Your searches would still count towards their overall statistics, which Google in turn would tout and use to generate additional revenue from those paid ads.
Then pollute their data (their are Fifefox addons for that) it'll make them irrelevant.
No because Google has an access control system. You can have privacy, you just have to pay for it.
Seriously, Privacy is a right, you do not have to pay for it!
One can wonder what privacy expectation we should have for the future with nano technologies. I can imagine the defense of Google lawyers: "Yes we can go to your bathroom, after all bugs have the right to go there too".
I admit that the law should not ignore the technology, but that does not mean that technology should dictate the law.
If you want to boycott Google, just stop clicking on their ads. You can still use the engine they won't earn any money from it. If you see an interesting ad, just copy/past the url address. Plus, the websites won't have to pay for the ads (who knows, maybe someday they'll reward users that do not click on adwords)
We should also put Google car alerts. When one is detected we should put "anti-google" pictures in front of the camera. Another idea could be to find a (non-obscene) picture that Goolge does not have the right to reproduce on the Internet (for instance, with an appropriate copyright).
Any website can record the IP, the referrer, the screen resolution etc... I agree that it is more problematic with Google since they gather lot of information from the search engine (searches you make, links you click on) and from other sources like Google analytics (there are so many websites using it now...). ( By the way, I noticed several connections to "safebrowsing.clients.google.com" and " s.ytimg.com" which also belong to Google. I donâ(TM)t' know what they are, does anyone have a clue?)
Obviously they track users to serve targeting ads because that's what they sell. That's what I'm trying to address with my extension of FF. I think that you should have an eye on it:)
If you refer to the "onmousedown" event, I think you get it wrong. It just informs google that you clicked on a link.
They use javascript instead of href so they can record the rank of the result you clicked on (it's a parameter of the javascript function). This would not be possible with href.
As I'm working on a FF extension which simulates search activities to protect privacy, I investigate the javascript code (to simulate click). ASFAIK, they do not record other events than clicks. I have made couple of captures, but let me know if I missed something. Furthermore, they do not obfuscate code, I think they just want to reduce the size of the code to reduce bandwidth consumption.
Anyway, if you worry about privacy, you might:
+ Block google cookies (google-analytics, safebrowsing, adsense,...)
+ Use a query obfuscation tool (either the one I am working on or TrackMeNot)
Really? The judge just uses the Google argument "Ip is not a personal information". I do not see how Youtube could pretend that it's a violation of user's privacy when Google pretends that IP is not personnal.
The judge just followed Google advice...
The browsed pages do not exist, so you never download pictures or js files. It's very easy for an ISP to filter these requests, they can filter the HTTP response code.
Two FF exntensions generate fake queries on search segines to pollute the collected data (at search engine level, but it also pollute ISP data).
SquiggleSR and TrackMeNot. Notice that the former also clicks on non-sponsored results and may deceive cookie tracking.
Remember all the discussion about Gmail privacy policy? The main argument of Gmail defenders was "If you don't like it, don't use it".
Now that Gmail is widely adopted it seems that you'll have to use it whether you like it or not. GoodBye privacy...
By the way, if you don't like Google Health privacy policy, don't use it...
Many States have laws that prevent an insurer from charging sick people a higher premium.
In other words, if you are in their State, you have to follow their rules, and their rules say your price isn't affected by "condition y". It won't be that obvious. We can imagine that the insurer asks to Google "Display my Ad words with a special offer ( e.g:a reduction of 20% on the price) only to users which are not affected by conditions x-y-z".
And the insurance can raise the official price so affected users will pay a premium. The effect is the same, but they respect the law.
As far as I know TrackMeNot just generates queries on search engines. Therefore, spyware vendors will just think that you're googling a lot, not sure that's enough to deceive them.
Besides, I'm developing another FF extension called SquiggleSR that (basically) uses the same idea than TrackMeNot and also simulates click on non-sponsored results.
but the point is, you shouldn't be putting your information on the net if you do not wish for it to be seen. What information am I putting on the net when I'm just browsing a web site with Google/DoubleClick ads/analytics? None I presume, but that does not prevent Google from getting sensitive information about my habits
The difference is, when you ask Google that you'd like to remain private, they listen and and stop prying. Seriously? Never heard of that, could you tell me where the form is?
