GOOGLE worst on privacy; a report

Hi there,

here is a new report about privacy breaks of internet provider:
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-553961
is that really new

true north

 

Hi there,

the link above didn't worked. This one should do it:

www.privacyinternational.org/article.shtml?cmd[347]=x-347-553961

true north

 

The BBC has a news story on this:

http://news.bbc.co.uk/1/hi/technology/6740075.stm

 

Hi there,

to copy and past the complete link doesn't works. Sorry about that. Here an other path:
http://news.bbc.co.uk/2/hi/technology/6740075.stm

then go to --RELATED INTERNET LINKS on the right side of that page and click on:
PRIVACY INTERNATIONAL REPORT ON WEB PRIVACY

true north

 

I use this one http://www.ixquick.com/ , They keep records 48 hours. I only use Google if I don't mind being profiled and tracked and my information reported to every agency on the planet.

 

Surely if one rejects Google's cookies, no profiling can take place or do they use other means?

 

Just like your ISP they can see EVERYTHING,ie what page you came from; what you searched for; how many results (and of course the adresses); how many links you clicked on (and of course the addresses); and how many searches you did; how long you were on each address;when you left Google (total time). Profiling has very little to do with cookies, just like the police does when they Racely profile people. There are tracking cookies, which you can detect and delete with programs like SuperAntiSpyware.

 

Google privacy - worst on the Web?

Another one about Google...

http://edition.cnn.com/2007/TECH/internet/06/11/google.privacy.ap/index.html

/Cerxes.

 

Hello,

Google and/or any other can see only so much as you let them.
No one forces anyone to use Google services.
They are no better or worse than any company that wants money out of people based on their "consumeric" behavior.

Now the real threat analysis:

They can track which pages you visited (from Google). So?
They can tell how much time you spent there (left the browser open). So?
They can ID your IP (dynamic...). So?
They can ID your X and Y ... Totally irrelevant to one's private privacy.
At most, Google and or others can profile a computer / IP and generate numbers based on those, which tell absolutely nothing about the person behind the keyboard. No one is going to receive a Google report in their postal mail telling them what and how they did.

Digital world has no privacy. People seem to forget this. And somehow they yearn for privacy when online. In real world, when you go to a strip bar, you have no spoofed ID, fake glasses or proxies to hide behind. You are exposed. Why should it be any different online? And yet, it's so much easier online.

But privacy is a hard ball that many a smart entrepreneur will wisely exploit to get richer and richer. "Look, they are stealing your privacy!" works for most of us, especially in Western culture where privacy is regarded as something special.

Regarding police and race profiling, I'm not sure about what country this is all about - and do not intend to turn this political - but this is not what happens in the digital world.

You cannot see the person behind the keyboard. Period. Case closed. Privacy is ensured.

Analysis: privacy is just a fancy word to milk money out of people.

Mrk

 

Some would differ>
https://www.wilderssecurity.com/showthread.php?p=1007001#post1007001
Post #10
"You cannot see the person behind the keybord".....got your webcam turned off...

 

Hello,
People can disagree. No problem with that.
After all, I'm merely expressing my own personal view of things.
Mrk

 

Hi all

No respect of privacy from Google?

May be but the focus on Google only is somewhat suspicious...

Nobodies talk about ISP logs, Microsoft wga and alike, web site with a privacy policies written in very small characters (needs to be a lawyer to be undestood), and last but not least all spywares spreaded on the web...

This is not include all companies keepings records on you as customer or employees , our gouvernments who put their L O N G and stupid nose in our business and last but not least may be some of your neighbor ( You know? The one who deserve a blow of fist in his stupid face...).

I have now few questions about Google:

Is it true that this privacy violations comes from tracking cookies ?

Is there some other way Google can track you ?

And finally: did the FF extension Customize Google really prevent this tracking or not ?

(One remark: I don't ask these questions because I pretend to know the answer and want to looks smart... I don't know. )

Hope you have some answer and hint for me and the other readers.

Have a nice day.

 

No one in this thread because ths is about google.

Before making statements like that - please do searches on wga, ISP logs.

"nobodies talk about..." other privacy issues and companies is simply inaccurate.

zcv

 

If, during an Internet session, you allow a Google or DoubleClick cookie, log-in to a Google account (Google, Groups, Blogspot, Gmail, etc) or have a static IP address they should be able to link your searches to a long-term profile (stored for 18-24 months) without too much trouble.

