Why I disagree with Privacy International

Sigh. Google as a company takes privacy very seriously. I personally feel strongly about protecting our users’ privacy. So I’m frustrated by a recent study that Privacy International did, and I want to know if I’m off-base in my reaction. I got back home from SMX and I’m surfing the web when I see this AP article entitled “Watchdog group slams Google on privacy”:

In a report released Saturday, London-based Privacy International assigned Google its lowest possible grade. The category is reserved for companies with “comprehensive consumer surveillance and entrenched hostility to privacy.”

None of the 22 other surveyed companies — a group that included Yahoo Inc., Microsoft Corp. and AOL — sunk to that level, according to Privacy International.

So I surf over to Privacy International (PI) to read the actual report, and I have to be honest with you — it made me mad. But I try not to blog when I’m angry, so I decided to sleep on it. After sleeping on it, I’m still pretty frustrated with Privacy International’s conclusions. Here’s my take.

Google didn’t leak user queries

In this past year, AOL released millions of raw queries from hundreds of thousands of users. Within days, a journalist had determined the identity of an AOL user from the queries that AOL released. But AOL got a better grade than Google.

Google didn’t give millions of user queries to the Dept. of Justice

In 2005/2006, the Department of Justice sent subpoenas to 34 different companies requesting users’ queries and other data. In fact, the original subpoena requested all queries done by users for two full months. AOL, Microsoft, and Yahoo all gave some amount of users’ queries to the Department of Justice. Google fought that subpoena (full disclosure: I filed a declaration in that case). The judge sided with Google; no queries from Google users were given to the DOJ. But Yahoo, Microsoft, and AOL got better grades in this report than Google.

Google will anonymize query logs

In March, Google announced that it would begin anonymizing its logs after 18-24 months. Google has continued to communicate on the issue, including a post on the Google blog in May discussing the reasoning behind that decision. In fact, we talk a lot about privacy, from blog posts to Op-Ed pieces in the Financial Times. To the best of my knowledge, no other major search engine has followed suit in a plan to anonymize user logs.

Misc bits

Other parts of the study just baffle me. The report claims (I am not making this up) that “Every [Google] corporate announcement involves some new practice involving surveillance.” I know that my years of working at Google may bias me, but does that sound impartial? Let’s test that claim. Here’s a Google corporate announcement we made on our blog in March. Google expanded our support for open-source in our third annual “Summer of Code”:

Last year we paid 630 students from 450 schools in 90 countries $4,500 each to work on open source software projects. These projects, selected by some 100 open source mentoring organizations from over 6,000 applications, provided students with invaluable real-world programming experience.

That’s over three million dollars in open-source development last year, with even more money set aside for this year. The program introduces students to open-source programming. In return the open-source community and regular users benefit from students’ projects. Does Google’s Summer of Code program have anything to do with surveillance? Nope, not even close.

Conclusions

Sigh. Okay, take deep breaths, Matt. My spleen is vented. :) Personally, I think Privacy International should feel remorse about walking right past several other companies to single out Google for their lowest rating. But I think that there’s a larger danger here too. I believe this report could corrode earnest efforts to improve privacy at companies around the internet. Why? Because the bottom-line takeaway message that I got from the report is that a company can work hard on privacy issues and still get dragged into the mud. Consider: in the last year or so, other companies gave users’ queries to the government, leaked millions of raw user queries, or even sold user queries and still came off better than Google did.

Wait — someone sold my data?

If I ran a privacy group, I would *find out which ISPs sell their user data*. While Privacy International was conducting its six-month-long study, credit bureau Experian committed to buy Hitwise for $240 million dollars. From the press release:

Hitwise collects and aggregates information from Internet Service Providers (ISPs) on how over 25 million consumers use and search the Internet in the US, UK, Australia and other countries in Asia Pacific.

If you check Hitwise’s most recent blog post about UK site Gumtree, they discuss collecting user queries: “Hitwise captured 4,201 unique terms sending visits to the website.” Did those queries come from opted-in users, or from ISPs? If I ran a privacy organization, I’d want to know which ISPs sell user data. I’ve pointed out before that ISPs have a superset of data on a user compared to almost any other online company. Some have suggested that ISPs sell user data for as little as 40 cents per month per user. It looks like Privacy International didn’t include any ISPs in its study of online companies. Luckily, some other folks are looking into it. A Wired blog enlisted readers and started to get some answers on the topic.

If Privacy International really wants to focus on Google rather than digging into companies that are, you know, actually buying and selling user data, that’s their choice. :) Note that I have nothing against Hitwise, Compete, or ISPs at all; I just think it’s unwarranted to call out Google when user data is being bought, sold, given to the government in the millions, or being leaked — by other companies. And I think Privacy International missed the mark badly by giving those companies a better rating than Google, or by not including the right online companies in their study.

Now it’s your turn. Am I off-base on this issue? Or did this study miss the mark? (I’m going to bed now, so I’ll approve comments in the morning.)

207 Responses to Why I disagree with Privacy International (Leave a comment)

  1. (In this comment, I mentioned that someone had dropped spammy looking posts on PI’s site. The urls are gone now, so I’m deleting this comment.)

  2. It is vital that people be perspective, in accessing and analyzing the entire issue.

    Google will only take as much information as it needs to:

    Perfect its algorithms
    Offer personalized search options
    Offer more relevant advertising

    Without advertisers, many of the free services that are offered, would either be terminated or mediocre at best.

    Also revenue enables the hiring and competitive compensation of top Developers

    And the purchase of turnkey and cutting edge hardware.

    It is important that a public which enjoys free services, be more open about accommodating the needs of the financial providers of these services.
    Also, a public that insists on relevant organic serps should be understanding about the technical requirements to stay competitive, and to serve up relevant ads.

    Those who are overly concerned about relative privacy can be proactive by:

    Using a proxy
    Deleting cookies
    Not using the free web services that require sign-ins.
    Or using a Meta search engine that allows isolating Google serps.

    Google should be applauded for standing up to the Government when others relented out of intimidation! :-D

  3. Harith

    Matt

    I though Danny has covered that privacy thing in excellent manner leaving you time to focus on:

    - discussion of the extra info that’s been added to our webmaster quality guidelines :)

  4. tedster

    Matt, I think your reaction is incredibly controlled – I’d be ballistic and i don;t go ballistic easily. That is clearly a piece of negative spin, rather than anything close to an objective report. It reflects very poorly on Privacy International, not on Google.

  5. Yeah… You’re right – They missed the mark.

    However… (IMO) Even though it’s not accurate, it’s a story that many already people believe, even before it’s told.

    Google collects a mind boggling amount of personal and corporate data. You folks collect it with the Google Toolbar, AdWords, AdSense, Google Analytics, Blogger, Google Maps, Google Reader, Gmail, YouTube and now Doubble Click and FeedBurner… WOW! – (Yikes)

    Some people may think it’s too much information.

    I like Google and the people running the show right now. However… Things change. Things might be very different 10 years from now.

  6. I think the biggest issue here is fear that Google is growing too big. Google is in the job of information collection, analysis and dissemination; that’s all Search is after all.

    If, it was OK for Google to do this a few years ago, why do people have a problem with it, just because it’s collecting data from more sources?

  7. Google does collect a phenomenal amount of data from the users, but how much it publishes has always been a matter of debate. Good to know that Google has processes in place to protect personal data. But without doubt, data collection by Google has and will make the world of search a better experience to users.

  8. No, I don’t feel you missed the mark at all, Matt … but I do resonate strongly with HawaiiSEO’s comments.

    I am a Google supporter in many ways, including collecting AdSense publisher’s checks, so I am not inclinded to bite the hand that feeds me arbitrarily.

    But I didwork for the US governement for many years, mainly on projects at a high level of classification .. I know quite a bit about security, at a level above the “ones and zeros” and what characters should be in a password.

    Over the years a number of significant security breeches have aoccurred simply becuase too much data is stored, all secured by best practices, on specific programs or issues. Suddenly (and you’ve all read articles in major media, sometimes without even knowing that the articles actually revealed classified information) a reporter or other interested party takes info from one source, and then another and “click” the puzzle peices fit together. Happens all the time and will continue to happen.

    Google collects massive amounts of data … far, far beyond what any ISP or even Google competitor collects and I would submit, Matt, that there is not enough long range planning and oversight. Google’s corporate focus on security, given that Google is run by “computer experts” is focused on “computer-related security” … not upon the mountain of information the computer-level security is keeping private.

    Just the one widely publicized agreement about anonymizing query logs after _18_ months points this up. It’s “your” data and “you” are going to hang onto it as long as it possibly an be milked. But think through what possible use millions and millions of 18 month-old queries can be .. still identified personally to the individual’s IP. It makes no sense, and creates a massive pool of data that could, by virtue of something as simple as an AOL “Ooops” be released. If the identifiable data wasn’t there in the first place … it couldn’t be released.

    That’s why in the classified documents world “the shredder is our friend” … what is no longer there can’t possibly go misisng.

  9. Matt, if Google is serious about privacy protection and wants to clearly state so: European Commission just started a project to establish a European privacy protection quality certification. Information at https://www.datenschutzzentrum.de/europrise/

  10. Alexandru

    I agree with Hawaii SEO. Your policies might be good when compared to others, but since you guys collect the largest amount of information, you are still my greatest concern. And yeah, I see new ways for Google to find out new personal data of mine without my permission with many of your announcements and I don’t like it at all (DoubleClick, FeedBurner, StreetView).
    The fact that you were keeping the search history for my account without asking me (I had to go deactivate it but many don’t even know about it) really pisses me off.
    So yeah, I’m glad Privacy International said something about it, even if they took it too far, and I’m glad that the European Union is doing something about this.
    You might not be able to sleep at night because thoughts of protecting my privacy run amok in your head, but you’re still using the data you collect from the 8-9 Google services that I’m using. And yeah, I know I can stop using them. Believe me, I’m trying to find better alternatives.
    I agree with Hawaii SEO on another thing also (guess I should become a subscriber now), that a lot of things can change in the next 10 years. I can already see your image very slowly changing from the favorite child of the web image to the evil spawn status that Microsoft has already achieved. It starts first with the webmasters that come in contact with you guys all the time, and just as Firefox managed to get a huge chunk of the market with the help of the webmasters that promoted it, so can other search engines if you manage to piss off the geeks like Microsoft did.

    Well, enough ranting. Just my $0.02.

  11. Jason

    Matt, I saw a comment on Slashdot about this story that I’m starting to agree with – noone’s heard of Privacy International before, so this is just a big PR exercise on their part to get their name out there.

    “Privacy International attacks AOL” doesn’t grab as many headlines (who hasn’t attacked AOL?) as “Privacy International attacks Google” because … OMG … they’ve attacked GOOGLE.

    Cheap PR. Suddenly everyone’s talking about them.

    (Maybe it’s backfired a little though – now everyone’s talking about them like they’re a pack of idiots…)

    As for their site … looks like its run off some kind of CMS that someone somewhere managed to find the admin interface and password for.

  12. I bet you are glad you slept on that. You provide a compelling argument in a clear manner, my compliments. It really is a screwy inaccurate report.

  13. I think one of the problems is that Google are so transparent in the amount of information that they collect allowing discussion of it and almost rejoice in the quality and their ability to be relevant down to the personality and location of that personality level, that they leave themselves open to debate and scare mongering.

    The other companies mentioned seem not to draw attention to themselves in this regard and so get away with it.
    Also, bad mouthing Google over pretty much anything can get you traffic.

  14. Andrew

    Matt, I am really glad you commented on this, and you are right…PI’s report SUX! I can’t help but think they were scorned and wanted some cheap publicity…they sure got it, and Google PR is likely going into overdrive.

    On that point, I left a comment on Scoble’s blog (http://scobleizer.com/2007/06/10/google-slammed-in-privacy-report/) regarding Google’s apparent lack of engagement and how this is causing unease with many consumers (probably the more “Ma & Pa” type consumers anyway). You have talked about this before as you try and get more Googlers to blog and open themselves up a bit with Feedback mechanisms etc.

    Do you think this is contributing some basic users fears regarding Google and also feeding the Media with opportunities?

    As a side note, I have noticed over the last few months many initiatives within Google to improve this situation. Developers Days, more blogs, feedback requests, Open Source, more interviews, etc…but it is very targeted to the Technical users…not the “Ma & Pa’s”

  15. I agree with you Matt. This article is a joke and it’s got massive press in the UK, national news etc. It’s a shame.

  16. I think PI and the report are pretty bad. Which is a pity, because I think there are some very fair criticisms that can be lobbed at Google in regards to privacy. I suspect the EU are going to do a far better job with identifying them.

    1. As has been pointed out at places like SMX, logging out of Web History (and even the mechanics of it) are practically hidden in a ‘cold’ part of the page.
    2. Google collects a LOT of data, anonymized or not, as prior poster claims.
    3. There isn’t a way for a user to review their own file and correct it, or get it removed. This used to, I seem to recall, be required in the EUDPD, although I’ve been playing US-only privacy games for several years.
    4. Again as previously noted: Current corporate policy has been acceptable, in so far as Joe User knows about it, to date. But you’re a US company. You’re public. You’re subject to a lot of external forces. Those external forces include socio-political stuff, and can involve the FBI, CIA, NSA, etc. Things change, and can change quickly. It’s a risk.

    I think Americans, as a whole, are far too complacent about personal data. Once released, it’s very hard to put back in a cage in a dark, private basement. Google data is a huge and behaviorally-oriented example of this, and that data in the wrong hands really could be pretty deadly.

  17. I don’t consider Google worse than the competition, except for two details:

    1) Google is a market leader. As such, they control more information than other companies. It’s evidently not Google’s fault, but market leaders will always have a harder time.

    2) Google’s “Do no evil” motto. People will always be harder on Google because Google claims to be morally superior. And there’s no spotless corporation. It makes Google sound fake.

  18. I think it’s biased and unfortunate.

  19. I have read the study now and agree, there might have been a better presentation of the facts. However, I strongly disagree that Googles defense should be to point the finger at other large search engines.

    There are serious issues here and making the case that Google is better because it didn’t loose any data last year is admission of guilt by association. What is called for is a point-by-point address the concerns and avoid the knee jerk reaction to point a finger at the competition.

    The only one Google should be concerned about in this case is Google.

    -bt

  20. Daniele Mosaici

    Ars Tecnica is one of the most authoritative websites out there about this kind of issues. They are covering the Privacy International report here:
    http://arstechnica.com/news.ars/post/20070611-google-named-worst-privacy-offender-in-study.html

    Looks like Ars Technica is not sharing your idea that Privacy International lose credibility. I’d say that Google is losing credibility here.

  21. I heard the news story about this on NPR right before I sat down to my computer just now, and it is certainly being reported as though it’s good information from a reliable source. I guess that illustrates that if you are at the top of the heap you become the target for most of the mud. Especially on a slow news day.

    I appreciate efforts to protect user privacy, but at the same time I always assume that whatever I do online could be compromised. Am I just paranoid or don’t most users make a similar assumption?

    BTW, when do you people sleep?

