Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Googling Security

samzenpus posted about 6 years ago | from the protect-ya-neck dept.

Google 142

brothke writes "It has been suggested that if one was somehow able to change history so that aspirin had never been discovered until now, it would have died in the lab and stand no chance of FDA approval. Similarly, if we knew the power that Google would have in 2008 with its ability to aggregate and correlate personal data, it is arguable that various regulatory and privacy bodies would never allow it to exist given the extensive privacy issues." Read below for the rest of Ben's review.In a fascinating and eye-opening new book Googling Security: How Much Does Google Know About You?, author Greg Conti explores the many security risks around Google and other search engines. Part of the problem is that in the rush to get content onto the web, organizations often give short shrift to the security and privacy of their data. At the individual level, those who make use of the innumerable and ever expanding amount of Google free services can end up paying for those services with their personal information being compromised, or shared in ways they would not truly approve of; but implicitly do so via their acceptance of the Google Terms of Service.

While the book focuses specifically on Google, the security issues detailed are just as relevant to Yahoo, MSN, AOL, Ask and the more than 50 other search engines.

My friend and SEO guru Shimon Sandler has a blog around search engine optimization (SEO). In the over three years that his blog has been around, my recent post on The Need for Security in SEO was the first on the topic of SEO security. Similar SEO blogs have a very low number (and often no) articles on SEO and security. Sandler notes that when he mentions privacy issues around search to his clients, it is often the first time they have thought of it.

The book opens with the observation that Google's business model is built on the prospect of providing its services for free. From the individual user's perspective, this is a model that they can live with. But the inherent risk is that the services really are not completely free; they come at the cost of the loss of control of one's personal information that they share with Google.

The book lists over 50 Google services and applications which collect personal information. From mail, alerts, blogging, news, desktop, images, maps, groups, video and more. People are placing a great deal of trust into Google as each time they use a Google service, they are trusting the organization to safeguard their personal information. In chapter 5, the book lists over 20 stated uses and advantages of Google Groups, and the possible information disclosure risks of each.

In the books 10 chapters, the author provides a systematic overview of how Google gets your personal data and what it does with it. In chapter 3, the book details how disparate pieces of data can be aggregated and mined to create extremely detailed user profiles. These profiles are invaluable to advertisers who will pay Google dearly for such meticulous user data. This level of personal data aggregation was impossible to obtain just a few years ago, given the lack of computing power, combined with the single point of user data. The book notes that this level of personalization, while golden to advertisers, is a privacy anathema.

Chapter 6 is particularly interesting in that it details the risks of using Google Maps. Conti explains that the privacy issue via the use of Google Maps is that it combines disclosure risks of search and connects it to mapping. You are now sharing geographic locations and the associated interactions. By clicking on a link in a Google map, the user discloses and strengthens the link between the search they performed and what they deemed as important in the result. By aggregating source IP addresses and destinations searches, Google can easily ascertain confidential data.

After detailing over 250 pages of the risks of Google and related services, Chapter 9 is about countermeasures. Short of simply not using the services, the book notes that there is no clear solution for protecting yourself and company from web-based information disclosure. Nonetheless, the chapter lists a number of things that can be done to reduce the threat. Some are easier, some are harder; but they can ultimately add up to a significant layer of protection. Chapter 9 details 11 specific steps that help users appreciate the magnitude of their disclosures and make informed decisions about which search services to use.

Googling Security: How Much Does Google Know About You? is an important book given that far too many people do not realize how much personal information they are disclosing on a daily basis. An important point that the book makes is that small information disclosures are not truly small when they are aggregated over the course of years. Advances in data mining and artificial intelligence are magnifying the importance of the threat, all under the guise of improving the end-user experience. The book emphasizes the need to evaluate the short-term computing gains with the long-term privacy losses.

The final chapter notes that apathy is the enemy. As a user becomes aware of the magnitude of the threat, they will see it grow every day. But the next step is to take action. Be it with technical countermeasures, taking your business where privacy is better supported, or petitioning lawmakers.

As to the underlying question, "how much does Google know about you?", the answer is that it is a colossal amount, far more than most people realize. For anyone who uses the Internet, Googling Security should be on their list of required reading. The risks that Google and other search engines present are of great consequence and can't be overlooked. If not, privacy could slowly be a thing of the past.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Googling Security: How Much Does Google Know About You? from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Sorry! There are no comments related to the filter you selected.

That's Gotta Be A Long Book (5, Funny)

Anonymous Coward | about 6 years ago | (#25734465)

Googling Security

About 830,000,000 results returned.

Re:That's Gotta Be A Long Book (1)

Thanshin (1188877) | about 6 years ago | (#25735041)

And if you preorder now you'll also get

  "Wikipeding security: The eleven results demo."

Re:That's Gotta Be A Long Book (1)

Jansingal (1098809) | about 6 years ago | (#25736411)

you got to google:

"Googling Security: How Much Does Google Know About You"

you will then get a 'modest' 18,000 hits

Google is evil (-1, Flamebait)

Adolf Hitroll (562418) | about 6 years ago | (#25734467)

and you are teh ghey!

Re:Google is evil (0)

Anonymous Coward | about 6 years ago | (#25736201)

So you are responsible for doing that to poor old goatse's asshole?

Aspirin? (3, Interesting)

jollyreaper (513215) | about 6 years ago | (#25734491)

Are they saying that aspirin is so simple and helpful that Big Pharma never would have allowed it on the market or would have it tied up in all sorts of patents? But the comparison makes it sound like aspirin is harmful, seeing as Google is portrayed as more powerful than we would have let happen if we knew the future in advance.

And who would have stopped Google from doing what they did? That's like saying "If people knew what Microsoft would become, they would have stopped it." Huh? If people knew who John Wayne Gacy would become they would have stopped him except they couldn't because they didn't know.

Re:Aspirin? (3, Informative)

TheGeniusIsOut (1282110) | about 6 years ago | (#25734763)

Aspirin is harmful in large doses, it will deteriorate the lining of your stomache, contributing to ulcers. At low enough doses, the stomache is able to repair the damage, and you gain the blood thinning benefits that help prevent heart attacks.

