Matt Cutts: Gadgets, Google, and SEO

202 Comments »

1. Matt Cutts Said,

   June 11, 2007 @ 1:24 am

   (In this comment, I mentioned that someone had dropped spammy looking posts on PI’s site. The urls are gone now, so I’m deleting this comment.)

2. SearcH EnginesWEB Said,

   June 11, 2007 @ 1:27 am

   It is vital that people be perspective, in accessing and analyzing the entire issue.

   Google will only take as much information as it needs to:

   Perfect its algorithms
   Offer personalized search options
   Offer more relevant advertising

   Without advertisers, many of the free services that are offered, would either be terminated or mediocre at best.

   Also revenue enables the hiring and competitive compensation of top Developers

   And the purchase of turnkey and cutting edge hardware.

   It is important that a public which enjoys free services, be more open about accommodating the needs of the financial providers of these services.
   Also, a public that insists on relevant organic serps should be understanding about the technical requirements to stay competitive, and to serve up relevant ads.

   Those who are overly concerned about relative privacy can be proactive by:

   Using a proxy
   Deleting cookies
   Not using the free web services that require sign-ins.
   Or using a Meta search engine that allows isolating Google serps.

   Google should be applauded for standing up to the Government when others relented out of intimidation!

3. Harith Said,

   June 11, 2007 @ 2:10 am

   Matt

   I though Danny has covered that privacy thing in excellent manner leaving you time to focus on:

   - discussion of the extra info that’s been added to our webmaster quality guidelines

4. tedster Said,

   June 11, 2007 @ 2:40 am

   Matt, I think your reaction is incredibly controlled - I’d be ballistic and i don;t go ballistic easily. That is clearly a piece of negative spin, rather than anything close to an objective report. It reflects very poorly on Privacy International, not on Google.

5. Hawaii SEO Said,

   June 11, 2007 @ 2:46 am

   Yeah... You’re right - They missed the mark.

   However... (IMO) Even though it’s not accurate, it’s a story that many already people believe, even before it’s told.

   Google collects a mind boggling amount of personal and corporate data. You folks collect it with the Google Toolbar, AdWords, AdSense, Google Analytics, Blogger, Google Maps, Google Reader, Gmail, YouTube and now Doubble Click and FeedBurner... WOW! - (Yikes)

   Some people may think it’s too much information.

   I like Google and the people running the show right now. However... Things change. Things might be very different 10 years from now.

6. Owen Said,

   June 11, 2007 @ 2:57 am

   I think the biggest issue here is fear that Google is growing too big. Google is in the job of information collection, analysis and dissemination; that’s all Search is after all.

   If, it was OK for Google to do this a few years ago, why do people have a problem with it, just because it’s collecting data from more sources?

7. Adarsh Rangaswamy Said,

   June 11, 2007 @ 2:58 am

   Google does collect a phenomenal amount of data from the users, but how much it publishes has always been a matter of debate. Good to know that Google has processes in place to protect personal data. But without doubt, data collection by Google has and will make the world of search a better experience to users.

8. Dave Starr --- ROI Guy Said,

   June 11, 2007 @ 3:10 am

   No, I don’t feel you missed the mark at all, Matt ... but I do resonate strongly with HawaiiSEO’s comments.

   I am a Google supporter in many ways, including collecting AdSense publisher’s checks, so I am not inclinded to bite the hand that feeds me arbitrarily.

   But I didwork for the US governement for many years, mainly on projects at a high level of classification .. I know quite a bit about security, at a level above the “ones and zeros” and what characters should be in a password.

   Over the years a number of significant security breeches have aoccurred simply becuase too much data is stored, all secured by best practices, on specific programs or issues. Suddenly (and you’ve all read articles in major media, sometimes without even knowing that the articles actually revealed classified information) a reporter or other interested party takes info from one source, and then another and “click” the puzzle peices fit together. Happens all the time and will continue to happen.

   Google collects massive amounts of data ... far, far beyond what any ISP or even Google competitor collects and I would submit, Matt, that there is not enough long range planning and oversight. Google’s corporate focus on security, given that Google is run by “computer experts” is focused on “computer-related security” ... not upon the mountain of information the computer-level security is keeping private.

   Just the one widely publicized agreement about anonymizing query logs after _18_ months points this up. It’s “your” data and “you” are going to hang onto it as long as it possibly an be milked. But think through what possible use millions and millions of 18 month-old queries can be .. still identified personally to the individual’s IP. It makes no sense, and creates a massive pool of data that could, by virtue of something as simple as an AOL “Ooops” be released. If the identifiable data wasn’t there in the first place ... it couldn’t be released.

   That’s why in the classified documents world “the shredder is our friend” ... what is no longer there can’t possibly go misisng.

9. Markus Said,

   June 11, 2007 @ 3:20 am

   Matt, if Google is serious about privacy protection and wants to clearly state so: European Commission just started a project to establish a European privacy protection quality certification. Information at https://www.datenschutzzentrum.de/europrise/

10. Alexandru Said,

    June 11, 2007 @ 3:27 am

    I agree with Hawaii SEO. Your policies might be good when compared to others, but since you guys collect the largest amount of information, you are still my greatest concern. And yeah, I see new ways for Google to find out new personal data of mine without my permission with many of your announcements and I don’t like it at all (DoubleClick, FeedBurner, StreetView).
    The fact that you were keeping the search history for my account without asking me (I had to go deactivate it but many don’t even know about it) really pisses me off.
    So yeah, I’m glad Privacy International said something about it, even if they took it too far, and I’m glad that the European Union is doing something about this.
    You might not be able to sleep at night because thoughts of protecting my privacy run amok in your head, but you’re still using the data you collect from the 8-9 Google services that I’m using. And yeah, I know I can stop using them. Believe me, I’m trying to find better alternatives.
    I agree with Hawaii SEO on another thing also (guess I should become a subscriber now), that a lot of things can change in the next 10 years. I can already see your image very slowly changing from the favorite child of the web image to the evil spawn status that Microsoft has already achieved. It starts first with the webmasters that come in contact with you guys all the time, and just as Firefox managed to get a huge chunk of the market with the help of the webmasters that promoted it, so can other search engines if you manage to piss off the geeks like Microsoft did.

    Well, enough ranting. Just my $0.02.

11. Jason Said,

    June 11, 2007 @ 3:35 am

    Matt, I saw a comment on Slashdot about this story that I’m starting to agree with - noone’s heard of Privacy International before, so this is just a big PR exercise on their part to get their name out there.

    “Privacy International attacks AOL” doesn’t grab as many headlines (who hasn’t attacked AOL?) as “Privacy International attacks Google” because ... OMG ... they’ve attacked GOOGLE.

    Cheap PR. Suddenly everyone’s talking about them.

    (Maybe it’s backfired a little though - now everyone’s talking about them like they’re a pack of idiots...)

    As for their site ... looks like its run off some kind of CMS that someone somewhere managed to find the admin interface and password for.

12. feedthebot Said,

    June 11, 2007 @ 3:43 am

    I bet you are glad you slept on that. You provide a compelling argument in a clear manner, my compliments. It really is a screwy inaccurate report.

13. Kev P Said,

    June 11, 2007 @ 4:09 am

    I think one of the problems is that Google are so transparent in the amount of information that they collect allowing discussion of it and almost rejoice in the quality and their ability to be relevant down to the personality and location of that personality level, that they leave themselves open to debate and scare mongering.

    The other companies mentioned seem not to draw attention to themselves in this regard and so get away with it.
    Also, bad mouthing Google over pretty much anything can get you traffic.

14. Andrew Said,

    June 11, 2007 @ 4:22 am

    Matt, I am really glad you commented on this, and you are right...PI’s report SUX! I can’t help but think they were scorned and wanted some cheap publicity...they sure got it, and Google PR is likely going into overdrive.

    On that point, I left a comment on Scoble’s blog (http://scobleizer.com/2007/06/10/google-slammed-in-privacy-report/) regarding Google’s apparent lack of engagement and how this is causing unease with many consumers (probably the more “Ma & Pa” type consumers anyway). You have talked about this before as you try and get more Googlers to blog and open themselves up a bit with Feedback mechanisms etc.

    Do you think this is contributing some basic users fears regarding Google and also feeding the Media with opportunities?