--
Search engines are not your friends : SquiggleSR
People think that targeting ads are just adapted to customers to make them more attractive. But the target may not the ad but the web user himself! In The digital Person , Daniel J. Solove mentions the case of a banker in Maryland who checked its list of bank loans with the records of people with cancer in order to cancel the loans of cancer sufferers. With targeting ads, advertisers accurately select their customers. Therefore, a bank could soon directly refuse to addresses its ads to cancer sufferers. Relying on all the gathered information and the established user profiles, they can easily targets the wanted costumers.
That's also true for insurances (health, car, house): advertisers can choose to display really good offers to profitable clients and expensive offers to other users. Similarly, job offers can target specific users: depending on your political opinion there could be job offers that you would never see.
Google already proposes to advertisers to target web users depending on their annual salary, their age and their ethnicity...(demographic targeting)
Internet is becoming a primary place for social interactions where search engines play the most important part. Our political, social and cultural behaviors on Internet directly impact our social interactions and users have no control on their own profiles. Job, house, insurance, travels... will depend on our opinions, behaviors, health records and our personality.
So, how do we get this done ? We have to find many trackers and activate them regularly to make noises to pollute the signal ? Anyone knows of such a project ? Well that's exactly the purpose of obfuscation tools like SquiggleSR and TrackMeNot, two Firefox extensions. They generate fake queries on search engines to create noise and deceive data mining algorithms.
As developer of SquiggleSR, I was thinking to extend it to simulate fake browsing as well to create more noise and deceive track based on cookies. But since some ads are charged when they are displayed, this could actually be assimilated to something like "fraudulent view". What do you think?
Show them the queries of 650000 users that AOL disclosed two years ago, and eventually brows their search history with them, highlighting what information you can deduce.
Tell that that lot of recruiters will google/facebook/myspace/spocke them!
Make them subscribe to the Bruce Schenier news letter
I Know that obfuscation is not very popular to protect privacy (just have a look on Bruce Schneier review of TrackMeNot, and you'll see what I mean), but I think it remains a good solution to protect privacy in that case because anonymity does not exist anymore;).
The idea is to use a tool that frequently generates queries to searches engines. Basically is quite like opening your WiFi access to protect against RIAA: if you use a tool that generates queries, none will be able to prove that a query is issued by you and not by the tool (with mail it's quite harder).
I know that TrackMeNot (http://mrl.nyu.edu/~dhowe/trackmenot) has been criticized, but they improved it, and there also SquiggleSR (I develop it, so it's quite a promo: http://squigglesr.free.fr./
I agree that it sounds like an advertisement in the end, but I don't think it's off-topic. Clearly, the subject is related to privacy issues. What I wanted to point out, is that considering all integrated services of Google, anonymity is not anymore a solution to protect privacy. Clearly, you want to have access to all your services most of the time which is not possible when you use anonymity. Because all the services are linked, so, if you want to use one service anonymously, you can't use the other services (in this topic: you can't use Greader anonymously).
This is very important I guess, because most of the time, proxy (which assures anonymity) is preferred to obfuscation tools (see the Bruce Schneier review of TrackMeNot). That's why I think obfuscation is becoming the most reliable solution to protect privacy, and in this case I'm sure that a solution using obfuscation would have been useful to protect Greader accounts.
It's quite a surprising mistake from Google, particularly when the merge with Double-Click "brings greater focus on privacy". Even if they claim that they fix some problems and offer more control to users, they could have make these fix before launching the service... but it's a beta. That's what you risk when you use free beta services.
Furthermore, it is a good example of privacy lack of consideration, and it offers a good argument to privacy defenders. In addition, it highlights the fact that every service offered per Google potentially involves privacy problems. In fact, like Google, I wouldn't have believed that GReader data were so sensitive. And once again, it proves that privacy matters only when you lost it.