  22. Yeah i agree with the general sentiments of the comments. The report is off the mark, poorly presented and recieved too much publicity. There is a but though Matt, and that has already been touched upon.

    I believe Google will be the dominant Internet player for many years to come and as a result you’ll collect more information on Internet users than any other organisation on the planet. To protect Google users and Google’s brand againt publicity seeking lobby groups Google should aim to be the most progressive organisation on maintaining and protecting user data.

    Google are already the stand out leader in Search and several other internet technologies, for your own sake implore Google management to be the industry leader in user privacy.

  23. Generally I support all that Privacy International stands for. Lately I’ve been feeling that they are losing touch with reality. Let;s be fair, I like their gritty and no nonsense approach, but, as I’ve blogged myself, the whingeing in their website really does add the final nail in the coffin for this particular report.

    Google isn’t squeaky clean. It’s the only game in town for many things, and it knows it, and that is, of itself, cause for concern about its future management and whether it could be “induced” to serve the US Government, but this report is an irrelevance in that discussion.

  24. At least for me in Firefox, the “preteen porns” URL’s look different on my end – just has a 01/01/1970 date instead of the 3 lines you wrote above – have they changed the content based on your feedback?

  25. JoJo

    I saw the headline ‘Google ranked ‘worst’ on privacy’ on the BBC website http://news.bbc.co.uk/1/hi/technology/6740075.stm but ignored, because as a regular reader of this blog, I knew that the headline could not be true. I feel more confident using Google’s services than I do other websites but this sort of report is going to be damaging to Google’s reputation for the general public as [shock horror] not everyone in the world reads this blog ;D

  26. I don’t think there is anything wrong with pointing finguers. I had always questioned Hitwise practice as unethical however an excellent service I continue to buy.

    Matt, while on vacation maybe you should have read 1984 by George Orwell…
    http://www.time.com/time/magazine/article/0,9171,800425,00.html?internalid=atb100

  27. Robert

    I’m not sure how much you accomplish by trying to address a systematic problem with a couple of one-off examples. Through consolidation of the platform, Google has a strategic data trove that would make the NSA jealous.

    Like it or not, Google is in its own ballpark here. Never before has a private organization had such comprehensive data about a large demographic, and with that comes new risks. Google can’t cheaply explain away its flaws by comparing itself to AOL.

    While the PI report leaves a lot to be desired, I do look forward to seeing the full report. The more hard facts we can get about Google’s stance toward privacy, the better. While Google may appear to be the friendly neighbor, it is really a huge, intensely secretive public company in the consumer data business. Google is the surveillance camera we’ve all invited into our house.

  28. Unfortunately I’ve read the headline 3 times already – I assumed it was anti-googlers taking a cheap shot. Thanks for discussing it openly. The PI report is so biased.- there must be a couple of anti-Google people working there.

  29. Their goal is not to help consumers understand privacy. So why are you mad? Their goal is be in business and make money. Google bashing is much more valuable than Yahoo bashing or MS bashing (which saw its market peak in the late 90′s ) As long as its more valuable to companies like these to bash you they will, so hang on. This is only the beginning. I say you should keep focusing on the customers and your voice will always be louder and more respected than Privacy International.

  30. Seems as if Google keeps getting hit by “privacy” groups everywhere. First the streetview from Google maps and now this. Google is becoming big brother and folks are starting to see that they are, even though we know its not true. The media will spin it because after all, the motto “Do No Evil” isn’t really newsworthy in their eyes.

  31. First, PI makes mention of Orkut, Google’s online community:

    ”We ranked Orkut as a separate entity even though it is owned by Google.”

    But later links the two together while citing the reasons why Google was ranked so poorly, claiming:

    ”Google often maintains these records (user data) even after a user has deleted his profile or removed information from Orkut.”

    PI makes no mention as to what Google does with the Orkut data. Why? Because they don’t know; but, does not hesitate to lower Google’s privacy score as a result of, as stated in the report.

    “Google has access to additional personal information, including hobbies, employment, address, and phone number, contained within user profiles in Orkut.”

    But assessing a company, based on facts unknown, is a violation of its own rules.

    “It was not always possible to precisely assess a company’s approach in each category. As a result, we erred on the side of caution and gave the company the benefit of the doubt and assessed it only for what we could actually identify.”

  32. Robert

    Matt, I completly agree that this report is a total joke and anyone with a QI higher than 10 will agree. Search Engine Land do an excelent job explaining why.

    However, Google is a leader in the market and as such should be a leader in privacy. What you are doing now is not enouth.

    Then, there’s this Danny Sulivan quote:

    “I think Google’s problem is that it far too much believes its “Don’t Be Evil” philosophy without realizing it’s a big company that people simply aren’t going to trust. In the years I’ve dealt with Google, the culture is one of “we’d never be bad.” That should change to one of “how might we be bad, and how do we prevent it.” Google should assume the worst about itself, not the best.”

    Please, I can’t stress enough how that paragraph is import. And it looks like Eric Schmidt don’t understand it. Be sure to put that paragraph on the Google Intranet, on the walls, on your email signature, everywhere. And be sure that all Google employers (specially management) read it 10, 20 times so that they really understand it.

    But, let’s take an example of how privacy could be improved:

    1) Instead of anonymizing user logs after 18-24 month, delete it. Yes, that’s it. Delete it. Why not?

    2) Substitute all those service privacy policies by something such as Redhat one-page SLA.

    3) You have mentioned that ISPs can spy on user queries. Well, do you know what? That’s is also a Google problem. When I try to access https://www.google.com it redirects me to http://www.google.com. Amazing. no?

    4) I don’t know exactly what information is beeing collected. For exemple, is my browser Useragent info beeing collected? You know, there’s a lot of toolbars out there that append theirs versions to the browser Useragent string. So, If I am the only one using a specific combination of toolbars in a city, it is like a permanent cookie – it doesn’t matter if I change my IP. Imagine people seeking by Useragents (with toolbars versions appended) on that AOL leaked data!

    5) And so on, and so on…

  33. Robert

    Correcting:

    “Please, I can’t stress enough how that paragraph is import.”

    I mean, “Please, I can’t stress enough how that paragraph is important!” :)

  34. John Chappell

    I understand that you (and most people reading this) will have an instinct to leap to the defence of Google, and rightly so – they pay your bills. You make fair points about free tools, and how they are paid for, and I don’t dispute those. I use Google products quite happily, knowing that some of my personal information is accessible as a result, and that this is the price I pay for the use of the tools.

    However, since you appear to be the only accessible Googler responding on this issue, please could you address the question (as for instance mentioned here: http://www.privacyinternational.org/article.shtml?cmd347=x-347-553964 ) of Google staffers conducting a smear campaign? Surely that does not meet with the supposed Google-will-do-no-evil principle?

  35. It was on CNN this morning. That’s the #1 reason NOT to listen to this anti-Google-ness.

    But yeah, AOL got a higher ranking than Google? Now that’s irony.

  36. I think a lot of this animosity stems from “Don’t Be Evil”. Adopting that corporate motto was like slapping a giant bullseye on the company.

    Your frustration is definitely justified. The authors of the report clearly realize their organization will get the most attention if they focus negative attention on Google. “Microsoft worst privacy offender” isn’t a sexy headline (not saying MS is the worst).

    I kinda agree with Brett about throwing other companies under the bus, but it does seem important to point out the bias/ignorance of the report. Comparisons are probably the most effective way to to do it.

  37. Interesting to read your side on this. I can see your point.

  38. The fact that they put Google behind MS and AOL totally debunked the findings for me. I went from “uh oh..” to “hah!” in the span of about 4 seconds when i read the original article. That being said, privacy is a huge issue and the fact that Google is now on notice (to yoink a Colbert-ism) is a good thing whether it’s fair or not. It will only make G stay vigilant on privacy issues because any tiny slip-up is going to come back to smack them in the face x100. It’s lonely at the top!

  39. naw, naw; I disagree with Brett. That firm and report is clearly biased against Google for some reason. I see nothing wrong with pointing out the very clear websites out there who violate the most basics of the privacy issues. You know I will disagree with google in a heartbeat with many things, but I cannot disagree with this. Sometimes there are firms/people out there who simply want to bring you down in whatever ways possible for reasons that can include conflicts of interests, etc and many other reasons….. like; erm, speaking the truth about things. In this case; it’s very clear what is going on in my mind.

  40. Jan Klier

    This was an unfortunate report (and I’ve only read press coverage of it, not the report itself). I think there are a few things at the macro level that contribute to incidents like this:

    - There’s a general lack of understanding by large parts of the society on how technical details work. Whether that is the computer itself, or the search engine. The more complex, the more networked, the less transparent it is, and the fewer folks will be able to form informed opinions with less bias (not that anyone is ever unbiased). There are many folks that believe that the Internet is owned by someone, who monitors and censors all traffic (that may be true in some countries, but not the Internet in general, and I won’t take the bait to talk about the Patriot act).
    - Search engines, like any other website are opt-in businesses. Nobody is forced to search online. People need to be informed and consent to using them. People should realize that any interaction with a website is going to result in logs being stored somewhere. If you have something to hide, then don’t do it where others can see it. But people are pretty ignorant. That was well demonstrated in a recent paid search ad which stated ‘click here to infect your computer with a virus’ and more than 400 people clicked on it.
    - Personally my take is, that it’s ok to collect the data, if reasonable measures are taken to prevent use that is harmfull to the subject, or unintended disclosure of any kind. There also needs to be a way for any user to see what data exists on them, and a way for the person the data is about to resolve any issues resulting from data collection and data inaccuracies. Do I mind the no-fly list? Not really. But I do mind that there’s no reasonable effort remedy to address inaccuracies in the data contained if they affect me. The recent Boston Legal episode captured that very well. I think as an industry we have ways to go about being transparent and empowring users to manage their online data profiles. A recent issue on Technorati comes to mind where search results were included in their search indeces even though the account was deleted and they were contacted about it, potentially causing damage from continued disclosure of the data. For that reason I’d much rather have Google collect my data, than some small start-up which hasn’t learned their lessons yet. The fact that search engines for well-known reasons have to operate with a fair amount of secrecy and non-disclosure just adds to both the lack of transparency and the perception of an intent less well meant than reality.

  41. Hi, Matt. Normally I’m inclined to roll my eyes at groups like Privacy International, but in this case I have two additional observations. First, you are biased :-) and missed part of the point: that Google does indeed collect a staggering heap of personal data, which leads me to…

    Second, the fact that you have much-publicized fights with the US government (but give in to China?) does nothing to address the fact that Google itself has the data. What guarantees Google’s use of that data?

    I would encourage everyone (especially those of us signed up for Google services like Gmail, Picasa, Checkout, etc.) to think about something for a long moment. Besides the government, who collects more data about us than Google?

    That’s half the point Privacy International is making in their report. For the loyal Google users, you have our buying habits, surfing habits, what ads work on us, our email, spreadsheets, written documents, credit cards, address, phone numbers, photos, notes, calendars, and more.

    Google is a business and there are always pressures to find new revenue streams. If you want to prove you value our privacy, give us the ability to encrypt our data, show how you WILL NOT use our data to market us or leverage your giant databases against us.

    It is not enough to protect us from the government; show us how you will protect our data from Google Inc.

  42. Looks like they got what they wanted – great gobs of free publicity. :)

    And for the record – while I am a tad miffed with ‘theGoog’ at this precise moment in time – I do not agree with the documents assessment of Google in terms of privacy.

    my .02

    –dlp

  43. Try this on for size:

    Start from the premise that perhaps this organization’s concerns are a legitimate reflection of how people are going to perceive Google in the years to come. And then think about how this could be a way of ‘kicking’ Google out of its complacent dependence on the goodness of its search for the ultimate algorithms, by reminding those in charge that the internet is more than a set of calculations.

    This is an opportunity for Google. Unless you see it this way, get used to having your spleen agitated on a regular basis.

  44. Andrew, really good points. I think Google has been better about communicating recently (and I know that we’ve been paying even more attention to what folks say online, even though people can’t automatically see that outside Google).

    I dunno. PI worked on the study for 6 months and released the study on a Saturday. But if Google doesn’t do a large-scale rebuttal within 24 hours, the argument goes to PI? I took a day to think this over and try to calm down a little bit and I’m glad that I did, but it’s weird to see the blogosphere (or Scoble, or Battelle) say “Google hasn’t responded fast enough or with enough umph in the blogosphere.”

    And Harith has a point: coming back from vacation, I wanted to do more proactive posts, yet the first post I write when I get back is a reactive one. It bothers me a little bit that I let myself get drawn into this discussion. Anyway, nice points Andrew. :)

    Brett, I’d originally written a much longer post, but decided to cut large chunks of it. I agree that “these other engines aren’t as privacy-sensitive” isn’t as strong of an argument as just pointing out where we take the initiative. There was the unilateral decision to anonymize our logs, and I’d written about Google’s DMCA policy and how we broke new ground on transparent disclosure when urls are removed for legal reasons. But on some level, when a study says “Google is worse than anyone else,” I think it’s fair to say “What about A, B, or C that other companies do?”

    Chris, points well-taken. The vast majority of the company is focused on “how do we improve search, or make the user experience better?” And I think that effort is largely responsible for Google being so popular. I probably didn’t need to dive into this discussion — my wife said “And this has to do with search quality how?” — but I consider privacy to be a really important issue and I want people to know that Google does take it very seriously.

  45. Yes it does sound odd after all Y gave up a critic of a certain government who’s now in jail – it may be the potential for abuse that people are concerned.

    But some times the tallest poppy gets chopped at and you have to grin a bear it – I’ve been harangued by drunks in pubs over the way BT delivered ISDN before now..

    I think Robert Scobels comments on what Google needs to do now are very good some one needs to make L&S read them even if it means standing over them with a big stick

  46. Hey Shelley! I liked your point on (Scoble?) that this was a valid reflection of the potential feelings of regular people (as opposed to search eggheads or techies). And I agree.

    That would mean that Google should spend more time thinking not only about the reality of (search, privacy, etc.) but also about the perception of those issues. I remember one issue where I disagreed with Larry Page because I thought the issue in question would be perceived badly. Larry contended that the issue devolved to a no-op in reality (as opposed to perception), so we should spend our time working on other things instead. I’ve actually seen a little bit of a change on the issue. Now I can go back and say “Shelley agrees with me! We need to tackle this.” :)

  47. That is surely an extreme example Matt.

    So how is Google doing on the internal reputation management chalk board?

    Your enemies are relentless, that is for sure!

    Please do not ignore search quality.

    Thanks,

    Aaron

  48. I agree with you Shelley for the most part. However; whether we like or not, Google is the biggest player with all parts “internet” right now. They are a target for most every reason imaginable.

    This reminds me of many, many things that have to do with this privacy stuff. I’m reminded of the mind-boggling people out there who do NOT want anyone or anything listening to conversations by “terrorists”. They would rather react “after” a disaster, than react to something bad before it happens. Why? Because privacy seems to be a more important issue than safety to these people. I communicate with people in other countries all the time…. over the phone. I know darn well my calls are “being moderated” and I do NOT care one bit. It seems the people who are praising this report are the same “far left” people who say that our privacy IS the most important thing in life. Sorry, but “living” is most important to me, and I’m “middle of the road”.

    What about your bank you deal with daily? Why do you think you receive all those credit card offers in snail mail all the time? Do you think there are 6 dollar an hour clerks out there that know where you live, .. how much you spend on what…. where you shop…. where you work… how much you make…. and where you get your hair cut?? Heck yes they know.

    How about that grocery store clerk who just took your credit card or your debit card and now has your entire card number? Don’t you worry about that, or even care about that? Or what about that site you just gave your entire life history to? Do you care about that? LOL

    My goodness; it pains me to see threads at other places discussing this subject like on TW and on others. Are people really living in the same world I am? LOL I use many google services daily, like gmail and stats, etc and think zero about it. I know darn well there are people out there I have done business with in REAL LIFE that I would be concerned about privacy with, and being concerned about Google is quite the laugh-er comparably speaking.

  49. Google is the market leader, so it should lead also when it comes to privacy issues. In my view, Google has a responsability not to become a universal database of personal information, because they eventually will start to use it for their own good and not just to make the search results more accurate. And that would be a real shame.

  50. Dyce

    My gathering of these responses to the report (Matt’s and Danny’s) were certainly not imo finger waggling at other search engines to try and make people look the other way at Google and its privacy problems…
    No..
    I see this as more of a ‘We might not be the best, but neither are they… they should be down here too’ sort of thing. These posts outline valid points that appear not to have been taken into account in the report fully.
    *shrugs

  51. You lost me at “sigh.” May as well start with “poor, poor, pitiful me.” “shrug” “eye-roll.” “dismissive gesture.”

  52. I read this in my local paper and had several reactions:

    1) Who is PI? I’ve never previously heard of them. Pick on Google and get mentioned nationally. Rule 1 of PR, say something memorable, even if it is a slam.

    2) Who funds PI? I don’t know, but if I was a competing search engine I would REALLY want to undermine the public’s trust in Google since no one seems able to mount a viable challenge.

    3) I’d love to see Google sue PI for liable and do discovery on item #2!

  53. My quick reaction is to agree with you Matt. I understand Privacy Int’l mostly compared privacy *policies* rather than comparing privacy *actions* which of speak louder than privacy words.

    This also points to one of the blogosphere’s deficiencies – the buzz about the news becomes the news rather than the issue in question. There will be more talk about Google beating up PI than about privacy issues.

  54. I am going to agree with Matt, this was entirely unfair for Google. Privacy is a concern for everyone, but Google is the least of everyone’s worries. They were slammed to get attention, but alas this is going to hurt for Google unless there is a public rebuttal and quickly. People that aren’t us won’t get it. All they will see is the newspaper title … skim an article written by a staff writer who also doesn’t understand what’s going on … and determine that Google is the big bad out to get them.

    That’s going to to hard to combat especially since Google found out at the same time we did. Sorry Matt … and everyone else at Google, this sucks.

  55. Good points Matt. My main concern is that when ever questionable reports come up, our reaction should get beyond a debate of the report and take a look at the issues involved. Where there is smoke – there is fire and this issue is going to continue to smolder regardless of the quality of the report.

    There are huge issues at stake here, and with reports like this, we tend to focus on the sexy well known items like search query logging. Those are kiddie issues that the general web public can understand. However, there are serious deeper issues such as toolbar data, gmail data, and docs data, that are a wild cards that remain unopened and undressed satisfactorily by Google.

    On the other hand, Google is going to continue to get an unfair amount of shots from passer-bys. The top dog is going to get everyones best — and often cheapest — shot when they stand to gain from it.

  56. Hey Kate, good to see you! I’m still digging out on email; this study distracted me a little bit this weekend. :)

    Agreed, Brett. I think the larger question to come out of this is “What can Google do to improve both privacy and the perception of privacy by regular folks?”

  57. Jess

    Has anyone read this article?

    Google’s goal: to organise your daily life
    http://www.ft.com/cms/s/c3e49548-088e-11dc-b11e-000b5df10621.html

    Here is a quote:

    —————
    Eric Schmidt, Google’s chief executive, said gathering more personal data was a key way for Google to expand and the company believes that is the logical extension of its stated mission to organise the world’s information.

    Asked how Google might look in five years’ time, Mr Schmidt said: “We are very early in the total information we have within Google. The algorithms will get better and we will get better at personalisation.

    “The goal is to enable Google users to be able to ask the question such as ‘What shall I do tomorrow?’ and ‘What job shall I take?’”
    —————

    How do you get to that level without amassing large amounts of personal information?? Or as Eric Schmidt called it – “Total Information”?

  58. Google’s best option is to share as much as possible about what’s being collected and why, and giving people an opportunity to opt-out of anything that makes them uncomfortable. Of course, it’s worth educating people on how opting out may hamper the quality of results served or other effects.

  59. Tom

    First of all an ip address is not a individual person identifier – I am not awarded an ip address like a SSN number. I own an ice cream and coffee shop – if a customer walks in for a second time is it a violation of their privacy because I remembered what they ordered on thier last visit? It is good business! Now on the other hand if I collected their personal information and customer habits and gave/sold it to a company within the niche without their permission would be a violation (in my view).

  60. Jan Klier

    Scott, good point about the funding. Always good to understand who’s to gain from an obviously biased study? Would be hilarious if this turns out to be another publicity stunt gone wrong from ‘The Algorithm’ :-)

  61. From what I read in that report, they based their decision on the fact that Google has such a huge market share and the fact that Google has so many tools available.

    Basically they´re saying: “If you have access to so much user data, you will abuse it because that´s what we would do.”

    Rediculous!

    Though I do have to say that Google does have access to a lot of user data, and it might be tempting. But the way I see Google its goals are not to make as much money as possible no matter what. They want to make money through great services which is of course something that many people can’t understand.

    If Google ever makes the mistake to abuse all this power, they will likely fall harder than any company has done before. But with current ways, there´s no worry there.

  62. Funny, when this report was released I said to myself – “Self, … duh?”.

    None of this is anything new. I use Google’s services and use them logged in fully knowing that you are creating a profile on me more extensive than the FBI. I know that your business is content targetting and the best way to do that is to learn as much about me as possible. To me, this is all extremely transparent and is the risk I run by using any Internet related service while logged in.

    However, although it’s evident to me, it is not evident to most. I know that when I was explaining this article to my date this weekend (yeah, I’m a dork and have no game if I am talking about Google privacy reports), she had no idea that Google kept that type of information and she’s fairly computer literate. Same with my brother, parents, grandparents, cousins, etc. who I have talked about this with.

    Short answer – techies understand, lay people do not and are scared by your data collection, retention and linking practicies and policies. It’s that simple.

  63. Brett is correct — where there is smoke, there is fire. Matt should take a look at the supplement to their original complaint to the FTC that was filed on June 6 by the Electronic Privacy and Information Center. He can find it at http://www.epic.org/privacy/ftc/google/supp_060607.pdf

    EPIC is one of numerous privacy groups behind this and similar complaints. There are links between most of these groups, and these groups have years of experience with government regulatory agencies. The privacy regulators associated with the European Union will also be dealing with these issues, and sooner rather than later.

    Matt cannot pretend that PI is a rogue group that has gone off the rails on this issue. Instead, it’s time for Google to start addressing these issues seriously, rather than relying on media spin from Google fan boys.

    How about drastically trimming back on that cookie that expires in 2038? That would impress me as a symbolic gesture of good will. It was that cookie that first alerted me to the fact, way back in year 2000, that Google was going to be a problem when it came to privacy. I was right.

  64. “In some years, we (Google) can answer your question:what job is the best for me!”
    in this or similiar words a big google guy have said this very proudly in an interview.

    Maybe he is right: If Google can do this, Google can’t respect my privacy.

    With “Google Street View ” Google doesn’t respect my right on my one photo.

    I’m sure this company doesn’t respect my privacy. But this company is the market leader and some europe goverments would like to kill the right of privacy ..so what!

    I’m too old to have the illusion of *privacy* – or I’m too less “green” to believe statements about privacy.

    regards
    Monika

  65. What a great opportunity for Google to discuss all the ways it does protect people’s privacy. I guess you have no choice.

    I certainly agree with posters who say Google has a greater responsibility than most companies. I wholeheartedly support the “do no evil” motto and believe it is a symbol of why Google gets as much support as it does. People turn over a lot more info to Google because we do trust that it is a company with a higher sense of values.

    And with its growth and values Google has become an enormous institution, not unlike a government body, requiring transparency, public scrutiny and oversight.

    Yea, I know Google is a private company, but you have to be careful using that argument (as I believe you did on a recent post). When you are as huge and dominating as Google is, you have a higher standard. And when you create an image of Google as a community resource where everyone benefits and contributes, you have to take extra pains at being inclusive and inviting input.

    Anyway, yea, bad report, and probably a misinformed publicity stunt. But you have to watch out for the ranting and self-righteousness. You have another great chance to inform instead, as you do so well!

  66. Well Dan, you are correct. However; I wouldn’t call them “rogue” at all,…. just far-left whingies IMO with nothing better to do. Do you “opt-out” to everything your bank may do with all the info they have on you? If not, why not? Banks have much more info on us than Google will ever have. Even the smallest person on the pole, like tellers, have access to your life history. It amazes me that the internet is so concerned with this privacy stuff, when people in your back yard and across the street can sell your very personal data to whomever they wish and at anytime. I know one very large bank where you have to “snail mail” an opt-out form to them, otherwise they will “share” your data with whomever they wish.

    Oh sure; Google should continually recheck and rethink their privacy policies, but I think this report is a good attempt at making a name for this so-called “privacy group” where there was no name before. I know I’ve never heard of them before this, so I guess it’s working.

  67. Matt, I had an opportunity to review Danny Sullivans response and I’m glad I did. I first caught wind of this report on my car radio yesterday morning. The story immediately elicited a number of concerns I’ve had with with the way Google captures user data on its numerous and sticky productivity platforms.

    Having had the opportunity to balance some of the main criticisms with the report found online this morning on various blogs and chatrooms, and mixing those impressions with my own understanding of Net privacy, I have arrived at the conclusion that this report was poorly researched, and written with a level of predetermination that unfairly baits Google into a defensive.

    Here is what the report states on its research methodology:

    The report was compiled using data derived from public sources (newspaper articles, blog entries, submissions to government inquiries, privacy policies etc), information provided by present and former company staff, technical analysis and interviews with company representatives.

    In my opinion, any intermediary or second-hand information should be used to establish the groundwork for more exploratory study and focused research, which ought to include follow-up interviews with folks from the company to respond to any outstanding questions, issues or concerns. Especially when its the kind of the study involving a company and as sensitive a topic as Net privacy. And despite the counter excuse that Google didn’t reply to PI, what was the rush in getting this published anyway?

    After all, Facebook recently launched its Facebook Platform, which is allowing 3rd-party vendors to directly interface with Facebook members. With the possibility of this highly evolved social networking site capturing a precise ring of information including full legal names, schools attended (or attending), place of work, family, friends, co-workers, and credit card data if that member acted on the impulse of buying a cyber-gift, why isn’t anyone questioning the extent of that information exchange with external providers, and how Facebooks data collection methods and the exchange of data with external providers may be cause for the same kinds of privacy concerns discussed in the report?

    Moreover, how would a rumored Yahoo acquisition of Facebook not be examined under the same magnification of concern or scrutiny? My point in drawing on these two specific examples is that Net Privacy is evolving so rapidly and taking on a life of its own. What happens yesterday may appear to be a gross violation to Net privacy advocates, but with newly developing moves, mergers and acquisitions, I would rather see a more dynamic report being provided on a more frequent basis, so as to track and keep pace with the changes occurring each day, month and year. This would provide the public service element Net privacy advocates are looking for, while keeping its findings balanced and might even reduce the unfair amount of negative attention on any one company. Its the kind of scope and duty that would hopefully evolve to being broad enough to allow them to reexamine their current methods, and choose instead to score each company on a Net privacy scale (ie. 1 being evil, 10 being martyr) as opposed to building a top list of the Nets worst perpetrators.

    On the quality of research and careful inspection by PI, the report leaves much to be desired. Ultimately, I’m of the view that data collection and processing and the issues relating to Net privacy definitely need to examine the type of information a commercial Website collects, with or without consent. In order to completely understand how each site scores, you have to interface with the specific company and learn how each has implemented safeguards to user privacy, how they plan to address identified areas of concern, and the overall culture of sensitivity towards Net privacy concerns.

    Appointing a unbiased mediator to relate feedback back and forth is another important recommendation. And finally, forming a coalition chaired by the non-biased mediator for each company would allow more developed dialogue and discourse to flow bidirectionally between Net Privacy advocates and the sites providing a valuable service to the Web audience.

  68. Well, I had a look on the “International advisory board” of Privacy International. And two things struck me as interesting: Firstly, it has known far-left anti-globalists like Noam Chomsky. Nothing better than to smash the big international company. Why not Microsoft, you ask? Funnily enough, there’s also a Privacy Specialist from Microsoft on the board…

  69. Walter

    Well I like your comments and they need to be considered. However the discussion with PI is like two people talking past each other and not listening what the other is saying.
    You have a point with the things you pointed out. However the issues PI mentions are valid. Tons of data is collected there is no way for a user to opt out, IP addresses, times etc are saved – yes I agree only over a limited amount of time, but lets face it to create a detailed user profile, 18 month or 6 month (or whatever the time is) of web activity is PLENTY to know pretty much everything about a person.
    And as much as what you mentioned is true, most of the stuff PI mentiones is true as well.

    What I would like to see is a response going through the PI report in detail and addressing each accusation. At the end of this exercise you’ll find that most claims are still true. Now collecting data doesn’t mean you do bad things with it… however it requires great responsibility. Besides it makes internet users weary why collecting it if its not done yet.

  70. Lee

    I think you are missing the most important points of the study.

    1. Google collects tons of information that most people (if they understood what it could be used for) would not want tracked.

    2. Google keeps it for way too long. Anonymous or not. AOLs data was “anonymous” and they also thought it was “safe”.

    3. Google collects data from more people than any other group on the internet.

    In my mind these three points do make Google the biggest threat to privacy on the web. Detailed information, from lots of people, over a long period of time is a recipe for a privacy disaster. You think because you are “good” and “not like the other guys” that it is not going to happen. But only externally controllable checks and balances can truly preserve privacy.

    Sure the other guys are bad also, the PI report underscored that, but Google is the biggest player and therefore the biggest danger. With greater power comes greater responsibility. Google should be proud of that and carry that title with dignity and respect to those who gave you that power. Otherwise an arrogant attitude will keep it as an enemy to privacy whether you recognize it or not.

  71. Daniel Brandt,
    It is ironic that your point to the EPIC complaint going to the FTC about Google. The Electronic Privacy Information Center and Privacy International are basically the same organization. Checking the whois history I see that Dave Banisar of EPIC registered PrivacyInternational.org in 1998 at Network Solutions. I am not sure why EPIC guns for Google so much but whatever the reason is it seems deep.

