FAQ: When Google is not your friend

(continued from previous page)

But it's hardly clear that a compelling reason exists for keeping older records--beyond a few months--unless a customer voluntarily chooses options like personalization.

Q: Does that mean Google has the technical ability to link a person's searches together and divulge them when legally required?
Yes. Google says in its FAQ that it records Internet address, date, time, browser type, operating system and a cookie ID.

Author and entrepreneur John Battelle received word from Google this week that the company can perform two important types of matches. (We confirmed this with Google and followed up with additional questions.)

First, given a number of search terms, Google can produce a list of people (identified by Internet address or cookie) who searched for a given term. Second, given a collection of Internet addresses, Google can produce a list of the terms searched by the user of a given address. That effectively creates an electronic dossier of an individual.

Q: What about other search engines?
We surveyed AOL, Microsoft and Yahoo as well. Microsoft and Yahoo gave us the same response as Google did.

AOL's was a little different. Spokesman Andrew Weinstein said AOL could provide a list of search terms typed in by a user. But AOL does not have a system in place to perform the opposite mapping, which would find out what users typed in which search terms. Weinstein also said that AOL deletes personally identifiable search data after 30 days, which makes it unique among the quartet we surveyed.

Q: What about links people click on from search engine results? Can that information be turned over too?
Yes. Through a process known as redirection, Yahoo and AOL record what links people click. Unless the companies discard these records, they would be fair game for a subpoena.

Q: Let's say the Bush administration wanted to obtain a list of the names or Internet addresses of anyone who typed "how to grow marijuana" or "how to cheat on income taxes" into Google. Could that be done?
Probably. If the Electronic Communications Privacy Act does not apply, all that's required is a subpoena from a prosecutor, and no prior approval from a judge is necessary. One Harvard law professor calls the subpoena power "akin to a blank check."

"The threshold rule is relevance," says Paul Ohm, the University of Colorado law professor. "Relevance has been quite broadly construed. As long as you can show that something's relevant to a case or criminal investigation, I think the litigant would have a pretty good argument."

Using the examples of finding out who did searches like "how to make meth" or "how to kill the president," Ohm says prosecutors "would have a very good argument that it's relevant to an investigation."

Q: How can I protect my privacy from search engines?
First, to protect your privacy if your computer is stolen, you can clear your browser's history (sometimes called "private data"). In Firefox, select that option from the Tools menu and delete your browsing history and saved form information. Apple Computer's Safari has a similar option under the History menu. Encrypting your hard drive through OS X's FileVault or PGP's Whole Disk Encryption may be a good idea.

Second, you can clear the cookies that are set by search engines. In Firefox, go to Preferences and select Privacy. You have the option to delete cookies and even prevent certain sites from ever setting them again. Be warned, though, that adding Google.com to the list may prevent using options like personalization or Gmail.

Third, if you're really worried, go to Anonymizer.com and sign up for

[Michael G.]

Aw---I Thought Google was My Best Friend!

Now that I have this information concerning what Google collects, I'll be more careful in my searches to come. All this data collection amounts to is promoting a paranoic and stifling atmosphere in the United States---though I must admit, that Google can only collect what the user enters into it.

Besides advertising and customizing searches, I can't think of a good reason that Google would desire to collect my search information, or that of any other American, other than as a form of spying. There's no good reason for Google to waste the space by keeping these search queries, other than to keep the information "just in case" a legal authority would request information, such as the FBI.

[dewarfinch]

But that's not the point.

I have nothing to be secretive about but what I object to is this insideously creeping culture of 'Big Brother' (Orwell 1984). We seem to be heading down a path towards totalitarianism in which none of us is trusted, seemingly regarded as criminals in waiting (what, with electronic ID cards, DNA data base, fingerprints etc) and I view this as one more brick knocked out of the wall of our Right of Liberty and freedom of expression.

I'm considering that perhaps the best thing to do is to dump Google and avoid search engines which use it.

[iqula]

You still have complete privacy by using this...

I found a site that offers a free personal online desktop called http://www.cosmopod.com if you use it for browsing there is no way you can be tracked and it's a great way to tunnel

[Michael Grogan]

What about the records they keep?

What makes you think CosmoPod is immune to subpoenas? The thing is ad supportedwhich means they are bound to keep all kinds of info to support the advertising.

[samgmcf]

Google's bigger moral issue

Privacy is an important issue, and I am all for Congress passing legislation that will protect the privacy of search records. But Google.cn poses a bigger moral issue, one I hope CNET will continue to pursue.

