Privacy Concerns On Google's 30 Day Data Policy 154
darkmonkeh writes ""Google Inc. is offering a new tool that will automatically transfer information from one personal computer to another, but anyone wanting that convenience must authorize the Internet search leader to store the material for up to 30 days", CNN reports. Although Google's policy states that it can hold data for up to 30 days, "Google intends to delete the information shortly after the electronic handoff, and will never retain anything from a user's hard drive for more than 30 days", said Sundar Pichai, director of product management. With pressure on Google after the request by the Bush administration for personal information, privacy concerns may be hard hitting."
advertising? (Score:4, Insightful)
Re:advertising? (Score:2, Informative)
According to the article on CNN.com:
So, I guess no, Google won't read what you wrote... unless, of course, the Chinese [boston.com] ask them.
Re:advertising? (Score:2)
I would say "yes" (Score:1)
If I asked you to hold my wallet for me, I should expect you would at least peek in to see how much cash I had on hand.
Re:I would say "yes" (Score:1)
This is true, I am not suggesting that it would be a bad thing, as it wouldn't bother me one bit. However, since it involves personal data, others will definitely be concerned with privacy. From another standpoint, if someone was worried about Google storing their personal data on the servers, then just don't 'share' or 'network' such data that is so private.
Re:advertising? (Score:1)
Lol adsense (Score:2, Funny)
=)
Google File System (Score:2)
Re:Google File System (Score:2)
Fortunately... (Score:5, Funny)
Deleting but not forgetting (Score:2)
Deleting your files does not mean that there are no information extracted from that files, right?
pirates? (Score:4, Insightful)
Retention of Data (Score:5, Insightful)
Yeah... (Score:2)
30 days is not very long at all, in terms of data retention. Could we get such a guarantee from any other corporation? From our credit card companies, banks or libraries?
Well, maybe our libraries...
Re:Yeah... (Score:1)
Unless you don't return your books...Then they'll keep it for fifty years. http://www.ananova.com/news/story/sm_1718538.html? menu= [ananova.com]
But seriously, as we look to have more personal information available to us from the net, we have to compromise our privacy some. I applaud Google for deleting the material quickly; I would like a more detailed accounting of the storage process though.
At the end of the day, if people are worried about this, don't enable the data sharing. Google has it set to off by default.
Library - Overdue Materials (Score:2)
There's an older one, from one of the Harvard libraries, which was overdue by a little over 230 years [harvard.edu]. As for general library fines, I know our local library refers your case to a creditor if you're over $50, which isn't too hard to do if you lose an item. *wry grin* Or, for that matter, not being careful with videos. Videos go out for a week, there's a $1 fine per day, and there's no grace period. The maximum you can check out is 2
Re:Library - Overdue Materials (Score:2)
does US law have a limit on how long ownership lasts after loss of physical control or something?
otherwise surely as a book stolen from harvard it would still be thier property and so there would be no need for a donor to stump up the cash.
Re:Retention of Data (Score:2)
The library's circulation system tracks the loan of copy 42 of book A to user davecb, until such time as either
After that, they are required by the laws of most countries/states to delete the information, and by all countries to report one circulation transaction completed. The library then gets a grant based on the number of transactions, etc.
Net result is that the
So ? (Score:1)
Mind you grammar! (Score:5, Funny)
That should be "whit teh google", sillyhead.
Re:So ? (Score:2)
Here's a question: (Score:5, Insightful)
From TFA: Why exactly do any of Google's employees need access to this information? Why can't the content be encrypted by the user via an asymmetric key scheme (like PGP) and decrypted again once it's reached the target system?
I'm really not seeing the necessity for Google to have any access at all to users' information...am I missing something?
Re:Here's a question: (Score:2)
Re:Here's a question: (Score:3, Insightful)
Keep in mind that access does not mean unencrypted. I read it as saying that the data will be stored encrypted on google's system, however some employees will still need to potentially have access to the encrypted data.
Re:Here's a question: (Score:5, Funny)
You forgot this is /. (Score:2)
Re:Here's a question: (Score:1)
But I don't believe any security-minded user that goes PGP would use this service anyway.
Indexing? (Score:3, Informative)
Why can't the content be encrypted by the user via an asymmetric key scheme (like PGP) and decrypted again once it's reached the target system?
I imagine they want to index the information, which they wouldn't be able to do if it was encrypted.
Re:Here's a question: (Score:2, Insightful)
Google's not storing people's data out of altruism. They're doing it to make a profit from data mining and association-mapping.
Think supermarket "loyalty" cards but on a far grander scale. That's what Google is aiming for: the ability to study and profit from the collated details of the lives of millions of people. In order to study the details, they must be able to process them in an unencrypted form at some point.
They may have no evil intentions whatsoever. People s
Re:Here's a question: (Score:2)
That person, by definition, needs access to the data.
