[IP] more on Google's Web Accelerator is a big privacy risk
Begin forwarded message:
From: Lauren Weinstein <lauren@xxxxxxxxxx>
Date: May 5, 2005 5:13:59 PM EDT
To: dave@xxxxxxxxxx
Cc: lauren@xxxxxxxxxx
Subject: Re: [IP] Google's Web Accelerator is a big privacy risk
Dave,
I guess it's going to take some kind of major Google-based privacy
breakdown for people to finally understand what we've been saying.
It doesn't matter how sweet, nice, trusted, or cool a service may
be, the collection and archiving of vast amounts of users' Web
search, e-mail, browsing, and other activities is a recipe for utter
disaster. Google isn't the only culprit, but they're the big
enchilada so they represent a very major risk. The only way to
avoid abuse of such data is not to keep it around in the first place.
Google's new Accelerator service ironically appears to wed the source
masking aspects of caches (along with all of the usual problems with
caches both for users and destination sites) to the worst aspects of
Google's highly problematic data archiving policies.
Google is smiling their way into becoming -- probably more through a
bizarre combination of hubris and naivete than purposeful intentions
-- a one-stop surveillance "shopping center" for every lawyer,
police agency, district attorney, government agency, and so on who
wants to know what people are doing on the Internet.
Any entity able to pull a civil, criminal, Patriot/Homeland Security
Act, or other investigatory operation out of their hats, will come
to view Google as the mother lode of user tracking.
Google is making money hand over fist. In exchange for their
continued prosperity, it's time for lawmakers, regulators, and the
Internet Community at large to demand not only that Google's data
retention policies be made utterly transparent and public, but that
they cease any long-term archival of detailed user activity data.
--Lauren--
Lauren Weinstein
lauren@xxxxxxxx or lauren@xxxxxxxxxx or lauren@xxxxxxxx
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, EEPI
- Electronic Entertainment Policy Initiative - http://www.eepi.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com
- - -
Begin forwarded message:
From: Brian Carini <bcarini@xxxxxxxxx>
Date: May 5, 2005 11:06:12 AM EDT
To: David Farber <dave@xxxxxxxxxx>
Subject: Google's Web Accelerator is a big privacy risk
Reply-To: brian@xxxxxxxxxx
Dave, (for IP if you wish)
Google is now offering a download and service called Web Accelerator
(see http://webaccelerator.google.com/support.html ), which
purportedly speeds up a broadband connection through proxy and
caching. The application routes all page requests (except https)
through Google's servers. Each page request is logged by Google.
I've said this before: I really like Google, but they are getting
dangerous. Google has a great image as a good company. They have
engendered a great amount of trust through their "Don't Be Evil"
motto. And I think they really mean it. But the fact is that they
are stockpiling a perilous amount of personal information about their
users.
Already, Google logs every search request with its IP address.
Google has acknowledged this log in a number of interviews. But,
they have never answered why they keep such a log. The search log by
itself is not too harmful since the IP address identifies a computer
and not a person. The searches cannot easily be traced to a
particular person without help from the ISP, unless a person likes to
Google their own name frequently.
If Google's search log makes you feel uneasy, Google Web
Accelerator is much more threatening to privacy. "When you use Google
Web Accelerator, Google servers receive and log your page
requests." (http://webaccelerator.google.com/privacy.html ) In other
words, every non-encrypted web transaction is recorded permanently at
Google.
This page request log could be used to create a near-perfect
reconstruction of a persons web use. Every page view, every search
on every engine, every unencrypted login, any information (including
name, address, email address, etc) submitted using the HTTP: GET or
POST methods will stored in this page request log. I expect that it
would be possible to identify a large proportion of individuals from
their page request log.
I don't think that Google currently has any evil intent for this
data. That would be at odds with their "Don't' Be Evil" motto. I
assume the current reason for collecting this data is simply for
research. But, over time, slogans change, companies are bought and
sold, and data is frequently repurposed, sold, or stolen. Then
privacy will suffer.
Google admits, "Web Accelerator receives much of the same kind of
information you currently send to your ISP when you surf the
Web" (see http://webaccelerator.google.com/support.html#basics5 )
But the difference is that my ISP doesn't keep that information,
along with my search history and every email that I send and
receive. Or if they do, they aren't telling me about it.
Brian Carini
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/