Privacy Group Gives Google Lowest Possible Grade

The Washington Post is reporting on a finding by London-based group Privacy International. In a new report, they find that Google has some of the worst privacy-protection practices anywhere on the web, giving them the lowest possible grade. "While a number of other Internet companies have troubling policies, none comes as close to Google to 'achieving status as an endemic threat to privacy,' Privacy International said in an explanation of its findings. In a statement from one of its lawyers, Google said it aggressively protects its users' privacy and stands behind its track record. In its most conspicuous defense of user privacy, Google last year successfully fought a U.S. Justice Department subpoena demanding to review millions of search requests."

Links for nerds on stories that matter

[echucker]

The Privacy International article - The Privacy International article [privacyinternational.org]

Their report (interim rankings only) [privacyinternational.org]

Final rankings won't be available until September. Wonder what they'll be dicking around for three months for....

Re:

[Anonymous Coward]

Gives time for sensationalism without facts. After three months, they'll show their information and everybody will have forgotten about it, not caring enough to discover their faulty reasoning.

Re:Links for nerds on stories that matter

[Macthorpe]

Google seem to be taking it seriously enough to accuse Privacy International of being in bed with Microsoft, which is a laughable accusation.

Privacy International responded via an open letter here. [privacyinternational.org]

Re:Links for nerds on stories that matter

[whoever57]

Google seem to be taking it seriously enough to accuse Privacy International of being in bed with Microsoft, which is a laughable accusation.

Well.... if anyone would have the information to prove this link, Google would! But what does that say about Google's privacy practices?

Re:Links for nerds on stories that matter

[fuego451]

Well, there is one, albeit small, link to Microsoft. From the "About Privacy International" page, UK advisory board:

Caspar Bowde ~ Privacy specialist, Microsoft, EMEA UK

Re:

[Anonymous Brave Guy]

Is this the anonymous member cited in the open letter from Privacy International?

Re:

[nephyo]

Two European journalists have independently told us that Google representatives have contacted them with the claim that "Privacy International has a conflict of interest regarding Microsoft".

I would be interested in knowing exactly what the "conflict of interest" they are alleging is and some more conclusive evidence that Google is even really behind the accusation. This is far too little information for us to conclude that a smear campaign is actually happening. If any one has any more neutral informati

Re:Links for nerds on stories that matter

[Anonymous Coward]

according to a watchdog group seeking to intensify the recent focus on how the online search leader handles personal information about its users.

Seems to me that the goal of the study was to make a single company look bad and not to scientifically evaluate the privacy and then interpret the results.

Re:Links for nerds on stories that matter

[Bender0x7D1]

Actually, if you look at the preliminary report, they seem to have done a pretty good job. For example, Google does not consider IP address as personal information. This is OK if you are conneccting from a local coffee shop, but sucks if you have a static IP, or even do DHCP over a small range of addresses. It also points out that they don't always consider privacy implications before releasing information such as Street-level view. With the amount of data that Google gathers, analyzes, utilizes and releases (both publicly and its corporate partners), these kind of actions are a bit disturbing.

I'm not trying to say this report is perfect, or that there is enough information provided to evaluate it independently. However, seeing a conspiracy targeted at Google because a group got upset about some of their practices, and decided to do a study (which included a lot more companies than just Google), is a bit premature.

Re:

[Frosty Piss]

This is OK if you are conneccting from a local coffee shop, but sucks if you have a static IP, or even do DHCP over a small range of addresses.

Indeed. And when even with DHCP, a legal request to you ISP will revieal who you are. And, for many DSL / broadband customers with non-static, their IP simply doesn't change that much, so your surfing habits can defiantly be tracked. I would be surprised if Google didn't take "advantage" of this fact.

Re:

[Anonymous Coward]

It also points out that they don't always consider privacy implications

If it's visible from the street, you have no expectation of privacy. There are no implications. End of story.

Re:Links for nerds on stories that matter

[The Famous Brett Wat]

Google does not consider IP address as personal information.

And yet Gmail is the only public webmail service I know that does not include the IP address of the browser (HTTP client) in the mail header fields.