So far, we used anonymity to protect privacy, but in that case... proxies are useless. How can we protect privacy against such threats? One solution is to use obfuscation: generating noise (for instance, subscribing to additional RSS flows that we'll never read) in our profile so neither Google, nor our gmail contact can find out which are the RSS flows we are really reading. This assumes that the obfuscation mechanism let only the user know to which flows it really subscribed.
I don't think such mechanism exists now for Greader, but I'm developing a FF plug-in (http://squigglesr.free.fr) to protect search privacy using obfuscation. Keywords are extracting from your favorite RSS flows (for example the one you subscribed in greader) to generate personalized queries. It's quite similar to TrackMeNot (which also use obfuscation), but I'm trying to make less noise but make it more coherent (a good comparison is trying to make lot of noise around what you say, or simply mix some coherent conversations).
Well the news is not well reported. This tip aims to protect against "Cross Site Request Forgery (CSRF)--considered one of the most insidious but least appreciated threats in application security". So clearly it does not pretend to address key-logger issues
For sure, in this context, the tip is quite effective.
... You can protect your privacy against Double-Click. Most privacy enforcement solutions rely on proxy and anonymity and remain useful for Google-Click. Only few dedicated solutions (like Scroogle) are concerned by this merge.
But is it really that bad? If you think about it with android Google will soon know more about you I guess. Is Double-Click really a threat when users choose to let Google logging their Web History? The only point is that now Google won't say "If you don't like that, you can use another search engine" cause you can not choose what ads are displayed.
Anyway, I'm still developing a privacy enforcement extension for Firefox (http://squigglesr.free.fr). Basically it sends queries to search engine and click on some (non-adwords) results. I guess now I'll have to simulate get double-click ads...
Not so sure: so far Google defense about privacy was "If you don't like our method, you don't have to use our services".
But if Googel acquire DoubleClick, you won't have choice, Google will gather information about you.
Furthermore there is some indication of cooperation between Google and Wikipedia. Sample statistics showed that randomly selected Wiki entries consistently ranked higher on Google than on other search engines, the Graz team said."
Weird isn'it?
Slashdot Mirror
We already had a debate on that topic .
I think they just stop serving what they call "customized ads". Not sure they actually stop tracking you...
Your searches would still count towards their overall statistics, which Google in turn would tout and use to generate additional revenue from those paid ads.
Then pollute their data (their are Fifefox addons for that) it'll make them irrelevant.
No because Google has an access control system. You can have privacy, you just have to pay for it.
Seriously, Privacy is a right, you do not have to pay for it!
One can wonder what privacy expectation we should have for the future with nano technologies. I can imagine the defense of Google lawyers: "Yes we can go to your bathroom, after all bugs have the right to go there too". I admit that the law should not ignore the technology, but that does not mean that technology should dictate the law.
If you want to boycott Google, just stop clicking on their ads. You can still use the engine they won't earn any money from it. If you see an interesting ad, just copy/past the url address. Plus, the websites won't have to pay for the ads (who knows, maybe someday they'll reward users that do not click on adwords)
We should also put Google car alerts. When one is detected we should put "anti-google" pictures in front of the camera. Another idea could be to find a (non-obscene) picture that Goolge does not have the right to reproduce on the Internet (for instance, with an appropriate copyright).
Stop hiding, make noise!
Any website can record the IP, the referrer, the screen resolution etc... I agree that it is more problematic with Google since they gather lot of information from the search engine (searches you make, links you click on) and from other sources like Google analytics (there are so many websites using it now...). ( By the way, I noticed several connections to "safebrowsing.clients.google.com" and " s.ytimg.com" which also belong to Google. I donâ(TM)t' know what they are, does anyone have a clue?)
Obviously they track users to serve targeting ads because that's what they sell.
That's what I'm trying to address with my extension of FF. I think that you should have an eye on it:)
If you refer to the "onmousedown" event, I think you get it wrong. It just informs google that you clicked on a link.
...)
They use javascript instead of href so they can record the rank of the result you clicked on (it's a parameter of the javascript function). This would not be possible with href.