    As a side note, I have noticed over the last few months many initiatives within Google to improve this situation. Developers Days, more blogs, feedback requests, Open Source, more interviews, etc...but it is very targeted to the Technical users...not the “Ma & Pa’s”

15. Dean Clatworthy Said,

    June 11, 2007 @ 4:49 am

    I agree with you Matt. This article is a joke and it’s got massive press in the UK, national news etc. It’s a shame.

16. Julie VanMersbergen Said,

    June 11, 2007 @ 5:04 am

    I think PI and the report are pretty bad. Which is a pity, because I think there are some very fair criticisms that can be lobbed at Google in regards to privacy. I suspect the EU are going to do a far better job with identifying them.

    1. As has been pointed out at places like SMX, logging out of Web History (and even the mechanics of it) are practically hidden in a ‘cold’ part of the page.
    2. Google collects a LOT of data, anonymized or not, as prior poster claims.
    3. There isn’t a way for a user to review their own file and correct it, or get it removed. This used to, I seem to recall, be required in the EUDPD, although I’ve been playing US-only privacy games for several years.
    4. Again as previously noted: Current corporate policy has been acceptable, in so far as Joe User knows about it, to date. But you’re a US company. You’re public. You’re subject to a lot of external forces. Those external forces include socio-political stuff, and can involve the FBI, CIA, NSA, etc. Things change, and can change quickly. It’s a risk.

    I think Americans, as a whole, are far too complacent about personal data. Once released, it’s very hard to put back in a cage in a dark, private basement. Google data is a huge and behaviorally-oriented example of this, and that data in the wrong hands really could be pretty deadly.

17. Alejandro Said,

    June 11, 2007 @ 5:07 am

    I don’t consider Google worse than the competition, except for two details:

    1) Google is a market leader. As such, they control more information than other companies. It’s evidently not Google’s fault, but market leaders will always have a harder time.

    2) Google’s “Do no evil” motto. People will always be harder on Google because Google claims to be morally superior. And there’s no spotless corporation. It makes Google sound fake.

18. Mani Said,

    June 11, 2007 @ 5:08 am

    I think it’s biased and unfortunate.

19. Brett Tabke Said,

    June 11, 2007 @ 5:10 am

    I have read the study now and agree, there might have been a better presentation of the facts. However, I strongly disagree that Googles defense should be to point the finger at other large search engines.

    There are serious issues here and making the case that Google is better because it didn’t loose any data last year is admission of guilt by association. What is called for is a point-by-point address the concerns and avoid the knee jerk reaction to point a finger at the competition.

    The only one Google should be concerned about in this case is Google.

    -bt

20. Daniele Mosaici Said,

    June 11, 2007 @ 5:13 am

    Ars Tecnica is one of the most authoritative websites out there about this kind of issues. They are covering the Privacy International report here:
    http://arstechnica.com/news.ars/post/20070611-google-named-worst-privacy-offender-in-study.html

    Looks like Ars Technica is not sharing your idea that Privacy International lose credibility. I’d say that Google is losing credibility here.

21. David LaFerney Said,

    June 11, 2007 @ 5:22 am

    I heard the news story about this on NPR right before I sat down to my computer just now, and it is certainly being reported as though it’s good information from a reliable source. I guess that illustrates that if you are at the top of the heap you become the target for most of the mud. Especially on a slow news day.

    I appreciate efforts to protect user privacy, but at the same time I always assume that whatever I do online could be compromised. Am I just paranoid or don’t most users make a similar assumption?

    BTW, when do you people sleep?

22. Simon Leyland Said,

    June 11, 2007 @ 5:39 am

    Yeah i agree with the general sentiments of the comments. The report is off the mark, poorly presented and recieved too much publicity. There is a but though Matt, and that has already been touched upon.

    I believe Google will be the dominant Internet player for many years to come and as a result you’ll collect more information on Internet users than any other organisation on the planet. To protect Google users and Google’s brand againt publicity seeking lobby groups Google should aim to be the most progressive organisation on maintaining and protecting user data.

    Google are already the stand out leader in Search and several other internet technologies, for your own sake implore Google management to be the industry leader in user privacy.

23. Tim Trent Said,

    June 11, 2007 @ 5:44 am

    Generally I support all that Privacy International stands for. Lately I’ve been feeling that they are losing touch with reality. Let;s be fair, I like their gritty and no nonsense approach, but, as I’ve blogged myself, the whingeing in their website really does add the final nail in the coffin for this particular report.

    Google isn’t squeaky clean. It’s the only game in town for many things, and it knows it, and that is, of itself, cause for concern about its future management and whether it could be “induced” to serve the US Government, but this report is an irrelevance in that discussion.

24. alek Said,

    June 11, 2007 @ 5:47 am

    At least for me in Firefox, the “preteen porns” URL’s look different on my end - just has a 01/01/1970 date instead of the 3 lines you wrote above - have they changed the content based on your feedback?

25. JoJo Said,

    June 11, 2007 @ 5:52 am

    I saw the headline ‘Google ranked ‘worst’ on privacy’ on the BBC website http://news.bbc.co.uk/1/hi/technology/6740075.stm but ignored, because as a regular reader of this blog, I knew that the headline could not be true. I feel more confident using Google’s services than I do other websites but this sort of report is going to be damaging to Google’s reputation for the general public as [shock horror] not everyone in the world reads this blog ;D

26. Johan De Silva Said,

    June 11, 2007 @ 5:56 am

    I don’t think there is anything wrong with pointing finguers. I had always questioned Hitwise practice as unethical however an excellent service I continue to buy.

    Matt, while on vacation maybe you should have read 1984 by George Orwell...
    http://www.time.com/time/magazine/article/0,9171,800425,00.html?internalid=atb100

27. Robert Said,

    June 11, 2007 @ 6:06 am

    I’m not sure how much you accomplish by trying to address a systematic problem with a couple of one-off examples. Through consolidation of the platform, Google has a strategic data trove that would make the NSA jealous.

    Like it or not, Google is in its own ballpark here. Never before has a private organization had such comprehensive data about a large demographic, and with that comes new risks. Google can’t cheaply explain away its flaws by comparing itself to AOL.

    While the PI report leaves a lot to be desired, I do look forward to seeing the full report. The more hard facts we can get about Google’s stance toward privacy, the better. While Google may appear to be the friendly neighbor, it is really a huge, intensely secretive public company in the consumer data business. Google is the surveillance camera we’ve all invited into our house.

28. Jonathan Sutherland Said,

    June 11, 2007 @ 6:23 am

    Unfortunately I’ve read the headline 3 times already - I assumed it was anti-googlers taking a cheap shot. Thanks for discussing it openly. The PI report is so biased.- there must be a couple of anti-Google people working there.

29. Chris Said,

    June 11, 2007 @ 6:40 am

    Their goal is not to help consumers understand privacy. So why are you mad? Their goal is be in business and make money. Google bashing is much more valuable than Yahoo bashing or MS bashing (which saw its market peak in the late 90’s ) As long as its more valuable to companies like these to bash you they will, so hang on. This is only the beginning. I say you should keep focusing on the customers and your voice will always be louder and more respected than Privacy International.

30. Charlotte Web Design Said,

    June 11, 2007 @ 6:47 am

    Seems as if Google keeps getting hit by “privacy” groups everywhere. First the streetview from Google maps and now this. Google is becoming big brother and folks are starting to see that they are, even though we know its not true. The media will spin it because after all, the motto “Do No Evil” isn’t really newsworthy in their eyes.

31. George Gardner Said,

    June 11, 2007 @ 6:48 am

    First, PI makes mention of Orkut, Google’s online community:

    ”We ranked Orkut as a separate entity even though it is owned by Google.”

    But later links the two together while citing the reasons why Google was ranked so poorly, claiming:

    ”Google often maintains these records (user data) even after a user has deleted his profile or removed information from Orkut.”

    PI makes no mention as to what Google does with the Orkut data. Why? Because they don’t know; but, does not hesitate to lower Google’s privacy score as a result of, as stated in the report.

    “Google has access to additional personal information, including hobbies, employment, address, and phone number, contained within user profiles in Orkut.”

    But assessing a company, based on facts unknown, is a violation of its own rules.

    “It was not always possible to precisely assess a company’s approach in each category. As a result, we erred on the side of caution and gave the company the benefit of the doubt and assessed it only for what we could actually identify.”

32. Robert Said,

    June 11, 2007 @ 6:49 am

    Matt, I completly agree that this report is a total joke and anyone with a QI higher than 10 will agree. Search Engine Land do an excelent job explaining why.

