> "Like most people, I don't like to be tracked. I also am the founder of the search engine that doesn't track you, DuckDuckGo."
It pains me to hear intelligent people talk about being "tracked" as something "bad" a priori. While there are certainly plenty of examples of abuse of knowledge, I tend to think of most "tracking" not as "stalking" but as "relationship building." Let me explain...
Google is a service provider that I frequent, just like my coffee roaster or my stock broker or whatever. Over time, service providers develop a relationship with their customers based on knowledge of that customer. This knowledge helps inform how they provide and improve their service. My coffee roaster knows what kinds of coffee I like and makes appropriate recommendations when new beans arrive. My stock broker knows what kinds of risks I like to take and gives appropriate investment direction.
Ok, so I don't really have a stock broker but... My point is: I appreciate that google is aware enough to know that when I search for "hash salt" I'm not talking about potatoes. DDG shows me recipes and first.
The problem (as with most things that are hot-button issues) is that the most talked about thing - "tracking" - is a red herring. The REAL issue is accountability. True information lockdown rarely benefits anyone, but openness without accountability is useless and downright dangerous.
Suggesting people flee one provider's services and head to other providers who are not concretely more accountable (just because they "say so" doesn't make it true) is simply being petty. We should instead be spending out breath advocating for greater accountability in the system as a whole.
His point is more about not putting all your eggs in one basket; you certainly don't tell your barista about an upcoming physician's appointment, or that you are in the market for a house. Your barista is also disconnected from parties who may leverage the information you provide him/her. Similarly, you don't tell your broker that you prefer Ethiopian coffee. Google offers so many services that it has a much broader insight into who you are. To the privacy-conscious, that's an unacceptable fact. Nothing to be pained about.
Except the author then proceeds to toss all his eggs into Apple's basket. No, it's not about putting all the eggs in one basket, it's about paranoidly avoiding Google at all costs for some unknown reason.
What are you talking about? Of 12-14 services he listed, 4 were from Apple (iOS, Mobile Safari, Apple Maps for directions, and iCloud for Calendar sync).
And quite likely, he is not paranoidily avoiding Google, but partly experimenting as he is running one of the very few companies that are directly trying to compete with Google in search.
- Safari/iOS will let Apple know you're in a market for a house
- Safari will let Apple know you like Ethiopain coffee
- Also it will probably allow them to track your searches
- Along with Calendar sync and maps Apple knows both where you are currently and where you'll be next
While not all of his eggs are in one basket, there's an awful lot of them providing an awful lot of "tracking" information to one entity.
Sure, if he's experimenting with replacing Google's services that's a valid reason.
You gotta be kidding me here. You don't explicitly have to login to any Apple service when you are using Safari. However, when you are using Chrome - somehow if you login to Gmail you are logged in to the browser. You login to gmail on Safari, you are logged in only to gmail. There's a difference. Sorry I don't mean to be offensive but this aspect shouldn't be overlooked.
Lets say you login to gmail in chrome. You open another tab and there are you are signed in again. This is the google+ crap I guess. The only option is to use an incognito window.
The only difference is that Apple is not an advertising company. Google explicitly uses your information to advertise against you. Apple is not yet in that vertical.
iAd is a mobile advertising platform developed by Apple Inc. for its iPhone, iPod Touch, and iPad line of mobile devices allowing third-party developers to directly embed advertisements into their applications. Announced on April 8, 2010, iAd is part of Apple's iOS 4, originally slated for release on June 21, 2010, the actual date was changed to July 1, 2010.
Safari has 3rd party cookies turned off by default. And how many iAds have you seen?
Also iAds have quite strict requirements as to what kind of identifying information they receive from the device.
Google/Android doesn't have any qualms about giving every bit of information they can get to the advertisers, that's the main source of income for Google. Also, 3rd party cookies will not be turned off by default in any Google product ever.
since when is advertising strictly an adversarial arrangement?
Websites such as real estate websites are basically just ads, yet it still offers a service (namely discovery). trailers for movies are also ads but I still like watching them.
There's a lot of disgusting/misleading behaviour in advertising, but it's not strictly an Us vs. Them proposition.
Real estate websites feature the product obviously, the real estate. With Google's website, your eyeballs on adverts is the product, and it's in Google's interest to know what you like to give you relevant adverts.
When you are a visitor to a website, it's whether you are a customer vs product proposition.
Actually it's more like going to your Dr appt and realizing they have a barista onsite... of course you're not going to tell the barista why you're going to the Dr, and the barista isn't going to know your full medical history, there is a pretty large separation of concerns there. Same applies to big companies. There are really big barriers up between services like there are between the Dr and the on site barista.
To further this analogy, what if you went to the onsite barista and when you ordered your coffee the barista told you that you're allergic to one of the seasonings. That's helpful and relevant and I think this is where most people start panicking but if the Dr has a Lot of accountability which is what the top comment is suggesting is the main concern, then you will know that the Dr isn't sharing full medical history but rather just what is relevant, your allergies. This is convenient, and in my imaginary scenario just saved the person from a lot of trouble. Also in this imaginary scenario the patient opted-into this sharing of knowledge.
I know this may not be a popular opinion, please share why instead of down voting me. I'm eager to learn and a down vote won't help me :P
That may be true of doctors with coffee bars, but it is absolutely NOT true of Google. Google is an advertising company, period. All of the thousand things they do are for one purpose: to sell advertising based on getting better and better at knowing the customer and targeting ads you're likely to click on.
Even if Google does say that some app is firewalled, the implied follow up is "...until customers stop caring" or "...until the law allows us to use it". Everything they do is intended to facilitate advertising, even if not yet.
The video on deman service for UK "Channel 4" has coke-cola ads that take my username (from the 4OD login) and superimpose text on a bottle image.
It's really creepy, even though it's obvious and trivial.
It's also counter productive - I haven't used 4OD for ages precisely because of that creep factor. Even though I knew they were doing it before the ad.
This is such a reductionist argument it can be applied to any action done by any group of people.
"Anything any company does is in the end goal to make money" is basically this argument. "Anything a university does is to get grants".
You're reducing the agency of people who work there and their personal objectives to nothing. Google has many different projects which aren't just about pushing ads . How are driverless cars selling ads? The cost of Google Fiber largely outweighs the advertising revenue. etc.
The issue under debate is not profit but rather the use of private data. Americans do not begrudge anyone their right to free enterprise. But many (including the OP) do care about the uses of their personal data. Google's activities are all oriented toward using and learning from personal data.
In the hypothetical doctor's office with attached coffee bar to which I was responding, we can see how it would be money-making but there's no good reason to assume that there would be a misappropriation of personal data between the two parts of the business. In Google's case it's the opposite: by default everything they do is oriented toward collecting and using data, as personal as possible. Sensible people would assume that if Google hasn't yet used the driverless car to find a way to better target advertising, they've got top minds thinking about how to do it.
This goes both ways -- the sheer amount of personal data that is entrusted to Google requires that they maintain a basic level of trust with their users.
If they were to flip a switch and turn Gmail-mined data into a dating site, or something, users would leave en masse. And good luck trying to entice new users with an expectation that their information would be misused.
And Google has already misused their trust with Google+ and the YouTube "real name" integration. As the integration becomes more complete, the ramifications of subtle changes become more problematic and hard to predict.
See, I don't get the whole furor over this. Most people just seem to be using it to join the Oh Noes, Google is Evil crowd without actually explaining how it negatively affects them personally.
I've always just used my real name online - so instead of having an email address like sexy_asian_chick88@hotmail.com, I just used my name. It's a little less embarrassing when you have to give it to people, and I sort of got over those sorts of email addresses in grade 5.
Sure, that means people can link what I write online, but it's hardly worse than if they just searched for my nickname, and did some legwork. And really, what am I writing online that is so private and secretive that I need to firewall it from my actual identity? I wouldn't be having such discussions on a public forum online - I'd do it offline. If
Now, sure, if I was living under a oppressive regime, and had to get data out - but let's be honest, as a percentage, how many of us HNers fall into this category?
And even then, would you really be doing it on YouTube? YouTube is a bastion of stupid (but funny) cat videos, parody videos, movie trailers and music covers.
I'm fairly sure a whistleblower would be using something a little more appropriate, and where privacy was actually a feature.
And quite frankly, considering the awful quality if YouTube comments, I'd applaud any attempts to make people even slightly accountable for the awful and often hateful c*ap they write on YouTube comments.
Great - it works for you. But you go further and claim that it must then work for everybody.
> I've always just used my real name online - so instead of having an email address like sexy_asian_chick88@hotmail.com, I just used my name. It's a little less embarrassing when you have to give it to people, and I sort of got over those sorts of email addresses in grade 5.
You can't see the value of bob@corp.example.com and barbera@mytransself.example.com for someone to blog about the widgets their company makes and also about the best places to buy clothes?
> sure, if I was living under a oppressive regime, and had to get data out
People are beaten every day in the US for being gay or trans or whatever. Sometimes murdered. Often discriminated against. While I feel Brandon Eich's opposition to gay marriage is abhorrent I kind of feel sorry for him being kick out of a job for it.
> And really, what am I writing online that is so private and secretive that I need to firewall it from my actual identity? I wouldn't be having such discussions on a public forum online - I'd do it offline.
