http://leaptag.typepad.com/leaptag_by_yoriwa/2007/02/google_the_spy.html
Google the Spy? The issue of privacy has long been a big interest of mine and lately I have seen it become an important topic in the world of free internet services. You can see some of my views on privacy in a previous <http://leaptag.typepad.com/leaptag_by_yoriwa/2006/11/some_thoughts_a.html> post. John Battelle asked a crucial question about ownership of Google search profiles on his <http://battellemedia.com/archives/002851.php> blog, which was followed by a very interesting comment discussion. That question was: who owns my personal search history? Something happened to me recently that turned this discussion upside down. A couple of months ago, l was pitching our product to a VC in a coffee house in Palo Alto. He wanted to compare LeapTag to Google Personalized Search, so he logged in to his Google account from my laptop. We had a nice discussion. A week ago, I received an email from him asking me if the following searches were ones I made recently, and he included a list of searches. My jaw dropped! Those were all searches I made a mere half an hour earlier - two months after our meeting. I realized that he had never logged out of my laptop, and that all the searches, personal and professional, that I had done for the last two months using my laptop were now part of his search history. He had access to all of it - as if it were his. Now who owns what? I cannot begin to express how violated I felt. He had access to all my searches which could potentially reveal a lot about me. I had no idea what he now knew. I cannot even access those searches myself to find out. So, right now, I have no idea what my exposure is. I think with Personalized Search, Google has created a tool that not only allows Google to spy on people but also allows people to spy on each other. Since then I have performed a test to verify this behavior. First I created a Google account called "GoogleSpy" :-). I logged into that account from a different PC at work and then I logged in to the same account from my laptop. Google was happy to let me log into both machines and did not log me out from the other (we know from experience that Google does not log you out even after two months!). On my laptop I performed a couple of searches. Here is a screen shot for one: <http://leaptag.typepad.com/.shared/image.html?/photos/uncategorized/spy_on_ my_laptop.jpg> <http://leaptag.typepad.com/.shared/image.html?/photos/uncategorized/spy_on_ my_laptop_1.jpg> Spy_on_my_laptop_1 Now, the only indication that something may not be right is the login name in the upper right hand corner. Busy people that we are, who notices anything in the upper right hand corner? Then I went to the other PC. Both of my searches appeared immediately in my search history (pretty fast service I have to admit :-)). Here is a screen shot: <http://leaptag.typepad.com/.shared/image.html?/photos/uncategorized/search_ history.jpg> <http://leaptag.typepad.com/.shared/image.html?/photos/uncategorized/search_ history_1.jpg> Search_history_1 The first search is one I made from the PC and the last two are searches I made from my laptop. Yes, I did give my permission for someone to log in to their Google account from my laptop. However, I reasonably expected Google to log him out after a while even if he did not log himself out. Then I realized that this is probably not a bug, but rather an architectural limitation. Google cannot tell when a person has finished using a particular computer or if in fact if that person actively uses multiple computers. For personalized search to work well, Google needs to capture all of a user's search activity. While doing that aggressively, Google became a tool for compromising my privacy. As a result, my search results are not only "owned" by someone else, I don't even have access to them. I don't want to accuse Google of building spyware because I don't really think that is their intention. But in effect, Google Personalized Search can be used as spyware. So who owns my search results? Apparently not me. - Cuneyt
<<attachment: spy_on_my_laptop_1.jpg>>
<<attachment: search_history_1.jpg>>
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
