Wed

Apr 25
2007

Tim O'Reilly

Tim O'Reilly

Google and Privacy

Slashdot just pointed to an article about the outcry over privacy implications of the Google acquisition of Doubleclick. From the article:

"Google's proposed acquisition of DoubleClick will give one company access to more information about the Internet activities of consumers than any other company in the world," said the complaint lodged with the Federal Trade Commission. "Moreover, Google will operate with virtually no legal obligation to ensure the privacy, security, and accuracy of the personal data that it collects."

I wanted to weigh in with a broader perspective, and a counter-argument. While there is some ground for concern, people seem to be ignoring far greater risks to our privacy that are in the hands of people far less scrupulous than Google. Our credit card company knows everything we buy -- and sells that information to marketers; our phone company knows everyone we call -- and sells that information to marketers; our supermarket knows what we buy and how often -- and sells that information to marketers.

Meanwhile, here's Google, which is using the information it collects to build better services that we eagerly consume because they are useful to us, and yet we're complaining about the risks of how much data they collect! At least Google's harnessing that data for our benefit, while most of the other big data collectors are simply using it for their own.

In short, it seems to me that Google is being held to a much higher standard than the rest of the world.

This isn't to say that no privacy safeguards are required. But let's put the outcry in perspective. We are moving into a future where what we do, where we go, what we spend, what we pay attention to, will be mined constantly and by everyone. Would we rather have this done in an invisible back office, where we can pretend it isn't happening? Or would we rather that those people collecting this kind of data build useful services with it, like Google is doing?

tags: web 2.0  | comments: 35   | Sphere It
submit:

 
Previous  |  Next

0 TrackBacks

TrackBack URL for this entry: http://blogs.oreilly.com/cgi-bin/mt/mt-t.cgi/5451

Comments: 35

  Don Marti [04.25.07 02:35 PM]

The other data collectors would say they're using the data for our benefit too. The fact that someone replies to all those credit card offers shows that they're of value to someone, right?

We hold Google to a higher standard because they're smarter and have better data. Equifax customer can buy a credit report on me that says I started working two years before I was born. Google's information on me is certainly a lot more accurate.

  Aaron [04.25.07 03:17 PM]

"At least Google's harnessing that data for *our* benefit"

The extent to which Google acts for "our" benefit is contingent upon that maximizing Google's long-term profits; not our well-being.

Perhaps you're thinking of Google.org :-)

P.S., I've never "eagerly consumed" one of Google's text ads...rather, I'm disturbed that the text ads on a weblog sometimes have more to do with a GMail message I just read than the weblog.

  Logical Extremes [04.25.07 03:18 PM]

Credit card companies have opt-outs to prevent data sharing. Phone companies are barred from sharing personally identifiable call information. And no supermarket knows anything about what I buy as I don't use loyalty cards.

I like Google as much as the next person, but citizens need legal protections, not just good will. You can bet I'll continue to employ strategies to minimize accumulation of my private information and behavioral data.

  Jake Lockley [04.25.07 03:30 PM]

"here's Google, which is using the information it collects to build better services that we eagerly consume because they are useful to us"

This is opinion, not fact. How exactly is Google making massive amounts of money by advertising to me helping me? Their search engine might be the best but it still sucks. I do a search and my own delicious tags come up as the highest ranking results. It won't suck when they let me filter my search results or give ME control over exactly how my surfing habits are used, rather than use my habits to charge higher prices for their targeted ads. Let me filter out spammer sites that are parking pages, top download sites, or just mirrored pages used to snag spiders and broker traffic between Google and many other search engine companies they have deals with like Business.com. For now all I have to rely on is a hosts file and blacklist DNS servers for keeping my data private. Am I worried they are spying on me? No. But even credit card companies have to give you a choice to allow your data to be used to market to others. Without the value of my metadata add to their portfolio Google wouldn't be the monster that it is. Imagine how happy I would be if they actually put those dollars in my pocket. For all I know I get lousy search results so they can make more money, and that's the whole point of the anti-trust suit.

  Andrew Davies [04.25.07 04:36 PM]

"To whom much is given, from him much will be required."

(http://blog.idiomag.com/2007/04/google-dont-be-evil/)

  Tim O'Reilly [04.25.07 04:41 PM]

Good points, all, especially Andrew. But it does seem to me that Google is a target precisely because they do a good job at making use of this data, and that doesn't seem right.

