The NYT privacy policy [0] is 5.2K words. It contains basically everything that they're criticizing Google for. And a bit more. Apparently NYT will by default sell (sorry, "rent") your name and postal address to direct mail advertisers.
> [If you use technology, someone is using your information. We’ll tell you how — and what you can do about it. Sign up for our limited-run newsletter.]
Uh-huh. If there's even a trace of irony in that writing, I can't spot it.
There is a separation between NYT the corporation and the editorial staff. Just a couple of weeks ago, there was an article in NYT complaining about CCTVs installed in NYT office [0]. Should we now dismiss every article in NYT complaining about surveillance (especially workplace surveillance) as hypocritical and ironic, because if NYT thinks surveillance is bad, why do they do it themselves?
Newspapers like NYT are one of the few institutions where workers enjoy a level of freedom from management in doing their work. The other example is tenured professors. We should celebrate this, not mock it.
> Newspapers like NYT are one of the few institutions where workers enjoy a level of freedom from management in doing their work. The other example is tenured professors.
PhD student here. I think the impression that tenured professors have freedom from management is an illusion at best. As far as I can tell, getting a PhD, getting hired as a professor, and getting tenure seem to filter out people who would challenge the system. It's easy for a university to say that their tenured faculty are free to do whatever they want if they select and cultivate people who won't take them up on that offer. (Now that I write this, I'm reminded of web hosting companies that offer unlimited storage or bandwidth but get irritated if you actually use a lot of storage or bandwidth.)
Personally, I'm leaning towards the conclusions of the financial independence/early retirement community: real freedom comes when you have "FU money". Money is the unit of freedom in the US.
I expect the same is also true of whatever freedom may exist for NYTimes writers. The site has taken a sharp and extremely homogeneous ideological slant in recent years on a wide array of different topics. This is ostensibly indicative of editorial manipulation, but it's also possible that instead they simply make sure to hire only journalists that already align with their biases and will, at the minimum, toe the line without needing to be told.
Compare this with people such as e.g. Glenn Greenwald who seems to have achieved "FU money" and you actually see insightful and meaningful journalism [1] that isn't boxed into predictable ideological or partisan tropes. Of course he doesn't live in the US anymore either. Money isn't the unit of freedom in the US - it's the unit of freedom in the world. Not such a bad thing in many ways though. In times past your blood lineage was the unit of freedom. Money can be earned even from humble beginnings, but lineage cannot.
FU money is the freedom to leave an organization, not to improve or change it. Those that want to do good may feel trapped in their org because they feel that should they leave things will get worse.
The question is not whether one has biases or not, but whether or not they're held captive to them. When you read a headline from let's say CNN with what sort of accuracy can you predict exactly what sort of slant the article will come with, even when such is not implied directly by the headline? It's going to be quite high because the site is held captive by its own biases.
Of course everybody is influenced by their biases, but fortunately we have the intelligence to ensure that our biases are but a component of our decision making process rather than being that process in and of themselves. Because of this when you find an individual (or organization) that makes some effort to be impartial it can be difficult to determine where they will land on many issues. As an example Greenwald is gay and lives in Brazil with his husband. The current president of Brazil is Jair Bolsonaro who has made statements such as 'I could not love a gay son; if I had one I would prefer he die in an accident.' This [1] is Greenwald explaining why Bolsonaro was elected.
It's easy to expect to see him just repeat tropes. And this is something that increasingly often the NYTimes is doing such as here [2] where they chose to publish, without elaboration: "Mr. Bolsonaro is ... a brash nationalist whose populist appeal comes partly from his use of Twitter and his history of making crude statements about women, gay people and indigenous groups." Bolsonaro won by a 10 point margin in a country that was and remains very liberal. The only reason the NYT characterization is not overtly fake is because of the use of the weasel word "partly."
Instead Greenwald acknowledged the tropes are going to make up some part of Bolsonaro's support, but then got to the important question - why completely normal and unbiased people, and even some LGBT types, would be voting for people such as Bolsonaro. Obviously he does not want to do this. We like to demonize people we don't like - it's human nature. He'd like to imagine Bolsonaro's base is just loaded with monsters and slur them all as being racists, misogynists, homophobes, or whatever else. But this is, of course, not the case. And so he ends up considering things he would probably rather not consider. And that, rising above one's biases and petty instincts, is at the heart of effective, meaningful, and responsible journalism.
Actually, it's a lot more fence-sitting and clinical, and 'just the facts' than Greenwald's. So, in short, exactly the sort of predictable, unsurprising, 'both sides' horseshit that I expect from CNN.
Both publications are biased, neither publication's biases result in particularly surprising or unpredictable coverage, so I ask again - what is the difference? That Greenwald's a bit more introspective?
There's introspective writers in the CNN opinion pieces, too - you just might not be biased towards their flavour of introspection. I know I'm not.
Imagine you strip the references from the CNN article referencing Bolsonaro winning and you otherwise did not know this. And you now read this article. Would you expect him to win? Would you have any idea how he could possibly win, let alone by a large margin? The media's job is to inform you, yet our media increasingly often does not do this. Their only notion of why he might have been elected was to 'keep the workers party out'? 'Man, our socialist candidate was arrested for corruption. Wellp, I guess we better go vote far right now!' Yeah...
On one side of a spectrum you have propaganda, on the other side you have journalism. The two are inherently at opposite ends. Propaganda aims to influence people and push them towards an ideology, journalism aims to inform people and let them make their own decisions. A disturbingly large percentage of all western facing media is now more of the kind aiming to influence than aiming to inform. Greenwald is a shining exception to this in that even in topics that he was a resounding conflict of interest in, you find reporting that focuses primarily on informing instead of persuading.
I think the degree of disobedience from faculty varies between disciplines and schools. Professors in the humanities seem more inclined towards activism or iconoclasm than STEM. This isn't a dig at anyone, it's just that people who study social structures, interactions, and trends are seemingly more inclined to exert their ideological freedom(s). Meanwhile in STEM fields I think you're totally right: we keep our heads down and hyper-optimize for publishing research, leaving little space for rebellion or questioning of the academic status quo.