    However, Google is a leader in the market and as such should be a leader in privacy. What you are doing now is not enouth.

    Then, there’s this Danny Sulivan quote:

    “I think Google’s problem is that it far too much believes its “Don’t Be Evil” philosophy without realizing it’s a big company that people simply aren’t going to trust. In the years I’ve dealt with Google, the culture is one of “we’d never be bad.” That should change to one of “how might we be bad, and how do we prevent it.” Google should assume the worst about itself, not the best.”

    Please, I can’t stress enough how that paragraph is import. And it looks like Eric Schmidt don’t understand it. Be sure to put that paragraph on the Google Intranet, on the walls, on your email signature, everywhere. And be sure that all Google employers (specially management) read it 10, 20 times so that they really understand it.

    But, let’s take an example of how privacy could be improved:

    1) Instead of anonymizing user logs after 18-24 month, delete it. Yes, that’s it. Delete it. Why not?

    2) Substitute all those service privacy policies by something such as Redhat one-page SLA.

    3) You have mentioned that ISPs can spy on user queries. Well, do you know what? That’s is also a Google problem. When I try to access httpS://www.google.com it redirects me to httP://www.google.com. Amazing. no?

    4) I don’t know exactly what information is beeing collected. For exemple, is my browser Useragent info beeing collected? You know, there’s a lot of toolbars out there that append theirs versions to the browser Useragent string. So, If I am the only one using a specific combination of toolbars in a city, it is like a permanent cookie - it doesn’t matter if I change my IP. Imagine people seeking by Useragents (with toolbars versions appended) on that AOL leaked data!

    5) And so on, and so on...

33. Robert Said,

    June 11, 2007 @ 6:52 am

    Correcting:

    “Please, I can’t stress enough how that paragraph is import.”

    I mean, “Please, I can’t stress enough how that paragraph is important!”

34. John Chappell Said,

    June 11, 2007 @ 6:52 am

    I understand that you (and most people reading this) will have an instinct to leap to the defence of Google, and rightly so - they pay your bills. You make fair points about free tools, and how they are paid for, and I don’t dispute those. I use Google products quite happily, knowing that some of my personal information is accessible as a result, and that this is the price I pay for the use of the tools.

    However, since you appear to be the only accessible Googler responding on this issue, please could you address the question (as for instance mentioned here: http://www.privacyinternational.org/article.shtml?cmd347=x-347-553964 ) of Google staffers conducting a smear campaign? Surely that does not meet with the supposed Google-will-do-no-evil principle?

35. Jordan Said,

    June 11, 2007 @ 7:09 am

    It was on CNN this morning. That’s the #1 reason NOT to listen to this anti-Google-ness.

    But yeah, AOL got a higher ranking than Google? Now that’s irony.

36. Adam Sharp Said,

    June 11, 2007 @ 7:14 am

    I think a lot of this animosity stems from “Don’t Be Evil”. Adopting that corporate motto was like slapping a giant bullseye on the company.

    Your frustration is definitely justified. The authors of the report clearly realize their organization will get the most attention if they focus negative attention on Google. “Microsoft worst privacy offender” isn’t a sexy headline (not saying MS is the worst).

    I kinda agree with Brett about throwing other companies under the bus, but it does seem important to point out the bias/ignorance of the report. Comparisons are probably the most effective way to to do it.

37. Esrun Said,

    June 11, 2007 @ 7:25 am

    Interesting to read your side on this. I can see your point.

38. Kevin Ouellette Said,

    June 11, 2007 @ 7:29 am

    The fact that they put Google behind MS and AOL totally debunked the findings for me. I went from “uh oh..” to “hah!” in the span of about 4 seconds when i read the original article. That being said, privacy is a huge issue and the fact that Google is now on notice (to yoink a Colbert-ism) is a good thing whether it’s fair or not. It will only make G stay vigilant on privacy issues because any tiny slip-up is going to come back to smack them in the face x100. It’s lonely at the top!

39. Doug Heil Said,

    June 11, 2007 @ 7:32 am

    naw, naw; I disagree with Brett. That firm and report is clearly biased against Google for some reason. I see nothing wrong with pointing out the very clear websites out there who violate the most basics of the privacy issues. You know I will disagree with google in a heartbeat with many things, but I cannot disagree with this. Sometimes there are firms/people out there who simply want to bring you down in whatever ways possible for reasons that can include conflicts of interests, etc and many other reasons..... like; erm, speaking the truth about things. In this case; it’s very clear what is going on in my mind.

40. Jan Klier Said,

    June 11, 2007 @ 7:38 am

    This was an unfortunate report (and I’ve only read press coverage of it, not the report itself). I think there are a few things at the macro level that contribute to incidents like this:

    - There’s a general lack of understanding by large parts of the society on how technical details work. Whether that is the computer itself, or the search engine. The more complex, the more networked, the less transparent it is, and the fewer folks will be able to form informed opinions with less bias (not that anyone is ever unbiased). There are many folks that believe that the Internet is owned by someone, who monitors and censors all traffic (that may be true in some countries, but not the Internet in general, and I won’t take the bait to talk about the Patriot act).
    - Search engines, like any other website are opt-in businesses. Nobody is forced to search online. People need to be informed and consent to using them. People should realize that any interaction with a website is going to result in logs being stored somewhere. If you have something to hide, then don’t do it where others can see it. But people are pretty ignorant. That was well demonstrated in a recent paid search ad which stated ‘click here to infect your computer with a virus’ and more than 400 people clicked on it.
    - Personally my take is, that it’s ok to collect the data, if reasonable measures are taken to prevent use that is harmfull to the subject, or unintended disclosure of any kind. There also needs to be a way for any user to see what data exists on them, and a way for the person the data is about to resolve any issues resulting from data collection and data inaccuracies. Do I mind the no-fly list? Not really. But I do mind that there’s no reasonable effort remedy to address inaccuracies in the data contained if they affect me. The recent Boston Legal episode captured that very well. I think as an industry we have ways to go about being transparent and empowring users to manage their online data profiles. A recent issue on Technorati comes to mind where search results were included in their search indeces even though the account was deleted and they were contacted about it, potentially causing damage from continued disclosure of the data. For that reason I’d much rather have Google collect my data, than some small start-up which hasn’t learned their lessons yet. The fact that search engines for well-known reasons have to operate with a fair amount of secrecy and non-disclosure just adds to both the lack of transparency and the perception of an intent less well meant than reality.

41. bill weaver Said,

    June 11, 2007 @ 7:40 am

    Hi, Matt. Normally I’m inclined to roll my eyes at groups like Privacy International, but in this case I have two additional observations. First, you are biased and missed part of the point: that Google does indeed collect a staggering heap of personal data, which leads me to...

    Second, the fact that you have much-publicized fights with the US government (but give in to China?) does nothing to address the fact that Google itself has the data. What guarantees Google’s use of that data?

    I would encourage everyone (especially those of us signed up for Google services like Gmail, Picasa, Checkout, etc.) to think about something for a long moment. Besides the government, who collects more data about us than Google?

    That’s half the point Privacy International is making in their report. For the loyal Google users, you have our buying habits, surfing habits, what ads work on us, our email, spreadsheets, written documents, credit cards, address, phone numbers, photos, notes, calendars, and more.

    Google is a business and there are always pressures to find new revenue streams. If you want to prove you value our privacy, give us the ability to encrypt our data, show how you WILL NOT use our data to market us or leverage your giant databases against us.

    It is not enough to protect us from the government; show us how you will protect our data from Google Inc.

42. dlperry Said,

    June 11, 2007 @ 7:52 am

    Looks like they got what they wanted - great gobs of free publicity.

    And for the record - while I am a tad miffed with ‘theGoog’ at this precise moment in time - I do not agree with the documents assessment of Google in terms of privacy.

    my .02

    --dlp

43. Shelley Said,

    June 11, 2007 @ 7:57 am

    Try this on for size:

    Start from the premise that perhaps this organization’s concerns are a legitimate reflection of how people are going to perceive Google in the years to come. And then think about how this could be a way of ‘kicking’ Google out of its complacent dependence on the goodness of its search for the ultimate algorithms, by reminding those in charge that the internet is more than a set of calculations.

    This is an opportunity for Google. Unless you see it this way, get used to having your spleen agitated on a regular basis.