The data they collect could include all your searches, some sites you visit, the newsgroups you read, your blog profile and entries, products you're interested in buying, your ISP, Internet speed, browser, OS, and the city where you live. They may also be able to derive additional information such as your gender and whether you have any children.

They probably plan to use this data to sell advertisements tailored to your interests, demographics, and location.

 

How exactly are they going to do that?

Searches through Google, ok. Some sites, ok. Blog profile? What blog? What entries? Why should they be able to 'see' what sites I access. And how exactly do you think they'll achieve that - by magic?

ISP, internet speed, highly irrelevant, purely technical, just as anyone knows that the house you live in has a red roof.

Browser, OS, again, purely technical. You can use several OSs and browsers.

What city I live? There are 40,000 people in my city. Good luck. What about cities with 500,000 people or more.

Gender? Impossible. They do not know who is subscribed to the line, they do not know who uses the line, or how many people. And to say nothing of anything else, including children or pets.

All of these before I go into the matter of using various tools that prevent all of the above to be done. For example, proxies, blocking javascript, using referrer control or user agent control etc.

All in all, I think the privacy thingie, especially in USA, where people are very family-oriented and privacy-aware, this is being blown out of any proportion.

Do not forget that most of things you do are logged somewhere, in real life, and most people are not bothered about this.

For example, when you pay with credit card, 'they' know what you bought to the last item. When you watch TV, 'they' know what channels you flipped and such. And no one cares. Because this has been going on for years.

Internet is young so people sort of get concerned. But in the long run, it means nothing. And does not change anything.

Mrk

 

Gee, this might only apply if you have a blog?!

It may seem like magic, but it's simple. If you click on a site you found in Google search, or visit a site that displays Google ads, they'll know where you are. They might also check your 'referer' tag to see where you've been. Buying DoubleClick will extend their reach significantly.

They're probably planning to sell to you--not visit your house! A broadband ISP based in Daytona, FL might be delighted to learn you also live in Daytona but still use a dialup service.

They don't know derived information absolutely, but they can make good guesses. If you visited SesameStreet.com and then spent 30 minutes searching for Blues Clues videos, you or someone who uses your account likely has a child. If you do this many times over a period of three months then you very likely have a child. In any event, you're statistically more likely to buy children's products than the average visitor, and that's good enough for many advertisers.

It's nothing new. Amazon.com does the same thing to tailor what they display on their homepage. Insurance companies have done it for decades. If you rack up speeding tickets, they assume you're a bad driver.

Climenole asked how they might track him. Now that he knows how, he can choose to do something about it... or not.

I agree. If he disables their cookies, disables their Javascript, doesn't login to their services, uses a remote proxy service to hide his ip address, and tells his browser to stop sending referer data it's unlikely Google could create a long-term profile for him. Is it worth it??

For me enough is hosting my website, e-mail, and everything else elsewhere. I also use CookieSafe and NoScript and block my referer info. Everyone must make their own decision about how much privacy is enough.

 

Hello,

So, the privacy horror is actually ... how well they serve you with ads.

Now, please tell me, when is the last time someone called you or served you an ad, and you bought it like hot cakes?

Assuming the max. possible exposure - no cookie blocking, no referrer blocking, javascript on etc, the worst any search engine / site can do is present you with some ad-related pixels. Sounds very ... benign. Annoying, but harmless.

My eyes automatically filter ads even if software does not, I never see ads on TV, I never got convinced by anything in any ad, ever, anywhere. This is much better than any collection of programs to protect your ... privacy.

BTW, being online + privacy = oximoron. It's like saying, I'm on a stage and wanna be invisible. Don't want to be tracked? Don't use the services that can track you. Simple. No proxy or ad-blocker needed.

Furthermore, they can know at most what IP visited Sesame and what he looked for, not what the person or persons behind that IP did. Big difference.

And what are they going to do exactly? Show you an ad? Oh no.

How come no one whines about leaflets you get along with your credit card report and such? How come no one whines about 10 min of TV ads for every 3 minutes of TV? Those you can do nothing about... While all it takes to enjoy good browsing is a micron of tweaking.

All in all, it comes to what goes on in our heads. If we want to be victims of ad companies, we will. If we won't, we won't.

Mrk

 

I use Gmail as my honeypot/spam-catcher/throwaway email addy; works great, and I've noticed far less junk snail mail in my real-world mailbox, which is a good thing IMO. I could care less about online ads; I just filter them. The sky hasn't fallen either. If I want privacy, I'll travel or head to the cabin in the woods a few times a year and catch up on what nature has to offer, and leave the online world far behind.

