Google to Continue Storing Search Requests

isabotage3 writes "Although he was alarmed by AOL's haphazard release of its subscribers' online search requests, Google Inc. CEO Eric Schmidt said Wednesday the privacy concerns raised by that breach won't change his company's practice of storing the inquiries made by its users."

not news

[Lehk228]

what does google have to do with any of this? it's somehow news that google somehow is confident that they aren't a bunch of total fuckups like AOL?

my girlfriend's cat could run an ISP better than AOL

Re:not news

[Henry+V+.009]

Hello, I represent Time Warner, and we'd like to buy your girlfriend's cat for $350 billion.

Re:not news

[plastic.person]

my girlfriend's cat could run an ISP better than AOL

That's such an obvious, exaggerated lie. People that post on slashdot don't have girlfriends!

Re:not news

[iced_773]

Not to mention the fact that his .sig implies he's single!

Re:not news

if he had said ,"My mother's pussy..." it wouln't be an exageration?

Re:not news

[kfg]

. . .we'd like to buy your girlfriend's cat for $350 billion.

Save yourself some money, you can rent it for only twenty bucks, same as in town.

KFG

Re:not news

[DJ+Rubbie]

Sure they do, in fact, they have so many with names that end with .jpg.

Re:not news

[IHC+Navistar]

Ooooohhhhh.....BURNED!

-----

Sig Sauer

Re:not news

[Lord+Kano]

That's such an obvious, exaggerated lie. People that post on slashdot don't have girlfriends!

Especially this guy.

I realize that it's kind of childish, but it still makes me laugh when I think about busting him.

LK

Re:not news

[Teddy+Beartuzzi]

Busting him? Remind me not to hire you when I need a private investigator.

"Aha! This guy says he has a girlfriend in April *2006*. But a year earlier in April *2005* he admitted not having a girlfriend! Busted!"

See the problem in your reasoning yet?

Re:not news

[Lord+Kano]

See the problem in your reasoning yet?

It's about credibility. He has none.

Re:not news

[nihaopaul]

its the dogs bollocks!

Re:not news

[aichpvee]

I bet his imaginary girlfriend's cat can still run a better ISP than AOL. So his point is valid, just misleading and incomplete.

Re:not news

[coolcold]

but can they run lin^H^H^H an ISP?

Re:not news

[emptycorp]

AOL != ISP

Do your homework and get it right next time.

Re:not news

[NetHead026]

Hmm, let's see...

"Nah, screw JPGs. Noisy, chunky women aren't for me. Uncompressed all the way, for things that go BMP in the night."

or "Mine end with .GIF. The more I overclock the faster she moves!"

Re:not news

[Random_Goblin]

I bet his imaginary girlfriend's cat can still run a better ISP than AOL.

wait i'm confused...
is the imaginary girlfriend's cat alive or dead at this point, and why is it in a box?

Re:not news

[neonprimetime]

Save yourself some money, you can rent it for only twenty bucks, same as in town.

It gets even cheaper than that. Stop by the bar on main street saturday nights and you need only buy her 2 drinks.

Re:not news

[natedubbya]

Maybe because Google owns 5% of AOL and all Google does is run search requests. Do you really not see the connection, or are you just defending Google?

Re:not news

So..he has no credibility because he had no girlfriend in April 2005 but claims he has one in April 2006..Dude get a fucking life. Maybe you should in fact find a girlfriend yourself...Asswipe.

Re:not news

[Schraegstrichpunkt]

wait i'm confused...
is the imaginary girlfriend's cat alive or dead at this point, and why is it in a box?

... with a tube of confiscated toothpaste?

Re:not news

[iced_773]

why is it in a box?

Let's open the lid and find out...

Re:not news

[Lord+Kano]

He has no credibility for lying about having a girlfriend in 2005.

You seem to be quite hostile, is that you Dante?

LK

Re:not news

[Jarn_Firebrand]

Uhhh... that post of his was on April Fools. So as an April Fools joke he tricked someone into thinking he had a girlfriend, a whole year ago, and so now he has no credibility? Have April Fools jokes always been considered enough of a lie to make a person lose credibility? And here I thought they were lies meant to be funny...

Google == NSA == Data Mining

Everyone knows that Google is really a front for the NSA. Think about it, massive quantities of data, searches
that can be corealated and traced back to individual users, gmail storing and 'indexing' all your mail, it's
the governments wet dream.

Just wait until Windows-Live services take off , and G-Drive as well. Why not have all your data ready for inspection
by the nice people at the NSA.

'scuse me, there's a knock on the door, the folks from the black pizza van prolly wanna ask for directions.

Re:Google == NSA == Data Mining

Yes. And...NSA seems to have power problems - so, they need the fully distributed google hardware model.

NSA/CIA just needs to be another franchise. If they were thier own 'Boss' and I could GooNSAgle King George or any congresss critters mail too, well then, I would give up on my privacy dreams. So, lets separate anti-privacy from the people with guns and the 'right' to use them and it will all be OK.

Re:Google == NSA == Data Mining

[Random_Goblin]

the links to the CIA are there for all to see

Google was created by Hoover back when the interent was just a couple of tubes. Intelligence gathering by vacuum suction.
The cleaner was just a comercial spin off
Gmail ... G Male... G Men.

how much more obvious can they be people?

Re:Google == NSA == Data Mining

Use the Google scraper at http://www.scroogle.org/

Re:Google == NSA == Data Mining

[Schraegstrichpunkt]

Google was created by Hoover back when the interent was just a couple of tubes.

Did you even bother to listen to what Ted Stevens had to say before you started repeating that meme?

His analogy is more-or-less correct. Internet connections have finite capacity, and once they're saturated, you more-or-less have to wait in line to use them (at least when everybody is using TCP).

There are much more deserving points of criticism, namely:

• He completely misunderstands how email works, and why email might be delayed ("I just the other day got, an internet was sent by my staff at 10 o'clock in the morning on Friday and I just got it yesterday. Why?")
• He completely fails to mention that the people on both sides of the "tubes" that are causing the "ten movies [to be] streaming across" the tubes are paying for their use of the tubes. If the backbone providers can't afford to make the tubes big enough, then they should simply be charging more to use the tubes, not messing with Internet architecture.

Making fun of Ted Stevens for the "tubes" analogy just makes you look like a jackass whose understanding of how the Internet works is no better than that of the man you're making fun of.

Re:Google == NSA == Data Mining

[Random_Goblin]

er kid before you give me a lecture on the best way to suck eggs you might want to go back to school for a few years and see if you can brush up your understanding of how the internet works, and then maybe try and brush up some of your social skills.

the tubes meme is a meme because it is a convenient shorthand for getting across the instance of a manbadly explaining something he clearly doesn't understand, to a bunch of people who's job it is to make informed decisions about that subjects future.

his whole performance is so critically flawed that it is pointless to address your "deserving points of criticism", because the whole thing is a joke.

the internet in fact is just as much like a dump truck as it is a series of tubes because both are rubbish analogies that don't give the listener any greater sense of what the internet is or how it works than they started with.

the reason i would make fun of the senator for alaska is not for the tubes analogy, but for the whole bloody speech.

to quote Wittgenstein "Of that which we cannot speak thereof we must remain silent"
or as Mark Twain put it "Tis better keep your mouth shut and be thought of as an idiot than to open your mouth and remove all doubt".

Re:Google == NSA == Data Mining

[jZnat]

The "tubes" comment was only the tip of the iceburg when it came to the ignorance of his longwinded speech before the Senate.

Also, since the "tubes" are technically optical fibre lines, you can't fill them up with light until you've used every possible wavelength of light that can safely stay in the fibre without radiating through (e.g. gamma radiation).

Re:Google == NSA == Data Mining

[pipingguy]

Next you'll be telling me that known knowns, unknown knowns and known unknowns actually makes sense. I'd write more but I've run out of k's on my eyboard.

Re:Google == NSA == Data Mining

[i_ate_god]

The internet is a combination of wires and radiation that connects machines together.

The fundamental wires are optical, and thus are infact LONG HOLLOW TUBES.

Granted, i don't know the context of the speech, but describing the internet as a series of tubes seems pretty accurate from a hardware standpoint.

Of course, over all, the internet is much greater than the sum of its parts, but the parts themselves are mostly just tubes.

The differance

[gomaze]

The biggest difference is that the majority of the AOL searches were done well users were logged into AOL. Thus it will be a bit harder to trace what people search for back to themselves if they are not logged in but not impossible. Here is to hoping Google has a better lockdown policy compaired to AOL.

Re:The differance

[CheeseTroll]

Unless you have a gmail account, and don't remember to log out and delete your Google cookies.

Re:The differance

[AchiIIe]

Do not forget that
a) Google keeps a permanent cookie
b) If you ever used gmail, that same cookie has been linked to your permanent cookie

We need something that will keep those results private, something such as:
a) Greasmonkey/adblock setup to disallow google searches access to the cookie
b) Automated searching tools that will pollute ones searches with fakes,
c) Deeper leveled (ie Proxomitron / privoxy ) scripts that clear this out

and while here, I would like to talk about clusty.com, they have a fantastic privacy policy, I encourage you to read it: http://clusty.com/privacy

Re:The differance

Or use something like Tor which is free/open for all and can proxy most anything (socks). Too bad Slashdot blocks Tor proxies (please complain, everyone).

The real privacy killer is not the cookie or even your gmail account, it's your IP address. That is what ties everything you do back to the physical you. Dynamic IP adresses are no safegaurd as your provider knows who has which IP address. Anonymizing proxies are the only way to go. The more people that use things like Tor, the faster they will run.

Re:The differance

[nolife]

Permanent cookie?
I set cookies to delete automatically when closing FF and have used some combination of tools or manually doing it at least weekly for years. I doubt mine is anything close to permanent.

Re:The differance

[tomstdenis]

Tor is stupid because the author [who was at defcon] misleads people into thinking it's required and provides security. http over Tor != secure ... Stupid over Tor != secure If you really are worried about privacy stop doing things in PLAIN F!@#ING TEXT!!!

