I was reminded of Sun Microsystems’ Scott McNealy’s infamous sound byte (used as the title of this article) when I read about Google CEO Eric Schmidt’s foot-in-mouth moment during a recent CNBC interview (YouTube Link). Here’s what Schmidt said: “I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. If you really need that kind of privacy, the reality is that search engines — including Google — do retain this information for some time and it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.”I think the portion of that statement that’s sparked the most outrage is the “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place” part. That’s a colossally boneheaded thing to say, and I’ll bet Schmidt lives to regret being so glib, if he didn’t regret it within minutes of it leaving his mouth. As many people have pointed out, there are a lot of things you could be doing or thinking about that you don’t want other people to be watching or to know about, and that are not the least bit inappropriate for you to be doing, such as using the toilet, trying to figure out how to cure your hemorrhoids, or singing Miley Cyrus songs in the shower.
As Bruce Schiener points out in his prescient 2006 rebuttal of Schmidt’s point:
For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that — either now or in the uncertain future — patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.
And this is even if you’re not living under totalitarian rule and are only fearful of embarrassment. When you take into account the danger of an over-reaching government using what it knows about you to persecute you for your ideas, the thought of ubiquitous surveillance becomes even more terrifying.
What Eric Schmidt actually said isn’t defensible, but what I think he was actually trying to say does deserve some consideration. The cautionary statement that makes up the second part of the quote is, I believe, quite worth saying. And worth remembering. For various reasons, Google and everyone else keeps information about the searches you’ve made, and these searches are associated with an IP address that, with the cooperation of your ISP, can be traced back to you. Unless you’re purposely obscuring your actual origins using something like TOR, and assiduously managing your browser add-ons and cookies, you’re going to be leaving a trail of breadcrumbs when you’re conducting your normal business online.
Depending on which country you live in, government agencies have various powers to compel online service providers, such as Google and your ISP, to give them whatever information they might have about your identity and activities. As for the US, to which Schmidt was referring specifically, like it or not, the post-9/11 Patriot Act made it easier for law enforcement agencies to get this information. The only way for a company like Google to avoid having to give this information over is to either not collect it at all or not store it for very long. And this is where the conflict lies. Service providers have to make a tradeoff between convenience and privacy.
It’s convenient for the service provider to keep your information, because your profile and history make it easier for them to customize their offering to you, both for your own benefit (targeted content) and theirs (targeted advertising). We even willingly sign up for services like this. I personally find it very convenient that when I’m logged into Google, I can go back through a history of my searches, to be reminded of a site I found a while back that I’d like to find again.
There’s also a big difference between personal information that’s being kept for a matter of convenience and information that’s being kept because it’s integral to the service’s function. Obviously, there’s no way to have any kind of webmail without the service provider holding onto an awful lot of very personal information. Even if Google were fanatical about expunging ephemeral personal information such as your search history, there’s no way around holding onto all your embarrassing love letters or correspondence with Al Qaeda if you’re using Gmail. And even if Google were scrupulous about never using or looking at your email that it holds for you, it’s powerless to prevent the government from snooping in, in accordance with local law.
As more and more people are depending on online apps, and especially if Chrome OS and its ilk herald in wide adoption of computing devices that store much or all personal documents and data with online services, this tradeoff between convenience and privacy will come to the fore.
There are actually a whole multitude of privacy issues to worry about:
- The idea that governments have made it easy and automatic for themselves to gain access to private information online, and in many cases are data mining or surveilling everyone, not just crime or terrorism suspects.
- Private companies have in some cases been too compliant when the government has requested information even outside of what’s required by law. (AT&T, for instance)
- Companies keep more information, and keep it longer, than they reasonably need, even considering their services’ functionality and the convenience factor.
- People are ignorant or blasé about entrusting sensitive information with online services.
- People who would never trust some foreign totalitarian regime don’t notice that their freedoms have been undermined by their own governments, usually in the name of fighting “terrorism” or “crime.”
- Once governments have access to widespread surveillance powers, they always end up over-reaching, and use that surveillance in any way they see fit, not just for “anti-terrorism.”
- Even when the government’s not involved, there’s always a temptation for a company to sell whatever information it has about you to whoever will pay, and once your data starts to spread through the marketplace, it becomes an easily exploitable commodity. Sensitive personal data on anyone can generally be bought for a few dollars.
