Google search and seizure, etc. vs. technologists

[David Farber <dave () farber net>]

Begin forwarded message:

From: Phil Karn <karn () ka9q net>
Date: December 3, 2005 7:10:30 PM EST
To: dave () farber net
Cc: ip () v2 listbox com
Subject: Re: [IP] Google search and seizure, etc. vs. technologists


> From: Lauren Weinstein <lauren () vortex com>

> 1) Any practical attempt to "swamp" Google's database in such a
>    manner is unlikely to succeed, given the sheer volume of legit
>    queries that they receive.  I suspect they'd be smart enough to
>    detect abuse patterns fairly easily.  That kind of analysis is
>    their bread and butter.

The idea is not to "swamp" Google. It's simply to create a little  
plausible deniability -- i.e., reasonable doubt -- that a given  
search was entered by the user and not by the automatic daemon.

> 2) Attempts to purposely "abuse" Google in such a manner (faked
>    requests) may well violate their Terms of Service, and if they
>    don't now you can be sure that they will in some future version
>    of the ToS.  The likely result will at a minimum be bans and ISP
>    actions, and at the max lawsuits.  Pull out your wallet.

Again, "swamping" or "abusing" Google is not the intent, nor is it  
very likely given Google's strong emphasis on performance and  
scalability. The idea is simply to create doubt that a given query  
was generated by a human, not by the robot. The "quality" of the  
synthetic queries is much more important than their quantity.

Still, the extra traffic just might have the effect of encouraging  
Google to adopt a stronger privacy policy. Not that I'd place much  
stock in that, of course (see below.)

> 3) Routing queries through anon proxies will provide some protection
>    for the technological elite who understand such things.  They will
>    not protect the average user, who most likely doesn't understand
>    the risks and issues, and will never use such proxies, even
>    assuming that they were trivial to use.

I wish I had a nickel for everything I've been told "the average  
user" would never understand, need or be able to use. Back in the  
1970s, the "average user" would never understand, need or be able to  
use a personal computer. In the 1980s, the "average user" would never  
need a local area network in his home. In the early 1990s, the  
"average user" would never understand or need the Internet. And so on.

It is no more necessary that the "average user" understand how an  
anonymizing Google proxy works to use it effectively than to  
understand the fields in TCP/IP packet headers. The whole idea of  
civilization and commerce is that many people can benefit from  
specialized knowledge and skills that they themselves lack. The open  
source movement and the Internet itself have certainly demonstrated  
this.

Personally, I prefer the anonymizing proxy over the random query  
generator. The proxy is likely to be more effective, and it generates  
no extra load. I mention the generator mainly to be complete. My  
point is that there *are* technical defenses against potential  
privacy abuses, and we can implement them ourselves instead of  
naively demanding that Google respect our privacy against their own  
commercial interests.

And even if Google were completely honest, they would still be  
subject to Patriot Act abuses that we would never know about.

The sad fact is that "national security" has become the root password  
to the Constitution. The only effective defense against a "rooted"  
system is not to put any sensitive information in it in the first place.

--Phil




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/