Use a mail account that uses TLS, GnuPG encrypt/sign your emails, etc...

Think about it. I log into my bank via TLS [or SSLv3, I disable SSLv2]. What do you learn?

a) someone on Rogers has a Scotiabank account
b) ???
c) Profit!

Big fucking deal. You could also learn that by WATCHING ME WALK INTO THE BANK.

Tor is only for 13 yr old 3l33t hax0rz who think that the newfangled technology is the solution to all problems and that nothing from the past could possibly solve a privacy problem.

Also, Jon Callas sucks ass.

Tom

Re:The differance

[DJCacophony]

all data between you and the first tor node is encrypted, and all data between that tor node and the next one in the chain is encrypted under a different key, and all data between that one and the next one under yet another key, etc.

Re:The differance

[tomstdenis]

And then it goes out as plaintext to the server. Joy.

Tom

Re:The differance

[nmb3000]

I set cookies to delete automatically when closing FF and have used some combination of tools or manually doing it at least weekly for years.

I think this is kinda funny.

The whole original point of cookies was to make a user's life easier. You don't need to log into Slashdot every time you visit the page. You only need to authenticate with GMail or Yahoo once a day to read email. Your shopping cart is remembered. Etc, etc, and yet people are so paranoid that they still clear them out on a regular basis.

It's true that there's some data mining involved, but I think it's trivial enough that it's not worth the extra effort (IMO anyway). So what if Doubleclick (may they burn in Hell forever) knows that some guy visits Slashdot, ThinkGeek, and PennyArcade? I figure my privacy is fine as long as they cannot link the activity back to me personally. If that bothers you, whitelisting sites makes it pretty easy to weed out data miners, though it can become a pain when sites use cookies for navigation, shopping, etc.

One tip I do have for IE users, is to try out the Restricted Sites zone. I've added a few sites to it and it drastically speeds up page loads. For example, Dilbert.com used to be slow and ad-ridden with popups, but after adding it to Restricted Sites, it has no cookies and no JavaScript which means no ads, no popups, no nothing. Page loads are 500% faster.

I use my Windows credentials to secure my computer and enjoy the typing saved by not clearing my cookies every ten minutes.

Re:The differance

On the Mac side of life, OmniWeb gives very fine-grained control down to site-by-site settings. The paranoid can set up a restrictive set of defaults, then add features like cookie storage or JavaScript to trusted sites, ad-blocking overrides, etc.

Veering even further off-topic (go ahead, mod it!), I wonder how things will shape up if ad-blocking as effective as OmniWeb's becomes more mainstream. My guess is that ad-blocking will be outlawed, by the same dim bulbs who brought us the DMCA...

Re:The differance

[hpavc]

and dont forget google adwords to boot

Re:The differance

[Jah-Wren+Ryel]

So what if Doubleclick (may they burn in Hell forever) knows that some guy visits Slashdot, ThinkGeek, and PennyArcade? I figure my privacy is fine as long as they cannot link the activity back to me personally.

The ignorance in this statement is so staggering that I had to respond and lose the moderations I've made on other posts to this story.

If you have any account online for which you have ever disclosed your true identity (like in order to make a purchase) then that account information can and will be cross-referenced with all of the tracking data that the tracking companies have been able to put together on you. They are expectionally good at finding those information leaks and putting 1 and 1 and 1 and 1 together to make 4.

Don't be lulled into a false sense of security even if you are the type to disable cookies. Cookies are not the only way Doubleclick and the like track people. Embedded images, tags, 3rd party style sheets with god knows what javascript, ip address correlation, etc. The bag of tricks is practically bottomless.

I religiously use the following extensions to Firefox, with almost every site fully locked out, and even then I still leak personal information like a seive:

NoScript
CookieSafe
AdBlock Plus

Re:The differance

[StarfishOne]

and run all your queries through Tor.

Re:The differance

[rkd2110]

If you have any account online for which you have ever disclosed your true identity (like in order to make a purchase) then that account information can and will be cross-referenced with all of the tracking data that the tracking companies have been able to put together on you.

Ok. There's a fare chance this will shock you but I'm going to say it anyway - so what?

So some datamining, marketing, evil corporation will know that I frequent Slashdot, PennyArcade and a donkey-sex porn site. And they can link all to my name, address and phone number. So what? Don't get me wrong, this is not a "If you done nothing wrong wht do you have to hide" approach. This is a "I don't give a fuck what they know about me approach". What will a marketing company do with this data? Does it really worth all the time I'll spend trying to protect it?

Seriously. This is getting out of proportion.

Re:The differance

[lowrydr310]

So are your searches safe if you delete Google's everlasting cookie?

I'm in the habit of deleting Google's cookie after I log out of Gmail, and whenever I close my browser. Is this useful, or does Google log by IP? All of my searches come from a small handful of IP addresses that are shared among many computers.

Re:The differance

[NightWhistler]

Now another thought: what if... (big if), somehow the religious extreme right gets into power and decides that all donkey-sex lovers are perverts and deviants. You might find yourself fired, imprisonned or "re-educated". It's really not so hard to find yourself in a group you'd rather not be associated with.

Re:The differance

[stinkyelf]

Your future employer will be interested to know that you've been searching for this.

Your future girlfriend will be interested to know that you've been searching for this or this.

Your government will be interested to know that you've been searching for this.

Re:The differance

[lowrydr310]

Carlos Mencia (the comedian on Comedy Central in case you don't know) mentioned something similar last week. He was talking about people who complain that their grocery store discount card allows the store to track what they purchased. His response was along the lines of "so what if someone knows that you're buying apples, frozen chicken, TV dinners, and Fruity Pebbles."

He did mention that there were some purchases that you should always make using cash only and no discount card, for example when you are buying cat food and condoms in the same transaction.

Re:The differance

[Random+Destruction]

Yeah it'll help. But you should just get a FF extension like customize google which does it for you every time. Thats assuming you run FF.

As a bonus it also does lots of other neat stuff.

Re:The differance

[doti]

Of course Google logs by IP.
It certaily logs every possible data.

And I think it's their right to do it.
If you don't like, don't use.

We need a p2p search system to be free from it.
Maybe will never be as fast and complete as Google's, but the important thing is to have it working.

Re:The differance

[zip_000]

Every time I leave my gmail, I make sure that I log out before searching...or more usually, search for something random and embarrassing, see my account name in the top right hand corner, and then log out as quickly as possible.

Personally, I find AOL's release of the info to be deplorable, amd I seriously hope (not just for my own sake) that Google is more responsible

Re:The differance

[SatanicPuppy]

See, I don't do that, because it'll flag me as interesting. I mean, I'm still coming from the same IP; if they wanted to run a correlation, they could.

If I have need to do sneakyness, I go somewhere else and use a secure setup, but otherwise I pretend to be clueless and make sure not to search for anything I don't want found.

Re:The differance

[TheSpoom]

Hmmm... I wonder if I should click through those?

Re:The differance

[Blue+Stone]

> what if... (big if), somehow the religious extreme right gets into power and decides that all donkey-sex lovers are perverts and deviants.

Donkey-sex lovers aren't perverts and deviants???

Re:The differance

[sdo1]

Now another thought: what if... (big if), somehow the religious extreme right gets into power...

What do you mean "if" ?

-S

Re:The differance

[PriceIke]

Then what happens when you do all your surfing (and Google searching) from behind an IP anonymizer?

And what I really want to know is, for how long does Google keep search engine queries? A few years? Forever? Why the hell isn't that info given in the original story, or was the question even asked? Another triumph of modern journalism ..

Re:The differance

[yuna49]

I just deleted all my google cookies (in FF), blocked all the sites they came from (google.com, groups.google.com, etc.), and ran a search. I get my search results without complaint, and I have no google cookies in my browser.

I dont' use gmail or any other google service, just searching, so YMMV.

Re:The differance

[Jah-Wren+Ryel]

This is a "I don't give a fuck what they know about me approach".

Privacy is like Pandora's box. Once you let your privacy out, you will never, ever be able to put it back in, all that will be left is hope.

Look at how many things have happened in recent years that no "reasonable" person would have predicted, like the government outsourcing survellience to private companies in order to get around constitutional protections of civil liberties, or the hundreds of thousands of identity thefts straight out of the databases of credit reporting bureaus just as starting points. I don't think it is cynical to assume that things will only get worse as society becomes ever more dependent on databases to function.

Are you so confident in the future that you will never regret giving away your privacy?

Re:The differance

[pipingguy]

What exactly is contained in index.dat?

Re:The differance

Most of that stuff is ineffective if you browse with lynx. And it keeps the popups and banner ads noise down too...

Re:The differance

[Mr.+Jaggers]

Well, that depends on the breed. See, donkeys lack fertility, hence they cannot reproduce. However, there is no reason that this should dampen their desire to enact the motions. Now, if the donkeys in question are not attempting to breed with the other farm animals (say, the hogs, or possibly the sheep) then their love of sex would not be deviant.

Wasn't it obvious?

Re:The differance

[DJCacophony]

And nobody knows who sent that data, and the furthest back they can trace it is the last tor node. Joy.

False Positives

[BrianMarshall]

I don't like it.

If the government ever does hunt for people guilty of something by searching people's searches, they are going to get a lot of false positives. There is always more people interested in, for example, bombs, than there are bombers.

Re:False Positives

There is always more people interested in, for example, bombs, than there are bombers.

True, which is why the first thing that leapt to mind when all those bomb-making searches came to light was the fact that Tom Clancy has been known to use an AOL account (tomclancy (at) aol.com) to post on Usenet...

Re:False Positives

[kfg]

If the government ever does hunt for people guilty of something . . .

Who said they're hunting for guilty people?

KFG

Re:False Positives

Just like there are a lot more Arabs wanting to be airline pilots then there are terrorists, but it didn't stop the government from shutting anyone with a suspicious name out.

