Google's New Privacy Rules

It’s a good change, but I’m not sure it is enough. I’d really prefer it if Google deleted the information after a shorter time.

Tags: data destruction, data retention, Google, privacy, search engines, web privacy

Posted on March 21, 2007 at 1:51 PM • 20 Comments

Comments

merkelcellcancer • March 21, 2007 2:13 PM

Just shows that anything we do or say on the Internet never goes away.

Mouse • March 21, 2007 2:39 PM

I think this news is of little relevance to anybody who uses a couple of simple countermeasures to defend their online privacy:
1) Block cookies to Google (or better still only allow them when you really need them)
2) Release the DHCP address allocated by your ISP and switch off your modem when finished for the day.

I have practiced 2) for a while and find that this gives me a new IP address each day. Perhaps this depends upon your the specific methods your ISP uses to be successful. Of course Google searches that include my personal details are still a possible cause for concern.

My ISP’s internet logs, on the other hand, are extremely important to my privacy and are pretty much impossible to stop except by using TOR.

Rich • March 21, 2007 2:41 PM

This case in which a woman googled for “how to commit murder” doesn’t make it clear if the police used google and MSN records, or just her computer.

http://www.dailyrecord.com/apps/pbcs.dll/article?AID=2007703130391

In any case, maybe Scott McNealy was right. http://www.wired.com/news/politics/0,1283,17538,00.html

Robber.Baron • March 21, 2007 3:16 PM

It always surprises how many tech savvy and privacy concerned people don’t use Scroogle Scraper [Scroogle.org] to anonymize their data long before it hits Google’s servers. It can even replace Google in Firefox’s quick search bar.

I mean rather than waiting for Google to conform to our standards of privacy why not use Scroogle instead who’s privacy policy is a lot more privacy oriented.

Roy • March 21, 2007 3:25 PM

I use Scroogle all the time but you can’t do image, news or group searches like you can on Google. Still, it’s a good alternative.

Ask.com is a lot better now too.

Stephan Samuel • March 21, 2007 3:34 PM

@Mouse,

I hate to break this to you, but you’re no more secure than a person who retains their IP address. TOR doesn’t help much either despite their claims.

You’re confusing obscurity with security. Getting a new IP address makes you more difficult to find, but that’s nowhere near impossible. TOR does the same thing: it adds some more hops. You have to assume that everyone logs, because everyone can. Adding more hops or changing your IP address only means that the surface information is incorrect. It only takes someone digging one level deeper — logs of intermediate computers, or your ISP’s time-stamped MAC-to-IP and UserID-to-IP logs — to find your information.

Google’s going to continue to store our information as long as their service is free. How else are they going to pay for the Googleplex?

Nick Johnson • March 21, 2007 4:11 PM

TOR may only add obscurity, but it adds an awful lot of it. TOR doesn’t log, since that’s completely contrary to its reason for existence, so someone would have to specifically modify it to log connections. What are the chances that for a given connection, every single hop was a modified version that stores logs?

Roy • March 21, 2007 5:33 PM

@Mouse

Thanks for the modem-off trick. It works, and I can now see it’s a good practice.

brad • March 21, 2007 5:51 PM

I want them to keep every bit of data they can get their hands on and keep it forever. And of course use that data to make truly personalized search (and other products). I dont see what the privacy people are going so crazy over. Who cares about your search history or other online habits, unless you are somehow embarrassed to be who you are, which is a problem much out of the scope of public policy.

ghampton • March 21, 2007 6:09 PM

It would be interesting to see what would happen if google decided to publish all searches from .gov addresses. We might see an interesting change in attitude.

Mouse • March 21, 2007 6:42 PM

@Stephen Samuel

“Getting a new IP address makes you more difficult to find, but that’s nowhere near impossible.”

Sure, I accept that. I’m not trying to hide the fact that a particular piece of Google search data is mine – I am trying to prevent automated logging of my searches by Google such as happened with AOL – http://www.aolpsycho.com/

As I see it, the task of associating my Google searches made on different IP addresses will be a lot of work because some human analysis would be required unless the Google traffic is cross referenced against ISP logs (more on that later). Automated analysis of my traffic by a single commercial party appears to be very difficult to me if I keep changing IP addresses.

“TOR does the same thing: it adds some more hops.”

Well it certainly adds more hops but more importantly, it claims to use reasonably good cryptology for all but the last hop between me and my target URL. On a whim on several occasions, I have monitored my TOR browsing traffic with Ethereal and could not find any plaintext in any packets. Of course I am taking it on trust that TOR:
1) Does not log
2) Uses strong cryptology without any serious implementation bugs
I wouldn’t bet my life on TOR if was into espionage or serious crime but it’s almost certainly enough to discourage commercial data miners.

“It only takes someone digging one level deeper — logs of intermediate computers, or your ISP’s time-stamped MAC-to-IP and UserID-to-IP logs — to find your information.”

My MAC is surely the unqiue marker that I cannot escape and my MAC is the logical way for my ISP to log my traffic. I noted the importance of my ISP’s logs in my first post.

In summary, I think my suggestions will stop any commercial data trawling/mining (including my ISP if I use TOR) but I cannot win against professionals working for national governments or the police.