    I agree with Matt’s post, I think Google is doing an excellent job at protecting privacy. ISPs that sell clickstream data should be looked at instead of Google. Google has a lot of data because we choose to use them. If you disagree with the way they collect data, use live.com or ask.com. I believe that Google is a good organization and I have seen nothing to convince me other wise.

    When I went through the AOL data I was able to track people down, I can imagine it would be possible to do even more with ISP clickstream data. Why does an ISP collect this information? How does it improve the user’s experience. The honest answer is that it doesn’t. The ISP makes money selling their users data. Arrg, very frustrating that Google is getting attacked when the other search engines just turn data over to any government agent that knocks on the door.

    Jay Westerdal

  72. I’m wondering though why other companies seem to get a pass from the internet privacy groups? Why is it that Google is the target for people out there? I’m reading posts on TW, where most there will jump at any chance to criticize Google for many different things. What I’m getting out of that thread is the fact the main concern seems to be:

    “Google is the biggest, so they “might/could” do harm in the future.”

    Instead of what I think is important:

    “Google is the biggest and they DO have lots of data on us, but other firms have actually taken action and DO SELL our info RIGHT NOW. Let’s go after them.”

    It’s like many things; it’s “what will they do in the future” as compared to “what have they actually done”.

    It’s okay that MSN and Yahoo can give your info to whomever they wish, and have already done so, but Google on the other hand must have different rules to play by I guess, right? It’s what Google MIGHT do or COULD do with our data that many out there are worried about, instead of what they DO DO.

    Amazing stuff.

  73. Whenever a company is on top, it’s a big target. Microsoft takes more flak than they deserve, and so does Google now. The real problem is that the user base hasn’t come up with a “Bill of Rights” (or other silly title) stating how they want to be treated. You want fair? Define what’s fair. And then go to companies and get consensus that it can be achieved, then certify the ones who do.

    Personally, I’m much more worried about the growing political instability and factionalism in this country than search engines hanging on to my data. In a climate where data abuse is encouraged for political gain, there’s almost no way to (legally) hide all of it, and that’s the root of this problem.

  74. I have enjoyed reading this post and understand why privacy is an important issue. However, online and via the mobile device on a Google branded service such as Web ‘n’ walk – accidents and information can be passed and channelled via the WAP Gateway. Its often not intent – but it does happen.

    I am not supporting any article or any group but my point is that any data can be hacked, found, misplaced, mis communicated etc and sharing or giving away knowledge is in itself a commodity that is given away easily and un-necessarily.
    With convergence – what works on one media – but not necessarily work on another.
    bena

  75. corey

    AOL can be considered an ISP, right?

  76. Matt:

    So much for getting any work done today. I guess web spam will have to wait a few more hours. :-)

    I think David Starr made an excellent point that should not be ignored: Collecting too many data sources together produces unintended vulnerabilities. It seems like Google (and everyone else) collects data from a lot of streams simply because you can, without regards to whether you need the information.

    The real opportunity is to find a way to leverage your leadership and advocate for rules that minimize the data collected by all engines, advertising networks and even site owners to what is essential to add value. The current FTC investigation of the Double Click acquisition provides an opportunity to create the precedent for this kind of deal and to shape it in the way that produces both the reality and the perception that Google is the leader in this charge.

    I agree completely with Hawaiian SEO that the concern is more about the future than the moment. I wrote about six weeks ago for the Context Web Brain Exchange on the question of whether Google is too powerful:

    The real question is not “Is Google Too Powerful”. Google is clearly both extremely powerful and positioned to be even more powerful in the future. The real question is how will Google honor the great responsibility that comes with power when profits are not growing 50% per quarter; when times are tougher, decisions are not black or white, and the idealists who created the juggernaut have cashed in their options and move on.

    Can the Don’t Be Evil corporate culture endure and protect us from what is emerging as the most dominant and powerful enterprise in history. If so, it will be the first time in history that corporate responsibility wins out over corporate greed.

    The PI report was shoddy research but the underlying issue is real. Google was selected as the target because it makes for great headlines. Having said all that, the issue isn’t going to disappear until some form of REAL protection is in place. We should not confuse our respect for the Googlers we know with a guarantee of good behavior in the future.

  77. Ken

    That’s good that you “slept on it” cause “Why I disagree with Privacy International” is certainly more diplomatic than “Privacy International Loses All Credibility,” which assumes that there was credibility to lose in the first place.

    When the Feds came a knockin’, we know which company fought back and which ones played the appeasement card. I don’t need some 3rd party to keep score for me.

  78. Jon

    People need to get it in their heads that NOTHING on the internet is private and assume that anything they do or say online could be exposed to the entire world. I don’t know how Google’s policies compare with other companies. I agree that, considering what AOL has done recently, giving them a higher rating is laughable.

  79. The AOL leaked data is still floating around the web – once data is leaked it just never really disappears. The overall fear may be – what happens if the amount of information that google collects ends up being leaked, especially with gmail and the like.

    I agree, though, that report was skewed.

  80. I said a ton in my post, so I’ll keep it short and different. Daniel — seriously, welcome back!

  81. I think the main point that you have to take away is that with everything you collect, you could be evil. To put consumer’s minds at rest, you need to have a really in-depth privacy policy. Most people probably do not understand why you would ever want to keep their data if it is anonymous, and perhaps you should release a full overview of the main processes that Google uses the data for (for the layperson/journalist) – understanding that spell-checkers and all your fancy time-series stuff need large amounts of data (which can be perfectly anonymous) would help a lot – Google is being talked about in really scary language all over universities at the moment – but never in computer science departments.

  82. Bill

    Welcome to the world of being on top. When a company holds a dominant lead or near monopoly in a particular industry, they will be singled out and held to a different standard. In my time at Microsoft, we dealt with this every day. Now that Google finds itself in this uncomfortable position, they will also receive this treatment regularly.

    Companies at the top are always held to a different standard. It is unfortunate. Since Google is still young and has the ability to change its reputation, I highly suggest working instead on brand association with trust. Microsoft spend tons of money doing this, but it was too little too late. Don’t do what Microsoft did and wait until it is too late.

  83. as a leader in your sector you are meant to have wide shoulders.

    suck it up, man.
    :)

  84. I think my view on this is is excellently summarized by Robert. Google, having the gigantic amounts of data it has, needs to clearly state how they use it. Do you mix search query data with gmail data? I don’t want to have to worry about that, there’s should be a easy to read policy that states it clearly. To avoid ending up like Microsoft or Yahoo (which are worse) you need to be preemptive. Times are changing, please follow suit.

  85. Steve Lewis

    Matt.

    I just wanted to say that you are right to be frustrated by that report.
    For *YEARS* I refused to rely on someone else’s email services, or servers. I maintained my own servers just to maintain that privacy. I have had a Yahoo! Mail account since they bought the service from RocketMail but I have always used it strictly as a honey pot for spam because I never trusted them with any personal communication. By contrast, I didn’t sign up for Gmail when it first broke beta, though I had ample opportunity and any number of friends who were offering invites.

    In the last year, while apparently Google has supposedly been so hostile to privacy, I finally decided that I was comfortable using Gmail for personal email, and I begged an invite. I didn’t trust Google for a long time. I’m willing to extend them more trust now then one year ago for exactly the same reasons you cited.

    To Doug Heil: The report says “comprehensive consumer surveillance and entrenched hostility to privacy.”

    Consider the formula: B = TxH
    (Baddness is the product of Threat and Hostility)

    Google’s T is large because it is the sum of usage and, well, Google has provided better products and has tied them all together in such a way that the threat is undeniable. High usage and a strong ability to correlate those usage patterns would seem to define Threat in this case.

    How they measured H in this study is very questionable. Therefore the product is very questionable. Need I point out that for small H, that B should be proportionally small?

    I will just cross-pollinate the discussion a bit with the latest from Search Engine Land:
    Google Bad On Privacy? Maybe It’s Privacy International’s Report That Sucks”
    http://searchengineland.com/070610-100246.php

  86. There is bullshit everywhere my friend. It’s too bad that these companies choose to prey on the ignorance of the general public just to get a headline instead of actually doing their jobs. ISPs are obviously the first place to look but for whatever reason people ignore them. Maybe because their stock price is not so high and an article about them is not such good “linkbait”.

    I think Google should “Slam ISPs on privacy”. That would be a good headline and maybe raise some awareness. But then the ISPs would probably find a way to block Google surreptitiously. Hell in Toronto the two major ISPs are affiliated with MSN and Yahoo. I bet they’re just waiting for an excuse. When is Google going to learn that they need to open an ISP branch. ;)

  87. 1. Today Danny Sullivan comes to the defense of Google but what about tomorrow?

    2. Doug Heil makes a lot of great points, though he does talk too much people should listen to him more often.

    3. Aaron Wall’s “Threadwatch.org” is relentless in it’s Google smear campaign and we all know why right?

    At the same time I wouldn’t give Google a complete pass. Things like Universal Search are extremely threatening to “mom and pop”. If you ever had your sites rankings replaced with a “how to” PDF or Utube file from some spammer, you know exactly what I am talking about.

  88. Educate people about the internet, the sensitivity of information, how to use it, or how not to.

    I see children using the internet without knowing the dangers, placing sensitive information on the net that might be used against them in the future.
    The same way i see adults use the internet without even thinking about the possibility the information provided could get back on them.

    The net is relatively new to large groups of people that now start to think about privacy issues they should have thought about early on.

    Educate them, let them know what happens with or could happen with data gathered, if it was data gathered from programmas like gmail, analytics or data they provided themselves.

    Education will take the fear away and make aware.

  89. “How about drastically trimming back on that cookie that expires in 2038? That would impress me as a symbolic gesture of good will.” Daniel, I’ll pass that feedback on. Thanks for stopping by.

  90. Matt, it is normal to receive this kind of articles when “online” is going to mean Google.

    It seems that they don’t have any solid arguments but what they are saying is in everybody minds: “Under the microscope, it turns out that Google is doing much more with our data than we ever imagined”.

    Now, the only question is what means “much more” :)

  91. First, PI is doing what lots of fringe groups do to try to get publicity… level outrageous accusations at famous organizations. It’s link bait.

    But in every successful pearl of prevarication is a grain of truth. Google is unresponsive to individuals and seems like a big, monolithic, uncaring Big Brother at times. Despite folks like you putting a human face on it, there are very regular complaints about Google being unresponsive or seeming to have a “piss off, we’re Google” attitude.

    Second, part of the reason they grade Google down is apparently Google’s size. The fact that Google has so much data about so many people, even if Google is being good with it now, Google gets demerits merely for the untapped potential for abuse. Stupid methodology, but it’s PI’s report and they get to make the rules.

  92. German

    Matt,

    I think you should stop to worry to much about each person not sharing your view. If you don’t you will have grey hairs before the time for it. It’s not worth it.

    Provoking people is also a very good way (especially on the Internet) to get noticed and attract people. Now you can be sure that this survey will be read by many more people that if they did say some are worse than Google (and if you didn’t write about it).

    What is reproached from google is Google wanting to collect every data from every step one is moving on the Internet. Microsoft is doing it in a more subtle way due to the fact that most people have windows and it is now hardly possible to use a software without at some time being sending some information online. Of course once you are online, Microsoft is also set to send things through your firewall if needed. And of course the data send to Microsoft may have a particular signature to the specific copy of Windows.

    AOL has only a fraction of the knowledge Google has, even if this had been leaking.

    I think you should try to help the people really worried to opt out – it would be much wiser and effective than shouting offense for such a thing.

  93. Just to clarify, I saw my most as more a critique of a bad survey than a defense of Google. There are real reasons to worry about the data that Google takes in, and there’s a lot more the company could do to reassure people.

    For all we know, on the privacy front, Google really could be the worst of the lot. Or, it could be middle of the pack or better. But that survey doesn’t tell us anything that’s measurable. It’s primarily anecdotal and subjective, from what’s been put out. And I don’t think Google or any company can get condemned — or praised — based on it fairly.

  94. “Customers have a right to amend personal details held by Google but does not allow search history to be removed.”
    That’s not fair, you do allow removing. However, you should not start collecting it without user’s permition. This was really bad and controversial. And this is what should be stated in the article. So as, the article is a mess but it might hit a target in a way. By far not the worst, but also not the best attitude to privacy.

  95. Each time I go to the hair cuttery, they punch my phone number in, bring my name up and ask me if I would still like the #3 around my head and a scissor cut on top. I return over and over because they have AND USE the information that they’ve collected on me.

    Privacy is an issue when it’s violated, not when it’s openly utilized. I agree with you, Privacy International was simply going for headlines here. I EXPECT Google to utilize the information that I have allowed them to collect to IMPROVE my user experience.

    I’m confident that Privacy International will be after my barber next!

  96. Rick Stenftenagel

    Read the report…

    Laughed at the report…

    Seriously lacking in any consitent and comparable data.

    PI really needs a lesson in data collection and research techniques.

    I rate PI as a threat to privacy reporting, which is also making all affiliates look bad.

    Ok, done ranting.

  97. Google failed because Google management does not pass out tinfoil hats. If they did, Microsoft would have been at the bottom instead.

    Seriously, Google lost out due to “Ethos”!

  98. > “How about drastically trimming back on that cookie that expires in 2038? That would impress me as a symbolic gesture of good will.”

    Very symbolic, as a cookie only lasts as long (at most) as the computer on which it’s written. 3 to 5 years? Also, most people use Google so often that even if the cookie was only, say, 90 days, it would perpetuate as long as the computer lasted.

    2038 is just a synonym for “long term”. It doesn’t make the cookie any more evil than one of a much shorter duration. In fact, it could be argued that when a cookie is set to expire in 2038, it is more obvious that the cookie data is kept for a long time, rather than (say) a cookie that only lasts 90 days but is refreshed on an ongoing basis.

    It’s what Google does with the cookie that should be of chief concern, not the cookie length.

  99. Matt, don’t let these idiots get to you. They’re obviously just trying to have a pop because Google is the biggest, most popular search engine around.

    On the subject on ISP’s – i think you’re right – the name selling is v bad. I have had an aol account since the late nineties. I did cancel twice when they were having problems – but promptly rejoined again. The amount of spam which gets through their filters into my inbox is beyond a joke. I’m regularly deleting hundreds of spam emails at a time.

  100. Mark F.

    I don’t care about any of it, really. As our good friend Larry Ellison once said, “There’s no privacy on the Internet. Get used to it.” What I really care about is consolidation of power, which is why I’ve stopped using Google. No company should be allowed to acquire as much influence as Google now has–especially since Google is constantly in the process of trying to acquire more. A couple times a year, Google’s tweaking of their search algorithms utterly KILLS my company’s online business. I know it’s not really Google’s fault–they’re just trying to improve their algorithm. But the fact that EVERYONE uses Google these days means that Google has the power to kill my business, and in my opinion that’s neither healthy nor safe. Maybe the people at Google have the best of intentions (“do no harm”, and all that crap) but that’s a temporary situation. The overwhelming probability is that someday Google will be sold to some unprincipled son-of-a-bitch, and that’s when the real trouble with Google’s mega-corporation status starts–if it hasn’t already.

