Slashdot Mirror
Google to Continue Storing Search Requests
isabotage3 writes "Although he was alarmed by AOL's haphazard release of its subscribers' online search requests, Google Inc. CEO Eric Schmidt said Wednesday the privacy concerns raised by that breach won't change his company's practice of storing the inquiries made by its users."
what does google have to do with any of this? it's somehow news that google somehow is confident that they aren't a bunch of total fuckups like AOL?
my girlfriend's cat could run an ISP better than AOL
Snowden and Manning are heroes.
Everyone knows that Google is really a front for the NSA. Think about it, massive quantities of data, searches
that can be corealated and traced back to individual users, gmail storing and 'indexing' all your mail, it's
the governments wet dream.
Just wait until Windows-Live services take off , and G-Drive as well. Why not have all your data ready for inspection
by the nice people at the NSA.
'scuse me, there's a knock on the door, the folks from the black pizza van prolly wanna ask for directions.
The biggest difference is that the majority of the AOL searches were done well users were logged into AOL. Thus it will be a bit harder to trace what people search for back to themselves if they are not logged in but not impossible. Here is to hoping Google has a better lockdown policy compaired to AOL.
If the government ever does hunt for people guilty of something by searching people's searches, they are going to get a lot of false positives. There is always more people interested in, for example, bombs, than there are bombers.
"When the going gets weird, the weird turn pro" -- HST
"I know this one guy who asked me to cancel his account last week, and a couple days later his mom found out about his lesbian penguin grits fetish. Now, I'm not threatening you, or anything. I'm a reasonable guy. I'm just sayin', you might want to give that some more thought, Mr. cheating-on-wife-on-the-down-low..."
AOL not only stores your search results, but they also know exactly who you are. Also, I have it on good authority that AOL saves not only your searches, but every single thing you do. Every site you visit, every click, every email you send, everything.
-AJ
I, for one, don't mind all that much if Google saves my search inquiries, just so long as they keep the information private and (hopefully) anonymous. Google has also had a pretty damn good track record at doing just that.. Comparing them to AOL isn't even apples and oranges.. More like apples and live grenades...
"We may face a scorched and lifeless earth, but they're accountable to their shareholders first."
Have your browser reject cookies from Google. You won't be able to use Gmail or orkut or some other services, but Web search, video search, etc. will work. Unless they drill into your connection to find your MAC address, or always search from the same IP, you're reasonably okay.
"We are reasonably satisfied ... that this sort of thing would not happen at Google, although you can never say never," Schmidt said during an appearance at a major search engine conference in San Jose.
.. you could if you didnt store them.
Well
Storing every single search performed by every person in the world across a whole epoch could pretty much give you the pulse of the world.
Watching as news spreads and worries and concerns grow or when good news occurs or even just good publicity, there are millions of people all adding entries into the real hitchhikers guide.
Google will be almost certain of knowing the current number one chart hit at any location on Earth at any time simply by the concentration of searches for that artist/song, it could follow gun culture or tv plotlines or anything flowing into its servers.
In the right hands, this could become an amazing asset for the whole world. I believe the current owners of google are primed to achieve such a feat.
I however wonder what will happen when Page and Brin are gone or are sidestepped by the government.
liqbase
Anyone have any actual suggestions for what to use instead of google though? What about a server to interrogate google for results, without disclosing ur IP. (ie, it's IP will be logged, not urs - simmilar to a proxy, but more active.)?
What is...?
http://www.google.com/search?q=first%20post
Reliable, Great Value Hosting: $7.95/mo 2.4G/120G
A search proxy will prevent establishign ip and user identity with search terms and tracking of results clicked on. Get hip to it. Alot of services exist. This is my fav http://www.blackboxsearch.com/
You sent it as PLAINTEXT over the INTERNET.
This [or the thing against AOL] is not a story.
I couldn't care less about Google releasing all the odd shit I look for. If I was I would find a private search engine that worked over HTTPS.
Tom
Someday, I'll have a real sig.
>Is it really that hard to turn cookies off for www.google.com in your Firefox installation? Yes, if you use gmail, or if you want to upload movies, or if you want your default location on google maps saved.
