FAQ: When Google is not your friend

(continued from previous page)

one of its anonymous browsing options (they're primarily for Windows users). Tor is another option.

Danny Sullivan has posted a more extensive list of recommendations at SearchEngineWatch.com.

Q: Is Congress going to do anything?
Rep. Ed Markey, a Massachusetts Democrat, has pledged to introduce legislation to prevent storing search terms "beyond a reasonable period of time."

There are some political and practical problems with this approach. First, Markey is a liberal Democrat in a town controlled by Republicans, so his proposal isn't going anywhere. Second, any such law could be wildly disruptive--it could mean class-action lawyers would get rich suing tech companies on charges that their data-retention duration is not "reasonable."

Finally, it's hardly clear that the Bush administration will embrace such a proposal--search terms could prove useful in criminal prosecutions, and the Justice Department seems to like the ability to demand them from search engines.

Q: How are Internet addresses handed out? Do people always have the same one?
It depends. Many DSL and cable modem providers allocate Internet addresses only when they're in use (the methods are called DHCP and PPPoe). Those IP addresses can change frequently.

Other IP addresses tend to be fixed. Faculty and staff members at universities, and employees of corporations, are more likely to have fixed Internet addresses.

Q: If Google knows I'm connecting from a dynamically assigned Internet address of 192.1.1.1 one day, and 192.2.2.2 the next day and 192.3.3.3 the third, how can it link my queries together to create that dossier?
This is where "cookies" come in. A cookie is simply a device for a Web site to recognize people the next time they return. Google, Yahoo, AOL and Microsoft all set cookies by default. (Microsoft's expire in 2016; Yahoo's in 2010; Google's in 2038. AOL sets a third-party cookie that expires in 2011.)

In the above example, Google.com would set a cookie for whoever's connecting from Internet address 192.1.1.1 the first day, and then figure out that the same Web browser is connecting from 192.2.2.2 and 192.3.3.3 the next two days. If people are logged in to their Google account, this makes the process even easier, of course.

Q: Even if a search engine company knows my Internet address is 192.1.1.1, and links my previous searches together, how can they--or the government--get my name, home address or other information?
If you have a Google account for products like Gmail, Google Groups, Personalized Search or Google Alerts, Google knows your e-mail address and other personal information, which it can be forced to disclose. If a Web publisher signs up for Google AdSense for advertising revenue, Google will have the publisher's real name, mailing address and Social Security Number.

If a person doesn't use any other Google services, all the company can divulge in response to a subpoena is that person's Internet address. Then whoever's asking about the person will send a second subpoena to the person's Internet service provider to find out billing information. This is a relatively straightforward procedure used by the Recording Industry Association of America (RIAA) in thousands of file-swapping lawsuits.

Q: Has anyone ever sent search engines a subpoena or other kind of legal request for someone's search terms?
We don't know. Google and Yahoo refused to answer the question, though there is no law prohibiting them from doing so.

AOL said only that the Electronic Communications Privacy Act would apply. Microsoft was by far the most forthcoming. With the exception of the Justice Department subpoena for search terms (without user identities) last year, Microsoft said it has "not received either criminal or civil requests related to MSN Search data."

Microsoft also said it "has never received either criminal or civil requests" to produce the lists of people who typed in a search term. Oddly, the other companies were not nearly as open.

Q: How long do companies keep records of my search terms?
Microsoft, Google and Yahoo all said they keep data as long as it's necessary, which could mean forever. Microsoft did add that the company is "looking at ways" to provide users with the option to delete their search histories, and Yahoo made a similar statement.

AOL, on the other hand, says it deletes personally identifiable data after 30 days.

CNET News.com's Elinor Mills contributed to this report.

[Michael G.]

Aw---I Thought Google was My Best Friend!

Now that I have this information concerning what Google collects, I'll be more careful in my searches to come. All this data collection amounts to is promoting a paranoic and stifling atmosphere in the United States---though I must admit, that Google can only collect what the user enters into it.

Besides advertising and customizing searches, I can't think of a good reason that Google would desire to collect my search information, or that of any other American, other than as a form of spying. There's no good reason for Google to waste the space by keeping these search queries, other than to keep the information "just in case" a legal authority would request information, such as the FBI.

[dewarfinch]

But that's not the point.

I have nothing to be secretive about but what I object to is this insideously creeping culture of 'Big Brother' (Orwell 1984). We seem to be heading down a path towards totalitarianism in which none of us is trusted, seemingly regarded as criminals in waiting (what, with electronic ID cards, DNA data base, fingerprints etc) and I view this as one more brick knocked out of the wall of our Right of Liberty and freedom of expression.