I don't know what dystopian world you want to live in, but any time I see a company profit off sheer hypocrisy, I am going to call it out and mock it. They can have freedom all they want, but this article is generating clicks and revenues for Parent Corp, so they deserve the scrutiny. This isn't some public service they are providing.
Asking for curiosity: Given the tenured faculty comparison, should we blame tenured faculty who criticize predatory lending when their university accepts students with the same predatory loans?
Or perhaps a more direct comparison: Are tenured faculty at D1 sports universities hypocritical for researching the benefits of more funding going towards education and less towards massive stadiums?
1) The faculty member from University A writes an article criticizing University B, without mentioning that University A also has the same problems.
2) The faculty member from University A writes an article criticizing a set of problems, including examples from both University A and B.
The subtle distinction between both #1 and #2 is why people have different opinions on this. Many people consider #1 to be hypocritical and #2 to be fair.
It would never be pointed out at all if you're following case #2 though if you're in a position of the OP though. The university wouldn't allow the article. The net result is a loss.
If people can't criticise at all due to some level of hypocrisy (which is separated from the author in this case!) then we all end up in a worse spot.
I don't think there is a universal criteria for what constitutes whether an action is criticizable or not. I think more importantly is that the standards, whatever they may be, are applied uniformly, despite the circumstance and scenario. It isn't hard to imagine other scenarios which are seen as "lesser" where this wouldn't even be a question: of course you do, but for some reason we think that as an increase of import or salary, or whatever metric you may have in mind, all of a sudden some gray area is introduced. Stay true to your standards, and let it guide you.
I wouldn't put up with this type of hypocrisy from my frozen yogurt shop, my clothing store, or coffee shop, so I shouldn't put up with it with my news organizations, schools and universities and politicians. The inputs to the situation might be different, but the output should be the same. Otherwise, we are being the hypocrite as well.
If the lecturer gave a lecture and handed out fliers for the thing they were criticising without explaining that this was an example of the same problem the yes 100%.
The only way the article, its writer, the editor and the organisation should not be ridiculed is if they explicitly reference their own t's and c's in the article. Or if we all agree this is not news but entertainment and should not be takrn seriously (or shared on hacker news)
> Or if we all agree this is not news but entertainment and should not be takrn seriously (or shared on hacker news)
I've hardly seen news in my life that wasnt actually just profit seeking entertainment.
I have never understood why society praises these huge corporations. They do not have your best interest at heart. They are not doing a public service. They are a private entity seeking money and power just like every other private company.
"Welcome to PHY 4509, Classical Electromagnetism. You should not be here, this school is too expensive. If you would like to discuss transferring, you can find me in my office Tuesday and Thursday from 9 to 11AM. This message will repeat in thirty seconds."
Would it be better if their journalists all just ignored the issue, or issued corporate-approved screeds about how whatever it is that their corporate owners are doing is just fine? Because to me both those options seem worse than hypocrisy.
I'll grant you that diving into Google's TOS without mentioning their own is a bit tone-deaf.
Journalists disclose when they or their parent companies have any vested interest in the companies they cover. It seems like the article could have more journalistic integrity to note that Google isn’t the only one to follow the trend and their company does so as well.
I'm not sure I like the alternative, where articles like this would not be allowed and companies' bad behavior would never get called out in the media.
Because let's face it, that's the more likely non-hypocritical scenario than the one where corporations behave nicely.
But you're assuming 4k word privacy policies are bad behaviour. The NYT is asserting this, but clearly doesn't believe it institutionally, so why should we accept this rather strange claim at face value? What's wrong with a privacy policy that has 4k words, especially for a service as complex and powerful as what Google provides?
You don't have to accept anything at face value. The whole point is that you are able to consume different points of view and make up your own mind on the matter.
This theme seems to come up a lot with different topics, not just privacy policies. Would it be better for NYT to NOT be hypocritical and just not report on accessibility if they don't implement it correctly themselves? Would it be better if it as a whole never verified sources given that their editorials are largely their own opinions? Personally, I'd take the "hypocrisy" because I understand that in large corps, typically the right hand doesn't talk to the left hand.
Well .... yes? It'd be better for the NYT to not report on something that clearly is overblown and doesn't matter!
Accusations of hypocrisy are useful because they act as a reality check. If 4k word privacy policies were so terrible the NYT wouldn't have one. Clearly nobody cares, so journalists should have taken this as a strong cue that they're chasing a non-story, almost certainly due to their own strong biases and desires. This isn't some evidence of heroic journalistic integrity, it's evidence they're spinning something out of nothing.
Yes, to say we should require otherwise is to embrace the status quo. Demanding that everybody hold their employer accountable for any breach is simply an unreachable standard, given the power distribution between employers and employees and the lack of sufficient "good" employers. So shifting the conversation to complaints about complaints (for not being sufficiently motivated to risk everything trying to burn the system down) is just distraction and helping the status quo even more.
On the other hand, shouldn't management/leadership of journalism firms be held just as accountable for their actions as others?
I think we're too quick to give a pass to business/leadership people for unethical behavior we rationalize to be good for business -- in education, journalism and anywhere else.
> Newspapers like NYT are one of the few institutions where workers enjoy a level of freedom from management in doing their work.
Then why do these articles not also criticize the NYT for these practices? Google is an easy target for newspapers because they are competitors for traffic and ads. Show me NYT reporters calling out their own practices and I will believe they enjoy this level of freedom from management.
They are regarded as among the world’s best reporters. They can Google up their own privacy policy just like anyone else, no disturbance of the editorial/sales wall necessary.
> Newspapers like NYT are one of the few institutions where workers enjoy a level of freedom from management in doing their work.
That is not the case. Every every reporter has an editor he or she must report to. Sure, reporters are given some freedom on the stories they pursue, but it's hardly a hands-off approach.
I believe they are saying there is a separation between the editors and the rest of the Corp. The editors aren’t the ones coming up with the sites privacy policy.
> Newspapers like NYT are one of the few institutions
by institutions I'll assume you mean journalistic ones. Cause employees of non-consumer facing corporations have far more freedom.
