Slashdot Mirror
How Do I Keep My Privacy While Using Google?
hubert.lepicki writes "I use Google all the time. I keep two GMail tabs open when I'm online (one is private, another is a corporate account), I use Google search, and recently I switched to the Chromium browser. Google's services are fast, easy to use and usually reliable. At the same time, I know Google is tracking everything I do; I can see it in search results or their ads on web pages, which tend to match my interests. After the recent post by Mozilla's community director suggesting Bing has a better privacy policy (a response to questionable comments from Google CEO Eric Schmidt), I started to... 'google' ways of keeping my private data safe while browsing and using Google services. The results weren't very helpful, so I ask you, Slashdotters: how do I stay anonymous to Google while using their services?"
Why not use Tor for search queries? Your gmail is obviously a different story, because using Tor wouldn't make much difference for Google. So set Opera or Chrome to use Tor, and you're set for that part.
# cat > /etc/hosts ...
> google.com 127.0.0.1
> doubleclick.net 127.0.0.1
> youtube.com 127.0.0.1
> google-analytics.com 127.0.0.1
> #
> EOF
I use my butler Jeeves for everything. He arranges my travel, does my bills, and picks up anything I need from the store. He is fast, courteous and usually reliable. At the same time I know that he is aware of everything I do; I can see it in the way he can often provide suggestions which tend to match my interests. Do to some misplaced comments of his, I am now suspicious that he may not respect my privacy. How do I remain anonymous from my butler while still having him provide all the personal services that I am accustomed to?
This is like a steer asking, "how can I keep getting this free food and board without being taken to the slaughter house later?"
To Google, you are the product. They are selling advertising. More specifically, they are selling your attention to marketers. Giving you privacy is contradictory to the entire purpose of their existence. They give you nice, fast, free stuff to keep you hooked in to their services and to keep collecting more data so that they can sell more advertising.
There is no privacy using Google services. There never will be. They will keep encroaching into your private info as far as you let them.
Wow!
Your post is so specific and yet almost completely unhelpful at the same time.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
They arn't publishing your search history in the newspaper ..
They are keeping it, and sharing it with secretive agencies. You may think you have nothing to hide, but you don't know which way the political wind will blow in the future. Maybe you'll be a dissident to those agencies later on...
You can't take the sky from me...
Welcome to the new Slashdot, where everything Google does is great, and only people with something to hide would care about privacy.
My, my. Slashdot sure has changed.
If you let it slide that a company tracks everything you do, that then becomes the norm, and you no longer have any privacy anywhere. The opportunities for exploitation of this data are too numerous to list. You don't know whether or not Google is selling your data to unscrupulous persons, and with a CEO who says only wrongdoers have something to worry about when it comes to privacy, chances are that advertisers know all about you at this point.
Let me get this straight. It's okay for a company to index all your information so that advertisers know everything you do, but it's "scary" when a credit card company does a good thing and uses info on your driver's license as a security confirmation over the phone? Are you for real?
only people with something to hide would care about privacy
An entirely correct position. The place where the argument breaks down is that there's nothing wrong with having something to hide. For example, I would very much prefer it if my Slashdot password remains a secret, and there's nothing wrong with that.
I work for a company that supplies a specific unique service(Laboratory Service). I use a work gmail account for testing/backup. My personal email is not gmail. To my surprise after using gmail I starting getting spam to my personal account to do with Lab stuff. And some ads in gmail clearly are oriented to my personal stuff. As far as I know I have never crossed the two and strickly keep personal matters out of Gmail.
As with a comment above, "if you have nothing to hide", I don't have anything to hide. But it is somewhat unsettling.
In post Patriot Act America, the library books scan you.
There was an old russian KGB adage which went something like "everyone has committed a crime, it's about who we decide to prosecute".
Or you can just Opt Out
Welcome to the new Slashdot, where everything Google does is great, and only people with something to hide would care about privacy.
For people who don't 'get it', compare the situation to getting frisked by the police.
The principle is exactly the same, but the practical difference is that Google's invasion of privacy
causes you no inconvienence... which somehow makes it okay. Out of sight, out of mind.
[Fuck Beta]
o0t!
They arn't publishing your search history in the newspaper ..
They are keeping it, and sharing it with secretive agencies. You may think you have nothing to hide, but you don't know which way the political wind will blow in the future. Maybe you'll be a dissident to those agencies later on...
Anyone who has studied history and actually learned from it would come to the same conclusion. I'm amazed that there is anything resembling controversy over this.
It is a miracle that curiosity survives formal education. - Einstein
Yes, I've thought about this problem and I've also read about TrackMeNot. Unfortunatly, TrackMeNot has some serious flaws:
1. It randomizes search terms instead of following believable search patterns. Example 'search stream': Shoes, virus protection, Hannah Montana, flamethrower "do it yourself", Hawaii, spark plugs, military surplus, speaker system, Exhaust Flame Thrower Kits... It's pretty easy to see what's real and what's fake.
2. People tend to use search engines in bursts. When I last used TrackMeNot it sent off search queries at regular intervals. The decoy queries would be easy to filter out.
