Privacy, Google, Scroogle, and You
In an article on the CNet Blogs, Chris Soghoian writes on Privacy: What should Google do?
Brilliant article. A must read.
I have one question, one comment, and one look into the future.
Question: We might be able to trust Scroogle not to steal our search queries and tie them to an individual (i.e. an invasion of privacy), but how do we prevent Google/Scroogle (or any organization for that matter) from using stolen search queries as a sociological reference (for everything from marketing Adwords to possible propoganda)? How do we trust anyone with the ability to display, collect, and harvest this kind of data?
Comment: Scroogle is all well and good. They support up to 130k searches per day, 10 percent SSL — great! However, Google is on a different scale. TS/SCI Security spoke with some Google employees about privacy and security issues at Shmoocon. It appears that there would be interest on Google’s part to create a less well-known “Secure Google/GMail”. If it becomes too widely known, and they cannot monetize from it — it doesn’t make sense for them to keep running it.
Future look: the time period between 1960 and 2060 will not be known as the information age. It will be known as the “lack of privacy” age. Our children’s children will know how to protect their privacy. Today, I can easily deduce a person’s first name, last initial, and city they live in both online and off. Using Google, Pipl.com, Paterva, et al — it is easy for me or anyone to perform a Sweeney attack. It is no longer necessary to have very detailed information (such as zip code, DOB, SSN) , or even know the correct spelling of a person’s name.
I’m fairly certain that my medical information, email, and search queries are in the top three pieces of information that I would like to keep private (besides my full name, SSN, and DOB). A credit card can be replaced. I can get a new passport or driver’s license. Fortunately, I was never in the military — which has been a notorious problem for veterans, whose privacy is almost an open door.
Replacing your SSN, DOB, or full name is nearly impossible if you have been a victim of identity theft. It quickly becomes additionally impossible to pass a credit check or sell your home. However, there are workarounds to these such as changing your name. We are beginning to understand the problem.
I don’t feel that we fully understand the value of our search queries — as individuals, companies, and civilizations. Search queries are your thoughts; they are our thoughts. Will this empower us, or will it destroy us? Will it enable an organization similar to the Thought Police in 1984? I think that if we’re not careful, then it most certainly will.
Hi Dre,
Thanks for sharing a nice article. I agree it must-read one. I really liked the author idea where he mentioned :
“Google should change its policies with regard to SSL and e-mail. At the very least, it should mention the secure Web mail option and provide a link on the main Gmail log-in page.”
Its a great idea.
I agree search queries are very important but not many people and companies understand the impact of it as such now. Maybe in future they will get better understanding and then google might think of encryption.
Cheers
Shoaib
Hi Dre,
nice thoughts. Personally I think that the problem will become very complex soon for different reasons:
We as a society do not know really what we want. I might be able to give up some privacy to get a better service. I like it if Amazon sends me a mail with new books which match my profile etc. Additionally, I think I would like it if a search engine (knowing my usual areas of interest) could taylor the results to my needs. Would be great. How much am I willing to give up for this? I might not want to give too much (in my opinion they just have to know that I am the same person as the last time without knowing my PII). Sombody else might be willing to give more - so choice is important here (and eduction/training to understand the consequence).
I think technology like U-Prove (which we, Microsoft, aquired recently) might change the game here as you can work with Identity Attriubtes only instead of the whole Identity. So targeted marketing might be possible wihtout having to know you.
I would definitely be willing to give up that part of my privacy :-)
Roger
Roger,
I used to think that way too but recently I have changed my way of thinking in this matter because if I am giving away my thoughts through search queries to other organisations they are actually making money out of it, secondly I don’t trust companies that after taking my thoughts will they give me really what I want? Or what they want to give me?
For example: I am looking for notebook review - they might have got paid from the manufacture and they know ppl are looking for this notebook. They might give review which they want to give me….so I think - thoughts are very important and we should give only if trust the search engine….After being in security its pretty hard to trust anyone thought :p
Cheers
Shoaib
Roger, Shoaib:
No matter how well intentioned this information gathering done by companies is, I simply do not trust companies to forever use it while respecting my privacy on my terms. The fact of the matter is, neither I nor you, can tell these companies to disclose the information they gather on you, let alone delete or modify it for correctness!
Thanks, but no thanks.