This is a non-technical post and completely my own opinion (as if you asked). I’m sure you all have seen this by now, in the news, on blogs, or even on Google’s employees’ sites but it’s time for me to discuss my view on Google’s recent ranking of the absolute worst privacy of the top 23 companies chosen for scrutiny by Privacy International in their latest report. They ranked lower than anyone else looked at, and the list included companies like Microsoft, eBay, Yahoo and MySpace. Here is a choice quote that should put to rest that this is simply some rogue company’s vendetta against Google as some people have conjectured:
This material, submitted by the Electronic Privacy Information Center (EPIC) and coupled with a submission to the FTC from the New York State Consumer Protection Board, provided additional weight for our assessment that Google has created the most onerous privacy environment on the Internet.
Again, Matt Cutts let me down when he responded to this by pointing to other people’s follies instead of focusing on Google’s privacy issues. Shame on you Matt - and didn’t Google buy a huge stake in AOL right before that privacy disclosure happened? It’s easy to point fingers but please do your homework first. I have to give Matt some leeway here - he may simply be ignorant of how the rest of the company operates.
Anyway, as a side note this was followed up by an interesting thread finding more places where a man in the middle could read usernames and passwords in Google. Google doesn’t have a great track record with security either. Tons of private information and very poor track record in keeping that information safe? Great combination.
I’ve had the dubious distinction of being tangentially part of some secret Google meetings (I am under no NDAs with them in any shape or form) and I have no doubt in my mind that every accusation made against them is true - and some I have actually seen myself. While Google plays the we’re not evil dance to the devil’s flute, the rest of the industry is actually trying to play by the rules. Even the FTC sided against Google in the Microsoft anti-trust case where Google claimed that Google’s Desktop wasn’t as useful on Vista as it was on XP. Microsoft’s answer? Google Desktop slows the computer down, it’s not Vista slowing Google’s Desktop down. Touché! I don’t blame the FTC for putting the advertising company in its place - especially an advertising company that intends on buying another advertising company that people have loathed for their privacy mis-deeds for nearly a decade (DoubleClick). I used to work for an advertising company - I personally have experienced how evil they are.
Google’s tools cannot be easily avoided, even by people who choose not to download their spyware. Adsense and Google Analytics also report home and can track users as they travel from domain to domain, as do the Google images that you see on search boxes that float all over the Internet. Unless consumers know how to avoid Google’s reach, they cannot simply avoid Google by not using their downloaded executables or their search engine. That to me constitutes a huge risk to privacy. That they delete or rather anonymize (and how good is that anonymization strategy, really?) after two years is irrelevant - that’s already too long when you combine it with all the other forms of information that they have access to and log. Yes, it is a requirement of the various governments they work with, but the governments don’t ask them to combine this information, they do that on their own.
The next most common thing I hear is that most of the tracked information is only used to tune the search engine. While that sounds like a noble task, what if I am uncomfortable with having personally identifiable information combined into custom or targeted search queries? Why is there no way to opt out of their reach (even DoubleClick had this)? Herein lies my biggest concern and why I recommend privacy concerned people seek alternatives. I’ve stopped using all things Google whenever possible, and am considering adding their entire netblock to my egress filters, except for testing purposes. While Google is an innovative company in some respects, I don’t trust the motives of an advertising company. Are they any better or worse than the others? There’s probably no way to know for sure, but at least the others are forthcoming.