There are so many reasons people might want to talk about something in a public forum but not want to tie it to their identity. At least, they may start wanting to keep it private before they reveal their identity. Why deny them that choice? But here's a list:-
- battered women
- battered men
- victims of sexual abuse
- members of the glbt community, especially if they're preparing to disclose to family members etc.
- people with "embarrassing" diseases.
- people who face stigma - being religious or not religious in a not religious or religious area; having severe and enduring mental health problems, etc.
This is just a partial list! There are very many more!
> And quite frankly, considering the awful quality if YouTube comments, I'd applaud any attempts to make people even slightly accountable for the awful and often hateful c*ap they write on YouTube comments.
Have you read comments under newspaper articles recently? Real names, horrible comments.
Improving comment quality is important. So far it seems that you need to set expectations and have some kind of moderation. This can work even with anonymity. See, for example, early /R9K/ (at least when they had the robot image) for an example of not terrible commenting without real names. But some people really strongly prefer real names - http://meatballwiki.org/wiki/UseRealNames
You've just listed several groups of people who are discriminated against. I certainly feel for these people.
However, this appears orthogonal to the issue of whether YouTube (a public forum) requires posters to use their actual name, and not a fake name.
I mean, think about it - is a public forum the sort of place that you would want to be posting private content you don't want linked to you?
If I was an oppressed person, and wanted to talk to somebody - friends, family, counsellor - there are other mediums available. I mean, gosh, I could meet up in person? Or I could pick up a telephone? (Assuming my enemies weren't the NSA.) I could write them a letter? I could send them an encrypted email. The list goes on.
What benefit do I possibly gain from publicly outing myself on a public forum, fake name or not? Why not use a private forum?
If I was an oppressed person, and I wanted to vent in my own community - there are private gated ways I could do this. There are real life meetups. We could meet in a coffee shop. There are private discussion forums, where you control the servers. There are Usenet groups etc.
I really don't get people's obsession with posting everything publicly by default. It's like people posting every time they do a poo on their Twitter feed - why?
Or let's look at one of your examples - people with embarrassing diseases. Is this where people with symptoms refuse to see a doctor, but would rather post on a online forum, so that anybody can chime in with their opinion? Have you seen some of the idiocy that's spouted in these forums? shakes head. Dude, go see your doctor, seriously. Firstly, it's guaranteed to be confidential, and secondly, this is somebody you're paying for their professional opinion, as opposed to some guy in their mum's basement having watched too many episodes of House M.D., and posting under the alias Dr_John_Hopkin_MD.
Or say you were filing a victim's report. The police aren't exactly going to say to you - oh, you need to file a police report? Gosh, you should do it in a...YouTube comment! You will go into a police station, and fill in a paper report.
The world would be a better place if people learnt to live a little less online, and didn't default to public-view on everything.
....
I don't see how this is related
If it's public, it's public. Eventually, it will probably be linked back to you.
"I mean, think about it - is a public forum the sort of place that you would want to be posting private content you don't want linked to you?"
So, "subversive", against the status quo ideas, should only be limited to my neighbor? So that there is not enough exposure and they just die out? How cute.
"so instead of having an email address like sexy_asian_chick88@hotmail.com, I just used my name. It's a little less embarrassing"
Nice, loaded example. Strange you didn't use "I'm a naive idiot" as an email example, to "explain" why using your real name would be better. ..And, btw: Sexy asian chick? Pics or it didn't happen.
"And really, what am I writing online that is so private and secretive that I need to firewall it from my actual identity?"
You may be boring, unimaginative, and a herd follower, but that doesn't mean everybody else is.
I'm not sure if that's an ad-hominem, but I'll bite.
Yes, I am boring - I'm not afraid to admit it.
I am just another of the 6 billion or so souls floating in this rock in space. I don't think of myself as a special snowflake, or as some secret government operative, or somebody who's smarter than all the plebs around me. And I sleep perfectly fine knowing that =). You use the word herd follower as if it's some kind of grave insult?
I'm not an anarchist, nor am I V from V for Vendetta. Ergo, my argument, I don't really have any issues with people seeing what I post online, since most of it's just banal rubbish. You're not going to get any national secrets from reading all of my online postings.
I have friends who are paranoid with security/privacy - and I respect them for that, I just don't understand it. I'm more likely to be the target of an online spammer or phishing attack, than a government agent trying to see if I am against the Party.
However, _if_ I were an anarchist, do you really think I'd be posting my secret plans to overthrow the US government on a YouTube comment?
This is precisely my point, everybody seems to be making a mountain out of a molehill. Who cares if Google makes you actually identify yourself when you comment on the 50 billionth cat video.
What if knowing you prefer Ethiopian coffee would make your insurance company charge you more because statistically these people are more prone to medical issues? Would you tell them in a heart beat?
The pendulum swings both ways, and this is the reason why all of this should be opt-in.
Just because something isn't currently happening doesn't mean that it won't. You're ignoring the fact that the data isn't transient. It persists into the future, at which point these things can (and probably will) happen.
It's like arguing in favor of a monarchy just because the current ruler is just, competent and benevolent; while ignoring the possibility that the next ruler will be violent and vicious.
Just because something isn't currently happening doesn't mean it will either. You're ignoring the fact that, if Google started abusing your information, people would stream away from them in droves and Google is more than aware of that.
Your monarchy analogy doesn't work either because, in a monarchy, you don't have the choice of leaving it other than leaving the country. With Google, and every other internet company (they all track you), you can leave on a whim.
> Just because something isn't currently happening doesn't mean it will either.
I never said that there was certainty that it would. Only that it is possible. You can't hand-wave away possibilities with "it's not currently happening now."
Well, you're hand-waving that it can so it works both ways. Again, you're ignoring that people can walk away from this and nobody else is doing the exact same thing.
"if Google started abusing your information, people would stream away from them in droves and Google is more than aware of that"
I, like you, also get a daily email notice of what google is actually doing and planning, every morning. Larry also, sometimes, attaches sexy pics of himself. /sarc
Except maybe your barista happens to know a real estate agent and will get you an amazing deal on a new house. Something you might not have gotten if you didn't tell them...
Actually, I do tell my broker I like Ethiopian coffee, if I like it, there are probably many more like me, find me some shares in a company that deals in Ethiopian coffee!
> I tend to think of most "tracking" not as "stalking" but as "relationship building."
That is just another term (and a significantly creepier one) for the same thing, for those people who don't want that kind of relationship. A good rule of thumb would be to assume that people who "don't want to be tracked" have already considered the fact that tracking may help the company in question improve its service to them -- after all, this is frequently given as the justification for tracking.
From this viewpoint ("I don't want that kind of relationship, and am prepared to live with the associated service degradation"), it is logical to switch to services for which your envisaged greater accountability isn't necessary.
Incidentally, I have issues with DDG simply because it will return Android programming results from 2011 in preference to those from 2014, despite the entire state of play having changed in those three years, because it was a really good result in 2011 -- or because it simply doesn't seem to index as much of the Web. These are just anecdotes, but in my personal experience the "relationship" I have with Google search isn't a very large part of why it's good.
"It pains me to hear intelligent people talk about being "tracked" as something "bad" a priori."
Tracking is bad when you know little to nothing about what is being is tracked about you and how that information is used. While you might get targeted or personalised results as a result of tracking, that is likely just a small outcome of the data collected about you. Who knows what else is being analysed or number-crunched about your online behaviour? If you read Google's privacy policy, the most notable aspect is how little it tells you. Nothing about how your data is aggregated, who sees your data, how long that data is kept for, whether it's anonymised. Is the data collected to "protect Google and our users" (their words) used solely for that purpose? (For example, providing your date-of-birth for age verification and your mobile number for two-factor authentication.) Or is this information also used for tracking and profile-building? These are all reasonable questions to ask any company that tracks you online or asks for your personal information. But Google aren't giving answers. And Google arguably tracks online behaviour more than anyone else.
A big example of the intentionally murky and everchanging privacy policy confusion was in how it applied to student emails in Google Apps for Education:
Nice to hear thoughts on this subject i agree with.
Myself, i've long used Google and hadn't cared at all what information they collect about me. Rather, i openly give them information. Sure, if the world turns to hell and suddenly the government is at my door because Google "knew too much" then the naysayers can laugh at me all they like.. Then again, the world has turned to hell already, so is it really a time to laugh?
In the mean time, i want to give Google my info, because "Google Now" is a great example of a service attempting to predict my needs. Keeping up to date with my life, and giving me information i want, without having to even ask for it. I don't want dumb computers, i want intelligent meaningful interactions, tailored to my life. And i can't get that by being a black box.
Tracking is an issue in that your interests, preferences, and proclivities are being used to make others richer. Hey if that's ok with you then I'm cool with that. I'm not cool with me doing that. I run ad blockers. If you make a living from ads then offer me a paid-for alternative. I avoid everything Google. I use a Windows Phone without a Microsoft account. If an app wants access to my contacts it doesn't get installed. My blog is my own code because I own what I write so I want control. In the absolute sense. I'd rather pay than use a free service, because being a cynic I don't believe altruism in it's truest sense exists.
> your interests, preferences, and proclivities are being used to make others richer.
Your logic here villainizes a behavior simply because it benefits someone else.
