Linked by David Adams on Fri 11th Dec 2009 01:25 UTC
Privacy, Security, Encryption I was reminded of Sun Microsystems' Scott McNealy's infamous sound byte (used as the title of this article) when I read about Google CEO Eric Schmidt's foot-in-mouth moment during a recent CNBC interview (YouTube Link). Here's what Schmidt said: "I think judgment matters. If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines -- including Google -- do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."
Order by: Score:
kragil
Member since:
2006-01-04

"gay biker porn" and all the other nice things people search for on the intertubes ;)

Reply Score: 2

Good article
by Anon9 on Fri 11th Dec 2009 02:25 UTC
Anon9
Member since:
2008-06-30

I advocate repealing the Patriot Act. It's refreshing to see an article from a non-political news source which shows the bad points of such legislation.

Reply Score: 4

RE: Good article
by Vlad on Fri 11th Dec 2009 08:03 UTC in reply to "Good article"
Vlad Member since:
2006-03-23

As questionable as the value of the Patriot Act is, in the grand scheme of things it will have little effect on your privacy.

The problem is - and I think Schmidt alludes to this - is that MANY, MANY parties log electronic communications, and any one of these can be an avenue back to authorities, fraudsters, your future employers, etc.

Take online backup sites - do you think your files are safe because they're encrypted? Nope - all the major online backup providers I checked retain the right to decrypt your data (although some will require a warrant).

The real test of privacy is if companies which offer anonymous/protected services are legally allowed to operate. Is it legal to sell encryption the government can't crack? Is it legal to pipe your access.log to /dev/null? In other words: is privacy illegal?

Reply Score: 1

RE[2]: Good article
by Evan on Fri 11th Dec 2009 12:01 UTC in reply to "RE: Good article"
Evan Member since:
2006-01-18

Uhh. Yes, it is completely legal to sell US citizens encryption the government can't crack. (You cannot export it)

In America our laws are setup where the government is granted specific rights, so until congress passes a law stating you cannot sell uncrackable encryption, it is legal.

Not understanding this difference is pretty much where every stupid fascist law we have comes from.

The real question is if it is legal for storage companies to use the key to your encrypted files except when a warrant is issued.

Reply Score: 2

jabbotts Member since:
2007-09-06

Another question would be; "why does the backup company have your private key in the first place?"

If I'm storing truecrypt-ed backup blobs to a third party storage services, I'm surely not going to be emailing the key to them for safe keeping with it. If someone wants my blob files decrypted then they can bloody well provide just cause and a court order.

Reply Score: 3

boldingd Member since:
2009-02-19

Even having never actually used such a service myself, I'd kinda expect that they'd do the encryption on their end, both to provide a degree of transparency to the end-user ("just send us your files, and we'll magically encrypt them for you at some point"), and possibly precisely so they can guarantee their own access to that data later, if they need it (like if they're compelled by court order to turn over your data).

If you just buy space on some remote pool of storage, then sure, send it whatever you want. I'd expect a consumer-oriented backup service to try to make the process as simple and transparent for the client as possible, so I'd expect the service provider to handle the encryption on their end.

Reply Score: 2

jabbotts Member since:
2007-09-06

The question first struck me with Amazon's storage service; do they store my data in such a way that it is an encrypted blob only accessible by me? The only way I would consider using one of these services would be as a duplicate of my backup archives in encrypted form. This on the basis that I'd be using it as an off-site backup since the service adds no advantage for me as an active data storage (I call those flashdrives or ye-old port 22 back at the ranch ;) ).

My thinking the other way is that it's unlikely to be encrypted on the server side. Provided they can differentiate which files belong to which user; why add the expense of managing encryption beyond the ssl tunnel for the network traffic. I honestly would like to think that storage providers are setting up double-blind encrypted storage for the users but it's not likely. If the user didn't encrypt the files then I don't forsee them not being cleartext in the storage providers database.

(this is something I'd rather be corrected on rather than correct about though)

Reply Score: 2

j.blechert Member since:
2006-01-04

I have been using Wuala for some weeks now and they encrypt the files with my private key on my computer, it doesn't leave the computer as far as I can see, though of course that might just be an appearance and their license stuff might lie about the key staying on my computer and them not being able to decrypt my files.

Reply Score: 1

jabbotts Member since:
2007-09-06

Wow, actually that's great to hear of a storage provider who seems to be doing it right. I'll have to look into that further.

Reply Score: 2

RE[3]: Good article
by Vlad on Sun 13th Dec 2009 07:40 UTC in reply to "RE[2]: Good article"
Vlad Member since:
2006-03-23

I wasn't as clear as I should have been. My opinion is the only person who should hold the key to your data is you - companies shouldn't keep an extra set of keys and thus should never be in a position to even be able to comply with a warrant for your unencrypted data.

Thus if the government wants your unencrypted data, it should be serving YOU with a warrant for it.

So again, the real question is: can you sell security that the government can't bypass? Your question is moot if the company doesn't have the keys, and if the answer to my question is indeed "yes" then why don't they?

Reply Score: 1

Stasi
by transputer_guy on Fri 11th Dec 2009 02:41 UTC
transputer_guy
Member since:
2005-07-08

Today I was reading up again on the sequence of events as the Berlin wall fell and how the eastern bloc countries liberated themselves from their oppressive governments. I remember this all happening in 89, one country at a time but had forgotten the details.

