Google has not only opened up on how often the world's governments request user data stored on its servers. It's come awfully close to acknowledging that it doesn't actually "anonymize" your IP address after 9 months. As noticed by longtime Google critic Chris Soghoian - now a technical advisor for the US Federal Trade …
The Art of War
I spend a great deal of time searching for, browsing, viewing and blogging about topics in which I have absolutely no interest. I'm a member of both PETA and the NRA; ...both the ANC and the BNP; ...both Mensa and the US Republican Party. This technique should thoroughly confuse anyone monitoring my on-line habits.
@"confuse anyone monitoring my on-line habits"
Confuse for how long? ... The sampling period is the key to Big Brother monitoring. (This is why George Orwell's 1984 book showed the power of monitoring someone over their entire lifetime. It showed that once someone was minored for long enough, they could be exploited, controlled and manipulated by someone using their fears and desires against them). So you can obfuscate a few communications and in the process maybe make it confusing for (human) readers over days, weeks even months, but you cannot keep up totally random comments for years and even decades. So over longer sampling periods clearer signals will emerge from your apparent short term chaos. (It simply becomes a larger sampling period).
Make no mistake, every year machine learning research is getting ever better (not least because many thousands of companies worldwide are throwing collectively billions per year into researching it). Everything from small niche marketing companies right up to the scale of government security services and giant search engine companies like Google.
All that machine learning is simply to pigeon hole you ever more clearly. The danger of such a system isn't to alert the authorities at the first moment you say or do something wrong. Such a system wouldn't work as it would be snowed under with false positives. The power of a Big Brother system is its long term aggregate profile of you built up over at least a few years.
That aggregate profile is what Google and governments are working towards and that is the true power of Big Brother. The true power isn't just real time monitoring of every form of communications (which they are also aiming to do), its far more about the long term building of an ever better profile.
Political power (and business power) is gaining from herding large numbers of people behind your goals. If you seek political power you will never get everyone behind you goal, but you don't need to. You just need to influence enough people to accept what you are saying so that the opponents are powerless to stop you and so meaningless to your goals.
Look at how the majority of people are so easily influenced by politicians as it is. So many people fail to see through them and even many of the people who think they are cynical still fail to see totally through the words and actions of politicians. Its been this way for centuries. The concept of Machiavellianism was written about almost exactly 500 years ago by Niccolò Machiavelli (in 1513). Politicians have for centuries used cunning and duplicity to fool people into doing what they want. Now give that two faced Narcissistic kind of person the power of Big Brother and see how bad society will get as a result of the Narcissists increasingly getting their own way. Its what we are getting at the moment, with the slide towards an ever more Fascist world. But then the increasingly brutal unyielding fascist level of control is exactly the kind of world Narcissists want, because they want that increasing power for themselves. Therefore its no surprise the world is suffering an ever greater slide towards a Narcissistic level of control when the Narcissists are gaining ever greater power over everyone.
Knowledge is power and the more knowledge they have, the more power they have and Narcissists always seek ever more power over everyone. So sadly its no surprise just how badly they are seeking to remorselessly abuse technology to gain ever more power. Sadly we are heading into a nightmare world, but then history shows examples where ever few generations countries suffered similar levels of unyielding state control. (The Narcissists gain increasing power over the people, then the people fight back and reset the levels of control, then the levels of Narcissistic control continue to grow ever worse again. So countries oscillate between the levels of power the Narcissists in charge have over the majority of people.
Worse still with the exploitation of ever better technology, we are heading towards a level of state control and monitoring worse than any ever seen in history. But then the Narcissists who always seek power have always wanted the power to control people. So now by remorselessly abusing technology, they are getting exactly what they have always wanted. Which is ever more power. :(
Does the Art of War also involve....
...spending years leaving jucy stuff about yourself and your attitudes here?
I'm guessing you live in Canada in a forest (but near a town) that has no Cable TV*. You think Symantec suck. And i bet you are called Jeff. Possibly not Pooh.
Unless you also spend a lot of time inventing fictitious opinions to hold on various IT related topics.
Anonymous, obviously. And I've got my foil hat on.
*Hmmm. Having just remembered looking at Canada as I was flown over it once I don't think it narrows things down much and the black helicopters might need a bit more to go on. But I only spent about 10 seconds glancing at it all.
NSA/GCHQ/DSD And All The Other Folks Will Like This
...especially considering the fact Google Queries and Google Applications Data is NOT ENCRYPTED !