Re:

[antikronos]

Wake up. GMail is the worst of all services they offer. Google has admitted already (you should read their privacy policy) that Google scans and stores all your (g)email. They don't need an ip-address because you log on, which is more accurate then your ip. Google is able to connect the (eternal)-cookie to your ip to your Google account to your bank/paypal account. From the moment you create a Google account the certainty of previous identity guesses, such as ip cookie and user-agent increases tremendously

Re:Links for nerds on stories that matter

[The Famous Brett Wat]

My point was that they don't reveal your IP address to third parties. There seems to be a bit of clouded thinking on this issue. Privacy is not about how much the company knows, but how much it keeps secret. I share information with Google, and they promise to keep it a secret. So long as they do that, they have upheld their end of the bargain. I'm in control of how much information I decide to give to Google, but I have to trust them not to share it with others. Most webmail services reveal the HTTP client IP to the recipient as a matter of course, using either a "Received:" trace field or the informal "X-Originating-IP:". Google keeps this a secret. They seem to understand the concept of nondisclosure quite well, and have more respect for privacy than I've seen in any other company of its type.

Re:

[r3m0t]

"They seem to understand the concept of nondisclosure quite well, and have more respect for privacy than I've seen in any other company of its type."

Especially when they release photos of people standing outside strip clubs!

Re:

[Flamsmark]

Anything that can be seen in a public place is not private. Period. Anyone can go out into the street, take whatever photos they want, and publish them however they please. When in a public place, one should have no expectation of privacy.

Re:

[Kijori]

If you look through the results it certainly seems like this to me. Try, for example, comparing Google's record with Friendster's (immediately above in their table). From the data they have gathered I would put the two companies on a par concerning their privacy issues, but Google is put at the very bottom while Friendster scores normally. Perhaps I'm being overly cautious but this doesn't feel like a balanced study.

Re:

[wakim1618]

Their 'about us' on their website is also interesting http://www.privacyinternational.org/article.shtml? cmd%5B347%5D=x-347-65428 [privacyinternational.org]. It is full of statements relating to diversity of various sorts such as the international diversity of board members, the professional diversity of members, diversity of funding sources.... yet almost nothing about competence or credentials with respect to technology or the internet. In fact, their list of expert members http://www.privacyinternational.org/article.shtml? cmd%5B [privacyinternational.org]

A suggestion...

[313373_bot]

Google last year successfully fought a U.S. Justice Department subpoena demanding to review millions of search requests.

Very nice, but how long until either Google loses some legal fight, or it simply decides not to fight?

One solution to the privacy problem, in my oppinion, would be granting users, besides the ability of not surrendering more information than necessary for a given transaction, some effective way of deleting their personal data once done with Google, Yahoo, Amazon or whoever else.

The Future of Google: Total Surveillance

[skrew]

The problem is they keep all your search results, with tracking cookie. Google is in bed with the CIA: http://www.disgrunt.com/blog/2006/10/27/former-int elligence-agent-says-google-in-bed-with-cia/ [disgrunt.com] Have any of you guys seen the new gmail? I won't use it...it has a built in calendar, word processor, and of course, permanent email storage, converge this with permanent tracking cookies, logs of all search requests from your IP, and of course google earth/maps (will go live eventually as the technology changes) and you have the recipie for total uncontrolled surveillance.

Re:The Future of Google: Total Surveillance

[Deekin_Scalesinger]

Why mod this down? I rarely put on the tinfoil hat, but they can have an awful lot of data for people who choose to use many/all of their services. It is an aggregate of many people's lives. Not saying that they are doing it, but the guy deserves more than a -1 for his thoughts.

Re:

[ozmanjusri]

Yes, the look on Bush's face when told "America is under attack" was the look of someone who had planned the whole damn thing.

Hey, the guy was surprised.

You can't blame him for that. Let's face it, none of his other plans have been successful.

Re:

[Anonymous Coward]

Surveillance themes on TV and film seem to suggest a future of total surveillance. The movie "Happy Feet" implied that wearing a tracking device will save you from starvation. TV show "Big Brother" combines voyeurism with surveillance to break down the previous bad concept of big brother watching your every move. Even something seemingly benign as "American's Funniest Home Videos" encourages you to send in your own videos and sit around laughing and looking at each other. You can see where this is all leadi

Re:

[CRC'99]

The problem is they keep all your search results, with tracking cookie. Google is in bed with the CIA: http://www.disgrunt.com/blog/2006/10/27/former-int [disgrunt.com] elligence-agent-says-google-in-bed-with-cia/ Have any of you guys seen the new gmail? I won't use it...it has a built in calendar, word processor, and of course, permanent email storage, converge this with permanent tracking cookies, logs of all search requests from your IP, and of course google earth/maps (will go live eventually as the technology change

You can't

[brunes69]

You have two choices. in one corner, you have a nice, stable, secure ASP that hosts your email / calender/ etc. They have redundant filesystems and/or make regular backups.

Your other choice is being able to delete your profile with a click.

