Archive for the ‘loophole’ tag
Google has about 1,200 employees in England and made £395 million in revenue there last year (that’s just under $620 million). It did, however, only pay £6 million in taxes in England last year. Unsurprisingly, that’s not sitting well with a number of British politicians and according to The Independent, Google could face a more formal investigation into its tax schemes by next spring.
Google bases its international operations in Ireland, where corporations pay a tax rate of just 12.5%. Using a legal tax loophole called “Double Irish,” the company can move a large chunk of its UK profits to Ireland and then Bermuda. There, of course, the company pays even less tax.
According to the Independent, Google’s Irish subsidiary basically employes Google UK as an agent. Because of this, Google’s UK revenue goes straight to Ireland. The Irish headquarter then pays Google UK a 10% fee and, “once costs have been deducted,” that’s all Google UK pays taxes on.
It’s worth noting that the £6 million Google paid for 2011 is significantly more than it ever paid before. In the six previous years, Google only paid £8 million in total. The company has recently made a larger push into England and expanded its engineering team there by about 40% last year.
Here is Google’s statement regarding this matter:
We make a substantial contribution to the UK economy through local, payroll and corporate taxes. We also employ over a thousand people, help hundreds of thousands of businesses to grow online and invest millions supporting new tech businesses in East London. We comply with all the tax rules in the UK.
SEO is about your customers not the search engines
Nope, we haven’t gone mad; search engine optimisation really is all about your customers.
Most SEO companies are now playing nicely and not condoning devious techniques such as link buying, hidden text and generally exploiting every loophole and short cut they can find.
Apart from the fact that they were attracting hefty penalties for their clients, they’ve now realised that search engine marketing is more like social marketing and everything must be centred around the customer not the search engines.To be successful on line today, your strategy must include not only general keyword optimisation for your website’s structure and content, it must also involve social media marketing aimed at your customers.
No, that doesn’t mean sending out a raft of marketing messages every minute in the hope that you’ll wear down your customers and make them buy from you. Instead it’s about engaging with your audience, providing them with useful content and information and optimising your web content to reflect your customers’ needs.
For many start ups all of this can be quite confusing so this 10 minute video by Maile Ohye of Google might help. In 10 minutes she talks you through some basic search engine optimisation techniques for start ups to help you get on the right track.
It’s well worth a watch, so grab a coffee.
Apple on Friday issued a note to developers outlining a fix for an in-app purchasing exploit that allowed for the free download of for-pay content, and also announced that the loophole will be plugged when iOS 6 is released this fall.
Firefox 14 has officially launched today, which means all Google searchers are encrypted by default. It does not mean search terms will not pass via the referrer data, it only means that your searches won’t be able to be snooped on by others. There is a loophole in Google Secure Search…
Please visit Search Engine Land for the full article.
Facebook is updating its privacy policies tomorrow, but don’t completely freak out yet. We’ve looked through the amendments and pulled out the ones you should know about.
Disagree with anything you see? The social network is letting you comment on each change with your concerns before they go live tomorrow.
Check out the changes we felt were most important to highlight:
Sharing Your Content and Information
Data use is further defined under the “Sharing Your Content and Information” section, which explains that applications you have downloaded have the right to see your content, given that you downloaded the app and gave it that permission. Now, it clarifies that an application your friend has downloaded also has the right to your information because you’ve allowed that friend to see your content.
Under the “Safety Section,” Facebook changed its wording to require anyone who wants to use automated means to collect Facebook data must ask Facebook for permission first, before any automated tool is used. The previous language created a loophole where people could scrape data first and ask for permission second.
Dating applications are also getting new restrictions — age restrictions. Anyone who runs a Facebook app of this sort will have to provide some sort of age barrier, most likely keeping out anyone under 18, where before no such requirement existed. Before now, age restrictions were only enforced on alcohol-related apps, as well as “other mature content.”
Special Provisions Applicable to Users Outside the United States
This change gives Facebook the right to disable features and services in certain geographical areas at its own discretion. The new policy reads, “We reserve the right to exclude or limit the provision of any service or feature in our sole discretion.” While I’m not ready to jump the censorship gun just yet, it seems Facebook is ready to pull the plug if the need ever arises. The move is similar to Twitter’s policy stating that it can stop the flow of content to any area as it sees fit.