- It can be extremely difficult to stamp out false or easily-misinterpreted information about you that’s contained in the various commercial databases out there.
- You’d be astounded at what personal information about you any random private citizen has access to. Read this recent Wired story for an example.
- When you bring “black hat” techniques into the picture, your privacy is even more tenuous.
Of course, most people are unconcerned about privacy issues either because they are ignorant/unaware/apathetic, or because they figure that they have nothing to hide. And of course, in most cases the online services that guard your data are filled with decent, principled people who won’t exploit your data and likewise your government is staffed by upstanding, civic-minded people who are unconcerned with your activities unless you draw their attention by publicly arousing suspicion. To some extent, privacy gadflies are both paranoid and shrill. That being said, history has given us plenty of examples of governments becoming corrupted by paranoia and being willing to trample on everyone’s freedoms in order to “protect” its citizens from “bad people,” real or imaginary. Likewise, profit-driven companies have proven all too willing to sell out their customers to make an easy buck.
And even if your current government is virtuous, or the current management of a company is principled, you’re always just one election, revolution or corporate takeover away from a new, less-ethical regime. If the infrastructure is in place for abusive surveillance, at some point it will be used. As they say: who watches the watchmen? This is why privacy advocates are constantly fighting the erection of scaffolding, even when most people find the scenarios far-fetched.
“Security by Obscurity” is a term of derision among computer security professionals. If your security regime isn’t based on proper fundamentals but instead is based on tidbits of secret knowledge, it can be trivially easy to guess or brute-force the secret tidbit. And while it makes little sense for software engineers to depend on keeping the door key under the mat, when it comes to protecting your privacy, particularly from the government, security by obscurity can ironically be the most effective.
If you don’t want governmental or corporate busybodies viewing or misusing your personal information, the best solution is to keep them unaware of it. Even strong encryption is inferior to old fashioned inaccessibility in the sense that a concerted effort can often thwart encryption, and even if it can’t, the existence of mysterious encrypted data can arouse enough suspicion to prompt the law enforcement authorities to investigate other areas of your life with increased vigor. Keeping your personal information out of the hands of the myriad online service providers serves your privacy interests mostly because it’s so easy for someone to gather up and analyze that data (without your knowledge) if it’s out of your control. Of course, if you’re so conscientious about good data security (such as encrypting everything) that you have an abnormal data profile, that can cause you to be branded a suspicious individual. So to some extent, there’re security by obscurity in also trying to look like a normal person and blend into the crowd.
The important political point to make is that guarding privacy is a two-front battle: fighting against the erosion of freedoms leading to overly-powerful government, while also promoting good data security practices that would thwart abusive surveillance if it were to come to pass. In other words, fighting the totalitarian infrastructure while witholding the raw material that the surveillance society depends on.
So back to Eric Schmidt and Scott McNealy. Schmidt is correct that his company is powerless to withhold your information from the government, and is unwilling to sacrifice the features and convenience that Google users eagerly utilize every day. McNealy is correct in that we have less privacy than most of us think we have (though it’s not zero). But they’re dead wrong (and they should be ashamed) that there isn’t a legitimate desire to keep private things private and that we should “get over it.”
“gay biker porn” and all the other nice things people search for on the intertubes
I advocate repealing the Patriot Act. It’s refreshing to see an article from a non-political news source which shows the bad points of such legislation.
As questionable as the value of the Patriot Act is, in the grand scheme of things it will have little effect on your privacy.
The problem is – and I think Schmidt alludes to this – is that MANY, MANY parties log electronic communications, and any one of these can be an avenue back to authorities, fraudsters, your future employers, etc.
Take online backup sites – do you think your files are safe because they’re encrypted? Nope – all the major online backup providers I checked retain the right to decrypt your data (although some will require a warrant).
The real test of privacy is if companies which offer anonymous/protected services are legally allowed to operate. Is it legal to sell encryption the government can’t crack? Is it legal to pipe your access.log to /dev/null? In other words: is privacy illegal?
Uhh. Yes, it is completely legal to sell US citizens encryption the government can’t crack. (You cannot export it)
In America our laws are setup where the government is granted specific rights, so until congress passes a law stating you cannot sell uncrackable encryption, it is legal.
Not understanding this difference is pretty much where every stupid fascist law we have comes from.