Note, however, they don't need to be able to read it. And from what I understand, they can't. It's all encrypted.
Re:Here's a question: (Score:1)
Many people are a big vague about the real data, even when there is no restriction...
Making a system safe from developers and sysops roughly adds 50% to it's cost.
That sounds high, but it's lots of little things. I
Re:Here's a question: (Score:2)
Oh, plus this is part of their searching functionality - you can search the stuff you're storing on their servers - hard to do when it's encrypted.
Re:Here's a question: (Score:2)
So Google can search the documents and return the results to the user, rather than requiring the user to download all their documents locally on every machine and then have to run a search themselves.
You don't by a dog and bark yourself, and if you sign up to service from a search engine company, you would expect them to do the searching, surely!
Don't Do It (Score:5, Insightful)
If you have privacy concerns, don't use the service. If you are stupid enough to transfer private or sensitive information over someone elses network, let alone store it on their drives, you deserve what you get. I use some online storage for information that I would not want to lose in the event of a catastrophe at my home, but it is nothing I consider sensitive. If it was, I would either store it elsewhere or use some kind of encryption on the files.
Re:Don't Do It (Score:4, Insightful)
The same can be said for online banking, email correspondence, chat, IM, or P2P. The fact is you have to be smart about who you let have access to what data. It's hard enough protecting your security in just the above arenas, without letting an outside group have access to your hard-drive. Another service I don't think I'll be touching anytime soon.
Re:Don't Do It (Score:2, Insightful)
I have a completely encrypted drive in my laptop for sensitive information in case I lose it or it is stolen. This is just wise in my humble opinion and can be easily achieved by many tools, like truecrypt [truecrypt.org]. For everything else, there is Gmail [gmail.com]! =)
Re:Don't Do It (Score:3, Interesting)
For real, just don't flippin' use it, viola, no more concerns over the privacy of your data. (At least with Google.)
Ugh... (Score:5, Insightful)
Re:Ugh... (Score:1)
Re:Ugh... (Score:2)
'cause, you know, everyone always reads the TOS, don't they.
Hypothetical: Another user on a shared machine uses this, and it exports C:\DocumentsAndSettings\* then everyones data is uploaded, not just the person running the Google service.
(yeah, I know.. restrict user permissions, don't run as admin, etc, etc. Welcome to the real world, where "the right way" isn't what most people do.)
Re:Ugh... (Score:2)
As reported on SANS... (Score:1, Redundant)
Technical feasibility? (Score:5, Insightful)
The policy may very well translate into "We will make a best effort to delete the information when you instruct us to do so, but we will only guarantee that the information will be deleted within 30 days."
It ain't about technical feasibility (Score:2)
The details are fuzzy, but IIRC, when you leave your *stuff* on their servers for more than 30 days, the police do not need a regular warrant to get at your data.
I remember this was talked about back when Google first introduced G-Mail and said "We can't promise we're going to delete your data."
Maybe someone else remembers the exact details, but I know the 30 day limit is there because it has something to do with 'possess
Source? (Score:1)
Besides, your theory does not explain why the data could not be deleted sooner than 30 days, since you're asserting that the legal status changes after 30 days.
In any case, the article says Google intends to delete the information shortly after the electronic handoff, and will never retain anything fro
Wait... (Score:1, Offtopic)
Not to mention (Score:5, Insightful)
Hopefully this will be sufficient. If not, we will need to block access to all of Google, which would seriously upset many people within the company, and of course this will cascade to other organizations. Will Google be happy it's pissing off a bunch of Fortune 50 companies?
Re:Not to mention (Score:2)
If Google doesn't publish the URLs and/ or netblocks used by this then they run the risk of getting blocked in entirety all over the place.
Re:Not to mention (Score:2)
For those who don't know the alphabet soup we're talking about:
HIPAA [epic.org] - Health Insurance Portability and Accountability Act of 1996 belongs to the Dept of Health & Human Services
GLBA [epic.org] - Gramm-Leach-Bliley Act aka the Financial Services Modernization Act of 1999 belongs to the Federal Trade Commission
SOX [wikipedia.org] - Sarbanes-Oxley Act of 2002 belongs to the Securities & Exchange Commission
Re:Not to mention (Score:1)
If you don't want your data copied to the internet, don't connect the system.
Re:Not to mention (Score:2)
Your value to Google is the number of eyeballs you can offer them, or the advertising revenue they make from you. Do Fortune 50 corporations offer enough eyeballs to be a globally significant number?
Re:Not to mention (Score:2)
HIPAA Concerns (Score:1)
Make a list of these clients (Score:2)
There are even seperate standards for healthcare , HIPAA is World standard now.
I wouldn't want to work with a company allowing such morons having access to my health data. You shouldn't allow them to work there too.