The thing is, journalism, good journalism, and certainly public service journalism, no longer requires an institution. Don't believe in the lies that claim otherwise.
That depends a lot on how you define "good journalism".
Journalism is ultimately writing about what you see and investigating it to get the facts. Most stories are broken by just one journalist, big ones sometimes multiple. Journalists don't earn very much either. This isn't an expensive endeavour compared to many things even quite small companies routinely do, like build and run a TV advertising campaign.
Moreover a lot of hard-hitting journalism appears to run on a shoestring. Look at Project Veritas. It's breaking a series of scoops about the internal behaviour of Valley firms, and it seems to basically be one or two people plus some cameras and a website.
I don't know how "shoestring" Project Veritas is, but it's not a particularly good source for unbiased information.
Breaking a good, big story takes time and time takes money. Journalists don't earn a ton, but great journalists do pretty well. Their work and the merit of their work is considered worth paying for. The money has to come from somewhere.
The best a good news organization can do is not allow the money to directly influence the journalism. At least in theory then the source of the money - within reason - is somewhat irrelevant. Historically, that's advertising or subscription. People got so used to free or nearly-free journalism in the late 1800s that even today people bristle at subscription, particularly for a non-physical product. So you have advertising.
What makes you think it's worse than the New York Times?
I've indeed not claimed journalism takes no money. I'm just pointing out it's not expensive. Corporations nobody has heard of routinely piss away more money than is spent on breaking a major news story by large papers on vanity website redesigns. News is extremely cheap, especially these days - so cheap it's literally given away for free.
> News is extremely cheap, especially these days - so cheap it's literally given away for free.
This is fundamentally wrong. It's subsidized (largely by advertising), not naturally cheap. It's like looking at Google and saying "man, software development must be cheap, they're giving away this search engine!"
Good reporting is time and labor-intensive. It also has an extremely short shelf life, meaning the time available to extract value is limited. A single news story is financially valuable for a very short period of time.
No, it's naturally cheap, even when advertising is taken into account.
Again, compare the cost of a news story vs many other things. Advertising campaigns are also time and labour intensive and usually only provide value for a short space of time. Yet people who do advertising work often earn more than journalists. News is simply not labour intensive, especially given that the vast majority of stories are not investigative and require nearly no effort to put together. Plus, the labour isn't well paid.
> No, it's naturally cheap, even when advertising is taken into account.
You haven't supported your argument all that well. First of all, ads have a significantly longer shelf-life than news stories and can often be re-used. Even short-term ads have value for weeks.
Second, creating a single, non-"investigative" (this is a nebulous term in this context) story takes, typically, 20-40 man hours to create and has value for typically 24 hours. 40 hours is in itself relative as a measure of cost, but against the term for recouping costs, it's very expensive. Without ads, this wouldn't be a viable business.
That essay is an opinion piece, not an article, and ironically for you the office surveillance was almost certainly installed by NYT corporate (or its designee), so the hypocrisy you raise cannot even exist according to the terms you provide unless you remove the separation between corp and editorial.
> Newspapers like NYT are one of the few institutions where workers enjoy a level of freedom from management in doing their work.
Eh, not really. They recently shuttered their daily political cartoon section, mainly due to a submission they published that was labelled as anti-Semitic.
This class of argument is incredibly common (e.g. Pinboard criticizing the NYT piece on ad trackers for having ad trackers itself) and is incredibly counter-productive. It's the equivalent of smarmy relatives commenting "oh yeah? well you're still on it" if you complain about Facebook on Facebook.
Sure, they're trapped inside the system, but they're trying to change it!! And that certainly deserves our respect. At least it deserves better than knee-jerk "gotchas".
I disagree [1]; accusations of hypocrisy are making an important point, which is:
"Hey, there's a reason people do the thing you criticize, as demonstrated by the fact that you do it. So instead of making this about shaming others for moral inadequacy, maybe you should be helping to identify and fix the systemic problem that leads everyone to do it. Since you have firsthand experience with that dynamic, why aren't you sharing your expertise here?"
I think that this hypocrisy also pinpoints a flaw in the main argument: this piece is a criticism of Google, not a criticism of the business ecosystem of tech companies. It singles out one actor, who is doing tings that are common practices, as a bad actor.
It is not just to say "Haha! you are an hypocrite therefore you are wrong!" That would be ad-hominem. This is to say that what they denounce is not the behavior of a single actor but the norm on the net. Failure to recognize that makes their opinion at least incomplete, probably invalid.
Singling out examples is good practice for getting the general population interested. Talking about vague groups isn't interesting. And there are ways of fixing this problem (courts, legislatures, general sentiment) that would carry over to other bad actors.
>Failure to recognize that makes their opinion at least incomplete, probably invalid.
It's invalid to imply that they are the only one with bad practices. That angle is designed to turn the general population against a single entity, without context, akin to a witch hunt.
The hypocrisy of the NYT as an institution does not invalidate their points about Google. However, their points about Google do not make their own practices any better.
It is also true that individual journalists and opinion authors don't get to decide how the NYT operates. However, they do get to choose what they write about -- and by broadly emphasizing Google's policies and by broadly ignoring the policies of institutions like the NYT, journalists risk rephrasing the cultural debate over privacy as "normal people vs big tech" rather than, "normal people vs big tech, the government, publishers, and the entire ad industry".
Journalists do not have a responsibility to force their publishers to change, nor is it a problem for them to write articles that focus on Google. However, journalists do have a responsibility to research and understand the broader topics they are reporting on -- and it is not incorrect for readers to observe that we're seeing a trend of journalists who are remarkably hesitant to apply the same level of reporting scrutiny toward publishers and news organizations that they do towards other institutions.
It's also not black-and-white whether this criticism is counter-productive. To the extent that it shelters companies like Google and plays into "whataboutism" -- yes, it's a problem.
However, criticism of this nature is also the reason why NYT as a publisher has recently started to get more self-aware of their own practices[0]. If journalists see criticism of this nature and it makes them more likely to report on publisher privacy policies, that's productive. If institutions like the NYT get criticized and it leads to them internally examining and changing some of their own privacy policies, that's very productive.