The real question is if it is legal for storage companies to use the key to your encrypted files except when a warrant is issued.
Another question would be; “why does the backup company have your private key in the first place?”
If I’m storing truecrypt-ed backup blobs to a third party storage services, I’m surely not going to be emailing the key to them for safe keeping with it. If someone wants my blob files decrypted then they can bloody well provide just cause and a court order.
Even having never actually used such a service myself, I’d kinda expect that they’d do the encryption on their end, both to provide a degree of transparency to the end-user (“just send us your files, and we’ll magically encrypt them for you at some point”), and possibly precisely so they can guarantee their own access to that data later, if they need it (like if they’re compelled by court order to turn over your data).
If you just buy space on some remote pool of storage, then sure, send it whatever you want. I’d expect a consumer-oriented backup service to try to make the process as simple and transparent for the client as possible, so I’d expect the service provider to handle the encryption on their end.
The question first struck me with Amazon’s storage service; do they store my data in such a way that it is an encrypted blob only accessible by me? The only way I would consider using one of these services would be as a duplicate of my backup archives in encrypted form. This on the basis that I’d be using it as an off-site backup since the service adds no advantage for me as an active data storage (I call those flashdrives or ye-old port 22 back at the ranch
).
My thinking the other way is that it’s unlikely to be encrypted on the server side. Provided they can differentiate which files belong to which user; why add the expense of managing encryption beyond the ssl tunnel for the network traffic. I honestly would like to think that storage providers are setting up double-blind encrypted storage for the users but it’s not likely. If the user didn’t encrypt the files then I don’t forsee them not being cleartext in the storage providers database.
(this is something I’d rather be corrected on rather than correct about though)
I have been using Wuala for some weeks now and they encrypt the files with my private key on my computer, it doesn’t leave the computer as far as I can see, though of course that might just be an appearance and their license stuff might lie about the key staying on my computer and them not being able to decrypt my files.
Wow, actually that’s great to hear of a storage provider who seems to be doing it right. I’ll have to look into that further.
I wasn’t as clear as I should have been. My opinion is the only person who should hold the key to your data is you – companies shouldn’t keep an extra set of keys and thus should never be in a position to even be able to comply with a warrant for your unencrypted data.
Thus if the government wants your unencrypted data, it should be serving YOU with a warrant for it.
So again, the real question is: can you sell security that the government can’t bypass? Your question is moot if the company doesn’t have the keys, and if the answer to my question is indeed “yes” then why don’t they?
Today I was reading up again on the sequence of events as the Berlin wall fell and how the eastern bloc countries liberated themselves from their oppressive governments. I remember this all happening in 89, one country at a time but had forgotten the details.
Anyway the scary part was to come much later as citizens in each country eventually were able to read their secret files and no computers were used for any of this. Its scary to think we are all open books to some degree. It almost makes me want to go offline but then I’d be ignorant of the world events.
I vaguely remember some situation in the 1970s where the FBI had gotten involved with someone; pulled him out of bed during the night, and had more information on his life than he practically knew himself.
I only hope my life is more interesting to some government group than it is to me.
I’m so glad I don’t live in Singapore. There was an incident over a year ago where a man and woman were arrested for being naked in their own home but the neighbour who photographed them was not arrested since he reported the crime. Yes, it’s against the law to be naked in your home.
Do they take showers in underwear? Keep socks on when they have sex? Just curious…
I guess their clothes just have zippers in odd places.
I’ve asked about such things and no one will give me an answer. 😀
What’s also strange is that the stores sell chewing gum, but it’s against the law to chew gum in public–mostly because of the sticky nuisance on the ground but seriously, don’t sell it, if people aren’t allowed to chew it everywhere.
Exactly. That’s one of the issues that the Canada’s “Personal Information Protection and Electronic Documents Act” attempted to address. According to the act, any organization that collects personally-identifiable information must provide a privacy policy that outlines what information is collected, how that information is used, and how long it will be retained.
Of course, PIPEDA is also a good example of what *not* to do – since it’s been almost entirely un-enforced in the 5 years since it was made federal law.
You’re just saying that because you’re a tool of the man!!!!! (sorry, couldn’t resist)
Actually, I think PIPEDA does do some good, at the university I work at, if you decide not to attend, your info is deleted after 1 year.