Re:Aspirin? (3, Insightful)

Spazztastic (814296) | about 6 years ago | (#25734831)

Aspirin is harmful in large doses, it will deteriorate the lining of your stomache, contributing to ulcers. At low enough doses, the stomache is able to repair the damage, and you gain the blood thinning benefits that help prevent heart attacks.

Isn't any drug dangerous in doses past the prescribed rate? Typically they say that overdosing on something will kill you, but the truth is that it will lead to something that will eventually kill you.

Isn't that the point of warning labels? "Do not take past X pills for every Y hours?"

Re:Aspirin? (1)

HungryHobo (1314109) | about 6 years ago | (#25734939)

even then the blood thinning aspect can cause problems.

Re:Aspirin? (1)

jollyreaper (513215) | about 6 years ago | (#25735023)

Isn't any drug dangerous in doses past the prescribed rate? Typically they say that overdosing on something will kill you, but the truth is that it will lead to something that will eventually kill you.

Even water is dangerous in large enough quantities. I'm not just talking about drowning, you can drink yourself to death bolting too much water in too short of time, messes with your electrolytes (what plants crave) and you die.

Re:Aspirin? (1)

Spazztastic (814296) | about 6 years ago | (#25735245)

Even water is dangerous in large enough quantities. I'm not just talking about drowning, you can drink yourself to death bolting too much water in too short of time, messes with your electrolytes (what plants crave) and you die.

See: Water Intoxication [wikipedia.org] .

Re:Aspirin? (1)

Billhead (842510) | about 6 years ago | (#25735767)

Which actually did happen in the "Hold your wee of Wii" [outsidethebeltway.com] contest.

Never had a chance to use this quote before! (1)

LockeOnLogic (723968) | about 6 years ago | (#25736569)

"Water, taken in moderation, cannot hurt anybody" --Mark Twain

Re:Aspirin? (1)

Nursie (632944) | about 6 years ago | (#25735329)

"Isn't any drug dangerous in doses past the prescribed rate?"

Not necessarily. Drugs might only have been accredited for use at the prescibed rate, and not checked further. The may be efficacious at the prescribed rate and (in the general interests of not taking drugs you don't need), safe well above it but still prescribed at a relatively low but effective does.

Lots of drugs are dangerous if you continue to take them for very long *at* the recommended dose. the recommended dose may come from the fact that some people will take them habitually and at higher, safe one or two-off doses, these people might harm themselves.

There may be a very large margin left for individual sensitivity....

All varies massively. you're probably safest sticking to the recommended dose and duration though.

Re:Aspirin? (2, Informative)

wcbsd (1331357) | about 6 years ago | (#25734975)

That same blood-thinning action makes regular aspirin takers susceptible to bleeding out after injury, stroke (hemorrhagic), or surgery. Which is why it's important to tell your doctor/nurse/emt ALL of the meds you're taking.

Re:Aspirin? (1)

DustCollector (903185) | about 6 years ago | (#25735581)

And aspirin is linked to reyes syndrome in children.

Re:Aspirin? (5, Informative)

DerekLyons (302214) | about 6 years ago | (#25734777)

Are they saying that aspirin is so simple and helpful that Big Pharma never would have allowed it on the market or would have it tied up in all sorts of patents? But the comparison makes it sound like aspirin is harmful, seeing as Google is portrayed as more powerful than we would have let happen if we knew the future in advance.

No, they are saying that aspirin has so many side effects and health risks that it wouldn't be approved if tested under today's rules.

Re:Aspirin? (3, Informative)

thtrgremlin (1158085) | about 6 years ago | (#25735105)

Your comment is under rated. That is exactly the point. Also, overdose typically means "died from" not "took more than recommended dose", sometimes "severe complications from". Aspirin was a miracle in its time, but there are a significant number of people that react very badly to it, from those at risk of ulcers (high stress, heavy drinkers) to those with normally low blood pressure can suddenly find themselves in a very slow painful death. If you look at "causes of accidental death" in this country, "non steroid anti-inflammatory overdose such as aspirin" accounted for ~7,600 deaths in 2000 [drugwarfacts.org] . Compare this to 17,000 for all illicit drug related and incidental deaths and 32,000 for prescription drugs and it is pretty revealing. OTC drugs are not even on the chart, yet just asprin is. Compared to many things, Aspirin is much more dangerous than people give it credit for.

Re:Aspirin? (1, Insightful)

Anonymous Coward | about 6 years ago | (#25735225)

You think the stuff that's being approved today has no side effects? Give me a break.

Re:Aspirin? (1)

sexconker (1179573) | about 6 years ago | (#25735371)

Are you joking?

Aspirin has pretty much the tamest side effects of any drug.

Aspirin is also one of the most useful drugs there are/

Headache? Aspirin.
Fever? Aspirin.
Arthritis? Aspirin.
Poison Oak? Aspirin.
Heart attack? Asprin every day.
Swollen lip? Grind up some aspirin and add a bit of water.
Family history of cancer? Aspirin every day.

Side effects (other than the useful side effects above)?
You might die if you're a child and are extremely unlucky, or if you're a martial arts expert who's family has been cursed.

Your stomach lining is temporarily eroded a bit.

As with any drug, check with your doctor if you're using it regularly, don't take it with booze, and use the correct dosage.

Re:Aspirin? (1)

DerekLyons (302214) | about 6 years ago | (#25736407)

No, I'm not joking. You severely underestimate the side effects and over estimate the usefulness.

Re:Aspirin? (1)

Satanicolas (1374761) | about 6 years ago | (#25736491)

you talk about tylenol, the real piece of shit

Re:Aspirin? (5, Insightful)

HungryHobo (1314109) | about 6 years ago | (#25734901)

The more usual example given is penicillin.
Penicillin which has saved a million times more lives than even the most hyperactive cartoon hero.
Penicillin which has made so many nightmare deadly diseases into matters of a week feeling a bit off.

That same penicillin wouldn't have a chance of getting through drug trials.Penicillin allergy is one of the most common drug allergies and the way drug trials are run the moment the first test subjects went into anaphylactic shock the trials would stop and the drug would be thrown in the bin. Never mind it's potential. Never mind the value we now know it has, it would have gone in the bin if it had had to pass modern drug trials and countless lives would have been lost.

Funny side note. If you thought peanuts might cure cancer and you put them through trials as a drug they wouldn't even get to the stage of being given to actual cancer patients since someone would almost certainly have a severe reaction before that point.