People who think that the idea of being able to delete your profile is in any way simple or trivial are deluding themselves. Google themselves have said that because of the way GFS works they can *NEVER* know when a piece of data flagged for deletion is actually no longer recoverable. That fault tolerance and redundancy is built into the design.

It is the same thing at Yahoo and MSN. All these guys have redundant systems with backups. It would take days worth of man hours to delete a persons profile. Hard thing to demand from a free service.

If you don't want Google holding your data, no one is putting a bullet to your head. You don't need to have cookies enabled or anything else to use their search engine. Frankly I trust them with my email more than my ISP.

Re:

[Anonymous Brave Guy]

People who think that the idea of being able to delete your profile is in any way simple or trivial are deluding themselves. Google themselves have said that because of the way GFS works they can *NEVER* know when a piece of data flagged for deletion is actually no longer recoverable. That fault tolerance and redundancy is built into the design.

As others have said, a file system and back-up protocols where you can't readily identify the location of a specific piece of data given its "key" doesn't sound

Re:

[cp.tar]

That's all fine and dandy, but you forget about one teeny little aspect: the cost.

In the case of a court order etc. - of course they will spend the man-hours to get rid of the data. Doing so every time someone requested their data be deleted, they'd soon be doing nothing else.

OTOH, the whole population of India would have a job for at least a year.

Re:

[renbear]

We only run a relatively small network, but you can bet that if anything went wrong, we could walk into the server room and pick up the appropriate back-up tapes and/or call the off-site data archive service we use and get every copy they have within a couple of hours.

A very small network, apparently. Most backup methods are predicated on the fact that you will never need to delete JUST ONE record out of a backup set, without deleting the entire backup (of that filesystem, data store, etc.) Also, I rather suspect they use read-only media to store their backups-- but that's only a suspicion. Deleting part of a backup is much, MUCH harder-- well-nigh impossible-- than restoring part of a backup.

Asking Google to cleanse out ALL of your data, at your whim, is... a bit un

Re:

[deskin]

People who think that the idea of being able to delete your profile is in any way simple or trivial are deluding themselves. Google themselves have said that because of the way GFS works they can *NEVER* know when a piece of data flagged for deletion is actually no longer recoverable. That fault tolerance and redundancy is built into the design.

With a little work using cryptographic techniques, all companies such as Google could encrypt all their data, including all the data for individual users, with individual keys; then, erasing the data is a simple matter of forgetting the key. In reality it wouldn't be completely trivial to develop and use such a system, but it is certainly possible without too much headache.

Why don't they do this? Because no one who uses their services really cares.

Re:

[Rakishi]

Guy loses key. Guy had important data on gmail account. Guy sues google. Replace guy with class action lawsuit by dozens of small businesses using gmail.

Re:You can't

[Anonymous Coward]

Deleting accounts created on systems has always been a default consideration.

As proper deletion should have been

Not if the filesystem support and account management code had been properly written.

You obviously have no clue how a filesystem stack works. Data is rarely deleted per se on *any* filesystem, simply unlinked and possibly flagged for later overwriting. Why do you think projets like this [sourceforge.net] exist?

Even if a file (if an email or google doc is even stored in what one would *call* a file) did get deleted, the indexing that is done would make at least pieces parts recoverable until their staleness is discovered, which could be a while.

Even then, a good forensic analyist could probably recover something that had been allegedly deleted.

Overwriting data to securely erase it is expensive on a desktop and approaching impossible on a busy server. This is why people who don't wear tinfoil hats will use Boot'n'Nuke or somesuch before selling a hard drive on eBay. You can't just delete something (even on your own computer, mind you) and expect it to be gone. That's not the way filesystems work.

--------
Check your facts at the door; be sure to pay a quarter!

Re:

[Cal Paterson]

Overwriting data to securely erase it is expensive on a desktop and approaching impossible on a busy server. This is why people who don't wear tinfoil hats will use Boot'n'Nuke or somesuch before selling a hard drive on eBay. You can't just delete something (even on your own computer, mind you) and expect it to be gone. That's not the way filesystems work.

It's not expensive...you can just wipe the disk, and then fill it with zeroes. On a running machine, this is an issue, but not on a unused drive.

You'

Re:

[xaxa]

"If the space the file occupied has been since overwritten, it is not possible to retrieve the data, unless I am mistaken."

It is, but it's a lot more difficult. As I understand it, the magnetised area of the disc spreads slightly into the space between tracks. A later write doesn't completely cover this spread out area. You can't recover what was written using the drive electronics, but with very expensive equipment you can analyse the spaces between the tracks.

