Google’s privacy campaign, and three ways in which Google gets your data

Google is campaigning to reassure us that its Chrome browser is, well, no worse at recording your every move on the web than any other browser.

Using Chrome doesn’t mean sharing more information with Google than using any other browser

says a spokesman in this video, part of a series on Google Chrome & Privacy.

image

What then follows is links to four other videos describing the various ways in which Google Chrome records your web activity.

If you subtract the spin, the conclusion is that Google retrieves a large amount of data from you, especially if you stick with the default settings. Further, it is not possible as far as I know to use the browser without sending any data to your default search provider, most likely Google. The reason is the Omnibox, the combined address and search box. Here’s what Google’s Brian Rakowski says in the video on Google Chrome & Privacy – Browsers search and suggestions

For combined search and web address to work, input in the Omnibox will need to be sent to your search provider to return suggestions. If you have chosen Google as your search provider, only around 2% of the search input is logged and used to improve Google’s suggestion service. Rest assured that this data is anonymised as soon as possible within 24 hours, and you always have the option of disabling the suggest feature at any time.

However, even if you disable suggestions, what you type in the box still gets sent to your search provider if it is not a valid web address, in other words anything that is not a complete URL (though Chrome will infer the http:// prefix).

It is also worth noting that Google does not only get your data via browser features. Most web pages today are not served from a single source. They include scripts that serve data from other locations, which means that your browser requests it, which means that these other locations know your IP number, browser version and so on. Two of the most common sources for such scripts are Google AdSense (for advertising) and Google Analytics (for analysing web traffic).

Even if you contrive not to tell Google in advance where you are going, it will probably find out when you get there.

It is important to distinguish what Google can do from what it does do. Note the language in Rakowski’s explanation above. When he says input is sent to your search provider, he is describing the technology. When he says that data is anonymized as soon as possible, he is asking us to trust Google.

Note also that if you ask to send in auditors to verify that Google is successfully anonymising your data, it is likely that your request will be refused.

There are ways round all these things, but most of us have to accept that Google is getting more than enough data from us to create a detailed profile. Therefore the secondary question, of how trustworthy the company is, matters more than the first one, about how it gets the data.

7 thoughts on “Google’s privacy campaign, and three ways in which Google gets your data”

  1. In addition to what Google can do, Microsoft stands out for most people as being able to do that and much more because they use a Microsoft platform to manage all of their surfing (including Google searches), file handling, etc.

    Microsoft has a notorious record for exploiting their market share to gouge individuals and suppress (and eliminate) competition in the market. The company has a horrible record of misleading the public and violating the law.

    While I think it is important to call Google out, I think we are doing a disservice by not calling out Microsoft to a greater degree.

    Will this article be followed up by 2 articles on everything Microsoft can do with our data and how well they can identify us? How trustworthy is Microsoft?

    For the record, I don’t use Microsoft platform software and avoid proprietary software from anyone (platform or apps) to a very large degree. Unfortunately, I do use the web a lot and use services managed by servers out there.

  2. Jose

    Happy to call out Microsoft; but I don’t see it as being able to do “all that and more”. If you use Bing as the default search provider, the search aspect may be similar, but Microsoft’s ad network is less extensive and it doesn’t have pervasive free analytics.

    Tim

  3. i have to agree with Jose_X… how about what MS does with bing data… or Windows data…. let look at facebook, twitter, and all the providers of services that we use… or how about the data that may be collected by this website…

    lets stop and think for a minute.. it is already TOO LATE to worry about what info is out there and who has it.. the genie is out and there is no putting it back in.. no matter how much we try or how many laws are passed… if you want to search google without handing them too much info.. use something like scroogle.. the only saving grace.. and that is not much.. is that google atleast stood up and fought when they fed’s came knocking for their records they were keeping…. everyone else just got on their knees and opened wide…

  4. Support the Alternatives! We need to encourage users to explore and use alternatives that support our rights and privacy . We also should NOT step backwards to old ways before Google came in the Picture with a nice clean interface . It was a leap forward in search engines . At the time we the users did not know it was at a cost of our Privacy . The next step towardds the future is a Company to provide us the users a Service without the use of data collection . If We the users encourage these Companys and reward them by Our Usage then it would enable those Companys to grow and provide better and newer services , just like Google has Done .