Let's say that every day you stop at Starbucks and order a cappuccino. The people who work at there recognize that you always show up at 8:10am and order the same thing so they begin to make sure it is ready for you every day so you don't have to wait. Did you give them explicit permission to notice your habits? No. Does their behavior benefit them? Yes, they keep you satisfied and paying obscene amounts of money for coffee on a daily basis. It's mutually beneficial. Now an employee of Starbucks could potentially give information about your daily routine to someone else who was looking for you (say to the police for whatever reason) but you don't hear anyone lamenting the presence of eyeballs in the heads of baristas as massive privacy invasions.
I believe what you are really getting at is that these companies like Google and others can - and have at times - abuse the information they have available. This is exactly my point: what's needed is greater accountability.
It sounds like people are cross-discussing what they're really trying to get at the heart of,
Tracking is a tool.
It can be used for good and for bad. It has been used for good or bad. A healthy debate about the pros and cons and discussing choices one has with their tools/tech is vital to this.
Tracking is an aspect of privacy, but it is not the entirety of it.
It would be great if that was the discussion, but it seems like many people consider tracking to be an absolute bad. Thus, any service improvement that might come of it is tainted by its association with tracking.
It sounds a lot more like you don't actually understand how advertising works.
No, tracking helps to provide you with better services, full stop. Since you use an adblocker, tracking isn't making anyone money at all. Your personal information is worth exactly $0.00 on its own.
> No, tracking helps to provide you with better services, full stop
No. Tracking is about allowing advertisers to better target people that they want to advertise to. A side-effect is providing you with 'better' services.
> No. Tracking is about allowing advertisers to better target people that they want to advertise to. A side-effect is providing you with 'better' services.
Those two are NOT exclusive. Targetted advertising only works because you the user find it more useful.
And, no, it's not about better ads, it's about better services. The vast, VAST majority of tracking is never used in targetted ads. Targetted advertising is a very wide net, not hyper-focused.
> My point is: I appreciate that google is aware enough to know that when I search for "hash salt" I'm not talking about potatoes. DDG shows me recipes and first.
That's the reason I always come back to google and search logged in. Almost all my searches are computer or more generally electronic related. On other search engines I get useless results.
> I tend to think of most "tracking" not as "stalking" but as "relationship building."
I'm fine with relationship building. Google can give me better search results based on other activity they observe; I'm perfectly fine with that. They're simply trying to better their product for the user.
What I'm not fine with is the fact that Google is an advertising company. We're not the end-users, we're the product. Intuition says Google is selling the valuable information they collect to third-party advertisers. This means that our valuable information is being leaked to third parties I'm not sure I can trust.
At the core of it, I only want to give my information out to parties I trust. I don't care if it's valuable information or not, I just want to be in control. I don't want my info being sold to some advertising company -- after all, I'll only buy their product after I build a relationship with Google and they can provide the most relevant links.
You're right; I was wrong. It makes complete sense for an advertiser to say, "Sell adds to people interested in X" and for i.e. Google to show those ads.
Even for less reputable companies, it seems you're right: it makes more sense to sell ads for a keyword rather than to make the advertisers sort through a mass of data. Is that the case?
Truthfully. I would have no problem with the amount of data google aggregated on me, if I could depend on them not using that data against me, or to manipulate me, or to sell it to someone who would do either of those two.
If someone came up to me and said "I'll give you 5 dollars if you give me the names, email addresses, phone numbers, and personal vulnerabilities of all your friends", agreeing to that would be considered a massive breach of trust and a horrible act. On the web it seems like standard procedure.
I will give you that tracking isn't innately bad, but it is an act of trust, and the question is: do you trust google?
This is too myopic of a question. Do you trust Apple? Do you trust Microsoft? Do you trust ____? There are arbitrarily many of these questions to ask.
What really needs to be asked is: how can we establish levels of trust in companies and services that handle our digital information that approaches the level of trust we have in our direct, inter-personal connections?
Not ratting on your friend is trust established through close social connections. Trusting Google to not sell you out is a level of trust established... how?
>Trusting Google to not sell you out is a level of trust established... how?
It's trust from potential destruction. If Google was obviously using your email contents to sell you out, then people would stop using the service. It's like how people don't want to give out their email address to certain organisations out of fear of spam and phishing.
Google can't exist without that trust, so they're incentivised to act in a trustworthy manner.
Ironically, exactly because of the intense scrutiny they face with every small decision they make, I have a lot more faith in Google's inability to be evil than just about any other player. I certainly can't spend the time to verify that all the other players I might give my data to are honest and well intentioned will always stay that way. But at least with Google I have pretty good faith that others are going to do that for me.
Sometimes I wonder if the critics of Google's privacy realise they may be having the opposite effect they intend in this way ...
> The REAL issue is accountability. True information lockdown rarely benefits anyone, but openness without accountability is useless and downright dangerous.
Google is accountable. The problem is that they are accountable to advertisers, currently to the tune of about $55 billion per year.
For consumers to hold Google accountable, they have to fight against their addiction to free web content and services, and start directly paying for what they consume. It's important to note that "Google is free!" is an outright lie, and in fact we are paying more for Google through advertising than if we just paid straight up[1].
> We should instead be spending our breath advocating for greater accountability in the system as a whole.
The best way to do that is to advocate against ad-supported websites and services, and to advocate (and invent if missing) honest ways to get necessary revenue[2].
[2] I avoid the term "monetization" which to me is a word invented to make it easier to be dishonest.
[EDIT] Sigh. As usual, either Google or advertising apologists are downvoting without supplying a reason. Upton Sinclair said, "It is difficult to get a man to understand something when his salary depends upon his not understanding it." Too many people here have a salary dependent on advertising, or an identity dependent on Google fanboyism.
> The best way to do that is to advocate against ad-supported websites and services, and to advocate (and invent if missing) honest ways to get necessary revenue
I like this. I mean, not gonna lie I love free stuff as much as the next guy but most services that offer to remove ads for a subscription (Spotify/Pandora for example) I pay for.
I provided plenty of facts and logic behind my statements. Did you even follow my link? And how do you refute my claims? You label them "grandiloquent" and say I must be wearing too much tinfoil. I bow deeply to your logic, reason and debate skills.
It's obvious from your comment history that you're a Google fanboy. And an Amazon fanboy. And an Apple hater. Good luck with that.
> I provided plenty of facts and logic behind my statements.
No, you don't. A claim it is not a fact or proof.
> It's obvious from your comment history that you're a Google fanboy. And an Amazon fanboy. And an Apple hater. Good luck with that.
Well, perhaps it is obvious to people like you, that only have a black and white world and everything not agreeing with you is because a paid shill or a hater.
There is an additional problem (over and above privacy concerns) with putting all your eggs in one basket that is not mentioned - namely if you are cut off from the service for 1 reason or another. This can happen because you do something on 1 of the many services that goes against the TOS and you get cut off from all services. There are other reasons of course: The site could go down, the suite of services may be vulnerable to a tailored malware attack etc.
Pervasive surveillence is too high a price to pay for the convenience of being able to type "hash salt" instead of "hash salt computers".
"Relationships" are built by two people, not by one person being followed around the entire interney by a multibillion dollar international conglomerate.
> While there are certainly plenty of examples of abuse of knowledge, I tend to think of most "tracking" not as "stalking" but as "relationship building."
Not to accuse you of anything, but I would imagine that this is what most stalkers think, as well.
Actually search DDG for "hash salt" and although it shows some recipe images at the top, the first 6 and the vast majority of all the actual search results are specifically about cryptography, the top result being Wikipedia's article on the topic of salt in cryptography.
> appreciate that google is aware enough to know that when I search for "hash salt" I'm not talking about potatoes. DDG shows me recipes and first.
Really? For that exact query, I get the Wikipedia page for "Salt (Cryptography)", "How to Hash Passwords", and "Salt the Hash - Security tutorial"... you get the idea[0].
AFAIK, the stuff you're seeing at the top is their 'zero click' information, which Google never provided (until after DDG added it and promoted it as a selling point). That's a little hit-or-miss, sure, but the actual search results of DDG are generally just as relevant.
I've been using DDG as my primary search engine for years now - I still resort to "!g" searches sometimes, but I have to do it far less than I used to.
It's true - the standard results on-point, but the top of the page is filled with images of food and links to recipes.
This is, ultimately, a nuanced point. It's a bit difficult to contrive a situation where the discrepancies are extremely stark in a single case, but over time and with consistent use (especially something like Google search which i use literally hundreds of times each day) the differences add up to make a pretty pronounced impact.
We live in the information age and information now is the ultimate power. Many people don't believe it, the same way that before the Civil and Crimean Wars not everybody believed that industry is the ultimate power of the industrial age.
By letting Google collect enormous amounts of data about you, you are letting them have power over you. It can be used for pushing you to buy stuff against your rational will or for killing you, if say at any point you decide to not fully cooperate with a future totalitarian government.
One can't live ones live today driven by an assumption that they'll be ruled by a totalitarian government in the future. Your mind is already trapped; you're effectively living in fear today that one day in the future you'll be living in fear.
"One can't live ones live today driven by an assumption that they'll be ruled by a totalitarian government in the future."
You may have heard it, but humans have this shit called "intelligence". It's some times used to predict future outcomes. (Yeah, I didn't believe this shit neither, the first time I heard about it. But please, do look it up online.)
The issue here is information monopoly. If one provider controls every bit of information about you than it eventually leads to a master/puppet scenario.
With your permission, you give us more information about you, about your friends, and we can improve the quality of our searches. We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about - Eric Schmidt, Executive Chairman of Google.
