Slashdot Mirror
What MSN, Google, Yahoo and AOL Know About You
hotgist writes "America's top four Internet companies, Google, Yahoo,
AOL and Microsoft's MSN, promise they will protect the personal information of
people who use their online services to search, shop and socialize. But a close
read of their privacy policies reveals as much exposure as protection. The
massive amounts of data these companies collect, which can include records of
the searches you make, the health problems you research and the investments you
monitor, can be requested by government investigators and subpoenaed by your
legal adversaries. But this same information is generally not available to you."
Ok, if I can't find out what records they are keeping about me, but legal adversaries can, someone please sue me and then subpeona them for me.
BTW, TFA appears to have gone though a buggy porn filter. It has words like "cir*****stantial" and "do*****ents"
Memo to self:
Don't log in before doing a search.
Change my IP address frequently or use proxies.
Lobby CowboyNeal to let you post as A.C. more often than once every 10 minutes.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
In Soviet Russia, search engines search you!
yawn...nothing you do online is private. The real problem here is that people *think* they cannot be seen.
TFA made an interesting point, though...searches are as close to reading our thoughts as is possible. That is pretty scary. I'll bet there's all kinds of predictive software that could use that search data to profile us, even anticipate our next move. That's pretty scary.
blah blah blah
If you're logged in and you have it enabled, you can have Google tell you all of your search history. I disable that and generally block cookies from being stored by Google. I sometimes, depending on what I'm searching for, use inurl:nph-proxy.pl and find a random open proxy to search through or use a public facility like a SurfThing enabled coffee shop or library.
If my legal adversaries want to find out that I searched converting 3.5 tablespoons to teaspoons while cooking on Saturday, good for them. The rest of it is protected.
Now, what the general public does (like the moron that got busted for searching for how to commit undetectable murder and then poisoning her husband) is another story. No matter what, there will always be idiots that don't know how to cover their tracks regardless of the "privacy policy" of third parties.
Were things really much more private before the Internet as we know it today? You had to approach actual experts like doctors for any questions you had. That leaves a trail. And if you had checked out library books as research, I'm sure the government could trace those records as well, even before computerized systems. Technology simply makes the process shorter.
Always someone has power over you. The thing to consider is this: Is the power good, or bad?
You can find out more about me by rummaging through my trash can - quite legal too. Just make sure you get it off my lawn first, or say hello to my boomstick.
I hope, when they die, cartoon characters have to answer for their sins.
Don't forget to clear your cookies or block them from Google. The default Google cookie doesn't expire for 30 years, and with it Google can track all your activity on Google sites, from maps to gmail to search.
This is why I use different services for different things. While I absolutely love gmail, I don't use it for my primary webmail account. Instead, I use Yahoo! (though I hate those ads at the bottom of messages). This is because I use Google as my search engine of choice. And for messaging, I use AIM. I don't want companies to be able to attach seemingly disparate portions of my life together into a single profile. Sure, it can still be done, but diversifying makes things that much more difficult.
This guy's the limit!
The Aol "accident", government trying to subpoena search results, etc. Big companies whose source of income is to store and analyze massive amounts of personal preferences to sell targeted advertisements effectively store and analyze personal data. This article is a complete waste of time, don't bother reading it.
javascript:x='Nothing';y='preferences';try{if(con
Or else, google for GoogleAnon
They (my nephews and nieces) look at me as though I am an brontosauraus wearing Sanjaya's fauxhawk when I talk to them about the dangers of "overexposure" (both literally and figuratively) in the internet.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Similar to the upcoming US election results
Look, I know that we don't have to use these services, but that doesn't make this sort of policy any less dangerous to the public in general. The Bush Administration will not be the last time we will hear about data retention policies, and if these services keep maintaining such detailed records, it's only a matter of time before the government gets full access to them. The privacy implications for that are that it'll be the first major step toward a total surveillance state for modern communications. A first, very, very important step once they get the search engines and ISPs working together to help them keep detailed record on what is done online.