True story, happened to my friend named Ramses.

Re:False Positives

[Zapd]

There is always more people interested in, for example, bombs, than there are bombers.


And then there are the clever bombers. The dangerous ones, that don't use Google or Ebay.

Re:False Positives

[nametaken]

That's true, but I'm not worried about them finding out that I once read up on explosives. In fact, I'd be just fine if I trusted that they were only finding bombers with that stuff.

I'm more worried that some day I'll be a reasonably successful businessman (however unlikely), with a big mouth. Then they'll go find all the most vulgar shit my friends and I have swapped via email and use it as a, "look what a f'ing weirdo this guy is... lets have DCFS take his kids because he replied 'ha ha' to that awful video way back in 2002."

Re:False Positives

And then there are the people calling everything "da bomb".

Re:False Positives

[digitalsushi]

Well, we could just arrest all the people that were looking, too. Actually, I was going to make one of those cliched "guilty nothing to hide" references, but then it dawned on me -- if we arrested enough of America, won't it eventually get to a halfway point where we just all switch? We get inherent access to prisons for safety, and criminals get kicked out into the real world? I'd live in a cell block if it had free HBO and muffins.

Re:False Positives

[Pharmboy]

And then there are the clever bombers. The dangerous ones, that don't use Google or Ebay.

What, AOL users? We already HAVE their search logs.... ;)

TIME TO DUMP GOOGLE

I don't know about the rest of you, but I'm stopping using google or any other search engines that tracks my IP and connections via cookie, and compiles lists of search terms done from my home. Forget that.

Google is less useful for information anymore anyway, unless you need a device driver or a game demo download. Otherwise I check Wikipedia first. I wonder what Wikipedia's policy is. If its just as bad, I'm goign to download the WIkipedia entire database and do searches in the privacy of my own home direct from the database...

Re:TIME TO DUMP GOOGLE

Have your browser reject cookies from Google. You won't be able to use Gmail or orkut or some other services, but Web search, video search, etc. will work. Unless they drill into your connection to find your MAC address, or always search from the same IP, you're reasonably okay.

Re:TIME TO DUMP GOOGLE

[PenguSven]

Anyone have any actual suggestions for what to use instead of google though? What about a server to interrogate google for results, without disclosing ur IP. (ie, it's IP will be logged, not urs - simmilar to a proxy, but more active.)?

Re:TIME TO DUMP GOOGLE

Try http://ixquick.com/

Re:TIME TO DUMP GOOGLE

[tomstdenis]

Yes, how dare they learn your IP!!! I mean it's only the single most important thing you need to function HTTP...Well that and a TCP stack...

Tip: If you don't want to get in trouble for googling for bomb making kits, kiddie porn or whatever else you depraved fucks look for.... don't use google.

For the rest of us looking for legal shit, I don't care. It's google server. If they want to log all my searches that's THEIR RIGHT.

Tom

Re:TIME TO DUMP GOOGLE

[legallyillegal]

Dear Google, Let's set so double the cookie delete select all

Re:TIME TO DUMP GOOGLE

[postmodern+modulus+I]

I personally don't use GMail so I may be wrong here, but why not use GMail via POP? How can Google enforce the cookies via POP/SMTP? http://mail.google.com/support/bin/topic.py?topic= 1555

Re:TIME TO DUMP GOOGLE

[postmodern+modulus+I]

We're not talking just about an IP, we're talking about a permanent cookie that correlates all your searches to your web browser on your computer (and will stay there until you reformat or choose to delete/block said cookie). Far more information than the source/destination fields of an IPv(4|6) packet.

Also would you be OK with people watching you goto the bathroom? You wouldn't be doing anything illegal per say, but it probably would be very uncomfortable to have the whole neighbor and possibly a couple DOJ investigators watching you. The type of stance that 'it's legal, i have nothing to hide, who cares' lowers the expectation for privacy among us and signals that the erosion of our collective privacy is A-O.K.

Re:TIME TO DUMP GOOGLE

Another approach, if you are using Firefox, is to set cookies to be cleared at the end of your browser session. Then use the Permit Cookies extension (https://addons.mozilla.org/firefox/44/) to whitelist sites you trust, like Slashdot. That way, Gmail will work, but your cookie will not persist across browsing sessions.

Be warned though, Google will still be aware of your "trail" through Adsense sites during your browser session. As soon as you log in to Gmail, your Adsense trail will be linked to an actual email account. It's annoying, but with a little practice, I've learned to visit Gmail only during a fresh browsing session.

While I don't like the ubiquity of Google advertising, my real concern is something like AOL or the DOJ. I trust Google not to be evil, but accidents happen and evil sometimes triumphs over the will of good people. It sucks that this is the world we live in, but what can ya do?

Re:TIME TO DUMP GOOGLE

try metacrawler: http://www.metacrawler.com/

Re:TIME TO DUMP GOOGLE

[tomstdenis]

Who owns the google servers?

Tom

Re:TIME TO DUMP GOOGLE

[DarkDragonVKQ]

Wasn't there also a method that involved forcing the Google tracking cookie (or whatever it was) to be set to 0 (which is shared among other people not wanting to be tracked by Google) making the tracks useless?

Re:TIME TO DUMP GOOGLE

[slack-fu]

i use scroogle.org, its google results but without the tracking of ips and cookies. they even give you a bit of html to stick on your personal website so you can search from your home page.

1st post

Not surprised to see the first post being a Google fan defending Google's shady business practises.

new retention policy: holding queries hostage!

[artifex2004]

"I know this one guy who asked me to cancel his account last week, and a couple days later his mom found out about his lesbian penguin grits fetish. Now, I'm not threatening you, or anything. I'm a reasonable guy. I'm just sayin', you might want to give that some more thought, Mr. cheating-on-wife-on-the-down-low..."

Re:new retention policy: holding queries hostage!

[glowworm]

Hmm I see you've dealt with AOL cancellations before. They are almost as bad as Real cancellations.

There is a difference

[AtomicJoshua]

AOL not only stores your search results, but they also know exactly who you are. Also, I have it on good authority that AOL saves not only your searches, but every single thing you do. Every site you visit, every click, every email you send, everything.

Re:There is a difference

[hublan]

I have it on good authority that AOL saves not only your searches[...]

You don't need good authority for that. An obviousness helmet is all you need.

The difference here is that Google makes its living on an (ever increasing) income of advertisement money, whereas AOL's business model revolves around steady income from their (albeit dwindling number of) subscribers. Google want their data kept private more than you want that particular data kept private (and this is the crucial point in all privacy discussion on Google) in order to keep their core business model intact. All the while AOL are willing to put the exact same data for sale to the highest bidder, since it isn't strictly relevant to their core business model.

Re:There is a difference

Wait, didn't they get sued for spying on their users' browsing a long, long time ago? And they agreed to stop? Am I remembering that wrong?

Re:There is a difference

[fireboy1919]

but every single thing you do. Every site you visit, every click, every email you send, everything. ...which is almost certainly true of google as well for any of google's vast array of services. Probably as many as AOL (search, email, shopping, news, maps, etc). If you use them for search and click on links there, then they know about what sites you visit about as well as AOL does.

So we're down to the fundamental difference again: google hasn't ever given personal data to the public. They've kept it confidential except at the demographic level averaged with all the other Americans who are in my demographic.

Re:There is a difference

[slippyblade]

Not quite.

A huge chunk of AOL's revenue stream is coming from their "partner" advertisement deals. This is why they are going to a free model for broadband subscribers. They no longer need the monthly fees, they make a decent chunk on ads.

Re:There is a difference

[nametaken]

"Google want their data kept private more than you want that particular data kept private (and this is the crucial point in all privacy discussion on Google) in order to keep their core business model intact."

But what happens when Google isn't at $370+ / share anymore, and they're not the internet hotness they are now? I wonder what happens when companies like that begin to fade away. Will they leverage their only remaining asset to float a sinking boat? If so... -poof- trillions of search and email records end up in shadier hands. Scary thought.

Re:There is a difference

I'm not sure I understand the mindset that would so casually throw your *life* away. I mean, even if Google were a person, a friend, a best friend, a spouse - conjoined twin - why would you allow them to kill you like that? But in this case, Google is a corporation - an amoral corporation. Isn't trusting your life to a corporation a bit, I dunno, fucking stupid? If you don't value your life at all, maybe it's not such a bad idea, but otherwise? If you never search for anything other than 'how to help your government do whatever it wants', then you might not have *too* much to worry about, but still. I'm guessing the Laissez-faire policy of some folks is just because you've never actually done anything against anyone, never disgreed with the government, never been arrested, don't ever plan to be arrested, etc. As long as I continue to obey... The naivete is scary.

Re:There is a difference

[finkployd]

By law, if google were to ever face bankruptcy, they would be forced to sell off all assets. This holds true for every company, so privacy policies effectively mean nothing. No matter what any company says about keeping your personal data secret, that data is considered intellectual property of the company and WILL be sold to the highest bidder come chapter 11. They legally have no choice in the matter.

Finkployd

Not really bothered, personally...

[FunWithKnives]

I, for one, don't mind all that much if Google saves my search inquiries, just so long as they keep the information private and (hopefully) anonymous. Google has also had a pretty damn good track record at doing just that.. Comparing them to AOL isn't even apples and oranges.. More like apples and live grenades...

Re:Not really bothered, personally...

[contrapunctus]

so long as they keep the information private and (hopefully) anonymous. Google has also had a pretty damn good track record at doing just that..

Unless you're in China

Re:Not really bothered, personally...

[rolfwind]

The fear here is whether a government ever forces them to open up. Yes, I mean A government, not just the government.

http://yro.slashdot.org/article.pl?sid=06/08/04/22 43249

Re:Not really bothered, personally...

I'm just worried that one of these days, some country or another will get the bright idea to force them to turn over that data and also NOT to tell anyone that they're doing so, a la the PATRIOT Act provisions.