As I'm working on a FF extension which simulates search activities to protect privacy, I investigate the javascript code (to simulate click). ASFAIK, they do not record other events than clicks. I have made couple of captures, but let me know if I missed something. Furthermore, they do not obfuscate code, I think they just want to reduce the size of the code to reduce bandwidth consumption.
Anyway, if you worry about privacy, you might:
+ Block google cookies (google-analytics, safebrowsing, adsense,
+ Use a query obfuscation tool (either the one I am working on or TrackMeNot)
Really? The judge just uses the Google argument "Ip is not a personal information". I do not see how Youtube could pretend that it's a violation of user's privacy when Google pretends that IP is not personnal.
The judge just followed Google advice...
The browsed pages do not exist, so you never download pictures or js files. It's very easy for an ISP to filter these requests, they can filter the HTTP response code.
Two FF exntensions generate fake queries on search segines to pollute the collected data (at search engine level, but it also pollute ISP data). SquiggleSR and TrackMeNot. Notice that the former also clicks on non-sponsored results and may deceive cookie tracking.
What's the purpose of Privacy Policy then?
Remember all the discussion about Gmail privacy policy? The main argument of Gmail defenders was "If you don't like it, don't use it". Now that Gmail is widely adopted it seems that you'll have to use it whether you like it or not. GoodBye privacy...
By the way, if you don't like Google Health privacy policy, don't use it...
And the insurance can raise the official price so affected users will pay a premium. The effect is the same, but they respect the law.
As far as I know TrackMeNot just generates queries on search engines. Therefore, spyware vendors will just think that you're googling a lot, not sure that's enough to deceive them.
Besides, I'm developing another FF extension called SquiggleSR that (basically) uses the same idea than TrackMeNot and also simulates click on non-sponsored results.
"Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him."
-Cardinal Richelieu
I took this quote from Scroogled story...
The difference is, when you ask Google that you'd like to remain private, they listen and and stop prying. Seriously? Never heard of that, could you tell me where the form is?
--
Search engines are not your friends : SquiggleSR
People think that targeting ads are just adapted to customers to make them more attractive. But the target may not the ad but the web user himself! In The digital Person , Daniel J. Solove mentions the case of a banker in Maryland who checked its list of bank loans with the records of people with cancer in order to cancel the loans of cancer sufferers. With targeting ads, advertisers accurately select their customers. Therefore, a bank could soon directly refuse to addresses its ads to cancer sufferers. Relying on all the gathered information and the established user profiles, they can easily targets the wanted costumers.
That's also true for insurances (health, car, house): advertisers can choose to display really good offers to profitable clients and expensive offers to other users. Similarly, job offers can target specific users: depending on your political opinion there could be job offers that you would never see. Google already proposes to advertisers to target web users depending on their annual salary, their age and their ethnicity...(demographic targeting)
Internet is becoming a primary place for social interactions where search engines play the most important part. Our political, social and cultural behaviors on Internet directly impact our social interactions and users have no control on their own profiles. Job, house, insurance, travels... will depend on our opinions, behaviors, health records and our personality.
I wrote a longer post on these issues: http://squigglesr.free.fr/forum/viewtopic.php?f=3&t=15.
As developer of SquiggleSR, I was thinking to extend it to simulate fake browsing as well to create more noise and deceive track based on cookies. But since some ads are charged when they are displayed, this could actually be assimilated to something like "fraudulent view". What do you think?
It's beautiful and very informative.
Show them the queries of 650000 users that AOL disclosed two years ago, and eventually brows their search history with them, highlighting what information you can deduce.
Tell that that lot of recruiters will google/facebook/myspace/spocke them!
Make them subscribe to the Bruce Schenier news letter
I Know that obfuscation is not very popular to protect privacy (just have a look on Bruce Schneier review of TrackMeNot, and you'll see what I mean), but I think it remains a good solution to protect privacy in that case because anonymity does not exist anymore ;).