I hoped they purged my request to find "the clitoris" on google maps
The original generic sig.
Is it linked by just cookie or also the mac? I would assume that most routers/firewalls mask the mac address, so is the cookie reference the only link?
Clearing cookies is great, but I'm not sure whether you're clearing cookies that will be saved, or cookies already saved.
Well I do not find this surprising. You should just use the Internet and associated products with the assumption of no privacy. If you do not have this assumption, you should read every line of the privacy policies. Even then make the assumption you are not safe. Mistakes and screw up happens. Hackers happen. "0day happens." Even if that information is "protected" it might still get out anyway. Assume they are collecting *.
They're all probably collecting tons of stuff, but I for one will not use Gmail or Google Talk. I make the assumption that they are data mining everything I do.
But Google does.
I'd be interested to know if this information is covered by the DPA for UK residents. Does search data count as personal information if the data is linked to an IP address rather than directly linked to my identity?
If it is then presumably I should be able to make a request under the DPA (without a court order) and they would be required by law to provide me with all information they have pertaining to me for a nominal fee within a certain time-period (I forget exactly how long).
Clearly IANAL and I don't know nearly enough about the DPA or international law to know if this applies. Any actual lawyers about there who can clear this up?
Spelling mistakes, grammatical errors, and stupid comments are intentional.
Oh, crap.
I'd be surprised if MSN knows anything about me, given that I never use MSN for anything. I only have one friend who uses MSN, so it's never been worth abandoning my principles and signing up.
People who use MSN are the kind of people who refer to their web browser as "the Internet".
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Say we accept our overlords as benign. Well a "useful" feature is clearly personalised search/news based on search history or email contents etc. This has been in beta in Google for some time. However what if in a workplace with a colleague looking over my shoulder I search for some innocuous term & it starts offering pornsites (which it knows being a single slashdottian I like) ? Problem is we all have secrets, closed areas ... if we use Google as our primary www interface & it works well then it's like we've written a diary - worse it has intelligent statistical mining in it that offers insights !
It could be the case that Google "knows" us nearly as well as our best friends but doesn't have the tact to keep its mouth shut at certain times !
Does anyone have any information on whether or not Track-Me-Not (which runs random searches against the big engines at random intervals) helps to confuse the trackers or not?
sPh
There are precedents for suing yourself, so the door is open a crack. Actually, no matter what the TFA implies, I imagine that search history wouldn't be the most interesting piece of information you could find about yourself, if you arm yourself with a good subpoena against yourself.
I can assure you, the best way to get rid of dragons is to have one of your own.
I have a VPN tunnel to a hosted dedicated server I setup as a proxy to my home connection. All my home traffic first passes through it encrypted. I share this box out to a few people. To establish connection with the proxy requires secure vpn. At home, I have 2 firefox items in my menu. One for my casual browsing, and another that connects to the proxy and request it to even anonymous communication even further using tor. This, plus not saving cookies beyond session helps me feel at least a little more secure that I can't be easily targeted. It also removes the case of my ISP being able to turn over anything useful on me.
I don't see what the big deal is here. Everyone should just use Google. They said they don't do any evil, so they must not.
In some places (eg the UK) there are laws about the retention and usage that companies can make of the personal data that they accumulate on their users.
The UK Data Protection Act (which applied is if goto www.google.co.uk but not if I go to www.google.com) restricts the use and onward resale of personal data.
It also allows me to (upon the payment of a small fee) find out what data they hold on me.
Other countries may or may not have similar/better/worse provision for data protection.
Hint to readers.
make sure you look at all those small tick boxes when signing up for online services. In many places there are options to opt out of your data being used for marketing purposes amd even onward resale. This should stop most of any abuses.
In the UK, the Data Protection Registrar is the Govt Agency responsible for protecting your rights. They like to come down hard on companies who abuse the act.
I should have the right to receive, for free, a copy of any information a company has about me. It should be the same as with my credit report. By law (in the U.S.) you are entitled to a free copy of your credit report every year. I don't see why this concept can't be extended to ALL personally-identifiable data. For example, look at the way Google allows people to see their own search history. A law is needed, a "freedom of information" act, if you will, except this one should be applicable to organizations other than the government.
