08:02 PM
Connect Directly

Google Privacy Changes: 6 Steps To Take

Don't let Google's data unification scheme send you running scared on privacy. Consider these actions to control your data.

Google on Thursday plans to consolidate some 60 privacy policies for different services into a single policy that governs how the company employs user data.

Google says it's doing so to make its policies easier to understand--something lawmakers and regulators have asked for--and to improve the Google user experience by making information from one Google service available to other Google services that might benefit from that data.

Lawmakers and regulators, however, have grown mistrustful of Google, not to mention other ad-focused companies, and seek to impose new rules. The White House last week proposed a Consumer Privacy Bill of Rights, and on Wednesday, the National Telecommunications and Information Administration (NTIA) put out a call for input on how to turn these privacy principles into enforceable codes of conduct.

[ Read Google Defends Privacy Policy Consolidation. ]

Is Google partly to blame? Long resistant to outside privacy pressures--the company at one time opposed a California law requiring a privacy policy link on its home page--Google has made a series of missteps that have played into the hands of its critics.

For a time, it looked like Google had made peace with privacy, after the embarrassing revelations in 2010 that it had inadvertently been collecting WiFi packet data through software in its Street View cars. The company appointed a director of product privacy and promised to do better. Then Facebook made a bid to return to the privacy spotlight by deploying facial recognition as part of its image tagging system. It seemed as if Google might have learned its lesson.

But fearful of being outmaneuvered by Facebook, Google ignored heightened regulatory scrutiny over search-related antitrust issues and began mixing its so-called organic search results with Google+ search results. That only made lawmakers more mistrustful and competitors more vocal.

Google's resistance to the Do Not Track proposal put forth by privacy advocates didn't help its image.

In January, the company announced its privacy policy consolidation, courting further controversy. Then it was found to be bypassing privacy controls in Apple's Safari and Microsoft's Internet Explorer.

The irony is that Google isn't necessarily any worse than its peers in terms of the way it handles consumer data.

"Google's privacy policy consolidation slated to become effective in a few days has captured the lion's share of attention, but it is Apple that has been the most effective at linking consumer data across every aspect of its services," observed Jules Polonetsky, co-chair and director of the Future of Privacy Forum, in a blog post on Wednesday. "European regulators have proposed a privacy law that seeks to put the data genie back in his bottle, but consumers have voted by expressing delight in Steve Jobs vision by making Apple the most valuable company in the world."

Polonetsky sees a battle between consumer tech companies like Google, Apple, Microsoft, Amazon, and Facebook "to link consumer identity and data across smartphones, desktops, search engines, email, social networks, ad networks, payment systems and more." And he suggests that consumers are willing to make privacy trade-offs because they appreciate the services these companies offer, even as they express outrage at things like address books being accessible to mobile app developers.

Worries about privacy can be compared to worries about computer security. Ask a computer user whether he or she fears email account hijacking, and you'll probably get a nod. Ask that same computer user to take steps that will actually help deter email account hijacking, like long, complicated passwords and use of two-factor authentication, and that person's enthusiasm for security may wane.

Like security, privacy may be appealing in the abstract. But it can be hard to maintain in the real world. Users have the option to operate online without leaving many tracks: They can surf the Net in whatever privacy mode their browser supports, they can rely on extensions to block ads, cookies, and code, they can use lesser known search engines, like Duck Duck Go, and they can learn about proxies. But for most people, it's not worth the trouble.

Still, if Google's privacy consolidation has you seeing red, here are a few steps to take that may make you feel better about your privacy level.

Visit Your Google Dashboard
The Google Account Dashboard provides a single control panel for Google services, or most of them anyway. Once there, you can take steps like disabling your Web History.

Visit the NAI Opt-Out Page
Like other lists that supposedly allow you to opt-out of marketing, the Network Advertising Initiative's Opt-Out list is more about advertisers offering a tool in the hope of avoiding regulation than it is about preventing behavioral tracking. But go ahead and check "Select All" and opt-out. It may make you feel better, even if half of the networks listed return errors that require additional effort to resolve.

Visit Google's Ad Preferences Page
Google allow users to opt-out of personalized advertising and to block specific advertisers, which can be useful if you're not already blocking them en masse at the browser level.

Install Counter-Advertising Software
Try AdBlock Plus, No Script, Disconnect, and Ghostery. Just don't complain if the Web doesn't work right anymore.

Go Cold Turkey
Google insists that competition is only a click away. So click over to an alternative like Bing or Yahoo. Or try Duck Duck Go, a search engine that insists it doesn't track users. You'll be back.

Live In A Cave (Without Wi-Fi)
Living off the grid, without any technology, may be the only way to avoid being tracked these days. Of course neighbors may become suspicious and report you to law enforcement officials, at which point you may be tracked again.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Number 6
Number 6,
User Rank: Apprentice
3/5/2012 | 5:30:23 PM
re: Google Privacy Changes: 6 Steps To Take
I use 2 browsers: IE configured to accept all cookies and Firefox configured to ask. Use Firefox for serious work and IE for temporary searches. Wipe out IE's cookies every couple weeks. With Firefox, first deny, and if needed accept for session only. Remember only for sites I regularly visit.

With a firewall, have never had a problem.
User Rank: Apprentice
3/3/2012 | 10:06:06 PM
re: Google Privacy Changes: 6 Steps To Take
Checkout http://donottrack.me

Simple steps to opt-out from Ad Networks tracking you
You can also clean the data collected about you.
User Rank: Apprentice
3/3/2012 | 1:29:33 PM
re: Google Privacy Changes: 6 Steps To Take
One thing that I don't see is a suggestion to manually accept all cookies. Of course this is a hassle for a little while while you build up the list of accept/reject cookies, but I can say that I have never had an unrecoverable virus/spyware problem. And the count of problems in many years stands at two, I believe. I mentioned this trick in my book - Link Em Up on Outlook - and bring it up every time that I can. It seems that not too many people embrace this simple step.
Number 6
Number 6,
User Rank: Apprentice
3/2/2012 | 6:30:00 PM
re: Google Privacy Changes: 6 Steps To Take
Wish the headline wasn't misleading. 6 steps are more like 2 useful, Google-specific steps, 2 non-Google suggestions and 2 funny but not really useful suggestions. Heading back to my cave now before Number 2 spots me.
User Rank: Apprentice
3/1/2012 | 9:35:51 PM
re: Google Privacy Changes: 6 Steps To Take
Oops! I menat to say even in the space that we CAN control no one is really willing to give up their newfound conveniences to protect their anonymity. The Googles of the world know this.
User Rank: Apprentice
3/1/2012 | 9:32:54 PM
re: Google Privacy Changes: 6 Steps To Take
This is a sad place we've ended up in. What we defeated post J. Edgar with laws like the Freedom of Information act we are now giving back without a thought. We have no idea who's got what data and what they will do with it.

Thanks to the Patriot Act, that's true even at the gov't level over which we have no apparent control. As you write, even in the space we can't control, no one is really willing to give up their newfound conveniences to protect their anonymity. So we are walking down a very unfamiliar path. By the time the first major calamity happens it'll be too late to turn back.

Stay tuned.
User Rank: Apprentice
3/1/2012 | 3:14:23 PM
re: Google Privacy Changes: 6 Steps To Take
What about using add-ons like TrackMeNot?
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

Published: 2014-10-25
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

Published: 2014-10-25
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

Published: 2014-10-25
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

Published: 2014-10-25
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.