprised to see it happen.
roac 07.06.08 at 2:59 pm
Amplification of my previous post: Ordinarily, in the federal courts, disputes about discovery are delegated to a magistrate — a sort of assistant judge. The magistrate’s ruling can be appealed to the district judge pursuant to Rule 72 of the civil procedure rules (though they don’t call it an appeal).
This order, however, is signed by the district judge. I don’t know whether the practice is different in the Southern District, or whether this case is receiving special treatment.
Ben 07.07.08 at 1:37 pm
I don’t understand why Google haven’t contested this (seemingly erroneous) ruling. In an age where the internet is increasingly inter-connected, and where lobbying groups pop up all over the place, a privacy break-down on this scale must be extremely damaging to their integrity. I, for one, am far more loath to use YouTube now than before.
Unless, as some have suggested, they plan to cripple Viacom by supplying the data in the form of individual paper cards, causing an admin nightmare – a Pyrrhic victory of sorts.
Comments on this entry are closed.