Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Group Gives Google Lowest Possible Grade

Posted by Zonk on from the eff-triple-minus dept.

The Washington Post is reporting on a finding by London-based group Privacy International. In a new report, they find that Google has some of the worst privacy-protection practices anywhere on the web, giving them the lowest possible grade. "While a number of other Internet companies have troubling policies, none comes as close to Google to 'achieving status as an endemic threat to privacy,' Privacy International said in an explanation of its findings. In a statement from one of its lawyers, Google said it aggressively protects its users' privacy and stands behind its track record. In its most conspicuous defense of user privacy, Google last year successfully fought a U.S. Justice Department subpoena demanding to review millions of search requests."

31 of 260 comments (clear)

  1. A suggestion... by 313373_bot · · Score: 5, Insightful

    Google last year successfully fought a U.S. Justice Department subpoena demanding to review millions of search requests. Very nice, but how long until either Google loses some legal fight, or it simply decides not to fight?

    One solution to the privacy problem, in my oppinion, would be granting users, besides the ability of not surrendering more information than necessary for a given transaction, some effective way of deleting their personal data once done with Google, Yahoo, Amazon or whoever else.
    --
    ^[:q!
    1. Re:A suggestion... by Anonymous Coward · · Score: 1, Insightful

      they decided not to fight China 2 years ago.

    2. Re:A suggestion... by TheGreatHegemon · · Score: 5, Insightful

      Very nice, but how long until either Google loses some legal fight, or it simply decides not to fight? If Google loses the legal fight to defend their data from government violations, then you should be looking at your government, not Google for the privacy violation.
  2. Re:Links for nerds on stories that matter by Anonymous Coward · · Score: 2, Insightful

    Gives time for sensationalism without facts. After three months, they'll show their information and everybody will have forgotten about it, not caring enough to discover their faulty reasoning.

  3. Pot calls kettle black. by mooreBS · · Score: 5, Insightful

    Why are these people attacking Google. Privacy and anonymity are rapidly eroding in the UK. Hello! You've got bigger privacy problems than Google if you're living there.

    1. Re:Pot calls kettle black. by Stormx2 · · Score: 5, Insightful

      The whole "UK is a big brother society" thing is overdone. 99% of cameras are just local shops looking out for their business. Remember that the UK is densely populated and natural selection has ground the a halt; council estates breed criminals. Sure, there are a lot of cameras, but it isn't some government conspiracy that people make it out to be.

    2. Re:Pot calls kettle black. by bky1701 · · Score: 5, Insightful

      The whole "Google is big brother" thing is overdone. 99% of logging is just statistical. Remember that google is mainly an ad firm and they rely on statistics to do their job. Sure, there are a lot of logging, but it isn't some conspiracy that people make it out to be.

      --
      Great Intellect...
    3. Re:Pot calls kettle black. by suv4x4 · · Score: 4, Insightful

      The whole "Google is big brother" thing is overdone. 99% of logging is just statistical.

      Very funny. Statistical would imply they can't tie info back to you. When your mail, history, ip, browsing and search habits are all recorded in your exact account, it's not statistical. It's a disaster.

      Google can pull all this crap out since they're so trusted by the large masses. Companies are pushed to behaving good by customers not trusting them. Google just didn't get enough of that throughout the years, and here's the result.

      Funnier even, they seem to use their "goodness" as an argument here as well: the fact they fight back in court to protect that data isn't helpful. What would be helpful is that data is never collected in a way it can be abused, if god knows what happens (cracked server, loss in court, new law, insider leaking info etc etc)

    4. Re:Pot calls kettle black. by Anonymous Coward · · Score: 1, Insightful

      The whole "Oceania is a big brother society" thing is overdone. 99% of the cameras are only watching people when they are doing their jobs, or when they are at home. Remember, Oceania is at war, and we must be vigilant against spies. Sure their are alot of cameras, but its not a government conspiracy, they are just protecting us.

    5. Re:Pot calls kettle black. by janrinok · · Score: 2, Insightful

      If that's what you think, you, sir, are an ignorant.

      Well, ignoring the fact that it is not a complete sentence, I am not ignorant. But I have an opinion which differs from yours. If you cannot accept that some people might not agree with you then there is little point in you taking part in discussions. This forum is not the place for any particular group of people to enforce their views on everyone else, but to discuss and question various items of common interest to learn from each other and to share information. Of course, you view of what this forum is for might also explain why you post AC - but perhaps you have a good reason for hiding behind that title.

