Risk
2/29/2012
08:02 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Privacy Changes: 6 Steps To Take

Don't let Google's data unification scheme send you running scared on privacy. Consider these actions to control your data.

Google on Thursday plans to consolidate some 60 privacy policies for different services into a single policy that governs how the company employs user data.

Google says it's doing so to make its policies easier to understand--something lawmakers and regulators have asked for--and to improve the Google user experience by making information from one Google service available to other Google services that might benefit from that data.

Lawmakers and regulators, however, have grown mistrustful of Google, not to mention other ad-focused companies, and seek to impose new rules. The White House last week proposed a Consumer Privacy Bill of Rights, and on Wednesday, the National Telecommunications and Information Administration (NTIA) put out a call for input on how to turn these privacy principles into enforceable codes of conduct.

[ Read Google Defends Privacy Policy Consolidation. ]

Is Google partly to blame? Long resistant to outside privacy pressures--the company at one time opposed a California law requiring a privacy policy link on its home page--Google has made a series of missteps that have played into the hands of its critics.

For a time, it looked like Google had made peace with privacy, after the embarrassing revelations in 2010 that it had inadvertently been collecting WiFi packet data through software in its Street View cars. The company appointed a director of product privacy and promised to do better. Then Facebook made a bid to return to the privacy spotlight by deploying facial recognition as part of its image tagging system. It seemed as if Google might have learned its lesson.

But fearful of being outmaneuvered by Facebook, Google ignored heightened regulatory scrutiny over search-related antitrust issues and began mixing its so-called organic search results with Google+ search results. That only made lawmakers more mistrustful and competitors more vocal.

Google's resistance to the Do Not Track proposal put forth by privacy advocates didn't help its image.

In January, the company announced its privacy policy consolidation, courting further controversy. Then it was found to be bypassing privacy controls in Apple's Safari and Microsoft's Internet Explorer.

The irony is that Google isn't necessarily any worse than its peers in terms of the way it handles consumer data.

"Google's privacy policy consolidation slated to become effective in a few days has captured the lion's share of attention, but it is Apple that has been the most effective at linking consumer data across every aspect of its services," observed Jules Polonetsky, co-chair and director of the Future of Privacy Forum, in a blog post on Wednesday. "European regulators have proposed a privacy law that seeks to put the data genie back in his bottle, but consumers have voted by expressing delight in Steve Jobs vision by making Apple the most valuable company in the world."

Polonetsky sees a battle between consumer tech companies like Google, Apple, Microsoft, Amazon, and Facebook "to link consumer identity and data across smartphones, desktops, search engines, email, social networks, ad networks, payment systems and more." And he suggests that consumers are willing to make privacy trade-offs because they appreciate the services these companies offer, even as they express outrage at things like address books being accessible to mobile app developers.

Worries about privacy can be compared to worries about computer security. Ask a computer user whether he or she fears email account hijacking, and you'll probably get a nod. Ask that same computer user to take steps that will actually help deter email account hijacking, like long, complicated passwords and use of two-factor authentication, and that person's enthusiasm for security may wane.

Like security, privacy may be appealing in the abstract. But it can be hard to maintain in the real world. Users have the option to operate online without leaving many tracks: They can surf the Net in whatever privacy mode their browser supports, they can rely on extensions to block ads, cookies, and code, they can use lesser known search engines, like Duck Duck Go, and they can learn about proxies. But for most people, it's not worth the trouble.

Still, if Google's privacy consolidation has you seeing red, here are a few steps to take that may make you feel better about your privacy level.

Visit Your Google Dashboard
The Google Account Dashboard provides a single control panel for Google services, or most of them anyway. Once there, you can take steps like disabling your Web History.

Visit the NAI Opt-Out Page
Like other lists that supposedly allow you to opt-out of marketing, the Network Advertising Initiative's Opt-Out list is more about advertisers offering a tool in the hope of avoiding regulation than it is about preventing behavioral tracking. But go ahead and check "Select All" and opt-out. It may make you feel better, even if half of the networks listed return errors that require additional effort to resolve.

Visit Google's Ad Preferences Page
Google allow users to opt-out of personalized advertising and to block specific advertisers, which can be useful if you're not already blocking them en masse at the browser level.

Install Counter-Advertising Software
Try AdBlock Plus, No Script, Disconnect, and Ghostery. Just don't complain if the Web doesn't work right anymore.

Go Cold Turkey
Google insists that competition is only a click away. So click over to an alternative like Bing or Yahoo. Or try Duck Duck Go, a search engine that insists it doesn't track users. You'll be back.

Live In A Cave (Without Wi-Fi)
Living off the grid, without any technology, may be the only way to avoid being tracked these days. Of course neighbors may become suspicious and report you to law enforcement officials, at which point you may be tracked again.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Number 6
50%
50%
Number 6,
User Rank: Apprentice
3/5/2012 | 5:30:23 PM
re: Google Privacy Changes: 6 Steps To Take
I use 2 browsers: IE configured to accept all cookies and Firefox configured to ask. Use Firefox for serious work and IE for temporary searches. Wipe out IE's cookies every couple weeks. With Firefox, first deny, and if needed accept for session only. Remember only for sites I regularly visit.

With a firewall, have never had a problem.
kiapiz
50%
50%
kiapiz,
User Rank: Apprentice
3/3/2012 | 10:06:06 PM
re: Google Privacy Changes: 6 Steps To Take
Checkout http://donottrack.me

Simple steps to opt-out from Ad Networks tracking you
You can also clean the data collected about you.
SLINK000
50%
50%
SLINK000,
User Rank: Apprentice
3/3/2012 | 1:29:33 PM
re: Google Privacy Changes: 6 Steps To Take
One thing that I don't see is a suggestion to manually accept all cookies. Of course this is a hassle for a little while while you build up the list of accept/reject cookies, but I can say that I have never had an unrecoverable virus/spyware problem. And the count of problems in many years stands at two, I believe. I mentioned this trick in my book - Link Em Up on Outlook - and bring it up every time that I can. It seems that not too many people embrace this simple step.
Number 6
50%
50%
Number 6,
User Rank: Apprentice
3/2/2012 | 6:30:00 PM
re: Google Privacy Changes: 6 Steps To Take
Wish the headline wasn't misleading. 6 steps are more like 2 useful, Google-specific steps, 2 non-Google suggestions and 2 funny but not really useful suggestions. Heading back to my cave now before Number 2 spots me.
ANON1237925156805
50%
50%
ANON1237925156805,
User Rank: Apprentice
3/1/2012 | 9:35:51 PM
re: Google Privacy Changes: 6 Steps To Take
Oops! I menat to say even in the space that we CAN control no one is really willing to give up their newfound conveniences to protect their anonymity. The Googles of the world know this.
ANON1237925156805
50%
50%
ANON1237925156805,
User Rank: Apprentice
3/1/2012 | 9:32:54 PM
re: Google Privacy Changes: 6 Steps To Take
This is a sad place we've ended up in. What we defeated post J. Edgar with laws like the Freedom of Information act we are now giving back without a thought. We have no idea who's got what data and what they will do with it.

Thanks to the Patriot Act, that's true even at the gov't level over which we have no apparent control. As you write, even in the space we can't control, no one is really willing to give up their newfound conveniences to protect their anonymity. So we are walking down a very unfamiliar path. By the time the first major calamity happens it'll be too late to turn back.

Stay tuned.
joe345
50%
50%
joe345,
User Rank: Apprentice
3/1/2012 | 3:14:23 PM
re: Google Privacy Changes: 6 Steps To Take
What about using add-ons like TrackMeNot?
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.