February

Google: creepy and evil

Google’s motto of “don’t be evil” has been key to the company’s success. When it came on the scene, Google was unique as the only search engine that did not privilege search results from advertisers, a significant factor in Google’s rapid rise. Recently, CEO Eric Schmidt said Google is “trying not to cross what we call the creepy line” when it comes to gathering personal data [1]. Maybe Google’s new motto should be “don’t be creepy”.

However, Eric Schmidt wasted no time in crossing the creepy line in December when he told an interviewer that, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” In effect, the head of the corporation with the most surveillance data in the world has just announced that if you are “innocent” you should have nothing to hide. As many people have noted, Schmidt’s statement is hypocritical and disturbing [2][3]. His logic is nearly identical to the totalitarian assertion that if you want free speech, maybe you shouldn’t be saying anything controversial.

Eric Schmidt’s comments are particularly troublesome in light of Google’s recent changes in policy. In March of 2009, Google reversed its long held policy against behavioral surveillance [4]. Now, Google tracks the behavior of internet users (if you are signed into Google or not) in order to serve people more precisely targeted advertising. In February of 2010, the Washington Post revealed that Google again reversed existing policy by forging an information sharing partnership with the NSA (the super secretive electronic spying arm of the US government) in order to combat “cyberattacks” [5].

In both cases, we are told not to worry because Google will only be sharing data that has been anonymized (i.e. personally identifying information is removed). But there is plenty of cause for alarm. Recent research has shown how social media sites leak large amounts of personal information to their advertising partners [6] and how exceptionally difficult it is to create a dataset that cannot be de-anonymized [7][8][9].

In fact, the US defense department has a new initiative based exactly on this principle [10]. Called ‘Digital DNA’, the goal is to develop a digital fingerprint database much like the databases of DNA stored by many national governments. The goal is precisely to identify particular individuals from data commonly thought to be anonymous–the tiny traces of digital footprints we leave behind whenever we use a computer.

Despite all this, Google continues to assure its users that there is nothing to worry about. After all, if you have a lot of time on your hands, you can use the Google dashboard to adjust a complex array of privacy “self-care” settings. The problem is, the dashboard only applies to data directly tied to a Google account and it ignores all the many ways Google retains indirect and easily de-anonymized data on you. For example, it does not let you remove the location data Google keeps on you every time you send an email to a gmail user.

Google wants our trust. We are asked to put faith in the wizard behind the curtain who controls the largest assemblage of data the world has ever known. Google’s new motto is clear: “don’t be so evil that people start to notice.” We are starting to notice.

[1] “Google trying not to cross ‘the creepy line’” http://news.cnet.com/8301-30684_3-10392435-265.html

[2] “Google CEO Eric Schmidt Dismisses the Importance of Privacy” https://www.eff.org/deeplinks/2009/12/Google-ceo-eric-schmidt-dismisses-privacy

[3] “My Reaction to Eric Schmidt” https://www.schneier.com/blog/archives/2009/12/my_reaction_to.html

[4] “Privacy Groups Rip Google’s Targeted Advertising Plan” http://www.pcworld.com/businesscenter/article/161086/privacy_groups_rip_googles_targeted_advertising_plan.html

[5] “Google to enlist NSA to help it ward off cyberattacks” http://www.washingtonpost.com/wp-dyn/content/article/2010/02/03/AR2010020304057.html

[6] “Social networks make it easy for 3rd parties to identify you” http://arstechnica.com/security/news/2009/09/which-user-clicked-on-viagra-ads-ask-myspace-and-facebook.ars

[7] Mielikäinen, Taneli. 2004 “Privacy Problems with Anonymized Transaction Databases”. http://www.springerlink.com/content/rukljup9muhtrpcu/

[8] Shmatikov, Vitaly and Arvind Narayanan. 2008. “Robust De-anonymization of Large Sparse Datasets (How To Break Anonymity of the Netflix Prize Dataset)”. https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf

[9] Shmatikov, Vitaly and Arvind Narayanan. 2009. “De-Anonymizing Social Networks”. https://www.cs.utexas.edu/~shmat/shmat_oak09.pdf

[10] http://www.wired.com/dangerroom/2010/01/pentagon-searches-for-digital-dna-to-identify-hackers/

How to protect your privacy online

Working on this issue is really a social problem, not an individual problem. Asking individuals to spend a lot of time practicing ‘privacy hygiene’ is both impractical and politically dubious. Creating privacy online, in our opinion, should be done communally by supporting alternatives.

However, there are some things which we recommend that are mostly ‘install and forget’ measures, and don’t require ongoing or tedious maintenance.

If you use Firefox, a web browser we recommend (https://help.riseup.net/mail/#use_firefox), you can install various extensions to use when browsing. Firefox is free software, and community members have written software to add new features, and anybody can download these extensions (see https://addons.mozilla.org/ for more information about Firefox extensions.)

Here are some Firefox extensions that we recommend:

You can also do web searches at https://ssl.scroogle.org