  101. I am reminded of the movie ‘disclosure’ with Michael Douglas and that “b” Demi Moore.

    Privacy of aggregate search and clickstream data is a huge problem. Google is the huge player.

    Google needs to solve the problem, and not get too distracted.

  102. Matt, the readers of your blog are a very unrepresentative sample.

    If you want to know what your fans think, they aren’t likely to widely disagree with you (not everyone is going to agree, but you aren’t likely to get a lot of personal push-back).

    If you want to know what the general public thinks, this isn’t the place to ask.

    If you want to know according to some objective standard, well, not a lot of people care about that …

  103. Those kinds of privacy issues are only of concern to people who are paranoid about privacy issues though. Many of us actually trust a few sites out there to do with the data as they say they do with data, to make search “better” for their users. I believe you have to go into something with trust, and only not trust them when they actually burn you with it. As far as I know, Google has not did anything with all the info they have on my client’s and on me, so I’m not worried about trust at all. Of course, I’m not worried about Google knowing who “any” of my clients are either, which is very unlike many of you.

    I am worried about the numerous other firms with personal information who sell that info to others, IE: ALL banks. How about the three major credit reporting agencies in the USA? If you do not specifically tell them to keep your credit history private, they give access to your entire credit history to ANYONE who asks for it. Did ya all know that fact? Those are companies I’d be concerned with.

    I guess one answer to those webmasters and owners concerned about privacy and Google is to not use all their free services, right? No one is twisting your arm to use Google at all. Also; no one is saying you need to get your site indexed and ranked on Google for your terms either. You can very easily opt-out of Google if you wish using your robots.txt file. It’s real easy to do.

    This also reminds me of the new spam guidelines, well, erm, new to some people anyway; It’s like none of us should be able to run our sites the way we wish just because we happen to be big or small or whatever. Since when did discrimination against a company come into play just because they happen to be big?……. and good?

    BTW: Tonnie; very good post. That is something Google could certainly implement real easily. I like your suggestions regarding “teaching” the google users about privacy issues. Good one. :)

  104. Hi

    You may disagree with Privacy International, but what you need to face is that Google worries a lot of people, and this won’t go away – if anything it is increasing. Is it rational? Who knows – on the one hand one can believe Google has a “do no evil” culture – on the other, the commercial temptations are potentially overwhelming.

    Personally I’m glad the EU is looking into this, because to be honest the US’s laws on data protection for individuals are too lax.

  105. Wow, I don’t think I’ve ever seen such a lovely collection of fanboys and conspiracy theorists on one page.

    Great readership you got here, Cutts.

  106. Googly Eyed

    Google has been doing this for years. And you are frustrated?!

    Making money on the backs of privacy violations and fraudlent clicks can be frustrating…definitely. Although a few billion can sweep lots of things under the rug and keep people quiet, I am sure.

    Maybe if you stop worrying about doing evil, you can actually stop doing evil?! Like, I dont know, investing in your founder’s wife’s company with Google money. Or paying $500,000 for security for the CEO who claims he only got $1 in salary. Or hiring your army of shuttle drivers to ferry around Googlers and thumbing the mass transit system (and everyone who actually works for a living paying city taxes). Or could it be the huge power load you put in the grid (your solar network covers only a fraction of your office supply, none of your data center)? Or claiming Do No Evil, except if China can make you lots of money (or cuz everyone else is doing it?) Or the deal of YouTube (which was built on stealing content — is that evil or are we still in China for this one?)

    *Sigh* Evil is such a vague term, isn’t it.

  107. Wow I got to this story late and everyone has already commented. Hope you’re still reading.

    I do understand your perspective. And I bet it’s hard for you to step out and look at it from the perspective of others. You have the data and you know what you’re doing with the data. But when that power is in someone else’s hands, it feels very different..

    I think you have to realize that this story resonates and reverberates with people because of fear. No one’s all that worried about the ISPs holding data and for good reason. OK, they sell it for peanuts. But who is going to use that information effectively? Some cold callers?

    Google not only collects every scrap of data, but uses it. Extensively. You are experts in data mining. I open my gmail and you give me an ad about something I only told my close friend about in an email. You might even conceivably follow my tracks as I research a topic and deliver an ad to me that’s in my head and I didn’t even tell anyone about. No other company in the history of time was that efficient. It’s the kind of thing George Orwell could have written in 1948 (and did). And it’s scary to people.

    The fear comes from knowing that if you wanted to use it for evil purposes, you would be good at it. The ISPs just don’t have that know how.

    And as Hawaiin SEO said, today Matt Cutts might hold the data, but one day someone else will and that day might be scary indeed.

  108. Matt, the reason you’re off the mark isn’t because of anything to do with Google’s privacy policies or any potential issues that “Privacy International” (whoever they are) may have come up with.

    The reason you’re off the mark is because you responded to the tinfoil hat crowd in the first place, and even by responding lent a certain degree of credibility to an argument I doubt 99.99% of us would have heard of otherwise, and anyone with even an ounce of common sense would have realized is a pathetic joke at best.

    Doug hit the nail on the head; there are far greater invasions of privacy and much more insidious selling of personal data involved with chartered financial institutions, cable companies, ISPs (as you touched on, Matt), and just about every other corporation than anything big G could ever come up with. Banks are even selling information across borders (if anyone wants an example, ask and I’ll provide one)! What’s Google selling from the US to Canada?

    The stuff that’s in the “report” is pretty spurious, too. The only people who would be stupid enough to buy into it are the ones who know the world is a big scary place and out to get them.

    That was even worse than a Brandt Randt.

  109. good god. CBS News tonight are running with the privacy stuff.
    but , to be fair, they interview a guy from the EFF – and i must admit, there is a question to be asked here.

    who in Google asked anyone if they’d like their house photographed and potentially viewed by millions? it IS an ethical question that i dont think we really have an answer to yet.

    i for one would feel a bit creeped out if my house appeared on Streetview. overhead sat is fine. but streetview of my house is , i dunno, going a bit *too* far

    however, if i got a google income of say 10 google credits per month, then yeah. maybe i’d tolerate it. i think the reason why folks are getting freaked out is because there is no monetisation of streetview – monetise it, and i think people wont mind. heck, i’d stick a few advert billboards in my front garden if i could monetise a bit more. a kind of Adsense in reality…

  110. Google can’t just delete the data it has collected on users. The data is used for many purposes, such as enhancing the user experience, and protection from fraud. In fact, because Google collects all this data, it is able to provide an improved user experience over time, as it “learns” users’ habits. Users thus implicitly approve of Google’s collection and usage of this data, in order to have a better user experience.

    While there are certainly concerns about how Google might use this data, a greater concern is what might happen if the data falls into unscrupulous hands. The AOL debacle taught us a sharp lesson about what might happen if personally identifiable data is accidentally disclosed. So any concerns about the means Google takes to protect against the disclosure of user data are well-justified, IMO.

    Lauren Weinstein has made some excellent arguments on how Google can improve its perception in this area by being more open and clear about how it uses the data it collects and what steps it’s taking to protect the data. Other things can be done as well, such as educating users to be careful not to submit sensitive personal information such as passwords or credit card numbers in queries, email, etc.

  111. “Or the deal of YouTube (which was built on stealing content — is that evil or are we still in China for this one?)”
    sigh.

    the ignorance of internet history really staggers me sometimes.

    usenet binary groups were around before Google.
    oh – and lots of email lists were based on cutting and pasteing articles and discussing them.

    i guess you’ll want to ban computers next because of “copyright infringement”.

  112. Matt, the sincerity of the personal pain you felt from this article is clearly obvious. You have a strong commitment to Google and feel personally responsible for its reputation. This is commendable, and quite refreshing.

    How many employees would stand up for the large corporation they work for? Not many.

    I use google products every day, trusting in your motto “don’t be evil”. It is a huge leap of faith to follow your motto and hope my information is secure.

    I know that all my user behavior is used by Google to feed me more targeted adwords ads. I’m ok with this – it’s the price of a good search engine. I just don’t want google to sell me out like Yahoo did.

  113. googles aim is to index the entirity of human knowledge and make it searchable.

    so how come i cannot find a newspaper from 1861 in new york, and read it in its entirity ( a resource that would be invaluable to millions of history and genealogy students). and yet i know where Paris Hilton lives?

    http://googlesightseeing.com/2007/06/08/paris-hiltons-prison-cell/

    somethings not right with Google right now. you should focus on knowledge. get those old books and newspapers digitised. please dont streetview my home.

  114. A short look at Google’s new Street View feature in Google maps shows, that Google doesn’t care about people’s privacy no matter whether they are Google users or not.
    Google’s main goal is to make all information available. That may sound nice when you first hear it but what’s next?

  115. Mohammad Ocean

    First off any privacy report ranking Google behind AOL is a waste of bandwidth. As stated above AOL accidentally (!!!!) released a plethora of search data that was in many cases easily identifiable down to the AOL screenname and even real names and addresses. If that’s not worthy of the lowest privacy rank then I don’t know what is. Then there’s the DoJ subpoena which Google didn’t succumb to. I don’t think Google or any other large scale organizations privacy policy is really up to where it should and eventually will be as we define the ad-subsidized world but I can say this…

    There’s no such thing as bad publicity. I think this would be a great segway for Google to publicly discuss their current vision of user privacy and future plans to satisfy the reasonably concerned about data collection.

    The future of internet marketing will focus considerable attention to privacy. As the development of ad-subsidized killer apps becomes more prevalent I believe an organizations reputation towards sensitive information will emerge as a clear differentiating factor in the minds of the average consumer.

    Extreme paranoia will never be satisfied and proxy based, anonymous sessions will be the only solution there but as pointed out in this blog if you’re going to take advantage of some of the great free services Google provides you have to figure that someone somewhere is footing the bill. Ad revenue supported services are just taking off right now and I’m sure it’s going to grow leaps and bounds in the coming years but I don’t think it’s too early for Google to be thinking ahead of the curve and positioning themselves as privacy advocates for when that becomes an even stronger selling point.

  116. Hi Matt,

    I think this whole issue is only going to heat up more as people begin to contemplate the ways that data from initiatives like personalised search and webmaster tools can potentially be misused.

    Is there some way / any way that the data can be completely anonymized from the word go and still make it useful enough that Google can use it for the good initiatives? I strongly doubt it – any data that can be used to personalize search is, I guess, by definition, going to be able to be inverted and used for privacy infringement.

    I guess it all comes down to the basic problem – litigation. People admire Google for taking a strong stance against the legal decision that you mentioned above – but I guess what worries people ‘in the know’ is this – “What if Google didn’t win the case?” – this brings up some very orwellian questions.

    So – staying with Orwell – I think that amongt the general popl’n people do trust Google – I don’t think people perceive Google to be Big Brother, and the legal stance Google has taken in the past to protect user’s data is something that has added to that trust. What people are generally really worried about is ‘the authorities’ – eg, government, the legal system etc.

    This feeling is even prevalent in the US – imagine how much more worried you’d be if you’re from a country that doesn’t have the kind of free speech protection that the US offers – I know it’s all fairly academic given that local ISP’s hold the information too, but it could be worth considering if Google can take it a few steps further..

    For example – would it be possible for google to store all unique identifying information in an encrypted form on local DC’s and host the encryption keys on servers off-shore? So, if you get a domestic legal decision that compels Google to offer up private information, Google can essentially offer up the encrypted version only – if the authorities want data they can use, they also need to go to prosecute (and win) a case in an off-shore jurisdiction. Perhaps buying a small pacific island nation could work? :)

    But then I guess that would come down to another argument – whether data hosted off-shore is protected by the off-shore privacy laws… it’s a difficult one.

    Cheers,

    doc

  117. Dave (original)

    Matt, the fact the yourself (along with many Google employees) speak out in defense of Google speaks volumes. Most employees of other big companies cannot wait to jump on this type of band-wagon. If Google treats its customers with the same dignity and respect as its employees we have little to worry about IMO.

    I’m a big user of Google tools and cannot thank you guys enough for how you help Webmasters enhance their site for users and for nothing more than a username, password and email in most cases.

    To-date I have never gotten an email from Google that I didn’t request. I have no reason to fear what Google do with ANY info they have on me or my family.

    I must profess to not reading all text on this “Privacy International” report, but what I did read smacks of sensationlism and vested interest. I didn’t read one thing that stated where Google had done anything that would be a breach of privacy by anyones standards.

    BTW, tell the Google black helicopters engineers that the colored Google logo sticks out at night :)

  118. wlrock

    Matt – I feel for you, I really do. And I’m a Microsoft employee. My company was acquired a little over 2 years ago, and while I like working at MS, it’s painful to read biased, angry, and often completely inaccurate information about your employer, your products or your colleagues. I really have no idea if this PI report is on target, but welcome to being a successful software company trying to stay focused and delivering value to your customers…it’s a rough world out there.

  119. Matt,

    many thanks for the huge amount of effort you have put into responding to our report.

    You and I should talk about the detail at some point. What I would say in the interim is that you appear to have made an (understabdable) mistake of relying on our xl spreadsheet as if it were the sole basis of our parameters. In fact the spreadsheet was designed to simply illustrate a few of the issues, but more importantly it was designed to highlight those aspects on which we had little or no data.

    We give credit where credit is due. Google resisted the demands to hand over data. We marked you up for that in terms of leadership. Beyond that your policies need an overhaul, as do those of many other companies. It’s a pity that such attention has been paid to Google, while the parlous state of privacy in other ranking companies has been ignored.

    We at Privacy International are fuelled by an understanding of history. It is a pity that so many respondents here have never heard of us or our issues, particularly since they form the foundation stones of security and privacy on the Internet. These are clearly not the same people who gave us support in the campagns against CALEA, CLI, reverse directories, NSA wiretapping, PNR, “know your customer” or a hundred other issues that have helped shaped modern privacy. I am disappointed, but I understand people have busy lives and don’t have time to study history or its lessons for he future.

    Best wishes

    Simon Davies
    Director
    Privacy International

  120. Hi Matt.
    I’m perfectly safe that Google track whatever i search for or whatever mails i write. Why? Because even though i search for sloppy pu*** or big d****, i’m not scared of what you might use theese queries for, cause i have the ability to decline what ever comes my way. And if the government wants to arrest me for surfing porn or just being curious, well i’ve got a reaaaaally good lawyer who’ll ensure that i won’t work ever again.
    What i write in my emails is private, that’s why i have two email addresses. A gmail for fun and games and a private email to all the personal stuff….

    And hopefully you guys still work for a company that keeps it’s mantra: Do no evil.
    The rest that feels threatened, well they probably have something in the closet since they’re so paranoid.

    Soren J ;o)

  121. Being the first means bearing the brunt. I believe Google is great. By the way, Google won over Baidu in a latest blind test in China, though most people claim to support Baidu.

  122. Michael Hitchcock

    I have to agree with what you said in this post.

    I don’t even work at Google, but when I first saw the report, I was blind with rage. Google isn’t perfect (nothing is), but they are better than leaking my queries and giving into needless subpoenas.