This is to stay in compliance with PIPEDA, even if it is not widely enforced, the University decided to err on the side of caution, so even if it is not enforced, it MAY be enforced in the future, so a lot of organizations adopted policies just in case.
It is beneficial to have guidelines, but the lack of enforcement means that they are treated only as guidelines/suggestions.
The biggest example I can point to is the Domain Registry of Canada – they collect personally-identifiable info from the WHOIS database for their domain slamming scam, a clear violation of PIPEDA I’d say. Yet they’re still at it, half a decade after PIPEDA became federal law.
Under PIPEDA, you can (and kind of have to, or you business wouldn’t work) keep info for individuals that you have a current, or near current business relationship, so the domain slamming scam doesn’t come under PIPEDA, as the Domain Registry of Canada must maintain a WHOIS DB about all current and recently expired domain names.
True, but by my (IANAL) interpretation, that would only apply to actual customers of the DROC who have purchased domain registration through them.
The targets of their scam are customers of other registrars, who the DROC sends sales/transfer solicitations (designed to look like legit renewal invoices) using information from the WHOIS database.
Are you thinking of CIRA (Canadian Internet Registration Authority)?
I’ll go ahead and say it: his statement was completely defensible. He’s clearly talking about search engines, not about what people do behind closed doors and shuttered windows.
People ought to stop this business of taking one sentence completely out of context and making a mountain out of a molehill.
I actually agree with him as well. If you are somehow wishing to keep what you are doing a secret, one needs to ask themselves why they want to keep it a secret. Many times when I catch myself doing this type of self moderation, I am doing something that I shouldn’t do in the first place.
However, semantics are everything, right? Or is perception king?
When I browse for porn, I’d rather keep that a secret. Not that my porn preference is that exciting, it’s just that I’m rather prude and find anything related to sex something very, very personal that’s really none of anyone’s business. I don’t want anyone else to see or know anything about me in that area.
I also wouldn’t like anyone else to know any condition I might have. Not that I Google that sort of thing (never use the internet for healthcare issues, go see your physician), but I know a lot of people that do.
This is not about criminal activities – this is about perfectly legal and normal activities that I want to keep to myself.
You just posted a comment under your real name saying you browse for porn… so much for privacy
A really poor choice of example. The porn sites are most certainly recording who visits their sites, and I’m sure you’d agree that they have every right to do that, since you’re accessing content they’ve provided, probably on their servers, too. So there goes any privacy, unless you think a corporation’s possession of browsing habits guarantees your privacy. Then they will share that information with each other to figure out your preferences and what they can do to increase your number of visits, credit card charges, etc.
Then there’s the whole issue of cookies, so they’re probably checking what non-porn sites you visit, too, which eliminates even more privacy.
A much better example would have been visiting jihadist websites (hello, NSA data miners). Fancy a scholar who visits the websites for legitimate reasons, and thus gets put onto a Big Brother watchlist. But even there privacy is lost.
Porn sites are prefect examples. You share your private information with sites or people you trust.
I trust that porn sites will not share that information with my mother. Security through obscurity is real and practical for many purposes. There is theoretical security, then there is real life.
It’s a terrible example. Do you really think that most people visiting porn sites know what and how much information they’re sharing with those sites, or of how easy it is for someone to snoop on them while doing it? I doubt it.
You also think porn sites are trustworthy? Do you think most people who visit them, believe the sites to be trustworthy? If so, they’re gravely mistaken. Porn sites have been known to embarrass users by obtaining private information without permission and (for example) emailing them image-laden links. (“That must be spam, dear; I have no idea why that company imagines I would be interested in their products.”)
I think in general, his statement of not doing anything you don’t want others to know about is a good practice to live by, as I don’t tend to do anything ‘behind closed doors and shuttered windows’ that I wouldn’t want to appear in tomorrow morning’s headlines. I don’t think the world would want to know that I was jerking off last night while looking at porn, but I don’t really care if they know either.
If you’re on the internet in the middle of the night looking up stuff that you would be ashamed for your mom to know about, then maybe you shouldn’t be doing it in the first place? Just a thought.
http://tinyurl.com/ycrszhr
Edited 2009-12-11 16:15 UTC
My Mom doesn’t need to know specifics. Do you want to know specifics of your Mom’s sex life?
