Google and Facebook are watching our every move online
cnbc.comI feel like I'm in the minority, but I'm mostly ok with Google. I feel like they are good stewards of my data (encrypting even internal traffic, severe restrictions on who can get access to my data, doing useful things with that data). I believe Facebook has similar policies in place.
I think their biggest sins are just being big. It makes them a larger target (which probably necessitates them taking extreme protections, otherwise they WOULD be taken down). Others that are much more concerning don't get attacked simply because they are smaller. For example Lyft and Uber who have both been found to have all sorts of personally identifiable information available to random employees. Or various ISPs tracking of data flowing through it.
To me, the cost of being google's product, is outweighed by what they provide me with. Search, news, music, assistant functions, "remember this day", "here is your family growing up", e-mail, automation of e-mails into actionable widgets... These things all are powered by Google knowing kind of a lot about me.
I don't know of any alternative to Google for these services, that respects privacy.
You should be worried for these reasons:
1) Google (and other SV giants) share data with the NSA.
https://www.salon.com/2014/11/16/googles_secret_nsa_alliance...
2) The NSA in turn shares information with law-enforcement agencies. ICREACH contains information on the private communications millions of American citizens who have not been accused of any wrongdoing.
https://gizmodo.com/the-nsa-made-its-own-google-to-help-shar...
3) The DEA (and possibly other agencies) uses this information to target Americans, and then lies about the origins of the information in a process called "parallel construction."
https://www.reuters.com/article/us-dea-sod/exclusive-u-s-dir...
It's not difficult to see the potential for abuse in a shadowy process that surveils the private communications of Americans, applies unknown selectors and data mining algorithms, and then reports the results to law enforcement.
And then there's this...
https://wikileaks.org/google-is-not-what-it-seems/
Speaking of spooky stuff and google, this article still takes the cake.
EDIT: for completeness sake, there has been a follow up:
I just spent the last few minutes skimming through that article but, if there was a bombshell (or even 'spooky') allegation in there, I didn't find it. Maybe this is more a comment on the quality of the writing than the merits, but if anyone out there could explain what is actually being claimed here, that would be really helpful.
Spooky being google intertwining with the institutions that are supposed to defend your rights, and defend them from google, if necessary. But how is any govt able to do that if google is such a huge factor in making their interests heard.
> I feel like they are good stewards of my data (encrypting even internal traffic...)
I hate it when people use this as an argument against "Google invading privacy", it's an argument that doesn't make any sense at all; Encrypting your data in transit prevents outsiders from reading your data, obviously it doesn't prevent Google itself from accessing your data.
This article is about how Google (and FB, etc.) invades everyone's privacy (even non-customers).
> To me, the cost of being google's product, is outweighed by what they provide me with
This can also be achieved without invading your privacy. Google should at least let people CHOOSE whether they want to use their products at the cost of privacy. Currently you cannot choose, your data is simply collected, even when browsing websites totally unrelated to Google, where people are absolutely unaware of Google tracking them.
PS. This guy is awesome, he has had success fighting against Facebook, for privacy (in Europe):
> Google should at least let people CHOOSE whether they want to use their products at the cost of privacy.
Why should they let us do that? No other company is doing that. It's a tacit agreement between providers of free-to-use services and the people who choose to use them: the more personal data you give, the more you receive. If a company has a very good offering or is currently trending, they can even demand your phone number, credit card number (of course you can cancel the service anytime, but they will have a strong verification of your real name then) or even your passport/driver's license. We all came to accept that as a given, nobody questions these practices any longer. It's as if people collectively just stopped giving a damn about their privacy.
I have worked for companies that use g-suite. This is a paid product targeted towards businesses that tracks end users.
My concern about Google is not so much now, but maybe 20 years from now when they're desperate for revenue. Something akin to Yahoo's position in the last few years, except Yahoo didn't know almost everything about half the planet.
Yes, this is the sticking point that frustrates me so much. Fine, trust Google now, I think you're giving alot up, but whatever. But, you cannot predict tomorrow or the day after that.
The need for exponential growth will force all big players into making more money and doing shadier things more and more. I am especially concerned about Google and Facebook since they haven't figured any way for making for making money other than selling ads. Apple and MS at least have products they sell.
I think we really should start making it difficult for companies to grow beyond a certain size. I think they are a big net minus for the whole economy.
I think this is an excellent idea. Once a company grows beyond a certain market share/ market cap it gets split down the middle. Thus kind of happened in an ad-hoc way before, e.g. Bell. The only trouble is these mega companies have lots of clout and a strong self preservation instinct.
I would prefer if there was a way to do this with taxation or similar. So from a certain size on it would be more expensive to do business. I think this would be more gradual than a hard split.