44. Matt Cutts Said,

    June 11, 2007 @ 8:01 am

    Andrew, really good points. I think Google has been better about communicating recently (and I know that we’ve been paying even more attention to what folks say online, even though people can’t automatically see that outside Google).

    I dunno. PI worked on the study for 6 months and released the study on a Saturday. But if Google doesn’t do a large-scale rebuttal within 24 hours, the argument goes to PI? I took a day to think this over and try to calm down a little bit and I’m glad that I did, but it’s weird to see the blogosphere (or Scoble, or Battelle) say “Google hasn’t responded fast enough or with enough umph in the blogosphere.”

    And Harith has a point: coming back from vacation, I wanted to do more proactive posts, yet the first post I write when I get back is a reactive one. It bothers me a little bit that I let myself get drawn into this discussion. Anyway, nice points Andrew.

    Brett, I’d originally written a much longer post, but decided to cut large chunks of it. I agree that “these other engines aren’t as privacy-sensitive” isn’t as strong of an argument as just pointing out where we take the initiative. There was the unilateral decision to anonymize our logs, and I’d written about Google’s DMCA policy and how we broke new ground on transparent disclosure when urls are removed for legal reasons. But on some level, when a study says “Google is worse than anyone else,” I think it’s fair to say “What about A, B, or C that other companies do?”

    Chris, points well-taken. The vast majority of the company is focused on “how do we improve search, or make the user experience better?” And I think that effort is largely responsible for Google being so popular. I probably didn’t need to dive into this discussion -- my wife said “And this has to do with search quality how?” -- but I consider privacy to be a really important issue and I want people to know that Google does take it very seriously.

45. Maurice Said,

    June 11, 2007 @ 8:07 am

    Yes it does sound odd after all Y gave up a critic of a certain government who’s now in jail - it may be the potential for abuse that people are concerned.

    But some times the tallest poppy gets chopped at and you have to grin a bear it – I’ve been harangued by drunks in pubs over the way BT delivered ISDN before now..

    I think Robert Scobels comments on what Google needs to do now are very good some one needs to make L&S read them even if it means standing over them with a big stick

46. Matt Cutts Said,

    June 11, 2007 @ 8:08 am

    Hey Shelley! I liked your point on (Scoble?) that this was a valid reflection of the potential feelings of regular people (as opposed to search eggheads or techies). And I agree.

    That would mean that Google should spend more time thinking not only about the reality of (search, privacy, etc.) but also about the perception of those issues. I remember one issue where I disagreed with Larry Page because I thought the issue in question would be perceived badly. Larry contended that the issue devolved to a no-op in reality (as opposed to perception), so we should spend our time working on other things instead. I’ve actually seen a little bit of a change on the issue. Now I can go back and say “Shelley agrees with me! We need to tackle this.”

47. Aaron Pratt Said,

    June 11, 2007 @ 8:09 am

    That is surely an extreme example Matt.

    So how is Google doing on the internal reputation management chalk board?

    Your enemies are relentless, that is for sure!

    Please do not ignore search quality.

    Thanks,

    Aaron

48. Doug Heil Said,

    June 11, 2007 @ 8:15 am

    I agree with you Shelley for the most part. However; whether we like or not, Google is the biggest player with all parts “internet” right now. They are a target for most every reason imaginable.

    This reminds me of many, many things that have to do with this privacy stuff. I’m reminded of the mind-boggling people out there who do NOT want anyone or anything listening to conversations by “terrorists”. They would rather react “after” a disaster, than react to something bad before it happens. Why? Because privacy seems to be a more important issue than safety to these people. I communicate with people in other countries all the time.... over the phone. I know darn well my calls are “being moderated” and I do NOT care one bit. It seems the people who are praising this report are the same “far left” people who say that our privacy IS the most important thing in life. Sorry, but “living” is most important to me, and I’m “middle of the road”.

    What about your bank you deal with daily? Why do you think you receive all those credit card offers in snail mail all the time? Do you think there are 6 dollar an hour clerks out there that know where you live, .. how much you spend on what.... where you shop.... where you work... how much you make.... and where you get your hair cut?? Heck yes they know.

    How about that grocery store clerk who just took your credit card or your debit card and now has your entire card number? Don’t you worry about that, or even care about that? Or what about that site you just gave your entire life history to? Do you care about that? LOL

    My goodness; it pains me to see threads at other places discussing this subject like on TW and on others. Are people really living in the same world I am? LOL I use many google services daily, like gmail and stats, etc and think zero about it. I know darn well there are people out there I have done business with in REAL LIFE that I would be concerned about privacy with, and being concerned about Google is quite the laugh-er comparably speaking.

49. Carfeu Said,

    June 11, 2007 @ 8:23 am

    Google is the market leader, so it should lead also when it comes to privacy issues. In my view, Google has a responsability not to become a universal database of personal information, because they eventually will start to use it for their own good and not just to make the search results more accurate. And that would be a real shame.

50. Dyce Said,

    June 11, 2007 @ 8:26 am

    My gathering of these responses to the report (Matt’s and Danny’s) were certainly not imo finger waggling at other search engines to try and make people look the other way at Google and its privacy problems...
    No..
    I see this as more of a ‘We might not be the best, but neither are they... they should be down here too’ sort of thing. These posts outline valid points that appear not to have been taken into account in the report fully.
    *shrugs

51. Michael Markman Said,

    June 11, 2007 @ 8:28 am

    You lost me at “sigh.” May as well start with “poor, poor, pitiful me.” “shrug” “eye-roll.” “dismissive gesture.”

52. Scott Lee Said,

    June 11, 2007 @ 8:28 am

    I read this in my local paper and had several reactions:

    1) Who is PI? I’ve never previously heard of them. Pick on Google and get mentioned nationally. Rule 1 of PR, say something memorable, even if it is a slam.

    2) Who funds PI? I don’t know, but if I was a competing search engine I would REALLY want to undermine the public’s trust in Google since no one seems able to mount a viable challenge.

    3) I’d love to see Google sue PI for liable and do discovery on item #2!

53. Joseph Hunkins Said,

    June 11, 2007 @ 8:30 am

    My quick reaction is to agree with you Matt. I understand Privacy Int’l mostly compared privacy *policies* rather than comparing privacy *actions* which of speak louder than privacy words.

    This also points to one of the blogosphere’s deficiencies - the buzz about the news becomes the news rather than the issue in question. There will be more talk about Google beating up PI than about privacy issues.

54. Kate Morris Said,

    June 11, 2007 @ 8:31 am

    I am going to agree with Matt, this was entirely unfair for Google. Privacy is a concern for everyone, but Google is the least of everyone’s worries. They were slammed to get attention, but alas this is going to hurt for Google unless there is a public rebuttal and quickly. People that aren’t us won’t get it. All they will see is the newspaper title ... skim an article written by a staff writer who also doesn’t understand what’s going on ... and determine that Google is the big bad out to get them.

    That’s going to to hard to combat especially since Google found out at the same time we did. Sorry Matt ... and everyone else at Google, this sucks.

55. Brett Tabke Said,

    June 11, 2007 @ 8:36 am

    Good points Matt. My main concern is that when ever questionable reports come up, our reaction should get beyond a debate of the report and take a look at the issues involved. Where there is smoke - there is fire and this issue is going to continue to smolder regardless of the quality of the report.

    There are huge issues at stake here, and with reports like this, we tend to focus on the sexy well known items like search query logging. Those are kiddie issues that the general web public can understand. However, there are serious deeper issues such as toolbar data, gmail data, and docs data, that are a wild cards that remain unopened and undressed satisfactorily by Google.

    On the other hand, Google is going to continue to get an unfair amount of shots from passer-bys. The top dog is going to get everyones best -- and often cheapest -- shot when they stand to gain from it.

56. Matt Cutts Said,

    June 11, 2007 @ 8:44 am

    Hey Kate, good to see you! I’m still digging out on email; this study distracted me a little bit this weekend.

    Agreed, Brett. I think the larger question to come out of this is “What can Google do to improve both privacy and the perception of privacy by regular folks?”

57. Jess Said,

    June 11, 2007 @ 8:46 am

    Has anyone read this article?

    Google’s goal: to organise your daily life
    http://www.ft.com/cms/s/c3e49548-088e-11dc-b11e-000b5df10621.html

    Here is a quote:

    ---------------
    Eric Schmidt, Google’s chief executive, said gathering more personal data was a key way for Google to expand and the company believes that is the logical extension of its stated mission to organise the world’s information.