Just have a little device sitting "in front" of the Google data centers. The most incompetent SIGINTers will be able to do that. Actually, the "SETI" guys might do that with the traffic routed over satellite links (when they do not use your "signal searching screensaver" to break some cipher).
Google says that it can now predict "what you will do next day" with very good accuracy. I bet the Spooks like to have the same capability. Just imagine what you can gauge about political issues just by intercepting (individual or collective) Googleing sessions/query statistics.
What I'll do tomorrow... (the value of data)
Get up, check my mails, read some interesting looking articles on El Reg. Drink a dozen cups of tea. Go to work. Blah blah it's not interesting blah blah. Come home, check mails, pop by El Reg again, fiddle with PHP or watch stuff recorded by my PVR. Go to bed.
Oh, I'll eat and crap at some stage in the proceedings. You don't need Google to tell that, a random guess would probably be enough.
Moral/risks: More data means more accuracy, but only to a point, then excess data skews the picture. Like my supermarket store loyalty card. They probably think they've found the first elderly woman (from buying a magazine called "Plein Vie" aimed at retired women) who also buys "Elektor" and "Planet Japon". Not to mention the confusing dichotomy of organic vegetables to eat while slurping Pepsi. Any HUMAN looking at the list would probably guess either mother and son (correct) or elderly woman and toy boy (not correct, but same age disparity). Question is, though, can the supermarket's computer? Would Google? I have a list of things I tend to Google for, though El Reg articles can throw in some wildcards like that chick that married Clive Sinclair (sorry, never heard of her before...). My mother, usng the same IP address [*] , has a different set of things that Google is asked to look up. Can Google tell the difference between us? Or is the data painting me as an oddball? Well, odder than I'd admit to. :-) This, coupled with the apparent inability to access/correct such collected data (what, no DPA provisions?) means that increasingly the data collected will have less and less useful value. I just did an image search for Maggie Thatcher, no reason, just to screw up any collected data...
* - what is this obsession with storing IP addresses? Just now my IP address was 188.8.131.52. I reinitialised the connection and I am now 184.108.40.206 [don't bother saying hello, the Livebox is set to block all incoming, no world-accessible servers running at this time]. I probably will be something else come Friday. Note, for what it is worth, that the last three bytes are different, so "obscuring" the final byte won't make much difference. There is NO IP address that ever actually points to me, over and above the one I am currently assigned at any specific moment.
Just imagine what you can gauge about political issues just by intercepting (individual or collective) Googleing sessions/query statistics.
They don't need to spy on American citizens to tell what our political issues are. All they need to do is read what people are saying. People are pissed off at the Constitution been destroyed, the lies, the financial theft and refusal by the senate to get to putting a stop at the root of the problem (Over leveraging and fraudulent loans), the corruption, the police state insanity, the bailouts, the healthcare INSURANCE scam, the attacks on the CODEX, the malicious use of electronic voting machine, the oath of office breaking, the 99% Corporate ownership of the public spectrum, the same D vs R paradigm and fascism everywhere we look. It's like the officials want a scorched Earth, and taunt the people to have a showdown so they can call us all domestic terrorists, and declare martial law.
Keep in mind, it isn't all Government employees who are corrupt, it's the ones RUNNING THIS CRAP.
@ Heyrick re: IP addresses
Lucky you - my ISP will usually reassign the same IP unless I disconnect for a few hours.
it's got nothing to do with your IP. All your actions are related to your cookies, which will appear to move with your IP change (if you know what I mean). Searches you did on your old IP will be added to searches you do with your new IP.
All the other stuff you said I agree with.
But cookies are no use...
....if you use different machines all the time and reimage frequently.
And from different addresses. And from wireless hotspots.
How can they possibly (beyond reasonable doubt) link these disparate threads together to identify an actual individual?
I wipe all private data, including cookies after every session at home. I personaly don't give a flying fig what they get from me at work, Our IP address is used by thousands of (L)users every day.
Beyond reasonable doubt?
"Cookies are no use if you use... different addresses. And from wireless hotspots.
How can they possibly (beyond reasonable doubt) link these disparate threads together to identify an actual individual?"
With a combination of IP addresses and cookies it's going to be very difficult to stop people correlating your different identifiers, especially if whoever is doing the monitoring can monitor multiple sites. You might reset your Google cookie but what about your web mail service or Amazon or Facebook browsing? Log on to another site with an existing cookie or username that identifies you and the association is immediately there again, for EVERYTHING you do in that session.
