blog.gkaindl.com

nerd nouveau

On Google Web History

20/04/07

Yesterday, I read the announcement that Google is introducing their newest creation: Web History. My first reaction was, wow, this is pretty invasive.

In short, Google wants to track you as you’re surfing the web. They want to know about every single page you’ve visited. In return, they offer you the ability to search your browsing history, which could actually be useful for one of these “Oh damn, what was the site with this Cocoa sample code again” moments).

Naturally, such a tool raises all sorts of concerns, as expressed here, for example, or in the comments here. I don’t want to comment on the general concepts of “privacy” and “trust” here. That is being done everywhere else. If you don’t feel a bit creeped out by Google knowing everything about your surfing habits, your interests, your funny rash that you look up on a medical website, the “101 dating tips for shy guys” page you’re secretly reading or that you are downloading your homework off the internet, if that doesn’t creep you out, it’s ok with me. What I’m more interested in are the concrete disadvantages that can stem from Google knowing everything about your surfing habits.

Subpoenas ahoi!

Usually, connecting a person’s name to some online activity is pretty hard unless the provider of the page cooperates somehow. If a website’s host doesn’t keep records of their visitors or doesn’t give them out, you can feel pretty safe. Google Web History can change that, however.

Now let’s assume you are downloading some illegal mp3s from a website, maybe a movie, maybe you are just searching for a torrent file to get the illegal file. Now, even if you don’t use Google during this process at all, with Web History, they know you have done it. They can prove that you have done it. It is tied to your very own, password-protected account. That’s rather strong evidence.

Google probably doesn’t care about it, but what happens if some corporate lawyer subpoenas them to hand out everybody’s name who pirated a certain piece of software, a certain song or a movie. Look what’s going on with the P2P lawsuits everywhere now. Whoops, not so cool anymore.

The mosaic

One piece of information about your surfing habits alone probably won’t get you into trouble, but sometimes, it’s the combination that does. Let’s assume you are doing research about the Iraq war, click around a bit, and suddenly you land on a terrorist website. Google logs that, too.

Now even if that was basically an accident, what would possibly happen if the authorities decide to have a look at the Web Histories saved by Google. It’s not like Google could do much about it. They look for people who’ve accessed this one terrorist website, and whoops, your name is on the list. Most likely, nothing will happen, but you never know, maybe one day you end up at an airport with a little problem in your passport or because you haven’t filled out a visa waiver form correctly. They run your name through their system, and guess what’s coming up on their screen. The next thing you’ll hear is the snapping sound of latex gloves…

Of course, that a pretty crass example, but I’m sure it could happen. Naturally, you can put together a larger mosaic, too. Maybe you are just looking at a set of completely inconspicuous things, but when put together, you’ve looked at web-shops that sell all the parts you need to build a napalm bomb. You wouldn’t even know it, but this may put you on somebody’s list.

The “I’ll turn it off selectively” argument

How about simply turing off the tracking temporarily when you are visiting a site that you do not want Google to see. For example, before you embark on your journey through the world of the not-so-innocent alleys of the internet, you just click the “Off” button.

The problem with this approach is that it doesn’t work well. First, they would still know your IP address from the tracking you turned it off. This address usually doesn’t change from one minute to the other. If they had never tracked you before, it would be hard to impossible for them to link your IP address to your name, so even if you leave the usual IP address trail, it’s hard to link it back to you. Now, even with Web History temporarily disabled, it’s trivial, for example, through Google Ads that get displayed in your browser. Web History might be off, but it’s still the same IP address requesting the Google Ads. There they go!

Moreover, turning off Web History may even indicate that tracking you is especially interesting right now. Do you have something to hide? By knowing your IP address from your surfing before (with Web History on), it’s trivial to do that, and the previous two concerns apply again. I’m sure corporate lawyers or the authorities are pretty interested in what you are looking at after explicitly turing tracking off.

Well, those are just the first few thoughts that came to my mind when I read the announcement. And they are just the bad things that could happen if Google stays by their tagline - Don’t be evil. If they throw that overboard, too, and start sharing data with your potential employers, for example, then you may really regret having ever used Web History…

About

Hi, how are you? My name is Georg Kaindl, and I'm a twenty-something from Vienna, Austria. During the day, I'm a CS student at the Vienna University of Technology, but at night, I turn into an independent software developer for the Macintosh platform, social nerd, lazy entrepreneur and intuitive researcher.

I like to write about everything that matters to considerate technology enthusiasts, but humbly retain the right to go off-topic from time to time.

My posts are licensed under a Creative Commons Attribution 3.0 License.

Contact

You can reach me by email if you have something to say that's not related to a blog post or that you don't want to have publicly available as a comment to a post.

However, you'll have to prove that you are human! Even though I personally like robots very much, I'm less of fan of SPAM. It's just a simple riddle to solve, but a SPAM bot won't cut it!

To get my email address, take the word before the .com in my domain name first (Hint: The word you are looking for starts with a "g" and ends with an "l"). Next, simply attach @mac.com to this word.

Boom, there's my email address. Simple, isn't it?

Powered by WordPress

Comments RSS

Entries RSS