Entries Tagged "search engines"

Page 2 of 4

My Reaction to Eric Schmidt

Schmidt said:

I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. If you really need that kind of privacy, the reality is that search engines—including Google—do retain this information for some time and it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.

This, from 2006, is my response:

Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.

We do nothing wrong when we make love or go to the bathroom. We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need.

[…]

For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that—either now or in the uncertain future—patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.

[…]

This is the loss of freedom we face when our privacy is taken from us. This is life in former East Germany, or life in Saddam Hussein’s Iraq. And it’s our future as we allow an ever-intrusive eye into our personal, private lives.

Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control. Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that’s why we should champion privacy even when we have nothing to hide.

EDITED TO ADD: See also Daniel Solove’s “‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy.”

Posted on December 9, 2009 at 12:22 PMView Comments

The Commercial Speech Arms Race

A few years ago, a company began to sell a liquid with identification codes suspended in it. The idea was that you would paint it on your stuff as proof of ownership. I commented that I would paint it on someone else’s stuff, then call the police.

I was reminded of this recently when a group of Israeli scientists demonstrated that it’s possible to fabricate DNA evidence. So now, instead of leaving your own DNA at a crime scene, you can leave fabricated DNA. And it isn’t even necessary to fabricate. In Charlie Stross’s novel Halting State, the bad guys foul a crime scene by blowing around the contents of a vacuum cleaner bag, containing the DNA of dozens, if not hundreds, of people.

This kind of thing has been going on for ever. It’s an arms race, and when technology changes, the balance between attacker and defender changes. But when automated systems do the detecting, the results are different. Face recognition software can be fooled by cosmetic surgery, or sometimes even just a photograph. And when fooling them becomes harder, the bad guys fool them on a different level. Computer-based detection gives the defender economies of scale, but the attacker can use those same economies of scale to defeat the detection system.

Google, for example, has anti-fraud systems that detect ­ and shut down ­ advertisers who try to inflate their revenue by repeatedly clicking on their own AdSense ads. So people built bots to repeatedly click on the AdSense ads of their competitors, trying to convince Google to kick them out of the system.

Similarly, when Google started penalizing a site’s search engine rankings for having “bad neighbors”—backlinks from link farms, adult or gambling sites, or blog spam—people engaged in sabotage: they built link farms and left blog comment spam linking to their competitors’ sites.

The same sort of thing is happening on Yahoo Answers. Initially, companies would leave answers pushing their products, but Yahoo started policing this. So people have written bots to report abuse on all their competitors. There are Facebook bots doing the same sort of thing.

Last month, Google introduced Sidewiki, a browser feature that lets you read and post comments on virtually any webpage. People and industries are already worried about the effects unrestrained commentary might have on their businesses, and how they might control the comments. I’m sure Google has sophisticated systems ready to detect commercial interests that try to take advantage of the system, but are they ready to deal with commercial interests that try to frame their competitors? And do we want to give one company the power to decide which comments should rise to the top and which get deleted?

Whenever you build a security system that relies on detection and identification, you invite the bad guys to subvert the system so it detects and identifies someone else. Sometimes this is hard ­—leaving someone else’s fingerprints on a crime scene is hard, as is using a mask of someone else’s face to fool a guard watching a security camera ­—and sometimes it’s easy. But when automated systems are involved, it’s often very easy. It’s not just hardened criminals that try to frame each other, it’s mainstream commercial interests.

With systems that police internet comments and links, there’s money involved in commercial messages ­—so you can be sure some will take advantage of it. This is the arms race. Build a detection system, and the bad guys try to frame someone else. Build a detection system to detect framing, and the bad guys try to frame someone else framing someone else. Build a detection system to detect framing of framing, and well, there’s no end, really. Commercial speech is on the internet to stay; we can only hope that they don’t pollute the social systems we use so badly that they’re no longer useful.

This essay originally appeared in The Guardian.

