Google and privacy

In my previous post I talked about some useful things I’d discovered about Google’s Web History feature. As you might expect, several commenters asked about various aspects of privacy for Web History. I gave a quick response in my comments, but I figured that I would also write my comments as a separate post so that I could easily point back to them later. The following is my personal opinion about Google and privacy, not any kind of company position.

My short answer is that from working at Google for the last 7-8 years, I’ve seen firsthand how much Google works to protect users’ privacy. I personally believe that we take more precautions and safeguards than any other major search engine. We also strongly protect users’ privacy outside of Google (e.g. last year when the DOJ tried to get access to users’ queries, and Google was the only company out of 30+ that said “no” and went to court about it — and won). Note also the recent decision Google made to anonymize user queries after 18-24 months; other search engines haven’t really tackled this topic after Google made its decision. Also bear in mind that even if you sign up for a Google Account, you don’t need much more than an email address to sign up; other search engines ask for much more info.

Another point is that your ISP has a superset of data that Google has, because everything you do passes through your ISP. So your ISP may have much more detailed records about places where you go on the net, plus they have a verified identity with something like a credit card, and they actually know which IPs you’re on. With Google if you clear cookies and turn off your cable modem for a minute or two, you’ll usually get a completely new IP address. Google would have no idea that it’s the same person, but your ISP would still know, because they assigned the new IP address. Many of the questions about privacy I see are interesting because ISPs have more data than Google does, but you rarely see people ask questions about ISPs, even though at least some ISPs do sell clickstream data.

As an employee who has worked at Google since 2000, I’ve seen how carefully we treat issues of privacy. If you haven’t read my declaration from the DOJ case last year, I’d recommend checking it out. Pages 11 & 12 are good reading, for example. So my personal belief would be that if privacy is important to you, Google should not be your biggest concern for two reasons. First, I believe Google does more to protect our users’ privacy than any other major search engine. Second, I believe other companies such as ISPs have a superset of the data that Google has, plus they have verified payment/identity, plus they know which IP addresses you are on, even if you switch IP addresses.

From what I know about Google and its respect for privacy, I will be happily using Google’s features. Ultimately, however, if you feel concerned about a particular Google feature, then I wouldn’t use that feature. That’s your choice and I absolutely, completely 100% support that. Again, this is just my personal opinion, but that’s my quick take on privacy and Google.

Update: Completely unbeknownst to me, Tim O’Reilly wrote a Google and privacy post at about the same time. It’s also an interesting read for a different perspective.

88 Responses to Google and privacy (Leave a comment)

  1. But our ISPs don’t collect and organize this data, do they?

    But google is an expert at organizing and analyzing it all and combined with all the other features I am sure google knows a lot about me and can use it for good or bad.

  2. @martial

    They don’t have to, they just give the NSA full access to do as they please..

    http://www.wired.com/science/discoveries/news/2006/04/70619

  3. I think the biggest privacy risk at this time is not Google consciously violating your privacy rights, but a potential Google security vulnerability exposing your private files to an abuser. The Google account credentials would give an attacker your emails, your search history, your spreadsheets, your Checkout shopping behavior, your chat history, etc., provided you use & enabled these things. In the past, cross-site scripting vulnerabilites have already been found, and who knows which will be uncovered in the future?

    The problem is that every new Google sevice offers more attack potential… and sometimes it’s enough for your Google service 1 to contain the hole for the attacker to spy into your Google service 2 (case in point: UK webmaster Tony Ruscoe uncovered a *Blogger* bug which allowed one to see one’s *Google Docs* — two seemingly unrelated services!).

    The second problem is that Google Inc, by US law, is not allowed to disclose to the public certain things they share with the US government. No matter how good your intentions, your privacy policy makes it clear that you will follow local laws. But then again, this part can be solved by voting for the right people who implement the right laws. What’s interesting here is that people like me don’t vote for the laws in the context of which their files are stored (I’m in Germany, Google is in California).

  4. martial, check out the post I pointed to about ISPs and clickstream data. The first paragraph says “At the Open Data 2007 conference in New York today, David Cancel, the CEO of Compete Inc. revealed that ISPs happily sell clickstream data — and that it’s a big business. They don’t sell your name — just your clicks — but the clicks are tied to you as a specific user (User 1, User 2, etc.).” That’s pretty organized in my mind, and it’s data that people can buy now (as opposed to Google’s user queries, which we don’t give out).

    So if privacy is a concern for you, one good step is to call your ISP and ask whether they sell your clickstream data and if so, ask exactly what they sell. For example, do they offer search queries, either directly or as a referrer? Do they sell your NXD (non-existent domain) 404 (not found) traffic as described at http://blog.domaintools.com/2007/03/stealing-domain-name-research/
    ?

    While I take your point about Google and privacy, I think that there are issues that are just as big or bigger that a lot of people don’t pay enough attention to, and that Google has a track record of protecting our users’ privacy quite strongly (I mentioned a few examples in the original post).

  5. corey points out an interesting article; I’d emphasize that that article is about ISPs, not Google. 🙂

  6. Philipp, I take your point about things like XSS or bugs potentially exposing problems. Google has been doing more behind the scenes to make those types of issues happen less often, but I know that folks are very receptive to other ideas about how to reduce the odds of XSS/bugs or other things causing problems.

    “But then again, this part can be solved by voting for the right people who implement the right laws.” I definitely agree with that, Philipp. The only point I’d make is that this law applies to every U.S. company, so it’s not only a Google issue. I personally think laws that act against transparency are bad laws. If people want background about the Patriot act, this is a pretty informative article:
    http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2003/03/10/MN14634.DTL
    If you think that’s a bad law, I’d say to tell your representative or to elect someone different. I understand that for someone in Germany, it’s frustrating that U.S. laws can affect you in this way.

