Risk
2/29/2012
08:02 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Privacy Changes: 6 Steps To Take

Don't let Google's data unification scheme send you running scared on privacy. Consider these actions to control your data.

Google on Thursday plans to consolidate some 60 privacy policies for different services into a single policy that governs how the company employs user data.

Google says it's doing so to make its policies easier to understand--something lawmakers and regulators have asked for--and to improve the Google user experience by making information from one Google service available to other Google services that might benefit from that data.

Lawmakers and regulators, however, have grown mistrustful of Google, not to mention other ad-focused companies, and seek to impose new rules. The White House last week proposed a Consumer Privacy Bill of Rights, and on Wednesday, the National Telecommunications and Information Administration (NTIA) put out a call for input on how to turn these privacy principles into enforceable codes of conduct.

[ Read Google Defends Privacy Policy Consolidation. ]

Is Google partly to blame? Long resistant to outside privacy pressures--the company at one time opposed a California law requiring a privacy policy link on its home page--Google has made a series of missteps that have played into the hands of its critics.

For a time, it looked like Google had made peace with privacy, after the embarrassing revelations in 2010 that it had inadvertently been collecting WiFi packet data through software in its Street View cars. The company appointed a director of product privacy and promised to do better. Then Facebook made a bid to return to the privacy spotlight by deploying facial recognition as part of its image tagging system. It seemed as if Google might have learned its lesson.

But fearful of being outmaneuvered by Facebook, Google ignored heightened regulatory scrutiny over search-related antitrust issues and began mixing its so-called organic search results with Google+ search results. That only made lawmakers more mistrustful and competitors more vocal.

Google's resistance to the Do Not Track proposal put forth by privacy advocates didn't help its image.

In January, the company announced its privacy policy consolidation, courting further controversy. Then it was found to be bypassing privacy controls in Apple's Safari and Microsoft's Internet Explorer.

The irony is that Google isn't necessarily any worse than its peers in terms of the way it handles consumer data.

"Google's privacy policy consolidation slated to become effective in a few days has captured the lion's share of attention, but it is Apple that has been the most effective at linking consumer data across every aspect of its services," observed Jules Polonetsky, co-chair and director of the Future of Privacy Forum, in a blog post on Wednesday. "European regulators have proposed a privacy law that seeks to put the data genie back in his bottle, but consumers have voted by expressing delight in Steve Jobs vision by making Apple the most valuable company in the world."

Polonetsky sees a battle between consumer tech companies like Google, Apple, Microsoft, Amazon, and Facebook "to link consumer identity and data across smartphones, desktops, search engines, email, social networks, ad networks, payment systems and more." And he suggests that consumers are willing to make privacy trade-offs because they appreciate the services these companies offer, even as they express outrage at things like address books being accessible to mobile app developers.

Worries about privacy can be compared to worries about computer security. Ask a computer user whether he or she fears email account hijacking, and you'll probably get a nod. Ask that same computer user to take steps that will actually help deter email account hijacking, like long, complicated passwords and use of two-factor authentication, and that person's enthusiasm for security may wane.

Like security, privacy may be appealing in the abstract. But it can be hard to maintain in the real world. Users have the option to operate online without leaving many tracks: They can surf the Net in whatever privacy mode their browser supports, they can rely on extensions to block ads, cookies, and code, they can use lesser known search engines, like Duck Duck Go, and they can learn about proxies. But for most people, it's not worth the trouble.

Still, if Google's privacy consolidation has you seeing red, here are a few steps to take that may make you feel better about your privacy level.

Visit Your Google Dashboard
The Google Account Dashboard provides a single control panel for Google services, or most of them anyway. Once there, you can take steps like disabling your Web History.

Visit the NAI Opt-Out Page
Like other lists that supposedly allow you to opt-out of marketing, the Network Advertising Initiative's Opt-Out list is more about advertisers offering a tool in the hope of avoiding regulation than it is about preventing behavioral tracking. But go ahead and check "Select All" and opt-out. It may make you feel better, even if half of the networks listed return errors that require additional effort to resolve.