Anyway the scary part was to come much later as citizens in each country eventually were able to read their secret files and no computers were used for any of this. Its scary to think we are all open books to some degree. It almost makes me want to go offline but then I'd be ignorant of the world events.

Reply Score: 6

RE: Stasi
by bousozoku on Fri 11th Dec 2009 10:07 UTC in reply to "Stasi"
bousozoku Member since:
2006-01-23

Today I was reading up again on the sequence of events as the Berlin wall fell and how the eastern bloc countries liberated themselves from their oppressive governments. I remember this all happening in 89, one country at a time but had forgotten the details.

Anyway the scary part was to come much later as citizens in each country eventually were able to read their secret files and no computers were used for any of this. Its scary to think we are all open books to some degree. It almost makes me want to go offline but then I'd be ignorant of the world events.


I vaguely remember some situation in the 1970s where the FBI had gotten involved with someone; pulled him out of bed during the night, and had more information on his life than he practically knew himself.

I only hope my life is more interesting to some government group than it is to me.

I'm so glad I don't live in Singapore. There was an incident over a year ago where a man and woman were arrested for being naked in their own home but the neighbour who photographed them was not arrested since he reported the crime. Yes, it's against the law to be naked in your home.

Reply Score: 4

RE[2]: Stasi
by Ventajou on Fri 11th Dec 2009 16:49 UTC in reply to "RE: Stasi"
Ventajou Member since:
2006-10-31

Do they take showers in underwear? Keep socks on when they have sex? Just curious...

Reply Score: 2

RE[3]: Stasi
by sbergman27 on Fri 11th Dec 2009 16:52 UTC in reply to "RE[2]: Stasi"
sbergman27 Member since:
2005-07-24

Do they take showers in underwear? Keep socks on when they have sex? Just curious...

I guess their clothes just have zippers in odd places.

Reply Score: 2

RE[3]: Stasi
by bousozoku on Fri 11th Dec 2009 20:55 UTC in reply to "RE[2]: Stasi"
bousozoku Member since:
2006-01-23

Do they take showers in underwear? Keep socks on when they have sex? Just curious...


I've asked about such things and no one will give me an answer. :-D

What's also strange is that the stores sell chewing gum, but it's against the law to chew gum in public--mostly because of the sticky nuisance on the ground but seriously, don't sell it, if people aren't allowed to chew it everywhere.

Reply Score: 2

Good article
by StephenBeDoper on Fri 11th Dec 2009 03:02 UTC
StephenBeDoper
Member since:
2005-07-06

There's also a big difference between personal information that's being kept for a matter of convenience and information that's being kept because it's integral to the service's function.


Exactly. That's one of the issues that the Canada's "Personal Information Protection and Electronic Documents Act" attempted to address. According to the act, any organization that collects personally-identifiable information must provide a privacy policy that outlines what information is collected, how that information is used, and how long it will be retained.

Of course, PIPEDA is also a good example of what *not* to do - since it's been almost entirely un-enforced in the 5 years since it was made federal law.

To some extent, privacy gadflies are both paranoid and shrill.


You're just saying that because you're a tool of the man!!!!! (sorry, couldn't resist)

Reply Score: 4

RE: Good article
by BluenoseJake on Fri 11th Dec 2009 19:49 UTC in reply to "Good article"
BluenoseJake Member since:
2005-08-11

Actually, I think PIPEDA does do some good, at the university I work at, if you decide not to attend, your info is deleted after 1 year.

This is to stay in compliance with PIPEDA, even if it is not widely enforced, the University decided to err on the side of caution, so even if it is not enforced, it MAY be enforced in the future, so a lot of organizations adopted policies just in case.

Reply Score: 2

RE[2]: Good article
by StephenBeDoper on Fri 11th Dec 2009 20:10 UTC in reply to "RE: Good article"
StephenBeDoper Member since:
2005-07-06

Actually, I think PIPEDA does do some good, at the university I work at, if you decide not to attend, your info is deleted after 1 year.


It is beneficial to have guidelines, but the lack of enforcement means that they are treated only as guidelines/suggestions.

The biggest example I can point to is the Domain Registry of Canada - they collect personally-identifiable info from the WHOIS database for their domain slamming scam, a clear violation of PIPEDA I'd say. Yet they're still at it, half a decade after PIPEDA became federal law.

Reply Score: 3

RE[3]: Good article
by BluenoseJake on Sat 12th Dec 2009 13:11 UTC in reply to "RE[2]: Good article"
BluenoseJake Member since:
2005-08-11

Under PIPEDA, you can (and kind of have to, or you business wouldn't work) keep info for individuals that you have a current, or near current business relationship, so the domain slamming scam doesn't come under PIPEDA, as the Domain Registry of Canada must maintain a WHOIS DB about all current and recently expired domain names.

Reply Score: 2

RE[4]: Good article
by StephenBeDoper on Sat 12th Dec 2009 17:27 UTC in reply to "RE[3]: Good article"
StephenBeDoper Member since:
2005-07-06

Under PIPEDA, you can (and kind of have to, or you business wouldn't work) keep info for individuals that you have a current, or near current business relationship


True, but by my (IANAL) interpretation, that would only apply to actual customers of the DROC who have purchased domain registration through them.

The targets of their scam are customers of other registrars, who the DROC sends sales/transfer solicitations (designed to look like legit renewal invoices) using information from the WHOIS database.

the Domain Registry of Canada must maintain a WHOIS DB about all current and recently expired domain names.


Are you thinking of CIRA (Canadian Internet Registration Authority)?

