----- Forwarded message from David Farber <[EMAIL PROTECTED]> ----- From: David Farber <[EMAIL PROTECTED]> Date: Thu, 5 May 2005 17:39:40 -0400 To: Ip <ip@v2.listbox.com> Subject: [IP] more on Google's Web Accelerator is a big privacy risk X-Mailer: Apple Mail (2.728) Reply-To: [EMAIL PROTECTED]
Begin forwarded message: From: Lauren Weinstein <[EMAIL PROTECTED]> Date: May 5, 2005 5:13:59 PM EDT To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [IP] Google's Web Accelerator is a big privacy risk Dave, I guess it's going to take some kind of major Google-based privacy breakdown for people to finally understand what we've been saying. It doesn't matter how sweet, nice, trusted, or cool a service may be, the collection and archiving of vast amounts of users' Web search, e-mail, browsing, and other activities is a recipe for utter disaster. Google isn't the only culprit, but they're the big enchilada so they represent a very major risk. The only way to avoid abuse of such data is not to keep it around in the first place. Google's new Accelerator service ironically appears to wed the source masking aspects of caches (along with all of the usual problems with caches both for users and destination sites) to the worst aspects of Google's highly problematic data archiving policies. Google is smiling their way into becoming -- probably more through a bizarre combination of hubris and naivete than purposeful intentions -- a one-stop surveillance "shopping center" for every lawyer, police agency, district attorney, government agency, and so on who wants to know what people are doing on the Internet. Any entity able to pull a civil, criminal, Patriot/Homeland Security Act, or other investigatory operation out of their hats, will come to view Google as the mother lode of user tracking. Google is making money hand over fist. In exchange for their continued prosperity, it's time for lawmakers, regulators, and the Internet Community at large to demand not only that Google's data retention policies be made utterly transparent and public, but that they cease any long-term archival of detailed user activity data. --Lauren-- Lauren Weinstein [EMAIL PROTECTED] or [EMAIL PROTECTED] or [EMAIL PROTECTED] Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, EEPI - Electronic Entertainment Policy Initiative - http://www.eepi.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - - > > >Begin forwarded message: > >From: Brian Carini <[EMAIL PROTECTED]> >Date: May 5, 2005 11:06:12 AM EDT >To: David Farber <[EMAIL PROTECTED]> >Subject: Google's Web Accelerator is a big privacy risk >Reply-To: [EMAIL PROTECTED] > > >Dave, (for IP if you wish) > > >Google is now offering a download and service called Web Accelerator >(see http://webaccelerator.google.com/support.html ), which >purportedly speeds up a broadband connection through proxy and >caching. The application routes all page requests (except https) >through Google's servers. Each page request is logged by Google. > >I've said this before: I really like Google, but they are getting >dangerous. Google has a great image as a good company. They have >engendered a great amount of trust through their "Don't Be Evil" >motto. And I think they really mean it. But the fact is that they >are stockpiling a perilous amount of personal information about their >users. > >Already, Google logs every search request with its IP address. >Google has acknowledged this log in a number of interviews. But, >they have never answered why they keep such a log. The search log by >itself is not too harmful since the IP address identifies a computer >and not a person. The searches cannot easily be traced to a >particular person without help from the ISP, unless a person likes to >Google their own name frequently. > > If Google's search log makes you feel uneasy, Google Web >Accelerator is much more threatening to privacy. "When you use Google >Web Accelerator, Google servers receive and log your page >requests." (http://webaccelerator.google.com/privacy.html ) In other >words, every non-encrypted web transaction is recorded permanently at >Google. > >This page request log could be used to create a near-perfect >reconstruction of a persons web use. Every page view, every search >on every engine, every unencrypted login, any information (including >name, address, email address, etc) submitted using the HTTP: GET or >POST methods will stored in this page request log. I expect that it >would be possible to identify a large proportion of individuals from >their page request log. > >I don't think that Google currently has any evil intent for this >data. That would be at odds with their "Don't' Be Evil" motto. I >assume the current reason for collecting this data is simply for >research. But, over time, slogans change, companies are bought and >sold, and data is frequently repurposed, sold, or stolen. Then >privacy will suffer. > >Google admits, "Web Accelerator receives much of the same kind of >information you currently send to your ISP when you surf the >Web" (see http://webaccelerator.google.com/support.html#basics5 ) >But the difference is that my ISP doesn't keep that information, >along with my search history and every email that I send and >receive. Or if they do, they aren't telling me about it. > >Brian Carini > > ------------------------------------- You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net
signature.asc
Description: Digital signature