Companies that grow beyond a certain size become laden with inertia and overhead. Smaller companies can come along and disrupt them. Facebook did this to MySpace. Someone will do it to Facebook, eventually.
It's looking more and more unlikely every day. The Facebooks and Googles have such massive reach that they'll just buy whatever competitor threatens them. They and others have been doing it for years.
Eventually someone will disrupt them. But there will be a long time span before that where they can compensate for their lack of innovation by buying out possible competition with a lot of money.
There's also the possibility that they just don't get disrupted. The entire computer industry is less than 100 years old. Who knows if the next 100 years will be anything like the last 70.
Of course, there might be a long history of larger companies getting disrupted by smaller companies outside of the tech industry, which would be much more compelling evidence than MySpace losing to Facebook, IBM losing the PC market to Microsoft, Microsoft losing mobile phones to Apple/Google, etc.
I am not willing to make a bet as to whether or not we will still be talking about Microsoft, Apple, Amazon, Google, or Facebook 25, 50, or 100 years from now.
I wonder how things would have worked with Microsoft if they hadn't got into trouble with governments in the US and Europe in 2000. There may be no Apple today and the internet may be their network.
Even if they eventually fail or are disrupted, their massive and ever expanding troves of data aren't going to go away. Somebody else is going to take possession of the valuable data. If nothing else, then govt will acquire them for intel.
Ultimately the problem is that their incentives aren't really aligned with yours. They're only incentivized to do the absolute minimum it takes to keep you around. As they control more and more of your world, they've increased your cost to leave and they can do even less to benefit you explcitly.
I like google's services. What I want is the ability to pay for them and not be a part of the product they sell in ads. Basically a freemium model.
I don't know how much money in ad revenue I earn google, but I'd probably happily pay it for a more transparent, less sketchy, and more commonly-aligned product. (This would also give me recourse for all the times the google services I rely on go down....)
> I like google's services. What I want is the ability to pay for them and not be a part of the product they sell in ads. Basically a freemium model.
You do have the ability to pay for some of them (G Suite aka Google Apps for Business), but even then you might not get what you want, since 99% of their users like you are still products. I'm reminded of this quote from Josh Marshall:
> One thing I’ve observed with Google over the years is that it is institutionally so used to its ‘customers’ actually being its products that when it gets into businesses where it actually has customers it really has little sense of how to deal with them. (https://talkingpointsmemo.com/edblog/a-serf-on-googles-farm)
I'm pretty sure this doesn't let you opt-out of ad targeting for search nor does it prevent them from using your maps and other data in their b2b offerings.
Exactly my point, actually.
2016 had $90B revenues and 1.5B 30d active users (for YouTube) so $60 per year would be a good guess.
(Disclaimer: I'm a Googler but I just got these numbers from public statements. No way I'm well paid enough to be able to see more detailed numbers. :-D )
Personally I'd happily pay $5/mo for all of my google services if it meant I was entirely removed from the whole advertising/"customer-is-a-product" offering and I could have confidence that I wasn't being sold as a product in other regards.
gSuite is exactly that: $5/month/user for the basic package, and does exactly what the grandparent wants.
sure, it's nice to be outside of adverts... but using gSuite always feels like pretending I'm not being farmed out to the gov't
"Ultimately the problem is that their incentives aren't really aligned with yours. They're only incentivized to do the absolute minimum it takes to keep you around. As they control more and more of your world, they've increased your cost to leave and they can do even less to benefit you explcitly."
Are you criticizing Google or companies in general? Because your criticism applies to any company in the world.
> I like google's services. What I want is the ability to pay for them and not be a part of the product they sell in ads. Basically a freemium model.
Get a corporate gSuite account, they have been around for quite a while.
I prefer companies whose products and services I pay for directly. They're incentivized to keep me happy and paying. The more they invest in me, the more attractive they become to me and the more I may be willing to pay. Google and FB invest more and more in their ad business and can let the consumer products slide for a very long time in a way that would never fly if they charged real money and didn't have ad revenue to fill in the gap. (Case in point is google calendar - it just got a revamp but it was what like 10 years of garbage before that?)
I don't think corp gsuite lets you opt out of ad targeting and general tracking (I could be wrong).
> I prefer companies whose products and services I pay for directly.
Then pay for it, stop using free services.
> I don't think corp gsuite lets you opt out of ad targeting and general tracking (I could be wrong).
AFAIK it doesn't use any info from the services you pay for to target you.
But remember, ads on websites aren't a form of paying for Google's services, but for the website content.
Do you read Ars Technica? Instead of seeing the ads you just subscribe to them. Read news online freely? Stop and pay for a few newspapers and only read them.
People knowingly choose free services that come with the tradeoff of ad targeting. That's how those services are paid. Using those services is your choice.