Re:Aspirin? (0)

Anonymous Coward | about 6 years ago | (#25734915)

Actually many over the counter medications such as aspirin, paracetamol (Tylenol), and ibuprofen can be harmful, even deadly. I'm going to take a stab in the dark, but my understanding is that it would not be approved for OTC use today due to the risks of long term use.
An example: Person A has the flu and takes some Tylenol - say, 1-2 tablets every 6 hours (totaling 6 tablets in a day, assuming 8 hours of sleep). The next day, Person A decides that the Tylenol was not effective enough - so they try TheraFlu. That could lead to an OD, especially if the person continues to take Tylenol along with the TheraFlu.

Acute toxicity would not prevent passage on its own; instead it's long/medium term usage at what are normally considered "safe" dosages - chronic toxicity.

http://en.wikipedia.org/wiki/Aspirin#Overdose [wikipedia.org]
http://en.wikipedia.org/wiki/Aspirin#Adverse_effects [wikipedia.org]

http://en.wikipedia.org/wiki/Paracetamol#Adverse_effects [wikipedia.org]
http://en.wikipedia.org/wiki/Paracetamol_toxicity [wikipedia.org] (it even gets it's own entry :-X)

I am not in any capacity a professional chemist, pharmacist, medical personnel or other qualified individual. Please take the above with a grain of salt. Thank you.

Re:Aspirin? (4, Insightful)

darkmeridian (119044) | about 6 years ago | (#25734943)

The aspirin thing is retarded. If aspirin were created today, it would cost $5 a pill and make billions for Bayer. Then a plaintiff's lawyer would sue Bayer for billion bucks after Reye's syndrome kills some flu-ridden kids who took aspirin, and then Bayer would be rocked with a scandal when the blood-thinning properties of aspirin causes deaths in the elderly who got ulcers using aspirin.

Re:Aspirin? (1)

Brian Gordon (987471) | about 6 years ago | (#25735173)

Yeah I really don't understand that about google. What kind of privacy regulatory agency actually has the power to say "sorry startup company, we forsee you aggregating too much data in the next 10 years so we're freezing all your assets." That's ludicrous

Google's "Do no harm" PR smoke screen... (2, Insightful)

MindKata (957167) | about 6 years ago | (#25735421)

Google provide what governments want, i.e. "Information", and as information is power, no government would want to stop Google. (Unless that information gathering power was directed at them).

Also from the main title page: "Similarly, if we knew the power that Google would have in 2008 with its ability to aggregate and correlate personal data, it is arguable that various regulatory and privacy bodies would never allow it to exist given the extensive privacy issues"

That's basically saying the boiled frog principle. So implying people other than governments, would see the danger with Google and then seek to pressure governments to stop it. Well *some* people have seen the power of google and did see the danger it opens up years ago, but no where near enough people stood up and said something about Google, to even limit its ultimate goal to becoming effectively an advertising version of Big Brother. Problem is even now, most people still cannot see the full danger, so nothing will be done.
e.g.
http://slashdot.org/comments.pl?sid=465072&cid=22544268 [slashdot.org]

Re:Aspirin? (0)

Anonymous Coward | about 6 years ago | (#25736089)

Wait 5 years. That's where the totalitarian bus is headed.

Re:Aspirin? (1)

dorque_wrench (1394209) | about 6 years ago | (#25735553)

Are they saying that aspirin is so simple and helpful that Big Pharma never would have allowed it on the market or would have it tied up in all sorts of patents? But the comparison makes it sound like aspirin is harmful, seeing as Google is portrayed as more powerful than we would have let happen if we knew the future in advance.

And who would have stopped Google from doing what they did? That's like saying "If people knew what Microsoft would become, they would have stopped it." Huh? If people knew who John Wayne Gacy would become they would have stopped him except they couldn't because they didn't know.

OK, so the aspirin analogy is flawed. I think what the author is really trying to say was best explained in Dante's Peak: "If you put a frog into a pot of boiling water, it immediately jumps out. However, if you put that same frog in a pot of room-temperature water and then slowly heat it, the poor, dumb thing will remain in the water even as it is cooked to death."

Re:Aspirin? (1)

Jansingal (1098809) | about 6 years ago | (#25736511)

why is everyone obsessing on the opening intro???? this has NOTHING to do w/ google security. it was an intro, nothing more. and to think, 98% of the comments so far are about the opening 3 sentences, and nothing about the book.

So many inventions (5, Insightful)

Drakkenmensch (1255800) | about 6 years ago | (#25734547)

Similarly, cell phone cameras would have been banned from ever being marketed. It's way too easy to film goverment officials and law enforcement agencies commiting abuses of power, when before that it used to be your word against theirs, with their word always winning.

Re:So many inventions (1)

qoncept (599709) | about 6 years ago | (#25734839)

..ignoring the fact that the real problem with cell phone cameras is douchebags who would rather watch their 2" LCD than the concert they are actually at so they can watch it later. Except they won't, because the quality makes it worthless.

Re:So many inventions (1)

theeddie55 (982783) | about 6 years ago | (#25735099)

yeah, but that's a problem that only effects the douchebags, so unless you're a douchebag, it's not your problem.

Why does nobody ask Google anything today? (5, Interesting)

Roland Piquepaille (780675) | about 6 years ago | (#25734593)

Forget the what-if-we-knew-x-years-ago supposition : why does nobody - no regulatory body that is - demand that Google explain exactly what data they collect and what the heck they do with it?

Really, it seems that, since they started out saying "do no evil", everybody took their word for it and let it go at that. Google is worth billions, reaches millions worldwide, provides dozens of services people have come to rely on, and yet no-one knows what they do exactly, aside from banalities such as "their business model is selling ads". Heck, even Microsoft is under 100x more intense scrutiny than Google...

I like and use Google services as much as the next guy, but their ultra-secretive habits make me very wary of them.

Re:Why does nobody ask Google anything today? (3, Insightful)

Arthur B. (806360) | about 6 years ago | (#25734783)

why does nobody - no regulatory body that is - demand that Google explain exactly what data they collect and what the heck they do with it?

Regardless of why they're not doing it, I'm glad they are not. Collecting personal information which was willingly disclosed is not a crime and should not be.

