Google Offering Cash For Your Cache

pigrabbitbear writes "The gradual transformation of the web into an ultra-personalized, corporate-owned social space in the cloud has raised more than a few legitimate concerns about data privacy. Google, for obvious reasons, has always been one of the top cheerleaders for this metamorphosis. Touting a fresh new privacy policy that allows data about you from all of their services to coalesce, they've recently been particularly bullish about rendering that increasingly realistic digital portrait of you that lies stuffed away in their servers. It has led us again to question: How much are we comfortable with our machines knowing about us? How much is our privacy really worth? With their new program, Google is now asking those questions quite directly, and preceding them with dollar signs. Are we all on the verge of making our own information age Faustian bargains?"

Google Highjump into Shallow End

[bky1701]

Alright, when I heard about the privacy policy changes, I thought "oh, well, not like they will really be doing anything new." Yet almost instantly afterwards, we see two attempts on Google's part to grab even more data. The first question that comes to mind is why they want it so badly. If they are ready to pay you for browsing history, this is not simply about getting ad clicks from you personally. I doubt they would ever recoup the money they spent from whatever slight improvement in ad targeting they would get. No, something deeper is at work, and as someone essentially locked into gmail, I am extremely uncomfortable even considering what they are up to. If this is Google's future, it is time to cut my losses and go anywhere else.

Re:Just Might Take Them Up On It

[Mr. Underbridge]

Well, given what they could assimilate on most users, they know who you are, where you live, your medical problems, your political leanings, and your sexual orientation. I think that would give pause to anyone who is, or would ever like to be, employed.

While I don't envision them doing anything evil with that data, I can most certainly envision it being possible.

Re:Just Might Take Them Up On It

[bky1701]

"I am really not concerned at all with anything I can envision them doing with that information. In a word, meh."

The fact they are going to pay what is likely to be, in Google terms (think ad click cost), a huge sum should send up some red flags. (If it isn't that much, then it isn't going to be worth installing the plug for most users.) They stand to profit a lot from this data, else they wouldn't pay for it. Keep in mind all the data they receive for free.

Strategic move

[hcs_$reboot]

After all the buzz made around the coming merge of private data indexes [usatoday.com], that new offer - get money from Google in exchange of your websites visits information - is a way to show users that, actually, and unless you request it, Google is not inspecting your web searches. This is a reassuring move.

Re:Just Might Take Them Up On It

[ToadProphet]

I am really not concerned at all with anything I can envision them doing with that information.

And that's the problem.

Nobody knows what the future will hold in terms of laws and governance. The things that you do today, that are likely well within the limits of the law and likely of no interest to the state, may make you an enemy of a new state tomorrow. Your sig is an excellent example - suggesting that you might be an atheist could wind you up on a watch list of the future. Sounds preposterous, sure, but one never knows.

And yes, we're talking about handing what likely amounts to rather dull data over to a corporation. But again, you don't know who that corporation may hand that data over to tomorrow.

So don't use Google services

[Animats]

I don't use Google services, except occasionally as a developer. I'm only logged in when I'm doing development uploads to Chrome add-ons. (And that's a port of something I have for Mozilla). Mail is handled by my own web sites, filtered by Spam Assassin, retrieved with IMAP, and filed in Thunderbird. Open source code is on Sourceforge. Backups are on a paid service. Videos are on blip.tv. Documents and spreadsheets are in Open Office/Libre Office. 3D work is in Autodesk Inventor or Blender. I have Facebook and LinkedIn accounts for social networking. I used to use Google Voice for an SMS project, but Google's connection to the phone network (which is through a weird third party provider) had trouble telling which numbers could send and receive SMS, and I switched that project to Twilio.

Google has a nice search engine, but I don't see any need to use any of their other services targeted to individuals.

Re:Google Highjump into Shallow End

[InterGuru]

"and as someone essentially locked into gmail"

Non techie solution, do your searches on Bing. Also, use a separate dedicated browser for Facebook ( I use Opera ). Of course assume that anything you put on the net is public.

Re:Just Might Take Them Up On It

[Opportunist]

Well, my boss knows my political position (welcome to our wonderful world of politicial influence in pretty much any place that is remotely touching administration), he knows my medical problems (after all, he's the guy who has to sign my sick days), where I live (because he needs a place to send my mail to) and as far as I can tell, he doesn't give half a shit if I enjoy sucking off goats as long as I do my job.

That doesn't mean that I enjoy some random company having any data of me. Hence I usually give them more data than they want. Poison the cache with random data and let's see how they find out how they match up.

Re:Just Might Take Them Up On It

[muon-catalyzed]

Does not matter what Google would do, just wait until all those data "leak" in some breach and the blackhats get their hands on it.