You can opt out of Google ad targeting and general tracking for free
I'm not sure if you really can. Yes, I know you can opt out of the more open parts of it, like the web history they show you, but I'm skeptical that they aren't still doing stuff behind the scenes.
It doesn't apply to all companies.
Apple, for example, has very strong incentives to maintain your privacy, to the point that they have made it a selling point for their devices and are also suffering in the realms of machine learning because they are not leveraging your data the way Google or FB would.
> has very strong incentives to maintain your privacy
> their incentives aren't really aligned with yours
No, they have a very strong incentive to appear to maintain your privacy. And that's only temporary.
Don't fall for any company saying that they're doing something in the user's interests. They aren't. Companies exist to make profits, if for a brief period of time that means helping users in some way, it's only a coincidence, and you're being fooled by it.
Take a look at China, Apple didn't even blink before deciding to hand over all data to the Chinese government.
I trust companies, because I know exactly what matters for them: profits. I trust them to follow profits and act on their best interest.
Yahoo / Bing, Microsoft and others are just as bad. Don't get me wrong, Google and FB need to change their ways, but they aren't alone.
For example, Yahoo was caught helping the US government spy on consumers, whether they were suspect or not: http://www.latimes.com/business/technology/la-fi-tn-yahoo-em...
What's more, Yahoo is now owned by Verizon, a company known for anti-consumer practices.
We should all make some easy changes:
- Use DuckDuckGo to get Yahoo /Bing search results in privacy
- Use StartPage.com to get Google search results in privacy
- Use a privacy-friendly email service
- Either quit FB or use it only as a billboard
- Get a Linux distro and avoid Windows OS when possible
- Try LibreOffice. It rivals Office!
etc.
I agree with you.
- Use uBlock Origin when browsing the interwebs
- Use GoAccess instead of Google Analytics
- Use the incognito/private tab
> I feel like I'm in the minority, but I'm mostly ok with Google. I feel like they are good stewards of my data (encrypting even internal traffic, severe restrictions on who can get access to my data, doing useful things with that data).
Even if they aren't doing anything reprehensible now, can you guarantee that they won't in future?
> I feel like they are good stewards of my data (encrypting even internal traffic, severe restrictions on who can get access to my data, doing useful things with that data)
The more info someone has on you (your preferences, habits, how price sensitive you are to certain products, ...), the more disadvantaged you are negotiating with them.
Facebook's "X years ago today, you posted this ..." has been amazing. I don't usually re-share it but it really brightens my morning or day to see photos of my kids when they were 4-5 years younger, and marvel at how much they've grown.
I mean, I'd still think about that even without FB showing me things, but I would not have managed to build a "here's a flashback!" photo-reminder system. In an age when we take SO MANY PHOTOS (and don't even bother curating them because we don't have time for it), it's nice to have that too.
Facebook's "X years ago today, you posted this ..." has been amazing
I can see your point but it isn't relevant to the article, and also, it is a matter of perspective. I managed to permanently disable it, after it kept popping up photos of my then-recently deceased spouse. Not something I was ready to deal with, and after switching it off, FB helpfully turned it back on for me. I eventually managed to disable it permanently, but if there is one thing I hate it is for some software to treat my instructions as suggestions.
> I mean, I'd still think about that even without FB showing me things, but I would not have managed to build a "here's a flashback!" photo-reminder system.
You wouldn't have had to if you used macOS with the Photos app. Every once in a while it notifies me about a flashback, and if I click on the notification it takes me to a flashback slideshow in the Photos app.
I don't use iCloud for my photos, so I suspect this is implemented locally without having to give my data to Apple.
Maybe similar systems exist with other environments (linux, Windows, etc).
Is there a way to disable that feature out of interest?
That's great for you. But do you not agree that every user should be properly educated on what Google does with her data without having to read through pages of legalese, and then she should also be able to give her consent for that tracking and data collection?
I'm not sure that suing Google and Facebook is the right way to educate people about data collection on the Internet.
I don't want all my eggs in one basket. I don't mind using search and email, but I disable all the analytics and tracking. Basically, if I'm on a Google site, that's fine; if I'm elsewhere on the web, it's not. Similarly for Firefox on Android, to the extent I'm able.
I block everything to do with Facebook every which way on my primary browser.
Google and Facebook have no choice but to reveal your data to governments that ask for it. While the companies themselves might protect your data, simply giving that data to a third party renders it readable by the government. Any protections provided by the constitution (4th amendment) at that point are null and void. So by definition, Google and Facebook cannot be good stewards of your data while complying with American law. Neither can any other third party. Period.