 

Google Bad On Privacy? Maybe It's Privacy International's Report That Sucks
Jun. 10, 2007 - by Danny Sullivan - Original link

It's a bad privacy day for Google, with Privacy International first accusing the company of having the worst privacy performance of any internet service company in a study it has just released and then accusing Google of conducting a smear campaign against it. But if you actually read the report, Privacy International itself comes off bad for putting out a haphazard condemnation of Google.

Let's do the smear campaign accusation first. An Open Letter to Google * from the group says that Google is talking to journalists and implying that Privacy International favors Microsoft:

* w.w.w.privacyinternational.org/article.shtml?cmd[347]=x-347-553964

The letter never names the person in question, which is odd. Why be so secretive on this front, if everything is good and fine?

I assume the person is Caspar Bowden, the only Microsoft person listed ** on PI's International Advisory Board page. Personally, I don't think PI would be stupid enough to allow one person to influence a negative or positive rating based on their employment.

** w.w.w.privacyinternational.org/article.shtml?cmd[347]=x-347-91571

Then again, if PI is going to allow a privacy expert from Microsoft on the board, it's not too absurd to assume perhaps Google or other major companies should have representatives, as well. And if Bowden is serving in a private capacity, then why is his Microsoft affiliation used?

As for Google's action, it if was pointing to Bowden to discredit the report, that was a clumsy move. After all, why not just poke at the "study" itself as being pretty inept. Let's get the overview of Google badness first, then I'll dive in on how this was unbelievably determined.

The summary *** of the report tells us about Google:

*** w.w.w.privacyinternational.org/article.shtml?cmd[347]=x-347-553961

It's a pretty damning conclusion, especially when we are told it is based on a "six-month investigation into the privacy practices of key Internet based companies." I eagerly opened the report. At last, someone was finally doing the very hard drill-down and a decent under-the-hood comparative look at how private data is handled, right?

Wrong. Looking at the report (PDF), I was pretty shocked that it appeared to be a mishmash of details that can't be properly weighted against each other. But then I shouldn't have been shocked. Going back to the summary of the report, it starts out saying:

Wow, lots of second-hand information there. No real feel or detail that they fully drilled-down anywhere. Indeed, one of the Google pushbacks on the report to the Associated Press complains the report was published without Google being able to provide feedback:

Privacy International said it did try to contact Google earlier in the month but didn't receive a response, so there's an argument that Google got what it deserved.

Apparently, it was the only company or service of 23 that deserved a "black" rating: "Comprehensive consumer surveillance & entrenched hostility to privacy." To understand why I find the verdict without much solid backing, let's compare Google's findings against companies that scored the best in the study: the BBC, eBay, Last.fm, LiveJournal and Wikipedia. These were all rated blue or "Generally privacy-aware but in need of improvement."

Company administrative details

The study measured this, saying:

Google does have a department, just like all the best but Last.fm. Google gets called out that its privacy policy hasn't changed since 2005. Actually, I know parts of its privacy policy have changed since then. But then again, the report doesn't tell me what the case is with the other companies, in terms of when they've been updated.

For example, here's the BBC Privacy Policy. I assume it hasn't been updated since sometime in 2006, since the copyright statement at the bottom is 2001-2006. But that's not mentioned in the report.

Verdict: Google on par with the best.

Corporate Leadership

About this criteria, the study says:

Aside from eBay, none of the "best" have anything mentioned in this area. eBay is noted for being a member of Trust-e. But Google is noted as being a member of Safe Harbor plus is singled out as rejecting the US Department Of Justice request last year for search records.

This was a big deal. Yes, Google has corporate interest in rejecting that request -- but it was also the only of the major search companies in the US to say no. That it was the exception is not noted in the report, while the fact AOL, Microsoft and Yahoo did comply is omitted from their corresponding columns (instead, mention of this is done in the "Ethical Compass" areas.

Verdict: Google better than the best.

Data Collection and Processing

The study says:

Sigh. Yes, let's get all worried about still fairly anonymous IP addresses. Frankly, there's a strong argument to skip worrying about IP addresses as an exercise that just wastes time, as I wrote about in my Google Search History Expands, Becomes Web History article in April:

But how do things look? It's really hard to measure up how Google is seen. Consider the Google write-up:

Now compare to the BBC:

How do you compare these things to assess who is better or worse? I mean, Google is using Google Analytics to track readership and use of its sites, but that's not mentioned. Google uses cookies, but that's not mentioned. Both correspond to what the BBC does.

