This just really doesn't bother me, Google knows some stuff about me due to what I have told them and machine learning, they use it primarily to show me ads they think will convert better. This makes Google more money, the advertiser more money and makes it much more likely that the ads will actually be useful to me, pretty much win win win.
I don't think the problem is what do they actually do with all those data, but what could happen with it. You can't be sure that in few years, they will use data for something else that ads, something that you're not agree, but meanwhile data are collected. You can't be sure what could happen with Google's data in 5 or 10 years. Sold ? After all, Google is a company, here to make money. Or even some weird law, allow government accessing those data, to track terrorism profile. Ok, maybe it's unlikely, but you can't be sure. What I'm sure of is that loads of data worths loads of money.
> After all, Google is a company, here to make money.
Those bastards... and they force you to sign in for their email and g+ and picasa and.. oh, wait.
Maybe I'll sound like a wierdo, but you can always opt out of using google at all and block them with ghostery or hosts. Problem solved. Let's be honest with ourselves and admit that data is the currency we pay for 'free' online services, and if we don't like the service or the 'price', we can just stop using it.
It's funny OP uses gmail and g+ but is worried about profiling for ad personalization. Btw there is google analytics on his blog.
>> After all, Google is a company, here to make money.
>Those bastards... and they force you to sign in for their email and g+ and picasa and.. oh, wait.
I haven't said that making money was bad, it's business, and that's the risk to know where is the interest. Sure you signed, but silly me, I wasn't thinking about all this when I first sign-up for Gmail, and sure as well I could resign, but meanwhile they collected data, probably much more that I can think of.
> Let's be honest with ourselves and admit that data is the currency we pay for 'free' online services, and if we don't like the service or the 'price', we can just stop using it.
You're right, I was answering about that to the person who said "oh, it's not that bad, the price to pay it's some ads that suit your profile", but the 'price' is indeed more than that.
> Btw there is google analytics on his blog.
It doesn't surprise me, his post sounds to me more like an easy "don't be evil" troll.
i don't particularly care what they plan to do with the data in the future. the general usage patterns are useful, the better marketers and other companies understand how i consume information, the more useful they can be to me. the worst that can happen with all the accumulated data google has on everybody is that the whole internet gets better suited to the needs of the people who provided that data. the way the internet works is that people try to sell us stuff by wrapping it in things we want. the better they know what we want, the better that wrapping gets.
The paranoia that some company might understand what i want and try to provide it for me seems absurd. why is this such a bad thing?
> I don't think the problem is what do they actually do with all those data, but what could happen with it.
This is FUD, plain and simple. While I don't advocate sticking one's head in the sand and refusing to predict or even speculate, it's easy to do too much predicting and speculating (and very prone to bias), it's easy to spread paranoia, and it's no basis for living a life and especially it's no way to decide moral or criminal issues. I could go on a murderous rampage tomorrow (perhaps not physically possible as determined by the laws of physics making up my brain but "possible" in the looser sense of it being a member of the state-space of world-configurations). Why don't people I know think this is likely? Largely due to trust that I've built up. Someone once asked me what they could do to gain my trust back when they broke it, I said that it's largely a matter of not doing certain things for a long enough period of time.
And so the problem is heavily dependent on what Google, Facebook, et al. end up actually doing with the data. What they could or might do has little relevance, what they're likely to do has significant relevance but still not as much as what they actually do. Thus far, they've been awesome about either not doing evil things with it or at least not letting me know about their evildoings. Their trust is not yet broken with me, unlike with some other companies I can think of (and correspondingly don't deal with at all).
Therefore I continue to use their products and let them collect and infer as they please. I don't exactly make this easy for them either since I too have "unusual" browsing habits in the form of NoScript, AdBlock, multiple browsers, shared, dynamic IPs and occasionally Tor. I didn't even join Facebook until a couple months ago on a "Let's see who friends me" curiosity (so I don't friend anyone myself). I'm sure there are plenty of Evercookies on my system I'm unaware of though and my full Firefox UserAgent is pretty unique. So they likely have a decent profile of me that they just don't reveal in a straightforward manner. They could also form a good picture from my comments here and elsewhere. (I don't think they have much ad preference data on me except perhaps that I hate ads.)