> I think their biggest sins are just being big.
yes, in fact they have become almost absolute monopolists (together with FB and a couple of others).
this is really bad.. if google decides not to show you something _it effectively does not exist_
i _really_ hope they still have the mantra of not being evil, but the temptation is trillions of dollars big :)
if they abuse your information, e.g. use it as fore knowledge, and act on it quicker than you can, they can do that in subtle ways without you even realising it.
so many ways to benefit from all this data.. who can monitor / control this?
I am the same. Use Google services and have several Google homes and use Google DNS Google WiFi, Nest, Gmail, Photos, Pixel, etc.
I prefer my data be at one place as much as possible instead scattered.
Easisest place to do that is with Google as they have the most comprehensive services.
Didn't they only encrypt internal traffic after the Snowdon revelation?
Specifically, they had point-to-point fiber links between their datacenters that theoretically couldn't be intercepted, so they didn't believe they needed to encrypt data transiting between datacenters.
The NSA proved them wrong on that belief, and they started implementing encryption on those connections.
They started encrypting before the leaks happened.
I don't remember things happening this way. I remember PRISM announced, then the conversation about all of the internal HTTPS
Evidently somebody disagrees with me about how that all went down, but doesn't have the time to correct me.
severe restrictions on who can get access to my data
Are you sure about this, or are you limiting "who" to people you already know and/or regularly interact with?
I read the opening paragraph and thought 'wow, this guy has clearly just taken the release statement from Duckduckgo's privacy app announcement (or possibly their much-upvoted AMA) and just copied and pasted some statistics.'
Then I saw the author.
Well spotted, very funny.
Speaking of which, I recently moved to DDG and couldn't be happier.
Frankly the only thing I don't like about DDG is the name.
yes, DDG has been nothing bu bliss lately. I did 99% of my master thesis research on there. And the other 1% I went to google for usually didn't turn up anything useful either.
> And the other 1% I went to google
Next time, don't go to Google, but go to Startpage. They have the same results as Google but they strip all the Google crap for more privacy.
You can search Startpage.com from within duckduckgo by "searching" in Duckduckgo for:
:-)!sp hackernews
Google and Facebook also use your data as input for increasingly sophisticated AI algorithms that put you in a filter bubble — an alternate digital universe that controls what you see in their products, based on what their algorithms think you are most likely to click on. These echo chambers distort people's reality, creating a myriad of unintended consequences such as increasing societal polarization.
How is this any different from the pre- or sans-Google and Facebook world? People have always lived in bubbles, always been funneled down a particular path by their experiential influences. Without Google or Facebook, if you were a white supremacist, it’s probably because you were influenced by white supremacists and you would continue to surround yourself with them. If you were someone who really strived to expose yourself to different ideas and things outside your bubble, you can arguably do that easier than ever now.
This isn’t really to “exonerate” FB and Big G, but I think it’s worth asking what impact they’ve really had on this basic facet of life.
>> Google and Facebook also use your data as input for increasingly sophisticated AI algorithms that put you in a filter bubble
> How is this any different from the pre- or sans-Google and Facebook world?
Easy: the bubbles are tighter and harder to pierce. In the old days, you'd have to get your information from the same news sources as everyone else, only customized at a fairly coarse level (e.g. a city). That regularly pierced your bubble and gave the community a common reference point. Now, many, many more people get all their information from individually-customized feeds that are precisely matched to their biases and their bubble. There's so many fewer common reference points which makes is harder for many people in the same communities to even communicate.
tl;dr: it's an emergent qualitative difference caused by scale.
> Easy: the bubbles are tighter and harder to pierce
Says who? It's absolutely the opposite in my experience, having lived in various conservative societies most of my life. Bubbles are much more self-imposed and easily breakable and modifiable now, than even say 30 years ago, let alone 100.
So are you suggesting that it isn't much, much worse now?
Much worse relative to what? An actual point in the past where people’s lives were less “bubble-y?” Or a hypothetical scenario where Facebook and Google took it upon themselves to upend the natural tendency of people to prefer identifying and associating with familiar, like-minded people and ideas?
I think it’s worth asking what impact they’ve really had on this basic facet of life
Absolutely zero, and have arguably made it worse.
Yes, I am asking what those arguments are. Keeping in mind that “worse” is a relative term, i.e. it needs to be demonstrated how it was better at some other time, which the article seems to assume a priori.
All of the things you mention can happen more efficiently. There is no evidence that a wider availability of information reduces e.g. white supremacy, and in fact there is evidence[1] that it increases stridency. The increased availability of information is at least as likely to harden bubbles than it is to pop them, and while it's a necessary precursor to opening minds, it's not sufficient to do so on its own.
A common behavior I witness, is people using ad/tracker blockers such as ublock origin and/or umatrix and yet continue to consult websites that makes use of those trackers. Worse, they link those sites to other people that might not make use of those blockers. They don't think much of it, but ain't that evil?