  7. Isn’t Google effectively an ISP with it’s wireless internet access plans (like Mt. View, possibly San Francisco and others). It may be free but you get the MAC address (which is persistent) and maybe you’ll sell speed upgrades for money and be in the same boat as all other ISPs soon enough?

    Combine Gmail with Google Desktop and my searching habits and my blog reading habits and you’ll be able to sell good ads to me but you’ll probably know more about me than myself 🙂 which is why I try to pick and choose apps from different providers.

  8. The only reason Google is attracting this kind of attention (regarding privacy issues) is because they are becoming increasingly rich and powerful. Whenever a company rises to the top so quickly, there are always going to be the pessimists, with nothing better to do, who feel the need to scrutinize the company.

    In my mind, Matt Cutts makes several strong points that assure me that privacy isn’t even an issue. Google, as a company, seems to have an above-average consideration for its customers and employees. If any company has the means and the will to handle information security issues appropriately, it is Google. Any company that handles information about you will have potential security risks associated with it–this is inevitable. The fact is… Google is doing the best they can, they have made information security a high-priority, and let’s face it… most of the information they collect is NOT sensitive information.

    For all you people who are so desperately trying to find a purpose in life–scrutinize something else, and leave Google alone. Perhaps you should be more worried about ISPs–as Matt pointed out–who have information that actually matters. Wasn’t it only last year that AOL leaked user information that allowed AOL customers to be tracked down to their home address? Didn’t a government employee lose a laptop that contained hundreds of thousands of veterans’ social security numbers? I mean, honestly… let’s look at MSN… they have infinitely more opportunities to f&@# up; they can integrate personalized search with IE, Windows, and any other software Microsoft has force-fed the majority of PCs on this planet.

  9. I admit I have only a small amount of knowledge of this issue…

    But…this all seems crazy to me.

    If the NSA or CIA or whatever recorded everything we did on the net (maybe thay already do?), people would be up in arms…literally!

    But Google does the same thing. In fact b/c I am always signed in (you would easily be able to find out who I am from emails) Googles databases pretty much contain a complete picture of who I am…

    …and nobody seems to care…? We basically provide (b/c Google basically has a monopoly on search b/c they are the most popular/relavant), for free, complete information about ourselves. The info residing in Googles databases will eventually be able to model and predict almost anything. it’s mind boggling. And we provide this info b/c we “trust” Google. This info is worth a mind boggling unknown $ number to companies, and prob is even more attractive to nation states…

    To say that people don’t think about these implications/consequences is an understatment. If you really extrapolate it out, Google should be paying us to use the search engine. And we are all blithely giving it away for free…It is literally crazy…but I do it too b/c of the convenience.

    The implications are enormous and it will be fascinating to watch it play out in the future…But it makes my head hurt to think about it….

    However, Matts argument that look, we are better than the other guys, rings a little hollow. I think things have moved so fast that they haven’t looked out far enough either. In order to organize all the worlds information, you have to “have” all the worlds information. For this to reside with a private company with almost zero oversight or recourse seems to be courting disaster…but who knows…

  10. I’ve simply modified my HOST file to prevent sites from tracking me. 🙂

    Been doing so the past 5 years.

    http://pgl.yoyo.org/adservers/

    More info on hosts file:
    http://en.wikipedia.org/wiki/Hosts_file

  11. “If the NSA or CIA or whatever recorded everything we did on the net (maybe thay already do?), people would be up in arms…literally!

    But Google does the same thing.”

    No, we don’t, aw; that’s what I’m trying to communicate (maybe not that well). 🙂 There’s a lot of difference between having to install a toolbar and opt-in explicitly to Web History, vs. other companies that collect more data (MSN asks for name, gender, zip code, birthday, …) or companies that store everywhere you go without letting you opt out, that actually have your verified identity, and that sell your surfing/clicks.

    I’m not naive; I understand that people will continue to ask questions about Google and privacy. My point is that if you are sincerely concerned about your privacy, there are other places that deserve your attention more than Google, or even search engines in general.

  12. “Another point is that your ISP has a superset of data that Google has, because everything you do passes through your ISP”

    This would only be true if a person only accessed Google (and the internet in general) from their home via their ISP. A lot of people spend as much time online from their work as they do at home, or roaming around (traveling or just at the local coffee shop, etc.) Google can capture their complete history because they can follow them from location to location. There’s no way for an ISP to do this.

  13. Matt,

    All I know is that I’m happy that Google decided to put Web History online and not leave it as just a feature of GD. I couldn’t tell you how many times that feature of GD assisted me. Ctrl-Ctrl and I could find anything that I’d seen on the web from that computer by simply remembering a few key words from that page.

    But that’s where my dilemma started. I mostly use only two computers(laptop, desktop), but I occasionally find myself somewhere else without my laptop. Since I do most of my web browsing on the laptop, it contained the largest amount of my GD cached Web History. This, obviously, wouldn’t be available on someone else’s PC. Come Online Web History and that problem is gone.

    Another issue that’s been solved as a result of this new service is when I’d reformat my PC I’d have to save the Google Desktop folder that resides under Application Data. After reinstalling GD, I’d just transfer over the folder and I’d have my Web History back. Of course, I’d have to re-index to have GD find all of my files again, but the Web History was the important part. Now…no need!!!

    I’d be really, REALLY impressed if Google would allow me to somehow merge my GD cached Web History into my new Online Web History.:)

    Wait…this was about privacy? Yeah…I’m not too worried about that. Google has earned my trust and I’m confident that if they were about to do something evil that they’d let me know. What you said about ISPs holding a superset of what Google has is not new information. That issue is something we all should be much more concerned with.