Though that brings me again to the issue that it can be worth speculating over what is likely to happen that will cause the trust to be broken and if I should be avoiding certain classes of actions that typically lead to harsh repercussions later. For example, suppose you have data showing it's quite likely that lending large sums of money to friends leads to the destruction of the friendship sometime later. Maybe your friendship will be different, but if that outcome is quite likely, you'd probably be better off not taking the risk and in this case acting on facts apart from what the other person has actually done is useful.
Even if these companies break their trust with me in the future, the most likely ways it will be broken do not seem to have incredibly unfortunate outcomes for me. (I can of course think of other quite nasty outcomes as well as anyone.) Similar to how, for example, a friend stealing something petty from you doesn't often cause great financial loss or inconvenience but the trust is shattered nevertheless. Or there may even be actions taken that I never signed up for or wanted and probably would have said "This will violate my trust if they do this" had 'this' been told to me before they did it, yet those actions actually end up being very useful to me and so it doesn't break my trust. I think this is actually how a lot of technological progress has been for a lot of people. They're taken on the ride from the status quo whether they like it or not, but in the aftermath they often like the new place better.
You admit that there is a risk, but what can you gain from taking that risk? Because without gain, what incentive to you have to take the risk? Yes, I agree that the likely outcome isn't that bad if they break my trust but only tracking my search queries would be quite revealing and sensitive and would reveal stuff that I tell very few people. So, the thing that yahoo did (releasing all queries with an "anonymous" user ID) could have had huge implications for me personally.
In terms of friendship etc. the gains are huge, but what about google?
Relevant ads? I have never, ever, in my life clicked on a google ad on purpose (probably a few by mistake (thus I immediately left the page)). And that despite that they are "relevant", so... What can I gain from letting google collect all that information about me?
And honestly I believe you get much better ads by targeting a site rather than a person. The best ads and the only ads I've ever positively responded to are those from a local tech site (the same ads but on a food site would probably not interest me as much).
The gain in offering up data to Google is free use of a number of services I find useful. Gmail, Google Docs, Google Chrome, Google Search and YouTube are just a handful of the services I enjoy using free of charge. In exchange, I have little to no problem with Google tracking my behavior to target advertisements at me.
Plus you can continue to use those services and opt out of Google tracking that stuff or use incognito mode in your browser. Not that you'd want to. Like me, you probably prefer seeing advertising that you're more likely to be interested in.
Basically, there are people who think that at some point in time companies will use data about them in some type of very bad way.
No one has a real, practical example of this. If someone can describe a business model that will use this type of data about people's interests to do something bad to them and make lots of money, then this will become a theoretical problem. Even that hasn't happened yet.
There's also all kinds of "don't track me" options available from Google/Microsoft/etc. as well as incognito mode in most browsers. It's time for people to find something else to worry about.
Check my name. I KNOW companies know more about this person than he thinks. How do I know this? Because, once, a long time ago, I wrote browser fingerprinting software for a security company that then spun it to be used for nefarious purposes (I say nefarious, but really, it is nothing more than what Google and FB do today). That was when I left.
The point being, it is really, REALLY, hard for someone to be invisible while browsing the modern internet. There are very few things you can do, but there are some things.
1. Install adblock
2. browse incognito
3. browse through a proxy (creates noise)
and, the most important
4. use a plugin that randomizes queries to its components.
For #4, I don't know of any out there that do this effectively so I wrote my own.
The big take away from the article is that "nothing is stored locally"...well, most companies haven't been tracking that way for a long, long time.
I agree. I wrote a security layer for a sports video site to detect shared passwords by creating fingerprints of clients using every signal I could get hold of.
However, the point of the article isn't "do not track", it's "consume without personalisation".
You are right. I don't browse like you do. That would take forever.
I wonder: Are you afraid Google is sitting at home drooling over the fact that you bought your shoes from JcPenny?
You’re not a name, you’re not a face, you’re a knode. a cookie. literally, a number in trillions of records.