MikeA • March 21, 2007 7:43 PM

@mouse:
My MAC is surely the unqiue marker that I cannot escape and my MAC is the logical way for my ISP to log my traffic.

“Escape” depends on the policies of your ISP. Every NIC I have ever come across has its MAC set by the driver, initially from some EEPROM or the like, but not “hard”.

Many of the little NAT-boxes even have a “MAC-clone” option for the ISPs that do require you to “register” a specific MAC (So they can charge per computer).

Anyway, if your ISP does not require a specific MAC, you could also change yours periodically. I have a bucket of old Multibus and ISA NICs that I keep around specifically as “legally mine” MACs 🙂

Mouse • March 21, 2007 9:00 PM

@MikeA

“Escape” depends on the policies of your ISP. Every NIC I have ever come across has its MAC set by the driver, initially from some EEPROM or the like, but not “hard”.

I suppose this all boils down to the ISP/situation specifics. I use NTL cable broadband which requires a cable modem device. The modem has a MAC and there is no obvious way to change that; even worse, NTL staff talked me through the connection process which included me telling them the MAC address printed on the sticker on the modem. In my case, I suspect that my account is keyed to the MAC address of my cable modem. My modem is attached to a router which takes multiples NAT connections. The MAC address of my PC NIC is irrelevant.

When I set up my router, I deliberately made sure that the router MAC address was used – not the PC “MAC-clone” address. I can attach as many devices as my router has ports and it works fine.

According to some of my friends, I can change the router with something else and it will work after up to a 24 hour delay but the modem MAC still hasn’t changed and I suspect that is what my IPS logs are keyed by.

Perhaps a more interesting question is what if I use a telephone line modem from a workplace phone or another phone that I can surreptiously access? Some ISPs will permit effectively anonymous registration for dial-up access. Possibly a pay-as-you-go mobile that is not properly registered to the owner could be used as well.

Lazy • March 22, 2007 5:21 AM

@Mouse,

I would suggest automating your modem switch off, being the lazy guy that I am.

If you have a single PC and your modem is in the same room as your PC I would suggest OneClick ( http://www.oneclickpower.co.uk/ ). With OneClick you plug your PC into socket1 and your accessories into sockets2-5. When you turn off your PC the power is cut to the other sockets, turning off your printer, monitor, speakers, etc. This obviously doesn’t work if you have multiple PCs (since your main PC must be turned on for the modem to be turned on). In which case you might want to opt for a timer plug which turns the modem off at say 4am till 7am.

I should add that I am not affiliated with OneClick. Being the lazy guy that I am I would regularly leave my monitor/speakers/printer and everything else turned on. So in my effort to be green I bought their products. The only problem I have had encountered is that I cannot turn my radio on without turning my PC on…. (Maybe I should plug by radio in a different socket)

BrassMonkey • March 22, 2007 6:59 AM

It is possible to change mac addr
Search sourceforge for “fmac” & “macspoof”

Mouse • March 22, 2007 4:03 PM

@BrassMonkey

“It is possible to change mac addr Search sourceforge for “fmac” & “macspoof””

Sorry, but I think you have missed the point. My PC connects to the NTL modem through a router using Network Address Translation (NAT). The MAC address of however many devices connected to my router using NATed devices is irrelevant – the NTL WAN only see the MAC address of my modem traffic, irrespective of how many NATed sessions are running at any point in time.

Changing the MAC address of my PC with fmac or macspoof achieves nothing to prevent my ISP logging my activities. That is why TOR is so important if I want to do something that cannot be easily logged by my ISP.

BrassMonkey • March 23, 2007 5:53 AM

sorry i misunderstood.
i agree that tor is very important to prevent isp logging.

Jim • April 14, 2007 10:20 AM

Saving all this data might contribute to global warming. The public is told to switch lightbulbs and Google consumes juice like there’s no tomorrow, all to save five (or ten) year old search strings and cache stuff Internet users deleted. Google is like a digital pack rat. You delete it and Google saves it. Why save it all? For the hell of it I guess. It seems to me that Google would be better, faster and stronger without all this decaying data laying around.

Logical Extremes • April 26, 2007 6:13 PM

@ Stephan Samuel: Following rather basic security and privacy procedures ( http://logicalextremes.blogspot.com/2007/04/google-isps-privacy.html ) thwarts most reasonable threats from commercial interests. It’s a trade-off between convenience and privacy. Managing cookies and IP addresses may not be enough to hide from a repressive government, but a few simple steps should keep Google, DoubleClick, and other marketers at whatever distance you deem appropriate. It’s typically obvious what a particular site may know about you. It’s the cross-site tracking that’s more subtle. Your own ISP is another matter entirely, and should be more of a worry to privacy advocates. See Wired’s ongoing investigation ( http://blog.wired.com/27bstroke6/isp_privacy_survey/index.html ).

Anonymous • November 27, 2007 10:34 PM

I read an article on ssl.scroogle.org I use gmail and reading the article made me very concerned for my security. Is there a free online email service that is safe?

Google's New Privacy Rules

Comments

Leave a comment Cancel reply