Google has agreed to censor information on its China website that its government doesn?t want its citizens to see. By doing so, Google has leant legitimacy to the notion that a government has a right to censor its citizens' access to information. Google should have not caved in, which it undoubtedly did for profit, not because of its self-serving excuse that it was wanted to increase the efficiency of Chinese citizens? ability to search the web.

The American government should make it illegal for any American company to assist another country in censoring information, let alone do the censoring itself. Google?s resisting the Justice Department?s subpoena should be applauded, but Google should take a real hammering for its partnering with a dictatorship to censor access to information.

[stephenpace]

Tough One

Google is in a tough spot. They can either A) not filter the results (and searches for banned items will return what appears to be dead links) or B) filter based on applicable laws and make notations where data has been filtered (at least letting users in those countries know they aren't seeing all the data). Google acknowledges that both options are bad, but feels (A) is worse because it provides a bad user experience. From a user standpoint, are the links bad because the site is no longer there? Or because it is being zapped by the Great Firewall of China? Users won't know. At least in the (B) case, users will know results have been filtered based on some government requirements.

This isn't a Chinese specific problem, and your suggestion of a 'law' to make companies ignore local laws is absurd. For instance, in Germany certain Nazi web sites are illegal. If Germany makes such filters a requirement for a presence in Germany, Google has that choice to play or get out of the way. Given that getting out of the way means another engine will step in, Google feels they can have more influence by keeping their seat at the table.

[X99]

Not Just China

Google isn't just censoring data in China.
In Europe Google has censored material at
the request or order of European governments.
In he U.S. and Europe there have been numerous
reports that Google censors advertisements
and search results at the request of certain
activist groups, or based on a very selectively
applied terms of service. To be fair, it isn't
just Google who has engaged in this type of
behavior but they seem to be at the forefront
of it.

[cabh]

American Government Law

The government make it illegal to censor? Please! The US government supports so many foreign regimes that censor human rights. Saudi Arabia - try saying anything against the ruling family there, or if you are a women saying anything in public or even appearing in public w/o an escort. Yet the US is their biggest supporter. Shall we talk about Pakistan? Sure the war against terrorism is important but how much of our rights, values, liberties are we willing to give up? How long are we willing to look the other way? When do we become the world's biggest hypocrites? Preaching freedom supporting anything that but. Evil will always be with us, the good for which we stand will survive only if truly value it, nurture it, support it in all ways.

[CNET123]

Search criteria is irrelevant

For Example if i was trying to find this article again and all i could remember is the line "Ways to kill the president" and that's what I put in the Search criteria, I would be flagged for a possible criminal. That's not fair to drag me through the mud and expense of a criminal Investigation when all I was doing was trying to find an article about anything but what my search criteria stated.

[Jim Harmon]

Ways to kill the president

This search might get you flagged for surveillance, but that's the most it would do. However, unless you're also a known member of an anarachist or anti-American organization or have recently booked a ticket to some city that the Prez will be visiting soon... it's unlikely that anything more will come of it.

Until you apply for a mortgage, that is. :)

[i_made_this]

for Declan: when AOL is not your friend...

...the article twice mentions AOL is unique in only retaining search records for 30 days. But because AOL's default search engine is Google, wouldn't it make it irrelevant how long AOL keeps your search history? I really don't know the answer, but would like to. Declan, if you're listening, can you please shed some light on this tech question about the ISP's and their default search engines?

[Jim Harmon]

Interesting coincidence

Not only does AOL use Google's search engine, so do many online retailers. When you choose their "search this site" button, many will send their search to Google with the /site: parameter.

[Salvalus]

Ways to avoid these problems

A few steps can help you to deal with this:

1.) Do not allow ANY website to log you in "automatically" (Reason: this identifies you / your computer every time you visit the actual website or an affiliated website (e.g. any website that uses Google Adwords etc.))

2.) Get a software that deletes your cookies / cache automatically every X days. (I suggest http://www.zonelabs.com) to avoid tracking with other cookies.