    Asked how Google might look in five years’ time, Mr Schmidt said: “We are very early in the total information we have within Google. The algorithms will get better and we will get better at personalisation.

    “The goal is to enable Google users to be able to ask the question such as ‘What shall I do tomorrow?’ and ‘What job shall I take?’”
    ---------------

    How do you get to that level without amassing large amounts of personal information?? Or as Eric Schmidt called it - “Total Information”?

58. Ed Kohler Said,

    June 11, 2007 @ 8:59 am

    Google’s best option is to share as much as possible about what’s being collected and why, and giving people an opportunity to opt-out of anything that makes them uncomfortable. Of course, it’s worth educating people on how opting out may hamper the quality of results served or other effects.

59. Tom Said,

    June 11, 2007 @ 9:10 am

    First of all an ip address is not a individual person identifier - I am not awarded an ip address like a SSN number. I own an ice cream and coffee shop - if a customer walks in for a second time is it a violation of their privacy because I remembered what they ordered on thier last visit? It is good business! Now on the other hand if I collected their personal information and customer habits and gave/sold it to a company within the niche without their permission would be a violation (in my view).

60. Jan Klier Said,

    June 11, 2007 @ 9:15 am

    Scott, good point about the funding. Always good to understand who’s to gain from an obviously biased study? Would be hilarious if this turns out to be another publicity stunt gone wrong from ‘The Algorithm’

61. Peter (IMC) Said,

    June 11, 2007 @ 9:15 am

    From what I read in that report, they based their decision on the fact that Google has such a huge market share and the fact that Google has so many tools available.

    Basically they´re saying: “If you have access to so much user data, you will abuse it because that´s what we would do.”

    Rediculous!

    Though I do have to say that Google does have access to a lot of user data, and it might be tempting. But the way I see Google its goals are not to make as much money as possible no matter what. They want to make money through great services which is of course something that many people can’t understand.

    If Google ever makes the mistake to abuse all this power, they will likely fall harder than any company has done before. But with current ways, there´s no worry there.

62. Hagrin Said,

    June 11, 2007 @ 9:26 am

    Funny, when this report was released I said to myself - “Self, ... duh?”.

    None of this is anything new. I use Google’s services and use them logged in fully knowing that you are creating a profile on me more extensive than the FBI. I know that your business is content targetting and the best way to do that is to learn as much about me as possible. To me, this is all extremely transparent and is the risk I run by using any Internet related service while logged in.

    However, although it’s evident to me, it is not evident to most. I know that when I was explaining this article to my date this weekend (yeah, I’m a dork and have no game if I am talking about Google privacy reports), she had no idea that Google kept that type of information and she’s fairly computer literate. Same with my brother, parents, grandparents, cousins, etc. who I have talked about this with.

    Short answer - techies understand, lay people do not and are scared by your data collection, retention and linking practicies and policies. It’s that simple.

63. Daniel Brandt Said,

    June 11, 2007 @ 9:29 am

    Brett is correct -- where there is smoke, there is fire. Matt should take a look at the supplement to their original complaint to the FTC that was filed on June 6 by the Electronic Privacy and Information Center. He can find it at http://www.epic.org/privacy/ftc/google/supp_060607.pdf

    EPIC is one of numerous privacy groups behind this and similar complaints. There are links between most of these groups, and these groups have years of experience with government regulatory agencies. The privacy regulators associated with the European Union will also be dealing with these issues, and sooner rather than later.

    Matt cannot pretend that PI is a rogue group that has gone off the rails on this issue. Instead, it’s time for Google to start addressing these issues seriously, rather than relying on media spin from Google fan boys.

    How about drastically trimming back on that cookie that expires in 2038? That would impress me as a symbolic gesture of good will. It was that cookie that first alerted me to the fact, way back in year 2000, that Google was going to be a problem when it came to privacy. I was right.

64. Monika Said,

    June 11, 2007 @ 9:35 am

    “In some years, we (Google) can answer your question:what job is the best for me!”
    in this or similiar words a big google guy have said this very proudly in an interview.

    Maybe he is right: If Google can do this, Google can’t respect my privacy.

    With “Google Street View ” Google doesn’t respect my right on my one photo.

    I’m sure this company doesn’t respect my privacy. But this company is the market leader and some europe goverments would like to kill the right of privacy ..so what!

    I’m too old to have the illusion of *privacy* - or I’m too less “green” to believe statements about privacy.

    regards
    Monika

65. MSG Quixo Said,

    June 11, 2007 @ 9:41 am

    What a great opportunity for Google to discuss all the ways it does protect people’s privacy. I guess you have no choice.

    I certainly agree with posters who say Google has a greater responsibility than most companies. I wholeheartedly support the “do no evil” motto and believe it is a symbol of why Google gets as much support as it does. People turn over a lot more info to Google because we do trust that it is a company with a higher sense of values.

    And with its growth and values Google has become an enormous institution, not unlike a government body, requiring transparency, public scrutiny and oversight.

    Yea, I know Google is a private company, but you have to be careful using that argument (as I believe you did on a recent post). When you are as huge and dominating as Google is, you have a higher standard. And when you create an image of Google as a community resource where everyone benefits and contributes, you have to take extra pains at being inclusive and inviting input.

    Anyway, yea, bad report, and probably a misinformed publicity stunt. But you have to watch out for the ranting and self-righteousness. You have another great chance to inform instead, as you do so well!

66. Doug Heil Said,

    June 11, 2007 @ 9:41 am

    Well Dan, you are correct. However; I wouldn’t call them “rogue” at all,.... just far-left whingies IMO with nothing better to do. Do you “opt-out” to everything your bank may do with all the info they have on you? If not, why not? Banks have much more info on us than Google will ever have. Even the smallest person on the pole, like tellers, have access to your life history. It amazes me that the internet is so concerned with this privacy stuff, when people in your back yard and across the street can sell your very personal data to whomever they wish and at anytime. I know one very large bank where you have to “snail mail” an opt-out form to them, otherwise they will “share” your data with whomever they wish.

    Oh sure; Google should continually recheck and rethink their privacy policies, but I think this report is a good attempt at making a name for this so-called “privacy group” where there was no name before. I know I’ve never heard of them before this, so I guess it’s working.

67. Joseph Fiore Said,

    June 11, 2007 @ 9:49 am

    Matt, I had an opportunity to review Danny Sullivans response and I’m glad I did. I first caught wind of this report on my car radio yesterday morning. The story immediately elicited a number of concerns I’ve had with with the way Google captures user data on its numerous and sticky productivity platforms.

    Having had the opportunity to balance some of the main criticisms with the report found online this morning on various blogs and chatrooms, and mixing those impressions with my own understanding of Net privacy, I have arrived at the conclusion that this report was poorly researched, and written with a level of predetermination that unfairly baits Google into a defensive.

    Here is what the report states on its research methodology:

    The report was compiled using data derived from public sources (newspaper articles, blog entries, submissions to government inquiries, privacy policies etc), information provided by present and former company staff, technical analysis and interviews with company representatives.

    In my opinion, any intermediary or second-hand information should be used to establish the groundwork for more exploratory study and focused research, which ought to include follow-up interviews with folks from the company to respond to any outstanding questions, issues or concerns. Especially when its the kind of the study involving a company and as sensitive a topic as Net privacy. And despite the counter excuse that Google didn’t reply to PI, what was the rush in getting this published anyway?

    After all, Facebook recently launched its Facebook Platform, which is allowing 3rd-party vendors to directly interface with Facebook members. With the possibility of this highly evolved social networking site capturing a precise ring of information including full legal names, schools attended (or attending), place of work, family, friends, co-workers, and credit card data if that member acted on the impulse of buying a cyber-gift, why isn’t anyone questioning the extent of that information exchange with external providers, and how Facebooks data collection methods and the exchange of data with external providers may be cause for the same kinds of privacy concerns discussed in the report?

    Moreover, how would a rumored Yahoo acquisition of Facebook not be examined under the same magnification of concern or scrutiny? My point in drawing on these two specific examples is that Net Privacy is evolving so rapidly and taking on a life of its own. What happens yesterday may appear to be a gross violation to Net privacy advocates, but with newly developing moves, mergers and acquisitions, I would rather see a more dynamic report being provided on a more frequent basis, so as to track and keep pace with the changes occurring each day, month and year. This would provide the public service element Net privacy advocates are looking for, while keeping its findings balanced and might even reduce the unfair amount of negative attention on any one company. Its the kind of scope and duty that would hopefully evolve to being broad enough to allow them to reexamine their current methods, and choose instead to score each company on a Net privacy scale (ie. 1 being evil, 10 being martyr) as opposed to building a top list of the Nets worst perpetrators.

    On the quality of research and careful inspection by PI, the report leaves much to be desired. Ultimately, I’m of the view that data collection and processing and the issues relating to Net privacy definitely need to examine the type of information a commercial Website collects, with or without consent. In order to completely understand how each site scores, you have to interface with the specific company and learn how each has implemented safeguards to user privacy, how they plan to address identified areas of concern, and the overall culture of sensitivity towards Net privacy concerns.

    Appointing a unbiased mediator to relate feedback back and forth is another important recommendation. And finally, forming a coalition chaired by the non-biased mediator for each company would allow more developed dialogue and discourse to flow bidirectionally between Net Privacy advocates and the sites providing a valuable service to the Web audience.

68. Pawel Said,

    June 11, 2007 @ 9:50 am

    Well, I had a look on the “International advisory board” of Privacy International. And two things struck me as interesting: Firstly, it has known far-left anti-globalists like Noam Chomsky. Nothing better than to smash the big international company. Why not Microsoft, you ask? Funnily enough, there’s also a Privacy Specialist from Microsoft on the board...

69. Walter Said,

    June 11, 2007 @ 9:51 am

    Well I like your comments and they need to be considered. However the discussion with PI is like two people talking past each other and not listening what the other is saying.
    You have a point with the things you pointed out. However the issues PI mentions are valid. Tons of data is collected there is no way for a user to opt out, IP addresses, times etc are saved - yes I agree only over a limited amount of time, but lets face it to create a detailed user profile, 18 month or 6 month (or whatever the time is) of web activity is PLENTY to know pretty much everything about a person.
    And as much as what you mentioned is true, most of the stuff PI mentiones is true as well.

    What I would like to see is a response going through the PI report in detail and addressing each accusation. At the end of this exercise you’ll find that most claims are still true. Now collecting data doesn’t mean you do bad things with it... however it requires great responsibility. Besides it makes internet users weary why collecting it if its not done yet.

70. Lee Said,

    June 11, 2007 @ 9:56 am

    I think you are missing the most important points of the study.

    1. Google collects tons of information that most people (if they understood what it could be used for) would not want tracked.

    2. Google keeps it for way too long. Anonymous or not. AOLs data was “anonymous” and they also thought it was “safe”.

    3. Google collects data from more people than any other group on the internet.

    In my mind these three points do make Google the biggest threat to privacy on the web. Detailed information, from lots of people, over a long period of time is a recipe for a privacy disaster. You think because you are “good” and “not like the other guys” that it is not going to happen. But only externally controllable checks and balances can truly preserve privacy.

    Sure the other guys are bad also, the PI report underscored that, but Google is the biggest player and therefore the biggest danger. With greater power comes greater responsibility. Google should be proud of that and carry that title with dignity and respect to those who gave you that power. Otherwise an arrogant attitude will keep it as an enemy to privacy whether you recognize it or not.

71. Jay Westerdal Said,

    June 11, 2007 @ 9:58 am

    Daniel Brandt,
    It is ironic that your point to the EPIC complaint going to the FTC about Google. The Electronic Privacy Information Center and Privacy International are basically the same organization. Checking the whois history I see that Dave Banisar of EPIC registered PrivacyInternational.org in 1998 at Network Solutions. I am not sure why EPIC guns for Google so much but whatever the reason is it seems deep.

    I agree with Matt’s post, I think Google is doing an excellent job at protecting privacy. ISPs that sell clickstream data should be looked at instead of Google. Google has a lot of data because we choose to use them. If you disagree with the way they collect data, use live.com or ask.com. I believe that Google is a good organization and I have seen nothing to convince me other wise.

    When I went through the AOL data I was able to track people down, I can imagine it would be possible to do even more with ISP clickstream data. Why does an ISP collect this information? How does it improve the user’s experience. The honest answer is that it doesn’t. The ISP makes money selling their users data. Arrg, very frustrating that Google is getting attacked when the other search engines just turn data over to any government agent that knocks on the door.

    Jay Westerdal

72. Doug Heil Said,

    June 11, 2007 @ 10:00 am

    I’m wondering though why other companies seem to get a pass from the internet privacy groups? Why is it that Google is the target for people out there? I’m reading posts on TW, where most there will jump at any chance to criticize Google for many different things. What I’m getting out of that thread is the fact the main concern seems to be:

    “Google is the biggest, so they “might/could” do harm in the future.”

    Instead of what I think is important:

    “Google is the biggest and they DO have lots of data on us, but other firms have actually taken action and DO SELL our info RIGHT NOW. Let’s go after them.”

    It’s like many things; it’s “what will they do in the future” as compared to “what have they actually done”.

    It’s okay that MSN and Yahoo can give your info to whomever they wish, and have already done so, but Google on the other hand must have different rules to play by I guess, right? It’s what Google MIGHT do or COULD do with our data that many out there are worried about, instead of what they DO DO.

    Amazing stuff.

73. Chris Borokowski Said,

    June 11, 2007 @ 10:07 am

    Whenever a company is on top, it’s a big target. Microsoft takes more flak than they deserve, and so does Google now. The real problem is that the user base hasn’t come up with a “Bill of Rights” (or other silly title) stating how they want to be treated. You want fair? Define what’s fair. And then go to companies and get consensus that it can be achieved, then certify the ones who do.

    Personally, I’m much more worried about the growing political instability and factionalism in this country than search engines hanging on to my data. In a climate where data abuse is encouraged for political gain, there’s almost no way to (legally) hide all of it, and that’s the root of this problem.

74. bena roberts Said,

    June 11, 2007 @ 10:09 am

    I have enjoyed reading this post and understand why privacy is an important issue. However, online and via the mobile device on a Google branded service such as Web ‘n’ walk - accidents and information can be passed and channelled via the WAP Gateway. Its often not intent - but it does happen.

    I am not supporting any article or any group but my point is that any data can be hacked, found, misplaced, mis communicated etc and sharing or giving away knowledge is in itself a commodity that is given away easily and un-necessarily.
    With convergence - what works on one media - but not necessarily work on another.
    bena

75. corey Said,

    June 11, 2007 @ 10:13 am

    AOL can be considered an ISP, right?

76. Jonah Stein Said,

    June 11, 2007 @ 10:15 am

    Matt:

    So much for getting any work done today. I guess web spam will have to wait a few more hours.

    I think David Starr made an excellent point that should not be ignored: Collecting too many data sources together produces unintended vulnerabilities. It seems like Google (and everyone else) collects data from a lot of streams simply because you can, without regards to whether you need the information.

    The real opportunity is to find a way to leverage your leadership and advocate for rules that minimize the data collected by all engines, advertising networks and even site owners to what is essential to add value. The current FTC investigation of the Double Click acquisition provides an opportunity to create the precedent for this kind of deal and to shape it in the way that produces both the reality and the perception that Google is the leader in this charge.

    I agree completely with Hawaiian SEO that the concern is more about the future than the moment. I wrote about six weeks ago for the Context Web Brain Exchange on the question of whether Google is too powerful:

    The real question is not “Is Google Too Powerful”. Google is clearly both extremely powerful and positioned to be even more powerful in the future. The real question is how will Google honor the great responsibility that comes with power when profits are not growing 50% per quarter; when times are tougher, decisions are not black or white, and the idealists who created the juggernaut have cashed in their options and move on.

    Can the Don’t Be Evil corporate culture endure and protect us from what is emerging as the most dominant and powerful enterprise in history. If so, it will be the first time in history that corporate responsibility wins out over corporate greed.

    The PI report was shoddy research but the underlying issue is real. Google was selected as the target because it makes for great headlines. Having said all that, the issue isn’t going to disappear until some form of REAL protection is in place. We should not confuse our respect for the Googlers we know with a guarantee of good behavior in the future.

77. Ken Said,

    June 11, 2007 @ 10:15 am

    That’s good that you “slept on it” cause “Why I disagree with Privacy International” is certainly more diplomatic than “Privacy International Loses All Credibility,” which assumes that there was credibility to lose in the first place.