Monopoly situations certainly make abuse easier but the monopoly isn't inherently problematic. Government and law enforcement are essentially monopolies in their own right and we see the results when those powers are abused. But instead of being anarchists we call for transparency and accountability. The same applies here - if we spend our time trying to become "black boxes" (as someone else here called it) we're not really going to get anywhere. If we push for greater transparency and accountability of the companies that handle our information we can better trust that they will continue to act in ways that are mutually beneficial.
You are very naive. Nature hates a power vacuum. Accountability, requires being able to enforce, if the other party is not accountable. Otherwise, it's just a matter of time before you are being used in some, or many, ways. The asymmetry of power between Joe Doe, you, and a huge multi national, assures that you can't enforce, and so you can't keep the other party accountable.
"tracking is, a priori, something bad, even when it's open and part of a relationship in which you appreciate the other party remembering certain things about you"
Advocating for greater accountability across the board sounds great in principle, but what does that even mean? Are we to hold Google, accountable for monetizing the data they collect on us? That's the social contract you engage in with Google, when you use their services.
Looking at the underlying business model is more effective. I am confident that DDG is going to respect my privacy, because that's what their whole business is built on! Similarly, I would be shocked if Apple turned around and started selling my data to advertisers, because I am their customer and I am the one paying them.
The problem with Google's methodology is destroying the market for others through "free" alternatives. When the Chinese do this it's called product dumping, and rightly criticized.
2. It undermines free-market mechanisms by having the paying customer be other than the consumer. And as fidotron points out, it also has the same effects as dumping against any non-advertising business model.
What is the underlying business model of Apple? Make products that consumers are willing to pay for. DDG's underlying business model seems to rely on sales kick-backs and minimal advertising[1]. Not perfect, but not as bad as Google's.
OK, there's some value in diversifying instead of using one provider for everything but mostly he just swapped Apple, Fastmail, or Clicky in place of Google. They can still track him, read his email, know his calendar... The benefit here is marginal.
And how do those companies stack up against Google when it comes to security? It's one thing to protect the data against snooping by the provider, it's anoter to protect it from everyone else. Google is pretty solid, often on the cutting edge (PFS, certificate pinning).
The difference between data privacy now, and data privacy 10 or 20 years ago has little to do with how many people have access to it, or how secure it is. It mostly has to do with who can analyze it.
An example: where you walk in public is public information, but for most of human history, no one has had the capability to keep a database of that information and query it retroactively. Your location information is therefore less private now than it was before, because that information used to be impossible to reference meaningfully.
The same concept goes for email, calendars, contact graphs, etc. Using providers that don't have, or consciously avoid the capability to aggregate, analyze, and query it improves your privacy. Google is not one of those providers.
Apple's business model doesn't rely on storing personal information, they get their money from devices and apps and services made for those devices sold through their store.
They are the one company that has the ability to really push for user privacy, it's a route Google cannot follow - it would hurt their core business (advertising) too much.
They are the one company that has the ability to really push for user privacy, it's a route Google cannot follow - it would hurt their core business (advertising) too much.
On the other hand, Google needs their users to trust them. If they walk away from Google services, Google loses.
If Apple on the other hand, loses an iCloud customer, their lock-in is reduced, but probably the user will continue to use their Apple devices.
In the end, paid services are probably the best for users who want privacy, etc. Losing trust immediately results in a loss of income. But since the user is paying, they don't have to use and link user data for advertisement or sell the data to third parties.
> On the other hand, Google needs their users to trust them. If they walk away from Google services, Google loses.
Google has dominance in search, webmail, maps, and a very strong mobile presence with Android.
Even if you don't trust Google, it's hard to avoid using their services - they're so good, they have few competitors worthy of note (e.g. Apple Maps or Bing).
Ok, say someone has a complete database of my location sampled at 10 minute intervals over the past few years. What could they do with that information that would be harmful to me?
So you're saying you're ok with me knowing everywhere you've been for the past few years?
I'm going to assume then that you don't visit strip clubs, bars, 'adult book' stores, the house of your drug dealer, the house of your secret lover, a proctologists office, an OBGYN, an abortion clinic, or a million other places. You may not visit these places, but many others do, and having that information publicly available could be devastating to families, careers, entire lives.
On the other end of the spectrum, say you happen to be in the general vicinity of multiple burglaries at the time these crimes are believed to have happened. You're arrested and have to prove your own innocence.
Or maybe someone who wants to do you harm looks at your data for patterns, and goes to the right place at the right time to rob, extort, harass, rape, even murder you.
In general, I think having your location information public is a terrifying prospect.
You don't even have to have been there at all. Once an entity holds all your personal information like that, they can just say "Oh you were here, here, here and here at these times" even if it was not true. Who would doubt them? After all they have all the information right? RIGHT?
If the government has devolved to the point that we have to worry about them framing people unjustly, we have FAR, FAR bigger problems than a database of location information. Hiding the information in that scenario is, at best, a temporary band aid. The appropriate fix is limiting the power of the government and requiring strict and transparent conditions on when and why someone can be arrested.
The government has so devolved -- they're using (most likely illegal) nsa spy tools and stolen data to arrest drug dealers, then lying to everyone involved about how they "stumbled" across the information, or so-called "parallel construction" [1]. While all the tools whine about slippery slope fallacies, the fact of the matter is we're already sliding down.
The undated documents show that federal agents are trained to "recreate" the
investigative trail to effectively cover up where the information
originated, a practice that some experts say violates a defendant's
Constitutional right to a fair trial. If defendants don't know how an
investigation began, they cannot know to ask to review potential sources of
exculpatory evidence - information that could reveal entrapment, mistakes or
biased witnesses. [2]
Although these cases rarely involve national security issues, documents
reviewed by Reuters show that law enforcement agents have been directed to
conceal how such investigations truly begin - not only from defense lawyers
but also sometimes from prosecutors and judges. [3]
One thing that people do is just say "the government" like it is a single entity. It is not one entity. It is made up of hundreds of thousands of individuals.
You know that guy that used to scare your wife/daughter with his stalking? Well he just happens to have a government job and may be in a position to abuse the knowledge that he has access to for personal gains.
I'm sorry, I just don't follow this slippery slope argument. We have lots of examples of the government abusing their use of online information. For the haves, we have the still-minor indignities of the no-fly list and targeting certain political stripes for IRS audits. For the have-nots, it is terrorism fusion data centers, predatory civil forfeiture and, jeez, a lot of the criminal justice system. So that world does exist now.
Many of these excesses have been driven by "limiting the size of government" by defunding local governments and relying on private information brokers (license plate readers, etc), rather than passing better laws.
The things you've mentioned are all generally Bad Things and things that we should be fighting to stop. Fighting to obscure your location information and even protect your privacy in general doesn't stop any of the things you mentioned if you believe the government is acting in bad faith.
I think it is naive to think that a bad actor who intends you harm will be stopped or even slowed down by the fact that there isn't a log of every location you've visited.
A threat to your safety or your freedom needs to be dealt with directly by eliminating it, not hiding from it. If you're envisioning a bad actor with the resources to compile and analyze a comprehensive log of your location, the simple fact that you use service A instead of service B is not going to do a thing to stop them if they're out to get you. You have far bigger problems on your hands.
"Potential threat" is an unbounded set. If you're going to guard against every potential threat you will not be able to spend your time doing anything else.
I asked because I was curious about what sorts of unique threats are presented by, for example, a database of location data. So far I haven't seen any that aren't already present via far simpler means.
If you have a cell phone, it is constantly pinging nearby cell towers. If it has wifi, it is pinging nearby wireless networks. That information is out there, waiting to be collected. If you want to go without the benefits of a cell phone to avoid whatever threat is posed by somebody knowing where you were at some point in time, go for it. I think it's a waste of time.
I think there has been some confusion here. When I said that "The point is not that the world will end if we give away our location data, only that doing so has a non-zero cost" what I meant was that the point is not that the world will end if we give away our location data, only that doing so has a non-zero cost.
Cell phones are like cars, they are very useful but also have their downsides (cell phones reduce privacy, cars kill people). I have a cell phone and a car because I made a decision that the cost was worth the benefit. I did not need to delude myself into thinking there was no cost nor did I need to pretend that the cost was inevitable.
The threat of a comprehensive database of everywhere I've been is extremely minimal. There's not much someone can do with that that they couldn't do without it. If some whackjob want to wait for me to turn the corner so he can hit me with a sock full of nickels or something, he's not going to get a database of everywhere I've been over the past two years and hang around the coffee shop that I have an 84% chance of visiting on the third Thursday of odd numbered months. He's just going to look up my address and wait in the bushes outside.
> We have lots of examples of the government abusing their use of online information.
That isn't what he said. He said that if the government is going to forge information, then the availability of location information is not necessary nor useful for that task.
strip clubs, bars, 'adult book' stores - these are all perfectly legal and innocuous activities. Who cares?
the house of your drug dealer - being in someone's house in circumstantial at best. By your logic they would also have to arrest the drug dealer's mailman, maid, meter reader, etc.
burglaries - again, circumstantial.
Someone who wants to do me harm doesn't need a database full of comprehensive location information. They'd only have to find out where I live and wait for me there.
Without intending to invoke Godwin's Law, I think what happened in WWII is a good lesson in dangers of overexposing your private life. Before WWII, Germany used "tax deductions" to entice people to reveal their religion to the government. Data which was later used to identify Jews during wartime.