Overall, it doesn't feel like there was some standard checklist used for each company or service, to fairly assess them against each other.

Verdict: Nothing to measure as better or worse.

Data Retention

The study says:

Google is listed this way:

Well, Google Anonymizing Search Records To Protect Privacy from me explains in much more detail what's happening. Log data is kept, but the IPs and associated cookies are made anonymous, so those fretting about IP data shouldn't get worried.

In other words, that "log history is retained" part sort of means nothing -- the logs retained are anonymous. But then again, non-log based search history information is NOT destroyed, as my article explains and which the PI report seems to not understand, making me again concerned about the comprehensiveness of this report.

Meanwhile, the good? BBC:

Oh, in some cases but not all? In those cases where not all are declared, can I assume it's not destroyed at all?

eBay and Last.fm have no information on data destruction provided; LiveJournal keeps some info even if an account is closed; Wikipedia apparently has no destruction policy.

Verdict: Google at least on par with the best.

Openness and Transparency

Google gets described as:

Ouch. True? Hard to say, simply because Google has so many different policies. Are we talking about the main one? The Google Maps one? Personalized Search one? Google Toolbar For Firefox one?

In contrast, eBay's privacy policy is described as:

I have a feeling that Google also shares a similar level to what eBay does but that this information is simply not listed on one single page. But I don't know this -- I haven't at all tried to do a deep drill down on both policies, so I won't declare it so.

Others are among the good are said to have clear or thorough policies. Giving PI the benefit of the doubt....

Verdict: Likely not as good as the best.

Responsiveness

The overview from the study:

Most of the good players have nothing listed for them in this criteria at all. eBay has this:

Google, in contrast, has this:

Hmm. Over the years, Google has been constantly attacked at a privacy monster, many times without solid backing for those claims or singled out when others do the same or worse (see 14 "Is Google Evil?" Tipping Points Since 2001 for more on this).

Saying it doesn't agree with privacy challenges issued by some privacy groups is not the same as suggesting it isn't responsive. Google has actually been responsive in several ways, including the shift to anonymizing data (an actual time limit that many privacy groups have long wanted) or releasing new tools to get material out of the search engine (see Google Releases Improved Content Removal Tools).

As for customer complaints, I actually don't recall that many well publicized complaints from actual Google customers that Google wasn't responsive somehow in dealing with private data about them held by Google. Generally, the biggest "customer" complaint I hear are people are concerned that Google lists private data that has been placed out on the web itself by others.

Overall, Google is probably not as responsive as any privacy group would like, and I'm sure it could do much more, but I suspect it's not as bad as described.

Verdict: Better than described.

Ethical Compass

The study says about this:

None -- NONE -- of the "best" have anything describing their ethical compasses, neither good or bad. As for Google:

I'm split here. I agree, Google often rolls things without seeming to understand some of the privacy concerns that might come up, with Gmail being the classic example. But then again, other companies do the same (no one screamed about Yahoo recently expanding email to unlimited storage -- that's just a boring issue, now). Are you really telling me everything the BBC has done online had no privacy implications that perhaps needed public discussion? Or is it no one worries about the BBC as being so evil as Google?

And Street Level View as a concern? Wow -- this is a six month study, but we'll get knee-jerk about that? Yes, Street Level View maps have privacy concerns (see Google Street View Raises Privacy Questions: Amusing To Some, Upsetting To Others for more on this). But so does Microsoft's Birds-Eye Views and street level views of its own. So did Amazon's A9 street level mapping.

Frankly, I'm more annoyed with privacy groups than Google over street level photo views. Two years after concerns about these were first raised with A9, I don't recall any major push to figure out how to deal with the inevitable explosion of street level photography that was to come.

Should Google have done more than provide the picture removal tools it provided at launch? Perhaps, but then again, this was hardly a campaign plank of any of the privacy groups that it could easily see. Plus, there's the entire problem of how much privacy can people expect when pictures are shot in public places?

I'm going to hang with PI on this, however. I think Google's problem is that it far too much believes its "Don't Be Evil" philosophy without realizing it's a big company that people simply aren't going to trust. In the years I've dealt with Google, the culture is one of "we'd never be bad." That should change to one of "how might we be bad, and how do we prevent it." Google should assume the worst about itself, not the best. Doing that will help ensure that by the time it does launch something, the right protections should be in place.

Verdict: Better than described, but valid gut-level concerns.

