Slashdot Mirror
Privacy Concerns On Google's 30 Day Data Policy
darkmonkeh writes ""Google Inc. is offering a new tool that will automatically transfer information from one personal computer to another, but anyone wanting that convenience must authorize the Internet search leader to store the material for up to 30 days", CNN reports. Although Google's policy states that it can hold data for up to 30 days, "Google intends to delete the information shortly after the electronic handoff, and will never retain anything from a user's hard drive for more than 30 days", said Sundar Pichai, director of product management. With pressure on Google after the request by the Bush administration for personal information, privacy concerns may be hard hitting."
Does this give Google the right to search the data for advertising purposes? Google desktop could easily have small text-bases ads relevant to data in my MyDocuments folder.
...you can count on Slashdot to re-post it every few days, so don't worry about the 30-day expiration.
Sheesh, evil *and* a jerk. -- Jade
could you give this out and let people download your drive for up to 30 days?
I suspect that this is just due to their data model of redundant machines. As with GMail, they can't guarentee deletion of the material in a time period less than thirty days, although it may actually be retained for much less.
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
From TFA: Why exactly do any of Google's employees need access to this information? Why can't the content be encrypted by the user via an asymmetric key scheme (like PGP) and decrypted again once it's reached the target system?
I'm really not seeing the necessity for Google to have any access at all to users' information...am I missing something?
____
~ |rip/\/\aster /\/\onkey
If you have privacy concerns, don't use the service. If you are stupid enough to transfer private or sensitive information over someone elses network, let alone store it on their drives, you deserve what you get. I use some online storage for information that I would not want to lose in the event of a catastrophe at my home, but it is nothing I consider sensitive. If it was, I would either store it elsewhere or use some kind of encryption on the files.
Insert Generic Sig Here:
This has nothing to do with your rights online. It's an opt in service. No one is being forced to do anything. If you don't like the TOS, don't use it.
Don't take life so seriously. No one makes it out alive.
> Next you'll have to share your DNA configuration.
Not so bad, if you get to choose who you share it with!
Sheesh, evil *and* a jerk. -- Jade
I suspect that the 30 day requirement is a matter of technical feasibility rather than "evil intentions." I seem to recall Google announcing that it could not guarantee that email deleted from Gmail would be deleted from Google's data storage system, at least immediately. When you consider how much redundant storage Google holds, and how that storage is distributed around the world, the 30 day provision may be more of a CYA from legal liability.
The policy may very well translate into "We will make a best effort to delete the information when you instruct us to do so, but we will only guarantee that the information will be deleted within 30 days."
I work for a healthcare company, and we have already attempted to block Google Desktop at our proxies. There are HIPAA concerns with allowing users to transfer personal data between their work machines and . But we're not the only ones, banks and other healthcare companies will eventually do the same.
Hopefully this will be sufficient. If not, we will need to block access to all of Google, which would seriously upset many people within the company, and of course this will cascade to other organizations. Will Google be happy it's pissing off a bunch of Fortune 50 companies?
Pretty much half my life is saved in my GMail anyway, so I figure what the hell, why not? Just from reading TFA my concern would be less with the government and more with other security/privacy breaches, though.
> Whit google already indexing the whole web
That should be "whit teh google", sillyhead.
Sheesh, evil *and* a jerk. -- Jade
Please elaborate. I can't think of a good reason for wanting to share DNA configs with anyone. :)
Now, I'm a big fan of privacy and having my data securely and tightly to my chest.
But, to show off some more latin, cui bono? What's google's gain in the game? What could they possbily gain from having access to my data? My highly sensitive christmas pics?
Hardly.
What they do get in that way is an idea where people and data travels. Information about their users. That's it. And that's by far more valuable than your grocery list or granny's phone number. IMO they don't care about your data. What they want is the information where data comes from and where it goes to. And that can be simply achived by tracking where you are when you dump the files on them, how long they stay there and where you are when you pick them up again (or, what's also possible, where the person is that picks them up).
That's the info they're after. Not your files themselves.
So why the 30 days? Well, this could be connected with their update and deletion cycles. As someone already pointed out, their servers are most likely redundant. It's not like at home, where you simply hit "del" to get rid of a file. Their array of servers first of all has to realize that the file is actually supposed to be deleted. Or it could be that they are using some nightly job to clean up and purge all the "waste" data, and that this can't be done during normal operation, not even more than once a month, simply because the servers got better things to do.
So, in a nutshell, I don't suspect "evil" in that 30 days cycle. More likely, it's simply a technical necessity, and a legal one too. So people don't start suing them 'cause the files are still on their servers 10 days after they picked them up.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This is basically using Google's storage as a BigAssDisk(tm) for you to move/wipe your machine. Think about what would happen if they didn't do this:
1) User "saves" his data to google.
2) User wipes and rebuilds his PC.
3) User loads his data from google, after which google immediately forgets it.
4) User realizes that his drive was set up incorrectly and repeats step 2.
5) User says, "Fuck. I thought I'd saved that!"
They're emulating a temporary backup tape in this case, so they're acting more like one. Destructing 30 days after last use is reasonable (it is a temporary tape) and indeed useful. Destructing 30 seconds after first use is potentially catestrophic.
You're special forces then? That's great! I just love your olympics!
> Please elaborate. I can't think of a good reason for wanting to share DNA configs with anyone. :)
That should be in the Slashdot FAQ by now.
Sheesh, evil *and* a jerk. -- Jade
What's the likely impact on Verizon's data network if you have millions of users all over the world sending data constantly to Google's server farm for this new service in addition to the already high amount of web traffic? Verizon is going to be pissed.
ConsultingFair.com
If you read the white paper on how the google file system platform works, this makes perfect sense. The provision is a CYA to make sure that the customer knows that while google makes every attempt to remove the data quickly, the system only marks files for deletion. Files are later ACTUALLY deleted by an automated sweep.
http://labs.google.com/papers/gfs-sosp2003.pdf
With pressure on Google after the request by the Bush administration for personal information, privacy concerns may be hard hitting.
Me: okay, delete data
Google: I'm sorry, Dave. I'm afraid I can't do that....
So it's based on the presumption that it's easier to transfer your whole hard drive than sort through the data and burn only what you need. Even with broadband and a reasonably small (5gb) hard drive, you're talking a good day or two at constant top speed (40kbps for me). I think just a small amount of effort in cherry-picking what you really need on the other computer could easily fit on a burned cd or dvd, and take up infinitely less time.
Besides, won't Microsoft throw a hissyfit about this? Technically, if I upload my entire c:\, google now has a copy of windows it didn't pay for. Along with every other registered program in my program files directory. I can't imagine Sony would be too pleased either when they find out I rip my DVDs to hard disk and pass 'em along to google.
(First, this is not an Anti-France post.)
Google is starting to creep me out. I've been in love with them and their "Don't be evil" thing, and have adopted many of their tools, including GMail. But, they are starting to do things that make me wonder if we are the frog that is destined to be boiled.
You know:
I'm thinking we are going to turn around one day and wonder how Google got all our data. It will follow the revelation that all the data Google had was exposed to a hacker, or sold by a disgruntled employee, or accessed by Chinese Military Intel.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
No matter what Google says their current retention policy is, I expect that the U.S. government will eventually require sites like Google to maintain all data on their users for a specified period, probably years. The government wants to know all about you, and under the guise of 'hunting terrorists', they'll get it.
Serving your airship needs since 1995.
Google is allowing people to use their servers as a temporary holding pen for information so that you can transfer it from one machine to another. People are complaining about privacy because, um, why? Because the data isn't just on their computer any more? How does this differ from an FTP server or services like Dropload? I'm betting that Google's 30 day policy is a nuisance number designed to protect them from litigation in case the auto-wiping fails. This way they can re-image their hard drives every 30 days to protect themselves.
To be honest, I think that they should be commended for making the full disclosure. If privacy advocates are concerned, then privacy advocates should avoid using the service.
Wake up - the future is arriving faster than you think.
Why can't the content be encrypted by the user via an asymmetric key scheme (like PGP) and decrypted again once it's reached the target system?
I imagine they want to index the information, which they wouldn't be able to do if it was encrypted.
Yeah, I know. It's so horrible how we're all forced to used this free service.
But - you have been warned !
Ever had a really good friend, who you haven't seen for a while, so you go out for a beer, and halfway through a conversation, you discover he is trying to sell you life insurance/water filters/mortgage services/etc/etc ? Not fatal, but uncomfortable and disingenuous.
Well that's google for ya. I can handle advertising on their search pages, as the price of using their service, but I'm damned if I'll help them index me !