[IP] Google's Web Accelerator is a big privacy risk (fwd from dave@farber.net)
- Forwarded message from David Farber <[EMAIL PROTECTED]> - From: David Farber <[EMAIL PROTECTED]> Date: Thu, 5 May 2005 15:38:46 -0400 To: Ip Subject: [IP] Google's Web Accelerator is a big privacy risk X-Mailer: Apple Mail (2.728) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Brian Carini <[EMAIL PROTECTED]> Date: May 5, 2005 11:06:12 AM EDT To: David Farber <[EMAIL PROTECTED]> Subject: Google's Web Accelerator is a big privacy risk Reply-To: [EMAIL PROTECTED] Dave, (for IP if you wish) Google is now offering a download and service called Web Accelerator (see http://webaccelerator.google.com/support.html ), which purportedly speeds up a broadband connection through proxy and caching. The application routes all page requests (except https) through Google's servers. Each page request is logged by Google. I've said this before: I really like Google, but they are getting dangerous. Google has a great image as a good company. They have engendered a great amount of trust through their "Don't Be Evil" motto. And I think they really mean it. But the fact is that they are stockpiling a perilous amount of personal information about their users. Already, Google logs every search request with its IP address. Google has acknowledged this log in a number of interviews. But, they have never answered why they keep such a log. The search log by itself is not too harmful since the IP address identifies a computer and not a person. The searches cannot easily be traced to a particular person without help from the ISP, unless a person likes to Google their own name frequently. If Google's search log makes you feel uneasy, Google Web Accelerator is much more threatening to privacy. "When you use Google Web Accelerator, Google servers receive and log your page requests." (http://webaccelerator.google.com/privacy.html ) In other words, every non-encrypted web transaction is recorded permanently at Google. This page request log could be used to create a near-perfect reconstruction of a persons web use. Every page view, every search on every engine, every unencrypted login, any information (including name, address, email address, etc) submitted using the HTTP: GET or POST methods will stored in this page request log. I expect that it would be possible to identify a large proportion of individuals from their page request log. I don't think that Google currently has any evil intent for this data. That would be at odds with their "Don't' Be Evil" motto. I assume the current reason for collecting this data is simply for research. But, over time, slogans change, companies are bought and sold, and data is frequently repurposed, sold, or stolen. Then privacy will suffer. Google admits, "Web Accelerator receives much of the same kind of information you currently send to your ISP when you surf the Web" (see http://webaccelerator.google.com/support.html#basics5 ) But the difference is that my ISP doesn't keep that information, along with my search history and every email that I send and receive. Or if they do, they aren't telling me about it. Brian Carini - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl http://leitl.org";>leitl __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net signature.asc Description: Digital signature
[IP] Google's Web Accelerator is a big privacy risk (fwd from dave@farber.net)
- Forwarded message from David Farber <[EMAIL PROTECTED]> - From: David Farber <[EMAIL PROTECTED]> Date: Thu, 5 May 2005 17:38:49 -0400 To: Ip Subject: [IP] Google's Web Accelerator is a big privacy risk X-Mailer: Apple Mail (2.728) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Seth David Schoen <[EMAIL PROTECTED]> Date: May 5, 2005 4:08:54 PM EDT To: David Farber <[EMAIL PROTECTED]> Cc: Brian Carini <[EMAIL PROTECTED]> Subject: Re: [IP] Google's Web Accelerator is a big privacy risk David Farber writes: >From: Brian Carini <[EMAIL PROTECTED]> >Date: May 5, 2005 11:06:12 AM EDT >To: David Farber <[EMAIL PROTECTED]> >Subject: Google's Web Accelerator is a big privacy risk >Reply-To: [EMAIL PROTECTED] > >I've said this before: I really like Google, but they are getting >dangerous. Google has a great image as a good company. They have >engendered a great amount of trust through their "Don't Be Evil" >motto. And I think they really mean it. But the fact is that they >are stockpiling a perilous amount of personal information about their >users. > >Already, Google logs every search request with its IP address. >Google has acknowledged this log in a number of interviews. But, >they have never answered why they keep such a log. The search log by >itself is not too harmful since the IP address identifies a computer >and not a person. The searches cannot easily be traced to a >particular person without help from the ISP, unless a person likes to >Google their own name frequently. > A bigger problem is that many Google search users are also Gmail users, and a cookie is shared between Gmail and Google search (because they use the same domain, google.com). Therefore, if a person uses Gmail and Google search from the same computer, even with a long period of time in between, Google will know the identity of the person responsible for those search queries. Google doesn't need to infer your identity from the content of your other web searches; it already knows it, if you're a Gmail user. This identification can be retroactive. If you used Google search for 3 years on a particular PC, and then signed up for a Gmail account, your search cookie from that PC would be sent to Google and the name you provided for your Gmail account could then be associated retroactively with your entire saved search history. Google cookies last as long as possible -- until 2038. If you've ever done a Google search on a given computer with a given web browser, you probably still have a descendant of the original PREF cookie that Google gave you upon your very first search, with the very same ID field (a globally unique 256-bit value). This problem is ubiquitous in the web portal industry, and Google is right to say that its privacy policy is better than many of its competitors'. However, Google is still assembling a treasure trove of personal information, possibly stretching back for years, that Google may release in response to any civil subpoena or "governmental request": http://gmail.google.com/gmail/help/privacy.html#disclose -- Seth David Schoen <[EMAIL PROTECTED]> | Very frankly, I am opposed to people http://www.loyalty.org/~schoen/ | being programmed by others. http://vitanuova.loyalty.org/ | -- Fred Rogers (1928-2003), |464 U.S. 417, 445 (1984) - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl http://leitl.org";>leitl __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net signature.asc Description: Digital signature
Re: [IP] Google's Web Accelerator is a big privacy risk (fwd from dave@farber.net)
> Google cookies last as long as possible -- until 2038. If you've And you are allowing cookies because ... ? And you are keeping cookies past the session because ... ? Too lazy not to? To lazy to login again? Inherent belief that commercial entity should make your life easy for purely philantropical reasons? Just plain dumb? end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail
