Interesting People mailing list archives

Google search and seizure, etc. vs. technologists

From: David Farber <dave () farber net>
Date: Sat, 3 Dec 2005 16:35:00 -0500

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: December 3, 2005 4:21:42 PM EST
To: dave () farber net
Cc: lauren () vortex com
Subject: Google search and seizure, etc. vs. technologists

1) Any practical attempt to "swamp" Google's database in such a
   manner is unlikely to succeed, given the sheer volume of legit
   queries that they receive.  I suspect they'd be smart enough to
   detect abuse patterns fairly easily.  That kind of analysis is
   their bread and butter.

2) Attempts to purposely "abuse" Google in such a manner (faked
   requests) may well violate their Terms of Service, and if they
   don't now you can be sure that they will in some future version
   of the ToS.  The likely result will at a minimum be bans and ISP
   actions, and at the max lawsuits.  Pull out your wallet.

3) Routing queries through anon proxies will provide some protection
   for the technological elite who understand such things.  They will
   not protect the average user, who most likely doesn't understand
   the risks and issues, and will never use such proxies, even
   assuming that they were trivial to use.

It is fashionable for some technologists to unwisely promote ad hoc,
short-term technological "fixes" in a sort of cold war escalation
mode, without dealing with the fundamental problems.  This is
especially unproductive when it comes to helping to protect average
users who take the default settings for almost everything, but are
just as much at risk of abuse, if not more so.

In this case, it seems reasonable to ask that Google (and other
search engines) show at least as much genuine interest in protecting
people's privacy and rights as does the local library.  And that
library isn't making billions from people's activities -- Google is.

Finally, the statement that:

Even if Google were to say that they no longer keep
personally-identifiable search queries, there would be no way to
verify it.


is of course not really correct.  There are ways (not fullproof, but
some are damned good) to audit such activities, assuming that
appropriate laws are in place requiring such verification.  A simple
claim of compliance from the party in question is obviously not
sufficient, even in the case of Google, whom I have no reason to
believe is lying about what they are doing at this time.

--Lauren--
Lauren Weinstein
lauren () pfir org or lauren () vortex com or lauren () eepi org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, EEPI
  - Electronic Entertainment Policy Initiative - http://www.eepi.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com

 - - -

From: Phil Karn <karn () ka9q net>
Date: December 3, 2005 3:24:11 PM EST

1. Write and disseminate a little daemon that makes randomize queries
to Google from your computer. Every few minutes to an hour (i.e., at
random times) it would send a Google query with search terms randomly
chosen from a large dictionary. This would pollute Google's logs and
create reasonable doubt if you are later accused of entering queries
for, say, the words "neck" and "snap".

2. Write and disseminate a web proxy filter that would route all
Google queries through the TOR (The Onion Router) network and strip
off all tracking mechanisms from the results. This may be a more
palatable alternative to routing all your web surfing through TOR,
which can be quite slow.

I consider it unproductive to scream at Google, as has become so
popular of late. It is also misguided to call for laws to limit what
they can do with our search queries. Even if Google were to say that
they no longer keep personally-identifiable search queries, there
would be no way to verify it. And any new privacy law for search
engines would surely be riddled with enormous loopholes for
government abuse.

As with confidentiality, the *only* solution here is technological.
So let's get coding.



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Current thread:

Google search and seizure, etc. vs. technologists David Farber (Dec 03)
- <Possible follow-ups>
- Google search and seizure, etc. vs. technologists David Farber (Dec 03)
- Google search and seizure, etc. vs. technologists David Farber (Dec 04)