Re:Why does nobody ask Google anything today? (0)

Anonymous Coward | about 6 years ago | (#25734949)

Hear! Hear!

Educating users is one step that must be taken.

Willingly disclosed? (4, Insightful)

Nerdposeur (910128) | about 6 years ago | (#25735399)

Regardless of why they're not doing it, I'm glad they are not. Collecting personal information which was willingly disclosed is not a crime and should not be.

I'm not sure I agree. Do people "willingly disclose" the contents of their emails, their searches, their map queries, their photos, their videos, etc by using Google services? Personally, I'm trusting them not to compile all that information and sell it - but what if they did?

With data mining, the whole is much more than the sum of the parts. Your individual queries might not be worth protecting - "ooh, I can't have Google know that I want an office chair!" - but in aggregate, they might reveal where you live, your financial status, your relationship troubles, your medical problems, what products you like.... stuff that marketers would die for.

If people knew what their "willingly disclosed" info could be used for, maybe they'd be less willing.

Re:Willingly disclosed? (1)

Arthur B. (806360) | about 6 years ago | (#25736699)

There's definitely an educational issue here. We're not completely ready for this. However, forcing disclosure will not solve that problem. As long as demand for transparency is not driven by the users, the problem will remain.

Re:Willingly disclosed? (1)

Cowmonaut (989226) | about 6 years ago | (#25737159)

People are lazy. Lazy people don't read their Terms of Service. We have Terms of Service because people are greedy and the law is set in such a way now that you have to pre-empt lawsuits.

Sad really. *If* people were more honest, a lot of the headaches in life would go away. Since they aren't going to become more honest, just read what the company says they are going to do with the information and determine if its worth the effort.

Me? I don't care. The likelihood that someone will be reading my e-mails is next to nil. The chances of them reading them before I receive them are lower still given they arrive almost as soon as they are sent.

For me, the trade off is acceptable. For when its not I find an alternative (e.g. go to the library, use notepad, etc).

Re:Why does nobody ask Google anything today? (3, Insightful)

DerekLyons (302214) | about 6 years ago | (#25735405)

Which misses the point of the book - that you can be disclosing personal information without being aware of it.

Re:Why does nobody ask Google anything today? (2, Insightful)

Arthur B. (806360) | about 6 years ago | (#25736729)

The point of the book is educational, it points out the obvious so that people realize the information they're giving away.

Re:Why does nobody ask Google anything today? (2, Insightful)

onedotzero (926558) | about 6 years ago | (#25735475)

I think, more to the point, your average user doesn't really understand quite what a corporation (of any size) can do, nowadays with that data.

Information in this new digital world is a far cry from disclosing your information to marketing surveys that would simply end up with your address on multiple mailing lists. Now it can tie up what do actually do online and off, where you do it and who you do it with, and that's probably the tip of the iceberg.

My opinion is that if governments had this kind of insight, would you trust them not to abuse it? Would you trust a profit-driven company more, or less?

Re:Why does nobody ask Google anything today? (1)

Arthur B. (806360) | about 6 years ago | (#25736753)

More. A profit driven company needs to keep its customers from changing their bookmark. A government only has to worry about people expatriating...

Re:Why does nobody ask Google anything today? (1)

AMSmith42 (60300) | about 6 years ago | (#25735033)

"I like and use Google services as much as the next guy, but their ultra-secretive habits make me very wary of them."

And yet, like a strung out junkie, you keep coming back to them? Why does anyone have to ask them what they are doing if you are already fairly certain you know? You seem to be a smart person, yet you keep doing things you are believe are hurting you, waiting for the government to step in and force you to stop. Government is not the answer. Self control is.

Re:Why does nobody ask Google anything today? (2, Interesting)

Anonymous Coward | about 6 years ago | (#25735115)

You know, all the tools and information available to advertisers from google is documented in abundance. It's called AdWords (advertise for keywords on google or content sites) and AdSense (host ads on your content site). The ads for any given search query or AdSense page are ranked in an auction based on an advertisers bid multiplied by a "quality score" (clickthrough and a bunch of other "quality" fudge factors). Here [nytimes.com] is an article on google's ads group. Note that advertisers call it a "black box"; for users that is a good thing, and tends to refute the common idea that google is selling out super-detailed user profiles to advertisers.

If people want to continue speculating about what google *could* be computing, or what it is sharing with advertisers, go wild I guess. But since advertisers or normal people too, the information is out there. After learning about how web ads actually work in the last year or so, it's been worrisome for me to see how few people actually know how web advertising works, even though it underpins the funding for the modern web.

The financial institutions that I use have much scarier data on me than google gathers, even though I use many google products. That's because credit card history, bills, pay stubs, and withdrawals now all go through your bank, with strong links to your identity. Both google and my bank could be joining and computing all sorts of scary stuff -- but no matter how you try, you can't really control what some group can compute about you when they have the data. What you can control, and what I'd argue is more important, is what they release to others. Just like my bank is limited in who and what it can release, we need that kind of privacy policy (or legislation) for online companies. People seem to be preoccupied with chasing the bogeyman though, rather than thinking what kind of lasting change that'd make the system work.

Re:Why does nobody ask Google anything today? (1)

ArtemaOne (1300025) | about 6 years ago | (#25735159)

They never said Do No Evil. They said Don't Be Evil. You can do evil while not being evil. One is isolated incidents, while the other shows a trend. Its a good use of semantics to get around that.

Re:Why does nobody ask Google anything today? (1)

0xABADC0DA (867955) | about 6 years ago | (#25735195)

Forget the what-if-we-knew-x-years-ago supposition : why does nobody - no regulatory body that is - demand that Google explain exactly what data they collect and what the heck they do with it?

More to the point, saying "we collect ip addresses from google-analytics and our ad partners" is way different from saying "and by correlating that data we know 98% of every page each person visits on the internet". Companies say they don't collect any personally-identifiable information... and then proceed to correlate that with personally identifiable information from other sources.

The way it should work is that if a company ever creates a profile on an individual (even for a split second, even for a one-time query, even for court orders, etc) then the existence of that profile has to be recorded at a government public database. People can then access this database to see what companies have a profile on them, and can demand a copy of the profile from the company, and can demand correction be made to the profile for incorrect data.