  123. stubblechin

    I’m surprised no one has made the connection to Greenpeace. Their baseless criticism of Apple’s environmental record and fraudulent elevation of other computer manufacturers as “greener” seem, to me, of a piece with Privacy International’s singling out Google.

    YHBT—BANGO (=you have been trolled–by an NGO).

  124. Seth Finkelstein, I know my readers are unrepresentative in several ways, but I do appreciate all the comments and the thought that people have put into them.

    CPCcurmudgeon, if you haven’t seen the talk that Lauren Weinstein did at the Santa Monica office last year, you might like it:
    http://video.google.com/videoplay?docid=-2700379110263269822&q=lauren+weinstein

  125. Kirby

    I don’t give a rat’s ass about PI’s report or Google’s response to it. What I do care about is the actual issue behind the story.

    I also do not believe that the data you collect on me has improved my user experience.

    Why not anonymize your data in 6-12 months?

  126. Not-a-Fan-Boy

    For those that think they know about privacy but have never heard of PI here are a couple of facts:

    Google: created in 1998
    PI: Created in 1990

    PI is not some Johnny-come-lately organisation that is looking for publicity. If some of you haven’t heard of it before then I would suggest a bit of research before gobbing off in public.

  127. I am suprised with an article about privacy, have only found 3 references to googles situation with helping keep the wool of the eyes of the china population.

    Do posts about china and google not get posted ?

    I have seen many examples of google doing bizarre things latly, to name a few, google videos placement and top 100 rigging, removing pages from the google index.

    To see this going on and the disgusting behaviour google has adopted with china, is frankly doing this company more harm than good.

  128. Harith

    Good morning Matt

    Time to talk about something more useful than PI report, Googlebot for example :)

    In fact Googlebot used to be one of my very good friends visiting me each day. Not anymore. Now its the most lazy bot on the planet:

    “Googlebot last successfully accessed your home page on Jun 6, 2007″ :(

    Anybody have seen or heard anything from Googlebot recently?

  129. This is a clear-cut example of the old ‘man bites dog‘ scenario.

    Or, as I said over here (heads up that this leads to our blog – no spam intended), Google ate my hamster (apologies to any non-Brits who don’t get the reference…

  130. Daniel, remember this from above?

    “How about drastically trimming back on that cookie that expires in 2038? That would impress me as a symbolic gesture of good will.”

    You might get your wish soon. See the Google news today:
    http://googleblog.blogspot.com/2007/06/how-long-should-google-remember.html
    http://searchengineland.com/070612-041042.php

  131. I think you’re missing the point Matt. The privacy concerns that many might have regarding Google come not from third parties issues but first party issues – i.e. Google itself. When I think of how many Google services I use I do have to wonder just how much info you guys collect on me. My guess is lots. While I trust you guys now, how can I be sure that will always be the case?

    Agree with Multi-worded Adam – your passion speaks volumes of the culture of your employer.

    Rgds
    Richard

  132. Matt, the fact the yourself (along with many Google employees) speak out in defense of Google speaks volumes. Most employees of other big companies cannot wait to jump on this type of band-wagon

    Good point Dave, most large corporations always carry an underlying resentment by it’s employees and when things go wrong they like you mention like to jump on the bandwagon. It is refreshing to see employees sticking up for their company and defending the belief of its company policy.

    Online privacy is a bone for contention with many people and strikes a raw nerve when it comes to discussions with others. I run a small new media agency where online privacy comes up a lot in discussions with clients and especially when it comes to either discussing e-commerce solutions or search. All of them worry about it to a certain extent and we can only allay their fears to a point, and that comes with the applications we build or source and the reliability of the developers. The question however, usually comes up in some form or another “how safe is it to surf the web” “does search engines such as Google watch us” it’s a whole range of concerns based around privacy. Comments like:

    none comes close to achieving status as an endemic threat to privacy. This is in part due to the diversity and specificity of Google’s product range and the ability of the company to share extracted data between these tools, and in part it is due to Google’s market dominance and the sheer size of its user base. Google’s status in the ranking is also due to its aggressive use of invasive or potentially invasive technologies and techniques.

    They have not concealed their language in ‘diplo-speak’ at all and it almost borders on the aggressive. This leaves a lot of room for concern and what their actual intentions are/were. They (PI) claim they tried to contact Google and got no response. Is this an angry reaction from PI to that? Maybe thinly disguising it’s belief that Google was too arrogant to reply? Probably, not, but worth mentioning still.

    This whole report reminds me of the blasting’s Microsoft used to get from various agencies over security and other issues, some being justified and some probably not. Now it’s Google’s turn as a large corporation to get the ‘rough hand job treatment’ from smaller agencies and individuals, and unfortunately for Google it wont probably wont be the last report. All storms can be weathered, it’s just a matter of how seriously you take this one.

  133. good holiday matt ?

    Anyways :

    you said :

    I’ve pointed out before that ISPs have a superset of data on a user compared to almost any other online company.

    It looks like Privacy International didn’t include any ISPs in its study of online companies.

    Then I read on the google blog about Google Wifi, that makes you an isp ?
    http://googleblog.blogspot.com/2006/06/update-on-wi-fi-in-san-francisco.html

    DaveN

  134. Google is being targeted because it’s the biggest and best- tall poppy syndrome.

  135. This may be a little different take on the Privacy International asticle, but don’t you think they have gotten some pretty good press and possibly some valuable links to their site from an off-the-wall slam of Google. They actually stated in the article that this would be controversial.

  136. LMAO Keniki you’re funny as hell. I read through the comments now just to laugh at what you write. You actually do crack me up, keep up the nice work. I got a sweet tinfoil hat you can wear man.

  137. Sorry, quick add-on to my previous post. Do you know what really makes me laugh keniki, the fact that I have spoken to you on the phone and you actually do believe all this stuff your writing and do think there’s huge conspiracies when really its just people making money, its called business. I just… I don’t know… I just can’t stop laughing. I’m so sorry.

  138. Hey Googly Eyed, the sounds like you don’t like Goog very much.

    Answer is simple. Use Yahoo, Ask, Sproose, Mahalo, etc

  139. Matt:

    I have a rather modest first step that Google (and other engines) could undertake to help users address the ISP issue which you point out:

    Default to (or at least allow) SSL encryption so we can prevent thirds parties from harvesting our queries and SERP pages.

    This is a small first step, not a solution by any stretch of the imagination, but at least it limits the opportunity to associate queries with specific users and assists those who want to increase their privacy via the browser. It should also be fairly easy to accomplish and perhaps lay the foundation for the next step.

  140. Hi!

    All links I found on PI are more than 2 years old,

    1990-2003. The Privacy International Website has moved to. http://www.*.org/ Please update your links and bookmarks.

    at the top of the list.

    So I think PI needs PR (best worldwide).
    And more you will cry back
    more PR they will become!

    Greetings Karl

  141. Dilip

    Matt:

    Sometime in October 2006 I checked my web search history for the first time in Google… and was surprised how far back the data went. Clearly Google had been collecting all this information (and God knows how much more) about my surfing behavior and I was clueless that this was being done. I am sure I must have signed some user agreement when I downloaded one of your innumerable tools – but I never “knew” this was the extent to which my behavior was available for somebody out there.

    As for the argument that leaks of private information have occurred in other engines but not (yet) on Google, I worry even more about my privacy on Google now. To me it seems that it is only a matter of time before something similar (or God forbid, worse) will happen at Google – it’s the classic Black Swan issue which Taleb has explained in his two books recently.

    All in all, irrespective of the PI report, since Oct ’06 I have been and continue to remain worried about the privacy of my data on Google’s servers.

    Disclaimer: I am a techie layman – so I do not understand the technicalities on this issue. All I know is that I am worried. And there are other people like me out there who are worried too

  142. At least google hasn’t leaked my info out like the others.. Keepin it safe huh guys :)

  143. Thomas

    Its amazing to me the amount of people in these comments saying Google is Big Brother. Google is a PRIVATE company, how can a PRIVATE company relying on voluntary customers be compared to an all controlling fascistic government. Noone has to use Google if they don’t want to. If you’re that worried that your data is being comprimised by all means use one of the many other search engines available on the web… its not that hard to do.

  144. Why doesn’t Google quickly regain the highground by simply letting users delete ALL of their historical data when ever they want?

    Sure some will clean it out several times a day for a time ;) but its highly likely most will never ever bother.

    If their tailored results are worse so be – after all its their chaoice and it is their data.

  145. Google has done good in protecting its data against intrusion, but as others have pointed out, there is the question of how much of this it should be collecting in the first place. Consumers generally don’t realise that ‘loyalty cards’ are essentially a transaction where they give up some privacy rights in return for discounts in the supermarket. Maybe Google would like to offer a low cost paid service which doesn’t log data for those who want to pay their way rather than pay by losing privacy.

    I’m not persuaded by this anonymising data argument although I have to admit I haven’t seen the detail. It’s too easy to be identified solely from what you search for. I think you should offer some option where the data is deleted within 7 days of the search.

    Whether it’s fair to say Google is worst I don’t know.. I’m not sure it is fair.. I think Google has demonstrated it will protect its data the best it can, but as said above this doesn’t mean it should be collecting and storing all of it. Give users more choice. Don’t log queries or links that aren’t common enough for anonymisation to work.

    I hold Google to a higher expectation because it’s THE search engine that gives me what I want.. so I am saying this entirely constructively. Better is not good enough.. Only best :)

  146. “Joe User” here. I’m no super-user, and while I have my own website(s) and know how the code HTML manually, I also learned that using my “HTML for Dummies®” book. In short, I like to think I’m as close to “ma & pa” (as some commenter’s put it) as you can get (considering this blog’s readers crowd).

    Now, I just want to throw at you my perspective of a few points being bantered about here:

    A. Anyone who thinks you even need an ISP, any of the companies PI covered in it’s report, or any “evil” entity to risk having your privacy violated is plainly ignorant. Everybody already has two things in which they “sold their sole” to: (1) You are a (legal) citizen of your country, so the gov’t already “has your number;” and (2) you use the internet, so you are entering a global forum in which (both technologically and figuratively) you can be “tracked.”

    No tin-foil hat here, just stating the obvious. I’m an independent contractor who’s had my own business for 8 years now, and I can tell you from several personal experiences that if the internet didn’t exist, you’d have the same damn privacy risking issues out there.

    B. I agree with the comments saying this PI’s way of riding the “Google” PR wave. Google is like no other company our there; parts of it are, but there is no other entity, anywhere, (unless you start counting governments) that is ALL of what Google is/does. But this also means everyone in the world is watching you, and every little move you make. I also agree with some commenter’s suggestion of being a little more real for the general public. Personally, I’d rather hear from individual googlers than the Google PR releases. (FYI, my couple experiences with contacting Google about problems and such have been totally painless…even enjoyable…and I can’t say that for anyone else.)

    C. Regarding the actual issue of Google and the data it collects: (excuse me while I get juvenile for a moment…) DUH, PEOPLE!!! Google, and all the services it provides (free AND paid) wouldn’t exist with that data. As such, one is, again, ignorant to think stepping into the “services on the internet” arena (as a user or otherwise) can be done without giving away any information about oneself. Even if you don’t “sign-up” for services, visiting anyplace on the internet means you are not anonymous (at least on a base level).

    But, I also agree, that Google, because of what it is and could possibly become, has the most imperative responsibility to handle it’s data in the most critically safe way it can invent. Yes, invent, just like the rest of what you guys have done in your business, it’s up to you to come with the new way to deal with that data; and with that, a new way to handle your richest asset, the users from which the data comes.

    ***

    So, in short, I take PI’s report with a grain of salt; I will continue to use Google’s fantastic services for as long I feel comfortable and confident in Google, which I don’t see changing any time in the foreseeable future. ;-) And I hope you (Matt and your fellow googlers) take this little episode as an opportunity to look at yourselves in the mirror and seriously ask the question: “Are we really doing NO evil?”

    Peace, MRC

  147. Dave (original)

    Keniki, loosen that tin foil hat buddy before you start posting with your heart on your sleeve, show you have an axe to grind & post nonsense………oops, too late.

  148. Dave (original)

    DaveN, you are strengthening Matts’ statement by your post. I just don’t think you know it :)

  149. Dave (original)

    I never damage anyone else Dave……..Alternatively I’ll just post your client list here in 48 hours.

    LOL! Loosen the tin foil hat Keniki.

    The only choice I am left with is to expose what you do now. You had a chance to back off and you blew it. But I fear for webmasters that you effect that aren’t as tuned into this as me. Yeah I wanna save the internet not just my clients from your spam

    What on Earth are you on about?? You appear to have totally lost the plot!

  150. Dave (original)

    sorry don’t understand that comment…….

    Google it. I don’t understand any of your ranting.

    Why are you using Matt blog for your rants? You show a total lack of respect.

  151. Hey Matt: now do you see what I mean about responding to the tinfoil hat crowd? ;)

    Never give the habitually paranoid an excuse. It’s somewhat akin to putting up a life-sized statue of Steven Bartman at Wrigley Field; no good can ever come of it.

  152. Josiah Severn

    I’m a battle weary privacy activist of some 10+ years. Pretty much seen it all.

    There’s no denying it Google wants to monitor, track and tag us everywhere we turn.

    That being said I also love Google for the services that it brings to my life, and the convenience that it has given me. For that I must be thankful.

    And these days being a privacy activist I have a little message for all the whiners who say that our privacy is being eroded and stolen from us by Big Corp.X… stop pointing the finger outside yourself and start looking at the information you have chosen to give away to individuals, corporations and governments.

    Then wake up, and start protecting your privacy… yourself.

    I can use privacy protection services that leave Google blind as to what I am doing online.

    So quit whining people, and start taking responsibility for your own privacy instead of demanding that CorpX, GovtX, CitizenX does it for you instead.

    Learn how to keep your own life private. Privacy is vital in a free society. Privacy is one the bedrocks of our democracy. But only YOU can be private. Corporations have only one thing at heart. Their own self interest. Same as you. So stop being hypocrites and take responsibility for your own privacy. If others choose not to – tough!

    And for the person that said “no-one has ever heard of Privacy International”, then you obviously don’t know anything about the privacy marketplace! They’re a grand-daddy fool.

  153. Kenki, LOL your so funny, take a chill pill and relax,

    identity theft, hijacking, scraping and content theft and the destruction of competitive websites and market leaders online.

    lol , I work for fortune500 companies, protect their copyrighted material, and keep market leaders a head of the game.. sounds like you lost rankings and you are trying to find someone to blame, Next time i’m in Cornwall we should have a beer

    DaveN

  154. Hey Matt, i agree with you that the report is very subjective. but actually i am caught between 2 stools. As i use Google everyday in work/private and i wrote my diploma thesis about Google i think there is nothing to compare. I love it. it’s so much more comfortable using different services with one account. i get the best results compared with other companies.

    at the other side: you have access to the same information about me like any other company if i would use one of their services. my concerns are only that Google has all my information in one and knows my preferences and behavior. I don’t doubt that Google keeps my details private. that’s why i am using it. Googles competitors know only a very small part about my life. But Google just knows my “whole life” with the information it collects. That is a bit scary. i guess Googles power in the market is one reason why many people talk about Google leaking user’s privacy.

  155. Hi Matt,

    An interesting discussion on-going, however, an article in el reg today talks about Google’s recent implementation of ‘Street View’, where an individual was trying to get their identify removed from the site. Here’s the URL and what was said:

    http://www.theregister.co.uk/2007/06/13/google_grills_privacy_buff/

    “Bankston wasn’t amused, so he decided to take Google up on its pledge to remove “inappropriate” street views. In response, Google, sent Bankston an email that reads like an FBI affidavit.

    Among other things it requires him to furnish his legal name, email address, a clear and readable copy of his driver’s license or other legal ID and a sworn statement affirming all the information in his complaint is true and correct.

    “We will temporarily remove the Street View image pending receipt of your ID verification,” the email states. “If we have not received a copy of your photo ID within 5 days, then we will restore the panorama back to Street View.”

    Says Bankston: “It’s utterly insane that to get Google to stop publishing information about you, you have to give them more information.” ®”

    Whilst on its own, I admire Google’s commitment to respecting a users privacy, it does concern me that, as the article comments, to _secure_ your privacy, you actually have to _disclose_further_information_ to google. Surely that’s an oxymoron?

    Ultimately, I am of the belief that Google attempts to respect its users privacy, for no other reason that the -moment- a user’s privacy is invaded, confidence in google will be deteriorated. It’s that opportunity cost which I believe concerns google greatly.

    Your comments, as ever, appreciated.

    Chris

  156. What infuriates me about privacy international is that legally UK businesses/organizations are required to register under the data protection Act in order to e.g. run a CCTV system/store customer details electronically etc. We have to keep accurate recordings for up to 6 months and we have to make available to the public all that data and more as required by the data protection act. We also have to annually pay a fee to the data protection registrar. We do not object to having to do all this because the purpose of this Act was to maintain the privacy of the public i.e. under the Act you must disclose all info/data you hold to any customer that requests to see it including any data mined from cookies.
    So with this in mind does Privacy International respect the data protection act —— NO!!!!!!!!
    Extract from their privacy policy ‘In accordance with the Data Protection Act 1998 and the Office of the Information Commissioner we are not registered on the public register of data controllers as we are a not for profit organization.’
    Yep they get round the data protection act by masquerading as a charity. That way they can legally collect all and any data from any individual without being forced to disclose it.
    Other examples of their practices that can be found on their privacy policy include…
    ‘We run a limited number of mailing lists, and the membership of the mailing lists are kept confidential’ – so access their site and yep you are now on a mailing list.
    You could always phone them and complain but ..’Telephone calls received on our number are serviced by Skype and are beyond our control. As a result, the traffic data for these calls may be retained’ so chances are your conversation will be recorded without the requirement to disclose the recording imposed on all other organisations.

    What a bunch of hypocrites.

  157. me

    why i agree with Privacy International

    to put it most simply, a cookie that ends when?
    use scroogle.org folks, google search with no cookies, and screw google apps/email etc – you want me to put all my data where? thanks, i’m quite happy with keeping it locally and dealing with whatever problems that entails so that I can actually keep track of MY data.

    but google isn’t evil, really, they jsut want to know EVERY last thing about you, but only to help….

  158. This is definitely a thorny issue. After reading most of the recent Google patent disclosures I can understand why there are negative comments about Google’s use of personal information and search histories.

    Not only does Google track user’s search preferences and actual searches, but now with the advent of Analytics, Google has access to your web traffic logs. This information used to be considered proprietary by most webmasters and never ever shared.

    I understand Google’s philosophy of do no harm, but at what point is gathering information for fine-tuning an algorithm to return on-topic items and the effort to personalize search going to step on users privacy. Personally, I think that line has been crossed already.

    I have uninstalled the Google Toolbar and do not recommend the installation of Analytics when other tools are readily available. However I do use the personalized search feature and Google’s personal home page for feeds. So I myself am feeding some of this behemoths hunger for user information myself.

    As long as Google is king on the Internet, as it is, they will be fighting these fights on privacy. Based on the patents and new technology advances, more and more personal information will be gathered. But it will be a benefit to the user and then in turn used by Google under the guise of providing “value to the user experience” to serve ads and make more money.

    Just my two cents for today.

  159. Dave (original)

    Can anyone list what Google do with information they collect that is so bad? Seems to me to be nothing but sensationlism for the sake of getting publicity at Google’s expense.

    Jeff, very interesting post!

  160. Nothing new here, other than to reiterate a point I made on WebmasterWorld; PI gets its “money” by making sensational pieces. It may not be money directly, but it turns into a pretty close equivalent. They are like GreenPeace in their tactics (or even that animal protection group whose members threw fake blood on peoples’ fur coats). The piece was designed to be sensation simply because it took the top dog down. Their cause is good; their tactics are harsh. That’s all.

    Having said that, as Brett Tabke rightly pointed out, the issue they raise is real and valid. It has little to do with Google, in particular, and that they made it about Google is simple a (smart/proven/effective) tactic — nothing more. That Google has to be the whipping boy for their heavy handed approach is simply a result of being the top dog (today). Get used to it, because (ask anyone at Microsoft, as just one example) being big is equated with being bad. Being big is only bad some of the time.

    So Google, welcome to Phase III. Matt, just FYI, phase III and beyond sucks (ask Scoble, for example). But you, and your company, are the guy (and people) to set a model for how progressive companies deal with the BS of being super-public. And it is nothing more than doing what Google has always done: be good, stick to your guns when what you’re doing is right, pick your battles (or is that Battelles?) and, in short, raise a child the right way.

    Tom

  161. This is not all that complicated although tin foil has been known to interfere with normal thought processes.

    Google’s number one asset, its data.

    Google is not going to jeopardize its position by releasing data, it is not in their best interest to do so because their data is the foundation on which they are built.

    Banks, Credit card companies, Insurance companies, phone companies, ISPs, software companies that want to know everything down to the number of children you have just to allow you to download some freeware application, the data they collect is not an asset in the context of the work they do. The data they collect is just useless junk, unless someone is willing to buy it.

    As for the security of their data, I at worst, could foul up Google’s data regarding myself, i.e. I could possible make a mess of what I give Google about myself. The only “access” I have to any of Google’s data is how Google’s data is used to influence/decide what I am presented with. The number of layers between the actual data and anyones’ actual access to it is likely through so many layers that one could at best reverse engineer results of some sort and then make totally blind guesses.

    How many of the other services have actual lists of clients/customers/users online?

    So who should we be afraid of again?

  162. Thank you Matt. Very interested for us…and for all RU net :)

  163. William

    Matt, first time reader and writer while I am checking upon this issue, and unfortunately I have to say you are off base on this post.

    As far as I understand it, this study’s purpose is to investigate on policies and attitudes of companies about their privacy guidelines. When I read the first portion of your pro-google points, I am disappointed to see you using examples such as the AOL leak and DOJ request since they are actions, not policies. I was hoping and would really like to see you pointing out actual, stated policies from Google that counter PI’s investigation. A example I can think up of this defense would be someone accusing a police department’s general hostile attitute and policy against protesters and the police spokesperson said, “But well, during this incident, we didn’t beat up anyone but that police department next town beat up a whole bunch of them.”

    Now, the second portion on misc bits, is event more trivial then the first point. Your second point basically picked on a sementic issue in the report and offered a counter example. That’s like saying someone made a comment that “June is ‘always’ hot since it’s summer” but you snapped at them saying “but this year we are having unseaonally cold weather!”. We all know that the word “every” can be easily countered as nothing is ever “every”. This whole thing aside, the second point has nothing to do with privacy and has no valid points in this issue.

    Finally, I have to say I am quite disappointed at this blog entry as it has no valid arguement against PI’ report. Rather then finding solid examples of policies to counter PI’s claim, I found you are diverting attention to other offenders. (I like giving examples. :) It’s like when a prosecutor claiming you killed someone and you are saying other people killed more people.

    We are not on a “Who’s worse then us” pissing contest but a “Google has a and b and c policy in place which PI overlooked.” proof of innocence situation.

    Between beliving Google and PI, it’s getting hard to instinctively trust Google since one’s a multi-billion dollar company for profit and one is an independent organization that’s NOT for profit. As anyone who has watched “The Corporation” can tell you, it’s hard for a company to do no evil.

    Thank you for letting me post this, if this comment does get posted.
    ———————–

    P.S. The whole Google smear campaign is just unsightly. I believe this will be more of a impact on Google’s image than PI’s report. Afterall, Google promised to do no evil and you shouldn’t promise something you can’t deliver.

  164. I may be off the mark here, but this is what I think the underlying issue is. Different people have a different opinion about what “privacy” actually IS. To me, and I don’t claim to be the dictionary of the world compass, privacy is about ACTUAL PRACTICE in terms of protecting user-data. To others, it seems that privacy is about THE POTENTIAL of misusing user-data.

    Breaking this down. To some people, the more data you COLLECT and HAVE, the more of a “privacy problem” you are. I disagree with this notion, but I think that is where the media has been headed. Google may very well have more information than anyone else, and that’s likely what led to the bad report by Privacy International. NOT because Google isn’t being RESPONSIBLE with the data, but because Google has MORE data… and the POTENTIAL problem increases as a result.

    I strongly disagree with this notion, and believe privacy has to do with how trustworthy a person or corporation is WITH that data, no matter HOW MUCH data they have. Based on that concept, I would imagine most would rate Google as #1. Certainly not LAST.

    On a side note, another problem has to do with misconceptions about where the data is actually coming from. When Google Maps first came out, everyone imagined satellites orbiting the earth with “Powered By Google” painted on them. Then, when Street View came out, everyone imagined hundreds of Google Vans driving ALL OVER taking pictures. While I understand that there WAS a Google Van (or more?) taking SOME of the pictures, the majority came from a third-party company. The standard satellite imagery also comes from a third-party company. If people have a problem with the DATA they should rate the companies taking the pictures, NOT the company simply making the pictures easier to find.

    (Keep in mind that I really don’t have a problem with these third-party companies since satellite imagery is mostly out-of-date, and the Street View imagery provides nothing more than what would be seen by someone driving down the street or walking along the sidewalk. Really, if this is something that concerns people, they should change the laws, not battling with the companies that are working well within the laws.)

    So, to wrap up my ramblings. As most others have pointed out, as well as you have Matt, Google should be considered one of the top privacy advocates, if not NUMERO UNO. The fact that this Privacy International report puts Google at the {faint} BOTTOM of the list just wreaks of credibility issues on Privacy International’s part. I have noticed that when a company or organization wants to get noticed, all they need to do is talk about how they are inventing a “Google Killer” or they come out with a report which declares Google as officially “evil.”

    But for those who are angered at activity like this, keep this in mind. Those who are famous… those with the best intentions… those who act most appropriately… and those who do the most “good”… in the end, these are the ones most often attacked, and done so in the most vile of ways. Ultimately, the true “evil” in the world is to “attack” rather than to “build”. Google is “building” while others are “attacking”… that should be the true “evil” versus “good” test. Privacy International failed to do anything good or useful, so they resorted to attacking to gain the attention they wanted. Google was the most obvious target. Google should wear this target with pride. It’s not fun to be attacked, no. But, knowing that you are the prime moral target for the world should be a bit of an ego-boost, I think.

  165. I read into Google’s refusal to release search queries to the US DOJ as a possible sidestepping of what may expose it as a criminal organization preying on people using its search engine. I think Google has committed serious crimes and would never want authorities anywhere to see possible evidence.

    The summer of code IS the equivalent of Google stealing private data, because my feeling is they just want to know who the next generation good programmers are going to be. If my hunch about Google is correct, it’s so important to them to know who’s got game they’ll actually pay millions of US bucks (an evil currency) to see if they should track somebody, hire them, or sabotage whatever business they start.

  166. Dave (original)

    There is nothing to fear, but fear itself.
    Those with nothing to hide, hide nothing.
    We create what we fear.
    ….

  167. Joe

    It is kind of funny. For a long time Google was the reinvented of the web. The new kid on the block, and I have no complaints. But now they are part of the establishment, not a bad thing, but there are people who will go after them just for that very reason.

  168. William

    to Bob Oliver Bigellow XLII
    “actual leaks” are important (no one would argue about that), but the amount to leak (potential) is also important and should not be overlooked. A country with a regular missle and a country with a nuclear missile is not the same. I believe what PI is very concerned about is that although Google is protecting users’ privacy very carefully in certain cases, their general attitude/policy is not reflecting this. Think back to earlier this year about a major US retailer which leaked millions and millions of customer credit card transactions. You think the impact is the same as your local corner store who leaked their transaction records?

    Of course the more data you have doesn’t mean you have a bigger “privacy problem” but the potential to do damage is much greater and needs tighter control.

    I think most people disregards policies as trivial because they don’t directly affect them. I have to admit that I do that most of the time. But without a tight policy, errors are prone to happen, and when that happens, the more data you have, the more damage you can make.

    Let say for an example, if one Google employee found a potential loophole. If the company’s general attitude is that it’s not important, this could go unfixed for many months, if not years (think Microsoft and their bugs). If a stern policy and serious attitude is in place, this will be treated as top priority and resolved as soon as possible.

    Right now MS is getting the point, and is careful to project the right image and work on their bugs(and/or privacy concerns) but Google are taking a less caring attitude and tell people that it’s none or their business or use a smear campaign to discredit people who raises concerns. In effect, Google are replacing MS’s image as the one who is “the only game in town” and “you’ll take what we feed you, no questions asked”.

    If someone is holding a vase that’s important to you and jumping around with it, when you ask them to be careful and he told you that its “none of your business” and that “I’ll do it MY WAY, and you should shut up.” or that “You probably have problem with your eyes,” or that “Are you against me because I am a minority!”. You wouldn’t be concerned?

    I would.

    In the end, the “do good people always gets attacked” is not even close to an appropriate genralization. Hitler was doing “good” for the German people (or so he thought). He was getting “attacked” by pretty much rest of the world. He is trying to “build” something, the third empire, but is he not evil? I think we all know the answers.

    Again, I must repeat what i said in an earlier comment. The best way of defending an accusation from PI is to list actual, factual policies and attitudes to the general public on what Google has in place to protect user’s privacy. So far, all I see are emotions, smear campaignes and attention diverting tactics of “who’s worse”.

    The best defense of an accusation of “You killed someone!” is to list out actual, factual evidences supporting that you are not there. You only use other tatics such as, “You are accusing me becasue I am black (large multibillion corpration)!”, or that “Your witness is a lying white guy! (ms employee)” when you really have nothing to proof your own innocence.

    If Google list those out, then yes, PI didn’t really do their homework and they screwed up in their report, case closed and we wouldn’t have all these discussions here. However, so far it’s completely silent in this front. Do they really have nothing to show?

  169. to William,

    I can understand where you’re coming from, but I don’t quite understand how, on one hand, you can be FOR factual, logical evidence. And yet, on the other hand, you think that there is more responsibility for Google to present such behavior than there is responsibility for Privacy International to do the same.