I'm considering that perhaps the best thing to do is to dump Google and avoid search engines which use it.

[iqula]

You still have complete privacy by using this...

I found a site that offers a free personal online desktop called http://www.cosmopod.com if you use it for browsing there is no way you can be tracked and it's a great way to tunnel

[Michael Grogan]

What about the records they keep?

What makes you think CosmoPod is immune to subpoenas? The thing is ad supportedwhich means they are bound to keep all kinds of info to support the advertising.

[samgmcf]

Google's bigger moral issue

Privacy is an important issue, and I am all for Congress passing legislation that will protect the privacy of search records. But Google.cn poses a bigger moral issue, one I hope CNET will continue to pursue.

Google has agreed to censor information on its China website that its government doesn?t want its citizens to see. By doing so, Google has leant legitimacy to the notion that a government has a right to censor its citizens' access to information. Google should have not caved in, which it undoubtedly did for profit, not because of its self-serving excuse that it was wanted to increase the efficiency of Chinese citizens? ability to search the web.

The American government should make it illegal for any American company to assist another country in censoring information, let alone do the censoring itself. Google?s resisting the Justice Department?s subpoena should be applauded, but Google should take a real hammering for its partnering with a dictatorship to censor access to information.

[stephenpace]

Tough One

Google is in a tough spot. They can either A) not filter the results (and searches for banned items will return what appears to be dead links) or B) filter based on applicable laws and make notations where data has been filtered (at least letting users in those countries know they aren't seeing all the data). Google acknowledges that both options are bad, but feels (A) is worse because it provides a bad user experience. From a user standpoint, are the links bad because the site is no longer there? Or because it is being zapped by the Great Firewall of China? Users won't know. At least in the (B) case, users will know results have been filtered based on some government requirements.

This isn't a Chinese specific problem, and your suggestion of a 'law' to make companies ignore local laws is absurd. For instance, in Germany certain Nazi web sites are illegal. If Germany makes such filters a requirement for a presence in Germany, Google has that choice to play or get out of the way. Given that getting out of the way means another engine will step in, Google feels they can have more influence by keeping their seat at the table.

[X99]

Not Just China

Google isn't just censoring data in China.
In Europe Google has censored material at
the request or order of European governments.
In he U.S. and Europe there have been numerous
reports that Google censors advertisements
and search results at the request of certain
activist groups, or based on a very selectively
applied terms of service. To be fair, it isn't
just Google who has engaged in this type of
behavior but they seem to be at the forefront
of it.

[cabh]

American Government Law

The government make it illegal to censor? Please! The US government supports so many foreign regimes that censor human rights. Saudi Arabia - try saying anything against the ruling family there, or if you are a women saying anything in public or even appearing in public w/o an escort. Yet the US is their biggest supporter. Shall we talk about Pakistan? Sure the war against terrorism is important but how much of our rights, values, liberties are we willing to give up? How long are we willing to look the other way? When do we become the world's biggest hypocrites? Preaching freedom supporting anything that but. Evil will always be with us, the good for which we stand will survive only if truly value it, nurture it, support it in all ways.

[CNET123]

Search criteria is irrelevant

For Example if i was trying to find this article again and all i could remember is the line "Ways to kill the president" and that's what I put in the Search criteria, I would be flagged for a possible criminal. That's not fair to drag me through the mud and expense of a criminal Investigation when all I was doing was trying to find an article about anything but what my search criteria stated.

[Jim Harmon]

Ways to kill the president

This search might get you flagged for surveillance, but that's the most it would do. However, unless you're also a known member of an anarachist or anti-American organization or have recently booked a ticket to some city that the Prez will be visiting soon... it's unlikely that anything more will come of it.

Until you apply for a mortgage, that is. :)

[i_made_this]

for Declan: when AOL is not your friend...

...the article twice mentions AOL is unique in only retaining search records for 30 days. But because AOL's default search engine is Google, wouldn't it make it irrelevant how long AOL keeps your search history? I really don't know the answer, but would like to. Declan, if you're listening, can you please shed some light on this tech question about the ISP's and their default search engines?

[Jim Harmon]

Interesting coincidence

Not only does AOL use Google's search engine, so do many online retailers. When you choose their "search this site" button, many will send their search to Google with the /site: parameter.

[Salvalus]

Ways to avoid these problems

A few steps can help you to deal with this:

1.) Do not allow ANY website to log you in "automatically" (Reason: this identifies you / your computer every time you visit the actual website or an affiliated website (e.g. any website that uses Google Adwords etc.))

