Privacy Group Gives Google Lowest Possible Grade

The Washington Post is reporting on a finding by London-based group Privacy International. In a new report, they find that Google has some of the worst privacy-protection practices anywhere on the web, giving them the lowest possible grade. "While a number of other Internet companies have troubling policies, none comes as close to Google to 'achieving status as an endemic threat to privacy,' Privacy International said in an explanation of its findings. In a statement from one of its lawyers, Google said it aggressively protects its users' privacy and stands behind its track record. In its most conspicuous defense of user privacy, Google last year successfully fought a U.S. Justice Department subpoena demanding to review millions of search requests."

The Future of Google: Total Surveillance

[skrew]

The problem is they keep all your search results, with tracking cookie. Google is in bed with the CIA: http://www.disgrunt.com/blog/2006/10/27/former-int elligence-agent-says-google-in-bed-with-cia/ [disgrunt.com] Have any of you guys seen the new gmail? I won't use it...it has a built in calendar, word processor, and of course, permanent email storage, converge this with permanent tracking cookies, logs of all search requests from your IP, and of course google earth/maps (will go live eventually as the technology changes) and you have the recipie for total uncontrolled surveillance.

Toppling the Top Guy

[16K Ram Pack]

This is a classic trick of anti-capitalist lefties (and looking at who is on their committees, there's a whole bunch of them).

Look at how much scorn is pushed onto Starbucks, despite being quite decent to their suppliers, staff and the environment. If they were the 2nd biggest coffee shop chain in the world, the scorn would not exist.

So, Google, despite behaving a great deal better than Yahoo over privacy get nobbled.

You can't

[brunes69]

You have two choices. in one corner, you have a nice, stable, secure ASP that hosts your email / calender/ etc. They have redundant filesystems and/or make regular backups.

Your other choice is being able to delete your profile with a click.

People who think that the idea of being able to delete your profile is in any way simple or trivial are deluding themselves. Google themselves have said that because of the way GFS works they can *NEVER* know when a piece of data flagged for deletion is actually no longer recoverable. That fault tolerance and redundancy is built into the design.

It is the same thing at Yahoo and MSN. All these guys have redundant systems with backups. It would take days worth of man hours to delete a persons profile. Hard thing to demand from a free service.

If you don't want Google holding your data, no one is putting a bullet to your head. You don't need to have cookies enabled or anything else to use their search engine. Frankly I trust them with my email more than my ISP.

Abuse of "anonymity"

[Christoph]

I have been sued for defamation by a Russian businessman after I wrote a webpage that criticized him. One of my witnesses claimed the Russian threatened his life. A commment was later posted on my website using an anonymizing web proxy saying the businessman was in the Russian Mafia, and implying if I win in court I might loose my life.

I issued a federal subpoena for an IP trace to find out who made this threat. It went to Affinity Internet, who is the ISP for Unipeak, an anonymizing web proxy. I later learned Unipeak was the source of the comment threatening me, but Unipeak didn't have any valid contact information and their website says they keep no traffic logs.

Further research showed the Russian, Andrew Vilenchik, was a user of Unipeak. See Vilenchik's anonymous comments. [cgstock.com]

My local police are now involved, my neighbors keep an eye on my house, and my wife and extended family are very upset about this threat, which we take seriously.

Whoo hoo! Hooray for anonymity! By all means, terrorize, threaten, steal, and engage in represehsible and illegal conduct with anonymity and impunity. I choose not to lie, cheat, or steal, but I tell the truth without anonymity and I face any consequences. By comparison, every criminal and scumbag wants anonymity.

A full description of the Lawsuit is online [cgstock.com]

Re:Amusing...

[HomelessInLaJolla]

Open source, as a concept, cannot be too big. I really feel that it's the best way to go when keep considerations such as IP, privacy, security, and flexibility in mind over the long term. One particular operating system, eg. GNU/Linux, could become too popular for itself in that exploits and political strife will outpace the benefits of greater adoption. I think it already has. Every problem which can come of a large interconnected operating system has already been encountered by Microsoft and the GNU/Linux community is rushing headlong to meet them again except, this time, they'll have an open source flavor. Time to move on to GNU/Hurd, or AROS, or something like DynatOS.

From the parent post:

It's amusing how people root for the underdog but start to turn against it once it gets too big

Hyping the underdog, milking it for profit, and then kicking it back into the dust is a game that's at least ten thousand years old. It's also a great source of entertainment.

Re:Links for nerds on stories that matter

[nephyo]

Two European journalists have independently told us that Google representatives have contacted them with the claim that "Privacy International has a conflict of interest regarding Microsoft".

I would be interested in knowing exactly what the "conflict of interest" they are alleging is and some more conclusive evidence that Google is even really behind the accusation. This is far too little information for us to conclude that a smear campaign is actually happening. If any one has any more neutral information on this, please share it!