0 on the disc isn't exactly zero, it's mostly-

Re:

[Bjarke Roune]

> Either way what I expect from AC, but when you're ready to have something
> worthy of my time, please feel free to sign up and get a better way to
> respond to people that doesn't hurt your credibility.
>
Somehow, I don't think this Anonymous Coward guy is too worried about his credibility... :)

Re:

[growse]

Bear in mind that if they offsite any tape backups, for them legally to have deleted your profile they'll have had to track down every single tape with your data on it and erase your data from that tape without disturbing the other contents of the tape. Similar story for any other sort of redundancy/replication/backup. If they don't do this, they still have your data. It's not as simple as an 'rm' command at a shell.

Any large company that runs a datacentre has a really fecking expensive time actually remo

Re:

[cp.tar]

Nice theory.

In practice, passwords are crackable.

Especially since I don't think an average person would use a 1024-bit key just to log in to some web account.

My passwords aren't that bad, but they're quite certainly crackable by brute force in a relatively short while.

Re:

[Bjarke Roune]

> I would suggest that being unaware of the state of a piece of data
> on your file system is more or less the exact opposite of fault
> tolerance and redundancy.
>
Not if that data has been deleted. Actually, I would think that redundancy and fault tolerance is a large part of the *reason* that deleting things can be harder than it would seem at first sight. It is, of course, true that if Google really cared to delete data, they would be able to implement that functionality.

Re:

[Arancaytar]

Umm. I would suggest that being unaware of the state of a piece of data on your file system is more or less the exact opposite of fault tolerance and redundancy.

Do you delete files using cat /dev/random?

Few file systems go any length to make sure your file is no longer recoverable after deletion...

delete personal data

[green pizza]

I would love to see an option on those sites to delete my personal data. Then again, they could just use that button to trigger some sort of permanent data rentention, because, after all, only bad people want privacy.

Re:

[exley]

And let's not forget that Google fought the Justice department not on the grounds of protecting user privacy, but on the grounds of protecting trade secrets. Although the end result is the same, I think their motivation is very important.

Re:

[Otter]

Anyway, the subpoena was for aggregated search queries, not for anything traceable to a user. It had nothing to do with any reasonable understanding of privacy. Google just chose to spin their refusal as concern for their users.

Re:A suggestion...

[TheGreatHegemon]

Very nice, but how long until either Google loses some legal fight, or it simply decides not to fight?

If Google loses the legal fight to defend their data from government violations, then you should be looking at your government, not Google for the privacy violation.

Re:

[Anonymous Coward]

If Google loses the legal fight to defend their data from government violations, then you should be looking at your government, not Google for the privacy violation.

If Google wouldn't keep such overwhelming amount of users' private data then they would not be able to provide the government with it or abuse it themselves.

Pot calls kettle black.

[mooreBS]

Why are these people attacking Google. Privacy and anonymity are rapidly eroding in the UK. Hello! You've got bigger privacy problems than Google if you're living there.

Re:Pot calls kettle black.

[Stormx2]

The whole "UK is a big brother society" thing is overdone. 99% of cameras are just local shops looking out for their business. Remember that the UK is densely populated and natural selection has ground the a halt; council estates breed criminals. Sure, there are a lot of cameras, but it isn't some government conspiracy that people make it out to be.

Re:Pot calls kettle black.

[bky1701]

The whole "Google is big brother" thing is overdone. 99% of logging is just statistical. Remember that google is mainly an ad firm and they rely on statistics to do their job. Sure, there are a lot of logging, but it isn't some conspiracy that people make it out to be.

Re:

[Stormx2]

Well played. Not that by excluding Google I meant I think they're ruining our privacy

Re:Pot calls kettle black.

[suv4x4]

The whole "Google is big brother" thing is overdone. 99% of logging is just statistical.

Very funny. Statistical would imply they can't tie info back to you. When your mail, history, ip, browsing and search habits are all recorded in your exact account, it's not statistical. It's a disaster.

Google can pull all this crap out since they're so trusted by the large masses. Companies are pushed to behaving good by customers not trusting them. Google just didn't get enough of that throughout the years, and here's the result.