I think its wrong on the part of big search/email engines to log information about its user. For example whenever I use gmail and suppose I am writing an email to my sister asking how she is after her hernia operation, next time when I enter gmail I see all these ads on its interface about medicines/solutions for hernia. This clearly states that all this information is logged somewhere. Seems like we all need to be careful about what we typein our emails. I like how the physical world functions. If I go to a bookstore and buy a specific book, I am not bombarded by similar books the next time I go there. I again have the pleasure of browsing the whole selection rather than having options thrown at me without wanting them. Even though the internet has a larger catalogue of options, sooner or later everyone realizes that through their so called clever use of cookies and information logging we always get the same boring things thrown at us. These online companies do not believe in diversifying the customers options but it believes that if someone buys an action flick, they will always be buying the same genre. Atleast in the real world I am not pre-judged on my previous transactions.
You can mostly protect yourself from this if you use Google and a few simple tips:
1. If you have a Google account, make sure to disable search history and clear your previous searches. Also only login when necessary, not for general surfing.
2. If you get use Firefox get the CustomizeGoogle extension, it allows you to disable Google click tracking and also the Google Cookie (along with a bunch of other nice options like ad removal).
This still won't protect you from your local browser history on your computer, or from your own IP address, you can use a proxy to help conceal your IP from Google, and clearing your local history is easy enough. It really depends on how paranoid you are as to how extensively you wish to cover your tracks.
Finally, another choice is to use the Scroogle Scraper for your general searches, which is basically a totally anonymous Google-front end without Google ads.
Can you tell me what I did to piss my wife off yesterday, she's acting like a real bitch!
It is time to trademark all the things about you that make yourself unique. Then, they cannot buy or sell your info without your expressed permission, which you don't do,
My identity is not for sale, thank you very much. My personal details, aren't for sale, thank you very much.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Good luck finding a home computer that will host that cookie for 30 years.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Maybe they don't, but I have to assume that they do.
I'd assume that your dedicated server has the same sort of issue.
Imagine someone accessing all your data from Google by pretending to be you, that's more disturbing than not being able to access the data at all.
If you live in the UK, then it *is* legally available to you under the Data Protection Act 1998 (for a maximum of £10). Under s.7(1).(a)(b)(c), they are required to give you a access to "the information constituting any personal data of which that individual is the data subject" (s.7(1).(c)(i)).
Go ahead and try.
I was in the process of refinishing my basement. It had existing cinder-block walls that I chose to leave partially bare along with conventional sheetrock walls which I added. So, not being clear if the same Latex based interior paint would adhere equally well to both types of walls, I googled for "Latex Bondage"
I got a lot of unrelated hits......
A goal is a dream with a deadline
You still run into the problem of association by IP address unless you use a proxy.
What I think is best, is use two browsers, and set one up to use a proxy (preferably Tor, because it's better than just a single, basically untrusted, proxy), and do anything sensitive/private there. Don't ever log in there, and set it to get rid of cookies at the end of your session.
Apple's Safari browser has a nice mode called "Private Browsing" where it pauses adding anything you enter to the History or to saved form values, and when you turn it back off at the end, purges the cache and cookies. Although it's not that difficult to clean that stuff in Firefox, it'd be a nice option to see other browsers adopt. (Frankly, it would be nice if they built in Tor/Privoxy, so that when you activated the feature, it automatically started sending your traffic through the onion-router system, but that's an additional level of paranoia.)
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Since it is being /.'d.
What do Google, Yahoo, AOL and Microsoft's MSN know about you?
MERCURY NEWS SURVEY REVEALS THAT PERSONAL INFORMATION ISN'T AS PRIVATE AS YOU THINK
America's top four Internet companies, Google, Yahoo, AOL and Microsoft's MSN, promise they will protect the personal information of people who use their online services to search, shop and socialize.