Most of the times they don't even notice anymore that trackers were blocked on the page they consult.
Just look at links posted here on HN, most are of hostile websites.
I'd love to see a browser extension more radical: if it detects such third party scripts or cookies it simply stop loading the page and display a message explaining why instead.
Someone sends you a link to an article on cnn.com? Answer with this message telling why you won't consult it.
Going further: the extension attempts to extract the content, strip it of anything useless (some js libs works OK for such tasks), and share this version with others using this extension.
I don't know what I would read all day if I had that extension installed. There'd be nothing left.
Classic quote, semi-relevant: "I'm pretty sure that if you took all the porn off the internet there would only be one site left and it would be called 'bring back the porn'" -Dr Cox
Why stopping going to the sites? The point of blockers is specifically to make them harmless.
So they stop doing arm to others.
Once most websites understand it is not viable to attempt to mess with their own visitors, browsers could block the remaining ones by default?
That may be, but I'm happy that my blocker stopped 25 scripts/ads/sites from loading at this articles page!
Funny, but Privacy Badger blocked 10 trackers in this article
FTA: “What you may not realize, though, is 76 percent of websites now contain hidden Google trackers, and 24 percent have hidden Facebook trackers, according to the Princeton Web Transparency & Accountability Project. The next highest is Twitter with 12 percent.”
Article postscript: “Commentary by Gabriel Weinberg, CEO and founder of DuckDuckGo, which makes online privacy tools, including an alternative search engine to Google. Follow him on Twitter @yegg .
For more insight from CNBC contributors, follow @CNBCopinion on Twitter.”
Kind of set off my irony detector!
My ghostery blocked 24
ublock didn't block anything. Then I realised that this site allows auto-playing videos so at some point in the past I seem to have disabled JavaScript on this site.
I wish it was easier to control JavaScript usage as the visitor. It's either very complex or just 'turn it all off and go somewhere else if nothing works'.
Perhaps the second option is the 'correct' response though.
If you're using Firefox and you want to keep JavaScript enabled but stop auto-playing videos, you can go into about:config and set media.autoplay.enabled to false. I'm not sure if other browsers have a similar switch, but this works in any current version of Firefox. It only affects HTML5 video containers; Flash and Silverlight video containers may still auto-play.
I do this, but also be prepared for video you expect to play to no work as expected. For instance, a video might appear to be frozen or "loading" until you click on it.
ublock origin stopped 25.
29 here. Thanks, PB.
Ghostery: 25 uBlock Origin: 62
The metaphorical Pandora's box has been opened, and the contents aren't going back in. Best we can hope for is practical legislation. The EU is ahead on this one. Its GDPR is going to throw a massive wrench in these practices.
I don't think that GDPR is going to disrupt the google/facebook dominance in advertising nor curtail their collecting data about you. In fact, I believe GDPR rewards their walled garden/integration strategy.
The most onerous and problematic parts of GDPR for adtech companies is the acquisition of consent to share the data they gather with their partners. This means that every barrier from publisher, to ad network, to advertiser needs to be consented. Google/Facebook are themselves massive players at each of those levels and therefore can skip that step.
We don't know what will happen in the future, but I suspect that Google/Facebook will leverage their systems at both the publisher and advertiser areas to put more of the ecosystem into their systems.
This may be ok, consolidating your information into a couple of big players that have an even more holistic view of you might be preferable to having little views of you all over the internet. But its worse for advertisers and publishers and I find it disconcerting.
* Disclaimer: I work on GDPR related topics, this is my opinion and not that of my employer
Honest question. I'm unsure what the danger is in letting these companies acquire data on us. We get a lot of benefit from using their products for free. Why should I care about giving my data to them as a cost of admission?
The aggregation of data is extensive and the ubiquity of the net means the data covers nearly every aspect of your life. Such information can be misused in many ways. Unfortunately, those misuses don't really become clear until the data set is already built, so there is no way to undo it. Even if Facebook or Google don't exploit the data themselves, the data could be stolen by criminals or seized by the government.
Are there personal things in your past you don't want your insurance company to know about? How about your employer? Or the IRS? Even your spouse? What if someone showed up one day and threatened to your your secrets unless you pay up?
Is that worth the price free access to your high-school friends' duckface selfies?
>Are there personal things in your past you don't want your insurance company to know about? How about your employer? Or the IRS? Even your spouse? What if someone showed up one day and threatened to your your secrets unless you pay up?
Once tabloid journalists start trying to infer embarrassing things about politicians based on metadata we'll probably have some progress.
Watch Minority Report, then replace "psychics" with "data-mining"
>Honest question. I'm unsure what the danger is in letting these companies acquire data on us. We get a lot of benefit from using their products for free. Why should I care about giving my data to them as a cost of admission?
