When you delete items from your Web History, they are no longer associated with your Google Account. However, Google may store searches in a separate logs system to prevent spam and abuse and to improve our services."
The article claims that there's no guarantee that Google does anything other than change the display. Google actually does quite a bit of work to disassociate items from your Google account if/when you delete them.
Storing searches in a log to prevent spam sounds pretty disingenuous.
So, how about an unambiguous (as in, without weaselwords such as 'may') update to the privacy policy detailing exactly what google stores in a user profile and what it does not, and that what a user sees in the interface mirrors exactly what google sees in its systems minus some small delta for propagation across google's servers?
Because what you write above is technically quite possibly true as far as the viewpoint of a user is concerned but leaves open a ton of possibilities for clever/creative interpretation on what 'improve our services' means.
What you have said is unconvincing, and gives you quite a lot of wiggle room.
by "association with your Google Account", do you include "association with your personal identity"? The description of the server log suggests that your web history will still be easily connected to your personal identity. The claim that Google is doing quite a bit of work to prevent that wouldn't match the privacy policy.
by "deleted from Web History", do you include "turned off Web History"? This seems possible but is not explicitly stated.
The article says "there is no guarantee whatsoever" and I believe this is no guarantee whatsoever that there is more than a superficial difference.
I'm curious how the author knows that it "does nothing". It seems that the argument ends with "because they can" we can "rest assured" that it "is exactly what they’ll be doing". In other words, if you already have a certainty that Google is pure evil then you can extrapolate from that that they will do the most evil possible thing in every circumstance, including this one. That's not terribly profound. The entire rest of the post is a litany of ways by which Google can see your cookies, which has little to do with what they DO with that information, which is what the user account setting purports to affect.
(to be clear, I have no evidence either whether they continue to track and store web history or not, but it doesn't seem like the author does either, and it's disappointing to see such a baseless trashy post from someone who I have in rather high esteem in general).
Let's turn that around for a bit. The default assumption that I have is that advertising companies that deal in user profiles (such as Google) will collect everything they can about you because this benefits their ability to sell advertising. Google's terms of service states what they capture, in other words no matter what their user interface is telling you their privacy policy (which I consider to be the leading document in cases like these) tells a totally different story and and generalizes to all of google's services, including search (they even use that as the example of what they capture).
The fact that things like cookies are in those logs that they do make (again, according to the privacy policy) makes it trivial to re-construct the data that they ostensibly do not keep. If it is trivial, makes good business sense, enhances the value of the profile and makes more money then you can bet dollars to donuts that unless there are strong statements to the contrary from the company involved that they do not engage in such behaviour that they do.
Privacy policies are generally written in favour of the company writing them and it would be terribly naive to assume that if it could be written more strict but wasn't that this is an accident or oversight. Note how long google fought the EU commission to have any limits set on their permission to retain user data, and how they tried to spin it as a user benefit when they eventually caved in.
So if google re-writes their privacy police to state explicitly that they do not datamine their logs and that the data is used only in a statistical sense and never in a personally identifiable sense then I would agree with you (and I would even believe them), but until they do it is fairly safe to assume that they in fact do use that information.
Of course 'only to enhance your user experience' and never to improve the bottom line for google.
>if you already have a certainty that Google is pure evil
This is a straw man. Google may not think that doing something that is legal and common is evil, and why are we having theological discussions anyway?
You will have information on what Google is doing with your information when Google volunteers that information. Unless they deny usage in a legally binding sense, there's no reason why you should expect to see any further information about how that data is used internally. What you do know is:
1) that there will be no public relations consequence for breaking users' trust, because what they do with what their records is not transparent, and
2) that it's legal and common to use any information gathered about you in just about any way.
You can either assume they'll do what you have indicated that you prefer with the data, even if that likely involves leaving money on the table - or you can assume that they will generally do what they're legally obligated to do, and within that, attempt to maximize profits. IMO, the former position involves imagining that a company has a personality, and doesn't want to take advantage of you. It's a false equivalence to assert that the latter (a company legally maximizing its resources for profit) involves a similar leap of imagination.
You're not going to get information either way about what they DO until Google publicly obligates themselves with a policy document, or somebody leaks.
It does nothing just like Google's own DNT option in Chrome does nothing to its own web properties. It's almost like Google is begging for this sort of stuff to turn into regulations against them, because clearly they can't be trusted to do the right thing.
I disabled the history to make the attack surface smaller.
Even if Google retains that data forever, if someone gains access to my account she won't be able to check my browsing history.
Agreed. I think this is the biggest point missed by the article. Your privacy as far as Google is concerned may not improve, but your overall privacy will. It will be much harder for other parties to get to the data Google collected. Considering that other parties are much more harmful and can lead to real-world harm (death, imprisonment, etc.), I'd say turning off history absolutely increases privacy.
1. Most of what I do is on Firefox. NoScript is turned on, and disallows Google Analytics. I'm not signed into Google, although as this article points out, that changes little. I use CookieCuller aggressively. Ad/pop-up blocker are in play. Etc.
The net effect is to make web browsing less noxious than it otherwise might be -- few pop-ups, few adds, very few cases of some noisy video spontaneously playing when I click a link in Firefox.
2. My monash.com email has long gone through Google Apps. That's in Chrome. I also open links I get through email in Chrome, but do little else there. In that browser I'm usually signed into Google.
Chrome/Google consume a lot of resources, e.g by insisting on opening Google Talk whether I want it or not. But it's a manageable annoyance, as I keep my open-tab count in Chrome fairly low.
3. I use IE very selectively. If a page won't open in another browser, I try it there. A few of my most-annoying and rarely used apps and sites are relegated to IE -- Facebook, WebEx/GoToMeeting/etc., and perhaps a few others I'm not thinking of now. Unlike the other two browsers, IE is outright closed on my PC much more often than it's open.
I follow many of the practices you list, and then some. I wish there was an easy way to people - especially lay users - to "subscribe" to a privacy-enabled version of Firefox. For instance they could be offered pre-selected choices:
1. Block analytics [x]
2. Destroy cookies after session [x]
3. Block scripts [x]
4. Prevent search results tracking [x]
I say this because few non-tech users know or care about the entire gamut of tracking-blocking services (beyond,say, AdBlock). But if they were presented with an option like this:
Do you want to install Firefox "clean"
-or-
Do you want to install Firefox "Shields Up"
You can try to combat a part of this by installing Ghostery. It will block a lot of these third-party requests. As a website owner you could link to the share page, instead of loading the widgets, or load the widgets only after the user requests them.
As for those server logs, I understand they record my movements, but I don't think it is my right to stop them from doing that. The one who owns the server/web property should be allowed to analyze requests to that server. This can get icky though in the case of major CDN's.
You could choose not to keep server logs as a search engine (forgoing DOS protection), but then what happens when a user clicks on an advertisement? Privacy seems only as strong as the weakest chain.
Ghostery, the last time I checked it out was closed-source, subject to control or influence by advertisers, and reporting to the vendor about users' browsing. Clearly lots of people like it, but I would consider it gross breach of my security policy.
My recommendation for anyone who's serious about controlling his/her online footprint is Request Policy. It's open source and simply blocks requests according to user directions - you can put it on a whitelist or blacklist basis, and decide for yourself what servers to contact from each page. Of course this is too inconvenient for most people, but it gets asyptotically less troublesome as the list is perfected.
That's one of the advantage of my extension, HTTP Switchboard [1], over many others out there: it shows you everywhere a web page tries to connect -- and then let you act on what you find. First step is being properly informed. It also shows you behind the scene connections (those from other extensions or the browser). Anything that goes through webRequest API is reported.
Ghostery is an excellent piece of software but it caused me a few issues. For instance I logged in to my bank and couldn't view any statements. It was Ghostery blocking something so I whitelisted the site. Not a big issue but it took me some time to realise it wasn't a problem with my bank's website.
I went on to uninstall Ghostery because I was worried the unpredictable behaviour it introduces might cause some frustrating issues, particularly when going through a process like filling out a long online form only for it to fail at the end.
I use a more radical step: browse in incognito mode all the time. No cookies survive a browser restart. If you have a fast connection, the cache is actually makes your browsing slower. As for the "convenience" of being logged in all the time on the sites I visit, I would rather not. Coupled with a dynamic IP, they can't correlate any of my traffic and search data.