Funnier even, they seem to use their "goodness" as an argument here as well: the fact they fight back in court to protect that data isn't helpful. What would be helpful is that data is never collected in a way it can be abused, if god knows what happens (cracked server, loss in court, new law, insider leaking info etc etc)

Re:

[bky1701]

I was not so much approving of Google as much as I was showing that anything can be dismissed similarly. I do think that google is only picked on because they are a large company, though, not because they are doing anything different than anyone else. My website used to store all that data, too. I stopped because it served no purpose and thus wasn't worth possibly having it fall into someone other than myself's hands. Millions of other sites are identical. The only difference here is that Google's user data

Re:

[gordgekko]

My apologies, is that the country that keeps track of every automobile entering London and combed through all data, fax and voice traffic years before the Bush DOJ revived the Carnivore program?

For all the screaming about the USA PATRIOT Act, I'd rather live in the U.S. than England if privacy was my concern.

Re:Pot calls kettle black.

[k1e0x]

No its not a government conspiracy, they really ARE watching you. The average brit is photographed 200 to 400 times per day.

Hea, waat the hell, why not just pull random people over for.. no reason at all.. and take fingerprints. http://news.bbc.co.uk/1/hi/uk/6170070.stm [bbc.co.uk] Alread on it in the UK, the worlds leading police state.

Sound Orweallian..? guess what, it *looks* that way too. Check out the "it's for your 'safty'" ads. http://www.infowars.net/articles/april2006/170406w atching.htm [infowars.net]

Re:

[Charcharodon]

As a recent arrival in the UK, The Great Police State with all its CCTV's, must be a voyeur one, since it seems I've hardly ever see the police, even then though I live half a block away from the police station. About the only "Big Brother" activity I've witnessed is that a female officer (Big Sister) dropped by and asked me who I was in a casual sort of way a few weeks after I moved in. I don't know if it was a general neighborhood survey, or a let's eyeball the new guy. I little strange, but no differe

Re:

[LighterShadeOfBlack]

The UK and Europe have far stricter data protection laws than the United States and most other countries in the World. While there are definitely physical privacy issues raised by the explosion of CCTV in the UK and the security issues raised by the possiblity of National ID Cards and centralised medical record databases, that doesn't for one second mean that any other privacy issue should be overlooked or cast aside because "[we've] got bigger privacy problems". Every privacy concern should be raised and e

Re:

[Angostura]

Interesting logical fallacy you have there. Do you think campaigning is some sort of zero-sum game? PI has frequently critiqued UK and European privacy policies. Just because it's home country has problematic privacy issues, does not mean it has to exclusively focus on UK privacy issues.

Re:

[janrinok]

If that's what you think, you, sir, are an ignorant.

Well, ignoring the fact that it is not a complete sentence, I am not ignorant. But I have an opinion which differs from yours. If you cannot accept that some people might not agree with you then there is little point in you taking part in discussions. This forum is not the place for any particular group of people to enforce their views on everyone else, but to discuss and question various items of common interest to learn from each other and to share information. Of course, you view of what this forum

For the Tin Foil Hat Brigade (myself included)

[Anonymous Coward]

Firefox and the Customize Google extension make a good team: http://www.customizegoogle.com/ [customizegoogle.com]

Features:

        * Remove click tracking
        * Anonymize your Google userid
        * Block Google Analytics cookies

        * Secure Gmail and Google Calendar, switch to https
        * Remove ads

a good start, but.......

[green pizza]

Good enough for ramdom google usage, but Google still has your IP address and your search habits with which to track you.

Re:

[hcdejong]

You can always use the TrackMeNot plugin to poison their record of your search requests.

Re:For the Tin Foil Hat Brigade (myself included)

[UbuntuDupe]

Yeah, I'm the same way. When I have girls over at my place, *all* they have to do is ask about the "no sound/video recording" option, and I won't keep their data. They just never request that feature.

Amusing...

[Anonymous Coward]

It's amusing how people root for the underdog but start to turn against it once it gets too big. I remember a time when M$ was viewed as a hero for scoring victories over the evil IBM monopoly.

I suppose the lesson is that companies are never your friends, just allies of convenience at best. Something to remember the next time some slashbot claims comapny X will save the day because they are a friend of open source.

Re:Amusing...

[mrjb]

You have a point. But then what if open source gets too big?

Re:

[Timesprout]

Richard Stallman will throw his toys out of his pram, declare Open Source to be evil communism and start a new movement OAC (Obfuscated Assembly Code) and declare Obfuscated Assembly to be the one true way for source code. He demand all sources be closed but will still decry cash payment for software products and will insist on payment with body parts from the user, eg a couple of fingers to get you a spreadsheet package (you wont need those fingers to count any more anyway).