I think one of the frustrating things about this comment and the thread is this article is about Google's privacy policy specifically and how it reflects the change in Internet businesses. It's not a generic privacy policy article.
The Times DID publish a generic privacy policy article a week ago and it did call itself out as one of the worst ones [1].
It wasn't an explicit "at the Times we do this", but there's an infographic/chart in the article that places the NYT in a pretty damning spot[2]. They also called out a rival news organization (the BBC) which does a great job relatively speaking.
I think the Times has a huge point here in general and I find this article's narrative compelling and well done. Instead of making it about "why didn't we make this about themselves" I would rather focus on what it's trying to say. (Also, Google is probably the trailblazer here with this stuff and sets the tone/trend).
I'm curious to see if there will be changes. You can't rewrite a privacy policy in 7 days.
I actually appreciate that the journalists in the Times can call out other parts of the Times (this was a part of their Public Editor) but it doesn't mean that some journalist (or the entire newsroom) can change what the legal, ad or executive team think/do.
And that's not a bad thing. Because if they could, it can go the other way too and that's really bad.
I'm not sure that was a particularly _critical_ article, actually. It was pretty much just describing what Google does and how it's changed. I'm not sure there's a lot of value judgement in the writing, a lot of "critisizing Google." It was just reporting something of interest (it was of interest to me, was it to you?)
But, sure, part of the motivation of writing it was presumably knowing that some/many people would find it dismaying or unfavorable to Google.
Presumably the journalists who wrote it don't have a lot of control over the NYTimes privacy polices or practices. I'm glad the NYTimes paid someone to research it, and then published it, because then it got to me and I liked the article.
I don't see any problems or surprises, this is the world.
I guess they could write an article about the history of the NYTimes privacy policy... but really, who cares about reading that so much? Although sure, they could do more to use the nytimes as an example to be more transparent.
That they didn't doesn't erase the value of the article.
(The NYT OP does (now as I read it, it may not when you did) end with an italisized paragraph mentioning that the Times "collects data on visitors" too and linking to their own privacy policy and some other information)
This is far more of an analysis than a critique, and it's just as much about the evolution of technology and the internet as it is about Google itself.
This is true of most news sites that report on things like this. I remember an article a few months back about the proliferation of Facebook trackers and how it is a bad thing. The article itself had a Facebook pixel tracker on it. The author could have discovered this doing the same they did for all the sites they reported on. Of course they did not cover their own site.
It's fair to make an opening critique of the NYT's privacy policy, based on word count, because that is the main metric the NYT uses for the visualizations in the article. But the article's claims don't rest on that metric, so to assert that the NYT has "basically everything that they're criticizing Google for" requires more evidence and specifics. Especially when we consider that the info Google solicits and stores is by every standard far greater than anything the NYT collects, which means that the potential damage from abuse is also far greater. So it's worth asking why you think Google having fewer words for its privacy policy is, even on a facile level, an argument for its favor and not against it, considering Google has far more kinds of data and ways to share it.
But let's go with your claim, that NYT's policy is "basically everything" that they critique Google for. You mention NYT sharing name and postal address with advertisers and direct mailers – while that's something that has been an industry (in general, not just media) practice well before the computer age, let's agree for the sake of argument that it's still evil, and both the NYT and Google do it.
What other privacy policies/potential abuses do you see them sharing? We might assert that both companies say they collect and store location information, but on closer reading of the NYT's policies, I see some specific and substantial differences:
On ad-targeting:
> The ads in our apps are not targeted to you based on your current GPS location, but they are targeted to you based on your ZIP code or device's IP address.
On retention:
> If you elect to have a location-based search saved to your history, we will store that information on our servers. If you do not enable the location-based service, or if an app does not have that feature, the app will not transmit to us, and we will not collect or store, location information.
So I didn't scour the policy pages completely -- I tried to find info based on keywords, e.g. Ctrl-Fing for "location", "gps", "ip", so I apologize in advance if I overlooked something. But as far as I can tell, Google does not state a limit to the precision of location info they give to advertisers. And they do not say that users have the option to opt out of location-processing, nor do they state if it's possible for users to deny the transmitting of location info, period, in the way that the NYT says "we will not collect or store location information" if a user disables it. Again, I apologize if I've missed a similar specific statement in Google's policy.
That's a key difference in scope of data collection and retention, one that strongly rebuts your generalization. But more to the point, it's a difference in scope that has extremely obvious differences in actual impact. I think it's safe to assume if the NYT were subpoenaed for a user's IP address (such as someone making illegal threats in the comments section) they would comply with authorities.
But if the NYT were subpoenaed for the timestamped location info of a user accused of crime, and known to use the NYT website/app, the NYT, if it follows its stated policy, simply cannot comply, because it has made a decision to not track or store that info without user approval.
That doesn't seem to be the case with Google. And the consequences to the user are not theoretical – Google has already acknowledged that it complies with sweeping requests made by law enforcement, such as "the coordinates of any phones that were in the area between 7:30 pm and 10:30 pm" on the night of a suspected arson fire [0]. You can argue all you want that Google is just following the law, but the fact remains that they choose to collect and store this info. And that being the case, claiming that the NYT's privacy problems are "basically everything" of Google's, seems so facile as to trivialize the debate.
Disclosure: I just noticed that a former student of mine is listed as a co-author, and I'm assuming she was key in creating the data visualization and analysis.
This seems pretty disingenuous given the range of services offered by Google and New York Times - New York Times is a regional publication that doesn't really have any reason to know your location besides ads, while Google offers a free mobile operating system that millions of apps run on top of, many of which (including their own) use the location capabilities of the platform to provide useful services.
Just a nit - calling the NYT a "regional publication" is like calling Google a "california search engine." It's one of the largest global news organizations in the world with active newsrooms in NYC, London, Hong Kong and Paris. It has 6 news bureaus in the NY area, 14 news bureaus in the US outside of the NY area and 23 international news bureaus employing over 1300 news staff. (For reference the BBC has 50, CNN has 32 and the Times' has 46). Its California coverage is as robust as the LATimes and more robust than the SF Chronicle.