Aaron, I don't know about you, but I've many times clicked on Google text ads, because they are relevant to my search, while in 15 years on the web, I've never clicked on a banner or popup ad. I consider that a huge benefit.

Jake -- maybe you're forgetting search before Google. It's not as good as it used to be, and the mechanisms you suggest might help it be better, but they sure made a big improvement. And they made it by using data intelligently.

The whole point of the anti-trust suit has nothing to do with the reason you give, and everything to do with the fact that competitors who do a MUCH worse job on those points are afraid of them.

  billg [04.25.07 04:59 PM]

When I hear that Google has screwed up someone's credit record and kept them from buying a house, I'll worry more about Google than I do about the credit bureaus.

  Jim S [04.25.07 05:18 PM]

I would have probably agreed with you a year ago. But in general, excessive centralization creates opportunity for abuse. It's no accident that virtually every autocratic or totalitarian regime in the 20th century prominantly included centralism as a key theme of political theory.

Furthermore Youtube's wholesale abuse of copyright makes clear that "do no evil" is a flexible concept.

The service is great; but I personally prefer not to trade what little remains of my personal privacy for better search. I lived the first 31 of my 41 years with no search at all and nearly complete privacy; as attractive as good search is, the opposite situation just isn't really all that appealing.

  Andy Wong [04.25.07 06:45 PM]

I agree with Jake Lockley, what Tim said is opinion, not necessarily fact. In my opinion, at least Google did not make harassments to me with my "privacy data", not like those telemarketers. That's good enough to me.

No matter how Google carefully maintains its reputation of managing privacy data, as best player of protecting privacy (of course my opinion only) in the markets (though not necessarily good enough), you would not expect the voices against Google will ever go down. Some people even complaint the text advertisements. So...

After all, it is about balance. Balance between privacy, data of privacy, convenience of customized services and some "rewards" back to the service provider.

  Logical Extremes [04.25.07 06:51 PM]

Tim, I agree that anti-trust probably has little merit (though we may live to regret that down the road), and the accusers in that regard are certainly hypocritical. But on the privacy front, Google's reach does give them great power (and great liability). I don't believe Google is evil today, and my privacy practices may seem paranoiac to some, but once the trust is breached or some database is hacked, the data is out there forever. I don't think I'm alone in not wanting to have a massive "digital dossier" on me accumulated in the first place without my knowledge, consent, and some control. So I take issue with the inevitability of "moving into a future where what we do, where we go, what we spend, what we pay attention to, will be mined constantly and by everyone."

  flynn [04.25.07 10:42 PM]

Tim, please be more careful with "rest of the world" statements.
There are many countries that have privacy laws and grant the citizen the right to decide what happens with his data, unlike the US. In Germany, e.g., selling data without consent is a federal offence.

  Tom [04.25.07 11:10 PM]

Hello,

I liked your article and agree with what you say about how the general public should fear what these other companies you mention do with our private information.

I think people should be more concerned with scams like Yahoo that totally mislead and deceive the general public. Please see:

  Andrew Boyd [04.26.07 01:51 AM]

I think that an increased amount of data (like an increased amount of capital) allows google to become more evil: they haven't gone bad yet, which is all the hope we can have that they never will - I think that you are right, we have to go on the available evidence. They truly aren't MSFT.

I guess we'll find out if they start selling online life histories to the highest bidder - but what if they make a lifetracker API available for free? That will be an interesting day :)

Cheers, Andrew

  K [04.26.07 05:33 AM]

If you do not like it do not use it. That is the biggest complaint you can give any company. They did not get that big because no one ever used their product.

  kentkb [04.26.07 06:11 AM]

To keep something free of cost like Google, someone must pay.
I wish we could op out of all ads, but take any
magazine , now cut out all the ads and see how much is left! A one hour tv program is down to 44 minutes.
I would rather have a few ads well targeted at me than the silly ones that are of no use to me.
If I am looking for a great Car Loan, why not have some help?
I am more worried with our government and how they are using, or miss using, info. on us!