3.) Get a software (http://www.steganos.com/?product=sia2006) that routes your internet traffic over proxy servers and (IMPORTANT) select then only proxy servers in countries where a subpoena would not be effective or where an investigation would be infeasible (e.g. Russia, Slovenia, Netherlands, Sweden etc.) - you can find out where the proxyservers are by tracing their IP on http://www.traceroute.org

OR:

If you are lucky enough to live close to a Hotspot of a Wireless Internet Service Provider (e.g. http://www.boingo.com) then get an account with an American Express "Gift Card" (works online just like a credit card) which you have purchased (IMPORTANT!) with cash. Do not use identifyable data when browsing and BINGO, it is very unlikely that someone would be able to come after you. Oh, throw your wireless network card away when you are in a critical time, the MAC address of it would enable the WISP to provide login info.

However, the most likely point where someone looks is on your computer hard drive, hence delete the temp. internet files and wipe the free space on your HD after that with something like http://www.steganos.com

I am sure this is not complete. You might have other tips you think would help... good for you, post them here, I am eager to learn :)

I am also sure some people like other software better or find that one of these tips is not effective. I can only say that it has worked for my clients in the past...

[WebmasterOfWarStoke.com]

heh

there are a number of programs out there if you look for doing what is called chaining proxy servers

that's where you connect from one server to another you can even stack the proxies something me and a friend tested once took 5 proxies and connected them to each other over and over again in a huge grid
doing this will majorly slow down your internet connection but it would make tracking it back to you quite more difficult
and if you have a modern NIC you can search around and download a program to force a new random mac address
and yes PCs do have mac addresses too I've already gotten that msg before lol

[rdersh]

I agree

I've switched to Yahoo as my homepage. Google is an innovative
company and I admire them for building an empire so quickly.
They've got some really cool products like Earth and Maps.. But the
censoring of their Chinese edition is un-American and where I draw
the line. As much as I'm able to, I will use Yahoo instead.

[jcm3224]

that's silly

So in your mind censoring search results is unethical but helping the the Chinese government imprison journalists is a good deed?
http://www.washingtonpost.com/wp-dyn/content/article/2005/09/10/AR2005091001222.html

[someguy389]

Right or wrong, Yahoo! is filtering too

Yahoo censors search results in China as well. Google's censoring is probably more acceptable to most as they do inform users when the results have been filtered. To my knowledge, MSN and Yahoo don't offer the user that heads up. The fact is, you would find it nearly impossible to survive in the US without purchasing products with connections to China or purchasing from companies that do business in China. All of those companies must make changes to abide by local laws.

[kimocrossman]

How this relates to Free Municipal WiFi and Anonymous Free Speech

Google created their own problem by collecting this information in the first place....

In an attempt to rollout a Citywide Wireless Internet plan (TechConnect) two major approaches being considered by San Francisco which may significantly encroach on the public's privacy. The two options are a for-profit solution which will finance the solution by monetizing the public's privacy or grants from Homeland Security. This occurs in the context of elected officials and city administrators patting themselves on the back for what the voters approved (2004) in a watch law ordinance that makes Patriot Act requests difficult for the Federal government to pursue in San Francisco.

The targeted advertising solution (google and others) would track all the email and surfing habits of any user. This information could be used as in Gmail and Amazon to send specific advertising. It is of course , also available for National Security Letters and other legal methods which would not be presented within the legal context of San Francisco - avoiding the Watch Law. While networks can be created that do not track a user's private information (no server logs, etc) that is not a method being promoted publically by vendors like Google and in fact is partly the reason the Justice Department and Google are now fighting over production of user's search records - Google can't say they just don't have the information. While there are questions about Privacy in the RFP, they were specifically written as Open Ended rather than as Minimal Standards. Public Advocates and Organizations like ACLU, EFF.org and EPIC.org have all written and some have spoken about their concerns with this approach Before the RFP was created and released - yet no changes were made. Also DTIS has the ability to waive any RFP requirements in the contract negotiation process anyhow.

The other funding concept that is being quietly discussed as a mechanism for the San Francisco Municipal Wireless solution is Homeland Security Grants - the calendar image below is from the city official Chris Vein who is in charge of the RFP process which requires bid submittals by 2006/2/21 - See Below

Washington Post: 2006-01-19 Fed Grants (Homeland Security) for Surveillance Cameras for Small Towns .. this seems related to Municipal Wireless funding efforts as well in San Francisco

http://www.washingtonpost.com/wp-dyn/content/article/2006/01/18/AR2006011802324.html

The Homeland Security funding option: "Motorola?s proposal suggests that the city pitch the project as a public safety issue, and capitalize on grants from government organizations such as the Department of Homeland Security. They suggest that the network would help law enforcement by enabling the SFPD to put wireless cameras across the city cheaply, and that the signal from a particular camera could be routed wirelessly to officers in their cars as they approached the scene." (thanks to www.JacksonWest.com for summary)

for more information blog www.webnetic.net

Combined brief ACLU, EFF.org and Epic.org
http://www.eff.org/deeplinks/archives/004078.php