Secondly, you sit on the web writing openly about privacy issues, while overtly displaying your information on those "Identity tracking" services you use, like Facebook, which If you spent the same amount of time you spend writing about how Google is out to get you, perhaps would understand that while you're browsing incognito, Google is having a frenzy with your gmail content, building a profile on you that you may never see.
At the end of the day, someone is always going to be collecting information on you, and your information will be again, one dot tied to your one number- among trillions of other records. There will always be internet ads.
To wrap this up, my point is that if you really don’t wan’t to be tracked, then cancel your credit card, pay everything in cash, disable your GPS, avoid connecting via Wi-Fi, forget doing ‘good deeds’ like filling out surveys, or giving your name and number to a blood drive. Oh and completely disconnect your router.
I replied to you on the blog but since you cross-posted:
@Katelyn, I think you misunderstand the purpose.
It’s not a paranoia thing to prevent companies recording information, instead it’s a preference for how I like to consume the web. The companies are free to record whatever they wish, they do so by my user of their service. But I’m free to choose how my client consumes their service.
I just prefer web sites that aren’t updating state based on me just reading things.
I like to see opposing sides of the argument, so don’t like the idea of being bubbled by my own preferences.
I feel a little freaked out when one cycling site I go on has adverts for the tyres I looked at 2 weeks ago on an entirely unconnected web site.
Personalisation can get it wrong. In the same way that Amazon recommendations become tainted every December when you do the Christmas shop.
And personalisation can be extremely upsetting, such as a family member who still receives new born baby information months after a miscarriage.
It just comes back to how I use the web.
I enjoy it more when it’s made up of many disconnected things giving a consistent experience to the user... me.
It wasn't clear to me that you were trying to avoid "the filter bubble." It sounded as though you were truly paranoid/freaked out when you saw advertisers retargeting you, etc.
I din't realize inaccurate personalization could be so upsetting. I typically take everything I read or see with a grain of salt. The Internet, afterall, is made by bozos like you and me ;)
You don't give any good reasons to do what you do. You just seem to be paranoid about something, I'm not sure of.
>I just prefer web sites that aren’t updating state based on me just reading things.
That seems odd. What do you care? Do you get frustrated if they incremented a counter to see how many people are currently on their site?
>I like to see opposing sides of the argument, so don’t like the idea of being bubbled by my own preferences.
That's shortsighted of you. The algorithm can detect that you like this and will show you a healthy does of opposing arguments.
>I feel a little freaked out when one cycling site I go on has adverts for the tyres I looked at 2 weeks ago on an entirely unconnected web site.
So you don't like to see relevant ads.
>Personalisation can get it wrong. In the same way that Amazon recommendations become tainted every December when you do the Christmas shop.
Sure, it can get it wrong, that's why it isn't as prevalent as you make it seem to be. Also, Amazon does their recommendations based on the latest things you shopped for. So when you start browsing other stuff, they'll show you related content.
>And personalisation can be extremely upsetting, such as a family member who still receives new born baby information months after a miscarriage.
Any one can get that wrong (and this isn't an extreme case). Their friend could congratulate them on the baby.
>It just comes back to how I use the web.
Like old media that isn't dynamic.
>I enjoy it more when it’s made up of many disconnected things giving a consistent experience to the user... me.
That doesn't make sense. It seems you don't like the Internet.
You make some good points on how they could improve these things, but not on them not being used.
I disagree with this comment: "are you afraid Google is sitting at home drooling over the fact that you bought your shoes from JcPenny?"
I'm sure Google doesn't consciously care, but the fact that they track it it can seriously screw you if in the wrong hands. Further, at risk of building a strawman, it sounds a bit to similar to "what do you have to hide?" which is wrong on many many levels.
Given plenty of data it would be easy to cherry pick information useful enough to cast some serious suspicion of a crime. People have been convicted on circumstantial evidence alone. Is it really the lay person's responsibility to worry about this?
A silly example: "Where were you at 9:35pm the 3rd of June, 2011?" ... "I was having dinner and drinks with friends" ... "Really? According to documents obtained by the prosecution you bought shoes that night online at 9:29pm from JCPenney" ... "Oh, I guess I left earlier than I thought" ... "Court, clearly the defendant is lying about his whereabouts".