    As far as I’m concerned, the Online Web History is heaven-sent. My only complaint is…Couldn’t you have done this sooner?;)

  14. Hi Matt,
    I side with you (cautiously though) with regards to my personal beliefs about Google and their respect for user privacy. However, I feel, like Philipp Lensen, that the weakest link in the chain is the fact that this mine of information is vulnerable to other attackers.
    I trust that Google will not try to do anything evil with my data. I am afraid however that my data stored on Google’s properties will be attacked and stolen. Therefore, the question of Google and privacy is also: “Is Google doing enough to ensure their users’ private data is reasonably safe?”
    As Philipp pointed out, the Google Account credentials hold a pretty valuable key to a user’s mountain of private data. I applaud that the Search History (now including Web History) requires a user to effectively re-enter their password even if they are logged-in. I am pretty disappointed however that more similar privacy features are not being offered for other Google services. This suggestion for Google Docs and Spreadsheets is just that: an opt-in additional privacy feature.

    Sure, you are always free to opt-out of Google’s services. But making them more secure would have a lot of “privacy-worryists” feel better.

  15. For all you people who are so desperately trying to find a purpose in life–scrutinize something else, and leave Google alone.

    This is a very intelligent statement, but it has one fatal flaw; the people scrutinizing Google so closely and complaining at every turn quite often have no lives to begin with. That’s why they study so closely.

    Personally, I agree with Philipp; I think the bigger issue is the threat of security compromise. As Google grows (and let’s face it, Google will grow), so too will resentment, anti-Google bias and bizarre pro-search-engine-you-haven’t-ever-heard-of rhetoric. But the problem in my eyes has a simple solution: don’t give out information you wouldn’t want revealed to others. If you’re that paranoid about something, keep it a secret….or choose an alternative service/product that will do what you want it to.

  16. Multi-Worded Adam & Matt both have good points:

    1) Google is not the most dangerous entity in terms of privacy issues (I’m more concerned about intra-office gossip, personally)

    2) If you’ve got something to hide – you must deal with it. I don’t care if Google has my data; I’ve got nothing to hide! Read all my Gmail if you want (except for my Panama shipping cargo requests – j/k).

  17. …there are other places that deserve your attention more than Google, or even search engines in general.

    That sounds like government speak. “Don’t worry about the war in Iraq, there are other places like Sudan that deserve you attention more.”

    Just because there are bigger fish in the pot doesn’t mean we should disregard what Google does with our data. Personally I trust Google more than any other search engine, but the trust level has been going down rapidly as of late.

  18. There are services such as Hitwise that are built on data taken/bought from ISP’s.

    As Matt says, the ISP’s do have massess of info, much more than google and ultimately they must know this down to user level.

    They only supply anonymous click-stream data to the likes of Hitwise, but I’m sure they know an awful lot more…

  19. Michael, I take your point. Certainly there are some cases where your ISP doesn’t have data on everything you do. But certainly for most searches you do (from home or at work), the way that you get to Google (an ISP, or your employer) probably has a more complete picture of what you’re doing that Google does, in my opinion. Nomad/hacker/wifi-surfers excluded, I guess. 🙂

    Hugues de Saint Salvy, I agree 100%. I probably care a little more about convenience (it annoys me to re-login to services), but I think Google is very open to ways to reduce the risk of things that could leak data.

    I’m encouraged to hear so many people saying that they worry less about Google and more about how to prevent any types of leaks. I’ll have to do some deep thinking about that on vacation. Quick thoughts:
    – Google is steadily closing any open redirection we allowed on google.com to minimize aid to phishers.
    – I personally am a fan of things like OpenID other than the phishing aspect.
    – I’m not sure I believe in those badges like Yahoo does, because they’re still susceptible to man-in-the-middle attacks, and I’m not sure that people really pay attention to the login badges.

    If anyone has other thoughts on how Google can strike the right balance between convenience while minimizing the risk of outside leaks, I’d be curious to hear peoples’ thoughts.

  20. I agree with Michael’s statement above. I use the Google and the Internet just about everywhere but my home. I’m not as worried about Google leaking or selling my personal information as much as I am that they are piling it up and and using it for their benefit.

  21. TheMadHat, I guess my concern is if someone only questions about entity A having information with opt-in, when another entity B has a superset of that information + people’s identity + sells it + has no opt-out. Don’t get me wrong; I’m not anti-ISP at all. But I do want to make sure that people don’t criticize Google in a reflexive way when Google does do quite a bit to protect users’ privacy. So I don’t mean to deflect; Google does (and should!) pay a lot of attention to privacy issues. I do know that many Googlers think about privacy issues a lot. I like that you can go to the https version of Gmail to get encrypted access to your email, for example. Or that Gmail doesn’t leak referrer headers. Stuff like that.

  22. One is the trust and on the other hand there is I don’t care! I have recently found a post about a survey runed by (Aziz Corporation) saying british people don’t care about privacy. Even if somebody would know that a webmaster can track you down your moves on his website, visitor doesn’t care really!

    Read this:
    http://www.spywarehunter.org/entry/report-uk-consumers-are-glad-to-put-their-personal-financial-info-at-risk/

    If they don’t care about websites, why should they be worried about Google! Google helps them in fact, saving and collecting your search history which you would forgot in about 2 days anyways, you can always look back…

    I can see Matt’s point, saying Google looks after visitors privacy, but really is there a need for this? Do we care if our details are collected?