Nobody is saying you need to unplug your machine from the internet, but just that because something doesn't impact you today, might not be true tomorrow. If you decide to run for office in 10 years, for example, you can bet your location data will become relevant (and it's not that far-fetched that the other party will try to obtain that data - reference the IRS email scandal).
The point is to minimize the aggregation of your data, to limit the impact it will have on your life once it leaks. After all, you never know who will get a hold of all your data once a company goes out of business (fir example).
The problem in WWII was not that the government had a list of who all the Jews were. The problem was that there was a government that wanted to kill all the Jews. If the latter is true, they'll find out the information they want one way or another. Hiding a list does not solve the problem, which is that you have elected genocidal maniacs to your government.
Your line of thinking hinges on an optimistic view: "As long as X doesn't happen, we're fine". But what will you do when X does happen? You'll be completely unprepared for it.
I prefer to take the "hope for the best, prepare for the worst" approach: if something bad were to happen, I would have a better chance of not being impacted.
No, my line of thinking is more like "If X happens, we're fucked regardless of whether we have privacy or not, so we need to focus on not letting X happen"
If an insane genocidal dictatorship comes to power, you will be impacted, unless you're on the side of the dictators.
I'll bet you top dollar that's not what Jennifer Lawrence is thinking right now. She's not thinking "It was inevitable that someone will get my photos from iCloud". Instead, she's thinking "I should have never put my photos on iCloud in the first place".
Hence the point of this thread: don't expose more information than you need to.
Not having data which would incriminate you to a party which will misuse it is something of a pyrrhic victory, but I still see your point. It would be preferable to have no parties which would misuse this data, but if such a party does exist then you would be better off remaining anonymous. As with all risk analysis, there's no clear answer. Deciding whether or not using a service which tracks such data is a consideration of the convenience gained, sensitivity of the data, propensity of the parties in play to respect the privacy of this data, potential for future incrimination, etc.
This supposes that burglars work by picking out a person, then waiting until they're not home to go rob their house. Instead, burglars search through a neighborhood to find houses where nobody is home, then break in and steal things. It's the other way around.
Regardless, if you're an average adult in the US, "weekdays between 9 and 5" is a fairly reasonable assumption of when you won't be home. No giant database needed.
Seriously? Now I know everyone with whom you associate. I know everything you like to do. I know how fast you drive. Because you "associated" with several serious felons (you were in the same bar/diner/club as them several times), I can make a case for conspiracy. I have you in the same area as several serious crimes. Perhaps the data source (phone?) isn't exact all the time (it never is), so I have you as being at some places you weren't at. The scene of crimes? I know everyplace you've been for years, so forget running.
Have you been speeding in the past few years? A lot? Have you done anything private? Seen doctors/specialists about private medical issues? Have you had an abusive spouse or stalker in your life? I bet they'd love the data.
Do you seriously believe that's how conspiracy cases work? "They were in the same restaurant several times, they must be involved in a criminal conspiracy". I guess every waiter, cook, hostess is also indicted for conspiracy as well, if that's all the evidence they need.
Google doesn't issue speeding tickets. If the government were to issue a ticket for every single instance of speeding and even 1% of them contested it, the system would be so clogged with paperwork that it would grind to a complete halt.
Personally, no I haven't been to the doctor. People go to doctors, though. That's not a big secret. Are you personally on the lookout for every single person who visits a doctor so you can...make fun of them, I guess? Do you imagine other people are?
An abusive spouse/stalker already knows where you live. If they're that motivated and want to find you, they'll wait outside your house. Hiding the information is not a solution to that problem, those people need to be arrested and incarcerated.
> Do you seriously believe that's how conspiracy cases work? "They were in the same restaurant several times, they must be involved in a criminal conspiracy". I guess every waiter, cook, hostess is also indicted for conspiracy as well, if that's all the evidence they need.
I think you need to read up on the 'domestic terrorism' cases in the USA and how NSA investigations actually proceed. One fun instance was Clapper giving presentations on a network of possible terrorists all linked together. The link was a pizza place.
And 100% of the evidence was that they met at the same pizza place? There were no other indications? In that case does it flag every single group of high school friends who regularly get pizza after school, or every group of co-workers who hit up the same happy hour a couple times a week?
Sadly, that's not outside the realm of possibility, but that information alone is practically worthless in determining if someone is a terrorist. "Regularly meets with the same people in the same restaurant" describes almost the entire young, single adult population.
> And 100% of the evidence was that they met at the same pizza place? There were no other indications?
It was enough for the guys supposedly in charge of protecting us to waste a lot of time staring at graphs. And the 'threat matrix' is full of even more shit than that; I refer you to "Secret without Reason and Costly without Accomplishment: Questioning the National Security Agency’s Metadata Program", Mueller & Stewart 2014 http://politicalscience.osu.edu/faculty/jmueller/NSAshane3.p... for that and other sorry details of 'the war on terror'. Seeing the sausage made is never pretty.
> In that case does it flag every single group of high school friends who regularly get pizza after school, or every group of co-workers who hit up the same happy hour a couple times a week?
No, I'm sure some racial and religious profiling was part of the special top-secret sauce which selected that particular pizza joint...
I agree that's a problem. I don't think the issue is that this database exists. I think the issue is that there are people conducting a witch hunt in the first place. If they are that bad at finding terrorists, they'll misuse whatever information is available to them. The solution is to not give people the power to conduct secret investigations and trials etc. in the first place.
1) The computer never lies and the false positive rate is 0%. So if you walked past a shop that sells weed grow lights enough times, you'll be on a list and some night at 2am they'll smash open your door, shoot your dog, and throw a grenade into your babies crib. This is "OK" because it usually only happens to poor minorities and the computer never lies and there is no such thing as a false positive. Even just street crime is an issue.
2) Times change. Being on a list as living as a Jew in Germany in 1923 not a huge problem. In 1943 being on that old list is not so good. Walk past a mosque on a daily basis in '90 no big deal, in '10 maybe not so good when they look at the historical records to Keep Us Safe From Terror (tm). Its almost unpredictable who we'll be punishing / torturing in a couple decades. Probably not reasonably well off white men, but everyone else is either nervous or ignorantly not nervous.
Build a very complete profile of you, sell that data to advertisers. Maybe tell insurance companies that you frequently do high risk activities. Sell the information that you were at the beach when you took a sick day. This list could go on and on.
Another thing: Imagine someone would get HD video of your room while you slept in it. I can't imagine what use it would be but I absolutely would not like to be filmed like that.
> Build a very complete profile of you, sell that data to advertisers.
Why would advertisters spend money for a profile of you? Answer: they don't. This market just doesn't exist. It's fabricated. It's a fantasy to pretend your trivial existence is worth big bucks. It isn't.
Advertisers do not want your information. They want your money. Google uses your information to try and match you up with relevant advertisers. This is how ad networks work, a form of online dating basically. Your information does not go to the advertiser. Your information on its own is not worth anything.
> Maybe tell insurance companies that you frequently do high risk activities. Sell the information that you were at the beach when you took a sick day. This list could go on and on.
Who would spend money on this and how the hell would that market ever come into existence, much less in secret, such that everyone does freak the hell out?
Do you think Google sends employees out to secret hotel rooms with members of random stores to swap dirty secrets about you or something? Remember, advertisers are places you go to buy things. Not evil supervillans.
Call me paranoid, but my biggest concern is that things I do that are acceptable today may become illegal or persecution-worthy in the future. I recently read a story about a mother who was executed for her religious beliefs. The attackers knew she had been visiting a country with a different majority faith and used that information to single her out.
That kind of thing could never happen in the West... right? I hate to bring in Nazi Germany, but imagine how much more effective they could have been at rounding up people if they had access to Google's tracking data.
Full Disclosure: I am not actively avoiding any tracking, but I think about possible abuses a lot.
> What could they do with that information that would be harmful to me?
Harmful to someone, and it's different for different people at different times. Also, a piece of information that may be benign today could be harmful tomorrow with a change in the political environment.
Maybe you visited a specialist, or were on the same floor as a specialist, and got extra attention from your health insurance as a result.
Maybe you were standing near someone being investigated, making you a person of interest and therefor subject to prosecutorial bullying.
Maybe you're trying to overthrow a government and would like to do it in safety for as long as possible.
If you visited the specialist, your health insurance would already know because they'd be paying the bill. Now, I'm not an expert on medical billing, but I can't imagine how "being on the same floor" as a specialist could result in any sort of invoice. I'm not sure what you mean by "extra attention". Why would the insurance company use that information? Surely any given specialist is around hundreds of people every day he or she isn't treating, so that particular data point has no use in predicting who is going to receive care from that specialist.
Standing near someone - same argument as above.
In the rare case that you are actively involved in overthrowing a corrupt government, then yes, it is important to keep yourself hidden from that government. But privacy in general does nothing to prevent the corrupt government from coming to power in the first place. If anything we need less privacy - for the government.
People don't "just like" things for no reason. I think it's worth examining why we like privacy and what needs it fulfills, and what other ways we might be able to fulfill those needs. It seems to me that digital information is just too easy to distribute for us to have any hope of containing it. We are better off assuming any available information is going to be made public and finding the best way to proceed from there.
Interesting thought. If McCarthy could have subpoena'd Google, he'd have been able to prove that they were all commies and then people wouldn't be unfairly smearing his name today.