    When the Feds came a knockin’, we know which company fought back and which ones played the appeasement card. I don’t need some 3rd party to keep score for me.

78. Jon Said,

    June 11, 2007 @ 10:16 am

    People need to get it in their heads that NOTHING on the internet is private and assume that anything they do or say online could be exposed to the entire world. I don’t know how Google’s policies compare with other companies. I agree that, considering what AOL has done recently, giving them a higher rating is laughable.

79. Jen Harris Said,

    June 11, 2007 @ 10:49 am

    The AOL leaked data is still floating around the web - once data is leaked it just never really disappears. The overall fear may be - what happens if the amount of information that google collects ends up being leaked, especially with gmail and the like.

    I agree, though, that report was skewed.

80. Danny Sullivan Said,

    June 11, 2007 @ 10:58 am

    I said a ton in my post, so I’ll keep it short and different. Daniel -- seriously, welcome back!

81. Tim Wintle Said,

    June 11, 2007 @ 11:04 am

    I think the main point that you have to take away is that with everything you collect, you could be evil. To put consumer’s minds at rest, you need to have a really in-depth privacy policy. Most people probably do not understand why you would ever want to keep their data if it is anonymous, and perhaps you should release a full overview of the main processes that Google uses the data for (for the layperson/journalist) - understanding that spell-checkers and all your fancy time-series stuff need large amounts of data (which can be perfectly anonymous) would help a lot - Google is being talked about in really scary language all over universities at the moment - but never in computer science departments.

82. Bill Said,

    June 11, 2007 @ 11:09 am

    Welcome to the world of being on top. When a company holds a dominant lead or near monopoly in a particular industry, they will be singled out and held to a different standard. In my time at Microsoft, we dealt with this every day. Now that Google finds itself in this uncomfortable position, they will also receive this treatment regularly.

    Companies at the top are always held to a different standard. It is unfortunate. Since Google is still young and has the ability to change its reputation, I highly suggest working instead on brand association with trust. Microsoft spend tons of money doing this, but it was too little too late. Don’t do what Microsoft did and wait until it is too late.

83. loki Said,

    June 11, 2007 @ 11:18 am

    as a leader in your sector you are meant to have wide shoulders.

    suck it up, man.

    

84. Emil Stenström Said,

    June 11, 2007 @ 11:32 am

    I think my view on this is is excellently summarized by Robert. Google, having the gigantic amounts of data it has, needs to clearly state how they use it. Do you mix search query data with gmail data? I don’t want to have to worry about that, there’s should be a easy to read policy that states it clearly. To avoid ending up like Microsoft or Yahoo (which are worse) you need to be preemptive. Times are changing, please follow suit.

85. Steve Lewis Said,

    June 11, 2007 @ 11:36 am

    Matt.

    I just wanted to say that you are right to be frustrated by that report.
    For *YEARS* I refused to rely on someone else’s email services, or servers. I maintained my own servers just to maintain that privacy. I have had a Yahoo! Mail account since they bought the service from RocketMail but I have always used it strictly as a honey pot for spam because I never trusted them with any personal communication. By contrast, I didn’t sign up for Gmail when it first broke beta, though I had ample opportunity and any number of friends who were offering invites.

    In the last year, while apparently Google has supposedly been so hostile to privacy, I finally decided that I was comfortable using Gmail for personal email, and I begged an invite. I didn’t trust Google for a long time. I’m willing to extend them more trust now then one year ago for exactly the same reasons you cited.

    To Doug Heil: The report says “comprehensive consumer surveillance and entrenched hostility to privacy.”

    Consider the formula: B = TxH
    (Baddness is the product of Threat and Hostility)

    Google’s T is large because it is the sum of usage and, well, Google has provided better products and has tied them all together in such a way that the threat is undeniable. High usage and a strong ability to correlate those usage patterns would seem to define Threat in this case.

    How they measured H in this study is very questionable. Therefore the product is very questionable. Need I point out that for small H, that B should be proportionally small?

    I will just cross-pollinate the discussion a bit with the latest from Search Engine Land:
    Google Bad On Privacy? Maybe It’s Privacy International’s Report That Sucks”
    http://searchengineland.com/070610-100246.php

86. Nick - I think the original Nick here. Said,

    June 11, 2007 @ 11:40 am

    There is bullshit everywhere my friend. It’s too bad that these companies choose to prey on the ignorance of the general public just to get a headline instead of actually doing their jobs. ISPs are obviously the first place to look but for whatever reason people ignore them. Maybe because their stock price is not so high and an article about them is not such good “linkbait”.

    I think Google should “Slam ISPs on privacy”. That would be a good headline and maybe raise some awareness. But then the ISPs would probably find a way to block Google surreptitiously. Hell in Toronto the two major ISPs are affiliated with MSN and Yahoo. I bet they’re just waiting for an excuse. When is Google going to learn that they need to open an ISP branch.

87. Aaron Pratt Said,

    June 11, 2007 @ 11:47 am

    1. Today Danny Sullivan comes to the defense of Google but what about tomorrow?

    2. Doug Heil makes a lot of great points, though he does talk too much people should listen to him more often.

    3. Aaron Wall’s “Threadwatch.org” is relentless in it’s Google smear campaign and we all know why right?

    At the same time I wouldn’t give Google a complete pass. Things like Universal Search are extremely threatening to “mom and pop”. If you ever had your sites rankings replaced with a “how to” PDF or Utube file from some spammer, you know exactly what I am talking about.

88. Tonnie Said,

    June 11, 2007 @ 11:53 am

    Educate people about the internet, the sensitivity of information, how to use it, or how not to.

    I see children using the internet without knowing the dangers, placing sensitive information on the net that might be used against them in the future.
    The same way i see adults use the internet without even thinking about the possibility the information provided could get back on them.

    The net is relatively new to large groups of people that now start to think about privacy issues they should have thought about early on.

    Educate them, let them know what happens with or could happen with data gathered, if it was data gathered from programmas like gmail, analytics or data they provided themselves.

    Education will take the fear away and make aware.

89. Matt Cutts Said,

    June 11, 2007 @ 11:54 am

    “How about drastically trimming back on that cookie that expires in 2038? That would impress me as a symbolic gesture of good will.” Daniel, I’ll pass that feedback on. Thanks for stopping by.

90. Daniel Said,

    June 11, 2007 @ 11:55 am

    Matt, it is normal to receive this kind of articles when “online” is going to mean Google.

    It seems that they don’t have any solid arguments but what they are saying is in everybody minds: “Under the microscope, it turns out that Google is doing much more with our data than we ever imagined”.

    Now, the only question is what means “much more”

91. Greg Bulmash Said,

    June 11, 2007 @ 11:59 am

    First, PI is doing what lots of fringe groups do to try to get publicity... level outrageous accusations at famous organizations. It’s link bait.

    But in every successful pearl of prevarication is a grain of truth. Google is unresponsive to individuals and seems like a big, monolithic, uncaring Big Brother at times. Despite folks like you putting a human face on it, there are very regular complaints about Google being unresponsive or seeming to have a “piss off, we’re Google” attitude.

    Second, part of the reason they grade Google down is apparently Google’s size. The fact that Google has so much data about so many people, even if Google is being good with it now, Google gets demerits merely for the untapped potential for abuse. Stupid methodology, but it’s PI’s report and they get to make the rules.

92. German Said,

    June 11, 2007 @ 12:15 pm

    Matt,

    I think you should stop to worry to much about each person not sharing your view. If you don’t you will have grey hairs before the time for it. It’s not worth it.

    Provoking people is also a very good way (especially on the Internet) to get noticed and attract people. Now you can be sure that this survey will be read by many more people that if they did say some are worse than Google (and if you didn’t write about it).

    What is reproached from google is Google wanting to collect every data from every step one is moving on the Internet. Microsoft is doing it in a more subtle way due to the fact that most people have windows and it is now hardly possible to use a software without at some time being sending some information online. Of course once you are online, Microsoft is also set to send things through your firewall if needed. And of course the data send to Microsoft may have a particular signature to the specific copy of Windows.

    AOL has only a fraction of the knowledge Google has, even if this had been leaking.

    I think you should try to help the people really worried to opt out - it would be much wiser and effective than shouting offense for such a thing.