Of course, when you have multiple full newsrooms, you care about location capabilities. I get a customized California feed (California Today) when I go to it.
Again, this doesn't really compare to Google - if somebody started up a business within Google and only had about New York Times level of success, it may very well be in danger of being shut down. New York Times has about 3 million subscribers. Youtube Premium had 1.5M about a year after launch and it's on life support. Youtube Music has 16 million subscribers a year after launch and it's barely successful enough not to be cut. These are ancillary services run by small teams. Google has Android, Chrome, Search, GMail, Maps, Photos, Calendar, etc, etc, many of them actually manage lots of your data on your behalf and/or require real-time location capabilities. Of course providing these services requires a long privacy policy if they want to honestly cover what they do with user data.
"California Today" needing a location capability - I'm not sure if you're entirely serious. Why would it need to access your current location - people read local news for where they live, not where they happen to be. And whether you're in California or not is not something that changes frequently. Nor is California Today a travel guide - it has no relevance for people who happen to be in California. Do you actually know if it's based on your real time location? I doubt it. And even if it was, it doesn't have to be.
Also looking at this - https://www.nytimes.com/column/california-today - it consists of an article every other day or so? This is why they need the location data? And it doesn't look like it's a customized feed at all - seems like everyone gets the exact same feed. What data do they need to put this together? And it looks like they have a signup sheet - https://www.nytimes.com/newsletters/signup/CA - are you sure they don't automatically sign you up based on your permanent address? I mean, consider the level of location access (frequency and granularity) needed to show New York news vs California news and compare that against, say, turn-by-turn navigation.
Also I just downloaded the app and it has "Australia" as a top-level section by default (I'm in the US). Are you sure user location is used meaningfully for anything in the app?
OK, so you believe Google and the NYT are so different in scope that it's silly to compare them at all, as it would be to compare Little League to MLB, or 2 entirely sports even? I agree with that, which is why I argue that the purported hypocrisy of the NYT's policy is trivial – nevermind that the reporters do not have executive power over site and business operations, nor do we know that they aren't pushing for reform in their own house.
If the president of the World Curling Federation were to publish an op-ed on how the NFL's policies and protocols were inadequate in protecting players from permanent brain injuries, would "How big is curling's global audience and revenue compared to the NFLs?" or "How many pages does the WCF policy book devote to concussion protocols?" be relevant angles of rebuttal?
You're dodging the point here - the point is that the scope of the privacy policy should correspond to the scope of the business. And the NY Times privacy policy has basically the same scope as Google's privacy policy, despite them not providing useful services at the same scale. The evolution of Google's privacy policy in fact is about the increase in the scope of Google's business.
It's not so much hypocrisy as the fact Google's collection and use of data is skewed towards providing better services to consumers while New York Times's (and their partners' through the site/app) collection and use of data is skewed towards monetization.
As I said in another comment, you are seriously underestimating the size of the NYT. By many metrics, it's the largest global news organization based in the US and one of the largest in the world. Certainly larger than CBC, CNN, FNC, NBC News and about the same size of the BBC (and a bit smaller than Reuters and AP).
Their data collection helps them decide where to build new news bureaus and news rooms and also what content they should surface to their readers. I get a very California focused NYT vs my friends who live in NYC and London.
Also, I'm sure a chunk of their privacy policy is actually impacted by using Google as their ad service and a passthrough from Google's to them.
I'm not underestimating anything at all - how many news organizations have apps that run on Android? How many of them run Google ads? Google's privacy policy has to account for all of that. And all of that is a relatively small business compared to Google's cash cows. They are not at all comparable in terms of scale or diversity of services offered. Yet, in terms of privacy policy, they are quite comparable. Back when Google's business was at NYT's scale, its privacy policy was considerably shorter.
Some of the services and advertisements included in the NYT Services, including on NYTimes.com and within our mobile apps, are delivered or served by third-party companies, which may collect information about your use of the NYT Services.
These companies place or recognize cookies, pixel tags, web beacons or other technology to track certain information about our NYT Services website users. For example, in the course of serving certain advertisements, an advertiser may place or recognize a unique cookie on your browser in order to collect certain information about your use of the NYT Services. For another example, an advertiser or ad server may also be able to collect your device’s unique identifier in the course of serving an ad. In many cases, this information could be used to show you ads on other websites based on your interests.
We do not have access to, nor control over, these third parties' use of cookies or other tracking technologies or how they may be used.
For example, we use Google to serve advertisements on the NYT Services, which use the Google Doubleclick cookie, and in some cases, a unique device identifier, to show you ads based on your visit to NYTimes.com and other sites on the Internet. You may opt out of the use of the Google Doubleclick cookie by visiting the Google ad and content network privacy policy. If you would like more information about this practice, and to learn how to opt out of it in desktop and mobile browsers on the particular device on which you are accessing this Privacy Policy, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#. You may download the AppChoices app at http://www.aboutads.info/appchoices to opt out in mobile apps.
They are embedding third-party tracking technologies inside their app and letting each of them track however they want.
I'm sorry, but can you be more specific about your point? Is it that companies should always be held just as complicit as the third parties they use? And how absolutist are you on that? e.g. does the NYT have no moral right to report on climate change, because the NYT depends on energy suppliers, which produce the CO2 emissions the NYT complains about? Sure, that's a principle, but not one that leaves much room for actual discussion.
That's not the point - the point is that this is a loophole that effectively says, third-parties can do whatever they want with respect to your private information through our website and app and we're not at all responsible. This more or less renders the privacy policy entirely moot. It's like a vegan restaurant coming up with a "vegan guarantee" agreement that is supposed to guarantee that the dining experience is vegan, but excludes "third-party" ingredients from the guarantee. And it more or less says, you're subject to Google's privacy policy, when you visit the New York Times site, which means everything bad about Google's privacy policy is included in the New York Times privacy policy.