Yes, this is a bit more overhead for companies if they create profiles on individuals. Instead, they'll create generic profiles not directly linked to you. For instance, google will drop 'name' and 'address' from their records of the web sites you visit since that will cost less than people knowing just how invasive google is.

Re:Why does nobody ask Google anything today? (1)

Brass Cannon (882254) | about 6 years ago | (#25735469)

"why does nobody - no regulatory body that is - demand that Google explain exactly what data they collect and what the heck they do with it?" Great question. I think that the answer is obvious. Those regulatory bodies must see a benefit (either now or in the future) in not asking.

Re:Why does nobody ask Google anything today? (2, Interesting)

gonz (13914) | about 6 years ago | (#25735593)

People assume that Google uses your private information in indirect, anonymous ways to improve advertising or predict general trends from keyword histograms. But have you looked at Google's privacy policy?

"We restrict access to personal information to Google employees, contractors and agents who need to know that information in order to operate, develop or improve our services."
http://www.google.com/intl/en/privacypolicy.html [google.com]

It basically says they use your data to improve their services and to develop new services. It's clear that Google aims to eventually get into just about every possible industry, so their "services" are very broadly defined.

As far as I can tell, there is nothing in the privacy policy that says Google will not directly data-mine your Gmails and Google Docs. There is no limit to what's possible if you have a huge searchable index of everybody's private data. Here are some examples of how Google might choose to "operate, develop, or improve" their services:

- get trading tips for any financial market by searching people's private Gmail conversations or corporate Google Docs
- search for discussions/documents relating to inventions, then premptively patent the idea
- detect DNS names that people are brainstorming, and then preemptively squat on these domains
- predict when a limited item is going to be popular, then buy up those products and sell them at higher price on e-bay
- use private discussions to predict locations of possible terrorist attacks and sell this information to the military
- search people's e-mails or documents for illicit material or copyright infringement, maybe under a government order
- use your company's internal documents to directly compete with your company

To the extent that they're legal, these ideas are totally compatible with Google's privacy policy as I read it.

Individual people willingly publish their private information on the internet every day. But I have NO IDEA why a business would ever consider entrusting its private data to one of the biggest, broadest competitor companies in the world. Gmail and Google Docs are a big data mining bait.

Cheers,
-Gonz

Re:Why does nobody ask Google anything today? (1)

Jansingal (1098809) | about 6 years ago | (#25736467)

'demand that Google explain exactly what data they collect and what the heck they do with it?' excellent point!!! google full disclosure- what a great idea!

Apathy has always been the enemy (5, Interesting)

ACK!! (10229) | about 6 years ago | (#25734595)

My grandparents refused I remember a long time ago to give out their Social Security Number to anyone.

I remember when you put your credit card onto the manual machine and then made sure to get the carbons.

For the luxury of convenience we have given up our security our anonynimity in not just the digital world but the world at large.

And for this price we get one-click shopping and online bill paying and such. But when the waiter swipes you card # it all comes back to you.

And am I any better than anyone else in this regard ? No. Not really.

Re:Apathy has always been the enemy (2, Insightful)

Lord Ender (156273) | about 6 years ago | (#25735961)

The problem is NOT that people ask for or give out SSNs. The problem is that banks and businesses stupidly use knowledge of SSNs as a means of authentication. Obsessing over the "privacy" of such non-private data is trying to fix the wrong problem.

Denial works well here. (5, Insightful)

RulerOf (975607) | about 6 years ago | (#25734601)

For all we know, Google could have an extensive psych profile on each of us, know the names of everyone in our family, and probably even determine our level of education or our professions based simply on our search queries.

Google's reputation, however, is mighty squeaky clean, and until it is revealed just exactly what kind of information their computers can put together from your web habits (and what, exactly, they do with it), I have a feeling we'll be in denial about it for a very long time. I mean, they really, really have a couple billion metric fucktons of money.

I refuse to put any more information into Facebook than I already have because, unlike Google, Facebook doesn't have quite so evident of a business model.

Google away. :P

Re:Denial works well here. (3, Insightful)

Ephemeriis (315124) | about 6 years ago | (#25735349)

Google's reputation, however, is mighty squeaky clean, and until it is revealed just exactly what kind of information their computers can put together from your web habits (and what, exactly, they do with it), I have a feeling we'll be in denial about it for a very long time.

It isn't denial, it's personal experience.

Google has been turning out very useful products that pretty much do what they're supposed to. They've been doing some philanthropic stuff too. They give back to the community with their Summer of Code and things like that. Overall, my personal experiences regarding Google are positive. Thus far I do not have reason to distrust them inordinately. This doesn't mean that I'll blindly go along with anything and everything they do, but I don't question their every decision either.

By contrast, I've got a long history of frustration with Microsoft. Product after product released late and in buggy condition. Patches that break more than they fix. Hours of frustration trying to troubleshoot issues and track down fixes. Constant press releases about how wonderful the new version will be, and then most of the new features don't show up. I'm talking about a good 10+ years of frustration with Microsoft. So, naturally, I'm a bit skeptical when they announce a new product.

Re:Denial works well here. (1)

city (1189205) | about 6 years ago | (#25735905)

I am not in denial (though Im sure a lot of people are). Until I have the sense that I may be harmed by them in any way I will continue to allow them to house my bank account info, pictures/video from anywhere I have been in the world, my schedule, my blog, all my search history and purchases, and now my cell account info along with real-time location (G1). Basically I have gone all-in Google and my life is a lot more convenient than it used to be, especially now that I have all this info in my hand at all time thanks to the G1. For all I know someone has compared all the databases and compiled an extensive profile of me. Of course, if they really want to then can just call me and I will be happy to fill in any blanks as long as it makes my life more convenient.

Re:Denial works well here. (1)

Jansingal (1098809) | about 6 years ago | (#25737065)

>>I refuse to put any more information into Facebook than I already have because, unlike Google, Facebook doesn't have quite so evident of a business model.

but what about when google buys facebook?

Foresight... (1)

intothemiddle (1142025) | about 6 years ago | (#25734617)

..is a great thing. HOWEVER, you could debate all day that if Google didn't exist because we all focused on not letting it come to power, that some other company would of done what they did and we'd be in exactly the same place but with a different logo. Perhaps available in cornflower blue!