Nature journal lied in Britannica vs Wikipedia Ask to retrac
No, they don't have to when they redirect through someone who does keep records. I just went there and did a search and when I clicked on a link it redirected me through http://www23.overture.com/d/sr/?xargs= with a bunch of arguments and tried to set a cookie and then transparently redirected me to the original link as if nothing happened. It looks like there is a lot of information passed in the URL to overture.com. Just what is overture.com? Hmmm, take a look:
http://www.overture.com/
I think I'll stick with Google thank you.
Yes, how dare they learn your IP!!! I mean it's only the single most important thing you need to function HTTP...Well that and a TCP stack...
Tip: If you don't want to get in trouble for googling for bomb making kits, kiddie porn or whatever else you depraved fucks look for.... don't use google.
For the rest of us looking for legal shit, I don't care. It's google server. If they want to log all my searches that's THEIR RIGHT.
Tom
Someday, I'll have a real sig.
It is when you aren't really concerned about privacy violations, but would like something to whine about on
I thought it unusual that the page title of that MySecureISP ad says "No IP tracking, cookies or logging EVER" yet I see this in their FAQ.
... =)
Will My Secure ISP slow down my connection?
Probably not.
You should experience the same speed or better as your existing internet provider. You could actually experience a speed increase due to the caching done on our servers
http://www.mysecureisp.com/faq.html#5
Maybe I'm misinterpreting something here
"Keep at least 3-6 full bottles of hard alcohol on hand, a 2 week resignation notice,..." - Poetmatt
This is to be expected, and Google is right. Of course they won't stop storing all this information about us. Sure, it can be used for all kinds of evil purposes (but they don't do evil, right?), it could be misused, as in the recnt AOL example, or it could be used for all kinds of good things, such as having a search engine that knows what I want before I have time to enter my query.
Simpy
Every search engine logs your queries. This is the way it is. If they tell you they don't log the queries, they're lying. The difference is that they don't make it available. In a previous life I worked with several search companies you've heard of on various search related technologies, and they *never* released query logs. Even cleansed the data were kept close to the chest. Queries are going to be logged with the IP address of the user. Some engines will track click-throughs on the results as well. That data is invaluable to a search engine.
AOL's faux pas here was attaching personal information to the queries themselves: once that per-user identifier was attached all bets were off.
If you are interested in working with query data, and do not work for a search company, you are shit out of luck, because you can't otherwise get this data. All of the research published on queries was done by Alta Vista, Google, Yahoo, Lycos, MSN... research on spelling correction of search queries is done by the same groups: they're the only ones with access to that data, until this AOL release (or older releases from other companies.)
Having this data is a boon for researchers, but a net loss for people.
No, Google said they would keep the mail from deleted accounts.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
Fact: Google has a Beta Search History feature. It's an opt-in thing, but, it's quite handy. Stores all the searches you make. Really handy if you want to find something you found a year ago. I think Google knows what its doing and how to preserve, protect, and defend its users. Otherwise, I don't think they'd risk offering the service. Now, if only our elected officials could preserve, protect, and defend that little nagging thing called the United States Constitution... and stop nosing in our searches!
Perhaps the solution to this problem is not to keep the data private, but to create a database that is meaningless. During idle time (nighttime, classtime, etc) a computer could run an automated search routine that would create search queries from perhaps, names from yellowpages.com, or topics from /. This would bury legitimate search data in a mountain of meaningless data, making the database virtually useless.
Of course, it would have the same effect if for every legit search one performs via google he/she then performs three or four bogus searches. Wonder what law that would violate.
In FireFox 1.5.x
e r=13273w er=13285
Edit -> Preferences -> Privacy Tab -> Cookies -> Exceptions
Then add the Google domains you wish to block/allow. This will result in many random cookies being generated by Google for each search done (as they will think you are a new comer each time). Personally I white-list all my cookies, only allowing the sites I trust to set cookies, which are then automatically cleared when I close FireFox.
Also do not use GMail via the web interface, it is possible to use GMail via an email client residing on your computer.
http://mail.google.com/support/bin/answer.py?answ
http://gmail.google.com/support/bin/answer.py?ans
From there you can use your choice of email Encryption/Steganography as you see fit.
You can only be controlled, if you allow it.
You can only be surveyed, if you are unaware of or ignore it.
It's your choice.
Dear Mr. Schmidt,
... that this sort of thing would not happen at Google."
You say you are "alarmed" at what happened at AOL and say "it wasn't a good idea." But please explain what makes you "reasonably satisfied
Are there serious policies in place protecting individual privacy? Is it something actively on the mind of every employee who loads a big pile of search data onto their laptop for some work project? Are there standard tools for scrubbing indentifying information?
I'd like to give Google the benefit of the doubt here, but this is just too important to me.
They cleared that out. They said they'll keep them until they fall off the backup roll. What do you expect, that they nuke them from orbit the second you delete them ?
Slashdot anagrams to "Sad Sloth"
It's like some weird disjointed conversation, almost 10,000 lines and no clicks.
joe o
went thru his social sec files
friday lawn mow
do they keep prison records
say no
prisoners use to call here
they don't get no social sec
lists of them
not social security
mean no
joe to ask you
did he steal some of that money
i ask you
stole from us
kids
government would have caught
if steal from them
took from us
In case you filter out ACs and don't care to look at Score:0 comments, here it is again. In FireFox 1.5.x Edit -> Preferences -> Privacy Tab -> Cookies -> Exceptions Then add the Google domains you wish to block/allow. This will result in many random cookies being generated by Google for each search done (as they will think you are a new comer each time). Personally I white-list all my cookies, only allowing the sites I trust to set cookies, which are then automatically cleared when I close FireFox. Also do not use GMail via the web interface, it is possible to use GMail via an email client residing on your computer. http://mail.google.com/support/bin/answer.py?answe r=13273 [google.com]
http://gmail.google.com/support/bin/answer.py?answ er=13285 [google.com]
From there you can use your choice of email Encryption/Steganography as you see fit.
You can only be controlled, if you allow it.
You can only be surveyed, if you are unaware of or ignore it.
It's your choice.
--postmodern
--postmodern
Why bother when the FireFox extension CustomiseGoogle contains an anonymise cookie option, this will ensure that google works as you expect, but ensures that the cookie they use to corellate your searches with your gmail with your google maps searches (your house for one) with your price shopping with your groups searches with your images searches is changed every now and again. No loss of functionality, complete maintenance of privacy.
Orationem pulchram non habens, scribo ista linea in lingua Latina
Is this supposed to be a joke post mocking Linux users for rushing to suggest Linux as a solution for every problem? Or is it some kind of weird spam?
Dear Google, Let's set so double the cookie delete select all
?giS
Global Thermal Nuclear War
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
http://scroogle.org/
Try the Scroogle Scraper. No Google cookie,
No Google search tied to your IP address.
No advertizements. While you're there, donate.
I personally don't use GMail so I may be wrong here, but why not use GMail via POP? How can Google enforce the cookies via POP/SMTP? http://mail.google.com/support/bin/topic.py?topic= 1555
--postmodern
Although he was alarmed by Slashdot's haphazard release of its users' online replies, CEO CmdrTaco said Wednesday the privacy concerns raised by that breach won't change his website's practice of storing posts made by it's users.
... that this sort of thing would not happen at Slashdot, although you can never say never," CmdrTaco said during an appearance at a major website conference in Walla Walla, WA.
"We are reasonably satisfied
The security breakdown, disclosed earlier this week, publicly exposed about 19 million replies made by over 1 million Slashdot posters during the three months ended in May. OSTG's Slashdot intended to release the data exclusively to spammers and government spooks, but the information somehow surfaced on the Internet and was widely ignored.
The lapse provided a glaring example of how the information that people post on the website can provide a window into their embarrassing, or even potentially incriminating _ wishes and desires. The replies leaked by Slashdot included condemnations of the current government as well an infatuation with Natalie Portman and hot grits.
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
We're not talking just about an IP, we're talking about a permanent cookie that correlates all your searches to your web browser on your computer (and will stay there until you reformat or choose to delete/block said cookie). Far more information than the source/destination fields of an IPv(4|6) packet.