Reply Score: 2

Statement defensible
by jack_perry on Fri 11th Dec 2009 03:10 UTC
jack_perry
Member since:
2005-07-06

I'll go ahead and say it: his statement was completely defensible. He's clearly talking about search engines, not about what people do behind closed doors and shuttered windows.

People ought to stop this business of taking one sentence completely out of context and making a mountain out of a molehill.

Reply Score: 6

RE: Statement defensible
by Shakey on Fri 11th Dec 2009 12:19 UTC in reply to "Statement defensible"
Shakey Member since:
2005-10-11

I actually agree with him as well. If you are somehow wishing to keep what you are doing a secret, one needs to ask themselves why they want to keep it a secret. Many times when I catch myself doing this type of self moderation, I am doing something that I shouldn't do in the first place.

However, semantics are everything, right? Or is perception king?

Reply Score: 0

RE[2]: Statement defensible
by Thom_Holwerda on Fri 11th Dec 2009 12:23 UTC in reply to "RE: Statement defensible"
Thom_Holwerda Member since:
2005-06-29

When I browse for porn, I'd rather keep that a secret. Not that my porn preference is that exciting, it's just that I'm rather prude and find anything related to sex something very, very personal that's really none of anyone's business. I don't want anyone else to see or know anything about me in that area.

I also wouldn't like anyone else to know any condition I might have. Not that I Google that sort of thing (never use the internet for healthcare issues, go see your physician), but I know a lot of people that do.

This is not about criminal activities - this is about perfectly legal and normal activities that I want to keep to myself.

Reply Score: 6

RE[3]: Statement defensible
by Ventajou on Fri 11th Dec 2009 16:52 UTC in reply to "RE[2]: Statement defensible"
Ventajou Member since:
2006-10-31

You just posted a comment under your real name saying you browse for porn... so much for privacy ;)

Reply Score: 2

RE[3]: Statement defensible
by jack_perry on Fri 11th Dec 2009 18:12 UTC in reply to "RE[2]: Statement defensible"
jack_perry Member since:
2005-07-06

A really poor choice of example. The porn sites are most certainly recording who visits their sites, and I'm sure you'd agree that they have every right to do that, since you're accessing content they've provided, probably on their servers, too. So there goes any privacy, unless you think a corporation's possession of browsing habits guarantees your privacy. Then they will share that information with each other to figure out your preferences and what they can do to increase your number of visits, credit card charges, etc.

Then there's the whole issue of cookies, so they're probably checking what non-porn sites you visit, too, which eliminates even more privacy.

A much better example would have been visiting jihadist websites (hello, NSA data miners). Fancy a scholar who visits the websites for legitimate reasons, and thus gets put onto a Big Brother watchlist. But even there privacy is lost.

Reply Score: 2

RE[4]: Statement defensible
by Bounty on Fri 11th Dec 2009 18:16 UTC in reply to "RE[3]: Statement defensible"
Bounty Member since:
2006-09-18

Porn sites are prefect examples. You share your private information with sites or people you trust.

I trust that porn sites will not share that information with my mother. Security through obscurity is real and practical for many purposes. There is theoretical security, then there is real life.

Reply Score: 3

RE[5]: Statement defensible
by jack_perry on Fri 11th Dec 2009 19:31 UTC in reply to "RE[4]: Statement defensible"
jack_perry Member since:
2005-07-06

It's a terrible example. Do you really think that most people visiting porn sites know what and how much information they're sharing with those sites, or of how easy it is for someone to snoop on them while doing it? I doubt it.

You also think porn sites are trustworthy? Do you think most people who visit them, believe the sites to be trustworthy? If so, they're gravely mistaken. Porn sites have been known to embarrass users by obtaining private information without permission and (for example) emailing them image-laden links. ("That must be spam, dear; I have no idea why that company imagines I would be interested in their products.")

Reply Score: 3

RE: Statement defensible
by WorknMan on Fri 11th Dec 2009 15:52 UTC in reply to "Statement defensible"
WorknMan Member since:
2005-11-13

I'll go ahead and say it: his statement was completely defensible. He's clearly talking about search engines, not about what people do behind closed doors and shuttered windows.


I think in general, his statement of not doing anything you don't want others to know about is a good practice to live by, as I don't tend to do anything 'behind closed doors and shuttered windows' that I wouldn't want to appear in tomorrow morning's headlines. I don't think the world would want to know that I was jerking off last night while looking at porn, but I don't really care if they know either.

If you're on the internet in the middle of the night looking up stuff that you would be ashamed for your mom to know about, then maybe you shouldn't be doing it in the first place? Just a thought.

Reply Score: 2

RE[2]: Statement defensible
by sbergman27 on Fri 11th Dec 2009 16:15 UTC in reply to "RE: Statement defensible"
sbergman27 Member since:
2005-07-24

If you're on the internet in the middle of the night looking up stuff that you would be ashamed for your mom to know about, then maybe you shouldn't be doing it in the first place?

http://tinyurl.com/ycrszhr

Edited 2009-12-11 16:15 UTC

Reply Score: 2

RE[3]: Statement defensible
by BluenoseJake on Fri 11th Dec 2009 19:52 UTC in reply to "RE[2]: Statement defensible"
BluenoseJake Member since:
2005-08-11

My Mom doesn't need to know specifics. Do you want to know specifics of your Mom's sex life?