In the past year, social media has played a big role in revolutions across the world, including Syria, Egypt, and Libya, with revolutionaries coordinating and communicating over these networks.
Protecting Other People’s Rights
Before these changes, you were not allowed to tag users in pictures, status updates and other areas where tagging is supported without their consent. However, Facebook now further clarifies that you are not allowed to tag users if you know they don’t want to be tagged. This is probably just stronger language to discourage cyber bullying, much of which happens over Facebook photo tags.
Special Provisions Applicable to Advertisers
The company changed its language here to make clear that it is not responsible for any click fraud, or invalid click activity on advertisements, including any technological issues an advertiser might run into. That is to say, if you’re having an IT issue with your ad, it’s not Facebook’s responsibility.
Special Provisions Applicable to Software
This is an entirely new section for Facebook, which talks about any downloaded Facebook software, such as browser plug-ins. Here, the company states that it will issue software updates to those downloaded products without further warning. This new section also prohibits anyone from trying to access Facebook’s source code through reverse engineering, or other form of discovery, using these products. Sorry, cyber criminals. You’re not invited to Facebook’s source code party.
Registration and Account Security
These changes are very small, but what is noteworthy is the phasing out of the word “profile.” In instances where profile once existed, Facebook is now referring to “Timeline,” the new user interface for Facebook’s profiles.
Amendments, like this one, are automatically accepted by a user if they continue to use the service after the new policies are set in place.
In order to keep its customer base involved, Facebook invites everyone to comment here, and says that if 7,000 or more people comment, it will offer a vote “in which you will be provided alternatives.” As of right now 440 have commented. You can check out the Data Use Policy track changes in English here (or in the Scribd below). Other languages are available.
Filed under: VentureBeat
A loophole within iOS that allows developers to surreptitiously upload users’ photos and location data without their knowledge may soon have a fix. The Verge reported on Tuesday evening that its sources said Apple is aware of the bug and is “likely planning a fix” as part of an upcoming update to iOS.
The loophole first came to light earlier this month when various sites began reporting on different aspects of the bug. A couple of weeks ago, following the Path address-book-uploading controversy, 9to5 Mac pointed out that iOS developers not only have access to your entire contacts database—they also have access to your photos, music, movies, calendars, and more with their associated geotags.
The New York Times then published its own investigation into the matter earlier this week by having an anonymous developer create an app to test the loophole. As long as the user grants permission for the app to access a particular kind of information, such as photos with location data attached, those photos can begin to be siphoned to a remote server without the user’s knowledge or permission.
Apple released a statement shortly after the Path controversy saying it was planning a future software release that would force developers to ask for explicit permission before uploading user data. Since the address book behavior is the same as that with photos and other data, it indeed seems very likely that the Verge’s sources are correct and upcoming fix will address all of those issues at once. In the meantime, if you’re a C-level celebrity who’s afraid of your photos being siphoned and mapped out by a crazed fan, do what I do: go into your Settings > Location Services and turn off location services for the Camera app. It helps—a little.
Amidst a clash between social networking, advancing technology and privacy issues, a loophole has been discovered that allows any iOS app which has been given access to location data to upload a device’s entire photo library.
It’s a tense time for Google: controversial policy and user-experience changes are combining with a growing distrust of tracking and advertising to produce something of a toxic atmosphere. Not the moment, then, you would want a minor scandal to erupt in the form of Google circumventing, intentionally or unintentionally, the privacy settings of millions of Safari users.
The allegations have their source in a report by Stanford grad student Jonathan Mayer, who showed that using Safari triggered a special behavior in the normal cookie-creation process; his report was later played up by the Wall Street Journal. This behavior deliberately goes around the default Safari behavior of blocking all third-party cookies — like one from Google when you’re visiting TechCrunch.
Google says it’s a side-effect from something else, but even if that’s true, it’s still ugly.
The gist of the exploit is this: normally, a plain HTTP request to put a cookie on a machine running Safari would be acknowledged, vetted, and either accepted (for something like Amazon tracking your position on the site), or rejected (for something like DoubleClick meta-cookies). Google’s (DoubleClick’s, technically, but ultimately it’s Google’s) special cookie dispenser, however, would detect that Safari was being used, and “fill out” a form element on the client side, sending that out instead of a plain request.