But a close read of their privacy policies reveals as much exposure as protection.
By Elise AckermanMercury News
The massive amounts of data these companies collect, which can include records of the searches you make, the health problems you research and the investments you monitor, can be requested by government investigators and subpoenaed by your legal adversaries.
But this same information is generally not available to you.
The risk is that personal information that can be traced to you will at some point be provided to someone else, like the 20 million AOL searches that were published on the Internet at the beginning of August and are now causing random AOL users to admit that they looked for ``movies for dogs'' or ``welley shoes.''
Two months ago, the San Jose Mercury News began asking the Big Four Internet companies to clarify their privacy policies. The newspaper wanted to know precisely what information was recorded when someone made a date on Yahoo, sought help for addiction on MSN or plotted their daily peregrinations on Google maps.
How long was the data kept? Could someone's Internet searches be cross-referenced with their horoscope habit? Could a person find out exactly what was stored about him or her? Could a person ask Google, Yahoo, AOL or Microsoft to delete that data?
How often was personal data being requested by law enforcement? Could someone subpoena someone else's searches in a civil suit? Was this happening?
Few answers were forthcoming.
Google and Yahoo both said they kept data ``for as long as it is useful.'' Microsoft said it kept data ``based on needs to run and maintain our online services effectively while protecting user privacy.''
AOL said in an interview that data was retained for ``roughly up to 30 days'' -- but that turned out to be not entirely true.
The companies declined to provide any details about how often user information was given to law enforcement or to others.
``If these companies can't give definitive answers about how they are handling this incredibly sensitive and private information, Congress needs to demand answers from them,'' said Kevin Bankston, an attorney for the Electronic Frontier Foundation, a civil liberties group that has asked the Federal Trade Commission to investigate AOL's disclosure of search records.
A few weeks after the Mercury News made its request to the companies, AOL published the searches of approximately 658,000 AOL users on a public Web site as part of an effort to share data with researchers. The searches, which were done from March to May, provided an incredibly intimate glimpse into the life of the searchers.
On March 1, AOL User 310416 looked for ``how to self induce your own labor.'' A few days later she searched on ``true contractions,'' then she did an ``inmate search,'' which took her to the Illinois Department of Corrections. Later in the month, she searched for ``bedbugs'' and ``matress sets in illinois.''
AOL User 792334 looked for ``aol privacy guard,'' before progressing to ``tan ropey bowel movements'' and ``symptoms of parasites.''
Some users looked for child pornography and sex partners. Others sought the ``best way to avoid jury duty'' and ``misdamenor extradition to alaska.''
According to an analysis done by the Electronic Frontier Foundation of the AOL data, 106 users typed in what appeared to be Social Security numbers. More than 3,700 users typed in what appeared to be phone numbers, while more than 4,000 users entered what appeared to be a street address.
All of which showed how easy it would be to
Error 001
Security Scan and Virus Detection do not work with your operating system.
My grocer already knows my order when he sees me coming. Not that he gets them then for me. He already has gotten them ready because he knows when I arrive.
Invasion of privacy OR bloody good service I happily pay his slighly higher then average prices for?
God I love corner stores.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Crap! You mean they can subpoena Blizzard and find out that I'm the one who slaughtered all those Shadethicket Stone Movers and Bark Rippers near Fallen Sky Lake on Sunday night?
Read any good sonnets lately?
Only three sites came up....an "animusic" video clip....the website of a nearby community college....and a site entirely in what appeared to be German....the image was suppressed by my work computer (as were the other two), and I have no recollection of visiting such a site - particularly given that it's in a language I don't understand.
A bit puzzling
A goal is a dream with a deadline
Edit > Preferences > Cookies > Keep until: I close Firefox
No jokes, please
Hey you can just hire intel to purge all your data. They seem to be very good at it.