2.) Get a software that deletes your cookies / cache automatically every X days. (I suggest http://www.zonelabs.com) to avoid tracking with other cookies.

3.) Get a software (http://www.steganos.com/?product=sia2006) that routes your internet traffic over proxy servers and (IMPORTANT) select then only proxy servers in countries where a subpoena would not be effective or where an investigation would be infeasible (e.g. Russia, Slovenia, Netherlands, Sweden etc.) - you can find out where the proxyservers are by tracing their IP on http://www.traceroute.org

OR:

If you are lucky enough to live close to a Hotspot of a Wireless Internet Service Provider (e.g. http://www.boingo.com) then get an account with an American Express "Gift Card" (works online just like a credit card) which you have purchased (IMPORTANT!) with cash. Do not use identifyable data when browsing and BINGO, it is very unlikely that someone would be able to come after you. Oh, throw your wireless network card away when you are in a critical time, the MAC address of it would enable the WISP to provide login info.

However, the most likely point where someone looks is on your computer hard drive, hence delete the temp. internet files and wipe the free space on your HD after that with something like http://www.steganos.com

I am sure this is not complete. You might have other tips you think would help... good for you, post them here, I am eager to learn :)

I am also sure some people like other software better or find that one of these tips is not effective. I can only say that it has worked for my clients in the past...

[WebmasterOfWarStoke.com]

heh

there are a number of programs out there if you look for doing what is called chaining proxy servers

that's where you connect from one server to another you can even stack the proxies something me and a friend tested once took 5 proxies and connected them to each other over and over again in a huge grid
doing this will majorly slow down your internet connection but it would make tracking it back to you quite more difficult
and if you have a modern NIC you can search around and download a program to force a new random mac address
and yes PCs do have mac addresses too I've already gotten that msg before lol

[rdersh]

I agree

I've switched to Yahoo as my homepage. Google is an innovative
company and I admire them for building an empire so quickly.
They've got some really cool products like Earth and Maps.. But the
censoring of their Chinese edition is un-American and where I draw
the line. As much as I'm able to, I will use Yahoo instead.

[jcm3224]

that's silly

So in your mind censoring search results is unethical but helping the the Chinese government imprison journalists is a good deed?
http://www.washingtonpost.com/wp-dyn/content/article/2005/09/10/AR2005091001222.html

[someguy389]

Right or wrong, Yahoo! is filtering too

Yahoo censors search results in China as well. Google's censoring is probably more acceptable to most as they do inform users when the results have been filtered. To my knowledge, MSN and Yahoo don't offer the user that heads up. The fact is, you would find it nearly impossible to survive in the US without purchasing products with connections to China or purchasing from companies that do business in China. All of those companies must make changes to abide by local laws.

[kimocrossman]

How this relates to Free Municipal WiFi and Anonymous Free Speech

Google created their own problem by collecting this information in the first place....

In an attempt to rollout a Citywide Wireless Internet plan (TechConnect) two major approaches being considered by San Francisco which may significantly encroach on the public's privacy. The two options are a for-profit solution which will finance the solution by monetizing the public's privacy or grants from Homeland Security. This occurs in the context of elected officials and city administrators patting themselves on the back for what the voters approved (2004) in a watch law ordinance that makes Patriot Act requests difficult for the Federal government to pursue in San Francisco.

The targeted advertising solution (google and others) would track all the email and surfing habits of any user. This information could be used as in Gmail and Amazon to send specific advertising. It is of course , also available for National Security Letters and other legal methods which would not be presented within the legal context of San Francisco - avoiding the Watch Law. While networks can be created that do not track a user's private information (no server logs, etc) that is not a method being promoted publically by vendors like Google and in fact is partly the reason the Justice Department and Google are now fighting over production of user's search records - Google can't say they just don't have the information. While there are questions about Privacy in the RFP, they were specifically written as Open Ended rather than as Minimal Standards. Public Advocates and Organizations like ACLU, EFF.org and EPIC.org have all written and some have spoken about their concerns with this approach Before the RFP was created and released - yet no changes were made. Also DTIS has the ability to waive any RFP requirements in the contract negotiation process anyhow.