Also would you be OK with people watching you goto the bathroom? You wouldn't be doing anything illegal per say, but it probably would be very uncomfortable to have the whole neighbor and possibly a couple DOJ investigators watching you. The type of stance that 'it's legal, i have nothing to hide, who cares' lowers the expectation for privacy among us and signals that the erosion of our collective privacy is A-O.K.
--postmodern
Why is it always the bad guys that get the benefits of all of this? Couldn't they at least offer to restore a subscriber's files from their secret cache if the subscriber's disk crashes...?
Kent M Pitman
Philosopher, Technologist, Writer
Another approach, if you are using Firefox, is to set cookies to be cleared at the end of your browser session. Then use the Permit Cookies extension (https://addons.mozilla.org/firefox/44/) to whitelist sites you trust, like Slashdot. That way, Gmail will work, but your cookie will not persist across browsing sessions.
Be warned though, Google will still be aware of your "trail" through Adsense sites during your browser session. As soon as you log in to Gmail, your Adsense trail will be linked to an actual email account. It's annoying, but with a little practice, I've learned to visit Gmail only during a fresh browsing session.
While I don't like the ubiquity of Google advertising, my real concern is something like AOL or the DOJ. I trust Google not to be evil, but accidents happen and evil sometimes triumphs over the will of good people. It sucks that this is the world we live in, but what can ya do?
While no doubt many people are clambering to speak to the evils of storing search queries, it's a very useful process, and blindingly obvious that Google would keep doing it. And we're not just talking about advertising. Advertising is just a section sliced out of a very complex structure approximating the character of a user. Google has shown a consistent goal of trying to categorize and understand all the information on the web. Why would they pass on an opportunity to build a persistent model of a user? With a nice AI, you could dramatically increase the relevance of a user's queries by looking at their past records and keeping a profile.
While I am well-aware of the potential dangers of trading anonymity and privacy for a little convenience, it may well be worth it in the long run. Those concerned about governmental influence aren't seeing the big picture. If the government is determined, they'll just look at a higher level. Ask the ISP to parse the input to Google (unless you're connecting to Google over an encrypted channel? I wasn't aware any such thing existed, outside of proxying). Or simply get Google to pass along the IPs of anyone making a hot-list query, no storage required.
If your theory is different from practice, then your theory is wrong.
That seems like a lot of work just to catalog every possible incorrect spelling of the word "pornography"
Down with L!
On a somewhat related note: i'm interested in the way Google set up their registration for Gmail. You have to be "invited" by someone else. This means that if they saved all the links between people, which i'm sure they did, they could see the network of people all around the world. They could see how many steps any person is separated from another.
Like someone said a few posts aboove, all the saved searches do amount to a very interesting sample of peoples minds. In the same way, Gmail registration data will be an interesting sample of human networking.
Waiting for you by the bridge
Storing every single search performed by every person in the world across a whole epoch could pretty much give you the pulse of the world.
What, like Google Zeitgeist?
And they already been doing that for years.
http://www.google.co.uk/press/zeitgeist.html
Deleted
We had a major web development conference? I work in web development... why didn't I know.... My boss is going to hear about this!
Patent: from Latin patere, to be open
From this statistical analysis of similar screening systems:
Executive summary:
Don't assume anything you type into a search form isn't being logged with as much information, including your IP, that they can gather. Search accordingly.
I too have felt the cold finger of injustice.
How does Google respond to a subpoena issued as a result of a legal action. Example: Law enforcement obtains the Google cookie ID and requests information from Google in an attempt to prove prior intent for some action. What about the insurance company that wants to prove someone knew of a pre-existing medical condition, but didn't bother to disclose it?
Does Google simply fork over the information?
I hope they at least remove USPS/UPS/FedEx/etc tracking numbers before releasing the stored search data. Not much else gives away someone's location better than a tracking number reporting a package was delivered in SPRINGFIELD, KY at 1pm on 13/13/95.
F7 doesn't work, ignore spelling and grammar
Aren't these search queris part of Googles "payment" for providing the free to use search function?
What is Googles financial motivation for providing its search free of charge to the world? For all the hardware/datacentre/bandwidth to keep those spiders out there working, to rank all those pages and provide the search engine optimised so it gives good results? They dont advertise on the search page so no money there, their benefit comes from knowing what people are searching for and whether they find it or not.