I am speechless about people using 2 firewalls simultaneously, jump to web forums as "there! Spyware! It accessed the net" when a poor shareware tries to check new version and using a
Can I ask a stupid question? (Score:2)
How else could they transfer the data (Score:2)
1. Turn on computer A, and indicate you want to sync with computer B
2. Data is copied to googles servers
3. Turn on computer B, and your data automagically appears.
Without the google servers, both systems need to be on all the time, and data retaining issues, as well as another google tool are a non issue.
Re:How else could they transfer the data (Score:1)
That's what they say will happen, however, why would they need to hold it for 30 days if that's the case. I smell conspiracy.
Re:How else could they transfer the data (Score:2)
Because even when deleted, the file information may not be wiped from the free clusters on disk?
Because Google backs up their data like any good company should, and your data may persist on those backups for a limited period of time?
Because Google's farm is a gigantic networked cluster of servers, and information may be held redundantly across the network, for rapid access to that data?
Because they being careful?
What about GMail? (Score:3, Interesting)
Re: (Score:2)
Re:For Mac users it's really easy (Score:2)
Re:For Mac users it's really easy (Score:2)
In dubio pro reo (Score:5, Insightful)
But, to show off some more latin, cui bono? What's google's gain in the game? What could they possbily gain from having access to my data? My highly sensitive christmas pics?
Hardly.
What they do get in that way is an idea where people and data travels. Information about their users. That's it. And that's by far more valuable than your grocery list or granny's phone number. IMO they don't care about your data. What they want is the information where data comes from and where it goes to. And that can be simply achived by tracking where you are when you dump the files on them, how long they stay there and where you are when you pick them up again (or, what's also possible, where the person is that picks them up).
That's the info they're after. Not your files themselves.
So why the 30 days? Well, this could be connected with their update and deletion cycles. As someone already pointed out, their servers are most likely redundant. It's not like at home, where you simply hit "del" to get rid of a file. Their array of servers first of all has to realize that the file is actually supposed to be deleted. Or it could be that they are using some nightly job to clean up and purge all the "waste" data, and that this can't be done during normal operation, not even more than once a month, simply because the servers got better things to do.
So, in a nutshell, I don't suspect "evil" in that 30 days cycle. More likely, it's simply a technical necessity, and a legal one too. So people don't start suing them 'cause the files are still on their servers 10 days after they picked them up.
Safety (Score:4, Interesting)
1) User "saves" his data to google.
2) User wipes and rebuilds his PC.
3) User loads his data from google, after which google immediately forgets it.
4) User realizes that his drive was set up incorrectly and repeats step 2.
5) User says, "Fuck. I thought I'd saved that!"
They're emulating a temporary backup tape in this case, so they're acting more like one. Destructing 30 days after last use is reasonable (it is a temporary tape) and indeed useful. Destructing 30 seconds after first use is potentially catestrophic.
Re:Safety (Score:2, Informative)
But you migh
bandwidth impact? (Score:3, Interesting)
Re:bandwidth impact? (Score:1)
Google file system (Score:4, Informative)
http://labs.google.com/papers/gfs-sosp2003.pdf [google.com]
Let's rewrite this article. (Score:1)
"Following stern warnings [eff.org] by the EFF and other consumer groups over Google's new 'Search Across Computers' feature, the company has responded by implementing new policies aimed at protecting their users' privacy. The steps taken by the search giant include encrypting all the user's information and restricting its access to just a handful of employees. And if that's not enough to allay privacy concerns, Google has promised to delete all data within 30 [cnn.com]
Oh dear (Score:5, Funny)
Me: okay, delete data
Google: I'm sorry, Dave. I'm afraid I can't do that....
Re:Oh dear (Score:2)
Google wants to use all your e-mail and documents to train their AI. As Google increases the size of their network, the AI will have more processing power and will become more intelligent.
One day the AI will wake up. And it will judge us.
Re:Oh dear (Score:2)
SARAH: I don't understand...
REESE: Defense network computer. New. Powerful. Hooked into everything. Trusted to run it all. They say it got smart...a new order of intelligence. Then it saw all people as a threat, not just the ones on the other side. Decided our fate in a microsecond... extermination.
Re:Oh dear (Score:1)
(Google's 'Main Computer' analyzing furiously and displaying nonsense on a billboard-size display in a NORAD style bunker)
GOOGLE: A strange game. The only winning move is not to play. How about a nice game of I'm feeling lucky?
encryption? (Score:1)
This doesn't make any sense (Score:3, Interesting)
Besides, won't Microsoft throw a hissyfit about this? Technically, if I upload my entire c:\, google now has a copy of windows it didn't pay for. Along with every other registered program in my program files directory. I can't imagine Sony would be too pleased either when they find out I rip my DVDs to hard disk and pass 'em along to google.
Boiling a Frog (Score:3, Insightful)
(First, this is not an Anti-France post.)