    Did you know that ” Ask.com ” has “Askeraser” in the upper right hand corner that turns off data collection . This is a definite step in the right direction , although set as default would be better .
    Another Search engine ” Exalead.com/search/ ” from France has been providing excellent results so far and worth further exploring .

    The first step in taking back our rights to privacy , is to avoid the use of these data-collection Companys . So let’s fight for our rights to privacy , Use the Alternatives !

  5. Tim and others, I wasn’t sure if I was being clear. [Keep in mind with what follows that I am a software developer.]

    Everything you use on any browser on Windows passes first through a huge mesh of proprietary machine instructions (being updated frequently by Microsoft) that we call “Windows”. Before you see the rendered webpage, before Google-related javascript gets a chance to “run”, before the browser gets access to the webpage information, before Google servers get access to your request, Windows has digested all of this. Windows serves as a proxy between every single conversation. There are many points where all applications and online conversations have to make system calls to the operating system in order to function, and, further, the OS has exclusive control to decide which running software process gets to run and how. The OS manages the hardware. It has to move data around by definition. The OS can also read any data on the computer at any point in time (it can hide, change, or derive extra data that your own application originally created on your or Google’s behalf, for example). In the time a web page renders, there is plenty of time to run at least many millions of extra instructions without you noticing much. Also, copies of conversation data can be made and encrypted on the fly very naturally so as to be processed later when the computer is more idle. This data or derivatives from it can be sent out to the Internet in pieces without drawing much attention (even from those using other computers to filter and analyze all of this conversation to try to catch Microsoft). You can’t watch all the time and analyze everything. Heck, people haven’t even figured how to get full compatibility with MSOffice documents that were written ages ago. Windows can update itself in spurts over time (a few key “trigger” bits and a little data can go a long way), even by creating new and twisted computing paths, and then clean its tracks from memory. Secret codes can take time to figure out and there is an overload of information here.

    [Microsoft can be expected to have compilers and build tools that do much obfuscating on their programmers’ source code. Anyone with access to the source code of these tools can add little tricks here and there so that almost no one else in the company with lower access would know (or have the time to figure out).]

    Now, we don’t have to believe Microsoft exploits everything possible, but surely if they can theoretically grab anything, it is to be expected they might be grabbing something from that large ocean of data. Their EULA gives them broad permissions to do this without restriction! So of all that Google can get from you, Microsoft has access to every single bit of that and much more.

    BTW, it’s oftentimes the bad guys who are looking out to exploit for money in the first place that are the ones willing to spend the most resources to reverse engineer this or that bit of Windows (or to bribe those employees that can help them). For example, large competitive companies and governments do this to competitors frequently or so I hear. Some of these people cover their investments by writing malware that takes personal information about you. Others keep quite and leverage the holes they find in some way or other while they can. On the other hand, those most willing to talk or reveal the flaws are usually mostly stopped by a lack of funds or time, NDAs and other contracts with Microsoft, and things like copyright and other laws.

    Microsoft, I believe, sells lots of key bits of information about Windows source to numerous partners for $$.

    [Pssst: I don’t think Gates is one to turn down $$ to first ensure his customers are in the best hands imaginable. That is not what his track record says or even what we should expect from any human in a similar position.]

    Microsoft created the holes in their software that others were (also) able to eventually discover and exploit to some degree.

    I agree we should be wary of what Google can uncover and exploit, but I think Windows users should not blind themselves to the threats possible from Microsoft.

    [Unfortunately, I’m probably not being as clear or convincing as I could be.]

  6. Further, it is not possible as far as I know to use the browser without sending any data to your default search provider, most likely Google.

    Sure it is. Go incognito.

Comments are closed.