93. Danny Sullivan Said,

    June 11, 2007 @ 12:19 pm

    Just to clarify, I saw my most as more a critique of a bad survey than a defense of Google. There are real reasons to worry about the data that Google takes in, and there’s a lot more the company could do to reassure people.

    For all we know, on the privacy front, Google really could be the worst of the lot. Or, it could be middle of the pack or better. But that survey doesn’t tell us anything that’s measurable. It’s primarily anecdotal and subjective, from what’s been put out. And I don’t think Google or any company can get condemned -- or praised -- based on it fairly.

94. Itman Said,

    June 11, 2007 @ 12:54 pm

    “Customers have a right to amend personal details held by Google but does not allow search history to be removed.”
    That’s not fair, you do allow removing. However, you should not start collecting it without user’s permition. This was really bad and controversial. And this is what should be stated in the article. So as, the article is a mess but it might hit a target in a way. By far not the worst, but also not the best attitude to privacy.

95. Douglas Karr Said,

    June 11, 2007 @ 12:56 pm

    Each time I go to the hair cuttery, they punch my phone number in, bring my name up and ask me if I would still like the #3 around my head and a scissor cut on top. I return over and over because they have AND USE the information that they’ve collected on me.

    Privacy is an issue when it’s violated, not when it’s openly utilized. I agree with you, Privacy International was simply going for headlines here. I EXPECT Google to utilize the information that I have allowed them to collect to IMPROVE my user experience.

    I’m confident that Privacy International will be after my barber next!

96. Rick Stenftenagel Said,

    June 11, 2007 @ 1:03 pm

    Read the report...

    Laughed at the report...

    Seriously lacking in any consitent and comparable data.

    PI really needs a lesson in data collection and research techniques.

    I rate PI as a threat to privacy reporting, which is also making all affiliates look bad.

    Ok, done ranting.

97. Craig Said,

    June 11, 2007 @ 1:16 pm

    Google failed because Google management does not pass out tinfoil hats. If they did, Microsoft would have been at the bottom instead.

    Seriously, Google lost out due to “Ethos”!

98. Alan Perkins Said,

    June 11, 2007 @ 1:26 pm

    > “How about drastically trimming back on that cookie that expires in 2038? That would impress me as a symbolic gesture of good will.”

    Very symbolic, as a cookie only lasts as long (at most) as the computer on which it’s written. 3 to 5 years? Also, most people use Google so often that even if the cookie was only, say, 90 days, it would perpetuate as long as the computer lasted.

    2038 is just a synonym for “long term”. It doesn’t make the cookie any more evil than one of a much shorter duration. In fact, it could be argued that when a cookie is set to expire in 2038, it is more obvious that the cookie data is kept for a long time, rather than (say) a cookie that only lasts 90 days but is refreshed on an ongoing basis.

    It’s what Google does with the cookie that should be of chief concern, not the cookie length.

99. Catherine Lawson Said,

    June 11, 2007 @ 1:34 pm

    Matt, don’t let these idiots get to you. They’re obviously just trying to have a pop because Google is the biggest, most popular search engine around.

    On the subject on ISP’s - i think you’re right - the name selling is v bad. I have had an aol account since the late nineties. I did cancel twice when they were having problems - but promptly rejoined again. The amount of spam which gets through their filters into my inbox is beyond a joke. I’m regularly deleting hundreds of spam emails at a time.

100. Mark F. Said,

     June 11, 2007 @ 2:03 pm

     I don’t care about any of it, really. As our good friend Larry Ellison once said, “There’s no privacy on the Internet. Get used to it.” What I really care about is consolidation of power, which is why I’ve stopped using Google. No company should be allowed to acquire as much influence as Google now has--especially since Google is constantly in the process of trying to acquire more. A couple times a year, Google’s tweaking of their search algorithms utterly KILLS my company’s online business. I know it’s not really Google’s fault--they’re just trying to improve their algorithm. But the fact that EVERYONE uses Google these days means that Google has the power to kill my business, and in my opinion that’s neither healthy nor safe. Maybe the people at Google have the best of intentions (”do no harm”, and all that crap) but that’s a temporary situation. The overwhelming probability is that someday Google will be sold to some unprincipled son-of-a-bitch, and that’s when the real trouble with Google’s mega-corporation status starts--if it hasn’t already.

101. John Andrews Said,

     June 11, 2007 @ 2:37 pm

     I am reminded of the movie ‘disclosure’ with Michael Douglas and that “b” Demi Moore.

     Privacy of aggregate search and clickstream data is a huge problem. Google is the huge player.

     Google needs to solve the problem, and not get too distracted.

102. Seth Finkelstein Said,

     June 11, 2007 @ 3:00 pm

     Matt, the readers of your blog are a very unrepresentative sample.

     If you want to know what your fans think, they aren’t likely to widely disagree with you (not everyone is going to agree, but you aren’t likely to get a lot of personal push-back).

     If you want to know what the general public thinks, this isn’t the place to ask.

     If you want to know according to some objective standard, well, not a lot of people care about that ...

103. Doug Heil Said,

     June 11, 2007 @ 3:01 pm

     Those kinds of privacy issues are only of concern to people who are paranoid about privacy issues though. Many of us actually trust a few sites out there to do with the data as they say they do with data, to make search “better” for their users. I believe you have to go into something with trust, and only not trust them when they actually burn you with it. As far as I know, Google has not did anything with all the info they have on my client’s and on me, so I’m not worried about trust at all. Of course, I’m not worried about Google knowing who “any” of my clients are either, which is very unlike many of you.

     I am worried about the numerous other firms with personal information who sell that info to others, IE: ALL banks. How about the three major credit reporting agencies in the USA? If you do not specifically tell them to keep your credit history private, they give access to your entire credit history to ANYONE who asks for it. Did ya all know that fact? Those are companies I’d be concerned with.

     I guess one answer to those webmasters and owners concerned about privacy and Google is to not use all their free services, right? No one is twisting your arm to use Google at all. Also; no one is saying you need to get your site indexed and ranked on Google for your terms either. You can very easily opt-out of Google if you wish using your robots.txt file. It’s real easy to do.

     This also reminds me of the new spam guidelines, well, erm, new to some people anyway; It’s like none of us should be able to run our sites the way we wish just because we happen to be big or small or whatever. Since when did discrimination against a company come into play just because they happen to be big?....... and good?

     BTW: Tonnie; very good post. That is something Google could certainly implement real easily. I like your suggestions regarding “teaching” the google users about privacy issues. Good one.

104. alan p Said,

     June 11, 2007 @ 3:18 pm

     Hi

     You may disagree with Privacy International, but what you need to face is that Google worries a lot of people, and this won’t go away - if anything it is increasing. Is it rational? Who knows - on the one hand one can believe Google has a “do no evil” culture - on the other, the commercial temptations are potentially overwhelming.

     Personally I’m glad the EU is looking into this, because to be honest the US’s laws on data protection for individuals are too lax.

105. tom sherman Said,

     June 11, 2007 @ 3:24 pm

     Wow, I don’t think I’ve ever seen such a lovely collection of fanboys and conspiracy theorists on one page.

     Great readership you got here, Cutts.

106. Googly Eyed Said,

     June 11, 2007 @ 3:25 pm

     Google has been doing this for years. And you are frustrated?!

     Making money on the backs of privacy violations and fraudlent clicks can be frustrating...definitely. Although a few billion can sweep lots of things under the rug and keep people quiet, I am sure.

     Maybe if you stop worrying about doing evil, you can actually stop doing evil?! Like, I dont know, investing in your founder’s wife’s company with Google money. Or paying $500,000 for security for the CEO who claims he only got $1 in salary. Or hiring your army of shuttle drivers to ferry around Googlers and thumbing the mass transit system (and everyone who actually works for a living paying city taxes). Or could it be the huge power load you put in the grid (your solar network covers only a fraction of your office supply, none of your data center)? Or claiming Do No Evil, except if China can make you lots of money (or cuz everyone else is doing it?) Or the deal of YouTube (which was built on stealing content -- is that evil or are we still in China for this one?)

     *Sigh* Evil is such a vague term, isn’t it.

107. GilbertZ Said,

     June 11, 2007 @ 4:41 pm

     Wow I got to this story late and everyone has already commented. Hope you’re still reading.

     I do understand your perspective. And I bet it’s hard for you to step out and look at it from the perspective of others. You have the data and you know what you’re doing with the data. But when that power is in someone else’s hands, it feels very differe