> [Google] would observe three specific types of data retention periods: deletion of the last byte of IP addresses in Google server logs (9 months); the validity of cookies placed in users’ browsers (2 years); anonymisation of the cookie number in the company’s server logs (18 months).
1. Of course a certain level of logging and archiving of information is necessary to maintain the security of a server, it is not always about “THE USER”.
2. Again, a certain level of logging and archiving information is mandatory to offer some services based on artificial intelligence and to make people's life easier. Just imagine asking your doctor to not having a file of your information because it is a violation of your privacy! It does have a lot of benefit in terms of saving time, to learn about user’s search patterns. Google is able to offer better search results like this.
3. It does not make sense to be particularly concerned about what Google when you are actually sending that information out to the whole world. This is like shouting out something and then complain about people listening to it. If you don’t want people smell your kitchen, first you should think of closing the window.
I follow the practices listed in a few comments already [1] on PCs. But this has proven to be painful with increasing number of websites depending on Google via ajax.google.com, etc. As many as a third of the websites won't work on my browser till I take specific actions to allow something.
What are the recommendations for Android along these lines? Is rooting needed/recommended? I currently use Maxthon browser, have never signed into Google Account on my phone ever (this gives a lot of trouble, but sounded worth ever since I found my older Android phone won't let me remove Google Account ever without a factory reset).
I use Amazon's Appstore, which could be bringing its own privacy issues. I found that their Appstore app by default sends App usage data to them, though this can be disabled.
These as startling statistics, roughly corresponding to the number in the linked blog post. Add to that that they can also probably analyse ~50% of meaningful e-mails (depending on the region) [1].
At a guess, never. In fact, it will likely be the opposite, you'll be accessing the web through a device (mobile phone, tablet, thin client (aka ultrabook)) that you have bought at a steep discount from some provider in exchange for a large chunk of your privacy.
People (as in, the general public and a surprisingly large fraction of those that should know better) simply do not care.
Never. People don't care of this level of privacy (except a very small minority). And frankly, thanks to the sophisticated data mining/statistical algorithms just using VPN only makes tracking/profiling harder, not impossible.
When traffic shaping of typical protocols like HTTP[s] and a lack of net neutrality causes only unidentifiable VPN sessions to operate at a consistent high speed.
As per the OP what would this solve, exactly? You just would disguise your IP address, but cookies and any other identity revealing details of your browser will stay the same.
Active web history on the other hand will still be associated with an account for as long as it's active (not solely to Google's benefit by the way).
I thought this stuff was already sorted years ago and is now common knowledge, it's like those people only now realizing that Gmail does contextual ad targeting, it's somehow disingenuous.
[+] [-] Matt_Cutts|11 years ago|reply
If you're on the page at https://history.google.com/history/ and click on the gear and then "Help" the page about deleting search history is at https://support.google.com/accounts/answer/465 and it says
"What happens to your history when it's deleted
When you delete items from your Web History, they are no longer associated with your Google Account. However, Google may store searches in a separate logs system to prevent spam and abuse and to improve our services."
The article claims that there's no guarantee that Google does anything other than change the display. Google actually does quite a bit of work to disassociate items from your Google account if/when you delete them.
[+] [-] jacquesm|11 years ago|reply
So, how about an unambiguous (as in, without weaselwords such as 'may') update to the privacy policy detailing exactly what google stores in a user profile and what it does not, and that what a user sees in the interface mirrors exactly what google sees in its systems minus some small delta for propagation across google's servers?
Because what you write above is technically quite possibly true as far as the viewpoint of a user is concerned but leaves open a ton of possibilities for clever/creative interpretation on what 'improve our services' means.
[+] [-] ronaldx|11 years ago|reply
by "association with your Google Account", do you include "association with your personal identity"? The description of the server log suggests that your web history will still be easily connected to your personal identity. The claim that Google is doing quite a bit of work to prevent that wouldn't match the privacy policy.
by "deleted from Web History", do you include "turned off Web History"? This seems possible but is not explicitly stated.
The article says "there is no guarantee whatsoever" and I believe this is no guarantee whatsoever that there is more than a superficial difference.
[+] [-] zmmmmm|11 years ago|reply
(to be clear, I have no evidence either whether they continue to track and store web history or not, but it doesn't seem like the author does either, and it's disappointing to see such a baseless trashy post from someone who I have in rather high esteem in general).