From a technical standpoint, what's happening is that New York Times is running arbitrary code that it doesn't know anything about on the browsers of people that visit their site. And they are claiming that they are not responsible for what it does, despite the fact it's delivered through New York Times.
Quite the opposite, they're basically saying "we use Google for ads and know what it does but if google changes what it does we don't have much control - watch our policy for changes"
Does any company in the world that serves ads from Google not do this or state this?
How would you technically host ads on your site without "running arbitrary code"? How would you add an analytics solution without doing that?
And also, focusing on this defeats the actual purpose of this article. I assume it means you agree with it's message and are just nitpicking? (Or don't and are deflecting.)
New York Times is saying much more than that - they are saying that they are using an unspecified number of third parties each of which is operating independently while having potentially full access to customer data. And throwing their hands up in the air and saying that they have no control over any of this. Google isn't their only vendor and at least Google is likely to be operating within some bounds - you don't know what their other vendors are nor what they are doing. This renders the entire privacy policy moot from the consumer's perspective.
And no this is not something they have to do. The idea that they cannot control what their vendors do is completely absurd - they have contracts with these vendors so they can state exactly what vendors are allowed to do under these contracts in the privacy policy. The only excuse here is that they are either too embarrassed to put what's in these contracts and/or they have no idea what's in those contracts. What NYT is doing is more or less equivalent to selling their users' data, which Google does not do.
And no this is NOT nit-picking and it directly counters the entire point of the article - Google's privacy policy is long because it actually covers what is being done with the data, as opposed to the New York Times policy, which states that they outsourced data collection/monetization third parties so anything goes and it's not their fault.
> let's agree for the sake of argument that it's still evil, and both the NYT and Google do it.
I don't think I'm willing to agree to that. What bit in the Google Privacy Policy makes you think they do it (it doesn't seem to fit in under any of the four categories of sharing)? And do you have an example of them actually doing it?
Re: location, I don't understand the distinction you're trying to make here. Under section 4 NYT says they collect "IP addresses, geolocation information, unique device identifiers". They "use and disclose this information for any purpose", which seems rather broad and "store it in log files". The retention is specified as "as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law".
(NYT then have a section on a specific app whose location information you can turn on/off, just like Google has a section on the Android location and Location History that can be turned on/off.)
Re: what does the article criticize Google for:
- Having a "sprawling 4000 word policy". NYT is the same.
- Treating the users as individuals rather than as aggregates. NYT is the same.
- Sharing data (which the article sneakily puts as the heading of a section that's not actually about sharing data). NYT is slightly worse.
- Personalized ads / ad targeting. Google basically just say they use data to personalize ads shown to you, and link to the controls for it. The NYT policy says they target ads by ZIP code or IP address, but on a re-read I agree that they don't say anything about personalization (I misread the last paragraph of 4.B, it seems to actually be about targeting ads for the NYT, not ads on NYT).
- License for uploaded content. The authors are pulling a fast one here, since that's the TOS rather than the privacy policy. The NYT TOS, of course, has almost exactly the same language.
> And that being the case, claiming that the NYT's privacy problems are "basically everything" of Google's, seems so facile as to trivialize the debate
But I didn't claim that. I said that everything the authors criticized Google's policy for was also in the NYT policy.
And fair enough, maybe it wasn't everything but more like 4.5/5.
I think there would have been a much better article here somewhere, where they'd e.g. first done a critique on the NYT policy using a similar tone as here. Shredding NYT like that would have certainly gotten the reader's attention. And once you've established a baseline and gotten the reader worked up, show how the Google/Facebook/etc policies are even worse.
First, thank you for correcting me that Google does not sell personal user info to third-parties, at least in the way that the NYT sells subscriber info to other mailers. And thank you for pointing out the clause in 4A, regarding "We collect information about the computer [such as] geolocation information", and how a reasonable interpretation of that means the NYT reserves the right to store and analyze location info.
On the topic of location information, my justification for seeing the difference is based on a couple of factors:
1. What ability does the NYT have to collect GPS info from users other than through mobile and explicit permission? I can't remember when I was last prompted by my browser to allow NYT access to the browser geolocation API (some interactive apps may use it), but it's still an explicit prompt. And it's still limited by me having to actively use their services.
2. I do know that Google allows for users to opt-out of and delete Location History. I'm happy to assume (and don't know any counterexamples) that when Google says it deletes the history upon user request, that it's an actual deletion, not just a database flag. But in all that I've read, I've never been clear on how opting out of Location History affects or relates to any other location data collected by Google's services. For example, from the Manage Your Location History page:
> When Location History is off: Some location data may continue to be saved in other settings, like Web & App Activity, as part of your use of other services, like Search and Maps, even after you turn off Location History.
So as an engineer, this seems reasonable to me (even if I think it's not obvious to laypeople). But is there a section where Google describes the nature of that other location data, including how it's managed and stored? In other words, if I turn off Location History, and later I'm part of a police request for geolocated devices, what potential info of mine is there for Google to share?
For the sake of argument, I'll concede a couple of points: that the NYT reserves the right to collect, store, and use GPS-level data. And that the NYT is no less compliant than Google when it comes to legal requests (and to be clear, I do not believe that Google is particularly subservient to law enforcement, and is not opposed to fighting on behalf of its users when it can). So the main difference is what each company collects as part of its normal operations, and how important/sensitive that information is for each user.
What is the worst-case scenario for the NYT user whose complete information the NYT, through malice and/or incompetence, divulges to a third-party? Billing info, of course. All my devices and everything that shows up in an IP log. Every article I've clicked on in the past 5+ years, and related page analytics. My comments/interactions on the comment sections. And I'll assume every search query I've ever made on its site. Those are all things I would never willingly put out for display, and of course I don't know the unknown unknowns (all the potential risks I can't even imagine), but the NYT-exclusive data seems mostly limited to content I've consumed and when/where I was when reading NYT-operated sites.