  23. Matt this is an excellent post and comments conversation. Battelle was just talking privacy at his (neat!) online forum today. I’m guilty of “forgetting” that ISPs have more info about users than Google, and that it’s probably via ISPs or Carnivore-style intrusions that people’s privacy will be compromised, not via Google.
    However, there are commercial issues that need to be addressed and IMHO are very poorly dealt with by Google and others. As a user I should own my own stuff, not the company making the application I use to produce stuff. This includes reviews, comments, and even search data. This ownership is routinely compromised, and this will piss people off more and more as they come to understand the big picture.

  24. Its good know that Google works to protect users’ privacy. Have you heard what the germans try to do. They are just starting Orwells world. The diskussion is that the goverment could look in every computer and use all datas they find.

    Hope it never comes

  25. Matt I totally agree with you. I do believe that Google has its customers in mind and does not wish to violate their privacy in any way. After all, it is those customers which made them big.

    I think the problem, in a nutshell, is that many people fear big business. Whether it is Microsoft, AOL, or whatever, folks are afraid of anything very large for a few reasons. The first being that policing their own employees becomes a daunting task; case in point AOL. It only took a couple of people to violate their users privacy. Even Google’s response when asked if it could happen within their company was that they could never say never. They said they could hope it wouldn’t but could not make any promises, which is only natural and truthful. No company could ever make a 100% promise and that Google could admit that was encouraging.

    The second problem is attitude and Microsoft is probably the best example for this one. When a company becomes big, the attitude which comes with it also becomes big. Companies begin to listen less to their customers as they feel that they have enough customers already and the few they lose is of little consequence. Customer service seriously suffers and what their users think begins to matter less and less. It’s sad, but true. To that end I have to agree with those fears, but I don’t see Google turning in that direction. They have remained consistently customer based.

    All in all though, what I do not understand is why folks who believe that Google is turning into the big business monster do not consider that small businesses have many of the same problems. In my opinion, the potential to violate privacy exists in any company whether it is a tiny self owned business between two people or a Fortune 500 company. This is the internet people and once you plug yourself into the world wide web, you have opened your door to privacy issues.

    All this over a simple history. If it is that much of a problem, simply select for it not to be recorded and be done with it already.

    As for Google, as long as the evidence exists that they listen to their customers then I’m a loyal customer to them. I go where the customer service is good and I ban companies that do not listen to me such as Yahoo and Microsoft. Google has not only listened to me, but they have even responded personally to me on a few issues. I can say in all honesty that this never ever happened with Yahoo and Microsoft.

    As for concerns with leaks, that is a legitimate concern but again that goes with just about anything online. My bank keeps information available to me online about my accounts, even if I have not yet signed up for online banking. There is never ever going to be a complete safety guarantee.

  26. My fear is not Google. As Matt said, Google is pretty darn good about protecting customer privacy. My fear, is the power of a subpoena, and the wealth of data that can be gotten through one request from the government, be it a sbpoena or a national security letter.

    I’d love to use search history – as I’m very very forgetful. But I just don’t want to have the data sitting in a google data center, ready and waiting for a call from the feds.

    What would be far better, would be if Google let the user control the data….

    Google should establish a public/private encryption key when the user installs the toolbar. Every website visited would be encrypted with the user’s public key, and stored in encrypted form on one of Google’s many servers – however, if the feds ever came knocking, all they’d be able to get would be random looking data. The user would thus ‘own’ his own search history.

    Were such a system like that to be deployed, I’d be able to relax a bit, and finally use a service that I really wish I could turn on, but am currently too scared to use.

  27. Richard Eid, I’m also a huge fan of using Ctrl-Ctrl in rapid succession with Google Desktop. 🙂

    Joe Hunkins | Joe Duck, I think the “data portability” idea is a good step in that direction. It means that you can take your data in Google and take it somewhere else (not “trapping users’ data”).

    Good point, MagnoliaSouth. Small companies can occasionally violate the trust of users as well, although the impact would (I hope) be smaller. I hope Google stays customer- and user-focused for a very long time.

    Christopher Soghoian, my personal hope is that the DOJ case last year would make people think hard before sending another overly broad subpoena to Google. We bat around ideas like the one you mention over the pool table late at night. Part of the problem is how complex something is vs. the number of people who would be interested vs. the opportunity cost of working on other things. One could also come up with some nice ways to protect privacy that are cryptographically secure, but complicated enough to explain that most people might not get it. But we’ll keep talking about it internally, and hearing folks outside Google give suggestions is encouraging too.

  28. For sure, DoubleClick is well known for being a company that protect privacy 🙂 And who acquired recently DoubleClick ? …..

  29. “if you feel concerned about a particular Google feature, then I wouldn’t use that feature.”

    Or, you could install the CustomizeGoogle extension… 🙂

  30. My privacy concern has nothing to do with Google and any associated evils. I came in my computer room last Christmas and found my cousin checking out my bookmarks and web history. Now I only keep web history in the browser for one day.

    I’m constantly signed into google for Gmail. How hard would it be for a co-worker or anyone else to export my history when I’m in the bathroom?

    My volume of browsing/searching is high enough that you could get a pretty good idea of my medical problems, political interests, and plenty of other things I don’t want any nosy parties seeing.

    For this reason alone, I will NEVER turn on history.

    My other question is, if I do turn it on, can I have it purged with the click of a button like I can my browser cache?

  31. I think historical data should only be used if it is to help get a better search. I seriously wont agree if my data is being used for things without my consent or to manipulate a political situation.

  32. I like that you can go to the https version of Gmail to get encrypted access to your email

    Yes, me too, but why not make this the default (aside from server load issues)? Non-technical people may not know the difference, but if explained to them, they would want https pretty much every time. People who know must install things like the Secure GMail greasemonkey script.

