Risk
3/2/2012
02:25 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

8 Privacy Threats Worse Than Google

Google's privacy policy tweaks this week caused a fresh flurry of outrage. But Google should not be your top privacy worry.

Google has taken a lot of heat for combining several dozen privacy policies that few people ever read into a single set of rules that people might actually glance at, even if they don't really want to bother with the specifics.

The outcry is both appropriate and ridiculous.

Worries about online privacy are appropriate because online privacy is terrible. Remember Facebook's Beacon ad targeting system, which caused similar controversy in 2007? Well, read Google's new privacy policy, the part about pixel tags.

Google explains, "A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies."

That's basically what Facebook's Beacon system did. But it's not just Google doing this, it's pretty much every online ad company and major Internet service. Get ready for the Soylent Green moment: The information economy runs on your information.

[ Read Google Insists Privacy Change Is Legal. ]

But worries about online privacy are ridiculous because we don't really want privacy. We want to feel like we're in control, whether or not we are or can be. We want a property right in the information we generate and passively express. You'd better hope that we never get that far because there won't be any information economy after that.

Privacy doesn't sell, at least beyond those in the market for tin foil hats. I've lost track of the number of companies that have tried and failed to sell privacy as a product. It doesn't sell because we'd rather be connected and share, because we'd rather have advertisers subsidize online services, and because it's difficult to place a value on privacy.

Worries about online privacy are ridiculous because much of the hysteria comes from companies using fear mongering to compete, from lawmakers who don't understand technology, and from interest groups with ties to industry. Real cases of privacy-related harm are few and far between. Remember the Borings, the couple in Pennsylvania that sued Google for photographing their property with a Street View car? They settled for $1. Google paid too much.

In a more recent Street View privacy-related lawsuit, a French man is suing Google for capturing an image of him urinating in his yard. Although his face was blurred, locals apparently recognized him. Maybe Google will have to shift to full-body blurring, to protect the privacy necessary to relieve oneself in public.

Worries about online privacy are ridiculous because we're so schizophrenic about privacy. Google has to blur the face of people captured in Street View images, yet these same people are probably present in the backgrounds of tourists' pictures and video posted to countless social-sharing websites. We surrender our privacy to our employers and yet accept that companies have a right to operate without much scrutiny. We submit to invasive body scanning at airports and become indignant at the thought of seeing ads tailored to our interests.

Though Google consolidated its privacy policies to allow it to generate more ad revenue by delivering more relevant ads, it also is offering what it believes is a better experience. So before you take up arms against Google, which is mainly trying to make enough money to pay for all those videos you're uploading and watching on YouTube, here, in no particular order, are a few privacy violators to worry about.

1. Shoulder surfers. Remember, you don't have much privacy and you have even less sitting in a cafe or on a plane where people can see your computer screen.

2. Hackers. No computer user with an Internet connection is immune from hacking, but you can mitigate the risk by choosing strong passwords and using two-factor authentication. Sure, it's a pain, but assuring that your computer is secure will help you maintain your privacy.

3. Other people. When things are going well in a relationship or friendship, it's all about sharing. When things turn to divorce, child-custody battles, or other disputes, you might realize that your enemies don't adhere to privacy policies. And even your friends might cause problems, posting pictures or sharing email messages that don't portray you as you wish to be portrayed.

4. Governments. If you're more concerned about what Google knows than you are about what governments know, consider whether any government is more true to the "Don't Be Evil" motto than Google. Who watches the watchmen?

5. Credit bureaus. Unlike consumer credit companies, what Google knows about you probably never prevented you from getting a loan.

6. Information vendors. Google might be able to point people to a lot of public information about you, but companies such as Intellius, when presented with an email address, will produce a report that includes a person's personal name, address, residential and cell phone numbers, and location details.

7. Your employer. Google is reasonably specific about the information it collects and it allows users a fair degree of control over that information. Your employer probably has a record of all the websites you've visited while at work and access to your work-related email. Before you sue for employment discrimination or back pay, be sure your own conduct online at work has been beyond reproach.

8. You. Google can collect only a limited amount of information if you haven't signed in to your Google account. And the company provides plenty of tools for limiting the information it stores. Have you done your part to protect your privacy? Here's a first step in the journey toward privacy awareness: Keep your voice down when talking on your mobile phone.

The list could go on. Insurers, retailers, ISPs, developers, telecom companies, electric utilities, grocery stores, and anyone rifling through your garbage might know more about you than you realize. Frankly, if Google's tracking is your major concern, you probably have very little to worry about.

That doesn't mean privacy isn't worthwhile. It's just complicated. We should expect and demand that companies are straightforward about how they're using information. Here Google and other businesses need to do more, to be more specific about how they leverage data. But we should not expect them to turn a blind eye to the information we don't take the trouble to protect, particularly if they make a good faith effort to be transparent and involve us in the process.

Trust as much as you have to, verify what you care about, block where necessary, and try to find your own personal comfort zone in the information economy.

New privacy rules might sound appealing, but they probably won't be very effective. Advertising has a way to surviving. And in the event it doesn't, guess who'll end up paying?

As enterprises ramp up cloud adoption, service-level agreements play a major role in ensuring quality enterprise application performance. Follow our four-step process to ensure providers live up to their end of the deal. It's all in our Cloud SLA report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ANON1237925156805
50%
50%
ANON1237925156805,
User Rank: Apprentice
3/5/2012 | 10:56:00 PM
re: 8 Privacy Threats Worse Than Google
Wow! Terrific. Spot on.
teddertn
50%
50%
teddertn,
User Rank: Apprentice
3/5/2012 | 6:47:15 PM
re: 8 Privacy Threats Worse Than Google
Your commentary is spot on. Easily the best summation and realistic observations and advice I've read in a long time. Thank you!
Rajesh Menon
50%
50%
Rajesh Menon,
User Rank: Apprentice
3/4/2012 | 12:33:59 PM
re: 8 Privacy Threats Worse Than Google
Hey Tom - Nice article. As long as we use same and secure systems we need not worry about outside threats. Does such a thing exist. I think it does. Not 100%, but we are getting there. May God Bless you (not condescending). Thx :)))
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.