[IP] Google's Web Accelerator is a big privacy risk
Begin forwarded message:
From: Seth David Schoen <schoen@xxxxxxxxxxx>
Date: May 5, 2005 4:08:54 PM EDT
To: David Farber <dave@xxxxxxxxxx>
Cc: Brian Carini <bcarini@xxxxxxxxx>
Subject: Re: [IP] Google's Web Accelerator is a big privacy risk
David Farber writes:
From: Brian Carini <bcarini@xxxxxxxxx>
Date: May 5, 2005 11:06:12 AM EDT
To: David Farber <dave@xxxxxxxxxx>
Subject: Google's Web Accelerator is a big privacy risk
Reply-To: brian@xxxxxxxxxx
I've said this before: I really like Google, but they are getting
dangerous. Google has a great image as a good company. They have
engendered a great amount of trust through their "Don't Be Evil"
motto. And I think they really mean it. But the fact is that they
are stockpiling a perilous amount of personal information about their
users.
Already, Google logs every search request with its IP address.
Google has acknowledged this log in a number of interviews. But,
they have never answered why they keep such a log. The search log by
itself is not too harmful since the IP address identifies a computer
and not a person. The searches cannot easily be traced to a
particular person without help from the ISP, unless a person likes to
Google their own name frequently.
A bigger problem is that many Google search users are also Gmail
users, and a cookie is shared between Gmail and Google search (because
they use the same domain, google.com). Therefore, if a person uses
Gmail and Google search from the same computer, even with a long period
of time in between, Google will know the identity of the person
responsible for those search queries.
Google doesn't need to infer your identity from the content of your
other web searches; it already knows it, if you're a Gmail user.
This identification can be retroactive. If you used Google search
for 3 years on a particular PC, and then signed up for a Gmail
account, your search cookie from that PC would be sent to Google and
the name you provided for your Gmail account could then be associated
retroactively with your entire saved search history.
Google cookies last as long as possible -- until 2038. If you've
ever done a Google search on a given computer with a given web
browser, you probably still have a descendant of the original PREF
cookie that Google gave you upon your very first search, with the
very same ID field (a globally unique 256-bit value).
This problem is ubiquitous in the web portal industry, and Google is
right to say that its privacy policy is better than many of its
competitors'. However, Google is still assembling a treasure trove
of personal information, possibly stretching back for years, that
Google may release in response to any civil subpoena or "governmental
request":
http://gmail.google.com/gmail/help/privacy.html#disclose
--
Seth David Schoen <schoen@xxxxxxxxxxx> | Very frankly, I am opposed
to people
http://www.loyalty.org/~schoen/ | being programmed by others.
http://vitanuova.loyalty.org/ | -- Fred Rogers
(1928-2003),
| 464 U.S. 417, 445
(1984)
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/