Posted on October 16, 2009 at 8:56 AMView Comments

Privacy Problems with AskEraser

Last week, Ask.com announced a feature called AskEraser (good description here), which erases a user’s search history. While it’s great to see companies using privacy features for competitive advantage, EPIC examined the feature and wrote to the company with some problems:

The first one is the fact that AskEraser uses an opt-out cookie. Cookies are bits of software left on a consumer’s computer that are used to authenticate the user and maintain information such as the user’s site preferences.

Usually, people concerned with privacy delete cookies, so creating an opt-out cookie is “counter-intuitive,” the letter states. Once the AskEraser opt-out cookie is deleted, the privacy setting is lost and the consumer’s search activity will be tracked. Why not have an opt-in cookie instead, the letter suggests.

The second problem is that Ask inserts the exact time that the user enables AskEraser and stores it in the cookie, which could make identifying the computer easier and make it easy for third-party tracking if the cookie were transferred to such parties. The letter recommends using a session cookie that expires once the search result is returned.

Ask’s Frequently Asked Questions for the feature notes that there may be circumstances when Ask is required to comply with a court order and if asked to, it will retain the consumer’s search data even if AskEraser appears to be turned on. Ask should notify consumers when the feature has been disabled so that people are not misled into thinking their searches aren’t being tracked when they actually are, the letter said.

Here’s a copy of the letter, signed by eight privacy organizations. Still no word from Ask.com.

While I have your attention, I want to talk about EPIC. This is exactly the sort of thing the Electronic Privacy Information Center does best. Whether it’s search engine privacy, electronic voting, ID cards, or databases and data mining, EPIC is always at the forefront of these sorts of privacy issues. It’s the end of the year, and lots of people are looking for causes worthy of donation. Here’s EPIC’s donation page; they—well, “we” really, as I’m on the board—can use the support.

Posted on December 21, 2007 at 11:18 AMView Comments

Using Google to Crack Hashed Passwords

Clever:

…I thought it would be interesting to find out the account password. WordPress stores raw MD5 hashes in the user database…. As with any respectable hash function, it is believed to be computationally infeasible to discover the input of MD5 from an output. Instead, someone would have to try out all possible inputs until the correct output is discovered.

[…]

Instead, I asked Google. I found, for example, a genealogy page listing people with the surname “Anthony”, and an advert for a house, signing off “Please Call for showing. Thank you, Anthony”. And indeed, the MD5 hash of “Anthony” was the database entry for the attacker. I had discovered his password.

Posted on November 23, 2007 at 6:07 AMView Comments

Google Ad Hack

Clever:

…the bad guys behind the attack appeared to capitalize on an odd feature of Google’s sponsored links. Normally, when a viewer hovers over a hyperlink, the name of the site that the computer user is about to access appears in the bottom left corner of the browser window. But hovering over Google’s sponsored links shows nothing in that area. That blank space potentially gives bad guys another way to hide where visitors will be taken first.

Posted on May 1, 2007 at 7:25 AMView Comments

Privacy and Google

Mother Jones article on Google and privacy:

Google Larry Page and Sergey Brin, the two former Stanford geeks who founded the company that has become synonymous with Internet searching, and you’ll find more than a million entries each. But amid the inevitable dump of press clippings, corporate bios, and conference appearances, there’s very little about Page’s and Brin’s personal lives; it’s as if the pair had known all along that Google would change the way we acquire information, and had carefully insulated their lives—putting their homes under other people’s names, choosing unlisted numbers, abstaining from posting anything personal on web pages.

That obsession with privacy may explain Google’s puzzling reaction last year, when Elinor Mills, a reporter with the tech news service cnet, ran a search on Google ceo Eric Schmidt and published the results: Schmidt lived with his wife in Atherton, California, was worth about $1.5 billion, had dumped about $140 million in Google shares that year, was an amateur pilot, and had been to the Burning Man festival. Google threw a fit, claimed that the information was a security threat, and announced it was blacklisting cnet’s reporters for a year. (The company eventually backed down.) It was a peculiar response, especially given that the information Mills published was far less intimate than the details easily found online on every one of us. But then, this is something of a pattern with Google: When it comes to information, it knows what’s best.

Posted on October 30, 2006 at 12:56 PMView Comments

1 2 3 4

Sidebar photo of Bruce Schneier by Joe MacInnis.