Trivial example: Let's say sometime in the future you plan on running for political office, or you become a journalist writing a story on someone powerful or otherwise become someone who powerful people would like to discredit. Having a log of everything you've ever done online would be very useful in causing you a whole bunch of problems.
Perhaps you don't have any controversial opinions or beliefs. However, that could change. Not because you change your views, but because in the future a power could arise that wants to kill people who believe the things you do, and has no problem using force to acquire the data from Google to make their lists. Suddenly, you have a problem.
Surely the bullet at the top should read "Google and Facebook's impact on our privacy cannot be overstated", not understated!
They provide free services. What do you expect? The data they have collected is so lucrative for them that they would never offer Facebook, Gmail, Google Search on a premium basis to daily consumer. I mean I would take premium package if they guarantee that they will not parse my images, parse my emails, parse my searches, connect dots among my social peers in order to help train their AI bots. Which/whenever they will use in the future to come up with better products or improve their existing products.
Sure there are problems associated with it. One of them is when malicious players like foreign govts get hold of such data and use it to their advantage.
Not only do we need to make them stop, we need to make them purge.
Writing better articles than this is the way to stop Google/FB/advertising. Educating people on how dangerous ads are and what the solutions are (uBlock origin, turning off JS, VPNs, and hosts files etc.) is the main thing we can do other than making such things the defaults in products like Firefox (which doesn't even have such features built in yet, afaik). Once a large enough percentage of the population is using such solutions, tracking will no longer be a problem. If the argument is that most people won't want to deal with such education or the solutions it proposes, then those people simply do not deserve privacy or security. People that are too lazy/stupid to use computers probably shouldn't without the supervision of someone competent anyway. Yes, that includes the proverbial grandma--I don't let my mother use a computer I haven't prepared for her, for example.
These guys are selling data to "advertisers" that are actually trolls trying to subvert our democracy. They specifically target pain points and make things unbearable online for people. They use their data to alter the subliminal landscape. It made everyone at each other's throats.
Yes!
Disable 3rd party cookies, delete your Google & Facebook accounts, and done.
Easy peasy.
I wish that was enough. The articles that show up here on HN from time to time make me think they can cross-reference data and fingerprint you through many data sources and more advanced tracking (things that we discover from time to time like canvas, css). People that have you on their contact list, your e-mails that hit their servers even when you don't have a Gmail, DNS, CDN, cloud services, your phone unless you go full tin foil hat, data they acquire from other companies. I try to protect my privacy but I think it's all futile, they have too much power.
> it's all futile
It’s not. While Facebook will exfiltrate and cross reference your name and number from associates’ address books, this wildly different than keeping a log of everywhere you travel, the time you wake and sleep, hundreds of tagged images of your face, all the news you read, and how readily you can be influenced. Primarily to influence your mind and behavior for profit, but all available to international governments to keep and eye on you, too.
I agree that Facebook and Google are too powerful, and that there should be much better protections around consumer data. Support the EFF, talk to your representatives.
Fatalism serves no one but Facebook and Google.
The facebook tracking pixel absolutely fingerprints non-users.
How difficult would it be to defeat fingerprinting by injection of noise? I.e. your browser configuration/characteristics change every now and then by a tiny amount.
I use an extension called Canvas Defender that does this. You can have it create a new "fingerprint" every so often. It also pops up an alert when a site requests a fingerprint. I believe Facebook uses the fingerprint as part of the browser profile to help combat fraudulent logins, as I get many more "new browser" emails from them with this extension than I did prior to installing it.
unfortunately this will make you stand out more, probably
Other than adnauseum which people have already mentioned, you might like User-Agent Switcher[1]. Not sure how useful it really is, but it is fun to see the differences between how a website designed to be browser specific renders in a incorrect browser.
If not mistaken, this is the approach taken by adnauseam.io (Chrome Extension) or in a simpler form makeinternetnoise.com .
Ok, interesting. Does it work? :)
"Google says it has access to roughly 70% of U.S. credit and debit card transactions through partnerships with companies that track that data."
"Google DeepMind's first deal with the NHS [...] gave the Google-owned artificial intelligence (AI) lab access to 1.6 million NHS patient records across three North London hospitals without patient's prior knowledge."
"Google starts tracking offline shopping"
Sure. Deleting the accounts surely is enough.
Oh, none of those are exclusive or even new. Your credit rating company has far more info on you that you didn't sign up for.
And AFAIK, and from what I heard from friends working at google, everything is linked to a google gaia account, if you don't have one, you don't exist for them.
Have you deleted your Google and Fb account yet?