If you don't want Google to know what you are searching for don't search through Google (though if you search through someone else you can bet they are keeping that info as well). You can clear cookies and change IP address etc so that your searches arent traced back to you as an individual (and Google is cool with that), but Google is under no obligation to provide their search free to the world without keeping the search info.
Isn't the search history used to tune their search engine anyway? I was under the assumption this was done to continuously improve Google ranks etc so search results remain/become more relevant.
To answer all the "what about the *Do No Evil*" questions, I don't see keeping this data as being evil. Releasing it to the public is another matter though, but just because AOL screwed up doesnt mean Google won't continue to be careful with what happens with this data.
So the news about Google today is that "Things are the way they were yesterday and there is no news."
Thanks.
Support the FairTax
This is good news for the Google query based write only file system I've been working on.
Well, strictly speaking it's not write only, because it's readable by Google, but then what isn't?
ccalam - acoustic versions of new songs.
It would be similar to how you could create such a graph from a site like MySpace or Facebook, except without the clutter and without the influence of people just wanting to whore friends.
The thought of seeing a graphical representation of this intrigues me. I can just picture what a graph overlayed on the contintental US would look like if the connections between X people were graphed to N generations, for varying numbers X and N (high X + low N, the opposite).
Last July/August the Google Search History beta was released so I love it that Google logs all my searches. Looking through my searches from months ago is pretty cool, and then I can click on the trends button to see how many searches I've made per month, per hour during the day, etc. Very awesome.
Reviewing just the first hour of video games.
What information could Google release/lose/etc if the data was not protected? According to their privacy policy Google records the following information in their server logs:
i ght=c4171#c4171
Here is an example of a typical log entry where the search is for "cars", followed by a breakdown of its parts:
* 123.45.67.89 - 25/Mar/2003 10:15:32 - http://www.google.com/search?q=cars - Firefox 1.0.7; Windows NT 5.1 - 740674ce2123e969
* 123.45.67.89 is the Internet Protocol address assigned to the user by the user's ISP; depending on the user's service, a different address may be assigned to the user by their service provider each time they connect to the Internet;
* 25/Mar/2003 10:15:32 is the date and time of the query;
* http://www.google.com/search?q=cars is the requested URL, including the search query;
Firefox 1.0.7; Windows NT 5.1 is the browser and operating system being used; and
* 740674ce2123a969 is the unique cookie ID assigned to this particular computer the first time it visited Google. (Cookies can be deleted by users. If the user has deleted the cookie from the computer since the last time s/he visited Google, then it will be the unique cookie ID assigned to the user the next time s/he visits Google from that particular computer).
See http://www.omninerd.com/2006/01/25/news/489?highl
No matter what safeguards are in place, ANY company like this is only one stupid intern away from a similar situation as AOL faces. Even if there's absolutely no malicious intent, information like this tends to have a very low vapor pressure. The information exists, and as the AOL incident points out, people want the information (as witnessed by the incredible number of articles, websites, and discussions about the content of the AOL database).
Someone will eventually screw up. It's inevitable. It's Murphy's Law... if it can happen, it will... especially given an ample number of opportunities. And there's lots of opportunities for someone to mis-handle this data.
I'm usually fairly on top of things like this, but to be honest, until this happened, I didn't know that Google Personal Search History existed. And apparently the default is to save the history and have it attached to my gmail account. I've now deleted the history and paused the data collection, but does that mean it's really gone? How do I know... maybe it's just hidden for now and not really gone. And it's a little bothersome that the default is to keep the data. The default should be to not save it attached to any sort of personally identifiable informaion unless I give explicit, and repeated, permission to do so.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
Who owns the google servers?
Tom
Someday, I'll have a real sig.
Wasn't there also a method that involved forcing the Google tracking cookie (or whatever it was) to be set to 0 (which is shared among other people not wanting to be tracked by Google) making the tracks useless?
"I thought what I'd do was I'd pretend I was one of those deaf-mutes" ~ Laughing Man - GITS:SAC
I assume they whole fuss is being made because they store the IP address with each query. Otherwise, it would not be a privacy issue. So one has to wonder: why *do* they store the IP address? What is the value to them? And if they are concerned about privacy, why not store a hash instead of the original IP, if some sort of information grouping is wanted?