Reply Score: 3

RE[2]: Statement defensible
by Bounty on Fri 11th Dec 2009 18:06 UTC in reply to "RE: Statement defensible"
Bounty Member since:
2006-09-18

I think in general, his statement of not doing anything you don't want others to know about is a good practice to live by, as I don't tend to do anything 'behind closed doors and shuttered windows' that I wouldn't want to appear in tomorrow morning's headlines. I don't think the world would want to know that I was jerking off last night while looking at porn, but I don't really care if they know either. If you're on the internet in the middle of the night looking up stuff that you would be ashamed for your mom to know about, then maybe you shouldn't be doing it in the first place? Just a thought.



What if your mom is very religious and you love her, and want to maintain a relationship with her? Obviously looking at porn isn't against YOUR morals, but it could ruin your relationship with her. Your philosophy only works in certain circumstances, such as you're a loner, you don't really need a job etc.

Reply Score: 3

RE[3]: Statement defensible
by WorknMan on Fri 11th Dec 2009 19:30 UTC in reply to "RE[2]: Statement defensible"
WorknMan Member since:
2005-11-13

What if your mom is very religious and you love her, and want to maintain a relationship with her? Obviously looking at porn isn't against YOUR morals, but it could ruin your relationship with her.


If it does, then it does. I wouldn't do it in front of her or at HER house, but if it somehow got around to her that I was doing it at MY house and she chose to disown me for it or whatever, then so be it. In other words, I have enough respect for a person not to do certain things in front of them if it offends them, if I can possibly help it, but if they don't have enough respect for *my* values such that they can't/won't let me do my own thing away from them (assuming I wasn't hurting/abusing somebody else), then f**k 'em.

Reply Score: 2

RE: Statement defensible
by AdamW on Fri 11th Dec 2009 16:25 UTC in reply to "Statement defensible"
AdamW Member since:
2005-07-06

Google deals with a lot more than just search. Remember, they own many people's email, personal conversations (Google Voice), location (Latitude) and all sorts of other bits of data (Wave, etc). I would not want a company with this kind of attitude to privacy in charge of all of that. (Which is why I don't use any of those things...)

Reply Score: 4

RE[2]: Statement defensible
by jack_perry on Fri 11th Dec 2009 18:21 UTC in reply to "RE: Statement defensible"
jack_perry Member since:
2005-07-06

Google deals with a lot more than just search. Remember, they own many people's email, personal conversations (Google Voice), location (Latitude) and all sorts of other bits of data (Wave, etc). I would not want a company with this kind of attitude to privacy in charge of all of that. (Which is why I don't use any of those things...)


Do they really own the email, or do they merely store it for users' convenience? I'm not clear on that one.

Anyway, expecting privacy in email is also a bad idea, considering that it goes through a large number of computers on unsecured lines. If you encrypt your emails, okay that would be helpful with privacy, but I don't use Google Mail so I don't know how it works with encryption.

But otherwise, if you're having a torrid affair and you talk about it with her in emails, it's quite possible that a private investigator (or the Mob) could snoop and nail you.

Reply Score: 2

RE: Statement defensible
by StephenBeDoper on Fri 11th Dec 2009 20:34 UTC in reply to "Statement defensible"
StephenBeDoper Member since:
2005-07-06

I'll go ahead and say it: his statement was completely defensible. He's clearly talking about search engines, not about what people do behind closed doors and shuttered windows.


Agreed. If you add the qualifier "in public" to his statement, it seems rather innocuous - if that's what he meant (and that's how I read the statement), then he's essentially just stating the concept of "reasonable expectation of privacy."

Reply Score: 2

And it's sensible articles like this
by drcoldfoot on Fri 11th Dec 2009 03:15 UTC
drcoldfoot
Member since:
2006-08-25

That would make people think twice about Cloud Computing. Convenient? Yes. But what is the trade off? Your privacy.

Reply Score: 5

Individuality != Privacy
by shadowhand on Fri 11th Dec 2009 04:52 UTC
shadowhand
Member since:
2005-07-06

We lose our individuality, because everything we do is observable and recordable.


The idea that people who don't feel the need to hide who they are and what they do are some how less individual is completely ridiculous. Individuality is, in my humble opinion, being honest about who you are and what you believe, both to yourself and others. It has absolutely nothing to do with what you hide from other people.

Edited 2009-12-11 04:53 UTC

Reply Score: 1

RE: Individuality != Privacy
by izomiac on Fri 11th Dec 2009 06:44 UTC in reply to "Individuality != Privacy"
izomiac Member since:
2006-07-26

Individuality, in this context, is the state of being distinct from others. It generally implies that an individual is slightly different from other individuals, although this isn't a technical requirement. People, to validate their own choices and quirks, tend to object to some of these differences, insisting that their way is the best.

Privacy protects one's ability to be different in objectionable ways. Without it one is forced to defend one's behavior. This will cause most people to take the easier route of not "being honest about who you are and what you believe". Therefore, privacy has absolutely everything to do with individuality, for if we lacked individuality there would be no need for privacy.

Reply Score: 3

RE[2]: Individuality != Privacy
by orfanum on Fri 11th Dec 2009 13:49 UTC in reply to "RE: Individuality != Privacy"
orfanum Member since:
2006-06-02

Hi Not so much as a reply but I found your post a good place to leap from on a tangent.