On Firefox, I use the RequestPolicy plugin: by default, it only allows requests to the current domain, so nytimes.com can't access connect.facebook.com. You can enable requests to go through, so that reddit.com can access redditstatic.com.
I think it strikes a good balance between blocking everything (a la NoScript) and total openness.
NoScript and RequestPolicy are best used together (as recommended by the creator of the latter) as they serve different purposes. This, plus a few other add-ons in these areas are my set-up and that works well.
You often have to trade off security for convenience – for me, NoScript is too inconvenient to be worth it, because so many sites silently break when JavaScript is not available.
I sometimes dream of a browser that would just fetch the page content and no extra other resources, showing it like Instapaper. The reality is more complex: images, css, CDN's, dynamic content, ...
RequestPolicy realizes the most important part of that dream: not telling Google, Facebook and a host of obscure tracking companies about every website I visit.
Your comment should be on top. Everything OP said can easily be done with Chrome's multiple profile feature. I love the fact that I can run _multiple_ incognito sessions at the same time without it being bounded by the number of browsers you have. Multiple Gmail sessions? No problem. You can just setup a profile for each email account you own without requiring you to sign-in every time.
I browse pretty much like this as well. I log into incognito mode for Facebook and Gmail, and everything else in regular mode.
Incidentally, I also have about 50 separate email accounts that I use to log into various services. This helped me greatly when my Stratfor and my ps3 accounts were compromised, I didn't have to worry that a particularly important email address was at risk, so I just ditched them.
"Ghostery allows you to detect trackers on the sites you visit, learn more about the companies behind them, and control their visibility into your online behavior."
I use Firefox's default cookie policy of "Keep until I close Firefox", which makes it behave like Incognito mode, but also the Cookie Monster plugin[1] which lets me easily whitelist sites or domains with a click to allow their cookies to persist. This is useful for sites like Hacker News so I don't have to login every time, and my bank which requires long-lasting cookies to avoid having to jump through hoops with security questions.
I also use the Ghostery plugin which blocks a bunch of ad networks so they won't place cookies at all, but even if they do, they'll be reset when I close the browser due to the cookie policy.
I use Chrome's Vanilla Cookie Manager extension to continually throw out ALL cookies older than 30 minutes, except for the following which are saved over browsing sessions: (star).google.com, (star).workflowy.com, news.ycombinator.com
It works really well, and I don't have to go through the hassle of using two browsers. Additionally not accepting 3rd party cookies and using http://someonewhocares.org/hosts/ for ads. Not quite as secure as OP, but mostly does the job.
Everyone who think's David's post was about privacy and information security didn't read it very closely. He said at multiple times that the purpose is because he wants to keep out of "personalized bubbles", wants to have a broader view of web content and to avoid sites changing "some state because it knew who I was".
It has nothing to do with what will happen to his browsing habit information or with dislike of being tracked.
it seems like a lot of effort to go through just for the off chance that an ad will show you something unexpectedly interesting. It seems like Reddit or Pinterest or even your Facebook friends would be better for that kind of stuff.
There is one IE9 feature that I miss in Chrome or Firefox:
"Preserve Favorites website data" under Delete Browsing History.
With that I can delete all cookies after a session but my logins stay active. And I don't need an extension for it. Every browser should support that. And the OS integration of IE9 on windows 7 is superior to the competition.
This reminds me of the old days where people would encrypt all their emails, no matter how mundane, with blowfish. I'm pretty sure there must be some sort of inverse relationship between the effort you put in to hiding your comms activity and the amount of stuff you actually need to hide.
That type of encryption was more about preventing governments from reading all your communication. There was talk about ECHELON and similar data-traffic-trawling systems.
The "risk" to the average person from those systems was very low. (Ignoring, for a moment, the jobs lost to industrial espionage.)
But we know that gathering huge data-sets is important to many companies. Sometimes those companies are lawful (Google or Facebook) but sometimes they are unlawful (Russian criminal gangs). And even if they're lawful companies they may be using the data in bad ways, or not keeping the data secure.