What if your mom is very religious and you love her, and want to maintain a relationship with her? Obviously looking at porn isn’t against YOUR morals, but it could ruin your relationship with her. Your philosophy only works in certain circumstances, such as you’re a loner, you don’t really need a job etc.
If it does, then it does. I wouldn’t do it in front of her or at HER house, but if it somehow got around to her that I was doing it at MY house and she chose to disown me for it or whatever, then so be it. In other words, I have enough respect for a person not to do certain things in front of them if it offends them, if I can possibly help it, but if they don’t have enough respect for *my* values such that they can’t/won’t let me do my own thing away from them (assuming I wasn’t hurting/abusing somebody else), then f**k ’em.
Google deals with a lot more than just search. Remember, they own many people’s email, personal conversations (Google Voice), location (Latitude) and all sorts of other bits of data (Wave, etc). I would not want a company with this kind of attitude to privacy in charge of all of that. (Which is why I don’t use any of those things…)
Do they really own the email, or do they merely store it for users’ convenience? I’m not clear on that one.
Anyway, expecting privacy in email is also a bad idea, considering that it goes through a large number of computers on unsecured lines. If you encrypt your emails, okay that would be helpful with privacy, but I don’t use Google Mail so I don’t know how it works with encryption.
But otherwise, if you’re having a torrid affair and you talk about it with her in emails, it’s quite possible that a private investigator (or the Mob) could snoop and nail you.
Agreed. If you add the qualifier “in public” to his statement, it seems rather innocuous – if that’s what he meant (and that’s how I read the statement), then he’s essentially just stating the concept of “reasonable expectation of privacy.”
That would make people think twice about Cloud Computing. Convenient? Yes. But what is the trade off? Your privacy.
The idea that people who don’t feel the need to hide who they are and what they do are some how less individual is completely ridiculous. Individuality is, in my humble opinion, being honest about who you are and what you believe, both to yourself and others. It has absolutely nothing to do with what you hide from other people.
Edited 2009-12-11 04:53 UTC
Individuality, in this context, is the state of being distinct from others. It generally implies that an individual is slightly different from other individuals, although this isn’t a technical requirement. People, to validate their own choices and quirks, tend to object to some of these differences, insisting that their way is the best.
Privacy protects one’s ability to be different in objectionable ways. Without it one is forced to defend one’s behavior. This will cause most people to take the easier route of not “being honest about who you are and what you believe”. Therefore, privacy has absolutely everything to do with individuality, for if we lacked individuality there would be no need for privacy.
Hi Not so much as a reply but I found your post a good place to leap from on a tangent.
In a slightly different context, William Burroughs if memory serves talked about spies being blackmailed during the Cold War for being homosexual; the answer would be in Burroughs’ eyes for the spy in question to roar: “I’m a queer, and I luuurve it”. So, one defence against all this is to be exactly true to yourself,
In the real world, though, I can be selective about who knows what about me. I tell my friend, not my mom, for example. It’s to do with an admixture of trust and utility (and a whole load of other interactions) – what will mom gain from this were I to tell her, what would she think of me, do I know myself how to fully explain it? – You get the picture.
In the Internet world, what is happening isn’t really to do with some lofty goal of global self-realization and authenticity, or even, on a more tawdry but still insightful level, with the Warhol idea of all being famous for some brief span.
It’s to do with the major search engines wanting to bolster their relative offers of accommodating real-time information gathering, so that they can beat each other in the market, so that (the irony) *private* companies can benefit from telling me that the world is going that way.
I suppose let’s just make it equitable – let’s lift privacy for everyone: companies, the military, corporations, the police, as well as the ordinary citizen. otherwise, there still must be value in privacy that I, or anyone else for that matter, can claim is real, and pertinent.
“In a slightly different context, William Burroughs if memory serves talked about spies being blackmailed during the Cold War for being homosexual; the answer would be in Burroughs’ eyes for the spy in question to roar: “I’m a queer, and I luuurve it”. So, one defence against all this is to be exactly true to yourself,”
Except that at that point homosexual acts were still illegal in many places. So doing that would’ve been a one-way ticket to prison. (There’s another great indicator of the importance of privacy).
