Slashdot Mirror
Google Offering Cash For Your Cache
pigrabbitbear writes "The gradual transformation of the web into an ultra-personalized, corporate-owned social space in the cloud has raised more than a few legitimate concerns about data privacy. Google, for obvious reasons, has always been one of the top cheerleaders for this metamorphosis. Touting a fresh new privacy policy that allows data about you from all of their services to coalesce, they've recently been particularly bullish about rendering that increasingly realistic digital portrait of you that lies stuffed away in their servers. It has led us again to question: How much are we comfortable with our machines knowing about us? How much is our privacy really worth? With their new program, Google is now asking those questions quite directly, and preceding them with dollar signs. Are we all on the verge of making our own information age Faustian bargains?"
Alright, when I heard about the privacy policy changes, I thought "oh, well, not like they will really be doing anything new." Yet almost instantly afterwards, we see two attempts on Google's part to grab even more data. The first question that comes to mind is why they want it so badly. If they are ready to pay you for browsing history, this is not simply about getting ad clicks from you personally. I doubt they would ever recoup the money they spent from whatever slight improvement in ad targeting they would get. No, something deeper is at work, and as someone essentially locked into gmail, I am extremely uncomfortable even considering what they are up to. If this is Google's future, it is time to cut my losses and go anywhere else.
Great Intellect...
Well, given what they could assimilate on most users, they know who you are, where you live, your medical problems, your political leanings, and your sexual orientation. I think that would give pause to anyone who is, or would ever like to be, employed.
While I don't envision them doing anything evil with that data, I can most certainly envision it being possible.
"I am really not concerned at all with anything I can envision them doing with that information. In a word, meh."
The fact they are going to pay what is likely to be, in Google terms (think ad click cost), a huge sum should send up some red flags. (If it isn't that much, then it isn't going to be worth installing the plug for most users.) They stand to profit a lot from this data, else they wouldn't pay for it. Keep in mind all the data they receive for free.
Great Intellect...
After all the buzz made around the coming merge of private data indexes, that new offer - get money from Google in exchange of your websites visits information - is a way to show users that, actually, and unless you request it, Google is not inspecting your web searches. This is a reassuring move.
Slashdot, fix the reply notifications... You won't get away with it...
I am really not concerned at all with anything I can envision them doing with that information.
And that's the problem.
Nobody knows what the future will hold in terms of laws and governance. The things that you do today, that are likely well within the limits of the law and likely of no interest to the state, may make you an enemy of a new state tomorrow. Your sig is an excellent example - suggesting that you might be an atheist could wind you up on a watch list of the future. Sounds preposterous, sure, but one never knows.
And yes, we're talking about handing what likely amounts to rather dull data over to a corporation. But again, you don't know who that corporation may hand that data over to tomorrow.
It's on America's tortured brow, That Mickey Mouse has grown up a cow
Well, my boss knows my political position (welcome to our wonderful world of politicial influence in pretty much any place that is remotely touching administration), he knows my medical problems (after all, he's the guy who has to sign my sick days), where I live (because he needs a place to send my mail to) and as far as I can tell, he doesn't give half a shit if I enjoy sucking off goats as long as I do my job.
That doesn't mean that I enjoy some random company having any data of me. Hence I usually give them more data than they want. Poison the cache with random data and let's see how they find out how they match up.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Does not matter what Google would do, just wait until all those data "leak" in some breach and the blackhats get their hands on it.
ohh.. There is already software for that, don't worry. After all facebook doesn't need you to tag yourself, they have already identified you and just wait for your confirmation.
In the summer I can remember Facebook identifying me in some photos nobody had ever touched.
Last month they wanted to verify some locations in Europe I've been photographed in
Next month they are going to be asking me where I was at the time of the murder of a member of parliament.
Joke aside feature recognition algos have become unbelievably efficient for location estimation and face recognition, I'm not sure if Facebook's questions are just deductive logic from the info your peers provide or if they actually try to produce data from the images but the later is equally doable.
-- no sig today
Remember the deported British twitters from America? They too thought that their information was no value to anyone and that it wasn't important. Well the Homeland security proved them wrong. How little you think about your details are irrelevant. Its what others think about them that matters. You might be absolutely innocent but if your browsing habits or facbook posts indicate to a possible power (goverment or otherwise) that you are a suspect then you'll have a hard time proving your innocence. You might be able to do that but is the hassle worth a couple of hundred dollars?
Does not matter what Google would do, just wait until all those data "leak" in some breach and the blackhats get their hands on it.
That's always possible, of course. As someone who works on securing data at Google, though, I have to say that I think your data is safer in Google's servers than just about anywhere. Almost certainly safer than on your own computer. Prior to joining Google I spent 15 years working as a security and privacy consultant for companies all over the world, big and small, so I have a pretty good feel for the state of information security around the world. In my expert opinion, Google does an excellent job. Far better than, for example, your bank.
I'm not sure how much I'm free to say here, so I'm not going to give any details. I'll just say that Google has excellent security infrastructure, and uses it well. Google's security operations teams review everything that remotely touches on security or privacy, and they're world class. Much of my work touches on the cryptographic security infrastructure, and I love the fact that I get my designs and implementations reviewed by serious cryptographers. I also love the fact that in the year I've been with Google I've never yet had any potential security issue I raised be ignored. It's no accident that Google is one of the few major sites on the web that uses SSL for basically all of its user-facing pages -- it's clearly indicative of the "secure by default" mentality of Google engineers.
Even better, most of the security focus at Google isn't directed at keeping the data secure from outside hackers -- most of the threat analyses that I write are focused on preventing abuses by insiders. Not because Google doesn't trust its employees, but because insiders have the most access. If you can make it impossible for employees to access data, you can be pretty sure that it's secure from outside hackers.
Of course, sometimes employees have to be able to get to information. To address that Google has extensive logging infrastructure and systems to identify potential abuses -- and accessing information without a good reason is a firing offense, regardless of whether or not you actually misuse it.
Nothing is perfect, of course, and no real system is invulnerable, so I won't say breaches are impossible. I will say that they're unlikely.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.