With Google, I don't have to imagine hypotheticals. Here's a pretty bad situation -- but by far not the worst-case scenario I can think of -- in which a man was wrongly arrested based on information provided to police by Google's SensorVault:
By all accounts, this kind of geofenced dragnet is very new, and at the time of this man's arrest, used only a handful of times. And yet despite the best intentions of Google's legal and engineering team, and what I'm assuming is good faith work by experienced homicide detectives, we already have a known and publicized incident that turned into a classic and rare nightmare law enforcement scenario (an innocent person being imprisoned for a murder).
I don't think the above situation is an extreme one, other than it happened to involve a murder, which is a situation in which law enforcement generally acts with the most discretion. But in any case, Google search results are routinely used as evidence in criminal cases, and while they often correlate with the prosecutor's case (e.g. the suspect John Doe searched for "how to hide a body" just days before the victim James Doe went missing), search data is just as prone to wild and broad misinterpretation, and anyone who googles random questions/topics regularly is at risk of cherry-picked evidence -- A well-known case is Casey Anthony's misinterpreted search for "chloroform":
Again, I reiterate, these issues don't arise from malice on Google's part. But that's irrelevant -- Google has no choice on how well others use the data they give. But knowing the actual consequences, they do have a choice in data retention policies, even if it means making it clear to the user, "Sorry, we couldn't run our systems unless we kept data in perpetuity, and that's just how it is". Until I can even imagine a situation in which NYT-exclusive data can (justifiably or not) wreck my life, I simply don't expect the same level of scrutiny for their privacy policies.
And just to be clear, this cuts both ways. The NYT, like many news organizations, have public (and internal) policies regarding conflicts-of-interest and employee public behavior: https://www.nytco.com/company/standards-ethics/
For example, I do think Google, given an indisputable document trail, would punish or fire the shit out of an engineer who was found to have manually tweaked/censored search results as a favor to their politically-connected lover. And that would/should happen at any news outlet. But AFAIK, Google (and most non-media industries) does not require or suggest that an employee tell their managers about possible conflicts of interest (romantic or not). Whereas the NYT does [0], which gives the NYT the right to fire an employee for failing to inform their editor, regardless of whether the relationship results in unethical actions.
And to me, this is fine, because it's not just about the ethics, but the potential for harm given the realities and the nature the work. It is patently obvious to me (and most journalists, I would hope) that a reporter has unilateral power to dictate what does (and does not) get covered on their beat, such that a reporter could intentionally hijack their work for a long while before suspicions arose. Is this the same at Google? Can the average employee have the unilateral ability to maliciously change the search index, without it being caught in a pre-production review, or it being explicitly recorded in an audit log? It doesn't seem so.
And because of the stark difference in the expected work and responsibilities, if the NYT were to not have its current ethics policy, and a Google exec were to call them out (e.g. "don't trust the NYT, they don't have a policy preventing their tech reporters from dating, and thus being influenced by Microsoft or Amazon employees"), I would disagree very strongly with an NYT apologist who says, "Well neither does Google!"
This article is probably intended as a jab at Google for having a Privacy Policy that is absurdly long.
However, this is also proof of how far we've come in regulating how personal information is identified and stored.
For example, the data comparison between 1999 and 2019 - Simply saying "We collect personal information you provide and clickthrough information" is certainly not enough nowadays. A short and generic policy lends itself to legal abuse, whereas the longer and specific policy tells you exactly what to expect from using the service.
Can things be made more clear? Always. But I think this trend is generally for the better.
What difference does it even make? If they want to collect new info, they just add it to the all encompassing policy for “everything Google” and the opt out option (lose access?) is too detrimental, so I have to agree.
They might as well just say “we collect everything.”
> If they want to collect new info, they just add it to the all encompassing policy for “everything Google”
Well the policy is not a binary blob. Google does more than most services by providing a full archive of their policies, as well as a clear-cut comparison of each.
That's exactly the sort of thing the GDPR is meant to address, actually. They shouldn't be able to force opt-in of a policy to access a service that doesn't itself need that information.
Also in Google's defense, the services (and ostensible benefits) Google provides in 1999 vs 2019 are so far different in scope that it's not a particularly helpful comparison/contrast. The year of GMail's launch vs 2019 would cut more to the point.
I hate adhesive ToS / Privacy Policies. I think options for data export should have to be sent to the user alongside privacy policy changes. I also think companies should be required to show TOS / Privacy Policies in a modal dialog that’s displayed for the amount of time a fast reader would take to read them.
If the average person reads 250 words / min with 70-80% comprehension, that’s 16 minutes for a 4k word policy. Since it’s legalese, I bet it’s 30+ minutes for most people. That’s ridiculous.
I don't get it. People want comprehensive details about what companies do with their information, but they also want short privacy policies. You can't have both. And if you look at Google's privacy policy, it's not legalese at all. It's mostly explanatory, since its text binds Google, not the user.
The TOU is a different matter, but, again, users and the law have forced companies into the situation where they have to explicitly spell out every detail. Even with that, Google's terms are written in what seems to me to be plain English (https://policies.google.com/terms?gl=us). What would you cut from that to make it more concise? I can see a few things, but I'm also not a lawyer, and I'm not equipped to judge what liabilities each sentence might protect Google from.
Most people never read this stuff because most people just don't care. They'll never have a dispute with Google that would be covered by the terms, and they don't care enough about privacy to find a less convenient but more privacy-sensitive alternative. Even if they do care about privacy, they probably have a pretty good idea of what kinds of information Google collects, so the privacy policy is at most a reference for cases where they are unsure. Attempting to force them to read it would be unproductive, since it contains information that is either irrelevant or else already known to potential users.
You are missing the point. There should be no need for such policies. Google should not be able / allowed to collect this data, with or without user consent.
If that's what the person I was replying to meant, they should just say that. They shouldn't say, "It's too long to read."
I don't agree at all with your point of view. I still think consenting adults can take some responsibility for making their own decisions about things. Obviously there should be exceptions when there are serious safety concerns, but such is plainly not the case with search engines.
Anyway, the TOU doesn't even address privacy very much. It would be a paragraph shorter if Google collected no user data at all. So I don't really think that is the point the top-level poster in this thread was making. Or if it was the point they were trying to make, they were doing so circuitously indeed.