Everyone concentrates so much on which services are collecting information and what information they are collecting. The next, and more important, question is rightly,"What are they doing with it?" I'm not talking about the generalized vague notion that everyone has: they're selling it. Yes, of course, but to whom are they selling it? Do they portion it out or do they sell the entire database in raw csv format any time anyone asks? Is there a subscription service to receive weekly or monthly updates to the dataset? Is there any effort made to screen the people who offer to buy the dataset to ensure that they will similarly protect the privacy and security of the consumers represented within it? Are there services which will cross-reference the various databases to infer data which cannot be directly collected for legal or technical reasons? Are there services which buy these datasets which offer to correlate them with tax records, grocery card clubs, and DMV records?
The answer to all of the above questions, of course, is "yes--to the worst extent possible and with absolutely no conscientious consideration for the consumer from whom the data is being mined". Take it for what it's worth. Twenty years ago the hospital kept records, the insurance companies kept records, the banks and retail outlets kept records, but they weren't so ready and apt to cross compile and sell those records to hundreds of political and fringe religious groups posing under infinitely ambiguous names such as International Financial Consultants, Ltd.
the NPG electrode was replaced with carbon blac
Personally i find it a little scary that big corporations have access to personal information like this. It doesnt seem justified that something like a search, which should be private, is public to advertising companies and others. Why should large companies be able to go through that information when we cant access it ourselves? I think if anyone should be able to grab my search history, it should be me, not the big name company looking to get more of my money. It almost feels as though im being watched through the screen when i search google for information that i'd like to view. Thats not a very comforting thought to me. This information should be kept private and not given away to anyone without consent of the person in question.
Hey, Everyone needs to name their computer hard drive "Guest" and only use your "Guest" broswer when surfing the internet. This way the more people that do this the harder it will be for pin point whose computer it was.
Pass it around!
http://hexedigital.com/
Sure, they can track a session that way, but close your browser, start at www.google.com, and there's no session id in the URL any more.
Really, really scary.
The difference is your history of search queries and your private email isn't public record. Sure, magazine subscriptions and the stores where you shop are enough info to lump you into a vague category of "marketing preferences", but it's nowhere near the level of detail that Google/AOL/MSN could compile through your login.
It wouldn't be too hard to create a script to randomly search on 5000 different terms a day from a dictionary. Then it would be nearly impossible to see that you were searching for actual info or an automated script did the searching.
Ninjas don't carry tic tacs
http://tor.eff.org/
But unique URLs will only work within one browser session. Just log off after searching for duct tape and before searching for hamsters.
Have gnu, will travel.
Forbidden /money/microsoft/04/09/what-microsofts-msn-google- yahoo-and-aol-know-about-you.html on this server.
You don't have permission to access
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
That link is dead - is there a mirror somewhere?
You would think by now that most people would have realized a long time ago that nothing you do on the Internet is private. Also just because a company like Google or one of the others wants you to think that your information is private it almost never is...learn to read the fine print..i thought that this was a concept that most learned at a young age. But then the question also comes down to yes it may be an invasion of privacy but unless you are doing something extremly illegal..why do you care if they know what you are doing on the Internet...if you are that worried about them knowing dont do it.
that's unless you have GPS of course.
I had never thought much about it before, but I once I read this article, I couldn't help but to agree with it: http://www.vegasrex.com/2007/01/26/there-is-no-suc h-thing-as-profanity/
Isn't it all about the context?
There are no such thing as "bad" words in and of themselves.
That's only a problem if you never log in to gmail or some other personalized service. Once you do that, Google knows it's you. Sure, it can get confused if you log in from a friend's computer that never logged in to gmail before but has a Google cookie. Sure would be funny if all your friend's searches were linked to your Google profile that way.
Once upon a time, I wondered in print why no activist virus writer had yet created a virus that simply watches for Windows dialog boxes that look like license agreements and then automatically simulates pressing the "I Agree" button. If widespread enough, this would render the legality of such "buy before you agree" licenses moot.
Here is yet another candidate for activist virus writers: a virus that secretly submits searches and performs browses to "spam" the spying that ISPs do on their customers. It could make regular searches and browses for ever-expanding variations of things like: "murder", "real estate", "bomb making", "viagra", "assasinate", "penny stocks", and so on. Eventually, spying advertisers would have to conclude that everybody wants to buy one of everything, and spying governments would have to conclude that everyone is a terrorist.