It's not just Google we have to worry about... Honestly, I trust them more than the rest, but still...

Re:Not really bothered, personally...

[trawg]

Time to stop voting in governments that are prepared to trample your privacy!

Re:Not really bothered, personally...

[Kasar]

That's a good point since the Senate ratified the Cybercrimes treaty http://yro.slashdot.org/article.pl?sid=06/08/04/22 43249

Doesn't matter if what you're doing's legal in the country you're in or not, if it violates any country's laws that are party to the treaty, they could be required to gather information.

Re:Not really bothered, personally...

[Kasar]

Hmm.. completely missed the link on the parent. Guess I'm redundant.

Re:Not really bothered, personally...

[Threni]

> The fear here is whether a government ever forces them to open up. Yes, I mean A government, not
> just the government.

If a government wants a company to do that, it will. Sure, it won't have the head start of being able to use Google's existing data, but from that point in time it will. Having the government be able to look at all my searches for the next, say, 50 years, against having them be able to look at 48 years worth starting in 2 years time...I don't understand the difference.

Re:Not really bothered, personally...

[edumacator]

I haven't heard of a time when Google released personal information to the Chinese government. You can argue successfully a case against their censoring of information, but they actually withheld services that might force them to release personal information to the Chinese government, like GMail and Blogger.

If I'm wrong, I'd love to see a link to something that shows they've released information. But if I'm not wrong, I'd suggest we be not let ourselves confuse these two very different issues.

Re:Not really bothered, personally...

[4of12]

...just so long as they keep the information private and (hopefully) anonymous.

1. As more and more pieces of information become correlated, the inherent anonymity decreases.
2. The "just so long" part is subject to catasphrophic failure, whether by hack or by government fiat, whether announced or or not.

They have to delete your history if you ask them

If I use gmail, then logout, the search, my cookies still identify me (although I've logged out of gmail).

Since I logged out, I didn't want google to associate me with the query. Therefore they would have to delete search history associated with me (my gmail account) if I asked them.

right ?

Never?

[SandmanWAIX]

"We are reasonably satisfied ... that this sort of thing would not happen at Google, although you can never say never," Schmidt said during an appearance at a major search engine conference in San Jose.

Well .. you could if you didnt store them.

Re:Never?

[growse]

And banks would never have employee fraud if they had no employees. What's your point?

Re:Never?

by growse (928427) on Wednesday August 09, @10:41PM (#15878177)
(http://www.growse.com/)
And banks would never have employee fraud if they had no employees. What's your point?
------------------

What you said doesn't even make sense.

Google doesn't HAVE to save everyone's search and IP in order to provide their service and stay in business. A Bank DOES have to have employees to stay in business. If Google really wanted to make sure that it's customers don't get screwed like AOL's did, and if they really do want to "Do No Evil", then all they need to do is stop recording our activities. And they'd also save a LOT of money on all that back-up storage, unless the NSA is subsidizing those costs for them..

And BTW: Bringing Google up does make sense. Any Google searches done while a person is logged into Gmail, or still has the same IP address as the last time they were logged in, will have their name connected to the permanent record of searches, just like AOL.

Re:Never?

[bdwebb]

"Google doesn't HAVE to save everyone's search and IP in order to provide their service and stay in business."

First, Google doesn't 'search' IPs...beside the point, though.

It makes perfect sense for Google to store searches because I'm sure their targeted advertising system (read: the way they make $$$$$$$) depends largely on some sort of advanced analysis of "your search history + what you are currently searching for = what you're most interested in buying". Even if I'm completely wrong about the previous statement, stored results also allow them to analyze popular subjects to evaluate new or strong markets/technologies that they should be involved in developing or maintaining. All large businesses love using data analysis to find trends and they literally have the largest data set in the world which is equivalent to having the largest balls...ever.

Keep in mind that attempting to single out an individual (accurately) or even 'flag' search results is way too ineffective because, as previously stated, too many false positives exist (unless all someone searches, ever, revolves around one specific topic...in which case, that someone sucks at teh internet). However, to analyze a market your only concern is popularity and you filter according to your business' particular goals or direction.

It is all part of the 'Google > all' strategy...they have everything that is most important to the entire world at their fingertips because of it. They can analyze by region and subject and determine when, where, and what they should focus on.

I say it is just absolutely fucking brilliant business.

Re:Never?

"Google doesn't HAVE to save everyone's search and IP in order to provide their service and stay in business."

First, Google doesn't 'search' IPs...beside the point, though.

Apparently they don't teach "reading comprehension" at Google fanboy class.

I say it is just absolutely fucking brilliant business.

And I say it's fucking creepy. There's no reason they need to associate searches with an IP address, cookie, or any other identifying information.

From a purely academic view point

[LiquidCoooled]

Storing every single search performed by every person in the world across a whole epoch could pretty much give you the pulse of the world.
Watching as news spreads and worries and concerns grow or when good news occurs or even just good publicity, there are millions of people all adding entries into the real hitchhikers guide.

Google will be almost certain of knowing the current number one chart hit at any location on Earth at any time simply by the concentration of searches for that artist/song, it could follow gun culture or tv plotlines or anything flowing into its servers.

In the right hands, this could become an amazing asset for the whole world. I believe the current owners of google are primed to achieve such a feat.

I however wonder what will happen when Page and Brin are gone or are sidestepped by the government.

Re:From a purely academic view point

[TheDreadSlashdotterD]

In the right hands,

Ultimately, this will be in the wrong hands. Absolute power corrupts absolutely.

No, if you'll excuse me, I've got a reeducation camp to visit.

Re:From a purely academic view point

[kfg]

I however wonder what will happen when Page and Brin are gone or are sidestepped by the government.

"When we are planning for posterity, we ought to remember that virtue is not hereditary." - Thomas Paine

Especially in a publicly traded company.

KFG

Re:From a purely academic view point

They offer something like this called Google Trends.....

Re:From a purely academic view point

[timeOday]

In the right hands, this could become an amazing asset for the whole world.

I suppose this would be a good time to mention zeitgeist.

Re:From a purely academic view point

[bdwebb]

Actually this is really similar to what I was getting at here...I just approached it from a business-specific standpoint.

Re:From a purely academic view point

[skybrian]

Actually, you already have access to quite a bit of that data. (Aggregated, of course.)

Slashdot vs. Digg
http://www.google.com/trends?q=slashdot%2Cdigg&cta b=0&geo=all&date=all

Britney Spears vs. Dixie Chicks
http://www.google.com/trends?q=britney+spears%2Cdi xie+chicks

Re:From a purely academic view point

[cerberusss]

Storing every single search performed by every person in the world

(Emphasis added) Well, not every person in the world. Let's say, most persons in America and Europe, and a very small percentage of Africa and Asia. See here.

Re:From a purely academic view point

[kin_korn_karn]

Google News - Top Searches in 2005
1. Janet Jackson
2. Hurricane Katrina
3. tsunami
4. xbox 360
5. Brad Pitt
6. Michael Jackson
7. American Idol
8. Britney Spears
9. Angelina Jolie
10. Harry Potter

Yup, a real asset.

Re:From a purely academic view point

[pipingguy]

So what's the long-term solution? Maybe there isn't one and we can't exactly turn back progress, can we.

Re:From a purely academic view point

[pipingguy]

80/20

The unwashed masses are obviously not as smart, tech-savvy or sophisticated as us Slashdot readers [cough-cough].

Eight of the ten listed are highly-ranked due to teen/kid use of the web; I hope your disdain for normal lusers doesn't translate to being a snobbish snot in real life.

ixquick

I switched to http://ixquick.com/ which does not keep records.

Re:ixquick

I switched to http://ixquick.com/ which does not keep records.

No, they don't have to when they redirect through someone who does keep records. I just went there and did a search and when I clicked on a link it redirected me through http://www23.overture.com/d/sr/?xargs= with a bunch of arguments and tried to set a cookie and then transparently redirected me to the original link as if nothing happened. It looks like there is a lot of information passed in the URL to overture.com. Just what is overture.com? Hmmm, take a look:

http://www.overture.com/

I think I'll stick with Google thank you.

Cookies

If I use gmail, then logout, the search, my cookies still identify me (although I've logged out of gmail).

Is it really that hard to turn cookies off for www.google.com in your Firefox installation?

Re:Cookies

[AchiIIe]

>Is it really that hard to turn cookies off for www.google.com in your Firefox installation? Yes, if you use gmail, or if you want to upload movies, or if you want your default location on google maps saved.

Re:Cookies

[LindseyJ]

Is it really that hard to turn cookies off for www.google.com in your Firefox installation?

It is when you aren't really concerned about privacy violations, but would like something to whine about on /. anyway.

Re:Cookies

Is it really that hard to turn cookies off for www.google.com in your Firefox installation?

Yes, if you use gmail, or if you want to upload movies, or if you want your default location on google maps saved.

Ok, how about using another Firefox feature and only allow cookies for each session so it creates a new one each time? That's pretty easy and it would prevent any tracking through cookies. That's one of my favorite features.

Re:Cookies

[glowworm]

Why bother when the FireFox extension CustomiseGoogle contains an anonymise cookie option, this will ensure that google works as you expect, but ensures that the cookie they use to corellate your searches with your gmail with your google maps searches (your house for one) with your price shopping with your groups searches with your images searches is changed every now and again. No loss of functionality, complete maintenance of privacy.

Well..

[darkov]

http://www.google.com/search?q=first%20post

Re:Well..

[bdwebb]

Clever. First-posting Google's stored search terms of 'first post'..someone has to have searched that before though. Kudos anyway hehe.

scerw these guys, use a proxy instead

[talledega500]

A search proxy will prevent establishign ip and user identity with search terms and tracking of results clicked on. Get hip to it. Alot of services exist. This is my fav http://www.blackboxsearch.com/

Re:scerw these guys, use a proxy instead

There is a blackboxsearch.com Firefox search plugin available for download in two files - the plaintext .src file and its accompanying .jpg. Both files need to be copied to your 'searchplugins' directory, and then restart Firefox. Firefox will automagically pick it up.