SF Watch Law Re Patriot Act
http://www.sfgov.org/site/uploadedfiles/bdsupvrs/about/watch_law_program.pdf

Jackson West summary of TechConnect RFI/C submittals (the step before the current RFP process)
http://gigaom.com/2005/10/18/politics-of-san-francisco-wifi-project/

Chris Vein DTIS Acting Director's calendar showing a meeting planned with Motorola (obtained through a Public Record's request)

for more information

[209979377489953107664053243186]

The fine line - again, the 4th Ammendment

Once again, we are talking about the fine line between tracking criminal activity in the name of fighting cybercrime and invading a person's private information by removing yet another facet of the 4th Ammendment. Okay, Google stores browser history, but why is so easy to get them to give it up? Why can a psychiatrist or a priest be protected from divulging private information about a client or confessor, but Google is not? All can be privy to sensitive information that could expose deviant behavior...

[mbucci]

A critical report...

Thank you CNET for this critical article at a critical time. For those of us who suspected such practices by the "darlings" of the internet, we are confirmed on the one hand, and more troubled on the other. Are we no better than China? China limmits free inquiry and speech to suppress; and Goodle cooperates. We invite it in order to lend ourselves to entrapment, self-indictment and prosecution; and Google cooperates. Are we no better than the Chinese?

The American way is to foster self-censorship and that is what we must do now.

Hat's off to you.

Michael T. Bucci, Maine USA

[Stating]

Does Google Search History Cross Country Borders?

Does Google store user search histories done from around the world in a central database repository? For example, if I do a search using www.google.ca (Canada), or www.google.cn (China) do those results end up in Google's U.S. based servers? This raises several issues:

1) Can I help insure my privacy by using Google search sites outside of the U.S., the premise being that DOJ would need to subpeona courts outside U.S. jurisdiction to access the records?

2) Do people that use Google outside of the U.S. , regardless of which google.country site they use have their searches stored in Google's U.S. based servers? I would think that, say, Jacques Chirac, or Prince Charles would not be happy to know that their private searches were ending up in Google's Mountain View search database.

3) What if the prosecutor handling the case of Scooter Libby subpeoned records from Google, i.e. does Google also store search records initiated from .gov or .mil domains? What if those records indicated suspiciuous searches from other Administration officials? Is turnabout fair play?

[X99]

Keep it Non-Partisan Please

> Q: Let's say the Bush administration wanted to
> obtain a list of the names or ...

I'm no fan of Bush, but please, let's not make
this a partisan issue. Republicans and Democrats
(including Clinton) are both equally capable of
abuse.

Don't you people even try to maintain some sense
of impartiallity anymore? Or do you simply not
think?

[Jim Harmon]

Non-partisan

I'm also no fan of Bush, but I didn't read this as a partisan attack. It's just a fact that the Bush administration is taking heat for recent privacy violations. It's not difficult to view this as yet another opportunity just waiting to happen.

[thurgoodj187]

Google has more on the line than just free speech

I am not excited about google blocking China's access or possibly keeping my records, but look at it from google's point of view.

China has over 1 billion people, and in the internet advertising market, that equals money. China may even bring in more revenue for google than the US does, who knows. People who complain that this action is restricting information is right to a point, but what happens if google does not comply, they just block them out all together. And yeah it sucks that a country would sensor its people, but they are not US West and we cannot tell them what to do. If the governmenet wants to step in and back some legislation or action against China for these actions, I would be all for that, but it is not google's place to challenge another nation.

As I see it, don't just worry about google, worry about the isp, hosting companies, and email providers. they have just as much information and are probably facing the same rules that google is faced with. Which your search engine, email client, blah blah blah. You might as well lock yourself in a closet. Today everything is always recorded somewhere, even if you don't know it. I am keeping records for 7 years on my own web servers, partially because if I ever need to prove that something occured (or didn;t occur), I can defend myself.

I suggest that the honest people of the world stop being paranoid and live life with integrity. This will most often not lead you in the wrong direction.