      If I am in a public place, then any number of people can see me. Whether they use their eyes, a video camera, a pair of binoculars or whatever does not change the amount of 'surveillance' that I am under. Thus, in my opinion, it does not affect my privacy one jot.

      However, you make the point regarding the 'correlation' of data: this is precisely the point that the study was making about Google. They are amassing a huge amount of data which, under European law, is more than is justified for the purpose of delivering data as a result of a user search. Of course, you will argue that they can process the data to improve the service and to better target their audience with more appropriate advertising. Under EU law this could easily be illegal. If you have read my post in full, which I will assume you have, the EU data protection laws also dictate how data can be aggregated, and what the aggregated data can be used for. This in part, I suspect, is what is causing the concern in the study.

      The cameras CANNOT track anybody. In each of the places that a camera is fitted there is a high probability that, at any given time, someone other than myself will be present. I never had privacy in that place and I haven't lost it now. The most that can be done is that a human being sits down and looks at each video tape and thus pieces together a specific person's movements. It is not done for everybody, nor even a large minority but for specific people who are currently the target of police interest. All the camera has provided is persistence of data so that the information that is contained on the video tape can be used once the police _know_ that a crime needs to be investigated. The analysis of tapes takes many thousands of hours, evidenced by recent police investigations into terrorist bombers. It is not a task that the police, or anyone else, undertakes without reason because it is prohibitively expensive in terms of manpower, time and equipment.

      In the US, where much of the criticism of the UK camera system originates, people are under a similar level of 'surveillance' by the aggregation of credit card data, form-filling, ISP logging and numerous other physical and electronic means. However, in the UK the surveillance is subject to specific laws with much stricter laws on how the surveillance data can be collected, stored, collated and subsequently used. I have no objection to the police force protecting me while I am in public, in fact it is what I pay my taxes for. I am content that they are using cost-effective methods of enforcing the law even if, unfortunately, camera information is used more in the detection rather than prevention of crime. I would object most strongly if their surveillance reached into my private life unless they had a damn good reason and had been granted the authority to carry out the surveillance under the relevant judicial process. In the US, it seems to me that every business believes that it has the right to collect and collate data - 'to improve the service' or to maximise its profits - and such action is NOT permitted under European Law, unless the collection and collation has been registered and given approval. Such data is then subject to periodic scrutiny at the whim of the appropriate authorities.

      As another poster has already pointed out, the camera

      --
      Have a look at soylentnews.org for a different view
  4. Re:Links for nerds on stories that matter by Anonymous Coward · · Score: 4, Insightful

    according to a watchdog group seeking to intensify the recent focus on how the online search leader handles personal information about its users. Seems to me that the goal of the study was to make a single company look bad and not to scientifically evaluate the privacy and then interpret the results.
  5. Amusing... by Anonymous Coward · · Score: 3, Insightful

    It's amusing how people root for the underdog but start to turn against it once it gets too big. I remember a time when M$ was viewed as a hero for scoring victories over the evil IBM monopoly.

    I suppose the lesson is that companies are never your friends, just allies of convenience at best. Something to remember the next time some slashbot claims comapny X will save the day because they are a friend of open source.

    1. Re:Amusing... by mrjb · · Score: 3, Insightful

      You have a point. But then what if open source gets too big?

      --
      Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
  6. Re:The Future of Google: Total Surveillance by Deekin_Scalesinger · · Score: 5, Insightful

    Why mod this down? I rarely put on the tinfoil hat, but they can have an awful lot of data for people who choose to use many/all of their services. It is an aggregate of many people's lives. Not saying that they are doing it, but the guy deserves more than a -1 for his thoughts.

    --
    "As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
  7. Re:Toppling the Top Guy by Anonymous Coward · · Score: 3, Insightful

    A bunch of soccer moms on another continent starting a consumer ban against a company supporting drug abuse?

  8. Google? Hardly... by StikyPad · · Score: 4, Insightful

    While a number of other Internet companies have troubling policies, none comes as close to Google to 'achieving status as an endemic threat to privacy,'

    They've obviously never heard of LexisNexis or Accurint. Unless they consider information on what web page you visited to be more infringing than, say, your full financial history, residence, court records, marriage licenses, property deeds, loans, phone numbers (including unlisted), etc., etc. Of course, that's all "public information."