Re:The Future of Google: Total Surveillance

[Anonymous Coward]

Surveillance themes on TV and film seem to suggest a future of total surveillance. The movie "Happy Feet" implied that wearing a tracking device will save you from starvation. TV show "Big Brother" combines voyeurism with surveillance to break down the previous bad concept of big brother watching your every move. Even something seemingly benign as "American's Funniest Home Videos" encourages you to send in your own videos and sit around laughing and looking at each other. You can see where this is all leading. We have legal protections in a brick and morter world. What do we have in a digital world?

Re:Links for nerds on stories that matter

[Anonymous Brave Guy]

Is this the anonymous member cited in the open letter from Privacy International?

Re:You can't

[Anonymous Brave Guy]

People who think that the idea of being able to delete your profile is in any way simple or trivial are deluding themselves. Google themselves have said that because of the way GFS works they can *NEVER* know when a piece of data flagged for deletion is actually no longer recoverable. That fault tolerance and redundancy is built into the design.

As others have said, a file system and back-up protocols where you can't readily identify the location of a specific piece of data given its "key" doesn't sound very fault-tolerant to me. We only run a relatively small network, but you can bet that if anything went wrong, we could walk into the server room and pick up the appropriate back-up tapes and/or call the off-site data archive service we use and get every copy they have within a couple of hours. I fail to see why any of the principles involved don't scale arbitrarily, and since Google's whole business model revolves around this stuff, I'm betting they've spent more time thinking about it and have more resources available relative to their network size than we do.

Tell me, if someone like a three letter agency came along with a court order saying that Google must delete all traces of certain information that had inadvertently been stored on its systems but that violated national security, do you think they would

1. reformat their entire file system and burn all the back-ups because they couldn't tell where it was,
2. refuse to do this and watch their executives get crucified in court, or
3. identify the relevant information and get rid of it, keeping sufficient records to demonstrate to the court that this had been done with due diligence?

Re:Links for nerds on stories that matter

[The Famous Brett Wat]

Google does not consider IP address as personal information.

And yet Gmail is the only public webmail service I know that does not include the IP address of the browser (HTTP client) in the mail header fields.

Re:Abuse of "anonymity"

[Christoph]

After publishing the article, people came forward and told me of other publications where Vilenchik was using my photo. They gave me evidence that a sales agreement he produced in his lawsuit against me was fraudulent.

These people came forward because the article was published on my own website, which comes up high in search results, and I could not post the article there anonymously (without being discovered). The witnesses needed to have a way to reach me, and needed to know I was the photographer in question.

I agree that standing up for yourself can lead to "a lot of trouble". I'm figting in federal court to protect my right to speak the truth publicly. Maybe my problem is I have the guts to stick up for my constitutional rights instead of hiding behind anonymity.

Re:Links for nerds on stories that matter

[datavortex]

You're absolutely correct and that's merely one example of the drastically uneven hand used in this study. The criteria being applied to judge Google in this study can clearly be seen as different criteria than used on others, by any objective observer. This report amounts to little more than a sloppy attempt at character assassination, as far I can see.

Re:You can't

[xaxa]

"If the space the file occupied has been since overwritten, it is not possible to retrieve the data, unless I am mistaken."

It is, but it's a lot more difficult. As I understand it, the magnetised area of the disc spreads slightly into the space between tracks. A later write doesn't completely cover this spread out area. You can't recover what was written using the drive electronics, but with very expensive equipment you can analyse the spaces between the tracks.

0 on the disc isn't exactly zero, it's mostly-zero, just like +0V on your CPU might be +0.03V in reality. That might be enough of an analogy to figure out what I mean, I can't really explain any better.

Re:Links for nerds on stories that matter

[The Famous Brett Wat]

My point was that they don't reveal your IP address to third parties. There seems to be a bit of clouded thinking on this issue. Privacy is not about how much the company knows, but how much it keeps secret. I share information with Google, and they promise to keep it a secret. So long as they do that, they have upheld their end of the bargain. I'm in control of how much information I decide to give to Google, but I have to trust them not to share it with others. Most webmail services reveal the HTTP client IP to the recipient as a matter of course, using either a "Received:" trace field or the informal "X-Originating-IP:". Google keeps this a secret. They seem to understand the concept of nondisclosure quite well, and have more respect for privacy than I've seen in any other company of its type.

Easy to say if your privacy hasn't been violated

[p3d0]

I'm not sure I want to live in a world where the penalty for leaving any window partly uncovered or any door ajar would be for photos or videos of my family inside my own home to be published on the internet by some creep with a telephoto lens.

There definitely is a line where there should be no expectation of privacy. At one end of the spectrum, some people think that any photon that leaves my home is public property. At the other end, some people think that one's home should be completely private. I'm somewhere in between, though I admit I haven't yet figured out exactly where.