Point taken but the reason why homosexual relations no longer constitute a criminal act in many states now is that people went out on the streets and turned private “shame” into public pride. This process will continue, and it’s already shaking the foundations of some very conservative institutions – i.e., the Christian Church (look at the turmoil in the Anglican Communion at the moment on account of someone who is frequently named as “the *openly* gay Bishop”. Everyone in the AC knows there are hundreds of “screaming queers” (not meant in a derogatory way) in its ranks. It took just one person to voluntarily shed their privacy to trigger the public debate that will change that particular branch of Christianity fundamentally (it is to be hoped, at least!))
When one is constantly observed then one changes behaviour to conform to what is considered the ‘norm’. THe result is rather than individuals you have masses conforming to an idealised expectation for fear of not wanting to look out of place.
For me I don’t like the idea simply because it creeps me out when people are looking into my life, look at me, looking at my details – the same way that it creeps me out being in a large crowd of people.
Indeed. It’s about what one chooses to share. Not about our credit card numbers.
Two individual’s renditions of the same Broadway hit:
http://www.youtube.com/watch?v=lupNzpcpDRk
http://www.youtube.com/watch?v=tDPNt1ybQQ4
This video states that Google deletes the last byte of logged IP addresses after 18 months:
http://www.youtube.com/watch?v=kLgJYBRzUXY
I can’t find any mention of it in any text Privacy Policy though…
Edit: Here’s a more recent (Sep. 2008) post from the Google Blog announcing that the retention time has been cut in half to 9 months.
Edited 2009-12-11 05:05 UTC
AOL went to greater lengths to anonymize their search data in the debacle a while back where they decided to dump it to the public. Didn’t take long for the search data to be pieced together and wind up with some innocuous citizen appearing on the evening news.
The announcements you’re referring to were PR spin to placate the public, and the EU, who were asking questions that were making Google nervous. IP addresses are only one piece of the puzzle, with enough additional data, they’re not even necessary to identify users, as the whole AOL thing proved.
http://en.wikipedia.org/wiki/AOL_search_data_scandal
I thought it was last year that researchers managed to take some blobs of anonymized data from Google and reconstruct it providing identifiable user and machine details.
Google’s ‘anonymization’ is pretty much meaningless. See: http://www.theregister.co.uk/2008/12/17/yahoo_anonymization_explain…
His comment sounded to me like, “we will retain things for as long as we feel like, because that’s important to us; your privacy is not.” This hurts the move towards online services. Many service providers should understand that retention timelines are part of the value proposition for the service. There is no reason to retain personally identifiable search queries for any length of time at all. Aggregate useful statistics, and delete it.
Is this where Google (finally) loses its Teflon coating as a for-profit pro-consumer company?
There is one basic problem about keeping privacy while surfing the internet…
The internet does NOT reside in the US only. It is distributed EVERYWHERE.
With that being said, I put a server in Russia/China and start grabbing data from Google searches etc etc and cache it on my own infrastructure. How do laws from the U.S. affect those servers? They simply DON’T!
So going back to the comment that Schmidt said, I quote “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”, then this obviously does make sense at least from my point of view.
Don’t get me wrong, I am against the Patriot Act, or at least the implementation of it, but once the information is on the internet is it almost near to impossible to go back and repair/erase.
Please any of you that are so careful, get Maltego or one of those applications and search for yourself, phone number, SSN, etc. You’ll be surprised how much data you can find.
That doesn’t mean IT is right. Privacy is more of an illusion than a reality with or without the Patriot Act. People act like it’s something new – they have been able to tap phone lines long before the internet was a glimmer in Al Gore’s eye (ahem). As for individuality – it has nothing to do with what you do or who you do it with. It is an innate characteristic. You were born unique. It is only when you start to imitate your friends and idols that you lose that uniqueness. It is not taken away by society, but is freely given away by you. Like he said “get over it” and if you don’t want someone to know something personal, don’t post it on Facebook or your blog.
“Like he said “get over it” and if you don’t want someone to know something personal, don’t post it on Facebook or your blog.”
Where does this have anything to do with facebook or your blog? That’s not at all related to the topic.
To a small extent you’re right, in that personal privacy is a social construct. That’s precisely why those organizations that are key to society (which, these days, includes Google) should place a high value on it. It’s the _reason_ they should, not an excuse that means they don’t have to.
I think it is. If you post information about yourself that you consider private for public access, then you really shouldn’t be surprised if it is indexed. It’s that simple.