Your credit rating company has far more info
They’re tracking my location and correlating that, ads seen, spending patterns, web activity, who I associate with, and all the rest?
I call shenanigans.
if you don't have one, you don't exist for them
Except as a shadow profile.
> They’re tracking my location and correlating that, ads seen, spending patterns, web activity, who I associate with, and all the rest?
But you agreed to that, didn't you?
Do you remember agreeing to your credit rating agency collecting your info?
> Except as a shadow profile.
Interesting, source?
Good point. This was used as a positive spin when there was the debate over whether Facebook is listening to your conversations.
The conclusion was no, but they are gathering more data from third parties so as to make direct listening unproductive. I found that more disturbing that Facebook has real-time access to whatever they believe I am looking at on Amazon, as presumably other places.
Indeed. It will take legislative action including no-knock raids on DCs and offices to rein them in.
Someone in the NHS needs to be held responsible too.
It's interesting that you trust a government to execute a no-knock raid on a private company's datacenter (and extract only the information that is relevant without drag-netting unrelated private information) more than you trust that private company to secure your data (an exercise they have a vested economic interest in accomplishing).
At the end of the day, all of these questions always come down to trust and just trust.
I don’t mean extracting it - I mean destroying it.
I use gmail and don't wish to give it up for now. I launch gmail in a site-specific browser process so that my login is isolated. This makes it so that in my main browser, I'm not logged into my Google account and they don't see where I go. As a bonus, the "filter bubble" effect is diminished for my Google searches.
That's not a reasonable approach for non-techies, but I thought it might interest the HN audience.
I'm not logged into my Google account and they don't see where I go.
If they see activity from one IP to say search, then activity from the same IP to visit the top result of that search, they don’t need a cookie to track you.
Anyone who shares an IP has seen ads actually targeting another member of their household...
Usually that's not a reliable way to identify a unique user. Given the prevalence of NAT, re-using IPs by ISPs with DHCP, and a host of other reasons. (That's not to say there aren't ways to fingerprint users across devices and browsers.)
A service ISPs should offer as standard is regularly randomising your outbound IP from their pool for all but a whitelist you specify. So you can have a static IP for say you work firewall, but are harder to track otherwise
Most ISPs are in bed with the advertisers and tracking. That's one reason I don't use my ISP's DNS.
Do you use googles?
Yes, that is possible -- and I'm sure that other trackers are doing their best with fingerprinting, etc and that they manage a certain amount despite my having Privacy Badger and uBlock Origin enabled in my main browser.
However, IP based associations do not show up in the user history that Google allows me to see, and as far as I can tell Google does not change my experience based on it.
I'm still subject to some filter bubble effects because I only zero out my main browser every few days.
> I use gmail and don't wish to give it up for now.
Well, that's your choice, isn't it?
> That's not a reasonable approach for non-techies, but I thought it might interest the HN audience.
Non-techies can just go the good ol' way and pay for an ad-free, tracking-free email service, mapping service, storage service, etc.
I’m not a google fan, but can you name one free service that is par? I think many people would en pay if there was an alternative
Two of the replies mention FastMail, which for all I know might be nice, but FastMail still seems to be in its infancy (though perhaps growing fast) when it comes to securing customers' data. See the recent https://news.ycombinator.com/item?id=15853477
I've been using Gmail for over a decade. I've been getting in the habit of using a purpose@mydomain email for as many signups as I can (that for now all forward to my gmail) so that the impact of a random Google mess up that disables my access to my account is lessened, but there's still no service I trust more for my email's security and privacy apart from Google's algo-eyes (that offer me some features I appreciate anyway). Maybe that trust is misplaced and we're only a few years away from a Yahoo-level incompetence reveal, but I doubt it.
If there was a way to setup a local mailserver that can peer in a hierarchy with more trusted mailservers (so that I can send email with reasonable confidence it won't end up in a spam folder), and have encrypted buffers stored at those peers for when my local machine is offline and can't accept deliveries, I'd do that. Maybe it's possible with Urbit.
I am paying for FastMail for a few years now. It's a very good alternative, and it's really not expensive. Also, I know that my money goes into building an alternative with a viable business model.
Plus, GMail isn't free. You pay for it with your data.
I switched to FastMail about 6 months ago, and I like it. I actually like FastMail’s webapp more than Gmail’s. There aren’t any features from Gmail that I miss, and FastMail offers a very easy option to migrate your emails from Gmail.
If the time comes when you are ready to move on from Gmail, I can recommend Fastmail and ProtonMail. Both use a webmail interface that is very similar to a desktop client. ProtonMail is free for a single address with low volume, Fastmail is $50/year. ProtonMail is based in Switzerland and Fastmail in Australia.