It is amazing to see what people give up in return for "free" smileys or animated cursors or a shitty facebook game.
I completely agree with you, but it matters what type of data we're talking about here. Facebook scared me off a long time ago with its policies and what it knew about me, but it's a different story with Google's personalized search. I don't worry about a company knowing my browsing habits. I worry about a company losing my credit card info or leaking my SSN or deleting my emails. Compared to those things, preventing Google from guessing my demographic via search analysis is pretty much meaningless.
Your categories and demographics
No interest or demographic categories are associated with your ads preferences so far. You can add or edit interests and demographics at any time.
I don't browse incognito and I'm always logged in to google.
Google has no interests or demographics for me and I do not go nearly as far as this article suggests. I use adblock, wallflower, and antisocial extensions, as well as the do not track feature of firefox. But I am constantly signed in to gmail, frequently in amazon, and other places. Use firefox for all my browsing and don't really worry about it. If anyone wants to get information on me I am sure there are many more ways to get it than google anyway. While I like my privacy I have to accept that in this day and age it is relatively easy to find information about someone.
Well, I tried opening the link mentioned in the article, but Opera told me it's blocked by the Content Blocker.
So I temporarily removed the /ads/ filter and tried to open the link again. Got forwarded to a different url and now Opera tells me this one is also blocked.
So I disabled Opera's AdBlock extension and tried to open the link again. This time, Google tells me that Ads Preferences requires enabled cookies.
So at that point I gave up and re-enabled AdBlock.
I've found that there are times that some of those "features" can make browsing slightly more efficient. Cookies, cache, history, etc. have all come in handy at times. I have my chrome setup with the standard privacy settings, and then have my FireFox setup in full blown stealth mode. ...I then choose which browser I use based on whether I'm looking for speed and efficiency or anonymity and security.
If you don't browse like this, checkout Skim.Me (http://skim.me) to follow your browsing routine from one clean feed. We automatically load your sources and adjust the feed based on various data you allow us to access. All in the name of trying to save you time. If you do browse like this, then we're not for you.
Google know exactly what I like, I'm sat in Gmail all day and have G+ open. And I own domains, everyone already has my name, email, number and address.
What I disliked were:
* Websites automatically changing state based on a cookie (forums that reset what it believes you've read)
* To be on site B and have what I viewed on site A appear (adverts over-personalising kept creeping me out thinking there was a relationship between disconnected sites)
* My searches being personalised (in the same way that Amazon recommended gets skewed by Christmas shopping, so my searches get skewed when my girl says "Can you just look this up for me", I also want to see other opinions so don't want opposing views filtered out)
But I didn't dislike those things enough to do anything about them. They're just small papercuts.
This browsing style evolved from using incognito and private browsing to assist web development, I continue to use it because it prevents all of the papercuts above.
Google tells me I don't have a cookie, which is a bit strange because I allow cookies. Anyway, looks like Google knows nothing about me either.
I know a lot of things that could cause this, even tough I tried a few things it's hard to figure out why Google isn't profiling me.
Is it maybe the DNT header, any of the disabled Javascript or the EasyPricacy list of APB? Maybe Spybot blocks something. Is there a way to opt-out for this? Maybe I never opted in? Anyone got an idea?
I had nothing listed under the demographics, which baffles me because I use chrome, always logged in search, gmail, g+, picasa, etc
Very quite odd that they don't profile me.
With that said, I obviously do not care if they know all this information about me. So the article is true in this case as I do not browse that way (too inconvenient)
alias cookies="/usr/bin/chromium --user-data-dir=$HOME/.chromium/cookies"
alias nocookies="/usr/bin/chromium --user-data-dir=$HOME/.chromium/nocookies --incognito"
alias chromium='echo "cookies or nocookies?"'
And what kind of ads does google show to someone who it knows nothing about? Do all those ads I see for "work from home for $5k/month", "get ripped" and [screenshot of a social networking thumbnail of random girl] say more about me or everybody else?
Besides all proxies, adblocks and incognito modes the world is still scary out there. No matter how hard I try, I always get a "your configuration is unique" message.