I don’t like what he says – it’s the same old “if you’ve got nothing to hide, you’ve got nothing to fear” story -, but posting something and then crying about it being found, that’s stupid.
Edit: about search and browsing habit information storage: there are some ways to hide/scramble what you’re doing, so it’s partially your task to be responsible in covering your tracks – evein if you’re doing nothing wrong – it’s the world we live in
Edited 2009-12-13 09:44 UTC
People always gloat that the recording industry and dead tree publishing has been made obsolete by the internet and will go the way of the buggy whip manufacturers.
I think that privacy is another concept that will be made obsolete by technical developments. And that is not necessarily a bad thing. People in the middle ages, growing up in a large family and rarely leaving the small village they were born in, did not have much privacy either. So privacy is a relatively new concept. And given how much privacy people are willing to give up to participate in social networking sites like facebook, it seems that humans do not have an intrinsic desire for privacy.
The question IMHO is not how to preserve privacy (which is impossible), but how to organize a society with little or no privacy so that it does not end up an orwellian dictatorship.
Everybody who is interested in this topic should read “The Transparent Society” by David Brin. It makes a pretty compelling case.
“People in the middle ages, growing up in a large family and rarely leaving the small village they were born in, did not have much privacy either. So privacy is a relatively new concept.”
The first part of this is partly true, the second is definitely not. It was a specialist topic of one of my college tutors, actually. The desire for privacy is a significant motivating factor throughout social history. Even when it was innately difficult to have privacy, the concept was understood and strongly desired; those who shared living space would try to subdivide it to provide privacy, and those who had personal possessions tended to try very hard to keep them private. Throughout medieval Western history (I can’t speak to other areas), those who went from being poor to being rich almost inevitably moved to bigger and more isolated dwellings, which provided…privacy.
It’s exactly the same social motivator you can see in the development of the American suburbs: as soon as a large number of people became rich enough to afford their own houses and cars, they got the hell out of Dodge and built large, detached houses with hedges all around the gardens. Why? Privacy.
While I don’t disagree, I can think of lots of reasons why people would wander off and build removed, isolated dwellings as soon as they become wealthy enough to do it. A desire for privacy is just one: many others are probably less noble.
Those are still desires for privacy, just privacy to protect things other people would object to.
I use TOR for all my internet traffic ( with the ironical exception of torrents, cause I didn’t get them to work with TOR) at home. I figured out that when I use someone else’s WLAN they can’t identify me (as long as the local router doesn’t save my MAC-Adress).
Also I have a strict policy at my Browser, Cookies only from Websites I visit and they get at least once every month deleted. Oh and Flash is blocked!
I would advise anyone else to do so likewise!
Edit: And I don’t use *any* google services on purpose. For search I use cuil.com or ask.com. I even stopped reading some blogs, because they were hosted on blogspot.
Edited 2009-12-11 11:31 UTC
I have tried to use TOR/PRIVOXY many times, and while it does work web pages load very, very slowly, negating some of the benefits of a high speed connection. Overall, TOR has been a disappointment.
Apparently many people do not realize that privacy is important to maintain a democracy. If a government can observe all communication, it becomes easy for a government to oppose any opposition against the government.
This is the way things are in any advanced country like US, UK, etc – you are totally controlled.
Any time a people demand the government take on more responsibility there is always going to be an inherent loss of freedom or privacy as a result; the question is whether the public fully appreciate giving up one thing for something else.
It’s like an empty field in the middle of a city. No one misses the grass and trees until the parking lot is finished.
First of all, I just want to say that was am excellent article.
I may not agree with all points (like “security by obscurity”) but it was an well written, informative and objective point of view on a very relevant topic.
Now, going back to “security by obscurity” point:- that term to me is more about making your data public and hoping you’re not singled out rather than keeping a low profile from the off.
While I agree that obscurity does have it’s merits, I for one would never recommend a complacent security model over a proactive one.
What I’d recommend people instead would be to make as little data public in the first place.
This doesn’t mean all your data has to be encrypted, but more so about not publishing your details on sites like facebook (or, at the very least, having a private profile) and so on and so forth.
Another problem I see with “security by obscurity” is that, while it might ward off government curiosity, it opens yourself up to abuse from other avenues (eg identity theft).
