Does Google really take privacy seriously?

Does Google really take privacy seriously?

Summary: Google does take privacy seriously -- and in many respects, they are more conscious about their privacy practices than most other companies because they are an easy target. It is also assuring that they can fix vulnerabilities very quickly in most cases.

TOPICS: Security, Google, Legal

Google does take privacy seriously -- and in many respects, they are more conscious about their privacy practices than most other companies because they are an easy target. It is also assuring that they can fix vulnerabilities very quickly in most cases. That said, it is becoming very concerning that cross site scripting (XSS) attacks on Google services have become a common headline in the news recently. We only hear about the holes that are publicly disclosed -- but you can bet there are many others that go unreported and are abused without you or Google even knowing.

XSS is a technique that hackers use to inject code into a website that can expose things like your browser cookies to them. Stolen cookies can be used to hijack your browser session allowing attackers to look at personal data or, depending on the severity of the vulnerability, it may even allow them to gain complete access to your accounts.

Does this affect you? Yes, it can affect anyone -- all you have to do to be taken advantage of is visit a website. Even one that you normally trust can be dangerous because one line of malicious code that is invisible to the user (likely inserted by a hacker) can put all visitors to that site at risk without the owner even knowing.

Your data is not completely safe on Google until they implement an effective internal preemptive XSS discovery team, and Google related XSS attacks stop making headlines. Google needs to hire full time employees, who have a knack for discovering these vulnerabilities, to kill bugs before products are even released. Obviously the automated tools they are developing alone aren't foolproof.

I know XSS is far from limited to Google, but if they want to be known as your friendly neighborhood privacy protector, they have to do more than just talk about it. Perhaps even an anti-XSS feature that checks for suspicious URL patterns in the Google Toolbar would be a nice addition.

In the mean time, if you are worried about your privacy, download Firefox and the NoScript addon. It's the only sure-fire way to keep your information private for now.

Topics: Security, Google, Legal

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • 'No thanks' on the Google Toolbar...

    maybe somebody will come up with a little JavaScript check for a bookmarklet.

    Oh wait, then we'd have to have JavaScript activated to use it...
  • My recommendation:

    Until Google can give you additional information that would promote 'confidence' in the Web Mail interface,

    POP your email to a local email client with SSL.
    Don't even login into the web Gmail.

    Gmail Folks, change your passwords and make them 'strong'!

    D T Schmitz
  • RE: Does Google really take privacy seriously?

    The short answer is "Hell No!"

    Does the NSA take privacy seriously? Google is just an
    extention of the NSA.

    Not to mention Google's so called "Do no evil" montra,
    really applies to webmasters who have to follow
    Google's strict guidelines or their sites get nuked. And
    when behind the scenes Google employes many many
    black hat techniques themselves to promote their own
    business. Not to mention making lots of money from
    selling keyword terms for products and services that
    infringe on other people's
    brands/trademarks/intellectual property. YouTube is a
    perfect example of this hypocracy. They built that
    business solely on allow others to post
    illegal/copyrighted content. Google does the same
    thing and they package ads around it and sell it as if
    content were a free thing.

    G Brent LeVasseur
    • RE: Does Google really take privacy seriously?

      If you were to put your phone number in the google search box (ex. 501 - 555 - 1212), you will most likely see your name, unless your number is unlisted. Cell phones won't be listed either, but, google should stop this practice. I wouldn't want my name to appear, and I'm sure no one else would either.

      So no, I don't think google is taking privacy seriously!
      • Joking...right?

        That information is available on yellowpages, along with your address. A publicly listed phone number is not private, and it's not an invasion of your privacy to list it.
  • Googles Profits by Privacy

    Google derives it's profits by renting your privacy, rather than by selling your data ie. Google uses your private data for targeted marketing it provides for other companies, hence it has a profit motive for restricting access to your data by other companies. Not that you have any privacy from Google and it's staff, or any government intelligence agencies from around the world to whom google is quite content to sell your privacy.
  • Google + Privacy?

    Are you KIDDING?

    Remember what Google did to the citizens of China?

    They gave the names and addresses of Chinese citizens visiting certain "Freedom seeking" websites to the Chinese Communist government!(As reported by several news services)

    And what happened to those people? Who knows! Like all lovely communist police states, they most likely went to a Chinese communist re-education/labor camp to work 18 hour days, 7 days a week, 365 days/year so we can enjoy our cheap lead contaminated JUNK!