  Margaret Anderson [04.26.07 06:34 AM]

Tim,
I agree with your bottom-line that privacy is, de facto, constantly diminishing, but it is clear people are having trouble getting their head around these changes. We did a survey last October asking folks in the government/industry community to respond to a 2010 scenario where information privacy is no longer a priority. 22% said this was possible, that "the cat is already out of the bag", and 70% said, basically, "No way!" We'll be addresssing the privacy issue again soon. It will be interesting to see if there are changes to the responses given the visibility of privacy issues lately.
(http://governmentfutures.com/talk/?p=50)

  Ygor Valerio [04.26.07 07:08 AM]

I believe it's very important not to miss a point here: whereas there may be some social concern regarding the fact that we're before an ongoing process of information centralization, it remains being only a social concern. Privacy policies and laws don't recognize major information holders from minor gatherers and, really, they aren't supposed to. The fact that Google acquired a large database from DoubleClick is not the real issue (if Google had entered DoubleClick's business nearly a decade ago, it would probably hold pretty much the same amount of data right now), as it doesn't, by itself, mean that privacy will be worked around - laws and policies continue to apply regardless of the amount. I believe that the real concern should be whether the legal system - now and before the merger - is able to keep us from general evil that may come out of people having our information - be it a lot of it or not.

  Mike V [04.26.07 07:53 AM]

Let's not forget that Google, among other services, already has access to what I would consider to some of peoples most private and sensitive data -- personal email.

People had the same type of privacy concerns when Google was first testing Gmail -- but after people had time to use it and understand how it worked, most felt comfortable with it.

Google's trustworthiness is based, I think, primarily on it's reputation and on it's forthrightness about privacy issues, not because they've had limited access to personal data. I don't see this deal changing that.

  GooglyEyed [04.26.07 08:11 AM]

Dangerous to think of Google as benign. THey are a media company that controls the perception of the digital world. If you are not in Google's index, you do not exist (for practical purposes). Tie that with their acute knowledge of your TIMELY actions. Credit card companies can only guess at intentions and only have information on actions. Google can tell how much time you hung out on a page, what you clicked on, etc... NOT just what you bought.

ALso there are strict laws around credit card company and marketing laws. The Internet and Ad business is pretty weak.

Imagine, your Gmail is read, your web pages are read, your clicks are tracked, your searches are tracked, your mapping is tracked (I know what restaurant you wanted to go to last night!), your phone is tracked (Googe Talk), your calendar is tracked, your document info is tracked, etc...

Wow. You are OWNED by Google, Inc.

  Andres Gonzalez [04.26.07 09:06 AM]

Absolutely agree with Tim here. Repeat, absolutely.

  aw [04.26.07 09:15 AM]

Matt Cutts a Google employee, recently blogged his personal opinion on Google privacy issues...

http://www.mattcutts.com/blog/google-and-privacy/

  Jonathan Rockway [04.26.07 09:42 AM]

Imagine, your Gmail is read, your web pages are read, your clicks are tracked, your searches are tracked, your mapping is tracked (I know what restaurant you wanted to go to last night!), your phone is tracked (Googe Talk), your calendar is tracked, your document info is tracked, etc...

It seems scary, but the fact of the matter is that your data just isn't that important. Nobody is going to go look you up in the google database and read your e-mail. You simply don't matter enough for that to be worth anyone's time.


If you're doing something illegal, don't use gmail (or encrypt it, duh). Most people aren't doing anything illegal though, so privacy simply doesn't matter to them. No person is ever going to look for their e-mails specifically.


THey are a media company that controls the perception of the digital world. If you are not in Google's index, you do not exist (for practical purposes).

Really? I haven't used google for much of anything recently. I find most things I want to read via other people (on IRC) or through reddit or delicious. Search is nice sometimes, but it just isn't that useful to me.

  Tim O'Reilly [04.26.07 10:47 AM]

The Matt Cutts post is indeed very interesting. Also, in the comments on that post, he points to an article about ISPs selling clickstream data:

"The first paragraph says ìAt the Open Data 2007 conference in New York today, David Cancel, the CEO of Compete Inc. revealed that ISPs happily sell clickstream data ó and that itís a big business. They donít sell your name ó just your clicks ó but the clicks are tied to you as a specific user (User 1, User 2, etc.).î Thatís pretty organized in my mind, and itís data that people can buy now (as opposed to Googleís user queries, which we donít give out).