Re:

[HomelessInLaJolla]

Open source, as a concept, cannot be too big. I really feel that it's the best way to go when keep considerations such as IP, privacy, security, and flexibility in mind over the long term. One particular operating system, eg. GNU/Linux, could become too popular for itself in that exploits and political strife will outpace the benefits of greater adoption. I think it already has. Every problem which can come of a large interconnected operating system has already been encountered by Microsoft and the GNU/

Re:

[asninn]

I suppose the lesson is that companies are never your friends, just allies of convenience at best. Something to remember the next time some slashbot claims comapny X will save the day because they are a friend of open source.

You have a point. But then what if open source gets too big?

Since when is "open source" a company?

Re:

[dkf]

You have a point. But then what if open source gets too big?

Call me when it happens, since I sure won't be wasting effort waiting for it explicitly...

Re:

[ClosedSource]

"It's amusing how people root for the underdog but start to turn against it once it gets too big. I remember a time when M$ was viewed as a hero for scoring victories over the evil IBM monopoly."

Perhaps you're confusing DEC and Data General with MS. They were the companies that were seen as the Davids fighting the Goliath of IBM. MS wasn't a really IBM competitor until the OS/2 split and by then there was already a contingent of MS-haters (Mostly among UNIX fans who realized that the personal computer revo

Re:

[HappyEngineer]

You're right, but I don't think it's amusing. It's true about any person or group that gains too much power. The freedom fighters of today might become the oppressive totalitarian government of tomorrow. The political activist who fights for our rights today might become the hidden government puppetmaster of tomorrow.

There's nothing contradictory about liking Microsoft years ago and hating them now. Or in hating IBM years ago and liking them now. Or liking google today and hating them tomorrow.

Yahoo was onc

Google? Hardly...

[StikyPad]

While a number of other Internet companies have troubling policies, none comes as close to Google to 'achieving status as an endemic threat to privacy,'

They've obviously never heard of LexisNexis [wikipedia.org] or Accurint [accurint.com]. Unless they consider information on what web page you visited to be more infringing than, say, your full financial history, residence, court records, marriage licenses, property deeds, loans, phone numbers (including unlisted), etc., etc. Of course, that's all "public information."

Re:

[rinkjustice]

Let me add Acxiom [acxiom.com] to the list, the largest data mining company in the world. Acxiom, with their massive server farms, collect detailed personal information on everything from age to income and shopping habits, and divide consumer groups into one of 70 "lifestage segments". These lifestage segments might be location or hobbies, products bought, charities donated to - or all of the above. This information is purchased by the US government as well as many North American firms with products to market and sell.

Google knows a lot about what we think and do

[slashdotmsiriv]

In reality, Google has access to everything that crosses our minds, since
this is greatly correlated to what you search and write in your
emails. The truth is that if one bad guy manages to get access to
Google's data center, he can learn everything about us.

However, Google has absolutely no right to use this information
against us in any way. This is in all respects illegal. In addition,
if something like "My employer fired me, because an ex-google employee
told him that I search for animal porn online" happens,

Yeah right

[imsabbel]

> Google last year successfully fought a U.S. Justice Department subpoena demanding to review millions of search requests.

Yeaha. Google protects the data from the Justice Department.
But it DOESNT (and thats the point of the rating) protect the data from google itself. The google privacy idea is more or less "We are good. Thats why WE are allowed to do everything, and you WILL like it (trust us, we know you better than you do yourself)".

Re:

[smallpaul]

Even if Gogle were corporately very responsible (in that they never specifically directed their employees to do anythi ng unethical), would you be willing to bet that all of the individuals with access to the servers are individually responsible? None of them work for the CIA or FSB, none of them have an axe to grind with an ex-girlfriend, none of them are sharing information with the mafia etc. I predict that the big privacy problems we'll find with these companies are where individuals ignore corporate po

Re:

[geminidomino]

Why don't people ever think sensibly about this? *GOOGLE IS AN ADVERTISING COMPANY!* It's not an evil secret society that wants to ruin your life

So it's an evil, overt society that wants to ruin your life...

Hey, don't downmod me. YOU'RE the one who used "advertising company" and "not evil" in the same post.

Abuse of "anonymity"

[Christoph]

I have been sued for defamation by a Russian businessman after I wrote a webpage that criticized him. One of my witnesses claimed the Russian threatened his life. A commment was later posted on my website using an anonymizing web proxy saying the businessman was in the Russian Mafia, and implying if I win in court I might loose my life.

I issued a federal subpoena for an IP trace to find out who made this threat. It went to Affinity Internet, who is the ISP for Unipeak, an anonymizing web proxy. I later learned Unipeak was the source of the comment threatening me, but Unipeak didn't have any valid contact information and their website says they keep no traffic logs.