Perhaps if we'd of known how evil and corrupt the World has become we'd of tried to make a nuclear bomb much quicker to get it over and done with.

And finally.. - Who's going to even bother to do anything about things when they become a major problem. No one, that's who! (and not the mayors aid either).

Oh noes... (0)

Anonymous Coward | about 6 years ago | (#25734623)

Google knows what my favorite cheese is! Now advertisers can purchase information about who likes what kind of cheese in what region. Good thing that they can't trace the Swiss addiction back to me.

How long before the feds get involved? (5, Insightful)

MikeRT (947531) | about 6 years ago | (#25734643)

I'm predicting [codemonkeyramblings.com] that Google's flu tracker is going to end up being used as an argument in favor of a federal data retention mandate if it turns out to be successful for the CDC. While DHS may have recently shown that datamining doesn't work on terrorists [wired.com] , I'll bet that it would certainly work on certain classes of other criminals like sex offenders. How long before the DoJ starts down this path by saying, "hey Google, why don't you keep an eye on suspicious searches for us, and let us know if someone reaches a threshold of $X searches/month so we can see if they're bad dudes banging little kids." The road to hell is paved with good intentions.

Think I'm paranoid? Then explain why the USA PATRIOT Act was ready to go so soon after 9-11. It's not like they were just waiting for a justification to present it to Congress...

Re:How long before the feds get involved? (4, Interesting)

Anonymous Coward | about 6 years ago | (#25734819)

How long before the DoJ starts down this path by saying, "hey Google, why don't you keep an eye on suspicious searches for us, and let us know if someone reaches a threshold of $X searches/month so we can see if they're bad dudes banging little kids."

Under the PATRIOT Act, any FBI officer could ask for this data, with a self written warrant, Google would be compelled to give them the information, AND IT WOULD BE ILLEGAL FOR GOOGLE TO TELL ANYONE ABOUT IT... EVEN UNDER OATH IN A COURT OF LAW.

So, this could already be happening I guess.

Re:How long before the feds get involved? (3, Interesting)

megamerican (1073936) | about 6 years ago | (#25735047)

It has been admitted that the PATRIOT ACT was written before 9/11. Most of it was seperate bills that failed during the Clinton administration and that most Republicans opposed at the time. Funny how things "change" when you get into power.

Lawrence Lessig, a Law Professor from Stanford University told an audience at this years Fortune's Brainstorm Tech conference in Half Moon Bay, California, that "There's going to be an i-9/11 event" which will act as a catalyst for a radical reworking of the law pertaining to the internet.

Lessig also revealed that he had learned, during a dinner with former government Counter Terrorism Czar Richard Clarke, that there is already in existence a cyber equivalent of the Patriot Act, an "i-Patriot Act" if you will, and that the Justice Department is waiting for a cyber terrorism event in order to implement its provisions.

During a group panel segment titled "2018: Life on the Net", Lessig stated:

There's going to be an i-9/11 event. Which doesn't necessarily mean an Al Qaeda attack, it means an event where the instability or the insecurity of the internet becomes manifest during a malicious event which then inspires the government into a response. You've got to remember that after 9/11 the government drew up the Patriot Act within 20 days and it was passed.

The Patriot Act is huge and I remember someone asking a Justice Department official how did they write such a large statute so quickly, and of course the answer was that it has been sitting in the drawers of the Justice Department for the last 20 years waiting for the event where they would pull it out.

Of course, the Patriot Act is filled with all sorts of insanity about changing the way civil rights are protected, or not protected in this instance. So I was having dinner with Richard Clarke and I asked him if there is an equivalent, is there an i-Patriot Act just sitting waiting for some substantial event as an excuse to radically change the way the internet works. He said "of course there is".

You can find that talk on google video.

On a flu related note, the google flu tracker really scares me. I pointed out in the discussion about it that Executive Order 13375 adds

(c) Influenza caused by novel or reemergent influenza viruses that are causing, or have the potential to cause, a pandemic

to Executive Order 13295 Relating to Certain Influenza Viruses and Quarantinable Communicable Diseases.

That simply means that our government can pre-emptively quarantine an area that may cause a pandemic. The language "reemergent" is also troubling to me since it has been admitted that they have recreated the 1918 flu virus.

Re:How long before the feds get involved? (1)

IP_Troll (1097511) | about 6 years ago | (#25735273)

Obama is now president, The GWB 9-11 conspiracy theory is OVER, you are going to have to find a different windmill to joust.

Google flu tracker is an anecdotal "g-wiz" project that contains no individually identifiable material and has no real scientific value. Why would it be used as an argument in favor of data retention? Is getting the sniffles now a crime?

While despicable, sex offenders are not terrorists and the PATRIOT act is not used to gain information about them.

The patriot act was ready to go so soon after 9-11 because it is a poorly drafted pile of garbage that is not used for anything more than lip service.

If you want privacy, I can respect that, keep to yourself and be private. Don't put your private information in a place accessible to the public, like the internet. Don't start making up stories about how THEY are out to get YOU. That is not paranoia, that is megalomania.

Re:How long before the feds get involved? (0)

Anonymous Coward | about 6 years ago | (#25735641)

I hate to contradict you here, but...um....technically, Obama is President Elect. GWB is still President. And will be until Obama is inaugurated.

Re:How long before the feds get involved? (1)

Twanfox (185252) | about 6 years ago | (#25735781)

I didn't know that the events that happened on 9/11/01 went away just because GWB has finished his term in office. Also, regardless of who is in power at the time, it is always important to be vigilant over the powers that the government is allowed to hold over its people. Just because Obama, who appears to have the people's interest in mind, is in office NOW doesn't mean that something done with good intentions for him can't be twisted into something particularly evil later on.

There have been reported cases of government offices (CIA, FBI or whatever) collecting information and 'mislabeling' a particular group of patriots (people rooted in the ideals of the country, if not the government in power) as terrorists. These are people that just want the war to end in Iraq, or to end corruption in the government, and they're called anti-government or anti-war terrorists; people exercising their Constitutionally protected right to assembly and freedom of speech. Even if not true in the US at this time, it has been evident in other countries throughout history, and history has a nasty habit of repeating itself.

First fallacy- who is the president? (1)

way2trivial (601132) | about 6 years ago | (#25736507)

it ain't over 'til it's over baby....