Re:Just Might Take Them Up On It

[justforgetme]

ohh.. There is already software for that, don't worry. After all facebook doesn't need you to tag yourself, they have already identified you and just wait for your confirmation.

In the summer I can remember Facebook identifying me in some photos nobody had ever touched.
Last month they wanted to verify some locations in Europe I've been photographed in
Next month they are going to be asking me where I was at the time of the murder of a member of parliament.

Joke aside feature recognition algos have become unbelievably efficient for location estimation and face recognition, I'm not sure if Facebook's questions are just deductive logic from the info your peers provide or if they actually try to produce data from the images but the later is equally doable.

Re:Just Might Take Them Up On It

[EdIII]

Blah blah blah values blah blah blah danger

Explain to me again what consequence of lack of privacy is independent of values?

It's this simple.

How you view privacy and anonymity and how it may relate to freedom is completely dependent on your values. It is very much a philosophical discussion, and hence my reference to pick-your-utopia day. We can envision many different types of possible societies from Star Trek to Star Wars to Welcome to Thunder Dome Bitch. It's wonderful fun.

What is not dependent on your values or philosophy is what history shows us that people do to other people based on information. That is a fact not subject to any one person's values.

For instance, and this is not a Godwin attempt, the Gestapo and SS were reliant upon information gathered through "unintended consequences" of laws passed before and during WWII to carry out their own value based agenda against non-Aryans, namely Jews.

The Stasi is another good example of how information about you, sometimes gathered by force, can be used against you.

So while your "blah blah blah blah danger" characterization of my post has a certain appeal to the anti Tin-Foil Hat people, it disregards history to a dangerous and quite humorous and cartoon like degree. You saying it is about values is like Wile E Coyote "deciding" on whether or not gravity exists.

Regardless of how you feel about your privacy, history is an inarguable series of facts that demonstrate that people will use information against you, time and time and time and time again.

Rinse and Repeat.

Re:Just Might Take Them Up On It

[shadowmas]

Remember the deported British twitters from America? They too thought that their information was no value to anyone and that it wasn't important. Well the Homeland security proved them wrong. How little you think about your details are irrelevant. Its what others think about them that matters. You might be absolutely innocent but if your browsing habits or facbook posts indicate to a possible power (goverment or otherwise) that you are a suspect then you'll have a hard time proving your innocence. You might be able to do that but is the hassle worth a couple of hundred dollars?

Already Sold It

[retroworks]

The credit card industry has been doing this for decades. Every purchase we make at stores, travel, online purchases, creates a crude profile of who we are as purchasers. The credit card industry sells this info every day. And there are other examples you could also label "Faustian Bargains".. if I accept the premise that personal information about me is my "soul". Still, at least we could cheat this devil. We just need a program that runs silently in the background, in a back tab of our browser, which randomly looks up anything we might or might not be interested in, to "pollute the cache" or camouflage it. That's something I can do with google but cannot do to my credit card company.

Re:Just Might Take Them Up On It

[swillden]

Does not matter what Google would do, just wait until all those data "leak" in some breach and the blackhats get their hands on it.

That's always possible, of course. As someone who works on securing data at Google, though, I have to say that I think your data is safer in Google's servers than just about anywhere. Almost certainly safer than on your own computer. Prior to joining Google I spent 15 years working as a security and privacy consultant for companies all over the world, big and small, so I have a pretty good feel for the state of information security around the world. In my expert opinion, Google does an excellent job. Far better than, for example, your bank.

I'm not sure how much I'm free to say here, so I'm not going to give any details. I'll just say that Google has excellent security infrastructure, and uses it well. Google's security operations teams review everything that remotely touches on security or privacy, and they're world class. Much of my work touches on the cryptographic security infrastructure, and I love the fact that I get my designs and implementations reviewed by serious cryptographers. I also love the fact that in the year I've been with Google I've never yet had any potential security issue I raised be ignored. It's no accident that Google is one of the few major sites on the web that uses SSL for basically all of its user-facing pages -- it's clearly indicative of the "secure by default" mentality of Google engineers.

Even better, most of the security focus at Google isn't directed at keeping the data secure from outside hackers -- most of the threat analyses that I write are focused on preventing abuses by insiders. Not because Google doesn't trust its employees, but because insiders have the most access. If you can make it impossible for employees to access data, you can be pretty sure that it's secure from outside hackers.

Of course, sometimes employees have to be able to get to information. To address that Google has extensive logging infrastructure and systems to identify potential abuses -- and accessing information without a good reason is a firing offense, regardless of whether or not you actually misuse it.

Nothing is perfect, of course, and no real system is invulnerable, so I won't say breaches are impossible. I will say that they're unlikely.