Privacy and Google

I have been a long-time fan of Google, and I generally find their products convenient, high-quality, useful, and innovative. Unfortunately, with all that useful product has come an ever-decreasing amount of privacy. It is now possible to do much of your daily computing work with entirely Google products — email, web search, documents, maps, chat, voice & video chat, youtube videos, picasa images, and now even DNS. Beyond all of this content which users freely give to Google, their analytics allow them to track you even further as you venture into non-Google sites, since these sites often use Google to provide ads to their sites, which allows Google to see what other sites you visit.

Recently, Eric Schmidt, CEO of Google, responded to questions in a televised interview which suggested a lack of concern for the preservation of privacy (some posts about it link to the video of the interview mozilla ceo’s blog urging switch to bing notes from the electronic fontier foundation summary of various posters). I am a little torn about how to react to this. On the one hand, I admit that the statement is factual — Schmidt is telling people that Google and other companies store this information, it is all information made available to Google, and Google is legally obligated in some cases to make this information available to authorities. On the other hand, I think it shows a complete disregard for the importance of user privacy, and the need for companies who are given such information to be good stewards of that information. Simply hiding behind the Patriot Act as a way to defend your practice of gathering, correlating, and then divulging information as desired may be legally sound, but does not reflect the attitude I wish the company gathering information to be taking.

Consider this: if you use Google DNS, yes, you may get some performance benefit over the DNS provider from your ISP. But, by telling your computer to use Google’s DNS servers, you will effectively be sharing the names of all websites you visit with Google. And don’t think for a minute that their automated mechanisms won’t correlate this with both the searches you are using to Google and the data of all Google accounts you maintain. (Note that a naive objection here is that you otherwise give this to your ISP. But your ISP already is transferring all of your network communications, so that information will be available to your ISP whether or not you send them your DNS queries).

From Schmidt’s point of view – you should already be aware of what information you are giving to Google, and the fact that Google may pass it along to others. But are you? Google could pick things out of emails you send or receive, match that up with the GPS data from your cell phone that you pass to Google so it can place you on the map, the searches you conduct on your phone, and the hostnames of sites that you visit, and build a very precise picture of what you’re doing. Granted, certain things in that profile might have been misinterpreted, and that profile could make it look like you’re doing something very embarrassing.

You see, it’s not the fact that Google has or is collecting this information per se that’s bothering me, but rather that when making this statement, Schmidt doesn’t say “Yes, all of this is true, BUT here are the steps Google is taking to safeguard users…” No, Google’s business is enhanced precisely because they can build these profiles of users.

Google’s long standing reputation of following their motto of don’t be evil is eroding. Thus far, I wouldn’t necessarily say they are being evil. But I no longer feel I can endorse them whole-heartedly as I used to. You should think seriously about what tools and products of Google’s you are using, and what kind of information you are giving them, and whether or not you really want a company who does not proclaim their desire to defend your privacy to have all that information about you. Does the cost outweigh the benefit of using their products?