I'm still paranoid enough to wonder if the current white house occupants might still pull something that is almost but not quite a coup

the whole premise is cracked (4, Interesting)

epine (68316) | about 6 years ago | (#25734665)

The premise here is "if only we had known ahead of time, we would have done things differently". In the cases where we did know ahead of time, or enough people did, we still went ahead and did it anyway. *After* the Grand Banks fishery collapsed ... we continued to fish it. A few short years later ... we shut down the entire fishery due to lack of foresight and cooperation.

For some reason, I've never viewed Google as a particularly large threat. They seem to be using the data mining to sell a well targeted audience. Is there a Google service where I can pay to get dirt on my neighbors? There's two guys living out front I'd like to get rid of.

Like a bank, there is a business model to make a lot of money in a hurry by whisking all the deposits off to an island paradise. However, the business model where they maintaining the trust relationship with the fools who deposited in the first place pays better in the long run. When you get down to it, banks sell trust, and not much else.

Do we think our banks don't know a lot about us? If only we had known, we'd have never allowed banks to exist in the first place.

What's happening here is that with mass storage plummeting into the $/TB range, one way or another we were going to have to rethink our entire privacy and public information models rather dramatically.

If only we had known, we'd have never allowed Shugart to spin that first platter.

Re: summary of the parent (0)

Anonymous Coward | about 6 years ago | (#25735299)

Epine had a divine epiphany and opined about optional nature of our banking industry, which now appears to be controlled by alpine aphids addicted to aspirin.

Disclaimer: I blame the above on the wine. Now if you'll excuse me I need to visit the latrine, and then I'm going to get supine.

Re:the whole premise is cracked (2, Informative)

DerekLyons (302214) | about 6 years ago | (#25735439)

Do we think our banks don't know a lot about us? If only we had known, we'd have never allowed banks to exist in the first place.

The difference between banks and Google is that banks are heavily regulated under the law as to what information they can collect, what they can do with it, and who they can release it to. Google isn't.

Re:the whole premise is cracked (1)

VeNoM0619 (1058216) | about 6 years ago | (#25735749)

Is there a Google service where I can pay to get dirt on my neighbors?

Not quite, but our datamining search results indicate you're not alone [google.com]

Bogus (3, Interesting)

Xerolooper (1247258) | about 6 years ago | (#25734755)

aspirin had never been discovered until now, it would have died in the lab and stand no chance of FDA approval

This argument is such a fallacy. If it was discovered today it would be considered an herbal supplement and they are not regulated by the FDA. If it was considered a drug patent trolls would sue for it and it would still get marketed since it does work with little side effects. They would see the potential to make a lot of money.

Re:Bogus (0)

Anonymous Coward | about 6 years ago | (#25735643)

Little side effects? Aspirin, like penicillin, actually has extremely negative effects for a good portion of people. Enough so that it would fail drug trails and be banned as a supplement.

It's easy to look at them as "harmless" (or mitigated risk) now because they are so ingrained in our society and we understand so much about them but if they were a newly discovered herb/drug then it would look pretty dangerous and further investigation might be stifled before we really understood what they could do and how we can handle the risks.

Re:Bogus (1)

Jansingal (1098809) | about 6 years ago | (#25736773)

GET OVER THE INTRO!!!!! focus on the review and the book!!! come on alrweady.

About that asprin comment. (1)

DaveV1.0 (203135) | about 6 years ago | (#25734771)

I have never heard that said of aspirin, but I have heard it said of caffeine. Specifically, that caffeine would be regulated like cocaine.

Re:About that asprin comment. (2, Insightful)

maxume (22995) | about 6 years ago | (#25734995)

Poorly?

Re:About that asprin comment. (1)

DaveV1.0 (203135) | about 6 years ago | (#25735407)

Actually, it is not regulated poorly. It is that the regulations are poorly enforced.

Re:About that asprin comment. (1)

maxume (22995) | about 6 years ago | (#25735709)

If it isn't possible to do a good job enforcing the regulations (which I believe to be true), then the distinction isn't worth much.

The #1 thing preventing the vast majority of adults from using powerful drugs is that they do not want to; in the face of that, I can't justify violent, expensive enforcement.

Re:About that asprin comment. (1)

DaveV1.0 (203135) | about 6 years ago | (#25736127)

I didn't say it was not possible to do a good job enforcing the regulations.
I said the regulation was poorly enforced.

Those are two very different things. The regulations could be well enforced, but it just isn't being done.

Re:About that asprin comment. (1)

maxume (22995) | about 6 years ago | (#25736369)

Please note that I *did* say that it is not possible to do a good job enforcing the regulations.

It is perfectly possible to disagree, as it isn't possible to prove either position.

Re:About that asprin comment. (1)

DaveV1.0 (203135) | about 6 years ago | (#25736157)

If it were legal to sell and consume powerful drugs, such as cocaine and heroine, that are currently illegal, then there would be advertising for the use of said drugs and more people would use them.

If you don't believe it, please look at the tobacco industry.

Re:About that asprin comment. (0)

Anonymous Coward | about 6 years ago | (#25735213)

See also alcohol.

Remember: aspirin, positive and negative side effects, good; alcohol, negative side effects, good; cigarettes, negative side effects, was good now bad; pot, positive side effects, bad; caffeine, negative side effects, good; opium, negative side effects, was good now bad; vitamin supplements, negative side effects, was good then bad then good then bad then worse then better currently meh.

Is that clear?

Re:About that asprin comment. (1)

stuckinarut (891702) | about 6 years ago | (#25735251)

Along the same lines if alcohol was discovered now it would be identified as the poison it actually is and be far more illegal than marijuana and a host of other drugs. Fortunately it's been around for such a long, long time (and is a bonanza for governments in tax) that thoughts of outlawing it rarely given much credence, US prohibition the most notable exception, and that was on moral grounds.

It is arguable.... (-1, Flamebait)

Anonymous Coward | about 6 years ago | (#25734919)

... that if water was not wet, government regulations would make it wet and corporate incompetence would make it more expensive than milk. ... that if George W. Bush was never born, that Arsenio Hall would have been our first black president. ... that if this shit was any more disingenuous, that slashdot's collective head would asplode from the irony.