The other funding concept that is being quietly discussed as a mechanism for the San Francisco Municipal Wireless solution is Homeland Security Grants - the calendar image below is from the city official Chris Vein who is in charge of the RFP process which requires bid submittals by 2006/2/21 - See Below

Washington Post: 2006-01-19 Fed Grants (Homeland Security) for Surveillance Cameras for Small Towns .. this seems related to Municipal Wireless funding efforts as well in San Francisco

http://www.washingtonpost.com/wp-dyn/content/article/2006/01/18/AR2006011802324.html

The Homeland Security funding option: "Motorola?s proposal suggests that the city pitch the project as a public safety issue, and capitalize on grants from government organizations such as the Department of Homeland Security. They suggest that the network would help law enforcement by enabling the SFPD to put wireless cameras across the city cheaply, and that the signal from a particular camera could be routed wirelessly to officers in their cars as they approached the scene." (thanks to www.JacksonWest.com for summary)

for more information blog www.webnetic.net

Combined brief ACLU, EFF.org and Epic.org
http://www.eff.org/deeplinks/archives/004078.php

SF Watch Law Re Patriot Act
http://www.sfgov.org/site/uploadedfiles/bdsupvrs/about/watch_law_program.pdf

Jackson West summary of TechConnect RFI/C submittals (the step before the current RFP process)
http://gigaom.com/2005/10/18/politics-of-san-francisco-wifi-project/

Chris Vein DTIS Acting Director's calendar showing a meeting planned with Motorola (obtained through a Public Record's request)

for more information

[209979377489953107664053243186]

The fine line - again, the 4th Ammendment

Once again, we are talking about the fine line between tracking criminal activity in the name of fighting cybercrime and invading a person's private information by removing yet another facet of the 4th Ammendment. Okay, Google stores browser history, but why is so easy to get them to give it up? Why can a psychiatrist or a priest be protected from divulging private information about a client or confessor, but Google is not? All can be privy to sensitive information that could expose deviant behavior...

[mbucci]

A critical report...

Thank you CNET for this critical article at a critical time. For those of us who suspected such practices by the "darlings" of the internet, we are confirmed on the one hand, and more troubled on the other. Are we no better than China? China limmits free inquiry and speech to suppress; and Goodle cooperates. We invite it in order to lend ourselves to entrapment, self-indictment and prosecution; and Google cooperates. Are we no better than the Chinese?

The American way is to foster self-censorship and that is what we must do now.

Hat's off to you.

Michael T. Bucci, Maine USA

[Stating]

Does Google Search History Cross Country Borders?

Does Google store user search histories done from around the world in a central database repository? For example, if I do a search using www.google.ca (Canada), or www.google.cn (China) do those results end up in Google's U.S. based servers? This raises several issues:

1) Can I help insure my privacy by using Google search sites outside of the U.S., the premise being that DOJ would need to subpeona courts outside U.S. jurisdiction to access the records?

2) Do people that use Google outside of the U.S. , regardless of which google.country site they use have their searches stored in Google's U.S. based servers? I would think that, say, Jacques Chirac, or Prince Charles would not be happy to know that their private searches were ending up in Google's Mountain View search database.

3) What if the prosecutor handling the case of Scooter Libby subpeoned records from Google, i.e. does Google also store search records initiated from .gov or .mil domains? What if those records indicated suspiciuous searches from other Administration officials? Is turnabout fair play?

[X99]

Keep it Non-Partisan Please

> Q: Let's say the Bush administration wanted to
> obtain a list of the names or ...

I'm no fan of Bush, but please, let's not make
this a partisan issue. Republicans and Democrats
(including Clinton) are both equally capable of
abuse.

Don't you people even try to maintain some sense
of impartiallity anymore? Or do you simply not
think?

[Jim Harmon]

Non-partisan

I'm also no fan of Bush, but I didn't read this as a partisan attack. It's just a fact that the Bush administration is taking heat for recent privacy violations. It's not difficult to view this as yet another opportunity just waiting to happen.

[thurgoodj187]

Google has more on the line than just free speech

I am not excited about google blocking China's access or possibly keeping my records, but look at it from google's point of view.

China has over 1 billion people, and in the internet advertising market, that equals money. China may even bring in more revenue for google than the US does, who knows. People who complain that this action is restricting information is right to a point, but what happens if google does not comply, they just block them out all together. And yeah it sucks that a country would sensor its people, but they are not US West and we cannot tell them what to do. If the governmenet wants to step in and back some legislation or action against China for these actions, I would be all for that, but it is not google's place to challenge another nation.

As I see it, don't just worry about google, worry about the isp, hosting companies, and email providers. they have just as much information and are probably facing the same rules that google is faced with. Which your search engine, email client, blah blah blah. You might as well lock yourself in a closet. Today everything is always recorded somewhere, even if you don't know it. I am keeping records for 7 years on my own web servers, partially because if I ever need to prove that something occured (or didn;t occur), I can defend myself.

I suggest that the honest people of the world stop being paranoid and live life with integrity. This will most often not lead you in the wrong direction.