> People want comprehensive details about what companies do with their information, but they also want short privacy policies. You can't have both.
You can, if the companies would not track users.
"We are not logging your activity, we are not using cookies unless you are using the webshop's cart and we delete it when the transaction is confirmed. We do not share your private information to anyone but the payment company.
We log IPs for 3 months for technical debugging. We do not try to identify the people the IPs belong to unless an illegal intrusion is detected."
This might be sensible for a wordpress plugin ecommerce website, however it is a ridiculous position when talking about Google activities. Gmail's point and value proposition is to store and fetch personal and professional information for the benefit of their users.
I get what you’re saying here, but is there an alternative to “take it or leave it” policies on the internet? It’s not like a company can negotiate with each individual user and come to a meeting of the minds.
That said, it seems like the real issue is that the policies are too long and unreadable. For that, I think providing a plain language version that clearly states “this is not the official policy,” but links to the official policy, could be good enough. I don’t know how much legal exposure is involved for the company here, but it seems like a workable compromise.
>is there an alternative to “take it or leave it” policies on the internet?
Anywhere covered by GDPR, for one. One of the features of that law is that you don't get to make access to your service conditional on providing personal information that is not strictly necessary to make the service work.
The cookie notices are the true face of the modern internet: what should have happened is that there should be no cookies until needed - so not until you log in or do "add to cart" and similar things. No cookies at all. Nothing.
You don't need to show the cookie notice for stuff like login or shopping carts. It is not about cookies, it is about recording, storing and selling tracking information beyond what is necessary for the functionality of the website.
cookies are needed to “frequency cap” ads (avoid showing the same ad over and over and over again) and for enforcing user’s ban on specific ads, (yes google’s ad choices this so, if an ad is annoying you can ban it even if you are not being targeted by that ad). While the former is more for the benefit of the advertiser, the publisher also sometimes tries to avoid annoying the user.
My default assumption is that they're all out to f me on this front & it's not like you actually have a choice in the modern world. If it's 4k long then I guess they just needed lots of noise to hide the crux of it.
Google employees do. It's required reading before designing, implementing or operating any system dealing with user data. Intentionally (i.e. genuine bugs excluded) breaking the policy is an outright fireable offence.
This reminds me of Pokemon Go forced arbitration opt-out clause that made the news and trended a while back.
"The Go terms do include an opt-out provision for people who don’t want to give up their rights. However, you must opt out within 30 days of first agreeing to the Terms of Service.
Luckily, many Pokémon Go users have only downloaded and activated the app in the last week, meaning they are still within that timeframe.
To Opt Out: Send an email ASAP (before the 30 days have passed) to termsofservice@nianticlabs.com with “Arbitration Opt-out Notice” in the subject line and a clear declaration that you are opting out of the arbitration clause in the Pokémon Go terms of service."
Fair point. That does assume same legal jurisdiction though.
Practically I'm not in the same jurisdiction as any of these websites anyway. None of this is legally enforceable unless a party is sufficiently aggrieved to spend a ton on specialist lawyers. Whether or not I clicked on some internet button privacy policy seems a little pointless in that context
The simple idea of presenting users with a text like this is madness. You know I won't read it, you know most people couldn't process or understand it if they tried, you want consent and agreements through a popup in the browser yet you know damn well that it is not an agreement at all.
To anyone who does this, who presents complicated privacy guidelines, EULAs in all-caps, insane cookie opt-out checkboxes, please have a hard look in the mirror. Think of a real-world analogy for the kind of roadblocks and contraptions you are building, how you are misleading and exposing your fellow humans. Thanks.
Yesterday, some editor at Google accidentally used "4,000" instead of 4K in their Prime/Chromecast presser, and now today whoever submitted this replaced 4,000 with 4K. Was that a subtle joke?
On a somewhat related topic: Google changed gmail URL to mail.google.com from gmail.com. I think this is for easier tracking of users--it is easier to set cookies that are shared by all Google apps and sites.
I much prefer the retro resolution of 3 words "Do no evil", we're now up to 4k resolution of words, soon we will have 8k resolution of words.
Maybe there is some new moore's law in EULA and Privacy Policies as they keep getting larger and larger, when will we reach peak, as there are published books out there with less words.
So, under GDPR and as EU citizen, can I get Google to erase all my data if I steer clear of their services? I would really love it if I could, though I'm afraid they would rather pay fines than remove my data.
I don't know the user interface, but some four years ago, when I worked on one of the most important databases in ads, we've had a bunch of business requests preempted by preparing for compliance with the upcoming EU privacy law (we didn't even know its name back then, only that we'll need a way to erase all data about a user on a short notice). I would be rather surprised if all that investment was wasted.
GDPR fines are up to 4% of global revenue. Do you honestly believe that Google is willing to risk literally Billions of dollars to hold on to your data? It just plain is not worth it so few people ever ask for data to be deleted it costs more to implement the data deletion code than is lost via less good ad targeting.
So you think if NYT were the heart of the internet they will actually do better? Nonsense; the reasons NYT does it at their scale and Google does it at their scale is the same.
I'm really curious about the volume of tech-bashing opinion pieces that the NYTimes (and other corporate media outlets) publish on a daily basis.
It's starting to rival the volume of Trump-bashing articles they used to publish at the peak of the US election cycle.
Do they have an entire department devoted to churning out this content?
Are they hiring freelancers are paying them by the word/click?
Do they also pay people to post them and upvote them on reddit/HN etc?
It’s because media companies used to control all the information and opinion. Now they’re losing that power to big tech. They are mad. But ultimately they will lose, for better or for worse.
No, they will operate as they have always operated, and simply be owned by Google or Amazon. They are currently operated by unaccountable billionaire families; in the future they will be operated by unaccountable billionaire families.
> [If you use technology, someone is using your information. We’ll tell you how — and what you can do about it. Sign up for our limited-run newsletter.]
Uh-huh. If there's even a trace of irony in that writing, I can't spot it.
[0] https://help.nytimes.com/hc/en-us/articles/115014892108-Priv...