    --
    https://www.eff.org/https-everywhere
  9. Yeah right by imsabbel · · Score: 3, Insightful

    > Google last year successfully fought a U.S. Justice Department subpoena demanding to review millions of search requests.

    Yeaha. Google protects the data from the Justice Department.
    But it DOESNT (and thats the point of the rating) protect the data from google itself. The google privacy idea is more or less "We are good. Thats why WE are allowed to do everything, and you WILL like it (trust us, we know you better than you do yourself)".

    --
    HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
  10. Re:You can't by Anonymous Coward · · Score: 4, Insightful

    Deleting accounts created on systems has always been a default consideration.

    As proper deletion should have been

    Not if the filesystem support and account management code had been properly written.

    You obviously have no clue how a filesystem stack works. Data is rarely deleted per se on *any* filesystem, simply unlinked and possibly flagged for later overwriting. Why do you think projets like this exist?

    Even if a file (if an email or google doc is even stored in what one would *call* a file) did get deleted, the indexing that is done would make at least pieces parts recoverable until their staleness is discovered, which could be a while.

    Even then, a good forensic analyist could probably recover something that had been allegedly deleted.

    Overwriting data to securely erase it is expensive on a desktop and approaching impossible on a busy server. This is why people who don't wear tinfoil hats will use Boot'n'Nuke or somesuch before selling a hard drive on eBay. You can't just delete something (even on your own computer, mind you) and expect it to be gone. That's not the way filesystems work.

    --------
    Check your facts at the door; be sure to pay a quarter!

  11. Re:Abuse of "anonymity" by Anonymous Coward · · Score: 3, Insightful

    That might be tough on you if people are threatening to kill you, but lets not pretend that the ONLY reason someone would want to be anonymous online is to threaten to kill people. What if I live in a country in which I do not trust my government or their agencies to protect me, indeed I suspect that my goals and theirs are diametrically opposed. Say I really like the idea of democracy but my state's dictator is rather set in his ways and would rather see anyone who advocates democracy swinging from the nearest lamp-post... Surely it would be good for me to have a way to protect myself in that situation?

    Obviously this is the most extreme example (and fortunately I don't live in a country in which I fear my government), but it's a damn good reason.

  12. This seems hilarious... by Darundal · · Score: 2, Insightful

    ...that a group based IN THE UK is giving anybody a grade on privacy, considering how much respect the government down there has for it.

    1. Re:This seems hilarious... by Anonymous Coward · · Score: 1, Insightful

      uhmm following the same logic i would say anybody in the US is fucked up, considering how fucked up the government up there is.

  13. Re:You can't by growse · · Score: 2, Insightful

    Bear in mind that if they offsite any tape backups, for them legally to have deleted your profile they'll have had to track down every single tape with your data on it and erase your data from that tape without disturbing the other contents of the tape. Similar story for any other sort of redundancy/replication/backup. If they don't do this, they still have your data. It's not as simple as an 'rm' command at a shell.

    Any large company that runs a datacentre has a really fecking expensive time actually removing a specific piece of data from it's premises. And because no company is 100% efficient with it's documentation, it can never be 100% sure that it's actually gone when it thinks it is.

    --
    There is nothing interesting going on at my blog
  14. There is a lot Google is by pcause · · Score: 4, Insightful

    Look at the entire scope of what Google does and you see that they want to know everything about you, and not some anonymous information. EMail is something you alomost always log in to. Many people set the login to remember them. Makes it easier to check you email, but once you are logged in your search queries are not anonymous. That is the reason Google has so many other things to try tog et you logged in and to stay logged in. For example, the have IM so that you've leave it running and yourself logged in.

    However, most commercial activity and interesting behaviors, the ones worth money to advertisers and others, don't happen at the search screen. This is why Google has toolbar and desktop. They want to watch all of the sites you visit and what you do on the sites. Using this data they build a detailed behavioral profile of you. But they also have way more information then your commercial behaviors. They know about a wide variety of sites and can determine if you look at sites about health issues, or other sensitive and personal behaviors.

    Google is a HUGE threat to your privacy. One could reasonably say that if you use many Google services and tools you have already given them such a detailed picture about you your privacy is essentially gone. And remember, they keep a 2 year rolling picture of the details about you. But they can also keep the "important" items they discover and toss the detail.