So if privacy is a concern for you, one good step is to call your ISP and ask whether they sell your clickstream data and if so, ask exactly what they sell. For example, do they offer search queries, either directly or as a referrer? Do they sell your NXD (non-existent domain) 404 (not found) traffic as described at http://blog.domaintools.com/2007/03/stealing-domain-name-research/"

  Logical Extremes [04.26.07 01:02 PM]

I've elabortaed more on the privacy issues related to Google and ISPs at http://logicalextremes.blogspot.com/2007/04/google-isps-privacy.html

  Tolmos [04.26.07 01:18 PM]

Tim

I agree totally, the problem that I appear is what happens later with this information and that already Google gathers us to diary ... where do they go? Are we accepting the legal terms that I mention down below?

Disclaimer Google: Privacy Policy There are some legal notices, which are ungood for smoking, with hundreds of pages and links that ultimately do not finish any more that confusing the user.
I mention: " 2. POLITICS OF PRIVACY The information compiled by Google or for Third (WHAT THIRD?) relative to the use of the Software it can be stored and tried in The United States and other countries in which Google, his agents, the Third ones or his agents have offices (TOTALLY OPENED TO ANY PART(REPORT) OF THE PLANET, FOR WHAT REMAINS INDETERMINATE) Therefore, on having used the Software, the user consents any transference of the above mentioned information out of hiscountry. (BUT WE DO NOT KNOW IN WHICH)
And I mention part of the link that leads to the politics of privacy: " Some Google's products that you can install with Google Pack can be formed in order that they send to Google information about the websites that you visit or other information. (WHAT OTHER INFORMATION?) these products come formed with these deactivated functions until you decide to enable them, and we will make you know the consequences of activating them before doing it. "

  Frederick Townes [04.26.07 02:15 PM]

Hi Tim, I think you're absolutely correct. And (as aw said) it's funny that Matt Cutts over at google actually put out a post about the same topic the same day (http://www.mattcutts.com/blog/google-and-privacy/).

The point is everyone is scared of 800 pound gorillas, but so many of us have spent all of our time depending on the "safer" "more traditional" ones because we had no choice. :-)

  helge [04.26.07 03:37 PM]

your phone company doesn't just know who you call, worse than that:

your mobile phone operator can perfect map every movement you make. they know when you sleep, when you fly, and where you are right now.

  Andy Wong [04.26.07 04:38 PM]

"It seems scary, but the fact of the matter is that your data just isn't that important. Nobody is going to go look you up in the google database and read your e-mail. You simply don't matter enough for that to be worth anyone's time." by Jonathan Rockway.

As long as no outsiders of google can snip your mails to your secret lovers, what are you afraid of?

Ah, maybe a spy or private detective working in Google will check your Gmail and other private data important to you and to the spy. However, if anyone wants to spy on you because you are important, the spy can spy on you anyway, not necessarily through Google. Google is not your privacy nanny, and it is you who take care of your own privacy, with a bit assistant from regulations, and more from many existing tools, such as PGP and Tor etc.

  Roy Schestowitz [04.26.07 05:30 PM]

There are routes to anonymity, shall anyone require it, e.g. Tor, NoScript, proxies...

  Rocky Agrawal [04.26.07 05:49 PM]

I think there are two reasons people get spooked out by Google when it comes to this:

  • Google is much better at targeting ads than credit card companies, phone companies and airlines. I wrote today about how horribly bad United Airlines is at targeting ads to me, even though they know where I live and every where I've traveled.

  • Online, there tends to be a more immediate connection. e.g. I just chatted with a friend about feeling sick and all of a sudden I'm seeing ads for cold remedies.

That said, I think personalization can be used to deliver a much better experience to the user. Google + DoubleClick could equal fewer ads. Instead of the irrelevant crap that clutters our lives, we'll see ads that are so relevant that we won't even consider them advertising.

  Steve Hobberstad [04.28.07 04:20 PM]

To see how SELF-serving Google can be you need look no farther than the fact that, not infrequently, their searches violate their own supposed logic. I've encountered two different (but related) issues proving that this is the case: 1) entering MORE search terms yields MORE hits instead of FEWER; and, 2) some of the search strings--or parts of search terms--are missing from web pages returned by a search.