    With regards to the search history feature, I might even turn it on if it was automatically deleted/anonymised after 18-24 months, like the normal queries are. This deletion should be optional, but not having it stops me using it (I don’t want my searches saved for perpetuity).

  33. Thank you Matt for your great insights and I totally agree that normal users and people dont know too much about spy marketers.

    We are often exposed to cameras, phone, email and all kind of normal behavior. Big brother is watching us and thats cool when Google build the best NASA tool.

    What I might be afraid of in the future marketing channels. Mobile Phone location connected to Gmail chat and Pizzeria or Hotel Ads. Oh my god by then I might turn every single electronic chip off and walk naked.

    — While I take your point about Google and privacy, I think that there are issues that are just as big or bigger that a lot of people don’t pay enough attention to, and that Google has a track record of protecting our users’ privacy quite strongly —

  34. We may or may not need to worry about the sheer massive amount of information Google has access to at this point. I have a couple friends who are rather paranoid about Google – but they also bring up a valid point:

    Google needs to decide what kind of company it is and slow down. Control of information is one of the greatest powers in our society. The more verticals Google moves into and dominates, the less confidence it will have from the consumer.

    Example: I am more than happy to use Google for search. Right now, Google probably provides the best set of search results (debatable, i know). However, as Google moves into more and more territories, it is not difficult to foresee the potential difficulties ensuing from a company controlling both information related to your personal search / Internet use and the means by which you acquire those services. More and more, Google appears to desire the control of every step of a user’s online experience. That is when trust is lost.

    As my boss, Mark Jackson, recently mentioned in a VIZION blog post about TopSEOs, TopSEOs.com accepts paid advertising from SEO companies and then turns around and lists those same companies as top companies in the industry. This is a very finite example of losing one’s credibility due to involvement in too many aspects of an enterprise. In their case, TopSEOs should either just call themselves a paid SEO directory listing service, or they should refuse advertising from SEO companies and select the top companies based upon service and deliverables.

    You have to use your imagination just a tad to see how this applies to Google. They started with search and paid advertising. Now they’re in video, newspapers, cellphones, etc. At some point, I can’t trust that they’re search results are truly the most accurate or trustworthy because they have a vested interest in the products or services being searched for.

  35. nagy_r Said
    I can see Matt’s point, saying Google looks after visitors privacy, but really is there a need for this? Do we care if our details are collected?

    If you had an inkling of how valuable this information is, you would care. See Googles stock price…

    Joe Hunkins | Joe Duck Said
    As a user I should own my own stuff, not the company making the application I use to produce stuff. This includes reviews, comments, and even search data. This ownership is routinely compromised, and this will piss people off more and more as they come to understand the big picture.

    Boy this really hits the nail on the head. Hence my comment about “Google should probably be PAYING U$ for this data”. If you as a company tried to buy or collect the data that Google has (provided for free from us), it would be close to impossible, illegal, and not afforadable to get. But we all LIKE google, so some how this makes it ok?

    I don’t mean to imply that Google isn’t doing anything. They obviously are. However, if they really cared they would provide a total opt-out of any tracking. Right now that is called “don’t use Google”. But that is lame and unrealistic. Eventually with time and user understanding, the legislation will come, similar to the do not call list, where if you are on it, you can opt out of tracking. People just don’t understand the isp isuuse so Google gets the flack. So they have to take the lead I guess. Sucks to be them I guess.

    I work in e-commerce. Even usng Google analytics in a crude way, it is amazing what info you can glean from users just from raw unanalyzed data. It ialways makes me feel a little slimy wondering if people only knew that there every click was being tracked, what would they think? But it so easy to take even that crude info on such a small level and make more $$$ that you keep doing it, privacy be damned. Of course also keep in mind that Google also has all the info collected by Google analytics also…It just gets so crazy to think about.

    I too personally don’t care, because I don’t do anything “wrong”. But I’m not sure that is really the point! Do we want to sacrifice any all privacy for safety and or convenience. I don’t know…maybe…Hopefully all those Stanford pHD’s can figure it out for us 😉

  36. I’m glad to hear that privacy protection is on the mind of Googlers.
    The fact that you are discussing it suggests that the Web History
    feature has brought up internal discussions that I hope will lead to
    protecting that data (and all the information Google holds on
    individuals) from leaks, hacks and employee error.

    Privacy gets little attention by anyone until their own is
    threatened. I attended the “Search and Privacy” session at SES NY to
    hear an amazing panel speak to a paltry 15 attendees. The topic of
    privacy flares up when there is a huge gaffe committed by a major
    company or when the DOJ makes absurd demands. Most ignore the issue
    until it gets personal.

    But we need to pay attention to security and privacy issues on a
    daily basis because data retention adds up all those daily activities
    into a very much larger mass of information than anyone intends for
    one organization to hold. Aggregation of databases is inevitable as
    companies sell their (clickstream data, credit info, contact data,
    email addresses, etc.) to partners, clients and customers and
    sometimes to bad guys.

    Wherever that data resides, it will get leaked, hacked or subpoenaed.
    Even Google can’t entirely prevent things from going wrong at every
    turn. I tend to trust Google simply because they have proven
    themselves to be trustworthy so far. If those at the top are
    committed to privacy protection and security of the data they hold,
    we’re very much better off.

    The data portability idea sounds great – but I suspect we’d all be
    shocked should we ever see the totality of information held on each
    of us by Google. I’m very happy to hear that protecting that data is
    important to you.