Further research showed the Russian, Andrew Vilenchik, was a user of Unipeak. See Vilenchik's anonymous comments. [cgstock.com]

My local police are now involved, my neighbors keep an eye on my house, and my wife and extended family are very upset about this threat, which we take seriously.

Whoo hoo! Hooray for anonymity! By all means, terrorize, threaten, steal, and engage in represehsible and illegal conduct with anonymity and impunity. I choose not to lie, cheat, or steal, but I tell the truth without anonymity and I face any consequences. By comparison, every criminal and scumbag wants anonymity.

A full description of the Lawsuit is online [cgstock.com]

Re:

[Anonymous Coward]

That might be tough on you if people are threatening to kill you, but lets not pretend that the ONLY reason someone would want to be anonymous online is to threaten to kill people. What if I live in a country in which I do not trust my government or their agencies to protect me, indeed I suspect that my goals and theirs are diametrically opposed. Say I really like the idea of democracy but my state's dictator is rather set in his ways and would rather see anyone who advocates democracy swinging from the nea

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Christoph]

After publishing the article, people came forward and told me of other publications where Vilenchik was using my photo. They gave me evidence that a sales agreement he produced in his lawsuit against me was fraudulent.

These people came forward because the article was published on my own website, which comes up high in search results, and I could not post the article there anonymously (without being discovered). The witnesses needed to have a way to reach me, and needed to know I was the photographer in qu

and, in related news, privacy international

[Anonymous Coward]

gets the lowest google ranking available.

How do we know Goog isn't giving up info already??

[classh_2005]

Seriously, did you know...(from wikipedia) "Under FISA, any agency may require a common carrier, landlord, custodian, or other person provide them with all information, facilities, or technical assistance necessary to accomplish ongoing electronic surveillance. They must also protect the secrecy of and cause as little disruption to the ongoing surveillance effort as possible." "A common carrier is an organization that transports persons or goods, and offers its services to the general public. In contrast, private carriers do not offer a service to the public, and provide transport on an irregular or ad-hoc basis. Common carriers typically transport persons or goods according to defined routes and schedules. Airlines, railroads, bus lines, cruise ships and freight companies may be common carriers." So, if the Goog was instructed to provide info, they wouldn't be telling us.

Re:How do we know Goog isn't giving up info alread

[classh_2005]

Just as an aside, it's high time there was a serious effort at producing a decent open source search. Personally, I think a distributed network with anonymizing services makes the most sense. I know there are projects in existence already, but more people will have to become aware of them. Some Open Source search projects are:

http://www.majestic12.co.uk/projects/dsearch// [majestic12.co.uk]

http://www.aspseek.org/about.html// [aspseek.org]

http://sourceforge.net/projects/ebiness// [sourceforge.net]

http://www.grub.org/html/documents.php// [grub.org]

http://l [apache.org]

This seems hilarious...

[Darundal]

...that a group based IN THE UK is giving anybody a grade on privacy, considering how much respect the government down there has for it.

Yes

[j00r0m4nc3r]

Well, if Privacy International says it's so, then it must be so!
I mean, they're Privacy International for cripe's sake. That's at least 20% better than just Privacy National. Just because I had never heard of them until today is irrelevant.

There is a lot Google is

[pcause]

Look at the entire scope of what Google does and you see that they want to know everything about you, and not some anonymous information. EMail is something you alomost always log in to. Many people set the login to remember them. Makes it easier to check you email, but once you are logged in your search queries are not anonymous. That is the reason Google has so many other things to try tog et you logged in and to stay logged in. For example, the have IM so that you've leave it running and yourself logged in.

However, most commercial activity and interesting behaviors, the ones worth money to advertisers and others, don't happen at the search screen. This is why Google has toolbar and desktop. They want to watch all of the sites you visit and what you do on the sites. Using this data they build a detailed behavioral profile of you. But they also have way more information then your commercial behaviors. They know about a wide variety of sites and can determine if you look at sites about health issues, or other sensitive and personal behaviors.

Google is a HUGE threat to your privacy. One could reasonably say that if you use many Google services and tools you have already given them such a detailed picture about you your privacy is essentially gone. And remember, they keep a 2 year rolling picture of the details about you. But they can also keep the "important" items they discover and toss the detail.

And, to those who say "Remember that Google went to Court to prevent the Government from getting records", remember what Google said. They said they were doing this NOT to protect your privacy, but to protect their trade secrets. That means so that no one can found out the real details about what they track and know about you.