    Anyone can complain and say “your website is slow” and in some way, shape, or form, they could be considered correct. If they want it to load in 0.00001 seconds, and the website only loads in 0.00002 seconds, clearly the site is “slow”. But it’s all a matter of expectations, not facts. Unless someone states what they EXPECT, they can always claim someone else doesn’t meet their expectations and then wait for that person to go through the trouble of asking all the right questions.

    Google clearly states what their policy is. They also have a very strict internal structure to prevent employees who don’t need access to certain information from having such access. Whether or not they follow their policy is a matter of trust, and this goes for ALL corporations (or individuals). Just because someone SAYS they promise not to do something, does not GUARANTEE it. So, either you distrust ALL corporations… or, you trust them until they break your trust.

    So, unless Privacy International actually provides a list of incidences where Google has broken a promise (regarding privacy), and compare this to incidences where other companies (AOL, Microsoft, Yahoo, Ask) have broken promises (regarding privacy), then they aren’t being very factual. They’re just basically saying “I don’t trust Google” and then are waiting for Google to try to “prove” their trust. Trust cannot be proven, but to avoid breaking trust. Distrust can be proven very easily, however.

    So, the burden should be on Privacy International to find incidences of broken trust, not put a burden on Google to try to “prove” they can be trusted. The only thing Google could do is show incidences where they COULD HAVE broken trust, but didn’t. The best example is the DOJ incident. Everyone talks about how Google might have had some other “evil” reason for fighting the government. Why isn’t anyone asking, then, why Yahoo and Microsoft didn’t put up a fight at all?

    All of this would be no different than Privacy International coming out with a report that says “Google Sucks!” Then, waiting for Google to “prove” that they don’t suck. Maybe Privacy International just wants Google to buy everyone pizza or something.

    By the way, if you think the fact that Google has a website in China as being some sort “privacy” problem, I would ask why it isn’t equally a problem that Microsoft and Yahoo do, too. In fact, Google operated separately from the Chinese Government, whereas Yahoo and Microsoft worked WITH the Chinese Government.

    I’m not saying Google is a saint when it comes to privacy. I just don’t quite see why Microsoft or Yahoo ranked better. If someone can give facts (and not just rhetoric) regarding why Microsoft and Yahoo are better privacy advocates than Google, I’d love to hear them.

  170. Dave (original)

    Agree! The “report” is very hollow in many respects and doesn’t prove or show any evidence of Google doing anything wrong with any personal data they collect.

  171. lots0

    Matt,

    Kudos

    For making your blog the Un-Official … Yet still Official blog for Google.

    Not many people can have it both ways.

  172. Nick

    I agree ISPs should have also been included, specifically AT&T who allowed the NSA to tap into their pipes and conduct widescale surveillance without warrant.

    http://www.pbs.org/wgbh/pages/frontline/homefront/view/

  173. Dave (original)

    Oh LotsO, will you never learn? (rhetorical).

    From Matt’s Disclaimer;

    This is my personal blog. The views expressed on these pages are mine alone and not those of my employer.

    Seems like it’s only your mind that imagines it both ways.

  174. Dave (original)

    Finally matt has created a place webmasters can go head to head with black hat seo’s and fight back

    Has he? Where is this “place” and where does Matt state this?

    Come on letts not pretend that most seo forums have not been infiltrated or orchestrate black hat seo because you brag so loudly about it.

    There is no pretense IMO that many “SEO” forums condone and advice black hat practice. You can spot some instantly by the text-link-ads affiliation. Others you need to read the so-called “advice” they offer.

    No idea what you mean in the rest of your posts though. You always post like we are in your mind.

  175. Just thought this link http://www.newscientist.com/blog/technology/2007/06/we-know-who-you-are.html to an article about MS’s new plans might add some weight to your argument Matt …not that you need it!

  176. lots0

    Matt, just a suggestion…
    Take a look over Dave (origonal)’s posts and count how times he has flamed and attacked people here.

    Is that what your blog is all about now Matt, allowing a troll to continually flame posters?

  177. What’s the chances lots0 and keniki are the same person, or one is Greg and the other is John.

    Keniki, I COMMAND you to stop posting on this forum.

  178. lots0

    thanks esrun you just made my point for me.

    BTW – I think Matt knows who I am… But you obviously don’t. ;-)

  179. Dave (original)

    What’s the chances lots0 and keniki are the same person..

    Close. They are the same type of person and neither one makes sense when posting :)

    Lots0, trolls tend to *only* post flames frequently, or infrequently. In other words it’s the % of useful posts to flames that counts. But I think you already know that 100% ;)

  180. lots0

    I don’t post here often because Matt and Adam have allowed this blog to become a flame fest that has become infested with a few morons that just can’t seem to stfu.

    I think this thread is a prime example.

    Esrun thanks for posting that link, I forgot about that interview with Aaron Wall. It was fun to go back and see what I was thinking a few years ago.

    And Keniki is right, I don’t play childish forum games. I have one and only one “handle” and I have used it at several Forums and Blogs.

    Dave (origonal troll) why don’t you just stfu once in while?
    My first comment was not directed at you and it obviously went way over your head…

    Dave (origonal troll) I liked you better when you just stuck to hand making and then selling those stupid looking bird houses from your only website. :-)

  181. Dave (original)

    Lots0, It quite clear that yourself and keniki are the only ones stooping to the level of hurling personal abuse.

    You do know that such behavour is a clear sign of insecurity and sais more about you than anyone else?

  182. lots0

    lots0 Said,

    June 17, 2007 @ 8:52 am

    Matt, just a suggestion…
    Take a look over Dave (origonal)’s posts and count how times he has flamed and attacked people here.

    Is that what your blog is all about now Matt, allowing a troll to continually flame posters?

    Come on Matt step up and take some action.

  183. Dave (original)

    Now you’re spamming Matt’s blog by duplicating your own “posts”. Last time Matt took action I believe he deleted your abuse.

  184. lots0

    Dave (origonal troll) – Now you’ve started telling lies as well as flaming… I’ve never been edited here.

    I think anyone with an open mind that looks over your posts is going to agree with me, you spend most of your time flaming people here…

  185. Dave (original)

    Lots0, you’ll have to excuse me again not lowering myself to your level of name calling.

    In regards to “flames”, depends how one defines “flames” and the percentage of posts to “flames”. However, even by the lowest standard you are up around 99%.

    You only ever post here to abuse and run people down, just like ALL your posts in this Thread. I have offered candid advice to many users of Matt’s blog. My candid advice to you is to deal with your insecurity issues, they must be eating you up 24/7.

    Keniki, we agree on something at least :)

  186. Matt, what you spewed was marketing talk. Anybody that believes that your information, whether it is search queries history or docs and the myriad of other betas are safer with GOOG than on my own hard drive is an idiot.
    No thanks!
    When I find it absolutely necessary to use Google to search I’ll do it on Dogpile or God forbid scroogle.org. I now block your ads after clicking on a link to what was supposed to be an ink cartridge wholesaler and instead vgot crackling loud funk music and was treated to a male homo oral sexual encounter. Thank goodness for Firefox and Adblock Plus!
    Sell your stock and quit, and you will become the same man I used to respect when you came out of your hole and started blogging.
    Ah, maybe that’s too harsh, at least quit telling me how to get links to my sites.
    SEODUDEE

  187. Dave, get a spell checker, PLEASE- You do know that such behavour is a clear sign of insecurity and sais more about you than anyone else?

  188. Dave (original)

    Kenki, I have never forged anything in my life, let alone one of your posts. Perhaps you should start getting your facts straight before posting on Matt’s blog.

    You must live in one really badly polluted industrial area if you think Lots0′s toxic posts are “a breath of fresh air”.

  189. lots0

    Dave (original troll) Said,
    June 18, 2007 @ 7:23 pm
    “I have offered candid advice to many users of Matt’s blog.”

    Dave, the problem is that no one here wants or needs your advice.

    Why would anyone here at Matt’s Blog want internet business or internet technical advice from someone who’s only experience is having run a five or six page website that sells bird houses you make in your garage?

    Most grown up people wait till they are asked, before they provide their “advice”.

    Dave I have not seen one single person here (or anywhere) directly ask you for “advice”… So why do feel you HAVE to give out what no one wants or has asked for?

  190. Keniki, you’re killing yourself here. I just wanna say stop now before you loose what little you have. You’re starting to push peoples buttons… you can only push people so far.

  191. Dave (original)

    Dave, the problem is that no one here wants or needs your advice.

    So you are now speaking for all people that read Matt’s blog? Boy, your issues are lot deeper than I thought.

    As you have now lied twice about what I do and the site I run, I’m going to show you up as the lying fool you are;

    Post this site you state I run. I’m waiting….

  192. CD

    Things like this make me lose faith in the competence of the media. You would think that the major news organizations would have verified the claims before making it headline news. I guess that’s how they sell news…

  193. If you connect to another computer you have to accept that the people at the other end (plus anyone in between) may or may not log that information and susequently use it for whatever reason they see fit. If you don’t trust the company you are connecting to to use the information sensibly, then don’t deal with them in the place.

    If google want to track what I search for on the net then sell it to someone, read my emails then sell those too, so be it. I can’t realistically do my job without gmail and search, its a fair trade. Adwords effectively does this already, and sometimes they are even useful.

  194. matthew

    5+10?

    Gillbertz, I is later than you.
    Too much posting to read at once.
    I award the points to Daniel Brandt, Monika, Joseph Fiore, Shelly, and Steve Lewis. And whoever else.

    >>Google can’t just delete the data it has collected on users.
    Why ca’n't the data belong to the accounts the data comes from? and be deletable by the same?.

    >>“What if Google didn’t win the case?” – this brings up some very orwellian questions.
    Very. It isn’t implausible to erect a deniable position regarding data by software. That hopefully puts data acquisition into hard numbers and end users.

  195. David

    Hey. I am a big Google fan, and so I was pretty shocked by the report. I read it, and your article, and I have to agree that their arguments are hollow and specious. Google seems to get slammed for having a consistent policy on privacy that PI does not see as good enough, whereas everyone else gets off the hook for not having a privacy policy at all! I’m just glad that this report seems to not have hurt Google’s public image too much. Keep up the good work. You guys make some great software!

    This is the first news I’ve heard about PI. Are they well known? I wonder how much attention they’ve earned by slamming Google, and if this earns them a position (in some people’s eyes) as the only iconoclasts brave enough to cast doubt on a Sacred Cow.

  196. Very interesting reading.

    I recently wrote an article for my blog about the Big Three… Google, Microsoft, and eBay… called “100% Microsoft-free by 2008″ ( http://brucewagner.wordpress.com/2007/07/08/100-microsoft-free-by-2008/ )

    I’ve just added some excerpts from some of your comments here… Thanks, people.

    Privacy is the issue.

    Google is not a search engine anymore.
    eBay is not an auction site anymore.
    Microsoft is not a software publisher anymore.

    A CHALLENGE FOR YOU:

    Just TRY living without using any of the tools of these three Big Brother-like companies.

  197. I think everyone including other search engines are just jealous of Google’s success.

  198. chuckles the clown

    Hey there, I just linked to this blog after searching for articles or websites about privacy and information collection in general. I am not a computer expert.

    Have you ever visited Google-Watch.org? Do you think their accusations are accurate?

    I think my own opinion is that technology allows anyone to collect as much information as they want and use it as they want. Google can say they are “anonymizing” logs but are they really?

    Also: there are plenty of companies that collect information such as Choicepoint, Acxiom, etc. These companies are probably worse offenders than Google, but their main biz is not the internet. As far as I know.

  199. Paul

    good read and good points my friend :) wonderful! the only problem i have with google is finding a email link to report issues. could you maybe email me a link to report security issues? i’ve been looking all over for an hour… thanks

  200. Anonymous

    I’ve been using Google since 1999. Tried everything I could find at the Google Labs. Was among the first ones to get a Gmail invite, also got a few people to switch. But as I’m writing this I’m downloading my mail from Gmail. I’ll get another address at another service, I don’t trust you anymore.

    I think it would be safe to say I once was a Google fanboy, thought you were better than others. Perhaps this was naive. But I realized when you caved in to the Chinese censors that you don’t resent ill begotten cash. I never cared what others did, because I didn’t use other search engines. You said you do no evil, I did not expect this. But I got it the first time.

    It took me some looking around, but I’ve found another e-mail service. Tried it out for a few months. It’s a paid service with bells and whistles, but what really matters is that the company is reputable.

    Other Google tools such as Docs & Spreadsheets I never really needed. Tools for webmasters I’ll need to keep using. Web searching; well I’m using Tor, but I’d want a service I didn’t see the need to access this way.

  201. Is it just me or does all this privacy talk and Google make me a bit paranoid?
    I recently came over this article, and I must say, that it does sound a bit scary.
    http://www.norrishell.com/google-is-illuminati/

  202. Frank

    I was just wondering–is there a way that an outside entity can verify the anonymization of logs you refer to above? This would mean a lot to me.

  203. Can Erdonmez

    I cannot imagine that Google can continue to make enough money from advertising to a user like me through services like GMail to actually cover the cost of providing that service for free.

    If I’m right, Google will have to start selling user data (if they are not already) in one form or another; with time and shareholder pressure, there is a real risk that there will be a slippery slope leading to abuse.

    I’d actually be happy to pay as an individual user for GMail/Calendar/Reader etc. in return for iron-clad guarantees about privacy and only reasonable guarantees about data integrity.

    Can (~John)

  204. I have to be honest: My reply would have been different if you hadn’t posted the information regarding how AOL, msn and the others “leak and treat” user queries.

    I know google’s motto is “don’t do evil”, but looking at the raw information (“user-tracking via cookies”, “anonymization only after 18-24 months”, etc.) who’s first impression wouldn’t be that he or she is under surveilance? After all, google is THE leading search engine and I don’t know any “normal” person in Germany that is not using google for their queries (most people don’t even know there are other search engines out there).

    If you have such a massive impact on the market, you’ll probably have to deal with these kinds of thoughts – though it does seem unfair that AOL, msn and the others get better grades while leaking data…

    I just wish google was more specific of what exactly was stored on their servers and in which way this data was used, interpreted (and possibly sold).

    Anyway, apart from all the criticism, I’d probably lack a lot of knowledge without google… :)

  205. There’s no doubt Google is collecting an unbelievable amount of information, but there are always two sides of a picture. One side this may feel uncomfortable or threatening to some people as their online life is is under constant surveillance but on the other side, this also enables the free goodies we get off the internet.. and of course, the personalized and fine tuned results as per our taste and requirement.
    I think Google is better that the other SE’s as Matt just pointed out that Google didn’t leak any user data to DOJ, and took the time to file a declaration.

  206. Google do have a very high proportion of the market share therefore I think that its just that other search engines are really jealous.

Leave a Comment

Your email address will not be published. Required fields are marked *

*

If you have a question about your site specifically or a general question about search, your best bet is to post in our Webmaster Help Forum linked from http://google.com/webmasters

If you comment, please use your personal name, not your business name. Business names can sound salesy or spammy, and I would like to try people leaving their actual name instead.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

css.php