In a slightly different context, William Burroughs if memory serves talked about spies being blackmailed during the Cold War for being homosexual; the answer would be in Burroughs' eyes for the spy in question to roar: "I'm a queer, and I luuurve it". So, one defence against all this is to be exactly true to yourself,

In the real world, though, I can be selective about who knows what about me. I tell my friend, not my mom, for example. It's to do with an admixture of trust and utility (and a whole load of other interactions) - what will mom gain from this were I to tell her, what would she think of me, do I know myself how to fully explain it? - You get the picture.

In the Internet world, what is happening isn't really to do with some lofty goal of global self-realization and authenticity, or even, on a more tawdry but still insightful level, with the Warhol idea of all being famous for some brief span.

It's to do with the major search engines wanting to bolster their relative offers of accommodating real-time information gathering, so that they can beat each other in the market, so that (the irony) *private* companies can benefit from telling me that the world is going that way.

I suppose let's just make it equitable - let's lift privacy for everyone: companies, the military, corporations, the police, as well as the ordinary citizen. otherwise, there still must be value in privacy that I, or anyone else for that matter, can claim is real, and pertinent.

Reply Score: 4

RE[3]: Individuality != Privacy
by AdamW on Fri 11th Dec 2009 16:41 UTC in reply to "RE[2]: Individuality != Privacy"
AdamW Member since:
2005-07-06

"In a slightly different context, William Burroughs if memory serves talked about spies being blackmailed during the Cold War for being homosexual; the answer would be in Burroughs' eyes for the spy in question to roar: "I'm a queer, and I luuurve it". So, one defence against all this is to be exactly true to yourself,"

Except that at that point homosexual acts were still illegal in many places. So doing that would've been a one-way ticket to prison. (There's another great indicator of the importance of privacy).

Reply Score: 2

RE[4]: Individuality != Privacy
by orfanum on Sat 12th Dec 2009 09:08 UTC in reply to "RE[3]: Individuality != Privacy"
orfanum Member since:
2006-06-02

Point taken but the reason why homosexual relations no longer constitute a criminal act in many states now is that people went out on the streets and turned private "shame" into public pride. This process will continue, and it's already shaking the foundations of some very conservative institutions - i.e., the Christian Church (look at the turmoil in the Anglican Communion at the moment on account of someone who is frequently named as "the *openly* gay Bishop". Everyone in the AC knows there are hundreds of "screaming queers" (not meant in a derogatory way) in its ranks. It took just one person to voluntarily shed their privacy to trigger the public debate that will change that particular branch of Christianity fundamentally (it is to be hoped, at least!))

Reply Score: 2

RE: Individuality != Privacy
by kaiwai on Fri 11th Dec 2009 13:58 UTC in reply to "Individuality != Privacy"
kaiwai Member since:
2005-07-06

"We lose our individuality, because everything we do is observable and recordable.


The idea that people who don't feel the need to hide who they are and what they do are some how less individual is completely ridiculous. Individuality is, in my humble opinion, being honest about who you are and what you believe, both to yourself and others. It has absolutely nothing to do with what you hide from other people.
"

When one is constantly observed then one changes behaviour to conform to what is considered the 'norm'. THe result is rather than individuals you have masses conforming to an idealised expectation for fear of not wanting to look out of place.

For me I don't like the idea simply because it creeps me out when people are looking into my life, look at me, looking at my details - the same way that it creeps me out being in a large crowd of people.

Reply Score: 5

RE[2]: Individuality != Privacy
by sbergman27 on Fri 11th Dec 2009 18:00 UTC in reply to "RE: Individuality != Privacy"
sbergman27 Member since:
2005-07-24

The idea that people who don't feel the need to hide who they are and what they do are some how less individual is completely ridiculous. Individuality is, in my humble opinion, being honest about who you are and what you believe, both to yourself and others. It has absolutely nothing to do with what you hide from other people.


Indeed. It's about what one chooses to share. Not about our credit card numbers.

Two individual's renditions of the same Broadway hit:

http://www.youtube.com/watch?v=lupNzpcpDRk

http://www.youtube.com/watch?v=tDPNt1ybQQ4

Reply Score: 2

Google's Log Retention
by cristoper on Fri 11th Dec 2009 04:53 UTC
cristoper
Member since:
2009-02-15

This video states that Google deletes the last byte of logged IP addresses after 18 months:

http://www.youtube.com/watch?v=kLgJYBRzUXY

I can't find any mention of it in any text Privacy Policy though...

Edit: Here's a more recent (Sep. 2008) post from the Google Blog announcing that the retention time has been cut in half to 9 months.

Edited 2009-12-11 05:05 UTC

Reply Score: 1

RE: Google's Log Retention
by elsewhere on Fri 11th Dec 2009 05:27 UTC in reply to "Google's Log Retention"
elsewhere Member since:
2005-07-13

Edit: Here's a more recent (Sep. 2008) post from the Google Blog announcing that the retention time has been cut in half to 9 months.


AOL went to greater lengths to anonymize their search data in the debacle a while back where they decided to dump it to the public. Didn't take long for the search data to be pieced together and wind up with some innocuous citizen appearing on the evening news.

The announcements you're referring to were PR spin to placate the public, and the EU, who were asking questions that were making Google nervous. IP addresses are only one piece of the puzzle, with enough additional data, they're not even necessary to identify users, as the whole AOL thing proved.

http://en.wikipedia.org/wiki/AOL_search_data_scandal

Reply Score: 5

jabbotts Member since:
2007-09-06

I thought it was last year that researchers managed to take some blobs of anonymized data from Google and reconstruct it providing identifiable user and machine details.