Interestingly, that loophole was closed seven months ago in Webkit — by Google. One can view this cynically or generously. Cynically, it could be suggested that Google closed the hole but decided to exploit it in order to track Safari browsers — not the biggest piece of the desktop pie, but huge since it’s the default browser on iOS (also vulnerable). Generously, it could be said that Google fixed the problem and designed around a standard they helped achieve, and this tracking is in fact a side effect.
That’s something like what Google has actually said. In a statement, they say that last year they implemented some things to make sure +1 buttons (which of course are a form of third-party tracking, like most share elements) worked in Safari. They rigged a way to determine, on the level, whether a user had opted in or out to Google-related tracking, and if so, whether they were logged in. Fairly standard. But then:
However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers.
Whether they are using the phrase “contained functionality” ironically isn’t clear. After all, they’re describing a security vulnerability they sewed up back in the day. Apple, for their part, has only said that they will be working to “put a stop to it.” Whether that means they’ll be adopting the same Webkit changes Google did isn’t clear.
It’s a bit much to swallow that Google designed functionality specifically for the browser and failed to notice this particular quirk. And the huge numbers of Safari browsers reporting data to Doubleclick should have been a red flag as well.
What matters in the end, though, is that a Google product violated the expressed privacy preferences of millions of users. Whether it was a mistake, an outdated browser on the user’s side, and whether the data was effectively anonymized — people won’t care about this. This is a big stumble when Google needed to be treading lightly. A little perspective and investigation might make this violation more or less serious, but the damage is done. Google is going to have to take some big steps to repair their image after the beating it’s taken over the last few months.
Here’s Google’s full statement on the matter:
The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.
Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content–such as the ability to “+1″ things that interest them.
To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between their personal information and the web content they browse.
However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.
Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google’s Ads Preferences Manager.
Welcome to another edition of yellow journalism with Julia Angwin of The Wall Street Journal. The reporter who brought you the “What They Know” series has got Google with its pants down. The WSJ found that Google managed to get temporary tracking cookies assigned to people using Safarion the iPhone and iPad, even though both Apple and Google told consumers that Safari, by default, blocked this kind of activity.
When it was informed of this story, Google changed its approach and deleted text from its website, which makes it look very guilty.
At the risk of being seen as an apologist for culture of tracking, the dark side of web supported by advertising (that’s how Google pays the bills, remember), this story glosses over a lot of important details in its rush to judgement. The story’s first paragrpah declares that Google “tricked” Apple’s software into letting them track users, which sounds pretty dark on the face of it.
John Battelle has an interesting take on this, “Google and many others have figured out ways to get around Apple’s default settings on Safari in iOS – the only browser that comes with iOS, a browser that, in my experience, has never asked me what kind of privacy settings I wanted, nor did it ask if I wanted to share my data with anyone else (I do, it turns out, for any number of perfectly good reasons). Apple assumes that I agree with Apple’s point of view on “privacy,” which, I must say, is ridiculous on its face, because the idea of a large corporation (Apple is the largest, in fact) determining in advance what I might want to do with my data is pretty much the opposite of privacy.”
Oh, and here’s another interesting tidbit. There appears to be two version of this story floating around on the WSJ’s website. One is co-bylined by Julia Angwin and Jennifer Valentino-Devries. That’s the story currently causing an uproar. Then there is another piece by Valentino-DeVries which covers the exact same material, but dives into more technical detail. The last paragraph of that story reads, “An update to the software that underlies Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update. The people who handled the proposed change, according to software documents: two engineers at Google.”
At Google, one hand often doesn’t know what the other is doing. While the advertising team was exploiting a loophole to get tracking cookies in Safari, another set of Google engineers were closing the loophole. That seems like a fact worth mentioning, especially since they squashed this bug in Safari’s settings more than half a year before this story came out.
Filed under: mobile
"Reverse graffiti," a trick used to draw art or advertising into filthy city surfaces, is a trend we've been watching for a few years now. And while some like the idea of advertising that actually makes the world a bit cleaner, San Francisco regulators appear to be cracking down on what they see as unlawful marketing in a public right-of-way. In the news clip below, reverse graffiti pioneers GreenGraffiti make the case that they're providing a service, one that cities could theoretically monetize to help support schools and other government programs. Most cities don't technically have laws against cleaning sidewalks and walls, but San Francisco Public Works spokeswoman Gloria Chan says the city is looking to close the loophole and officially prohibit such advertising on government property: "We're going to be investigating and taking a look at what enforcement code this falls under."