Following the rules of Boolean logic there should be absolutely no way that adding additional search terms would result in anything but FEWER hits as the search becomes NARROWER. Likewise, if Google follows its own stated policy of implying "AND" for each term supplied then each AND every one of those terms should be present on the web page returned, but sometimes they're not. To test this I've select/copied a term from the search field (to make sure I didn't make a mistake retyping it) and pasted it into the Find (on this webpage) field for the webpage returned and NOT had that string/term found.

After having both snail- and e-mailed Google on this matter the only reply I got was, "Thank you for writing to us. Due to the tremendous number of requests we receive, we're unable to personally respond to your email at this time..." with an invitation to powwow with other clueless users in Google Groups. Now, I can't be the only person to have made this discovery and I'd be willing to bet that if the answer was anything but commercial they'd have a boilerplate reason posted for all to see.

The only conclusion I can arrive at is that Google has its virtual thumb on its ranking scale as it returns hits to users--probably in an effort to give preferential treatment to advertisers. If anyone else can offer a different explanation I'd like to hear it.

  Frank [04.29.07 07:47 AM]

Google has a very interesting concept of evil and privacy. Evil is something someone else does and anything that they do is the opposite. I don't know why Google is given any credit for proclaiming that they, "Do no evil". It's like a parent loudly proclaiming that they don't beat their children. It's a meaningless marketing slogan anyway, and Google has done a wonderful job of marketing itself.

Google does everything it can to tear down the fig leaf of anonymity provided by changing usernames. The practice of rendering personal data anonymous is a complex task that is studied at the university level. If google had access to the timing with which you entered digits into a telephone it would simply compute the equivalent of a digital fingerprint of your dialing habits and use this to track you from one phone line to another. Other data sets have similar techniques of identifying users from obscured data.

Doing this is much more difficult than simply merging two databases together but all it requires is lots of computing power, lots of data and some people educated in data analysis. Google is not lacking in any of these resources.

It's strange that the argument given most often to support targeted avertising and encourage people to give more personal information is that they will be spared the barrage of irrelevant avertising. It's like setting up a loudspeaker outside someones home and blasting music that they don't like and then saying that the solution to your frustration is to tell me what you like to hear.

It's easy to focus on the cooperative aspects of marketing where targeted ads are used to inform you about products that make your life better but ignore the antagonistic side that is used to expose you to products that you don't want. Imagine a person who decides after years of smoking to quit and orders the patch. In response web sites are filled with smoking images and two free packs show up at the door. Or imagine being overweight and signing up for a diet program and being given advertisements for snacks and a free bag of potato chips. It would make economic sense since keeping an addicted or impulsive customer would be easier than keeping one who is not addictided or is less impulsive.

  Buzzby [04.30.07 06:19 AM]

The amount of information credit card companies have and the database aggregation & marketing services they provide to their business 'partners' is amazing and frightening.

They build partnerships with companies that want to know what YOU buy. Exactly. For instance, these partners pay the credit card companies to develop marketing programs that aggregate their data with the credit card companies records of charges (ROC) they have and _then_ the credit card companies perform the marketing, mailing or website infrastructure to get highly targeted messages to you. The cc company doesn't need to provide data covered by opt-in/opt-outs to other companies when they do this.

Plus, does google have my credit card info? No. Did TJMaxx, yes. Who got hacked and lost the information that really weren't telling us they were collecting since it's implicitly granted to them? TJMaxx & co.

So I agree with the premise of this post that google is the least of my worries.

  michael holloway [05.01.07 06:26 AM]

Jake Lockley said,

"It won't suck when they let me filter my search results or give ME control over exactly how my surfing habits are used, rather than use my habits to charge higher prices for their targeted ads."

Agreed. Last month I was trying to SEO my site. When I ran a FireFox search with the keywords I thought were working, but I got the results My search pattern gets, not what others might get.

I would like the option of turning off my search patterns in my browser.

I have IE on my computer; I guess since I don't use it, it would give different results. I'll try that.

  InternetFree [06.12.07 08:41 AM]

Google's business model revolves around selling stolen personal data from the millions of users that trust Google.
Google stores the browsing history of its users, looks like the Internet is no longer free of snoopers anymore. You use the Internet and have to pay a much greater price than just money.

Post A Comment:

 (please be patient, comments may take awhile to post)






Type the characters you see in the picture above.

RECOMMENDED FOR YOU

RECENT COMMENTS