I have no wish to help criminals evade the law, but I have a greater wish to screw with anybody who thinks they have a right to spy on folks without a court order.
I have to say that some things that we type in needs to be private information. There may be certain things that we just cannot let other people know about. I understand that can not type it in if we do not want other people to know about it. However, it still just seems like it just violates our privacy. I also do not understand how we do not have access to our own information on the web and yet others like goverment officals and legal adversaries can acquire them. It just does not seem fair without a VERY GOOD reason for it. For example, a witness is subpoenaed to go to trial because he or she saw a crime happening. I think that if anyone were to have our information, it would because of illegal activity, Other than that, I feel like it is a violation to privacy.
Keep Your Parents Off the Internet!
I suffer from attention surplus disorder.
Fixed Link
I have multiple boxes on 24x7 at home. Loads of wasted cycles...
...
How about a bot that throws searches at these guys - Can Google
filter out the noise? Probably something like this already exists..
a firefox plug in or some such..
Perhaps this is what Google/MSN/Yahoo etc fears the most - people
taking counter measures to screw up their valuable keyword database; these
counter measures impacting other algorithms ; bots "clicking" on ads
Forget about covering your tracks by emitting lots of random searches. If you've done something bad and they're looking for evidence, they'll be looking for matches between your search history and the event under investigation and will ignore the cruft. They have enough capacity to keep the whole history, you can't issue enough searches to blow it out (they'd block you thinking you're a bot before you got there).
Remember why you're using a search engine in the first place. It's more convenient than asking around, more comprehensive than all the personal recommendations you'd ever gather. You're paying for the convenience with surrender of privacy. The more privacy you surrender, the more convenient the search engine can be for you. Seems like a fair exchange and no monopolistic lock-in.
Remember too why the search engine is so big and powerful. It gets revenue from effectively targeting ads and sponsored links to the you it knows about, and uses the profit from this revenue to grow bigger and more knowlegable. So it's not really in your interest to succeed in thwarting its attempts to know you better.
Finally recognize that the biggest risk to your privacy is not what the search engine *wants* to do with data about you, it's what it can be compelled by law to do. The search engine does not force you to stop doing whatever nefarious thing it is you do online or offline; it is not going to rat you out to your wife, boss or fellow-travellers (unless they're looking over your shoulder while you use it). But guys with badges can and will.
So if you really want privacy and a convenient, powerful search engine, prevail on your local search engine to change its privacy policy. Have them commit to scrubbing all personally identifiable information (ip address, user name, address...) out of their logs within a very short period of time (a few days). Let them replace it with anonymous but nearly unique placeholders which are themselves periodically rehashed. That way, they can keep short stretches of useful patterns, but lose all of the connection to the individual and can't collect really long-term patterns either. You lose a bit of the ultimate convenience that might be gained, but gain a lot of protection from subpoena.
There is no law that requires search engines to keep the raw personal information for any particular length of time (in the US, at least). There may be a gentleman's agreements in place to keep the data for a while so it can be subpoenaed (actually getting the data still probably requires a subpoena), but that can change if the search engine clearly understands that its business would suffer if it refused to change.
delete your index.dat's as well.. you'd be surprised what lurks there.. Everyone datamines their customers.. Your bank, CC agencies know a lot about you.. so does anywhere you shop with a rewards program. In this cashless computerized economy what people know about you is actually astounding. Ever see the pizza ad where the call taker tells you what you can buy based upon your health and so forth.. and you must pay much more because of recent crimes in your area.. and if you want double meat (more nitrates) you have to sign a disclaimer so if you get a heart attack you won't sue them.. oh btw they know your recent purchases and your credit as well... Your ISP can know a lot more about you than you realize as well.. ever notice how often just to view something you must register and login these days.. datamining... googles targeted ads... adsense.. live words.. it just goes on and on..