Don't believe the "Do NO Evil" stuff. It is just clever marketing. They are a big company, just like all the rest and in many ways worse. Remember that they say that they want to index all of the World's information. That includes the very intimate and personal details about you!

Many viewed Google as the anti-Microsoft. Microsoft just dominated a market. Is is really debatable whether Microsoft's dominance actually cost consumers financially, but if they did, it was just money. There is no question that Google threatens at least our privac and that is just the first of our basic rights that their behavior and business interests threaten to erode.

   

Re:

[hanwen]

And, to those who say "Remember that Google went to Court to prevent the Government from getting records", remember what Google said. They said they were doing this NOT to protect your privacy, but to protect their trade secrets.

Care to back this up with a reference?

ooh i bet they're scared now...

[deblau]

Ob Futurama [wikipedia.org]:

WERNSTROM: I give you the worst grade imaginable, an A minus minus!

High Horses

[DynaSoar]

P.I. has simply done what ACLU does frequently: jumped up on other peoples' high horses and ridden them, even if its legs are imaginary. Don't get me wrong, I fully support what ACLU stands for and what actions they do undertake. Unfortunately they very often go for PR by chiming in on many topics others happen to be making noise about (ie. getting media attention) even though they have no intention of taking action themselves. Look back through the media and see how many times you can find ACLU "condemning

Marketing and Privacy are diametrically opposed

[erroneus]

The subject line says it all. Advertising needs to know who the viewers are when targetting an advertisment. And the more accurate a description, the more "effective" an advertisment may likely be. So if they can collect a bunch of info on a user and set up a profile then advertising can be better targetted, be more effective and the advertising space provider can charge highter rates.

Bullshit

[Mr. Freeman]

Oh yeah, Google is really insecure. I mean come on, they've had a whole 0 leaks in the last decade alone. That's almost a measurable increase from previous times.

Seriously though, with a new "Thousands of credit card/social security numbers released by company XYZ" story every other week, how did Google score this low? Seems to me there's more at play here than facts and studies. Perhaps Google indexed one of their "confidential" pages they put on their server and didn't realize was on the Internet unti

News at 11

[jon_joy_1999]

Criminal defense lawyer John Henry Browne sues [slashdot.org] Privacy International on behalf of Google Inc. for poor rating.

Consistency & Reliability?

[Dekortage]

In reading the actual findings [privacyinternational.org], I'm a little confused. They fault one company for using "web beacons" and another for using "pixel tags" -- but those are the same thing, so why not be consistent in terminology? They fault Apple because it "kept quiet on the potential watermarking of DRM-free iTunes songs" when this topic only broke out within the last week, and there is zero evidence of actual watermarking (versus plain text additions of your name and email address -- yes, there is a difference). They fa

Re:Toppling the Top Guy

[Fex303]

This is a classic trick of anti-capitalist lefties (and looking at who is on their committees, there's a whole bunch of them).

Are you aware of the fact that this makes you sound like a cold war era crazy-person? I mean, if so, feel free to continue - I just thought you might want to know.

If they were the 2nd biggest coffee shop chain in the world, the scorn would not exist.

If they made decent coffee there would be a hell of a lot less scorn for them too...

Re:

[Fex303]

I'm simply suggesting that it's not a leftist conspiracy theory, still, don't let me stop you.

Re:Toppling the Top Guy

[mrjb]

If they were the 2nd biggest coffee shop chain in the world, the scorn would not exist. I'm from the Netherlands. No starbucks at all to be found here- I guess they felt they couldn't compete with the Fine Products sold in coffee shops here :)

Re:

[Anonymous Coward]

A bunch of soccer moms on another continent starting a consumer ban against a company supporting drug abuse?

Re:

[sakdoctor]

Yeah right. What are you going to use instead?

Ask Jeeves? ...didn't think so.

Re:

[MichaelSmith]

Nobody is forced to use it!

What about users of Opera? Doesn't google still get every URL they visit?

need to privacy is important, not retarded

[siddesu]

you're having it all mixed up. this is not about _you_, it is about _them_. the problem with companies like google is you don't know when you're using them. they own a lot of sites and services and probably have stake in even more, and all this data is collected, analyzed and processed by a single entity, without you knowing it, agreeing to it, or having an option to do anything at all about it.

you say you like this, and you call people "retarded" because they worry about privacy, but actually you say becau

Re:

[Wordplay]

You're forgetting the various apps like Mail that store personal information online on their servers.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Achromatic1978]

Well, for one thing Gmail does not require you to download a program in order to use their email service like Hotmail does so they can track all your movements within their system.

Huh?!? What program do you need to download to use Hotmail?