Google's Web Accelerator is a big privacy risk

[David Farber <dave () farber net>]

Begin forwarded message:

From: Brian Carini <bcarini () gmail com>
Date: May 5, 2005 11:06:12 AM EDT
To: David Farber <dave () farber net>
Subject: Google's Web Accelerator is a big privacy risk
Reply-To: brian () carini org


Dave, (for IP if you wish)


Google is now offering a download and service called Web Accelerator  
(see http://webaccelerator.google.com/support.html ), which  
purportedly speeds up a broadband connection through proxy and  
caching.  The application routes all page requests (except https)  
through Google's servers.  Each page request is logged by Google.

I've said this before:  I really like Google, but they are getting  
dangerous.  Google has a great image as a good company.  They have  
engendered a great amount of trust through their "Don't Be Evil"  
motto.  And I think they really mean it.  But the fact is that they  
are stockpiling a perilous amount of personal information about their  
users.

Already, Google logs every search request with its IP address.   
Google has acknowledged this log in a number of interviews.  But,  
they have never answered why they keep such a log.  The search log by  
itself is not too harmful since the IP address identifies a computer  
and not a person. The searches cannot easily be traced to a  
particular person without help from the ISP, unless a person likes to  
Google their own name frequently.

 If Google's search log makes you feel uneasy, Google Web  
Accelerator is much more threatening to privacy. "When you use Google  
Web Accelerator, Google servers receive and log your page  
requests." (http://webaccelerator.google.com/privacy.html ) In other  
words, every non-encrypted web transaction is recorded permanently at  
Google.

This page request log could be used to create a near-perfect  
reconstruction of a persons web use.  Every page view, every search  
on every engine, every unencrypted login, any information (including  
name, address, email address, etc) submitted using the HTTP: GET or  
POST methods will stored in this page request log.  I expect that it  
would be possible to identify a large proportion of individuals from  
their page request log.

I don't think that Google currently has any evil intent for this  
data.  That would be at odds with their "Don't' Be Evil" motto. I  
assume the current reason for collecting this data is simply for  
research.  But, over time, slogans change, companies are bought and  
sold, and data is frequently repurposed, sold, or stolen.  Then  
privacy will suffer.

Google admits, "Web Accelerator receives much of the same kind of  
information you currently send to your ISP when you surf the  
Web" (see http://webaccelerator.google.com/support.html#basics5 )    
But the difference is that my ISP doesn't keep that information,  
along with my search history and every email that I send and  
receive.  Or if they do, they aren't telling me about it.

Brian Carini


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/