Reply Score: 2

RE: Google's Log Retention
by AdamW on Fri 11th Dec 2009 16:30 UTC in reply to "Google's Log Retention"
AdamW Member since:
2005-07-06

Google's 'anonymization' is pretty much meaningless. See: http://www.theregister.co.uk/2008/12/17/yahoo_anonymization_explain...

Reply Score: 2

Retention policies
by malxau on Fri 11th Dec 2009 05:46 UTC
malxau
Member since:
2005-12-04

His comment sounded to me like, "we will retain things for as long as we feel like, because that's important to us; your privacy is not." This hurts the move towards online services. Many service providers should understand that retention timelines are part of the value proposition for the service. There is no reason to retain personally identifiable search queries for any length of time at all. Aggregate useful statistics, and delete it.

Is this where Google (finally) loses its Teflon coating as a for-profit pro-consumer company?

Reply Score: 4

Comment by daedalus8
by daedalus8 on Fri 11th Dec 2009 05:47 UTC
daedalus8
Member since:
2008-03-10

There is one basic problem about keeping privacy while surfing the internet...

The internet does NOT reside in the US only. It is distributed EVERYWHERE.

With that being said, I put a server in Russia/China and start grabbing data from Google searches etc etc and cache it on my own infrastructure. How do laws from the U.S. affect those servers? They simply DON'T!

So going back to the comment that Schmidt said, I quote "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place", then this obviously does make sense at least from my point of view.

Don't get me wrong, I am against the Patriot Act, or at least the implementation of it, but once the information is on the internet is it almost near to impossible to go back and repair/erase.

Please any of you that are so careful, get Maltego or one of those applications and search for yourself, phone number, SSN, etc. You'll be surprised how much data you can find.

Reply Score: 2

He IS Right
by johjeff on Fri 11th Dec 2009 07:43 UTC
johjeff
Member since:
2007-11-06

That doesn't mean IT is right. Privacy is more of an illusion than a reality with or without the Patriot Act. People act like it's something new - they have been able to tap phone lines long before the internet was a glimmer in Al Gore's eye (ahem). As for individuality - it has nothing to do with what you do or who you do it with. It is an innate characteristic. You were born unique. It is only when you start to imitate your friends and idols that you lose that uniqueness. It is not taken away by society, but is freely given away by you. Like he said "get over it" and if you don't want someone to know something personal, don't post it on Facebook or your blog.

Reply Score: 1

RE: He IS Right
by AdamW on Fri 11th Dec 2009 16:27 UTC in reply to "He IS Right"
AdamW Member since:
2005-07-06

"Like he said "get over it" and if you don't want someone to know something personal, don't post it on Facebook or your blog."

Where does this have anything to do with facebook or your blog? That's not at all related to the topic.

To a small extent you're right, in that personal privacy is a social construct. That's precisely why those organizations that are key to society (which, these days, includes Google) should place a high value on it. It's the _reason_ they should, not an excuse that means they don't have to.

Reply Score: 4

RE[2]: He IS Right
by l3v1 on Sun 13th Dec 2009 09:42 UTC in reply to "RE: He IS Right"
l3v1 Member since:
2005-07-06

Where does this have anything to do with facebook or your blog? That's not at all related to the topic.


I think it is. If you post information about yourself that you consider private for public access, then you really shouldn't be surprised if it is indexed. It's that simple.

I don't like what he says - it's the same old "if you've got nothing to hide, you've got nothing to fear" story -, but posting something and then crying about it being found, that's stupid.

Edit: about search and browsing habit information storage: there are some ways to hide/scramble what you're doing, so it's partially your task to be responsible in covering your tracks - evein if you're doing nothing wrong - it's the world we live in

Edited 2009-12-13 09:44 UTC

Reply Score: 2

Privacy is Obsolete
by tuttle on Fri 11th Dec 2009 09:22 UTC
tuttle
Member since:
2006-03-01

People always gloat that the recording industry and dead tree publishing has been made obsolete by the internet and will go the way of the buggy whip manufacturers.

I think that privacy is another concept that will be made obsolete by technical developments. And that is not necessarily a bad thing. People in the middle ages, growing up in a large family and rarely leaving the small village they were born in, did not have much privacy either. So privacy is a relatively new concept. And given how much privacy people are willing to give up to participate in social networking sites like facebook, it seems that humans do not have an intrinsic desire for privacy.

The question IMHO is not how to preserve privacy (which is impossible), but how to organize a society with little or no privacy so that it does not end up an orwellian dictatorship.

Everybody who is interested in this topic should read "The Transparent Society" by David Brin. It makes a pretty compelling case.

Reply Score: 2

RE: Privacy is Obsolete
by AdamW on Fri 11th Dec 2009 16:37 UTC in reply to "Privacy is Obsolete"
AdamW Member since:
2005-07-06

"People in the middle ages, growing up in a large family and rarely leaving the small village they were born in, did not have much privacy either. So privacy is a relatively new concept."

The first part of this is partly true, the second is definitely not. It was a specialist topic of one of my college tutors, actually. The desire for privacy is a significant motivating factor throughout social history. Even when it was innately difficult to have privacy, the concept was understood and strongly desired; those who shared living space would try to subdivide it to provide privacy, and those who had personal possessions tended to try very hard to keep them private. Throughout medieval Western history (I can't speak to other areas), those who went from being poor to being rich almost inevitably moved to bigger and more isolated dwellings, which provided...privacy.