My Windows 'searchplugins' directory is at:

C:\Documents and Settings\[my windows profile name]\Application Data\Mozilla\Firefox\Profiles\[my profile name.default]\searchplugins

This plugin is not legit yet b/c it hasn't been submitted to mycroft/mozilla folks. I just hacked it up right quick and tested it. I contacted the folks at that SecureISP place to see if they might want to submit it.

Still, think we need a plugin (or better, built into core Firefox) that doesn't send cookies to specific URLs. Right now, we can do it by domain.

THEY AIN'T PRIVATE

[tomstdenis]

You sent it as PLAINTEXT over the INTERNET.

This [or the thing against AOL] is not a story.

I couldn't care less about Google releasing all the odd shit I look for. If I was I would find a private search engine that worked over HTTPS.

Tom

Re:THEY AIN'T PRIVATE

[QCompson]

If I was I would find a private search engine that worked over HTTPS.

Good point. That would be really easy to do, right? There must be tons of them.

Re:THEY AIN'T PRIVATE

[tomstdenis]

There aren't cuz there is no market for it. Nobody but the handful of trolls on slashdot care about search engine privacy.

Tom

Re:THEY AIN'T PRIVATE

[postmodern+modulus+I]

They may not be private, but they are anonymous, at least for me. You can block Google's cookies, thus causing Google to attach a single unique cookie to every search you make.

Re:THEY AIN'T PRIVATE

[eklitzke]

https just encrypts the data on its way between you and the host. The hypothetical https search engine would still have access to all your queries.

Re:THEY AIN'T PRIVATE

[pafrusurewa]

You can block Google's cookies, thus causing Google to attach a single unique cookie to every search you make.

Only if you change your IP address and user agent string for every search.

Re:THEY AIN'T PRIVATE

[dhasenan]

Since when did my user agent string identify me? Mine is:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1

Yep, we know exactly who I am now.

Re:THEY AIN'T PRIVATE

[pafrusurewa]

I wrote "IP address AND user agent string". A couple of related searches from the same IP could be a company doing NAT. If there are a couple of searches in a certain (short) period of time, all coming from the same IP using the exact same version of a certain browser on a, face it, relatively little-used operating system it's much more likely that they're from the same person.

Yay for selective reading.

Who doesn't store requests?

Who doesn't store requests?
  I will change my search engine forever starting tomorrow if you can tell me who DOESN'T store this info. Fuck Google. If they want to store all the search reqests, then I will just go to the next best site which doesn't store them.
  Now, just tell me the name of that site, since I am too lazy to go looking for it. :)

No tracking or logging?

[bensode]

I thought it unusual that the page title of that MySecureISP ad says "No IP tracking, cookies or logging EVER" yet I see this in their FAQ.

Will My Secure ISP slow down my connection?
Probably not.

You should experience the same speed or better as your existing internet provider. You could actually experience a speed increase due to the caching done on our servers

http://www.mysecureisp.com/faq.html#5

Maybe I'm misinterpreting something here ... =)

Re:No tracking or logging?

[bdwebb]

Pretty sure they are caching by most pageviews or popularity...not caching or storing the IP that sends the initial request.

Re:No tracking or logging?

[Achromatic1978]

Maybe - you can after all run Squid quite effectively, sans access logs - no IP tracking, cookies, or logging. But you still get the benefits of a caching proxy.

Logging vs. Abuse

[otisg]

This is to be expected, and Google is right. Of course they won't stop storing all this information about us. Sure, it can be used for all kinds of evil purposes (but they don't do evil, right?), it could be misused, as in the recnt AOL example, or it could be used for all kinds of good things, such as having a search engine that knows what I want before I have time to enter my query.

No Accident

[t-packages]

AOL should know better... was it really an accident?
http://www.scrapbookingdirect.com/

Don't delude yourselves

[treerex]

Every search engine logs your queries. This is the way it is. If they tell you they don't log the queries, they're lying. The difference is that they don't make it available. In a previous life I worked with several search companies you've heard of on various search related technologies, and they *never* released query logs. Even cleansed the data were kept close to the chest. Queries are going to be logged with the IP address of the user. Some engines will track click-throughs on the results as well. That data is invaluable to a search engine.

AOL's faux pas here was attaching personal information to the queries themselves: once that per-user identifier was attached all bets were off.

If you are interested in working with query data, and do not work for a search company, you are shit out of luck, because you can't otherwise get this data. All of the research published on queries was done by Alta Vista, Google, Yahoo, Lycos, MSN... research on spelling correction of search queries is done by the same groups: they're the only ones with access to that data, until this AOL release (or older releases from other companies.)

Having this data is a boon for researchers, but a net loss for people.

Re:Don't delude yourselves

[pb]

AOL's faux pas here was attaching personal information to the queries themselves: once that per-user identifier was attached all bets were off.

Well, that, and not sanitizing the queries themselves--they should have at least tried to scrub any personal information in the queries as well--apparently people will stick all sorts of things into a search box!

Re:Don't delude yourselves

If you don't think Google tracks queries per-user too, you're deluding yourself. Google ties every query you make together with the contents of all your gmail and gtalk conversations.

Re:Don't delude yourselves

[straybullets]

And also this kind of tracking is already happening in other fields, for example the Superstores like walmart et al. I have seen an open space of 20 or more persons, all querying a gigantic database made of each and every sale slip from every shop in the country.

They produce geographical maps of soda consumption, correlate with average temperature, football games, whatever . And if you pay with the shop's buying card then your personnal data is taken into account as well.

I really doubt this is a legitimate use of human intelligence, but that's just my personnal point of view ;)

Re:Don't delude yourselves

[treerex]

They address this a bit in the readme that went out with the data: sanitizing the data corrupts the data, from a research perspective. And it is really difficult to do this adequately. Sure, you can scrub it with a regexp for SSNs or Phone numbers, but names? Using what name list? And what if the names being searched for aren't the name of the searcher, but someone else? That is valuable information. The point is you cannot do this easily, and never adequately.

I suppose they could have released a subset of the data with some scrubbing, but someone would still complain. They could extract the query terms, rank them, and only return those that appear more than some threshold... that is useful information to a degree.

Re:They have to delete your history if you ask the

[click2005]

No, Google said they would keep the mail from deleted accounts.

Tagging System

[LS]

BTW, what happened to Slashdot's tagging system? Most of the stories don't have tags anymore, and the ones that do add no extra information - they are simply repeats of the words in the title, or non-words such as "fud, duh, wow", or worthless words such as "no, yes, maybe". Look at every story today and you'll see.

Re:Tagging System

Worthless information on slashdot? How the fuck did that happen?
 
Slashdot is on par with MySpace at this point as far as factual content.

Google Search History Beta

[JJJJust]

Fact: Google has a Beta Search History feature. It's an opt-in thing, but, it's quite handy. Stores all the searches you make. Really handy if you want to find something you found a year ago. I think Google knows what its doing and how to preserve, protect, and defend its users. Otherwise, I don't think they'd risk offering the service. Now, if only our elected officials could preserve, protect, and defend that little nagging thing called the United States Constitution... and stop nosing in our searches!

Re:Google Search History Beta

[Achromatic1978]

Just don't let your wife/gf "opt you in" without your knowledge...

Cue "But this is Slashot ..." in 5, 4, 3, 2...

Re:Google Search History Beta

it's called 'bookmarks' - check 'em out sometime. I don't want to know that i was into 'naked midget wrestling' last year - i only want the pages i decided were worthy of my attention.

different approach

[snye]

Perhaps the solution to this problem is not to keep the data private, but to create a database that is meaningless. During idle time (nighttime, classtime, etc) a computer could run an automated search routine that would create search queries from perhaps, names from yellowpages.com, or topics from /. This would bury legitimate search data in a mountain of meaningless data, making the database virtually useless. Of course, it would have the same effect if for every legit search one performs via google he/she then performs three or four bogus searches. Wonder what law that would violate.

The Counter-Measure for Cookies

In FireFox 1.5.x

Edit -> Preferences -> Privacy Tab -> Cookies -> Exceptions

Then add the Google domains you wish to block/allow. This will result in many random cookies being generated by Google for each search done (as they will think you are a new comer each time). Personally I white-list all my cookies, only allowing the sites I trust to set cookies, which are then automatically cleared when I close FireFox.

Also do not use GMail via the web interface, it is possible to use GMail via an email client residing on your computer.

http://mail.google.com/support/bin/answer.py?answe r=13273
http://gmail.google.com/support/bin/answer.py?answ er=13285

From there you can use your choice of email Encryption/Steganography as you see fit.

You can only be controlled, if you allow it.
You can only be surveyed, if you are unaware of or ignore it.
It's your choice.

Re:The Counter-Measure for Cookies

[AchiIIe]

Sure, find me a way to block "google.com" cookies but allow "mail.google.com" cookies. It is not as easy as you may think

Re:The Counter-Measure for Cookies

[postmodern+modulus+I]

I already gave you a way. Either you have not read my entire post or I am being vague in my writing, most likely the later.

I never said block all data from "google.com", merely block cookies coming from that domain name.

http://mail.google.com/support/bin/topic.py?topic= 1555

There you will find instructions for configuring your email client of choice with GMail via POP, thus not requiring you to login via the web interface and accept their cookies.

I Hope that clarifies things.

Re:The Counter-Measure for Cookies

[AchiIIe]

You missread my comment, no need to block any content. I know about using a pop client, albeit I would not be using gmail if I did not need a web based mail client.

Try this:
a) Disable all cookies with the exception of cookies from mail.google.com .
b) Try to log in. Notice: you will not be able to.