[+] [-] jacquesm|11 years ago|reply
The fact that things like cookies are in those logs that they do make (again, according to the privacy policy) makes it trivial to re-construct the data that they ostensibly do not keep. If it is trivial, makes good business sense, enhances the value of the profile and makes more money then you can bet dollars to donuts that unless there are strong statements to the contrary from the company involved that they do not engage in such behaviour that they do.
Privacy policies are generally written in favour of the company writing them and it would be terribly naive to assume that if it could be written more strict but wasn't that this is an accident or oversight. Note how long google fought the EU commission to have any limits set on their permission to retain user data, and how they tried to spin it as a user benefit when they eventually caved in.
So if google re-writes their privacy police to state explicitly that they do not datamine their logs and that the data is used only in a statistical sense and never in a personally identifiable sense then I would agree with you (and I would even believe them), but until they do it is fairly safe to assume that they in fact do use that information.
Of course 'only to enhance your user experience' and never to improve the bottom line for google.
[+] [-] pessimizer|11 years ago|reply
This is a straw man. Google may not think that doing something that is legal and common is evil, and why are we having theological discussions anyway?
You will have information on what Google is doing with your information when Google volunteers that information. Unless they deny usage in a legally binding sense, there's no reason why you should expect to see any further information about how that data is used internally. What you do know is:
1) that there will be no public relations consequence for breaking users' trust, because what they do with what their records is not transparent, and
2) that it's legal and common to use any information gathered about you in just about any way.
You can either assume they'll do what you have indicated that you prefer with the data, even if that likely involves leaving money on the table - or you can assume that they will generally do what they're legally obligated to do, and within that, attempt to maximize profits. IMO, the former position involves imagining that a company has a personality, and doesn't want to take advantage of you. It's a false equivalence to assert that the latter (a company legally maximizing its resources for profit) involves a similar leap of imagination.
You're not going to get information either way about what they DO until Google publicly obligates themselves with a policy document, or somebody leaks.
[+] [-] higherpurpose|11 years ago|reply
[+] [-] TomaszZielinski|11 years ago|reply
[+] [-] joesmo|11 years ago|reply
[+] [-] CurtMonash|11 years ago|reply
1. Most of what I do is on Firefox. NoScript is turned on, and disallows Google Analytics. I'm not signed into Google, although as this article points out, that changes little. I use CookieCuller aggressively. Ad/pop-up blocker are in play. Etc.
The net effect is to make web browsing less noxious than it otherwise might be -- few pop-ups, few adds, very few cases of some noisy video spontaneously playing when I click a link in Firefox.
2. My monash.com email has long gone through Google Apps. That's in Chrome. I also open links I get through email in Chrome, but do little else there. In that browser I'm usually signed into Google.
Chrome/Google consume a lot of resources, e.g by insisting on opening Google Talk whether I want it or not. But it's a manageable annoyance, as I keep my open-tab count in Chrome fairly low.
3. I use IE very selectively. If a page won't open in another browser, I try it there. A few of my most-annoying and rarely used apps and sites are relegated to IE -- Facebook, WebEx/GoToMeeting/etc., and perhaps a few others I'm not thinking of now. Unlike the other two browsers, IE is outright closed on my PC much more often than it's open.
[+] [-] r0h1n|11 years ago|reply
I say this because few non-tech users know or care about the entire gamut of tracking-blocking services (beyond,say, AdBlock). But if they were presented with an option like this:
Do you want to install Firefox "clean" -or- Do you want to install Firefox "Shields Up"
[+] [-] blauwbilgorgel|11 years ago|reply
As for those server logs, I understand they record my movements, but I don't think it is my right to stop them from doing that. The one who owns the server/web property should be allowed to analyze requests to that server. This can get icky though in the case of major CDN's.
You could choose not to keep server logs as a search engine (forgoing DOS protection), but then what happens when a user clicks on an advertisement? Privacy seems only as strong as the weakest chain.
[+] [-] ds9|11 years ago|reply
My recommendation for anyone who's serious about controlling his/her online footprint is Request Policy. It's open source and simply blocks requests according to user directions - you can put it on a whitelist or blacklist basis, and decide for yourself what servers to contact from each page. Of course this is too inconvenient for most people, but it gets asyptotically less troublesome as the list is perfected.