It's exactly the same social motivator you can see in the development of the American suburbs: as soon as a large number of people became rich enough to afford their own houses and cars, they got the hell out of Dodge and built large, detached houses with hedges all around the gardens. Why? Privacy.

Reply Score: 3

RE[2]: Privacy is Obsolete
by boldingd on Fri 11th Dec 2009 16:56 UTC in reply to "RE: Privacy is Obsolete"
boldingd Member since:
2009-02-19

While I don't disagree, I can think of lots of reasons why people would wander off and build removed, isolated dwellings as soon as they become wealthy enough to do it. A desire for privacy is just one: many others are probably less noble.

Reply Score: 2

RE[3]: Privacy is Obsolete
by BluenoseJake on Fri 11th Dec 2009 19:58 UTC in reply to "RE[2]: Privacy is Obsolete"
BluenoseJake Member since:
2005-08-11

Those are still desires for privacy, just privacy to protect things other people would object to.

Reply Score: 2

Paranoid and proud!
by statuliber on Fri 11th Dec 2009 11:24 UTC
statuliber
Member since:
2009-12-11

I use TOR for all my internet traffic ( with the ironical exception of torrents, cause I didn't get them to work with TOR) at home. I figured out that when I use someone else's WLAN they can't identify me (as long as the local router doesn't save my MAC-Adress).
Also I have a strict policy at my Browser, Cookies only from Websites I visit and they get at least once every month deleted. Oh and Flash is blocked!

I would advise anyone else to do so likewise!

Edit: And I don't use *any* google services on purpose. For search I use cuil.com or ask.com. I even stopped reading some blogs, because they were hosted on blogspot.

Edited 2009-12-11 11:31 UTC

Reply Score: 1

RE: Paranoid and proud!
by gpierce on Fri 11th Dec 2009 22:25 UTC in reply to "Paranoid and proud!"
gpierce Member since:
2005-07-07

I have tried to use TOR/PRIVOXY many times, and while it does work web pages load very, very slowly, negating some of the benefits of a high speed connection. Overall, TOR has been a disappointment.

Reply Score: 2

Privacy and Democracy
by Abacus_ on Fri 11th Dec 2009 11:33 UTC
Abacus_
Member since:
2006-12-08

Apparently many people do not realize that privacy is important to maintain a democracy. If a government can observe all communication, it becomes easy for a government to oppose any opposition against the government.

Reply Score: 5

RE: Privacy and Democracy
by Auxx on Fri 11th Dec 2009 13:45 UTC in reply to "Privacy and Democracy"
Auxx Member since:
2007-04-05

This is the way things are in any advanced country like US, UK, etc - you are totally controlled.

Reply Score: 1

RE[2]: Privacy and Democracy
by kaiwai on Fri 11th Dec 2009 14:11 UTC in reply to "RE: Privacy and Democracy"
kaiwai Member since:
2005-07-06

This is the way things are in any advanced country like US, UK, etc - you are totally controlled.


Any time a people demand the government take on more responsibility there is always going to be an inherent loss of freedom or privacy as a result; the question is whether the public fully appreciate giving up one thing for something else.

Reply Score: 2

jabbotts Member since:
2007-09-06

It's like an empty field in the middle of a city. No one misses the grass and trees until the parking lot is finished.

Reply Score: 2

Laurence
Member since:
2007-03-26

First of all, I just want to say that was am excellent article.
I may not agree with all points (like "security by obscurity") but it was an well written, informative and objective point of view on a very relevant topic.

Now, going back to "security by obscurity" point:- that term to me is more about making your data public and hoping you're not singled out rather than keeping a low profile from the off.
While I agree that obscurity does have it's merits, I for one would never recommend a complacent security model over a proactive one.

What I'd recommend people instead would be to make as little data public in the first place.

This doesn't mean all your data has to be encrypted, but more so about not publishing your details on sites like facebook (or, at the very least, having a private profile) and so on and so forth.


Another problem I see with "security by obscurity" is that, while it might ward off government curiosity, it opens yourself up to abuse from other avenues (eg identity theft).

Sure, as article rightfully points out, there is already tones of information out there and much of it is easily bought - however my school of thought is why make it even easier for savoury characters to obtain your information than it already is?


I often see an example explaining the dangers of portals like social networking sites that reads something like this:
"You wouldn't bin your bank details without shredding them first.
You wouldn't knock on a random house in a neighbouring street to give them your address and the hours you're at home.

So why do you post this information online for strangers to read?
"

Reply Score: 3

I agree with Schmidt
by Auxx on Fri 11th Dec 2009 13:40 UTC
Auxx
Member since:
2007-04-05

Too much letters in this article, didn't read them all. But I agree with Schmidt. It is very simple. Want to be free - live far away from society. Every modern government is a totalitarian government and such bills as Patriot Act prove that. Government has access to "logs" of your life - bank transactions, insurance usage tracking, speed cams, mobile phone and so on. You are WATCHED EVERY DAY! In every country.

Don't want to regret your activity? DO NOT DO THAT ACTIVITY! There are NO escape if you live in modern society.

So stop complaining, Schmidt is right.

Reply Score: 1

RE: I agree with Schmidt
by sbergman27 on Fri 11th Dec 2009 14:05 UTC in reply to "I agree with Schmidt"
sbergman27 Member since:
2005-07-24

So stop complaining, Schmidt is right.

...says the anonymous poster on OSNews, known only as "Auxx".