And who said anything about "beyond reasonable doubt"? It's all about statistical profiling. We all know the stories about innocent people being put on no-fly lists just because their name is slightly similar to someone the authorities are suspicious of. How long do you think it will be before people are mysteriously turned down for a job they're eminently suitable for, just because they once used a public WiFi to check their email and happened to get the same IP address as the previous person who did a Google search for something dodgy?
If there's one thing Google are good at (and intelligence services too, one presumes) that's finding subtle patterns and connections between different pieces of data. Resetting your cookies occasionally and relying on a few different IP addresses really won't help you at all if you expect your browsing habits to remain anonymous.
@ heyrick, who just did an image search for Maggie Thatcher
You poor dear! Are you going to be okay?
Echelon Is Google
>>"We strike a reasonable balance between the competing pressures we face, such as the privacy of our users, the security of our systems and the need for innovation," reads the company's privacy FAQ.
What they really mean is, "We balance our desire to retain and monetize as much information as possible against the need to pacify the security wingnuts." Since LEA interests are pretty well aligned with Google's it's just a matter of pacifying the public by telling them what they want to hear. When GOOG fails to live up to their promises they can expect a Get Out of Jail Free card from the DOJ, just like the one given to ATT for the felony wiretapping they committed.
@Those Who Think They Can Create Noise
Surely you can create some noise for some time, but the Googlers are not the same types as the dimwits of AOL.
They will run *all* off the data they can get through some sophsiticated statstical analysis algorithm and the noise you created for two days will be a mere abberation from the data they gathered over the last eight years. Remember, they have a nice cookie set and surely they will try to link up successive cookies if you have deleted them. I bet they even try to model the way your ISP is assigning Ip addresses to users.
If they are not already completely in bed with them. Apparently Vodafone Germany delivers MY STREET ADDRESS to Google's location service. (I deleted all cookies before I tested it).
Certainly one could create some real confusion by running TOR and sophisticated "noise generators" (which already exist)... TOR is a PITA, though.
need I remind anyone about traffic dilution
FireFox + TrackMeNot widget from mrl.nyu.edu/~dhowe/TrackMeNot
I've recently autonomously made these queries over a typical 3 minute period to the profilers!
[QUERY] engine=google | mode=click | query='National Parks in Tuscany Region, Italy' | url=http://www.traveltuscany.net/tourism-in-tuscany/parks/ date xx xxxx
[QUERY] engine=aol | mode=timed | query='Sybase Ships Adaptive Server' date xx xxxx
[QUERY] engine=aol | mode=timed(i) | query='Sybase Adaptive Server' date xx xxxx
[QUERY] engine=yahoo | mode=timed(i) | query='Sybase Ships' date xx xxxx
[QUERY] engine=google | mode=burst(i) | query='Sybase Ships Adaptive Server' date xx xxxx
[QUERY] engine=aol | mode=burst | query='about what matters"' date xx xxxx
[QUERY] engine=yahoo | mode=burst | query='discuss your with' date xx xxxx
[QUERY] engine=yahoo | mode=burst | query='removing them -presupuestal' date xx xxxx
[QUERY] engine=yahoo | mode=burst | query='American' | qpm=Na date xx xxxx
[QUERY] engine=google | mode=click | query='Sybase Forums,Unix Forums-Sybase Adaptive server|Replication ...' | url=http://www.sybaseteam.com/xxx date xx xxxx
[QUERY] engine=yahoo | mode=burst(i) | query='about American history' date xx xxxx
[QUERY] engine=yahoo | mode=burst(i) | query='about that' date xx xxxx
[QUERY] engine=yahoo | mode=burst(i) | query='American history that' date xx xxxx
[QUERY] engine=yahoo | mode=burst | query='della sicurezza' date xx xxxx
[QUERY] engine=yahoo | mode=burst | query='alleanza nazionale battipaglia' date xx xxxx
[QUERY] engine=yahoo | mode=burst | query='Erweiterte Einstellungen Sprachtools' date xx xxxx
[QUERY] engine=yahoo | mode=timed | query='Same-sex marriage in the United States' | qpm=13.259 date xx xxxx
[QUERY] engine=yahoo | mode=timed | query='veyron mustang' | qpm=13.357 date xx xxxx
[QUERY] engine=aol | mode=timed | query='organizzazioni professionali della produzione' date xx xxxx
[QUERY] engine=aol | mode=timed | query='colloquio' | qpm=12.926 date xx xxxx
[QUERY] engine=aol | mode=timed | query='removing them broadens' date xx xxxx