Thus google forces you to allow google.com cookies in order to use gmail. That same cookie is read when you make searches. Thus you must:

a) allow cookies @ the 'mail.google.com' && 'google.com' domains.
b) deny cookie read requests when requested when loading a url that contains: 'google.com/search*' ... and that is not trivial

Re:The Counter-Measure for Cookies

[postmodern+modulus+I]

Correct me if I'm wrong, but from what I remember of POP/SMTP is they have nothing todo with Cookies. Why would you need to even allow cookies from *.google.com when they are not enforced for doing searches, and you can access GMail via a local mail client? How does Google enfoce cookies for logging in via POP/SMTP+SSL?

Re:The Counter-Measure for Cookies

[mrL1nX]

From my understanding of his comments its that he wants to still be able to access the web-based interface of GMail but not let Google log his search queries. He isn't talking about Google setting cookies for POP3 (If you even do that)

Re:The Counter-Measure for Cookies

[advocate_one]

Also do not use GMail via the web interface, it is possible to use GMail via an email client residing on your computer.

http://mail.google.com/support/bin/an swer.py?answe r=13273
http://gmail.google.com/support/bin/answe r.py?answ er=13285

From there you can use your choice of email Encryption/Steganography as you see fit.

most excellent... but I'd still have to go online every now and again to selectively archive or delete items.

Re:The Counter-Measure for Cookies

[memprime]

the GP's point was that he would not use Gmail if he didn't need a web email client.

Re:The Counter-Measure for Cookies

Quite the exercise in web paranoia, but it is still ineffective. I'll give you two examples:

1) if you EVER receive or send personally identifiable information by GMail, that account is attached to your identity (as with unsafe sex, you only have to screw up once). Even if you use POP/IMAP to access GMail, the combination or your IP address (remember, cookies aren't the only identifying info) and the times of access of GMail and google.com can easily be correlated. Once your GMail account has an ID attached to it, it's over.

2) OK, so perhaps you ratchet up the paranoia, and now you get a new dynamic IP each time you want to check your email or search via Google. It turns out you're still screwed if you simply add the step of combining ISP logs of IP addresses assigned to your account. The problem gets even worse when it turns out that Attorney General Gonzales has convinced the ISPS to maintain logs of all of your online activities (which he has requested under threat of legislation). Now the government (they are the ones you're worried about, right?) has a one-stop shop for all of you Internet activity.

Even if it isn't the government that worries you, try to find anything in the user agreements with your ISP, Google, etc. that shows they will not share the information with some marketing group that wishes to aggregate their logged info. The EULA might have language like "we won't share your information without your consent," but it often turns out such consent is implied by simply continuing to use the service...

All of your efforts have simply made the problem of connecting the pieces more difficult, but far from impossible. The threat of data mining is that if the information is out there, software can be written to put the bread crumbs back together. Your situation simply is another corner case to be solved by a software engineer.

Re:The Counter-Measure for Cookies

[innocent_white_lamb]

I'm pretty sure that http://www.customizegoogle.com/ will do what you want.

Re:The Counter-Measure for Cookies

[aymanh]

Thus google forces you to allow google.com cookies in order to use gmail. That same cookie is read when you make searches. Thus you must:

a) allow cookies @ the 'mail.google.com' && 'google.com' domains.
b) deny cookie read requests when requested when loading a url that contains: 'google.com/search*' ... and that is not trivial

Here is how I handle this:
1. Make sure all cookies from google.com are cleared.
2. Log in to Gmail at https://mail.google.com/ (with "remember me" checked).
3. Block all cookies from www.google.com, images.google.com, ...

Two weeks later when my Gmail cookie expires, I:
0. Temporarily allow www.google.com to read/write cookies.
Repeat the process above.

Not exactly hassle-free, and doesn't work if you don't want to check "remember me", but otherwise, it's working fine for me, and doesn't require any special software setup, Firefox cookie manager does the job.

Dear Mr. Schmidt -- I Am Not Reassured

[schwaang]

Dear Mr. Schmidt,

You say you are "alarmed" at what happened at AOL and say "it wasn't a good idea." But please explain what makes you "reasonably satisfied ... that this sort of thing would not happen at Google."

Are there serious policies in place protecting individual privacy? Is it something actively on the mind of every employee who loads a big pile of search data onto their laptop for some work project? Are there standard tools for scrubbing indentifying information?

I'd like to give Google the benefit of the doubt here, but this is just too important to me.

Re:Dear Mr. Schmidt -- I Am Not Reassured

Brief response as someone who works at Google:

Yes, yes, and yes, respectively.

The vast majority of people at Google can't get at log data. The vast majority of the ones who can, can't get at unscrubbed log data. Very, very few people can actually access the unscrubbed data.

I would expect our private source code to be leaked long before any logs.

Re:Dear Mr. Schmidt -- I Am Not Reassured

[schwaang]

The vast majority of people at Google can't get at log data. The vast majority of the ones who can, can't get at unscrubbed log data. Very, very few people can actually access the unscrubbed data.

Well that's just what I want to hear. (Of course, it would be better coming from a named source, but hey an AC on Slashdot has almost as much credibility as an official spokescritter these days.)

The geek in me wonders what scrubbing methods are used. (Do they preserve usefulness for the kind of research supposedly intended by the AOL release, yet prevent the NYTimes from finding out who is who?)

And the privacy freak in me wonders if these methods and the need to protect privacy are used and understood in the rest of the industry (AOL we know about, let's hear from Yahoo) and the wider academic research community.

Re:They have to delete your history if you ask the

[Red+Alastor]

They cleared that out. They said they'll keep them until they fall off the backup roll. What do you expect, that they nuke them from orbit the second you delete them ?

What is up with user 23187425 ?

[iansmith]

It's like some weird disjointed conversation, almost 10,000 lines and no clicks.

joe o
went thru his social sec files
friday lawn mow
do they keep prison records
say no
prisoners use to call here
they don't get no social sec
lists of them
not social security
mean no
joe to ask you
did he steal some of that money
i ask you
stole from us
kids
government would have caught
if steal from them
took from us

Re:What is up with user 23187425 ?

[glowworm]

Strange, as my results for that user are different, they look like she/he/it has typed in the lyrics of a song, especially as if you imagine you are singing them and compare timestamps they correlate pretty well.

Who knows what people do when you are bored! Practice typing a song into AOL's search bar. M'OK

Counter Measures to Cookies

[postmodern+modulus+I]

In case you filter out ACs and don't care to look at Score:0 comments, here it is again. In FireFox 1.5.x Edit -> Preferences -> Privacy Tab -> Cookies -> Exceptions Then add the Google domains you wish to block/allow. This will result in many random cookies being generated by Google for each search done (as they will think you are a new comer each time). Personally I white-list all my cookies, only allowing the sites I trust to set cookies, which are then automatically cleared when I close FireFox. Also do not use GMail via the web interface, it is possible to use GMail via an email client residing on your computer. http://mail.google.com/support/bin/answer.py?answe r=13273 [google.com] http://gmail.google.com/support/bin/answer.py?answ er=13285 [google.com] From there you can use your choice of email Encryption/Steganography as you see fit. You can only be controlled, if you allow it. You can only be surveyed, if you are unaware of or ignore it. It's your choice. --postmodern

Re:Don't worry. Get UBUNTU and be Happy !!

[crow5599]

Is this supposed to be a joke post mocking Linux users for rushing to suggest Linux as a solution for every problem? Or is it some kind of weird spam?

Things are getting pretty bad out there

I'm going to have to start using TOR when I Google.

Google, Please annomize MY searches

OK, keep the searches. Read our collective minds. Its too much fun not to. Just don't store my ip address, OK? Be Good. Thanks!

Honest, it was a joke....

[tiny69]

Global Thermal Nuclear War

Re:Honest, it was a joke....

[Anonymous+Brave+Guy]

Hey, you think you got it bad? All I wanted was a nice game of chess, and I got sent to this lousy movie review site...

I use Google anonymously...

[STDOUBT]

No one has mentioned the Scroogle Scraper yet?

http://scroogle.org/

Try the Scroogle Scraper. No Google cookie,
No Google search tied to your IP address.
No advertizements. While you're there, donate.

Re:I use Google anonymously...

This is a good idea. A good first step. We need to do at least one thing - add a Firefox search plugin that heads to scroogle instead of google. That should be easy enough. I'd actually prefer another solution - I'd like to have a Firefox extension that did one or more things, the first of which is to prevent any cookies from being sent to Google searches. I'd want gmail and calendars and the rest to work, but not searches. We can already allow/disallow cookies by domain - how hard could it be to do a little pattern matching? After disallowing the host/domain 'www.somethingorother.com' from my Firefox Cookies settings, my 'hostperm.1' file in my user profile directory had this entry: host cookie 2 www.somethingorother.com I'm not much of a Firefox/Mozilla programmer, but with some help I could probably figure out how to stop Google's treachery.

Re:I use Google anonymously...

[Ph33r+th3+g(O)at]

Sounds like a great little honeypot to scrape and sell/provide to the authorities the searches of people who would like to keep their searches private.

Re:I use Google anonymously...

[dhasenan]

http://mycroft.mozdev.org/download.html?name=scroo gle.org&sherlock=yes&opensearch=yes&submitform=Sea rch

Firefox search engine plugin for Scroogle.

Re:I use Google anonymously...

eggzactly. that's why we need a firefox plugin that will strip outgoing cookies - and keep them from going out to any google search urls.

Slashdot to continue storing replies despite gaffe

[tiny69]

Although he was alarmed by Slashdot's haphazard release of its users' online replies, CEO CmdrTaco said Wednesday the privacy concerns raised by that breach won't change his website's practice of storing posts made by it's users.

"We are reasonably satisfied ... that this sort of thing would not happen at Slashdot, although you can never say never," CmdrTaco said during an appearance at a major website conference in Walla Walla, WA.

The security breakdown, disclosed earlier this week, publicly exposed about 19 million replies made by over 1 million Slashdot posters during the three months ended in May. OSTG's Slashdot intended to release the data exclusively to spammers and government spooks, but the information somehow surfaced on the Internet and was widely ignored.