Thanks

Steve

[Catgic]

*Full-Proof* Way To Avoid DOJ e-Googling You

My basic personal policy on Web-Trekking is not to go anywhere or write anything on the Web that I would be reluctant to take Me Maw and Me-Bride-For-Life to or say in front of them. This ?Full-Proof? policy has kept the DOJ, and its et al Little Brothers, from following me around with Black Helicopters or giving my family and me a No-Knock ?Wake-Up Call? at Zero-Dark-Thirty. It also has kept Big Bro?s citizen surveillance Snoop-Bots from taking up residence in my ?mini-Cray,? and me out of their cross hairs. Thus, I can freely e-Trek the Web highlands where the view is breath taking and the air is e-Smog free, without looking over my e-shoulder.

Now for those concerned about the issue of DOJ e-Googling them for e-fishing fun and prosecution, Sasha Von Stahl intelligently and informatively commented on first-level practices and measures to limit this problem in ?Ways To Avoid These Problems,? February 3, 2006, 8:38 AM PST, earlier in this thread. Those practices and measures enumerated there are a good first-level step towards minimizing an individual?s exposure to this e-History tracking and snooping problem.

However, never underestimate the intelligence of groups. Remember that A Thousand Dumb People Will Out Smart One Smart Person Every Time. Never forget that the collective many are smarter than the Web Surfing few, especially in today?s global government game of Citizen e-Gotcha. JP B-)

[cagerattler]

What else don't you know? It's not just Google.

You know, it's all fun and games to pick on Google, but they just might be the proverbial 'tip of the iceberg.'

Actually, it may end up that Google has been the better of our friends in the online world. They told the government "NO." Just think what you wouldn't have learned if they said Yes.

[Earl Benser]

I never had any illusions....

Going out on the internet for any reason involves a total
surrender of privacy Anyone can observe you, track you, read
your messages, or anything else they might want. You can't stop
it, you can't prevent it, and you really don't have any right to
complain. Wide open communications are the basis for the
Internet and that means absolutely NO PRIVACY!

So don't get upset with Google tracking your search activities.
Don't get upset with the Government asking Google for search
statistics. Don't get upset with email providers who read your
emails so they can target ads your way. And don't get upset with
people who tailor ads to your search patterns. You surrendered
the right to get upset the moment you went on the internet.

So just ignore the smoke and fog being put out about Google
and the government. You should have seen this one coming a
long way off. The one consolation is that, for the average guy,
he is just an indistinguishable blot on the internet who doesn't
show up on any 'radar screen' except lost in a pile of statistics.
No one really cares about him as an individual internet user.

[X-C3PO]

Not Surprised, It's just business!

Make money is the goal!

[X-C3PO]

Not Surprised, It's just business!

Make money is the goal!

[ogman]

Awwwww...

CNET still having a spat with Google. This article reads like vindictive sour grapes.

[cblanche]

This article does not read like vindictive sour grapes. Google is mentioned along with Microsoft, Yahoo, and AOL. It's like the person says Google is at the forefront (and Google makes it its business to be at the forefront of the search engine phenomena so of course these things will be noticed when Google is involved). The article seems to be very even in tone and facts. What do you have against CNET is more the questions?

European DPA

Years back the European Union enacted a set of laws entitled the Data Protection Act. It grants an European citizens a large degree of control over their own data:

http://www.informationcommissioner.gov.uk/eventual.aspx?id=6789&expmovie=1
offers a very brief, incomplete, outline.

Now, while various exceptions allow security services and law enforcement to see your data, there is also provision under the parts of the act aimed at marketing which control how long personal data on an individual should be held after a given enquiry or transaction has taken place.

I'm no lawyer, but as I understand it (having studied the law and related advice in some detail with relation to identity cards in the past) if Google was a European company then its 'customers' *might* (!) be able to argue that they should decouple the search data from the personal data to which it relates within a reasonable time after the 'transaction' (search) has taken place.

It's worth noting, however, that the DPA laws currently have very little bite, and countless smaller companies violate them. Still - its a start. ;-)

Just to clarify

Just to add...

Obviously the European DPA can't prevent what is happening with Google, Yahoo!, etc (I'm not even sure if it can protect EU citizens, as Google is a US company - let the lawyer argue that one out.) But it would seem that the people of the US might need the protection of some kind of DPA(...?)

[chuck_whealton]

European DPA

It sounds like a good start, and one that we needs to be
expanded and brought over here to the United States.

There are times when the Googles and Yahoos serve a very
useful purpose, and other times when they're just downright
dangerous.

Charles Whealton
Chuck Whealton @ pleasedontspam.com