Curated by: Luigi Canali De Rossi

Friday, May 30, 2003

Are Google Privacy Policies OK?

Sponsored Links

My beloved Google is up to being heavily criticized by privacy interest groups unless it can make sun shine again on the heavy clouds of doubts that are hovering its privacy policy approach and methods of utilizing individual search data that should be indeed owned by each individual.

Maybe I finally get to have an answer to a question that has been bugging me for a long time: Why search engines do not sell access to their data?

In my article "Search Engines Should Sell Access To Their Traffic Data" I had not engaged myself in considering the privacy implications of collecting all that data especially when Goggle does this by going a bit beyond what you and me have been thinking all along.

Here is a little mind opener, thanks to excellent technology investigator and communication agent Daniel Brandt at GoogleWatch:

Question: What would be the fastest, most efficient, and most revealing approach to data mining the Internet?

Answer: Pay Google for a back-door feed on who's searching for what.

Question: Has Google ever, in their entire existence, issued any sort of statement suggesting that their sense of public responsibility would preclude being used in this way, or that the information they collect would never be sold for a price?

Answer: Not convincingly.*

Question: If Google decided to sell out, could they be held liable for privacy violations? Would we even find out about it?

Answer: No. The Homeland Security Act exempts companies from lawsuits or government prosecution after they turn over information to the new agency. Such information is exempt from the Freedom of Information Act. Officials who release this information can get up to six months in prison and a $5,000 fine.

Here some interesting quotes:

"Mr. Poindexter is pursuing a scheme he thought up right after 9/11 and then sold to the Bush administration. Total Information Awareness, or T.I.A., aims to use the vast networking powers of the computer to 'mine' huge amounts of information about people and thus help investigative agencies identify potential terrorists and anticipate terrorist activities. All the transactions of everyday life -- credit card purchases, travel and telephone records, even Internet traffic like e-mail -- would be grist for the electronic mill." -- New York Times editorial, 18 November 2002

"Google currently does not allow outsiders to gain access to raw data because of privacy concerns. Searches are logged by time of day, originating I.P. address (information that can be used to link searches to a specific computer), and the sites on which the user clicked. People tell things to search engines that they would never talk about publicly -- Viagra, pregnancy scares, fraud, face lifts. What is interesting in the aggregate can seem an invasion of privacy if narrowed to an individual.
"So, does Google ever get subpoenas for its information? 'Google does not comment on the details of legal matters involving Google,' Mr. Brin responded." -- New York Times, 28 November 2002

April 2002: In the Name of Homeland Security, Telecom Firms Are Deluged With Subpoenas (Miles Benson) Law enforcement officials have begun to press sources to deliver information without a formal subpoena.

Find out more about Google privacy issues at

Daniel Brandt President of Public Information Research and master investigator of Google privacy issues analyzes in detail also the issue of tracking adopted by Google through the use of its unique cookies.

Read what Mr Brandt has to say in an open letter to the king of search engines:

"The fact that Google has (at least until recently) tried to remain ad-free, suggests that its interest in tracking is not commercial. One might infer from this that your tracking policies are even more intimidating that those of portal-like sites that use cookies for ad-serving purposes.

Here are my objections to Google's use of cookies:

1) Google has inadequate justification for planting a cookie that expires in 2038 on every user, and also recording that user's search terms, IP number, and time-date. If Google needs cookie-tracking feedback for software design and improvement purposes, you could offer an incentive to accept a cookie for browser configuration convenience, and clearly explain the consequences of "opting in" with such a cookie.

2) Even given an "opt in" situation for a cookie, there is no justification for an expiration date of 2038. Google could use session cookies, or if this is not satisfactory, it would be easy to constantly reset the cookie with a 30-day expiration date. That way, if a user didn't frequent Google at least once a month, their cookie would expire. There is no excuse for your near-immortal cookies. Mr. Jason Catlett of Junkbusters asked Larry Page about this 15 months ago, with respect to the toolbar, and he did not get a straight answer from Mr. Page about the reason for these cookies.

3) Your privacy policy claims that you do not collect identifiable information from the user. However, many users now have static IP numbers. New laws passed by Congress last year give authorities the right to obtain the information in Google's possession, apparently without a showing of probable cause, just as they now have the right to obtain logging information from Internet service providers. With the new Patriot Act, the use of the GET instead of the POST method for Google searching makes your case even weaker, as the authorities can claim that the search terms are part of the URL, and that they get logged with the URL in normal httpd logging. Therefore they may fall under the definition of "routing and addressing" information that is subject to "tap and trace device" scrutiny. Judges are required to approve orders for such scrutiny without a showing of probable cause.

The fact that you record unique cookie ID, plus IP number, plus date and time, makes much of your information "identifiable." Authorities can also do a "sneak and peek" search of a Google user's hard drive when he isn't home, retrieve a Google cookie ID, and then get a keyword search history from you for this ID."

Read more of this very interesting story at:
Google Privacy Policies

Recommended reading.

Readers' Comments    
2005-09-19 05:29:23

Many of these complaints regarding Google's "invasion of privacy" are overblown. Every time you access a page in the internet (ANY PAGE ON THE INTERNET!!!!) the people in charge of the webspace can have at their disposal (if they wish) your IP number, the day and time you accessed their page, the browser you are using, the page you just came from, and other statistics. The nature of the internet inherently lacks privacy. Anyone can sit in front of a computer screen log onto a bank site like Wells Fargo and experiment with account numbers and passwords until they get a match. Does this scare you? If you have serious issues with privacy, maybe you should avoid using the internet altogether.

Personally, when I looked over at the ads in my Gmail account, I did get freaked out a little bit but I got over it in a second. Gmail is a free service. Nobody is putting a gun to your head and saying "Use Google's Email service!" There are plenty of other email services available (Hotmail, Yahoo) that do not scan your emails for advertisements.

You can try to "stop Google" from collecting your data as Sepp above is trying to do by limiting time limit for cookies. This isn't going to accomplish anything. As I explained above, every time you click on a link someone out there is able to see where you're going, when your doing it, where you just came from, etc.

The problem is not just Google, everyone including websites like are looking at your clicks. Every time I shop after I click on a few movies I get "suggested" movies that are similar to the ones that I just clicked on off to the side, not too different from what Google is doing with Gmail.

The problem with Gmail is that some of the information being passed via email can be sensitive in nature and I can see where people might have issues with that. All I can say is: get over it.

2003-06-15 11:10:52



there it is, all on your site. The German said that a good way to stop Google from collecting your data would be to limit their ability to set cookies on your computer. (they are long time cookies, valid until 2038 - 25 years!

He said Mozilla allows you to exclude specific domains from setting cookies.

Netscape allows to set a maximum time limit for cookies to be accepted. I have set the limit to one day validity.


posted by Robin Good on Friday, May 30 2003, updated on Tuesday, May 5 2015

Search this site for more with 








    Curated by

    New media explorer
    Communication designer


    POP Newsletter

    Robin Good's Newsletter for Professional Online Publishers  



    Real Time Web Analytics