This last week has been an interesting one in the world of online privacy. For starters, in an interview Google CEO Eric Schmidt told CNBC that “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”, in response to questions about recent changes made to log all the searches you make and associate them with you (or more precisely, your computer) for an extended period, even when not logged into your Google account.
He’s absolutely right that you really have no expectation of true privacy online, especially through a company such as Google who makes its money through targeting ads at you. A company in the United States also must give the government information under subpoena, as Schmidt points out in the same interview.
If you really need that kind of privacy, the reality is that search engines - including Google - do retain this information for some time and it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.
The question he’s dodged, it seems to me, is how intimately this information that Google collects is associated with me within the company itself. I don’t mind Google doing statistical studies across large, anonymous groups of people, but when they start saying
- Don’t forget your wife’s birthday / your anniversary in a week! Here are ads for jewelry, flowers…!
- Your car is 5 years old now, so we’ll show you ads for a new car!
- Congradulations to you as a new parent! Here are ads for baby stuff.
- Since you’ve been diagnosed with X incurable cancer (our most sincere condolences), here are ads for chemotherapy clinics / end of life care / funeral homes!
I’m not sure I want to be that identifiable. I don’t think that my examples are that far off of the realm of possibilities either: they could figure out all of this now based on searching through your social networking information and search/browsing history.
I don’t think hiding information from the government is what most people are looking for when they think of online privacy. I think many more people are concerned with just how personally this information is associated with them within Google itself.
Google in the past has been considered a champion of online privacy. This perception is an important reason for Google’s popularity. I’m sure no one wants them protecting criminals, but the implications extend beyond these cases.
So the question is, what am I doing about all this? Well, I’m not sure how much more I can do technically speaking. Cookies are deleted from my browsers when they close. Google’s analytic tracking services are blocked through services such as Adblock, NoScript, and RequestPolicy addons for Firefox (word of warning, NoScript and RequestPolicy can make many websites totally unusable if you don’t know what you’re doing).
In other news, facebook changed their default privacy settings this week as well. There’s a nice summary of the changes by the EFF. It appears that they’ve changed the default settings so as to encourage you to be much more open, and send everything you do to the world, twitter style. My biggest disappointment in this is that I’m no longer able to block the addon API from accessing my data. Essentially, before I could have blocked friends’ added applications from accessing my “public” data (name, gender, current town, friend list). So I’m sad to see this feature go.