Thanks

Steve

[Catgic]

*Full-Proof* Way To Avoid DOJ e-Googling You

My basic personal policy on Web-Trekking is not to go anywhere or write anything on the Web that I would be reluctant to take Me Maw and Me-Bride-For-Life to or say in front of them. This ?Full-Proof? policy has kept the DOJ, and its et al Little Brothers, from following me around with Black Helicopters or giving my family and me a No-Knock ?Wake-Up Call? at Zero-Dark-Thirty. It also has kept Big Bro?s citizen surveillance Snoop-Bots from taking up residence in my ?mini-Cray,? and me out of their cross hairs. Thus, I can freely e-Trek the Web highlands where the view is breath taking and the air is e-Smog free, without looking over my e-shoulder.

Now for those concerned about the issue of DOJ e-Googling them for e-fishing fun and prosecution, Sasha Von Stahl intelligently and informatively commented on first-level practices and measures to limit this problem in ?Ways To Avoid These Problems,? February 3, 2006, 8:38 AM PST, earlier in this thread. Those practices and measures enumerated there are a good first-level step towards minimizing an individual?s exposure to this e-History tracking and snooping problem.

However, never underestimate the intelligence of groups. Remember that A Thousand Dumb People Will Out Smart One Smart Person Every Time. Never forget that the collective many are smarter than the Web Surfing few, especially in today?s global government game of Citizen e-Gotcha. JP B-)

[cagerattler]

What else don't you know? It's not just Google.

You know, it's all fun and games to pick on Google, but they just might be the proverbial 'tip of the iceberg.'

Actually, it may end up that Google has been the better of our friends in the online world. They told the government "NO." Just think what you wouldn't have learned if they said Yes.

[Earl Benser]

I never had any illusions....

Going out on the internet for any reason involves a total
surrender of privacy Anyone can observe you, track you, read
your messages, or anything else they might want. You can't stop
it, you can't prevent it, and you really don't have any right to
complain. Wide open communications are the basis for the
Internet and that means absolutely NO PRIVACY!

So don't get upset with Google tracking your search activities.
Don't get upset with the Government asking Google for search
statistics. Don't get upset with email providers who read your
emails so they can target ads your way. And don't get upset with
people who tailor ads to your search patterns. You surrendered
the right to get upset the moment you went on the internet.

So just ignore the smoke and fog being put out about Google
and the government. You should have seen this one coming a
long way off. The one consolation is that, for the average guy,
he is just an indistinguishable blot on the internet who doesn't
show up on any 'radar screen' except lost in a pile of statistics.
No one really cares about him as an individual internet user.

[X-C3PO]

Not Surprised, It's just business!

Make money is the goal!

[X-C3PO]

Not Surprised, It's just business!

Make money is the goal!

[ogman]

Awwwww...

CNET still having a spat with Google. This article reads like vindictive sour grapes.

[cblanche]

This article does not read like vindictive sour grapes. Google is mentioned along with Microsoft, Yahoo, and AOL. It's like the person says Google is at the forefront (and Google makes it its business to be at the forefront of the search engine phenomena so of course these things will be noticed when Google is involved). The article seems to be very even in tone and facts. What do you have against CNET is more the questions?

European DPA

Years back the European Union enacted a set of laws entitled the Data Protection Act. It grants an European citizens a large degree of control over their own data:

http://www.informationcommissioner.gov.uk/eventual.aspx?id=6789&expmovie=1
offers a very brief, incomplete, outline.

Now, while various exceptions allow security services and law enforcement to see your data, there is also provision under the parts of the act aimed at marketing which control how long personal data on an individual should be held after a given enquiry or transaction has taken place.

I'm no lawyer, but as I understand it (having studied the law and related advice in some detail with relation to identity cards in the past) if Google was a European company then its 'customers' *might* (!) be able to argue that they should decouple the search data from the personal data to which it relates within a reasonable time after the 'transaction' (search) has taken place.

It's worth noting, however, that the DPA laws currently have very little bite, and countless smaller companies violate them. Still - its a start. ;-)

Just to clarify

Just to add...

Obviously the European DPA can't prevent what is happening with Google, Yahoo!, etc (I'm not even sure if it can protect EU citizens, as Google is a US company - let the lawyer argue that one out.) But it would seem that the people of the US might need the protection of some kind of DPA(...?)

[chuck_whealton]

European DPA

It sounds like a good start, and one that we needs to be
expanded and brought over here to the United States.

There are times when the Googles and Yahoos serve a very
useful purpose, and other times when they're just downright
dangerous.

Charles Whealton
Chuck Whealton @ pleasedontspam.com