The lapse provided a glaring example of how the information that people post on the website can provide a window into their embarrassing, or even potentially incriminating _ wishes and desires. The replies leaked by Slashdot included condemnations of the current government as well an infatuation with Natalie Portman and hot grits.

Borrowing that borrowed data back

[NetSettler]

I have it on good authority that AOL saves not only your searches, but every single thing you do. Every site you visit, every click, every email you send, everything.

Why is it always the bad guys that get the benefits of all of this? Couldn't they at least offer to restore a subscriber's files from their secret cache if the subscriber's disk crashes...?

Give and Take

[Xeth]

While no doubt many people are clambering to speak to the evils of storing search queries, it's a very useful process, and blindingly obvious that Google would keep doing it. And we're not just talking about advertising. Advertising is just a section sliced out of a very complex structure approximating the character of a user. Google has shown a consistent goal of trying to categorize and understand all the information on the web. Why would they pass on an opportunity to build a persistent model of a user? With a nice AI, you could dramatically increase the relevance of a user's queries by looking at their past records and keeping a profile.

While I am well-aware of the potential dangers of trading anonymity and privacy for a little convenience, it may well be worth it in the long run. Those concerned about governmental influence aren't seeing the big picture. If the government is determined, they'll just look at a higher level. Ask the ISP to parse the input to Google (unless you're connecting to Google over an encrypted channel? I wasn't aware any such thing existed, outside of proxying). Or simply get Google to pass along the IPs of anyone making a hot-list query, no storage required.

Too much effort

[Parlor_Trick]

That seems like a lot of work just to catalog every possible incorrect spelling of the word "pornography"

Similar to the Gmail network of friends

[programmerar]

On a somewhat related note: i'm interested in the way Google set up their registration for Gmail. You have to be "invited" by someone else. This means that if they saved all the links between people, which i'm sure they did, they could see the network of people all around the world. They could see how many steps any person is separated from another.

Like someone said a few posts aboove, all the saved searches do amount to a very interesting sample of peoples minds. In the same way, Gmail registration data will be an interesting sample of human networking.

Re:Similar to the Gmail network of friends

Of course. This "network of links" is probably sent to the relevant authorities on a daily basis.

Thinking about it, this may just be the reason why this "invitation only" scheme was never abandoned, even after it had lost all its initial motivation.
(that gmail was still a beta, that they wanted a small group to test it, blablabla)

Re:Similar to the Gmail network of friends

[szlevente]

Not exactly. For example, there were these sites, where you could put your spare invites, up for grabs to anyone who was waiting in line. I for one, sent out hundreds of invites. Did I know those people? No way.

Re:Similar to the Gmail network of friends

[gotrootkit]

And the Google "help us out" routine for feedback requires that you provide them with your name -- even though you are already logged in by Google ID and email address (ie., when sending a bug report or suggestion, like with the beta Google Spreadsheets)

Re:Similar to the Gmail network of friends

[fm6]

The invitation rule is just a symptom of the fact that GMail is still in beta (after more than two years!). The invitation network has long since become meaningless: many GMail users will send an invite to any stranger that asks. Also, invite servers sent out hundreds of thousands of invites to anybody who asked before Google forced them to shut down.

Google Zeitgeist

[zoeblade]

Storing every single search performed by every person in the world across a whole epoch could pretty much give you the pulse of the world.

What, like Google Zeitgeist?

Um, yes

[Colin+Smith]

And they already been doing that for years.

http://www.google.co.uk/press/zeitgeist.html

It depends on intention

[Colin+Smith]

It's pretty trivial to completely annonymise the search data and still make useful statistical restults from it.

You give out the user accounts, with that you generate a unique key for the individual which you don't store in the account but in a cookie you give to the client browser. You create a second account based on the unique cookie key which has all of the data you're interested in, preferences, age, sex, weight, search history etc but no names, no addresses or other identity info. Then the user has control of the link between their identity and the information trail.

The user can discard the key cookie at any time and the link is broken between the identity and the preferences/information trail. The government comes in, confiscates the computer systems and they now have two sets of account information. One set with identities (names, addresses etc) and another anonymous one with all of the search information and preferences, Google can quite legitimately say that they have no way to link the information together.

Walla Walla?

[s-orbital]

We had a major web development conference? I work in web development... why didn't I know.... My boss is going to hear about this!

Here's the science

[glesga_kiss]

From this statistical analysis of similar screening systems:

The US Census shows that there are about 300 million people living in the USA. Suppose that there are 1,000 terrorists there as well, which is probably a high estimate. The base-rate would be 1 terrorist per 300,000 people. In percentages, that is .00033%, which is way less than 1%. Suppose that NSA surveillance has an accuracy rate of .40, which means that 40% of real terrorists in the USA will be identified by NSA's monitoring of everyone's email and phone calls. This is probably a high estimate, considering that terrorists are doing their best to avoid detection. There is no evidence thus far that NSA has been so successful at finding terrorists. And suppose NSA's misidentification rate is .0001, which means that .01% of innocent people will be misidentified as terrorists, at least until they are investigated, detained and interrogated. Note that .01% of the US population is 30,000 people. With these suppositions, then the probability that people are terrorists given that NSA's system of surveillance identifies them as terrorists is only p=0.0132, which is near zero, very far from one. Ergo, NSA's surveillance system is useless for finding terrorists.

Re:Here's the science

[MoxFulder]

That doesn't make surveillance useless... it's a classic problem in information theory: precision vs. recall, or whatever you want to call it.

Precision: What fraction of the RELEVANT data is identified by your search
Recall: What fraction of the search RESULTS is relevant

According to that article, NSA's precision is 40%, while their recall is 99.99%. This indicates that their surveillance strategies are actually rather good. The "problem" is that the population studied has many more innocent people than terrorists (a GOOD THING!). The ultimate issue is that NSA needs to do a good job of clearing the names of innocent people they flag, since they are flagging many innocent people DESPITE the excellent recall of their search techniques.

Let's take a less politically charged, well-documented example: HIV tests!!!
A typical initial HIV test has both precision and recall of around 99%. Now, in the USA the adult HIV rate is roughly 0.6% (source). If we pick 10,000 people randomly from the US adult population, 60 are likely to have AIDS. An HIV test would typically identify 59 of these people as having HIV, however it would also identify 99 *uninfected* people as having HIV!!! This means it's extremely likely that a preliminary positive result on an HIV test is a false positive ... this is naturally quite a shock to people who get false positive HIV results. However, the long-term cost of a false-positive is fairly negative, while the long-term cost a false-negative can be enormous (e.g. someone with HIV having unprotected sex because their partners think they're clean).

Think about the future

Your dear Government can come and take anything it wants from you whenever it wants, in the name of National Security. I think we'd all be much happier if you only kept log data for a limited period of time, after which it was totally destroyed. Otherwise, searches from years ago will be used in the future to persecute and oppress suspected political enemies. Google will not be able to avoid doing this, because the men who come for the data will be carrying large guns and threats of lifetime imprisonment in Gitmo. The best security procedures in the world will not prevent those people getting what they want.

A few common sense countermeasures:

[Ph33r+th3+g(O)at]

These won't keep your searches secret (your ISP can log every request sent in the clear, and you can't trust proxy operators who even if they're good guys are under tremendous pressure from the authorities to log and cooperate--you can be tracked on JAP/TOR if each hop is compromised--think gag order/honeypot/PATRIOT Act/RIP Act/), but they will help keep any one search engine from having enough data to create a comprehensive psychosocial dossier of you:

• Use different search engines--spread the love.
• Scrub the Google cookie, change IPs early and often if your ISP makes it easy.
• Use TOR or JAP when possible. (Don't forget, fresh cookie every time.) They're not perfect, but makes it less likely you'll be in the dragnet unless you're a specific person of interest--good intel isn't exposed chasing small fry.
• Don't vanity search or search on identifiers for people close to you on a machine you use regularly.
• Salt your searches with misinformation. Interested in motorcycles? Search for flower gardening. Arabic? Search for German. Search for random stuff now and then.
• Don't tip search engines off to your plans. Don't do searches containing the words "how" and "to" unless you're looking for HOWTOs. They're common words anyway, and don't really help.
• Don't use services like Gmail and search at the same time. (The wisdom of providing Gmail with personally identifying information and using it at is questionable given Google's aggressive data gathering.)

Executive summary:

Don't assume anything you type into a search form isn't being logged with as much information, including your IP, that they can gather. Search accordingly.

A Google Question

[wehup]

How does Google respond to a subpoena issued as a result of a legal action. Example: Law enforcement obtains the Google cookie ID and requests information from Google in an attempt to prove prior intent for some action. What about the insurance company that wants to prove someone knew of a pre-existing medical condition, but didn't bother to disclose it?

Does Google simply fork over the information?

Re:A Google Question

[Ph33r+th3+g(O)at]

They won't say how they respond, or how many such requests and subpoenas they receive. And that's enough for me to assume the worst. Eventually, if they're complying, citations will start to leak into court records--but since those are behind sites not generally indexed by search engines, it'll take an involved lawyer or a layman who happens to read the docs on the case throwing a flag.

Tracking numbers

[E8086]

I hope they at least remove USPS/UPS/FedEx/etc tracking numbers before releasing the stored search data. Not much else gives away someone's location better than a tracking number reporting a package was delivered in SPRINGFIELD, KY at 1pm on 13/13/95.

Re:Tracking numbers

[Vegeta99]

shit, only 1,166 doors to knock on according to Wikipedia! Better dig yourself a hole quickly, son.

Re:Tracking numbers

Lousy Smarch weather!

The price of "free"

[z0idberg]

Aren't these search queris part of Googles "payment" for providing the free to use search function?

What is Googles financial motivation for providing its search free of charge to the world? For all the hardware/datacentre/bandwidth to keep those spiders out there working, to rank all those pages and provide the search engine optimised so it gives good results? They dont advertise on the search page so no money there, their benefit comes from knowing what people are searching for and whether they find it or not.