It's a bad argument for banning things but it is a perfectly correct argument for pointing out the the real cost of something. Cars kill people. We should not pretend that cars are safe, we should make a rational decision and come to the conclusion that the cost is worth the freedom of transportation.
You'r argument would be a valid analogy if I were suggesting that we make it illegal to tell anyone your location (or any other "private" information). I am only pointing out that privacy is valuable and we should count the cost if and when we give it up.
You are asking your question from a position of luck (that you, in particular, can afford to be an open book) and mostly at the wrong level. It's not about how it will affect you, it's about how it will affect him/her, and us.
Improving your privacy helps people who have legitimate things to hide avoid unwarranted suspicion, and it also makes our society better.
Secrets are sometimes bad, but are far more often good -- allowing us to have functional foreign relations, strong individual rights, and the ability to communicate freely about ideas central to our republic. No good will ever come of the ability to Google: "people unlikely to toe the line".
I phrased the question in terms of me, but you have no idea who I am or what I might have to hide, so please imagine it in the general sense of what any given person might have to fear from a database of their location information.
Does Clicky let site viewers also view the traffic? I don't mind such information as much so long as everyone knows that they can see it when they want.
I switched to fastmail and duckduckgo in lieu of google products a little over a year ago for some of the same reasons. I tried to switch to safari from chrome, and that experiment lasted about 3 months before I got annoyed by how safari handles multiple tabs.
But, as far as most of the criticisms posted here, they're really unfounded. If you want to be a purist about privacy, you really have to just quit using technology. It's not realistic. Yes, you can be an idealist and try to run your own email server, etc. but it's really about balancing tradeoffs. I also use Apple maps and iCloud and dropbox and Evernote and... many other services we should give just as much scrutiny to as Google.
I don't see my choices as being about riding a high-horse, it's about a diversified portfolio of services that helps me avoid total lock-in. The day that google heavily oversteps with the G+ product strategy or twitter completely goes to shit, I've got a series of alternative services that can pick up the slack.
My thing isn't that I don't trust any one particular Google product. It's that I don't feel safe putting all of my eggs into one basket. A year ago, Google was my phone, my search engine, my email, video hosting, my DNS, my IM service (GTalk when it was still a thing), and cloud storage system. That's a lot of personal stuff all tied together under one account. So I split things up. I hosted some stuff where I could (email and online storage) and used different services/products where I couldn't. But I also continue to use Google for my search engine.
I don't really see it as a question of if Google will screw up with people's data, it's a question of when.
By the time when, Google will be our overlords. Running the world with no one to be able to resist their ironclad rule. Because they know you, they know where your most loved live, what you need most to live, what your habits are, what medications you need.
Doesn't that sound bit too pessimistic? Of course it does. You already trusted Google, why trust another company and risk your data?
What if, from the 10 companies you trust your data with, 2 of the go rogue and use your data against you? OR what if they get hacked, and lose everything? That's what I fear more than giving too much data to Google. I'd rather trust one super reliable guy (Google), than trusting 5 (Self hosting) maybe trust-able, 3 shady guys, and 2 unreliable guys. But that's just me, I make sure all my accounts have 2 step auth.
This. Right now I'm also more comfortable with Apple having my info, because their business is built on providing me with a premium product & charging me for it. Google is built on monetizing my data and selling me better ads.
>>But, as far as most of the criticisms posted here, they're really unfounded. If you want to be a purist about privacy, you really have to just quit using technology. It's not realistic.
Exactly. It's not realistic because it's a strawman, and a disingenuous one at that.
No one really wants to be a "purist" about privacy. Indeed, the only way to live a 100% private life is to have a cabin on some uncharted island and never leave it.
Rational people, on the other hand, realize that there are certain privacy costs to living in modern society. They simply want to make informed decisions about which benefits to trade off those costs for.
What the author advises against is giving all your information to one company, i.e. Google. This holds especially true since said company's core business is serving you advertisements and generally controlling your Internet experience (using the "personal filter bubble" described in the article) using the information it has about you. Instead, he is suggesting that people spread their information across multiple service providers so that no single one of them can compile it to get a wholesome picture of who you are. The point is not to avoid giving your personal information (although the less you have to give, the better). The point is to avoid putting all of it in the hands of one company.
I'm not sure if switching to Safari is a huge jump ahead, because both are closed source software. You could switch to Chromium and get Chrome without the tracking, or use Firefox instead.
It's obviously not smart to rely on one company that heavily, but I can see his reasoning behind using Apple products. I too am not using any Google services if I can help it but if I had to make a choice between giving my data to Google or Apple, I'd choose Apple. Not because I trust Apple more than I trust Google, but because I trust their source of income. Apple's business is to sell you hardware, while Google's business is to gather information about you so it can show you ads.
What Apple earns from iAds is chump change compare to Google's ad revenue. I don't deny iAds exists, but read my comment carefully. That's not their main source of income. Google's almost whole business is to sell ads. Apple can survive without selling ads, Google can not.
I just told you the difference. What is it that you don't understand?
Google's whole business revolves around showing you targeted ads. Apple's business is to sell you iDevices. Apple will not target you to the point where it's invasive and creepy (although I'd argue even the smallest amount of tracking is invasive, but I've been trying to look at this from Gabriel Weinberg's point of view) because Apple can not do anything to harm its main source of income. Google's job is to track you and they legally (and sometimes illegaly) do everything they can to be successful in their business. They can not hurt their main source of income by being invasive, because being invasive is their business.
For the record, I'm not saying Apple is any better than Google or vice versa. As I said, I've been trying to play the devil's advocate.
The point is, Apple does track you AND charges a premium. Google doesn't do both.
If you look at EFFF, Google has had your back longer with lobbywork before the EFF report came out ( https://www.eff.org/who-has-your-back-2013 ) as soon as that got popular last year, all of them upgraded their lobbywork (Apple)
Yes, now they all have 5 stars, but the EFF report first came out in 2011 without them knowing ( https://www.eff.org/who-has-your-back-2011 )... But there was a lot of hype about it last year, so they had to improve their "score-card".
Also, I doubt Apple would do something like Google's word gymnastics with the everchanging and murky ad profiling policy for student emails in the "free" Google Apps for Education.
Apple makes little to no money by invading your privacy. They've already made money once you bought their hardware. Which is why they will be a much better champion of your privacy.
However, companies like Google and Facebook make almost 100% of their revenue by knowing every detail they possibly can about your life. That's why they try to commoditize hardware and place all the value in your personal information.
Facebook doesn't commoditise hardware - but otherwise you're right. However, for hundreds of millions of people buying their first smartphones iProducts isn't even a viable option, while a sub $100 Android phone is. And those devices will be their gateway to the internet. So maybe something good will come out of it too
And I guess you can opt out of the Google tracking ecosystem even on "Android" hardware
I recently migrated to Fastmail, and I was pleasantly surprised by how easy it was. Fastmail automatically imports your emails from Gmail, and it took me so little time that I kicked myself for not doing it before.
> Calendar: iCloud
For those of us who don't use both OS X and iOS, this isn't feasible. Fortunately, though, Fastmail also provides a calendar service. It synchronizes with Google Calendar in case you still need to use Google (e.g. for work), and it was also a seamless switch.
As for a client, I was very surprised by this, but I've actually found that the latest version of Mozilla Lightning[0] is the best calendar interface. Fastmail's is okay, but still in beta (it's less than a year old). Setting up Lightning to sync with Fastmail's calendar took just a minute, and I actually like the interface more than I liked Google Calendar's[1].
Thunderbird is an okay mail client (not a terrible interface, but not a great one), but even if you don't use Thunderbird for mail, I would recommend trying out Lightning for calendaring.
[1] It's okay for viewing events in the week view, but there are a lot of UI quirks and bugs that catch up with you after daily use - this one is the most pernicious, but there are a number that are simply annoying as well: http://arstechnica.com/security/2014/01/how-google-calendar-... [2]
[2] Since I know people will ask - I consider this a UI issue because it's fairly easy to imagine a minor UI improvement that would indicate this unexpected result of Quick Add (and others) before clicking "Add" without sacrificing this functionality in case it is desired.
It has CalDAV, CardDAV, and files support. There's even a rudimentary (though scary) online editor with support for openoffice. I use two-factor with owncloud, and happily share files, too. And... it supports an encrypted backend!.
Now, if you're happy to host your own mail, you can also look at adding RoundCube.
This can solve the Calendar/Contacts/Email/Filesharing main case. Works across Windws/Mac/Linux, even mobile... which in my case is Android. It's not amazing, but it's pretty fantastic.
Just clone it, install the dependencies via composer and you’re good to go. It’s just an IMAP client at the moment, but multi-account and when the IMAP server is on the same origin as ownCloud it’s quite fast. Feedback very welcome!
Another happy owncloud user here, though the funny thing is what I want it for is specifically NOT syncing - in fact, I don't like that it even tries to sync folders. I mostly want a media player/NAS/photo gallery/mail server (though I might just install a mail server separate from owncloud; I'd still want a webmail interface though).
owncloud has two-factor support via Google Authenticator, I'm happy enough there. I use Authy to sync the tokens between my devices.