    And, to those who say "Remember that Google went to Court to prevent the Government from getting records", remember what Google said. They said they were doing this NOT to protect your privacy, but to protect their trade secrets. That means so that no one can found out the real details about what they track and know about you.

    Don't believe the "Do NO Evil" stuff. It is just clever marketing. They are a big company, just like all the rest and in many ways worse. Remember that they say that they want to index all of the World's information. That includes the very intimate and personal details about you!

    Many viewed Google as the anti-Microsoft. Microsoft just dominated a market. Is is really debatable whether Microsoft's dominance actually cost consumers financially, but if they did, it was just money. There is no question that Google threatens at least our privac and that is just the first of our basic rights that their behavior and business interests threaten to erode.

  15. Re:Abuse of "anonymity" by finkployd · · Score: 4, Insightful

    You know, you could have avoided a lot of trouble if you had published your Russian businessman criticizing webpage anonymously...

    Finkployd

  16. Marketing and Privacy are diametrically opposed by erroneus · · Score: 2, Insightful

    The subject line says it all. Advertising needs to know who the viewers are when targetting an advertisment. And the more accurate a description, the more "effective" an advertisment may likely be. So if they can collect a bunch of info on a user and set up a profile then advertising can be better targetted, be more effective and the advertising space provider can charge highter rates.

  17. Re:Links for nerds on stories that matter by Anonymous Coward · · Score: 3, Insightful

    It also points out that they don't always consider privacy implications If it's visible from the street, you have no expectation of privacy. There are no implications. End of story.
  18. Re:You can't by deskin · · Score: 2, Insightful

    People who think that the idea of being able to delete your profile is in any way simple or trivial are deluding themselves. Google themselves have said that because of the way GFS works they can *NEVER* know when a piece of data flagged for deletion is actually no longer recoverable. That fault tolerance and redundancy is built into the design. With a little work using cryptographic techniques, all companies such as Google could encrypt all their data, including all the data for individual users, with individual keys; then, erasing the data is a simple matter of forgetting the key. In reality it wouldn't be completely trivial to develop and use such a system, but it is certainly possible without too much headache.

    Why don't they do this? Because no one who uses their services really cares.
  19. Re:The Future of Google: Total Surveillance by CRC'99 · · Score: 2, Insightful

    The problem is they keep all your search results, with tracking cookie. Google is in bed with the CIA: http://www.disgrunt.com/blog/2006/10/27/former-int elligence-agent-says-google-in-bed-with-cia/ Have any of you guys seen the new gmail? I won't use it...it has a built in calendar, word processor, and of course, permanent email storage, converge this with permanent tracking cookies, logs of all search requests from your IP, and of course google earth/maps (will go live eventually as the technology changes) and you have the recipie for total uncontrolled surveillance.


    Well duhhhhhhhhh.

    Google have been honest and upfront with all this information that they store. Thats why people know about it. If you don't like that, then don't use their services. You don't like the fact that they store your searches, then use another search engine. Don't like that they index your email? Use something else.

    I have no sympathy for the people who jump up and down about this stuff. You choose to have these details stored by using Googles services. If you don't like it, don't use it. It's not that hard.
    --
    Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
  20. Re:The Future of Google: Total Surveillance by ozmanjusri · · Score: 2, Insightful
    Yes, the look on Bush's face when told "America is under attack" was the look of someone who had planned the whole damn thing.

    Hey, the guy was surprised.

    You can't blame him for that. Let's face it, none of his other plans have been successful.

    --
    "I've got more toys than Teruhisa Kitahara."
  21. Re:Links for nerds on stories that matter by antikronos · · Score: 2, Insightful

    Wake up. GMail is the worst of all services they offer. Google has admitted already (you should read their privacy policy) that Google scans and stores all your (g)email. They don't need an ip-address because you log on, which is more accurate then your ip. Google is able to connect the (eternal)-cookie to your ip to your Google account to your bank/paypal account. From the moment you create a Google account the certainty of previous identity guesses, such as ip cookie and user-agent increases tremendously, and they will be able to reprocess previously collected information. Not showing your ip in the mail-header should not provide you with any level of comfort.

  22. Re:Links for nerds on stories that matter by Flamsmark · · Score: 3, Insightful

    Anything that can be seen in a public place is not private. Period. Anyone can go out into the street, take whatever photos they want, and publish them however they please. When in a public place, one should have no expectation of privacy.

    --
    copyright © 2005 Flamsmsmark the ravings of a melancholly i