In this edition of AdGuard’s digest: an adtech giant fined for profiling users without their consent, Google may owe you (a little) money, a phone tracking app suffers a data breach, AI-generated music and games get shunned, as DuckDuckGo brings its privacy-focused browser to Windows.

Google agrees to settle a privacy suit, and you may get a cut

If you have used Google Search between 2006 and 2013, you’re probably entitled to a cut of $23 million the company agreed to pay to settle a class action lawsuit. The lawsuit, filed back in 2013, alleges Google shared users’ web search history with third parties without permission.

The notice of a proposed settlement says that everyone who clicked on a search link between October 25, 2006 and September 30, 2013, is eligible for a portion of the payout. However, as it stands now, it may not be a lot — $7.70 per person, and the sum may dip further if the number of approved claims go up. Though, one can argue that moral satisfaction one gets is priceless. The deadline to file a claim (or opt out of it if, by any chance, you want to sue Google separately) is July 31. The lawsuit accuses Google of “storing and intentionally, systematically and repeatedly divulging” user’s sensitive personal information to third parties, which is said to have constituted a breach of Google’s own privacy promises to users.

This settlement, assuming it is approved, is a small victory for privacy-anxious users who want to hold Google accountable for its less-than-stellar practices in terms of privacy protection. As part of the settlement, Google will have to update its FAQ page to clarify the terms of its data sharing, resulting in more transparency for users. This is good news. However, it does not erase the risks that users may have faced or may still face from Google’s sharing of their web search history with third parties. It is also worth remembering that Google has a dismal track record when it comes to respecting users’ privacy and keeping its promises — you can read more about it here — so we would not get our hopes up that the way it handles data will change fundamentally soon.

French adtech giant fined $44 mln over profiling users for ads

French adtech company Criteo has been slapped a $44 million fine for breaching the European privacy legislation in that it failed to obtain consent from people to track them so it can display ads to them.

The French data privacy watchdog CNIL said that the company used tracking cookies to keep tabs on users across the web and analyze their browsing habits. The company has collected the data on over 370 million users in the EU, and although the data did not feature their names, it was possible to re-identify users “in some cases,” according to CNIL. The watchdog said that Criteo violated the EU’s privacy law — the GDPR — in many ways, including by failing to demonstrate the user’s consent to data processing, having a vague privacy policy, and not erasing all the data collected about users when asked. Criteo, which has since amended its policies, has disputed the fine, and argued that its actions were not intentional and did not involve “risk to individuals or any damage.”.

Naturally, we don’t agree with this statement, because it implies that the privacy rights embodied in the GDPR don’t matter that much, and their alleged violation can be brushed off. However, this case also shows that regulators, at least in the EU, are taking a tougher stance against companies that snoop on people’s online activities for advertising purposes, forcing them to at least be transparent about it.

Duck gets its done: DuckDuckGo brings its privacy-focused browser to Windows

DuckDuckGo, a company best known for its privacy-focused search engine, has unveiled a browser for Windows. The browser is still in beta, and is expected to add new features. However, it already boasts quite an arsenal of anti-tracking and security tools.

Some of those are Duck Player, which lets you watch YouTube without ads and annoying video recommendations; and tracker-blocking feature that blocks third-party trackers from loading. It also offers better encryption for links, a Fire button to instantly clear recent browsing data, no cookie pop-ups, and email protection. Considering that Windows is still the world’s leading desktop OS by a large margin, its inclusion to DDG’s portfolio is a welcome addition that could potentially help many people to enjoy more privacy online. That is, if they decide to move away from Chrome, which commands over 66% share on the desktop browser market.

DuckDuckGo coming to Windows is great news for privacy-conscious users who want to have more control over their online data and avoid being tracked by third parties. We hope that more people will give it a try. However, we must also acknowledge that it will be hard to persuade many users to switch from Chrome, which has a huge market share and a loyal fan base, often oblivious to the privacy risks that using it entails.

Popular spyware app is hacked, or when 'bad guys' come after bad guys

A phone monitoring app called LetMeSpy has been hacked, exposing the data of thousands of its users and their victims.

The app allows users to monitor calls, messages, location, and other activities of the phones where it is installed remotely. While it pitches itself as an app used for legitimate purposes, such as parental control and employee monitoring, it can also be used for spying on unsuspecting victims. The app is specifically made to be hard to detect or remove, as its icon does not appear on the phone’s home screen as is usually the case with apps. TechCrunch reported that the hacked database surfaced online and includes “years of victims’ call logs and text messages,” affecting at least 13,000 Android devices. A further analysis of the dump by hacker and developer “Maia Arson Crimew” revealed that it included files of decrypted calls and messages, emails, and password hashes.

This incident highlights the growing danger of spyware apps and how they can hide in plain sight, as well as their security flaws. We recommend that users who believe they are at high risk of being spied on regularly scan their phones with tools that can detect stalkerware-type apps, such as Malwarebytes or TinyCheck. Users should also be careful not to give their phones to strangers or leave them unlocked and unattended, as this could allow someone to plant malware on their device without their knowledge.

AI-generated artwork gets pushbacks from Grammys and Steam

One of the consequences of AI tools becoming extremely good at creating artwork that rivals that of humans is that humans want to use AI-generated content for commercial purposes. Some companies are openly embracing AI, others are banning it outright. And some are trying to find a middle ground.

One of these is the Grammys, the most prestigious music awards, which recently updated its eligibility criteria to reflect the advances in the field of AI. The updated guidelines state that works, such as songs, generated entirely by AI, or with “de minimis” human involvement, are ineligible for the prizes. So, no, AI cannot win a Grammy yet. However, nominees can include “elements of AI material” in their work, but the human component should be “meaningful.”

Meanwhile, Steam, the world’s largest online digital game store owned by Valve, also appears to be pushing back against AI-generated artwork. Steam reportedly rejected a game that the developer said contained “obvious signs of AI” because of the fear of legal repercussions. Valve told the developer that the AI-generated content was based on copyrighted material used to train the model that produced it.

We have written a lot about the legal ambiguity that surrounds the use of AI-generated content because of the way AI models are customarily trained. Companies behind AI models claim that by training them on materials scoured from the Internet, including copyrighted ones, they exercise fair use. But this claim is highly questionable. Several lawsuits have been filed against AI sites and companies alleging copyright infringement, one of the latest of them is by Robert Kneschke, a stock photographer in Germany. We have covered his case in detail here.