[+] [-] gorhill|11 years ago|reply
[1] https://github.com/gorhill/httpswitchboard
[+] [-] michaelx386|11 years ago|reply
I went on to uninstall Ghostery because I was worried the unpredictable behaviour it introduces might cause some frustrating issues, particularly when going through a process like filling out a long online form only for it to fail at the end.
[+] [-] cornholio|11 years ago|reply
[+] [-] therealunreal|11 years ago|reply
[+] [-] tonfa|11 years ago|reply
> [Google] would observe three specific types of data retention periods: deletion of the last byte of IP addresses in Google server logs (9 months); the validity of cookies placed in users’ browsers (2 years); anonymisation of the cookie number in the company’s server logs (18 months).
From http://www.cnil.fr/fileadmin/documents/en/D2013-420_Google_I... but it was stated publicly e.g. at https://www.eff.org/deeplinks/2008/09/google-cuts-server-log... or http://googleblog.blogspot.com/2008/09/another-step-to-prote...
[+] [-] GUNHED_158|11 years ago|reply
2. Again, a certain level of logging and archiving information is mandatory to offer some services based on artificial intelligence and to make people's life easier. Just imagine asking your doctor to not having a file of your information because it is a violation of your privacy! It does have a lot of benefit in terms of saving time, to learn about user’s search patterns. Google is able to offer better search results like this.
3. It does not make sense to be particularly concerned about what Google when you are actually sending that information out to the whole world. This is like shouting out something and then complain about people listening to it. If you don’t want people smell your kitchen, first you should think of closing the window.
[+] [-] alok-g|11 years ago|reply
What are the recommendations for Android along these lines? Is rooting needed/recommended? I currently use Maxthon browser, have never signed into Google Account on my phone ever (this gives a lot of trouble, but sounded worth ever since I found my older Android phone won't let me remove Google Account ever without a factory reset).
I use Amazon's Appstore, which could be bringing its own privacy issues. I found that their Appstore app by default sends App usage data to them, though this can be disabled.
[1] Private browsing mode, NoScript, Ghostery, Self-Destructing Cookies, Blocked Google-Analytics, etc.
[+] [-] rogcg|11 years ago|reply
[+] [-] microtonal|11 years ago|reply
[+] [-] thomasbachem|11 years ago|reply
I'd bet Google can track you on ~80% of all websites.
Does anybody know of studies that analyze the reach of these direct/indirect tracking capabilities?
[+] [-] jacquesm|11 years ago|reply
Long time no see... what is it, 6 years or so? There's a blast from the past...
I totally forgot about DoubleClick and DNS, I'll update the post.
[+] [-] microtonal|11 years ago|reply
[1] http://mako.cc/copyrighteous/google-has-most-of-my-email-bec...
[+] [-] JohnDoe365|11 years ago|reply
[+] [-] sanxiyn|11 years ago|reply
[+] [-] dzhiurgis|11 years ago|reply
[+] [-] jacquesm|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] Karunamon|11 years ago|reply
Google's entire business is advertising. You'd be silly not to expect them to log, of all things, what you type in the search box.
Search history is and always has been a convenience feature, and they do not posture it as anything but this.
[+] [-] whyleyc|11 years ago|reply
[+] [-] jacquesm|11 years ago|reply
People (as in, the general public and a surprisingly large fraction of those that should know better) simply do not care.
[+] [-] sz4kerto|11 years ago|reply
[+] [-] peterwwillis|11 years ago|reply
[+] [-] chopin|11 years ago|reply
[+] [-] woopdy|11 years ago|reply
[+] [-] hwell|11 years ago|reply
Active web history on the other hand will still be associated with an account for as long as it's active (not solely to Google's benefit by the way).
I thought this stuff was already sorted years ago and is now common knowledge, it's like those people only now realizing that Gmail does contextual ad targeting, it's somehow disingenuous.
[+] [-] jacquesm|11 years ago|reply
Well, you just linked to a text that more or less proves that it is true for at least 9 months.
That gives google 9 whole months to mine those logs for all they're worth, after which I'm sure they can be safely anonymized. 9 months is plenty.
Note that google does not say anywhere it won't store your web history derived from those logs, it just says it anonymizes the logs.
Little details like these matter a lot when reading privacy policies.