Full caveat though: I never have a single device with both my tokens, and synced password database - just in case memory dumps of phones/tablets become valid. So, I dump my password database to my tablet, whereas I sync my authy tokens between two phones.
ownCloud contributor here: Just wanted to say major thanks for such a great project! Keep it up and let us know if you need anything from ownCloud – we’re in #owncloud-dev on IRC :)
Personally, I have a VPS where I keep my own mail server, webmail, ownCloud instance (calendar, address book, file storage, etc), IRC bouncer... All courtesy of Sovereign (https://github.com/al3x/sovereign)
Very interesting resource, thanks for posting ; even if not for the playbook itself, the collection of tools is interesting.
Having your own server is definetely a good solution, it just needs experience and comes at a certain price, even if it stays reasonnable. But most people just don't want to be bothered with maintaining the box (hosting payment, security updates, domain name renewal, SSL ceritificate renewal and so on).
However, it is a fantastic way of learning by yourself!
Well, if you use the supported Debian 7 pointing Ansible to your box is all that's needed.
Since I decided to go with Ubuntu 14.04 (unofficially supported), it took a little longer and I had to submit a couple of patches to make it work there. The "hardest" part was figuring out how to set-up the DKIM and SPF records in my registrar's DNS control panel (namecheap).
Other than that, I don't really have to babysit the thing: I get a weekly logrotate report by email and rarely, if ever, SSH into the box to check that everything works. From time to time I re-run the Ansible script to ensure everything is in proper order but, still, I almost never have to spend more than 10 minutes a fortnight.
Another Fastmail endorsement--they really are fantastic. I confess to still using Gmail for some things but it's mostly just because I've been too lazy to switch over all of my accounts. Fastmail is truly a better service.
As for calendar, I've heard good things about https://fruux.com/ although I haven't tried that myself yet. (And apparently Fastmail does calendar too--again, haven't tried.)
Another vote for FastMail calendar. Give it a shot.
I find that it integrates really well with Gmail. I've had experience before where invites from different email providers don't play well, but FastMail sending invite to Gmail works just fine.
I'm using Fruux for calendars, contacts and reminders. Very happy with it. Zero downtime since I started using it (at least one year ago, probably more).
Edit: Fruux implements CalDAV, but there are disappointingly few apps that support it. I'm stuck with Apple's Reminders. The only decent CalDAV client, 2Do, does not implement CalDAV/WebDAV correctly (they don't support "207 Multistatus"), and will not work with Fruux. When I contacted them, they expressed no interest in fixing the problem.
Coming from Google Apps and currently using Fastmail: It's not as good as Gmail. I still get spams in my Inbox but they are not really a deal breaker. I've been using Fastmail for over 3 months and I'm rather happy about it (just paid for a yearly subscription). I'd suggest you to try it out with a 3 month subscription. You can always switch back; it's just a couple MX records after all.
Oh btw, fastmail also has CalDav (Calendar only; no Tasks) and It's been working well for me too.
I have trained it with tens of thousands of emails, but it keeps letting obvious stuff through. On the other hand, I have had zero problems with false positives, which used to be a huge problem back when I was using Gmail.
I moved my calendar from iCloud to Fastmail and have been plenty happy with it. I'm finding it to be a bit snappier in updating as well, but nothing to really back that up than my own anecdotal experience.
> "Practically, switching away from as many Google services as possible will help alleviate the most obvious issues like most of your personal data being in the hands of one company and the related issue of ads following you around the Internet."
Ads that follow you has absolutely nothing to do with Google services. These are retargeting companies using their cookies to track you. They use ad exchanges, so even that is not principally Google.
I, too, am very unhappy with Google. They're obviously intentionally trying to get people to get used to giving up privacy. From the moronic system Android has, to the tricky dialogs Chrome puts up, they don't like the anti-tracking sentiment.
But... DuckDuckGo just doesn't compete on search results. I changed to it as my default search engine, but I ended up going to Google most of the time.
And switching away from Android... I tried to move to Windows 8 / Phone, but the ecosystem is a joke. Desktop apps don't work well on their small tablet form factor, and the Metro apps are laughably terrible. Microsoft can't even prevent total scams, like $9 fake Netflix and HBO. And they ignore reports about them.
Apple spies on you as much as google, without a doubt. They're just not as open about it. After all, why wouldn't they do it when it helps them build "better" products that make them more money.
Until recently, I also was very concerned with privacy, partly not wanting my personal data available easily to many large corporations, and also wanting to keep resources for client work very secure.
What changed is that I have retired (except for some mentoring and writing). Now, I would like the tech side of my life to be as simple as possible in order to free up my time for other activities. So for right now I am massively using Google services but I am considering, depending on how much I like the iPhone 6, just living in Apple's little walled garden. I trust both Apple and Google to generally do the right things.
I still advise friends and family to run Adblock software, and to be generally prudent privacy and security wise. But for me personally privacy issues are not as important as they once were.
> On top of the browser I use these add-ons to reduce tracking further; also, note that private browsing mode and the do not track setting will not stop you from being tracked.
Google's/Facebook's/Twitter's JS scripts are literally on every site. Fingerprinting allows them to increase their ROI since it builds more precise profiles on you. The advertising industry is happy and the government is happy. So forget about them not fingerprinting you.
It's sad that the only alternatives he can come up with for one set of cloud based services by one set of providers is another set of cloud based services by another set of providers.
This Page Cannot Be Displayed
Based on your corporate access policies, this web site ( http://www.gabrielweinberg.com/blog/2014/09/what-i-use-instead-of-google-services.html ) has been blocked because it has been determined by Web Reputation Filters to be a security threat to your computer or the corporate network. This web site has been associated with malware/spyware.
Threat Type: othermalware
Threat Reason: IP address is either verified as a bot or has misconfigured DNS.
If you have questions, please contact your corporate network administrator and provide the codes shown below.
Notification codes: (1, MALWARE, othermalware, IP address is either verified as a bot or has misconfigured DNS., BLOCK-MALWARE, 0x037419bb, 1409690418.913, AAAEOQAAAAAAAAAAJf8ACP8AAAD/AAAAAAAAAAAAAAE=, http://www.gabrielweinberg.com/blog/2014/09/what-i-use-instead-of-google-services.html)
The site appears within the CBL too, which gives some details: IP Address 96.227.124.38 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.
It was last detected at 2014-09-03 06:00 GMT (+/- 30 minutes), approximately 4 hours ago.
This IP address is infected with, or is NATting for a machine infected with "Gameover Zeus" or "GOZ" - previously it has been referred to as "ZeusV3" or "p2pzeus". GOZ is a version of the ZeuS malware that uses peer-to-peer (P2P) command and control mechanisms.
Is there a good, paid, gmail alternative with the same conversations, labels, keyboard controls, and decent search? Ideally with both webmail, calendar, and an app? Also, ideally not associated with microsoft, yahoo, or even the valley? I keep seeing fastmail but it looks like just another email provider.
I keep pondering creating a service like this for say $40/year, but I'd rather to it than build it. I'm currently a tuffmail subscriber but I really want gmail with a clone of their android app, just in exchange for money and a strong privacy policy.
In the face of nefarious agencies and companies that track, I don't think there's a 'best' option to switch to, per se, only a harder (to be tracked) option. Tracking, in my belief, still goes on, in one way or another.
So what are we left with? Trying as hard as possible to use online services for work (assuming that's your bread and butter) and to be in the real world for leisure, etc. Not always possible, and less possible as the years go on, but a lot better than thinking one (popular) online service will be a safe haven from another.
For those of you in this thread that are dismayed that some of us don't enjoy being tracked, I highly recommend a short, entertaining documentary that's currently available on Netflix, iTunes, etc. called:
Is there a good non-google alternative to Docs / Drive. I read the article hoping to find one, but didn't see any mention of one. Having a non-google version of a service which allows collaboration and modification of documents through a web browser, without additional software installed would be nice and I feel it must exist, but don't know where to look.
The problem that many people (me included) have with being tracked is usually that they don't know what's being tracked and/or how it is being used and stored. DuckDuckGo thinks that the solution is to stop tracking altogether, when really I'd be happy with just a search engine that was more transparent with what they were storing and using.
While it's not trivial it's not that hard to spin up a mail server on a VPS (which can run smtp, imap and/or webmail). For that matter you can run it off a static internet connection or even a dynamic IP from your home or office PC. (Running linux or Mac OSX never done it with windows although I'm sure you can).
"You can then get shotgunned by spam filters, too"
Have you had that problem and weren't able to get by it? I've had IP changes over the years and while it's taken a small bit of work to get the new IP accepted (in some places most places don't seem to care) I'd say it's hardly a show stopper. Of course all the email deliverability people selling products and services in that market want to make you believe you'd be a fool to roll your own.
Of course if you get a VPS with some IP address that someone used to spam sure you have a problem. The idea is to do your homework and not have any of the obvious problems. (You can run the IP by the blackholes to see most issues.)
Also (not a comment directed at you by the way) I love the way a forum such as HN where people spend all sorts of time doing things just for fun seems to have a problem with the "work" involved in doing something that actually has value or might take a bit of work in order to solve a problem that they have.
The downvotes seem to indicate a reaction such as "wow what a stupid idea why would you run your own mail server hey you can just use fastmail that's what we all use".
There's a difference between running a mail server for incoming mail, and one for outgoing mail. I use my local Comcast SMTP servers for outgoing on the (so far 100% correct) theory that nobody can afford to blanket blacklist those. Incoming you don't have to worry about getting blacklisted.
You have to worry about spam, but, well... that's sort of a constant nowadays. My current solution is to use Thunderbird to filter everything on my primary machine and it's Good Enough. If you want webmail YMMV, though.