The idea is to use a tool that frequently generates queries to searches engines. Basically is quite like opening your WiFi access to protect against RIAA: if you use a tool that generates queries, none will be able to prove that a query is issued by you and not by the tool (with mail it's quite harder).
I know that TrackMeNot (http://mrl.nyu.edu/~dhowe/trackmenot) has been criticized, but they improved it, and there also SquiggleSR (I develop it, so it's quite a promo: http://squigglesr.free.fr./
I agree that it sounds like an advertisement in the end, but I don't think it's off-topic. Clearly, the subject is related to privacy issues. What I wanted to point out, is that considering all integrated services of Google, anonymity is not anymore a solution to protect privacy. Clearly, you want to have access to all your services most of the time which is not possible when you use anonymity. Because all the services are linked, so, if you want to use one service anonymously, you can't use the other services (in this topic: you can't use Greader anonymously).
This is very important I guess, because most of the time, proxy (which assures anonymity) is preferred to obfuscation tools (see the Bruce Schneier review of TrackMeNot). That's why I think obfuscation is becoming the most reliable solution to protect privacy, and in this case I'm sure that a solution using obfuscation would have been useful to protect Greader accounts.
It's quite a surprising mistake from Google, particularly when the merge with Double-Click "brings greater focus on privacy". Even if they claim that they fix some problems and offer more control to users, they could have make these fix before launching the service... but it's a beta. That's what you risk when you use free beta services.
Furthermore, it is a good example of privacy lack of consideration, and it offers a good argument to privacy defenders. In addition, it highlights the fact that every service offered per Google potentially involves privacy problems. In fact, like Google, I wouldn't have believed that GReader data were so sensitive. And once again, it proves that privacy matters only when you lost it.
So far, we used anonymity to protect privacy, but in that case... proxies are useless. How can we protect privacy against such threats? One solution is to use obfuscation: generating noise (for instance, subscribing to additional RSS flows that we'll never read) in our profile so neither Google, nor our gmail contact can find out which are the RSS flows we are really reading. This assumes that the obfuscation mechanism let only the user know to which flows it really subscribed.
I don't think such mechanism exists now for Greader, but I'm developing a FF plug-in (http://squigglesr.free.fr) to protect search privacy using obfuscation. Keywords are extracting from your favorite RSS flows (for example the one you subscribed in greader) to generate personalized queries. It's quite similar to TrackMeNot (which also use obfuscation), but I'm trying to make less noise but make it more coherent (a good comparison is trying to make lot of noise around what you say, or simply mix some coherent conversations).
Well the news is not well reported. This tip aims to protect against "Cross Site Request Forgery (CSRF)--considered one of the most insidious but least appreciated threats in application security". So clearly it does not pretend to address key-logger issues
For sure, in this context, the tip is quite effective.
... You can protect your privacy against Double-Click. Most privacy enforcement solutions rely on proxy and anonymity and remain useful for Google-Click. Only few dedicated solutions (like Scroogle) are concerned by this merge.
But is it really that bad? If you think about it with android Google will soon know more about you I guess. Is Double-Click really a threat when users choose to let Google logging their Web History? The only point is that now Google won't say "If you don't like that, you can use another search engine" cause you can not choose what ads are displayed.
Anyway, I'm still developing a privacy enforcement extension for Firefox (http://squigglesr.free.fr). Basically it sends queries to search engine and click on some (non-adwords) results. I guess now I'll have to simulate get double-click ads...
Not so sure: so far Google defense about privacy was "If you don't like our method, you don't have to use our services".
But if Googel acquire DoubleClick, you won't have choice, Google will gather information about you.
From : http://www.theage.com.au/news/biztech/google-can-extort-and-dominate-the-world-study/2007/12/05/1196812806297.html
"Most material written today was in some way based on Google and Wikipedia - and if those did not reflect reality, a distortion was possible, the researchers said, recalling biased contributions frequently placed on Wikipedia.
Furthermore there is some indication of cooperation between Google and Wikipedia. Sample statistics showed that randomly selected Wiki entries consistently ranked higher on Google than on other search engines, the Graz team said."
Weird isn'it?