Visit Google's Ad Preferences Page
Google allow users to opt-out of personalized advertising and to block specific advertisers, which can be useful if you're not already blocking them en masse at the browser level.

Install Counter-Advertising Software
Try AdBlock Plus, No Script, Disconnect, and Ghostery. Just don't complain if the Web doesn't work right anymore.

Go Cold Turkey
Google insists that competition is only a click away. So click over to an alternative like Bing or Yahoo. Or try Duck Duck Go, a search engine that insists it doesn't track users. You'll be back.

Live In A Cave (Without Wi-Fi)
Living off the grid, without any technology, may be the only way to avoid being tracked these days. Of course neighbors may become suspicious and report you to law enforcement officials, at which point you may be tracked again.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Number 6
50%
50%
Number 6,
User Rank: Apprentice
3/5/2012 | 5:30:23 PM
re: Google Privacy Changes: 6 Steps To Take
I use 2 browsers: IE configured to accept all cookies and Firefox configured to ask. Use Firefox for serious work and IE for temporary searches. Wipe out IE's cookies every couple weeks. With Firefox, first deny, and if needed accept for session only. Remember only for sites I regularly visit.

With a firewall, have never had a problem.
kiapiz
50%
50%
kiapiz,
User Rank: Apprentice
3/3/2012 | 10:06:06 PM
re: Google Privacy Changes: 6 Steps To Take
Checkout http://donottrack.me

Simple steps to opt-out from Ad Networks tracking you
You can also clean the data collected about you.
SLINK000
50%
50%
SLINK000,
User Rank: Apprentice
3/3/2012 | 1:29:33 PM
re: Google Privacy Changes: 6 Steps To Take
One thing that I don't see is a suggestion to manually accept all cookies. Of course this is a hassle for a little while while you build up the list of accept/reject cookies, but I can say that I have never had an unrecoverable virus/spyware problem. And the count of problems in many years stands at two, I believe. I mentioned this trick in my book - Link Em Up on Outlook - and bring it up every time that I can. It seems that not too many people embrace this simple step.
Number 6
50%
50%
Number 6,
User Rank: Apprentice
3/2/2012 | 6:30:00 PM
re: Google Privacy Changes: 6 Steps To Take
Wish the headline wasn't misleading. 6 steps are more like 2 useful, Google-specific steps, 2 non-Google suggestions and 2 funny but not really useful suggestions. Heading back to my cave now before Number 2 spots me.
ANON1237925156805
50%
50%
ANON1237925156805,
User Rank: Apprentice
3/1/2012 | 9:35:51 PM
re: Google Privacy Changes: 6 Steps To Take
Oops! I menat to say even in the space that we CAN control no one is really willing to give up their newfound conveniences to protect their anonymity. The Googles of the world know this.
ANON1237925156805
50%
50%
ANON1237925156805,
User Rank: Apprentice
3/1/2012 | 9:32:54 PM
re: Google Privacy Changes: 6 Steps To Take
This is a sad place we've ended up in. What we defeated post J. Edgar with laws like the Freedom of Information act we are now giving back without a thought. We have no idea who's got what data and what they will do with it.

Thanks to the Patriot Act, that's true even at the gov't level over which we have no apparent control. As you write, even in the space we can't control, no one is really willing to give up their newfound conveniences to protect their anonymity. So we are walking down a very unfamiliar path. By the time the first major calamity happens it'll be too late to turn back.

Stay tuned.
joe345
50%
50%
joe345,
User Rank: Apprentice
3/1/2012 | 3:14:23 PM
re: Google Privacy Changes: 6 Steps To Take
What about using add-ons like TrackMeNot?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3352
Published: 2014-08-30
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh...

CVE-2014-3908
Published: 2014-08-30
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2010-5110
Published: 2014-08-29
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.