Honestly, if you're just one or two mailboxes, it's not that big a deal to maintain. And I've been Joe-jobbed, so it's not like I haven't been exposed to some fury. Still not that big a deal.
Do you have anything in particular you'd like to offer to back that up? Have you ever done this? (I do and have done since the mid 90's on various equipment and I'm no Eric Raymond exactly either). We're not talking about running the mail server on a commercial ISP or a company with 20,000 employees. Just running a mail server to take care of your own mail.
Personally, a bunch of your suggestions are based on Apple = severly censored, anti-competitive,... i REALLY don't like that.
If walking away from Google means switching to Apple, then it's a no-go for me. I'll rather have Microsoft ( fyi. i'm mainly a c# developer, but also python, RoR and nodejs )
Because Apple's free services are a value add to increase their device sales off which they make a ton of money, while Google's free services are typically monetized with targeted advertising based on a profile built off your private data, so they tend to collect and retain a lot of it.
Instead of accounts and a potentially long brute-force process as provided by Dropbox, BTsync relies on a public and "secret" key having been generated. This seems fine and dandy until you realize that the concept of brute force is an applicable means of getting access to anyone's BTsync if they are using the standard tracker.
Given enough storage space and bandwidth, someone could just create any number of shared folders assigning them all a different set of keys (this doesn't need to be done one-at-a-time) and wait for data to fall into them.
Doesn't this completely sidestep the concept of the data being supposedly secure in BTsync?
As long as the secret has enough bits, then the risk of collision is so negligible that it's basically zero in our finite world.
I think the concept of just how large some numbers are really sunk in for me when I read this article [1] from Bruce Schneier. One thing I learned was that it would require more energy than the total energy output of the sun just to power a computer to count to 2^256. Ultimately, this quote from that article sums up his point well:
> These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.
As he said, degrees matter. By which I guess he means differences of degree.
The two companies involved (Google, Apple) have a fundamental difference in their business model. One involves you and your private data as the product; the other does not.
If what you care about is privacy, I really don't think iOS is appreciably better than Android. (Not marginally or theoretically - I mean practically).
If you're looking to be as private as possible[0], you should either use a custom ROM of Android with Privacy Guard and with Google services disabled (or use something like Replicant or FirefoxOS, if you're comfortable straying from the two dominant mobile OSes).
[0] As private as possible while still carrying around a tracking device 24/7, mind you (cell phones constantly report your location to your carriers, who are not at all modest with this data)
Yes. Google+, by default, likes to grab all pictures taken with the device camera (and most stupidly will then say they're ready to be shared - because every photo is for sharing . . . )
The worst is Google Play Services though. It's basically a way for Google to get your location data, and to generate massive global maps of WiFi networks, rather like what got them in trouble with the streetmap cars. Anyone doubting how important this is to them needs to check their reaction when Motorola wanted to use Skyhook on a device instead:
http://www.theverge.com/2011/05/12/google-android-skyhook-la...
You mean the box is ticked in a terms and conditions screen when you first turn the device on and that counts as opting in. It's on by default. Most people don't realise what it's doing until either the uploader drinks all their battery (which mercifully they seem to have fixed) or they have loads of photos pop up when they sign in to Gmail on a desktop.
The sign in process for Android devices has become ever more convoluted and incomprehensible. People, understandably, complain about the Facebook app, but Google are actually far worse.
I'm sure people will leap out to argue with me when I say yes, but: yes.
I don't say this out of a belief that Apple is pure and Google is evil, and certainly not out of a belief that Apple shows a deep understanding of security (boy, howdy, do they not show a deep understanding of security). I say it out of my understanding of their business models. Basically, Apple makes money from you because you give them money. Google makes money from you by analyzing the data you send through their services.
"If you're not the customer, you're the product" is too glib by half -- both Google and Apple want to make good products that you want to use, and it's certainly in Google's interest to keep their users (i.e., you) happy. They're arguably much better at online services than Apple is. But Google has a vested interest in "reading" your mail, tracking your searches, and so on. Apple not only lacks that interest, it's arguably a competitive advantage for them to not keep any more information about you than they absolutely have to. They've spelled out in the recent past just what they keep, and it's largely "what they absolutely have to." Apple's corporate culture genuinely seems to be supportive of privacy, albeit tempered with profit-driven pragmatism.
This is not an argument that Apple is full of good and wonderful people (I believe the ad copy should be "magical and revolutionary") and that Google is full of terrible people who hate their users. Not at all. And Apple has had a few high-profile privacy biffs where they were collecting information they shouldn't have been, which leads some people to be highly suspicious of them. I get that -- but we're often handing even more data over to Google routinely because that's what they require. That's their corporate culture: their mission is to organize the world's data, and fulfilling that mission requires them to have access to the world's data. All of it.
And, last but not least, none of this is particularly relevant to government snooping except to the degree that the less information is stored on a server that isn't under your control the less information there is to be compromised. (At least compromised via that particular vector.) If you're deeply worried about that you shouldn't be using either Apple or Google.
google is not a "search engine" anymore.. so why would I keep using it for?
all services that I keep using, are those that kept me from going somewhere else (gmail replacement?), or those that I'm forced to use (not-removable android apps?)
so seems to me, I'm stuck with google -- at least for now
That's all fine and dandy - however most of the time when I'm working as a consultant, I'm created an email account on the company's domain. Typically hosted on, you guessed it, Google Apps.
For some people leaving Google is literally not an option, and that's a shame.
Not sure how to reconcile that with the seemingly mandatory PRISM invocations, the post was almost stomachable up until the Apple cameo especially with the recent privacy headlines. At Least recommend something that isn't a huge downgrade in functionality, an OSM client or something.
I'm sure that Apple adding DDG to Safari is the reason for this thinly veiled reciprocity.
Privacy or not these are people selling their wares and they are willing to be sleazy about it, this is not unlike the bullshit post about the fake cell antennas and the magical ROM that detected them that is making the rounds, it's disheartening.
I find it most interesting that he doesn't use some map provider using OpenStreetMap data because that's what embedded in the DuckDuckGo search results: https://duckduckgo.com/?q=amsterdam
If you use Google maps on iOS, the location information can be used to track what stores you visit for ad tracking purposes. Does Apple Maps do anything like this? Apple makes most of its money from product sales rather than advertising.
>But Google can also constantly track the location of iPhone users by way of Google apps for iOS, Apple’s mobile operating system. IOS is just behind Android in U.S. market share with 38.3 percent of users, per eMarketer. Nearly 17 percent of the American populace uses an iOS smartphone.
>When an iPhone user stops using an app, it continues running “in the background.” The user might not realize it, but the app continues working, much in the same way tabs function on a Web browser.
>Google’s namesake iOS app — commonly referred to as Google mobile search — continues collecting a user’s location information when it runs in the background. This information is then used to determine if that user visited a store and whether that store visit can be attributed to a search conducted in the app. Store visits can also be tracked via Google’s other iOS apps that use location services. If iOS users open their Chrome, Gmail or Google Maps app in a store, their location can be deemed a store visit
How they use the data is independent from whether they collect it. Both products log that data. Is the usage of that data to display more relevant ads really such a terrible thing that you would use an inferior product?
I updated the post to clarify I use OSM via DuckDuckGo for places. On mobile, I use iOS over Android and for turn-by-turn directions I've found Apple maps to be the best alternative to Google maps. That's the long and the short of it. No conspiracy.
> I'm sure that Apple adding DDG to Safari is the reason for this thinly veiled reciprocity.
It seems unlikely that anyone other than Gabe could be sure of his intentions. At any rate, I assume he also uses Apple Maps for directions... if you know of any good non-Google/Apple competitors for that I would be very interested to hear about them.
Interesting he uses Google Analytics as a "Google is tracking you" story when the real trackers are the companies that put Analytics on their web site. And all that tracking is now from a company they only bought relatively recently (Double Click) that had been tracking you long before Google bought them. But Google isn't the only company that does this and it's been done in far more places than just the web and not by Google and for decades.
Tracking you by marketing companies has been happening since I was growing up in the 60s. The only difference between then and now is it's also happening on the new internet thing. Everything else tracks you, too.
It pains me to hear intelligent people talk about being "tracked" as something "bad" a priori. While there are certainly plenty of examples of abuse of knowledge, I tend to think of most "tracking" not as "stalking" but as "relationship building." Let me explain...
Google is a service provider that I frequent, just like my coffee roaster or my stock broker or whatever. Over time, service providers develop a relationship with their customers based on knowledge of that customer. This knowledge helps inform how they provide and improve their service. My coffee roaster knows what kinds of coffee I like and makes appropriate recommendations when new beans arrive. My stock broker knows what kinds of risks I like to take and gives appropriate investment direction.
Ok, so I don't really have a stock broker but... My point is: I appreciate that google is aware enough to know that when I search for "hash salt" I'm not talking about potatoes. DDG shows me recipes and first.
The problem (as with most things that are hot-button issues) is that the most talked about thing - "tracking" - is a red herring. The REAL issue is accountability. True information lockdown rarely benefits anyone, but openness without accountability is useless and downright dangerous.
Suggesting people flee one provider's services and head to other providers who are not concretely more accountable (just because they "say so" doesn't make it true) is simply being petty. We should instead be spending out breath advocating for greater accountability in the system as a whole.