[QUERY] engine=yahoo | mode=timed | query='American history' | qpm=12.487 date xx xxxx
[QUERY] engine=google | mode=timed | query='either have turned' | qpm=12.270 date xx xxxx
[QUERY] engine=yahoo | mode=timed | query='sharp images' | qpm=12.088 date xx xxxx
[QUERY] engine=yahoo | mode=timed(i) | query='sharp images' | qpm=11.945 date xx xxxx
[QUERY] engine=bing | mode=timed(i) | query='Public sharp images' | qpm=11.723 date xx xxxx
[QUERY] engine=yahoo | mode=timed(i) | query='Public take sharp' | qpm=11.545 date xx xxxx
[QUERY] engine=aol | mode=timed | query='more liberal' | qpm=11.423 date xx xxxx
[QUERY] engine=google | mode=timed | query='para publicar sugerencias' | qpm=11.234 date xx xxxx
[QUERY] engine=aol | mode=timed | uery='lesbian couple that wants' | qpm=11.092 date xx xxxx
and I frankly have no need to conceal my internet activities, but I do have a standpoint on interweb privacy loss. I presume theres a backhole and it doesn't annoy the official spooks, but it sure will make a rather large randomish spike in profiling. By encouraging others to use FF+TMN then there become many large randomish spikes.
Scroogle SSL + delete cookies every now and then
I don't care how long Google keeps Scroogle's IPs.
Every single communications provider I have ever worked for (about 8 so far) have what is euphemistically referred to as 'the hush hush room' where only the top bods in the security field have access to.
I'll leave the rest to your imagination, or you could just ask Rob Schnieder after getting him drunk :)
Delete cookies on browser shutdown?
So remember to delete your Google cookie regularly. Firefox deletes all cookies when I close the browser here, and occasionally I'll go through and see what interesting cookies I've gathered and decide whether to ban sites from setting them.
cookies aren't the only fruit
there was a (or are many) Browser Test page(s) which you could surf at , even with FurFox and anonymisers, and there are sufficient leaked data points about your specific browser (version, OS, plug-ins, languages, country, etcetera) eg I have RealPlayer 10 available to my browser, QuickTime Installed (Version 7.6.6), 80 - 1755 - 554 are open ports, Flash Version 10 (Version 10.0 r45) ..... that very soon you have a unique or almost unique worldwide browser fingerprint!!!! Deleting cookies does not change any of this other metadata. Privacy is rather hard to reclaim at this WWW+21 age
No doubt this one (IP) is the baddie. It is the old "somebody must be buying this crap" argument of email SPAM. NO! Once and for all somebody (Google) must have been paid in advance to promote this crap, regardless of the nature or "quality" of the aforementioned crap.
The only way to disconnect the IP address is to "obfuscate" all 32 bits as "market research", if in fact you intend to offer the eventual product to any 32 bits.
Google, please stop aiding Goldman style Confidence Games and Madoff style Affinity Scams. If that is the company you keep, you had better learn to do Evil for self-protection.
"There is NO IP address that ever actually points to me"
This is why the world wants you to move to IPv6.
Hasn't anyone ever considered not permitting them in the first place? I make sure I whitelist cookies for the few services I've decided to trust (google is not one of them, nor's Bing). I have very few problems, the few sites that depend on me having cookies for no apparent reason, I live without. Occassionaly I temporarily allow a site if it's trying to persist a shopping cart or similar.
Try it, it's really not so bad.
Just set Firefox to turn all cookies into session cookies, deny 3rd party cookies, have a blacklist of "bad" cookie providers, and a whitelist for the very rare occasion where you need to keep one, then just use Scroogle SSL as well.
For the extra paranoid, like me, either Firefox's add-on BetterPrivacy, or, just schedule a script to delete Flash Cookies at regular intervals...
"We believe . . ."
"We believe anonymizing IP addresses after 9 months and cookies in our search engine logs after 18 months strikes the right balance."
Oh yeah ? Well I believe that anonymizing my IP address after 9 days and not retaining cookie data in your search logs strikes a perfectly reasonable balance in my eye.
In fact, I don't see why you need to log my IP address for more than a day. Once you've had no connection from me for more than 3 hours it means I'm in bed and you should anonymize my IP address right away.
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
- In a spin: Samsung accuses LG exec of washing machine SABOTAGE
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed