'Do you trust Google?' is the wrong question
Summary: Don't mind Google knowing your real name, or putting your photo against the keywords you search for? Or - as it turns out - against the keywords you search for on the US Inland Revenue Service site?
Don't mind Google knowing your real name, or putting your photo against the keywords you search for? Or - as it turns out - against the keywords you search for on the US Inland Revenue Service site?
Google's announcement that it's merging the privacy policies for all its services into one policy and explicitly sharing data it tracks about you on one Google service with your searches on another Google service has garnered two main reactions.
Firstly, the Google backlash that I've been expecting any time these last five years; after the Nym Wars where Google appeared to be dictating what a Real Name could be and the ever-more-spam-clogged search results, for some people this hits the limit on what they’re comfortable having a service correlate in a similar way to Facebook’s ever-encroaching tracking settings. Bing is getting a lot of unhappy ex-Google users, many of whom are surprised to find that yes, Bing has turned into a good and mostly spam-free search engine.
Or secondly, that Google is a free service and disclosing information is how you pay for it, and besides, it gets you more accurate ads so it’s probably a good thing.
Both reactions are to Google and what Google is doing with your data, but with Data Privacy Day coming around on January 28th and the EU announcing the proposed reforms to its data protection rules, it’s important to think more widely about this.
The right to be deleted, the right to be forgotten
The EU will finally make companies in Europe who lose customer data tell the customer - or better yet, either not keep so much information or encrypt the data so if it's lost, no-one can use it. It's also giving you the right to delete data about you, or move it to another service.
The ‘I trust Google with my information’ reaction often comes with a side order of ‘all the other services track you too’ and that – along with the pervasiveness of Google Analytics and other Google services – is a bigger issue. Many services do track you, more extensively than you might think. In 150 milliseconds while a page loads, there are ad services that will geolocate you from your IP address, look up what they know about you and auction off your eyeballs to the most lucrative bidder.
Few sites tell you who they share information with. It’s a salutary lesson to fire up IE9, add in one of the Tracking Protection lists from Abine or EasyPrivacy and see just how many pages show the little blue block icon in the address bar. For a good explanation of what TPLs do, look at the new Privacy International site, where you’ll soon be able to get blocking lists specifically for child protection, web analytics and behavioural tracking.
Et tu, Bing? Not quite
One of the frequent comments to the ‘I’m switching to Bing’ announcements is to declare that Microsoft tracks you too, and must be just as evil as Google (should you consider Google to have broken its own policy, which is these days described as “you don’t have to be evil to be in business”). Here’s what Microsoft told us last time we asked about the Bing and Windows Live privacy policy.
"We use a technical method (known as a one-way cryptographic hash) to store search terms separately from account holders’ personal information, such as name, email address, etc. so they can’t be systematically recombined. As a result of this “de-identification” process, when Microsoft’s online ad targeting platform serves individually targeted ads, it selects them based only on data that does not personally and directly identify the individual. As a matter of policy, Microsoft takes steps to separate any information that can be used to personally and directly identify a use from the information in its ad selection system.
“Additionally, consistent with our privacy policy, Windows Live users who do not wish to receive targeted advertising can opt-out at the following site. We’ve also taken an extra step and made the opt out “roamable.” This allows people to have their opt-out choice apply to any computer they log onto with their Windows Live ID."
Google: utility or enabler?
The issue with the IRS site is that the embedded YouTube video and Google Analytics code on the page generate cookies and tracking images that are also used on the search results page. That’s not a conspiracy; that’s sloppy coding. But the pervasiveness of Google tools and services means that all the information Google is getting about you is rather more than you expect. Whether or not you trust Google to do good with your information rather than evil isn’t the issue. It’s not even that Google is being rather more transparent than most services; it’s an improvement on the game of Find The Lady that Facebook plays with its privacy settings from month to month. For me, it’s that normalizing this level of data gathering for a service that’s so widely used that it’s practically an information utility is a step towards massive and routine information gathering, just as the EU right to be forgotten and proposals like Do No Track suggest that there’s too much tracking and not enough informing going on already.
Google sounded tone deaf on the issue of pseudonyms in Google+ (and the latest improvements still seem to leave Google deciding if your pseudonym is really good enough). Now it’s sounding out of tune with the EU and with a lot of users. This is a problem that’s far bigger than Google, but because Google is so big, what it does around tracking has wide implications.
Mary Branscombe
P.S. Incidentally, I’m expecting the Bing team to be flattered this week. Not only are there are the ‘I’m switching to Bing and hey, I like it’ comments floating around, but every time Larry Page talks about making a ‘beautiful’ service I think not of iOS eye candy but of the delightful Bing daily images (which Google briefly and embarrassingly copied) and the Windows Phone emphasis on design and typography in the Metro interface (to which the Google IO 2001 page bears what I can only call a startling resemblance).
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Google puts a long-life cookie on your hard drive, and a Wall Street Journal article found it tracked you more than anybody else because it has ads almost everywhere. Quote:
"Google was the most prevalent tracker in The Wall Street Journal's survey of popular websites, with tracking code appearing on 49 of the 50 sites tested."
http://www.wallstreetjournal.de/article/SB10001424052748703999304575399041849931612.html
Google also owns Double Click. I assume you warmly support DC's pioneering efforts at tracking web users as well.
But, well, OK, you're right: users can just not visit any sites that carry any Google or Double Click ads.
I am not saying I agree with Google excessively tracking users. But, I think social networks (i.e. Facebook, Google+) are doing much worse than tracking your IP address and your browsing history (which in many cases, changes on a regular basis with many ISPs anyway), because they have personal information that is submitted by the users right from the start.
Interestingly enough, I see that Google does offer their "Google Analytics Opt-out Browser Add-on" for the mainstream browsers. The URLs are blocked in comments here, but searching for this will lead to the link for it. It does seem silly that this needs to be controlled via a plugin, rather than simply allowing the user to modify the data collection settings directly.
I was simply pointing out the naivety of your statement that "if they don't want their information stored at Google, then they shouldn't submit anything to Google in the first place." Google is all over the web like a rash thanks to its advertising networks, and I don't think the average user can actually avoid Google search (which has a monopoly market share) or YouTube.
The number of people who know they can opt out is tiny, and the number who will opt out is even tinier, so ultimately the opt-out option doesn't matter. It has no effect.
If people are publishing personal info on Facebook etc, then they are doing it deliberately. That might not be smart but it's absolutely different from being tracked everywhere without their knowledge.
M
It's 100% fair to bring to light how pervasive tracking of customers is but it's also important to note than what customers increasingly demand is a personalised experience.
Amazon, eBay, Zappos and Google etc. are industry leaders because they use customer data to provide the customers with a better experience than other websites.
Customers should know what data is being used but just as importantly be educated as to why it's being taken and what it's being taken for.
Google Maps had no real reason to take IP and wi-fi data readings other than to pry into levels of heavy internet users, Google Places and Ad's within Google Maps were increased after this which I sincerely doubt was a coincidence.
However, if customers don't give us data or worse, we're not allowed to keep or store that data, then how can we structure our businesses to meet their needs.
Web Analytics data and preference information performs the same function as a loyalty card for an offline retailer - you analyse habits and target marketing to create better customer experiences.
This new debate seems to have become much more focused on the rights of the consumer as advocated by pressure groups and less to do with research based on online customers and what they want.
People opt-out from marketing communications because they are NOT targeted, if we take a too draconian route to regulation the customer is worse off not better off.
What we need are better, and more heavily enforced data protection policies around security and data ownership, not just to restrict the whole online industry in the collection of data that benefits consumers.
Feel free to disagree :)
M
However, I've had a love hate relationship with Google since I started web des and SEO 7 years ago, so it's no wonder I dislike the company. I do, however believe that the results they're throwing up now are more accurate, although tainted by Google places. As for cross account sharing of personal data.... How about you just buy yourself a disposable mobile phone, sign up with a fake ID and hey presto, your identity is safe online.... only costs some £15 to do in the UK!
Yes, that is true that people publish info on Facebook intentionally. But what Facebook does with the data that users submit, is another thing. The scary one for me was the face recognition and other things they are doing. Why would they do this, and even when deleting content, how do we know it is deleted? We don't, and there's no way to ensure that data in Facebook isn't being shared with other parties. Even scarier, many people that use Facebook are not aware of any of this.
You're an Anonymous Coward so we've no idea what you give away on Facebook, if anything. However, Google *knows* what you searched for in private, whether that was for aids or cancer treatment or just books and toys for kids. It also knows which sites you visited. I agree that Facebook privacy is scary for some people (though not for me) but Google is *potentially* orders of magnitude scarier.
M
I think our best bet is user awareness and education of browser cookies and what they do, and how to disable them by site. Some may want to take the approach of disabling cookies for all sites, and enabling them only for sites that they trust. It would be interesting to see how far that gets, as we know some sites require cookies in order to function at all so it's a case by case basis. Google is not the only one to install tracking cookies; YouTube, Facebook, and many others have them.
A less invasive approach might be to use a browser plugin, like BetterPrivacy for Firefox:
https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
And a cookie removal tool, like Nixory (multi-platform among Windows, Mac OS X, and Linux):
http://linuxpoison.blogspot.com/2011/09/open-source-antispyware-tool-nixory.html
M
M