Sure, as article rightfully points out, there is already tones of information out there and much of it is easily bought – however my school of thought is why make it even easier for savoury characters to obtain your information than it already is?
I often see an example explaining the dangers of portals like social networking sites that reads something like this:
“You wouldn’t bin your bank details without shredding them first.
You wouldn’t knock on a random house in a neighbouring street to give them your address and the hours you’re at home.
So why do you post this information online for strangers to read?“
Too much letters in this article, didn’t read them all. But I agree with Schmidt. It is very simple. Want to be free – live far away from society. Every modern government is a totalitarian government and such bills as Patriot Act prove that. Government has access to “logs” of your life – bank transactions, insurance usage tracking, speed cams, mobile phone and so on. You are WATCHED EVERY DAY! In every country.
Don’t want to regret your activity? DO NOT DO THAT ACTIVITY! There are NO escape if you live in modern society.
So stop complaining, Schmidt is right.
…says the anonymous poster on OSNews, known only as “Auxx”.
Hey, who wants Auxx’s email and IP addresses?
(Just kidding, we’d never really give those out. But we could.)
I do. A PM would be fine.
Seriously, though, I find it odd that we, who are more open with our personal information, providing real names, etc. are on this side of the argument, while the anonymous folk argue that privacy isn’t important.
By that, I do not mean that everyone should provide their real names here. I do it because I stand behind what I say, and signing my name to it just seems, to me, the right thing to do.
Sincerely,
Steve Bergman
it makes it too easy for people to post politically incorrect opinions, which we all know are false anyways.
Without being able to look into someone’s background, how can we judge their motives?
I will also post with my real name.
Yours truly,
.net jerkface
So… stupid question, but, is “D.J. Jenkins” then not your real name – or a portion thereof?
I’ve noticed that too: I’m one of the most paranoid and privacy-conscious people I know, and yet I’ve made more than enough of my personal information available to track down, at the very least, my work contact information.
And I note, since it’s kinda pertinent, that the fact that I could be personally identified has had a chilling effect; there have definitely been times when I haven’t posted something, exactly and entirely because I’ve provided enough personal information in my profile that my real-world identity could be easily tied back to my OSNews forum account.
I could borrow your name and use it on other places, claim I’m Steve Bergman and nobody would find out.
The most useful thing internet people could do is poison the internet databases with false information about them.
to scan every blog post to make sure that it is legit and doesn’t contain lies.
The only people that would oppose such a commission would be liars since if you are telling the truth you will have nothing to worry about.
Because as we know justice is always 100% correct, and nobody has ever been falsely convicted. Truth matters very little these days. You can be the most honest person in the world and someone will still do you over.
The important thing to remember is that you ARE being logged…
You visit any site, and every webserver in existence today will keep logs by default.
You send an email, and all the servers between you and the destination will keep logs of it…
You walk down the street, there will be CCTV cameras watching you…
Computers are inherently different from real life activities, they are designed to keep records.
In reality google aren’t really any worse than anyone else, if anything they’re just a bit more up front about what they do.
So if you really want to do things you’d prefer other people not to know, be vigilant when doing so!
Use your judgement.
In fact, doing things behind closed doors is exactly how you have to do them in some countries. Want a western style haircut? Better whatch out where you live and when you take your hat off.
Which is that it is futile to resist Big Brother?
You only do yourself a disservice when you try to live a life of privacy. If you recall the main character actually felt better after giving into Big Brother. Orwell was telling us that we should forget privacy in a modern world and get on with our lives.
Seriously though it’s pretty sickening that people are defending Schmidt when he obviously has no respect for individual privacy. Some people really need to question if their love for Google comes out of hatred towards Microsoft. If Steve Ballmer made that quote, would he have gotten the same level of defense?
I indeed think that the world would be far better if nobody had any privacy at all: you can not criticize somebody who likes gay necrophilia if you are a Nazi SM amateur. But it will never be the case: people will always hide things especially in the bien-pensant world.
And by the way, I do not think MS has any interest in your privacy neither: they just pretend to (and it’s good for business)
At least Schmidth is an honest guy… It’s not a breakdown new: since Google bases its revenue on publicity, our personal data are money for them since the begining.
I’m still waiting for the Wikipedia of the search engine…
I’m surprised this hasn’t been said:
“Son, on the Internet, Google knows you’re a dog.”