Customer Control

From the study:

From among the best, it's a mixed bag of things such as you can close your account (LiveJournal) to eBay allows rejection of cookies, though things might not work right if you do this.

As for Google:

Frankly, this hardly covers it. There are SO MANY things you can have with Google. What happens to my analytics account, if I close it? To my AdSense account? Is my email really destroyed or still sitting on some archive disks.

This goes to the inability to remove search history. Not true. Well, sort of. If you use the actual search history feature, all that data can easily be wiped out (and exported, if you want), at any time. But there are archives, as I've written:

Overall, I don't feel the customer control aspect was properly researched. But had it been researched, it probably would have found more could be provided.

Verdict: Badly researched, but probably right.

Fair gateways and authentication

The study describes this as:

Google is described as:

Well, the main service people want from Google is to search. You can search without cookies. Many of the other services with privacy implications are also hard to offer unless Google knows who you are. I mean, you want to send and receive email? Guess what -- you're going to be having some sensitive information going through Google.

As for the "best," it's a mixture of nothing mentioned or notes ranging from being able to do some or all things without authenticating.

Verdict: If you just want to search, Google's as good as the best.

Privacy enhancing innovations and Privacy invasive innovations

Well, PI doesn't like the Google-DoubleClick deal in particular, writing:

That's it? Really, I mean that's all you've got -- that Google might use a system it doesn't even own? Citing this continues to make this feel like a knee-jerk report aimed to prop up PI's DoubleClick concerns rather than proper research.

Everyone Fears Google (Again) & Will The Last Googler To Leave Turn The Lights Out? from me last month covers more why it's hardly DART that needs to have the privacy advocates concerned:

Wait -- what about tracking you across sites! As if tapping into AdSense and Google Analytics data wouldn't be enough, go back and read my Google Search History Expands, Becomes Web History post. Forget FeedBurner. Heck, forget the DoubleClick purchase. The change Google made already, on its own, is pushing it right along to further tracking of people.

But how about the best? For the BBC, we're told, "No information readily available." Shouldn't PI get that information? Perhaps the BBC will be tracking people through the YouTube channels it operates, and if so, are there issues there?

LiveJournal is described as:

Well OK then! I mean if they say they have safeguards, what's to worry about? And in that case, Google's repeatedly said it has safeguards as well.

eBay is mentioned as:

I suppose that eBay purchase of StumbleUpon also helps eBay track people as they surf the web, which potentially is a privacy invasive innovation, but let's not mention that. I mean, it's too new -- not like mention Google Street View maps that happened even more recently than the StumbleUpon purchase. Just keep looking over yonder at Google.

Conclusion

Overall, looking at just the performance of the best companies PI found shows that Google measures up well -- and thus ranking it the worse simply doesn't seem fair. But the bigger issue is that the report itself doesn't appear to be as comprehensive or fully researched as it is billed.

Frankly, about the only thing saving Privacy International from many more companies or services being upset over this report is that they singled out Google as the worse. That's almost guaranteed to make players like Microsoft and Yahoo shut their mouths and point at this silently as vindication they aren't so bad.

As for Google, the reality is it can expect much more of this type of treatment as it continues to monitor much of what we do (see Google: Master Of Closing The Loop?) and wants to especially get more personal with us (see Google Ramps Up Personalized Search, Google Search History Expands, Becomes Web History and iGoogle, Personalized Search And You. And lest I've come off as a Google fanboy in this write-up, I'll remind everyone of what I said back in April when Web History was launched:

To save itself, I'd like to see Google appoint a privacy czar, someone charged with, as I've suggested above, assuming the worst about the company and diligently working to ensure users have as much protection as possible.

For others discussing this weekend's privacy news, be sure to check out discussions via Techmeme. Also, I'll plan to follow up with both Google and Privacy International on things I've covered in this article and will either postscript or link to a fresh reaction piece.

Reader Comments

* The above link is broken.

Link that I found: http://blogoscoped.com/archive/2006-01-26-n76.html

 

Was the above the longest post in the history of this forum?

 

Yes, and some day I intend on reading it.

 

yeah, that one was undoubtedly the longest post I've ever read. Nevertheless, this is something that needs attention.

 

I don't use Google any more, I haven't used Google for months.

 

If you have firefox, this is a handy plugin to remove "google analytical" and customize other options that give you more control, even if you don't use google (clusty.com!) it gives you control of the report-back probes by google on most pay sites and many others as well.
http://www.customizegoogle.com/