3. Nobody would really be willing to let queries like "donkey sex" or "how to kill the president" get fired off by the software. For true privacy, those would be the most important terms to make the list, so that if someone really *did* search for those, he could just say that it was the software making automatic requests.
I had an idea to fix this:
1. The software would have to monitor your search engine usage and match your searching bursts and searching frequency. Those things can't be hardwired into the software or else algorithms would so some fingerprint-matching on your search queries.
The next part is a little fuzzy:
2a. For every 'search burst' you make, the software can ananomously post the search terms to a central server that other clients read and use as decoys. The problem is filtering out truly private data such as address and names.
2b. If not that, maybe the software can just go loose on the web and look up possible related search terms to search for.
Of course, I'm thinking beyond simple privacy against advertisers. More like legal protection.
1) Use different browser profiles for different web applications.
If you start firefox with these options: -no-remote -ProfileManager it will allow you to run multiple copies simultaneously, each with a separate profile (different set of cookies, different set of plugins, different skins, different bookmarks, different histories, etc).
I create a specific profile for each major web app - I have one for IMDB, one for google searches, one for google mail, one for google voice, etc. And one for generic browsing.
Each profile has a couple of add-ons:
Adblock Plus - general catch-all to block things like doubleclick and the million other trackers
CookieSafe Lite - for fine-grained control of what sites can set cookies
NoScript - for fine-grained control of what sites can use javascript and flash
Redirect Cleaner - for removing those "bounce links" that a lot of sites use to track you when you follow a URL off their site, with the cleaner you go directly to the destination URL
RefControl - for clearing out or rewriting the referrer URL - prevents sites from knowing where you came from when you clicked a URL to their site, sometimes helpful in accessing poorly 'restricted' content
Targetted Advertising Cookie Opt-Out - sets special cookies that sites may choose to obey to say "don't profile me" since these TACOs are not unique-per-user, I figure it can't hurt although it probably doesn't do anything
User Agent Switcher - Lets your browser identify itself as a different browser - this is very important
Ghostery - Informational Only - tells you what tracking sites may be tracking you on any given page (does not block them, and you get false alarms on sites where NoScript blocks javascript, but it is still good for situational awareness)
Better Privacy - Blocks new stealth "super cookies" in Flash and DOM Storage Objects. VERY IMPORTANT
Using the above plugins, I do the following in each profile:
1) Set NoScript to only allow javascript from the one website the profile is intended for - and block flash as much as possible regardless due to cross-profile flash cookies
2) Set CookieSafe that same way and then only for per-session cookies
3) Block and/or auto-delete Flash and DOM Storage cookies with Better Privacy - note flash cookies tend to be shared across all profiles because they go in a folder under "Documents & Settings" on MS Windows and ~/.macromedia/ on Linux. I am still looking at ways to force each profile to use a different directory for flash cookies - until then, block flash as much as possible and auto-delete cookies frequently
4) Set the User Agent to be different in each profile - this gives the appearance of multiple users behind a firewall which is key
5) Load a different theme or skin for each profile to make it easy to visually distinguish between windows so you don't accidentally start browsing the web from your gmail window or vice-versa
All that is a little bit of a pain to set up, an hour or two total. But once in place, I think it is a reasonable compromise for reducing the risk of having your personally identifiable information gleaned in services like Google Mail from being automatically cross-referenced with your browsing habits. I am considering taking it a step further with FoxyProxy configurations to use
When information is power, privacy is freedom.
http://wikileaks.org/wiki/EU_social_network_spy_system_brief%2C_INDECT_Work_Package_4%2C_2009 .coms. :)
Is just what IP tracking is for. You can have all the IM and browsers you want, over time the database logs 'you' and your friends once a set of "dictionary" words are tripped.
Every search and IM is now "Signals intelligence" to the gov and marketing to the
Or you can sell the 'data' to the gov too while running a marketing front
Domestic spying is now "Benign Information Gathering"
They do have extra info - flash cookies. I can safely bet 99% of you never remember to clear them, and for example Gmail/Google's services explicitly uses them to match IP changes (or use of proxies) with a single computer.
Funny thing is their ToS "Google may store cookies" probably covers flash cookies too, even if everybody would think they wouldn't use such tactics. And who said Google is not evil?
I don't know about you guys, but if they decided to shut down my account it would be pretty devastating - I backup a lot of information and important e-mails only on gmail.
Well, that's your problem right there. No online service should be treated as a backup system, nor should you allow yourself to become totally dependent upon it. Period. Store your stuff on your own equipment, and burn it to a disc now and then if it's that important. I don't trust Google or any other corporation that offers free services to be there tomorrow: remember, anything free is worth exactly what you paid for it. Take steps to preserve your data: that's your responsibility, not Google's.
The higher the technology, the sharper that two-edged sword.
Blocking Flash should be the default for anyone concerned about privacy, anyway. And with the BetterPrivacy Firefox add-on can in addition clear your Flash cookies between browser sessions, so even for things like YouTube where you absolutely need Flash the tracking ability is at least reduced (of course you'll have to regularly close the browser for it to be effective).
The Tao of math: The numbers you can count are not the real numbers.