True, true... (-1, Offtopic)

Anonymous Coward | about 6 years ago | (#25734925)

It is true that Asprin would not be approved by the FDA if it was discovered today. More people die every year from Asprin than did with Ephedrine, yet one baseball player dies from Ephedrine and it's pulled off of the market.

Scroogled (4, Interesting)

Brass Cannon (882254) | about 6 years ago | (#25735411)

There is actually a great short story about the idea of Google using its collected information for Homeland Security. The story is called "Scroogled". Good read. I'd link to it but I thought it more appropriate to have you Google the title.

Aspirin? Are you sure? (1, Offtopic)

Wannabe Code Monkey (638617) | about 6 years ago | (#25735415)

It has been suggested that if one was somehow able to change history so that aspirin had never been discovered until now, it would have died in the lab and stand no chance of FDA approval.

That's strange, because I remember doing a report (10 years ago maybe) on Aspirin in high school, and I distinctly remember reading in several books on the subject that if aspirin were discovered today, it would be hailed as an amazing wonder drug instead of its current image as a ho-hum headache remedy.

Re:Aspirin? Are you sure? (1)

swordgeek (112599) | about 6 years ago | (#25736051)

Well yes, but in fact both things can be true simultaneously.

Aspirin is pretty amazing stuff--painkiller, anti-inflammatory, blood thinner, fever reducer, stroke preventative, and more. The list goes on.

HOWEVER, it also can cause stomach bleeding and bleeding ulcers, tinnitus, Reyes syndrome, prolonged bleeding; and has a high number of interactions with other drugs. Oh, and overdoses (both acute and chronic) can be lethal.

I suspect it would be a prescription drug if it were introduced today. Then again, naproxen is an OTC drug in the US, so who knows?

I think the real key is to understand that medicine is effective because it affects the body--and that _can_ be dangerous. Aspirin isn't a panacea without consequences, because nothing is.

Re:Aspirin? Are you sure? (1)

Jansingal (1098809) | about 6 years ago | (#25737275)

nope. you can google the info and see it is so.,

by invitation only (1, Insightful)

Anonymous Coward | about 6 years ago | (#25735467)

the most obvious way I thought of Google as gathering data on your connections is that for Gmail they enforced a "by invitation only" registration system. Once you had been invited and signed for Google, one day, they gave you 5 or 10 or 50 invitations that you would *normally* send to your buddies so they can register too. Here's your perfect way to track who you know and who they know etc.
The point isn't to find your Bacon number, but to profile you even more accurately (birds of a feather, anyone?).

AC

Re:by invitation only (1)

Jansingal (1098809) | about 6 years ago | (#25737309)

it was that way for gmail... but for the last year or so, you know longer need an invite to get a gmail account. just go there and sign up.

What, me woried? (1)

kent_eh (543303) | about 6 years ago | (#25735505)

The book lists over 50 Google services and applications which collect personal information. From mail, alerts, blogging, news, desktop, images, maps, groups, video and more. People are placing a great deal of trust into Google as each time they use a Google service, they are trusting the organization to safeguard their personal information.

Oh, you mean they're agrigating my fake personal information. I don't care what they do with that.
I've never given out my real personal info to sign up for any online service, and I have no intention of starting now.

The only thing a search for my real name returns is an interview in a newspaper from a charity event several years ago.
And several other people who share my less-than-common name.

Re:What, me woried? (1)

Sfing_ter (99478) | about 6 years ago | (#25735695)

you would be VERY surprised to find out just how many people put their very real info in EVERYWHERE and how many use their bank pin number as their password... everwhere... the mind wobbles.

Re:What, me woried? (1)

kent_eh (543303) | about 6 years ago | (#25736077)

Surprised? Not really. I've seen it.
Knowing that criminals always go for the easy targets first, due to their inherent laziness does make me sleep better.

Google is Evil (0)

Anonymous Coward | about 6 years ago | (#25735629)

The lack of respect for the personal privacy of individuals displayed by Google is jaw dropping.

It is amazing that we have reached a point where a company can get away with the type of stuff Google gets away with.

well.... (0)

Sfing_ter (99478) | about 6 years ago | (#25735665)

it is one thing to be forced into submitting your personal info for purposes of data aquisition and quite another for you to do it because you want the entire world to know just how important it is that YOU CAN HAS CHEESEBURGER! Sigh...

Public Records (1)

Drum_Addict (1405837) | about 6 years ago | (#25735739)

I was on jury duty recently, and in some recorded testimony they had the person give their full name, SSN, etc. This testimony is then transcribed to text. I couldn't help wondering if these documents ever go public, and if search engines like Google would get access to them.

Your choice (2, Interesting)

gmuslera (3436) | about 6 years ago | (#25735741)

3 main ways to google to get info about you:
- You publish that information in your site (i.e. you give it to everyone, google included)
- You give that information to google (i.e. you store your mail/documents/etc in google, or interact with your google account with google sites, like in maps, search history, etc)
- You interact with google sites not with your account, but interact anyways. That could include google ads, or the search engine itself (even if is embedded in your browser), or visiting sites using google analytics.

In the first two is your choice to give them your information. And if the last one worries you, using alternative search engines or using extensions like NoScript will solve that problem.

The problem with google is that give you too much ways, most of them very handy, to store your information, and is in very good positions to combine all that sources. You can pick all yahoo services and be in more or less the same situation, but in yahoo. Or in lesser degree, can fall in the same with Microsoft, Facebook, your mail provider, etc(even slashdot could fit in that category eventually)

Flu (1)

gmuslera (3436) | about 6 years ago | (#25736309)

Related to this, recently was announced Google's FluTrends [google.org] that tracks flu outbreaks correlating it with where people is googling for flu symtoms/treatments/etc.

Is not a big privacy problem per se, not more than a census, but could be the start of a trend. Would hate to read it as "If you have no privacy, we can help you"

Fixed. (0)

Anonymous Coward | about 6 years ago | (#25737059)

As to the underlying question, "how much does Google care about you?", the answer is that it is an infinitesimal amount.

What did Google know and when did Google know it! (1)

tw3k (956612) | about 6 years ago | (#25737229)

What did Google know and when did Google know it!

search engine optimization (1)

mattdm (1931) | about 6 years ago | (#25737301)

Tip #1: Get your blog linked to in a story at Slashdot....

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?