Reply Score: 4

RE[2]: I agree with Schmidt
by David on Fri 11th Dec 2009 15:49 UTC in reply to "RE: I agree with Schmidt"
David Member since:
1997-10-01

Hey, who wants Auxx's email and IP addresses?
(Just kidding, we'd never really give those out. But we could.)

Reply Score: 1

RE[3]: I agree with Schmidt
by sbergman27 on Fri 11th Dec 2009 16:07 UTC in reply to "RE[2]: I agree with Schmidt"
sbergman27 Member since:
2005-07-24

Hey, who wants Auxx's email and IP addresses?

I do. A PM would be fine.

Seriously, though, I find it odd that we, who are more open with our personal information, providing real names, etc. are on this side of the argument, while the anonymous folk argue that privacy isn't important.

By that, I do not mean that everyone should provide their real names here. I do it because I stand behind what I say, and signing my name to it just seems, to me, the right thing to do.

Sincerely,
Steve Bergman

Reply Score: 2

nt_jerkface Member since:
2009-08-26

it makes it too easy for people to post politically incorrect opinions, which we all know are false anyways.

Without being able to look into someone's background, how can we judge their motives?

I will also post with my real name.

Yours truly,
.net jerkface

Reply Score: 1

boldingd Member since:
2009-02-19

So... stupid question, but, is "D.J. Jenkins" then not your real name - or a portion thereof?

Reply Score: 2

RE[4]: I agree with Schmidt
by boldingd on Fri 11th Dec 2009 17:22 UTC in reply to "RE[3]: I agree with Schmidt"
boldingd Member since:
2009-02-19

I've noticed that too: I'm one of the most paranoid and privacy-conscious people I know, and yet I've made more than enough of my personal information available to track down, at the very least, my work contact information.

And I note, since it's kinda pertinent, that the fact that I could be personally identified has had a chilling effect; there have definitely been times when I haven't posted something, exactly and entirely because I've provided enough personal information in my profile that my real-world identity could be easily tied back to my OSNews forum account.

Reply Score: 2

RE[4]: I agree with Schmidt
by sbenitezb on Fri 11th Dec 2009 17:23 UTC in reply to "RE[3]: I agree with Schmidt"
sbenitezb Member since:
2005-07-22

I could borrow your name and use it on other places, claim I'm Steve Bergman and nobody would find out.

The most useful thing internet people could do is poison the internet databases with false information about them.

Reply Score: 2

nt_jerkface Member since:
2009-08-26

to scan every blog post to make sure that it is legit and doesn't contain lies.

The only people that would oppose such a commission would be liars since if you are telling the truth you will have nothing to worry about.

Reply Score: 3

Kroc Member since:
2005-11-10

Because as we know justice is always 100% correct, and nobody has ever been falsely convicted. Truth matters very little these days. You can be the most honest person in the world and someone will still do you over.

Reply Score: 1

Key points...
by bert64 on Fri 11th Dec 2009 14:05 UTC
bert64
Member since:
2007-04-23

The important thing to remember is that you ARE being logged...

You visit any site, and every webserver in existence today will keep logs by default.
You send an email, and all the servers between you and the destination will keep logs of it...
You walk down the street, there will be CCTV cameras watching you...

Computers are inherently different from real life activities, they are designed to keep records.

In reality google aren't really any worse than anyone else, if anything they're just a bit more up front about what they do.

So if you really want to do things you'd prefer other people not to know, be vigilant when doing so!

Reply Score: 3

I agree with Schmidt 100%
by Tuishimi on Fri 11th Dec 2009 15:27 UTC
Tuishimi
Member since:
2005-07-06

Use your judgement.

Reply Score: 2

Comment by Bounty
by Bounty on Fri 11th Dec 2009 18:09 UTC
Bounty
Member since:
2006-09-18

In fact, doing things behind closed doors is exactly how you have to do them in some countries. Want a western style haircut? Better whatch out where you live and when you take your hat off.

Reply Score: 2

Did we forget the main lesson in 1984?
by nt_jerkface on Fri 11th Dec 2009 18:19 UTC
nt_jerkface
Member since:
2009-08-26

Which is that it is futile to resist Big Brother?

You only do yourself a disservice when you try to live a life of privacy. If you recall the main character actually felt better after giving into Big Brother. Orwell was telling us that we should forget privacy in a modern world and get on with our lives.

Seriously though it's pretty sickening that people are defending Schmidt when he obviously has no respect for individual privacy. Some people really need to question if their love for Google comes out of hatred towards Microsoft. If Steve Ballmer made that quote, would he have gotten the same level of defense?

Reply Score: 2

Honesty
by yopmaster on Fri 11th Dec 2009 19:03 UTC
yopmaster
Member since:
2009-10-28

I indeed think that the world would be far better if nobody had any privacy at all: you can not criticize somebody who likes gay necrophilia if you are a Nazi SM amateur. But it will never be the case: people will always hide things especially in the bien-pensant world.
And by the way, I do not think MS has any interest in your privacy neither: they just pretend to (and it's good for business)
At least Schmidth is an honest guy... It's not a breakdown new: since Google bases its revenue on publicity, our personal data are money for them since the begining.
I'm still waiting for the Wikipedia of the search engine...

Reply Score: 1

Comment by Kroc
by Kroc on Sun 13th Dec 2009 11:47 UTC
Kroc
Member since:
2005-11-10

I’m surprised this hasn’t been said:

“Son, on the Internet, Google knows you’re a dog."

Reply Score: 2