  37. Matt,

    Privacy is a big selling point. People want it, it represents a desire. It’s a basic desire too, every single one of us withholds information to protect privacy. Just look at your comments above, l’Optimiseur, Jimbo , aw ,JB presumably these aren’t there real names?! These people are doing nothing wrong by commenting on your blog, so what do they have to hide?!
    Nothing! They just want privacy and it’s a perfectly reasonable desire.

    So your comments are disappointing, because your ‘excusing’ Google’s collection of data, instead of seeing privacy for what it is. A unique selling point! Something to be grabbed hold of and maximized.

    How’s your VOIP doing? How Checkout going? Hows Gmail Takeup?
    Ever thought that people who use your search engine, don’t fancy also giving you their email, financial details etc.?

    Never wondered why the same privacy keeps coming up and biting you guys again and again?

    My view is you guys should stop going on the defensive on this, look at the data you collect and reduce it to the absolute minimum possible, and make privacy a selling point.

  38. Matt, you and Tim O’Reilly both make good points. I do believe that Google respects privacy more than most large companies (and has gone out of its way to demonstrate that), and I make good use of a various Google services. The ISP privacy risks are significant, but less visible to many people. Many people will hold Google to a higher standard simply because of the breadth and depth of its reach.

  39. People like to pick on Google a lot. It’s a passion.

    All I can think as I read comments here and other places about this issue is that if people knew how much of their personal information was readily available to moderately talented hackers on websites, from their banks, and myriad other sensitive places, they’d be much more worried about places that don’t know how to protect themselves from the risks.

    This is a touchy issue with me as much as anyone, but I’d put Google up against anyone’s bank, ISP, etc. any day of the week for being aware of the risks and taking measures to protect what we have willingly let out there by simply using the web.

    It’s a responsibility for individuals to know that simply coming online poses threats. Period.

    Everyone tracks everything is the motto. That isn’t going to change and Google certainly isn’t the first or last – they are just the biggest.

  40. I’m not bothered about privacy as such. If I were, I would not even a bank account, let alone use the phone or the Internet.

    I am not worried about Google gaining data TODAY. The only difference is that I really don’t think (because of storage concern first of all) that my ISP or my credit card account will keep track of my data for ever. Even my bank will be destroy my data after 10 years, for tax purposes I only have to keep invoices or documents for 7 years.
    Google on the other side is gaining a huge amount of data about my search habits (and don’t tell me that if I swich on and off my computer you won’t be able to track me again, the GUID number is there for that purpose) and making absolutely NO COMMITMENT of ever deleting this data.
    What does happen if in say 20, 30 years Google is taken over by another company with other interests or there is a new US law that will refrain you from withholding data from ISP out particular areas? What will you do? The data will still be there. Once my ISP has sold my data in an anonym way, they won’t probably keep it. My website is also hosted on another ISP than the one I use for Internet. The one knows what I am looking at, the other knows which e-mails I am receiving and their content (because they are making backups) but no one will ever come to the idea of using my e-mail content to deliver a particular set of result as Google might have the possibility to do. The more Google knows about me, the more results are going to be biased and the person is going to be documented about the last x years of my life. I think even if Google is selling my click data, it is not going as far.

  41. Matt, why do you pretend you are unbiased enough to talk about Google while working at Google?

    Could you tell us if there WERE privacy holes? No. Then why this hypocrit post?

    The FACT of the matter is : Google is, and has been, collecting just too much information about too many people for too darned long now.

  42. Matt,

    Great point about ISPs. I was part of AOL Search’s privacy clean up team after last year’s data release. One of the things I spent a lot of time on was the analyzing full flow of data from the moment the user starts typing in a search box to when he clicks off to the result. There is a lot of data that flows – some of it that is under the control of the search engine and some that is not. As much as we work to protect the privacy of searches, there are other people out there who have access to that data and more.

    For those who are especially concerned about privacy of their searches, there are tools like Scroogle and TrackMeNot that can help. (Though at the extreme case you still have issues with keystroke loggers and packet sniffers.)

    As to why people single out Google, I think there are two reasons people get spooked out by Google:

    * Google is much better at targeting ads than credit card companies, phone companies, airlines and others who have lots of data on us. I wrote the other day about how horribly bad United Airlines is at targeting ads to me, even though they know where I live and everywhere I’ve traveled.

    http://blog.agrawals.org/2007/04/26/making-better-ads/

    * Online, there tends to be a more immediate connection. e.g. I just chatted with a friend about feeling sick and all of a sudden I’m seeing ads for cold remedies.

    That said, I think personalization can be used to deliver a much better experience to the user. Google + DoubleClick could equal fewer ads. (http://blog.agrawals.org/2007/04/20/google-doubleclick-fewer-ads/) Instead of the irrelevant crap that clutters our lives, we’ll see ads that are so relevant that we won’t even consider them advertising.

  43. Encryption for Gmail emails and attached files can be easily performed by ZipMail for Gmail. This utility may be useful in case you have secrets to protect when using Gmail. Also available for Yahoo, Hotmail and any other web mails…
    More information: http://www.zipmail-for-gmail.com
    Not as deep as some of the other posts of this thread but very useful indeed!

  44. Steve Hobberstad

    ahhhhh…so you KNOW what I’m sayin’. Delete away, good “friend.”

  45. Great post.

    But think about Google’s massive information centers… Even if they do not use for any bad thing at the moment – what if suddenly the US would enact some Super Patriot Act and raid Google?
    Or how about Google simply abiding to US laws that have only come about through manipulation and just outright filthy fear-strategies? (Like the Patriot Act)

    I live in Sweden – a far way from the US – and we’ve had agents from the CIA (!!!!!) coming into our airspace, landing, and kidnapping Swedish citizens being “terrorist suspects”!
    I mean, sure, Swedish intelligence had to know about it, and sure, someone decided to shut up about it beforehand – but the very possibility!