So, obviously, *if* they indeed store the IP address the only explanation is that they do not give a damn about privacy and actually use that information.
BTW, I would assume that this practice is actually illegal in some European countries which have strict laws about what information can be stored and for how long and how it can be used or shared later.
It's all about levels of trust. If you want to query Google (or Yahoo) but want some form of anonymizer between the search engine and yourself, you might want to check out Scroogle (http://www.scroogle.org).
So do I trust Scroogle's claim that they delete all search criteria within 48 hours? They haven't let me down yet.
There was a previous article a long ways back about how Google tracks search characteristics by IP address. This was before Gmail came out, but I wouldn't doubt they still use it. Your cookies and Gmail are not safe.
What really concerns me is this: If someone searches for something like their SS# or CC#, thinking that someone had gotten ahold of it and posted it online. They think that the search goes into a black hole when instead, it's now going into a "memory hole," ala 1984.
Unless they drill into your connection to find your MAC address
:)
They can't. Your MAC address isn't transmitted beyond your local ethernet. To actually find something like this Google would have to either be VERY close to your network (ie: on it), or compromise your computer, in which case they'll be able to get a hell of a lot more on you anyway
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
In addition to what you said above, Google also knows what search result you clicked on.
The biggest source of info for them is probably your "Google ID"/single-signon. With this info they can tie your search terms and search clickthrough info with:
* your sent and received email (Gmail)
* your schedule (Google Calendar)
* your purchases (Google Checkout)
* where you plan on going to (Google Maps / Earth)
* what you and people you know look like (Picasa Web Albums)
* news you're interested in (Google News)
* what you like watching (Google Video)
* what you like reading/talking about (Google Groups / Blogger / Notebook)
* what you talk to your friends about (Google Chat)
* every page you visit (Google Web Accelerator)
* all your website passwords, full browsing history, cookies, and bookmarks (Google Browser Sync extension for Firefox)
Google knows a whole LOT about you and I.
"I filter at +6, and have yet to miss out on an important comment." (#822545)
Correct me if I am wrong, but if AOL simply removed the subscriber number column from its released data, there wouldn't have been much of a story here. At least, it wouldn't have produced the giant scandal that it has. Didn't AOL release its search data as a public-spirited gesture to aid researchers?
That's not to say even releasing the data without the subscriber number wouldn't have been somewhat naive. I found the New York Times article yesterday about the one AOL member whose identity was compromised interesting in the kind of false conclusions one might draw from the search queries alone. To do this successfully, AOL would have had to have taken a lot of care -- a lot of care! -- with the data. Getting rid of subscriber number would have simply been the first step any first-grader would have thought of.
If I am understanding events correctly, I think AOL's motives in releasing the data were well-intentioned and laudable. Too bad they fucked up so majorly in the execution.
Innovation makes enemies of all those who prospered under the old regime... -- Machiavelli
What do you expect, that they nuke them from orbit the second you delete them
Well, it is the only way to be sure.
Computers don't make mistakes. What they do, they do on purpose.
No, such a search engine would never be able to store everything about the web the way Google or any other search engine does. Such an engine would never be able to spider the entire web and store the snippets needed to allow for such a comprehensive search. Such an engine would also never be immune to the government requesting information from your ISP about where you have gone, either.
However, such an engine might give you a bit more insulation from these intrusions into our online life, and perhaps with some P2P technology thrown into the mix, maybe some onion routing or similar - maybe these individual small search databases can be linked up to provide a more comprehensive search without revealing to anyone who is searching for what, from where, and when.
Even if each box was a simple server with a 100 gig storage, and even if you might have to wait a while for a search to complete, or batch searches together (maybe even scheduled searches or search alerting?) - isn't that inconvenience worth more than the privacy invasion we are now seeing?
Reason is the Path to God - Anon
Configure an auto-search bot on your computer that runs a dictionary of random phrases through-- changing the signal-to-noise threshold...
i use scroogle.org, its google results but without the tracking of ips and cookies. they even give you a bit of html to stick on your personal website so you can search from your home page.