If you don't want Google to know what you are searching for don't search through Google (though if you search through someone else you can bet they are keeping that info as well). You can clear cookies and change IP address etc so that your searches arent traced back to you as an individual (and Google is cool with that), but Google is under no obligation to provide their search free to the world without keeping the search info.

Isn't the search history used to tune their search engine anyway? I was under the assumption this was done to continuously improve Google ranks etc so search results remain/become more relevant.

To answer all the "what about the *Do No Evil*" questions, I don't see keeping this data as being evil. Releasing it to the public is another matter though, but just because AOL screwed up doesnt mean Google won't continue to be careful with what happens with this data.

News?

[d_54321]

So the news about Google today is that "Things are the way they were yesterday and there is no news."

Thanks.

This is good news

[niceone]

This is good news for the Google query based write only file system I've been working on.

Well, strictly speaking it's not write only, because it's readable by Google, but then what isn't?

Mod Parent Insightful

[FliesLikeABrick]

It would be similar to how you could create such a graph from a site like MySpace or Facebook, except without the clutter and without the influence of people just wanting to whore friends.

The thought of seeing a graphical representation of this intrigues me. I can just picture what a graph overlayed on the contintental US would look like if the connections between X people were graphed to N generations, for varying numbers X and N (high X + low N, the opposite).

No tin foil here

[hansamurai]

Last July/August the Google Search History beta was released so I love it that Google logs all my searches. Looking through my searches from months ago is pretty cool, and then I can click on the trends button to see how many searches I've made per month, per hour during the day, etc. Very awesome.

The solution:

[TheVelvetFlamebait]

1) Download and install firefox
2) Bring up the options form and switch to the privacy tabs
3) Turn off cookies OR add google.com as an exception to the sites that can set cookies
4) Never ever use Internet Explorer (if you are doing so now)

Simple.

What does Google record?

[tom6a]

What information could Google release/lose/etc if the data was not protected? According to their privacy policy Google records the following information in their server logs:

Here is an example of a typical log entry where the search is for "cars", followed by a breakdown of its parts:

* 123.45.67.89 - 25/Mar/2003 10:15:32 - http://www.google.com/search?q=cars - Firefox 1.0.7; Windows NT 5.1 - 740674ce2123e969
* 123.45.67.89 is the Internet Protocol address assigned to the user by the user's ISP; depending on the user's service, a different address may be assigned to the user by their service provider each time they connect to the Internet;
* 25/Mar/2003 10:15:32 is the date and time of the query;
* http://www.google.com/search?q=cars is the requested URL, including the search query;
Firefox 1.0.7; Windows NT 5.1 is the browser and operating system being used; and
* 740674ce2123a969 is the unique cookie ID assigned to this particular computer the first time it visited Google. (Cookies can be deleted by users. If the user has deleted the cookie from the computer since the last time s/he visited Google, then it will be the unique cookie ID assigned to the user the next time s/he visits Google from that particular computer).

See http://www.omninerd.com/2006/01/25/news/489?highli ght=c4171#c4171

One stupid intern away....

[sdo1]

No matter what safeguards are in place, ANY company like this is only one stupid intern away from a similar situation as AOL faces. Even if there's absolutely no malicious intent, information like this tends to have a very low vapor pressure. The information exists, and as the AOL incident points out, people want the information (as witnessed by the incredible number of articles, websites, and discussions about the content of the AOL database).

Someone will eventually screw up. It's inevitable. It's Murphy's Law... if it can happen, it will... especially given an ample number of opportunities. And there's lots of opportunities for someone to mis-handle this data.

I'm usually fairly on top of things like this, but to be honest, until this happened, I didn't know that Google Personal Search History existed. And apparently the default is to save the history and have it attached to my gmail account. I've now deleted the history and paused the data collection, but does that mean it's really gone? How do I know... maybe it's just hidden for now and not really gone. And it's a little bothersome that the default is to keep the data. The default should be to not save it attached to any sort of personally identifiable informaion unless I give explicit, and repeated, permission to do so.

-S

Why store the IP address?

[jopet]

I assume they whole fuss is being made because they store the IP address with each query. Otherwise, it would not be a privacy issue. So one has to wonder: why *do* they store the IP address? What is the value to them? And if they are concerned about privacy, why not store a hash instead of the original IP, if some sort of information grouping is wanted?
So, obviously, *if* they indeed store the IP address the only explanation is that they do not give a damn about privacy and actually use that information.

BTW, I would assume that this practice is actually illegal in some European countries which have strict laws about what information can be stored and for how long and how it can be used or shared later.

Why Tor is not Secure

Just because your data transmissions from one node to the next is encrypted, doesn't mean that the data inside the packet doesn't contain valuable information that can identify you.

If you use google, it sets a cookie, the cookie and its identifying (anonymously identifying BTW **) information, get encrypted and sent over tor only to be decrypted and send to google. Nothing has actually improved your situation, google still knows your "GUID" (google unique id) searched for "bush conspiracy" and added that to your ID's already long list of porn searches.

The real problem is this ... :
Next say you log in to google with your GMail account. Your cookie is sent to google's server and matched to your email address. So now they know that for example that GUID# 42k3j3993j3k (whatever) has searched for "bush conspiracy" and that your email address is dumbass@gmail.com. You log off that computer and go to a library and logon there. After you login there all of the porn searches are added to you, but not only that someone searched for "bush assasination" and its attatched to you, permanently.

Before I realized all of this loggin stuff was going on, I let people use my computer all the time. God only knows whats attatched to your information out there. Personal privacy is important even on web searches. My computer now has an auto lock, and a public user - so people aren't by default using my google cookie / account information - among other things.

(** The uniq id is psuedo-anonymous *** until they have a place to hang it, think of it like a random string of beads, each bead is a search. When you login you attach the search history to your account)

(*** psuedo-anonymouse cause they capture the IP addr you have - which could be attatched to you as a person after requesting information from an ISP)
-Prozacgod

One word: scroogle

[DancesWithDupes]

It's all about levels of trust. If you want to query Google (or Yahoo) but want some form of anonymizer between the search engine and yourself, you might want to check out Scroogle (http://www.scroogle.org).

So do I trust Scroogle's claim that they delete all search criteria within 48 hours? They haven't let me down yet.

You forgot IP

[gerf]

There was a previous article a long ways back about how Google tracks search characteristics by IP address. This was before Gmail came out, but I wouldn't doubt they still use it. Your cookies and Gmail are not safe.

What really concerns me is this: If someone searches for something like their SS# or CC#, thinking that someone had gotten ahold of it and posted it online. They think that the search goes into a black hole when instead, it's now going into a "memory hole," ala 1984.

MAC address

[freeweed]

Unless they drill into your connection to find your MAC address

They can't. Your MAC address isn't transmitted beyond your local ethernet. To actually find something like this Google would have to either be VERY close to your network (ie: on it), or compromise your computer, in which case they'll be able to get a hell of a lot more on you anyway :)

For the archives

So they likes ot store the queries ? Let's have some fun.

Missing info

[nacs]

In addition to what you said above, Google also knows what search result you clicked on.

The biggest source of info for them is probably your "Google ID"/single-signon. With this info they can tie your search terms and search clickthrough info with:
* your sent and received email (Gmail)
* your schedule (Google Calendar)
* your purchases (Google Checkout)
* where you plan on going to (Google Maps / Earth)
* what you and people you know look like (Picasa Web Albums)
* news you're interested in (Google News)
* what you like watching (Google Video)
* what you like reading/talking about (Google Groups / Blogger / Notebook)
* what you talk to your friends about (Google Chat)
* every page you visit (Google Web Accelerator)
* all your website passwords, full browsing history, cookies, and bookmarks (Google Browser Sync extension for Firefox)

Google knows a whole LOT about you and I.

AOL's Mistake

[klenwell]

Correct me if I am wrong, but if AOL simply removed the subscriber number column from its released data, there wouldn't have been much of a story here. At least, it wouldn't have produced the giant scandal that it has. Didn't AOL release its search data as a public-spirited gesture to aid researchers?

That's not to say even releasing the data without the subscriber number wouldn't have been somewhat naive. I found the New York Times article yesterday about the one AOL member whose identity was compromised interesting in the kind of false conclusions one might draw from the search queries alone. To do this successfully, AOL would have had to have taken a lot of care -- a lot of care! -- with the data. Getting rid of subscriber number would have simply been the first step any first-grader would have thought of.

If I am understanding events correctly, I think AOL's motives in releasing the data were well-intentioned and laudable. Too bad they fucked up so majorly in the execution.

Re:They have to delete your history if you ask the

[pjp6259]

What do you expect, that they nuke them from orbit the second you delete them
Well, it is the only way to be sure.

Do we need personal search engines...?

[cr0sh]

After seeing what happenned with the AOL data release, and perusing through some of the scads of data myself, along with hearing about government requests for search terms from various companies, does anyone else think the time is right for a personal search engine?

No, such a search engine would never be able to store everything about the web the way Google or any other search engine does. Such an engine would never be able to spider the entire web and store the snippets needed to allow for such a comprehensive search. Such an engine would also never be immune to the government requesting information from your ISP about where you have gone, either.

However, such an engine might give you a bit more insulation from these intrusions into our online life, and perhaps with some P2P technology thrown into the mix, maybe some onion routing or similar - maybe these individual small search databases can be linked up to provide a more comprehensive search without revealing to anyone who is searching for what, from where, and when.

Even if each box was a simple server with a 100 gig storage, and even if you might have to wait a while for a search to complete, or batch searches together (maybe even scheduled searches or search alerting?) - isn't that inconvenience worth more than the privacy invasion we are now seeing?

Will foster random searching bots...

[Kazoo+the+Clown]

Configure an auto-search bot on your computer that runs a dictionary of random phrases through-- changing the signal-to-noise threshold...