    Also in Sweden, did you know that the Swedish justice system recently (a year back?) raided and pulled down Piratebay.org ONLY because of pressure from Washington?
    At the time (and that holds still I’d believe) we had NO laws authorizing this act.
    Piratebay is now up, and it now has several more backup-servers than before this quite illegal raid – but the very possibility!

    When I travel to the US, I’m forced to tell them I’m not a terrorist and they take my fingerprints and a photo of my eye.

    I’m not trying to sound like an anti-American moron now, I dig the US (which is why I travel there), and I love Google because of it’s innovation, it’s honesty and it’s understandable user agreements. Not to talk about the ease of use. 🙂

    But I can just say that I’ll keep a close watch on America and various companies both – and the moment I have anything of remotest import going on, I’ll most certainly use encrypted-only non-US services, and as far away from Google as possible.

  46. No matter how Google carefully maintains its reputation of managing privacy data, as best player of protecting privacy (of course my opinion only) in the markets (though not necessarily good enough), you would not expect the voices against Google will ever go down. Some people even complaint the text advertisements. So…

    “It seems scary, but the fact of the matter is that your data just isn’t that important. Nobody is going to go look you up in the google database and read your e-mail. You simply don’t matter enough for that to be worth anyone’s time.” by Jonathan Rockway.

    As long as no outsiders of google can snip your mails to your secret lovers, what are you afraid of?

    Ah, maybe a spy or private detective working in Google will check your Gmail and other private data important to you and to the spy. However, if anyone wants to spy on you because you are important, the spy can spy on you anyway, not necessarily through Google. Google is not your privacy nanny, and it is you who take care of your own privacy, with a bit assistant from regulations, and more from many existing tools, such as PGP and Tor etc.

    After all, it is about balance. Balance between privacy, data of privacy, convenience of customized services and some “rewards” back to the service provider.

  47. well
    i think g technology is way advance and it sometimes detects correct ip even using the “normal backdoor ” and about other things yes they can use it any way they like ,but they do say that u can use our services on our terms thats all .the whole story ends then .

    thx

  48. I’m all for privacy and I believe that Google really does care about user privacy, because it’s in their best interest. However, I also assume that there isn’t any real absolute privacy on the Internet. The best privacy protection is that no one really cares what you are doing unless you are doing a lot of searches for “how to build an IED” in which case I would assume you would attract some attention from the NSA or CIA or one of those spooky three letter agencies. Maybe you wouldn’t and I’m just paranoid. But really, what could be more boring than reading other (average) peoples email?

  49. Any comments on this Matt?
    http://www.poundprivacy.org/

  50. This is slightly off-topic, but darn close. I have a person with one heck of a malicious grudge who has published my personal identity, including name, address, date of birth, driver’s license number, Social Security number, bank account numbers, credit card numbers, even samples of my signature on a website hosted in Panama. Needless to say, the web host is not exactly cooperative. Talk about invasion of privacy.

    I’ve submitted the URL of the .pdf file containing my information and written Google. Google does not have that specific file in their index, but the website is full of references to my identity with internal links to the .pdf file. I know Google looks at content, not links, but hey, if ever there was a website that deserved penality or outright banning (a Google competitor has banned the entire site), it is a website that publishes someone’s private ID.

    For obvious reasons I’ve not provided the website, but email me and I’ll be sure to give you the details.

  51. Thanks a bunch

  52. Its about time Google thought about privacy minus the salt!

  53. I LOVE Web History !
    thanks Google for doing this.

  54. Whilst I do trust Google more than most companies with my privacy, are you not also concerned about the possibility of tracking more and more information about users to the extent of google being able to suggest an answer to the query “What Job should I take?” (Telegraph, http://www.belfasttelegraph.co.uk/news/technology/article2589388.ece)

    Also, wondering what you think about the related auction theory argument that Google’s increasing price comparison services may be pushing consumer prices up (RustySpigot, http://www.rustyspigot.com/feed/blog/wordpress/?p=8)

    Thanks for your time
    Chris

  55. I use a program called anonymizer I am hoping this also protects me when i log into my gmail account.

  56. corey points out an interesting article; I’d emphasize that that article is about ISPs, not Google

  57. thanks Google for Web History ..
    i love this. 🙂

  58. Google will save their cookies for 2 years.Oldly strategy of them to save cookies more more and more time period..etc until 2040.

    Thanks for article.

    Best regards.

  59. People like to pick on Google a lot. It’s a passion.

    All I can think as I read comments here and other places about this issue is that if people knew how much of their personal information was readily available to moderately talented hackers on websites, from their banks, and myriad other sensitive places, they’d be much more worried about places that don’t know how to protect themselves from the risks.

    This is a touchy issue with me as much as anyone, but I’d put Google up against anyone’s bank, ISP, etc. any day of the week for being aware of the risks and taking measures to protect what we have willingly let out there by simply using the web.

    It’s a responsibility for individuals to know that simply coming online poses threats. Period.

    Everyone tracks everything is the motto. That isn’t going to change and Google certainly isn’t the first or last – they are just the biggest.

  60. I use a program called anonymizer I am hoping this also protects me when i log into my gmail account.

  61. 1) Google is not the most dangerous entity in terms of privacy issues (I’m more concerned about intra-office gossip, personally)

    2) If you’ve got something to hide – you must deal with it. I don’t care if Google has my data; I’ve got nothing to hide! Read all my Gmail if you want (except for my Panama shipping cargo requests – j/k).