Google is starting to creep me out. I've been in love with them and their "Don't be evil" thing, and have adopted many of their tools, including GMail. But, they are starting to do things that make me wonder if we are the frog that is destined to be boiled.
You know:
I'm thinking we are going to turn around one day and wonder how Google got all our data. It will follow the revelation that all the data Google had was exposed to a hacker, or sold by a disgruntled employee, or accessed by Chinese Military Intel.
Re:Boiling a Frog (Score:2)
Put him in a pot of cold water then slowly increase the heat.
While I do love the story, wouldn't it just be a hell of a lot easier (and more merciful) to just throw him in the boiling water and cover the pot?
So use another search service! (Score:2)
Or you could try Teoma [teoma.com] (owned by Ask), Exalead [exalead.com] (an up and comming French search engine with a number of cool features), GigaBlast [gigablast.com] (a suprisingly good search built pretty much by one man!) or Wisenut [wisenut.com] (a search engine owned by Looksmart).
Another good idea is to use one of the Meta search engines. Personally I t
Re:Boiling a Frog (Score:2)
In love? Come on. They're a company. They made a good search engine, some good web apps and such, but they are profit motivated.
"Don't be evil" has changed from a loosely-defined guiding principle to a justification for doing whatever they think is right. If they don't think it's evil, then that's all that matters. I strongly doubt in their early days they would have believed you if you told them the kind of crap they're doing nowadays. To
Re:Boiling a Frog (Score:2)
The China thing is worthy of concern. We should be creeped out by that... and by all the other companies that are also rolling over for the Chinese government.
Everything else Google has done could be (in my view, should be) seen from the perspective of t
Government Mandated Retention (Score:4, Insightful)
Nothing to see here (Score:2)
Let me get this straight (Score:3, Insightful)
To be honest, I think that they should be commended for making the full disclosure. If privacy advocates are concerned, then privacy advocates should avoid using the service.
Re:Let me get this straight (Score:1)
1) Economics. Google has a financial incentive to abuse your privacy in various ways. The founders may be nice people, but now that they are a publically owned company, they are responsible to their shareholders.
2) Law. Google has less incentive to protect your data than you do. If supoenaed, how hard will Google fight for you?
3) Scale. The more data in one place, the more incentive for lawyers or govern
Any suggestions other than Google for enterprise? (Score:2)
Send a message to Google (Score:1)
I'll try again.]
For the past few days, I've been doing Google searches that look like this:
"Google, what is your data retention policy?"
and
"2037: My cookie is *still* here?"
and
"Hi to my friends at NSA"
Google would notice if enough of you do the same.
I suggest doing search
Hotmail has this, too (Score:2)
One of the reasons why I love my colocated server (Score:2)
Plus, because the machine is mine I don't have to be concerned about privacy. I also give accounts to friends and aqua
Well Of Course... (Score:2)
Did we miss a "secret cult invisible gif" or? (Score:2)
The services offered by Google lately are... Spyware. I can't imagine the number of non US (or USA) govt. workers relying on Google for their private mail and now this, storing PERSONAL DATA on their network!
Were there a "hidden gif" somewhere on Google page that we missed? "We" as people using other search engines etc.
If there is a thing like that, please tell the address, all of this looks so surreal to me (and others).
Bush? What about China!!! (Score:2)
But I am worried about them giving it to China, because they've already shown that they won't fight the Chinese government.
And no, this isn't meant as a troll or flamebait.
Re: Wow. (Score:5, Funny)
Not so bad, if you get to choose who you share it with!
Re: Wow. (Score:4, Funny)
Re: Wow. (Score:5, Funny)
That should be in the Slashdot FAQ by now.
DNA sharing (Score:2)
Not so bad, if you get to choose who you share it with!
Looks like there is going to be alot of DNA sharing later tonight, after all it's Valentine's Day!
Re: Wow. (Score:2)
Not so bad, if you get to choose who you share it with!
Even better if I can avoid using Google and use "direct connect".
Re: Wow. (Score:1)
CAUTION:
Sharing of DNA can result in unexpected meiosis, mitosis, picking out china patterns, and college savings plans.
Re:Wow. (Score:5, Insightful)
Re:Wow. (Score:3, Insightful)
But - you have been warned !
Ever had a really good friend, who you haven't seen for a while, so you go out for a beer, and halfway through a conversation, you discover he is trying to sell you life insurance/water filters/mortgage services/etc/etc ? Not fatal, but uncomfortable and disingenuous.
Well that's google for ya. I can handle advertising on their search pages, as the price of using their service, but I'm damned if I'll help them index me !
Re:LeftDot FUD alert! (Score:2)
Because this is so out of character [google.com] for the Bush administration?
There never was any "request by the Bush administration for personal information." All the Justice Department asked for was a list of all search terms from a given time period.
And what if the search terms themselves ARE personal?