Blog

Google, Privacy, and You

By Rich

A lot of my tech friends make fun of me for my minimal use of Google services. They don’t understand why I worry about the information Google collects on me. It isn’t that I don’t use any Google services or tools, but I do minimize my usage and never use them for anything sensitive. Google is not my primary search engine, I don’t use Google Reader (despite the excellent functionality), and I don’t use my Gmail account for anything sensitive. Here’s why:

First, a quote from Eric Schmidt, the CEO of Google (the full quote, not just the first part, which many sites used):

If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.

I think this statement is very reasonable. Under current law, you should not have an expectation of privacy from the government if you interact with services that collect information on you, and they have a legal reason and right to investigate you. Maybe we should have more privacy, but that’s not what I’m here to talk about today.

Where Eric is wrong is that you shouldn’t be doing it in the first place. There are many actions all of us perform from day to day that are irrelevant even if we later commit a crime, but could be used against us. Or used against us if we were suspected of something we didn’t commit. Or available to a bored employee.

It isn’t that we shouldn’t be doing things we don’t want others to see, it’s that perhaps we shouldn’t be doing them all in one place, with a provider that tracks and correlates absolutely everything we do in our lives. Google doesn’t have to keep all this information, but since they do it becomes available to anyone with a subpoena (government or otherwise). Here’s a quick review of some of the information potentially available with a single piece of paper signed by a judge… or a curious Google employee:

  • All your web searches (Google Search).
  • Every website you visit (Google Toolbar & DoubleClick).
  • All your email (Gmail).
  • All your meetings and events (Google Calendar).
  • Your physical location and where you travel (Latitude & geolocation when you perform a search using Google from your location-equipped phone).
  • Physical locations you plan on visiting (Google Maps).
  • Physical locations of all your contacts (Maps, Talk, & Gmail).
  • Your phone calls and voice mails (Google Voice).
  • What you read (Search, Toolbar, Reader, & Books)
  • Text chats (Talk).
  • Real-time location when driving, and where you stop for food/gas/whatever (Maps with turn-by-turn).
  • Videos you watch (YouTube).
  • News you read (News, Reader).
  • Things you buy (Checkout, Search, & Product Search).
  • Things you write – public and private (Blogger [including unposted drafts] & Docs).
  • Your photos (Picassa, when you upload to the web albums).
  • Your online discussions (Groups, Blogger comments).
  • Your healthcare records (Health).
  • Your smarthome power consumption (PowerMeter).

There’s more, but what else do we care about? Everything you do in a browser, email, or on your phone. It isn’t reading your mind, but unless you stick to paper, it’s as close as we can get. More importantly, Google has the ability to correlate and cross-reference all this data.

There has never before been a time in human history when one single, private entity has collected this much information on a measurable percentage of the world’s population.

Use with caution.

No Related Posts
Comments

Agree in principle and practice. In addition to all these many have hundreds of bookmarks stored online, not to forget documents and spreadsheets, knol, latitude, news, etc. The face tagging in Picasa mentioned above is new and interesting, I never thought of this! I have experienced its very difficult to come out of this intricate web of Google. As of now I have made it a practice to sign out of Google while using search, maps and news. I don’t know if it helps completely since profiling can be continued through cookies and IP addresses. I can’t seem to come out of Gmail, bookmarks and docs, etc. At least I have put off my decision to buy an Android phone as it lures (or forces?) us to sign into Google account.

By niranjan


Don’t forget that wonderful addition to Picassa, Facial Recognition. Remember unlike iPhoto, Picassa’s is used system wide not just on your photos.

By Paul


As Rich said, it is not about information itself but the correlation among them. If we consider MS as the “OS Moloch” then Google really is the INFO one. It worries me more and more how easily we give up all our privacy to one private company.

By [!v@n]


Just out of interest what other search engine do you use, and why do you think that you have more privacy with another search engine? Surely speading your information around more companies just add’s to the leakage?

By so


Me neither- that’s why we are dropping it. We are actively looking for another provider right now.

By Rich


Rich,

I don’t consider Postini to really be more secure than Gmail. I know the laws are different, but I don’t know how many copies Google keeps of transient information, or how it would (does?) play out IRL.

By Chris Pepper


Chris,

It isn’t that the information isn’t available by other means that concerns me, but that it’s all in one location, correlated, and available with a single legal search (or bored employee).

But agree- privacy is pretty much dead.

By Rich


I agree in principle but here in the UK I believe the only thing you can expect from using your own email system or encrypting your data is to slow those who want to poke through your lives down.
We have lots of terrible privacy degrading laws, all to counter that terrorism threat we’ve had rammed down our throats; one of the worst of these (encryption + privacy wise) is RIPA which means regardless of what you do with your data if you cant decrypt and provide it all on request, or prove that you cant (how you prove it is a mystery), then they can still throw you in jail.
In this modern world of overly-large companies like google, and corrupt governments that will do what they like when they like under a cloak of best intentions and for our safety privacy is well and truly dead, its been buried under the law.

By Chris McKee


If you like to leave comments, and aren’t a spammer, register for the site and email us at info@securosis.com and we’ll turn off moderation for your account.