    Yes True

  62. All I can think as I read comments here and other places about this issue is that if people knew how much of their personal information was readily available to moderately talented hackers on websites, from their banks, and myriad other sensitive places, they’d be much more worried about places that don’t know how to protect themselves from the risks.

  63. Combine Gmail with Google Desktop and my searching habits and my blog reading habits and you’ll be able to sell good ads to me but you’ll probably know more about me than myself which is why I try to pick and choose apps from different providers.

  64. Google will save their cookies for 2 years.Oldly strategy of them to save cookies more more and more time period..etc until 2040.

    Thanks for article. Thank You

  65. Great point about ISPs. I was part of AOL Search’s privacy clean up team after last year’s data release. One of the things I spent a lot of time on was the analyzing full flow of data from the moment the user starts typing in a search box to when he clicks off to the result. There is a lot of data that flows – some of it that is under the control of the search engine and some that is not. As much as we work to protect the privacy of searches, there are other people out there who have access to that data and more.

  66. well
    i think g technology is way advance and it sometimes detects correct ip even using the “normal backdoor ” and about other things yes they can use it any way they like ,but they do say that u can use our services on our terms thats all .the whole story ends then .

    thx

  67. What guarantee can you give me that google won’t bend over backwards, change all their privacy and data retention policies and hand over all their data and emails to the US government next year, due to some new nonsensical law (patriot act part-2?) they may decide to bring in?

    The very fact that google has this humongous vast amount of data, and with it, the potential for unlimited abuse, should be enough to scare anyone off them.

  68. Combine Gmail with Google Desktop and my searching habits and my blog reading habits and you’ll be able to sell good ads to me but you’ll probably know more about me than myself which is why I try to pick and choose apps from different providers.

  69. This is a touchy issue with me as much as anyone, but I’d put Google up against anyone’s bank, ISP, etc. any day of the week for being aware of the risks and taking measures to protect what we have willingly let out there by simply using the web.

  70. ithink g technology is way advance and it sometimes detects correct ip even using the “normal backdoor ” and about other things yes they can use it any way they like ,but they do say that u can use our services on our terms thats all…

  71. Google will save their cookies for 2 years.Oldly strategy of them to save cookies more more and more time period..etc until 2040, thanks for article. Thank You

  72. Great point about ISPs. I was part of AOL Search’s privacy clean up team after last year’s data release. One of the things I spent a lot of time on was the analyzing full flow of data from the moment the user starts typing in a search box to when he clicks off to the result. There is a lot of data that flows – some of it that is under the control of the search engine and some that is not. As much as we work to protect the privacy of searches, there are other people out there who have access to that data and more.

  73. I use a program called anonymizer I am hoping this also protects me when i log into my gmail account.

  74. All I can think as I read comments here and other places about this issue is that if people knew how much of their personal information was readily available to moderately talented hackers on websites, from their banks, and myriad other sensitive places, they’d be much more worried about places that don’t know how to protect themselves from the risks.

  75. I admit I have only a small amount of knowledge of this issue…

    But…this all seems crazy to me.

    If the NSA or CIA or whatever recorded everything we did on the net (maybe thay already do?), people would be up in arms…literally!

  76. Great point about ISPs. I was part of AOL Search’s privacy clean up team after last year’s data release

  77. Great point about ISPs. I was part of AOL Search’s privacy clean up team after last year’s data release. One of the things I spent a lot of time on was the analyzing full flow of data from the moment the user starts typing in a search box to when he clicks off to the result. There is a lot of data that flows – some of it that is under the control of the search engine and some that is not. As much as we work to protect the privacy of searches, there are other people out there who have access to that data and more. thanks for life.

  78. can you give me that google won’t bend over backwards, change all their privacy and data retention policies and hand over all their data and emails to the US government next year, due to some new nonsensical law

  79. All I can think as I read comments here and other places about this issue is that if people knew how much of their personal information was readily available to moderately talented hackers on websites, from their banks, and myriad other sensitive places, they’d be much more worried about places that don’t know how to protect themselves from the risks.

  80. This is a touchy issue with me as much as anyone, but I’d put Google up against anyone’s bank, ISP, etc. any day of the week for being aware of the risks and taking measures to protect what we have willingly let out there by simply using the web.

  81. Structured data is a vague term that just means what it says, and has no real formal definition outside this article. Any database or XML document or tag-value table offers structured data, so the term is pretty loosy-goosy.

  82. are you not also concerned about the possibility of tracking more and more information

  83. This would only be true if a person only accessed Google (and the internet in general) from their home via their ISP. A lot of people spend as much time online from their work as they do at home, or roaming around (traveling or just at the local coffee shop, etc.) Google can capture their complete history because they can follow them from location to location. There’s no way for an ISP to do this.

  84. Structured data is a vague term that just means what it says, and has no real formal definition outside this article. Any database or XML document or tag-value table offers structured data, so the term is pretty loosy-goosy.

  85. I read comments here and other places about this issue is that if people knew how much of their personal information was readily available to moderately talented hackers on websites, from their banks, and myriad other sensitive places, they’d be much more worried about places that don’t know how to protect themselves from the risks.

  86. Wow this is pretty heated. I’l just like to point out that Mandy didn’t say there wont be updates till after the holidays, she just said she couldn’t announce anything at that time. At any rate, ball’s in your court microsoft.

  87. THANK YOU pretty heated. I’l just like to point out that Mandy didn’t say there wont be updates till after the holidays, she just said she couldn’t announce anything at that time. At any rate, ball’s in your court microsoft.

  88. THANK YOU pretty heated. I’l just like to point out that Mandy didn’t say there wont be updates till after the holidays, she just said she couldn’t announce anything at that time. At any rate, ball’s in your court microsoft.

css.php