I'm not affiliated with either company but I've evaluated both and settled on Fastmail as my Gmail replacement, mostly because of the added features like file storage, static web hosting, and notes, all of which I've used extensively.
Based on resolution of browser, user agent, list of plugins and all sorts of other seemingly unproblematic pieces of information one can build a unique fingerprint to track you without cookies. Most of it relies on JavaScript of course but if you use gmail you do run JS.
Go to this site and perform the test to see for yourself: https://amiunique.org/
Or the EFF one: https://firstpartysimulator.org/
I think you're overestimating the privacy benefits afforded by using two browsers. Both browsers are using the same IP address which means that google can identify you in the other browser with high certainty. I also have two browsers and use only one to log into google. Yet, google firmly places me in my filter bubble even in the other browser.
or look at the unique fingerprint of your browser anyways :)
I launch Google in it's own Firefox container. Thank you Mozilla.
I register all my accounts using Gmail because I feel DNS/domain security is a joke (this was debated here in the past but I don't have the technical knowledge to explain it any better). I'm saying that because IMO using your own domain is crucial for privacy and control.
I choose Google one day randomly blocking my account over losing it to some random person from the web. At least I can make a blog post and try to make to HNs frontpage to get some customer support.
Maybe I am missing something here, but how does this help against being tracked by google through google analytics and/or their ad-network?
Sure they cannot 1:1 link your {analytics, ad} identity to your actual Google identity, but I am reasonably sure that they have all the data necessary to do it via (not too many) connecting dots.
yea.. you can use something like Privacy Badger and block analytics
Slowly moving away from google what my personal email concerns - to protonmail, btw; I do use G+ as an excuse for social media, though, mostly for being able to stalk Linus on his scuba diving trips.
Additionally, consider that google has some advanced machine learning shit that can likely analyse your writing style. Even an antipattern is a pattern.
Though they actively scan your email for targeted ads and correlate them to you outside of your jail through GA, which doesn't really require login. Unless you connect through a different VPN and browser/etc.
Seriously though - who cares? You use a credit or card? Your purchase history has been sold to advertisers and similar for decades, it's just more transparent now.
OP here is simply fomenting mistrust of the more obvious players to draw traffic (and advertising bucks) to their own website (duckduckgo).
..and compile your own Android OS without the google parts, or wait for eelo.io to land :)
The article seems to argue for a GDPR[1]-like equivalent in the US. It'll be interesting to see how it is enforced in the EU. If applied as intended, it could offer a more realistic alternative to the only other privacy-preserving option at the moment: not using Google/Facebook/etc. 'noyb'[2] is planning to help that along. I just hope we don't get another cookie-law like debacle.
[1]: https://en.wikipedia.org/wiki/General_Data_Protection_Regula... [2]: https://noyb.eu/
i think many orgs instead of suing google n such orgs if they simply use that money to invest in good organizations which are open and respect an individuals privacy that ll lead to a better world. it is not the law that is going to protect the people it is money in the good people's hand that is going to take us in a positive future. doing one good to cover up 18 other bad things is not considered good.
Addressing root causes one key approach would be for someone to develop a better alternative to google analytics. I'd hazard that the usefulness and ease of use for webmasters to install analytics tracking via google analytics is the number one reasons that 76% of sites include google tracking. Develop a mass replacement for GA and you'll directly hut that number.
>"Google and Facebook's hidden trackers across the Internet,..."
Are these "hidden trackers" mentioned in the article just the normal beacons or are they referring to something new?
Are these relevant if a person is not logged into neither FB or Google or if someone has uBlock Origin/Privacy Badger installed?
Facebook, at least, is quite happy to build your shadow profile regardless of whether you're logged in.
Right, they're buying those from 3rd party data brokers I believe. This is the place where legislation is needed so people can own their own data. I would love to see some clearing house that sends out requests to people saying "Facebook or whomever is interested in acquiring your day" and you are given the option of approving or denying.
> they're buying those from 3rd party data brokers I believe
Huh, why would they need to? The first time you load an element from Facebook (be it a like button, comments or something else) you just get a unique cookie and there's your Facebook profile. Now it's a waiting game until you log in and they can connect it to a person, or you do something else that allows them to identify you (maybe visiting friend's pages, and they already have WhatsApp data so they know who talks with that specific set of people? Idk, there's just so much data and so many options). Or they can never connect it to a person but they can still show you good ads based on that browsing history.
>"Huh, why would they need to?"
Because by doing so they are able to compile additional information about people, data that's not available to them via online tracking. See:
https://www.propublica.org/article/facebook-doesnt-tell-user...
How much would it cost to pay off every single Hollywood paparazzi to drive over to Silicon Valley and focus their attention on the Google, Facebook & Microsoft executives for a month?
I use One phone for phone calls and personal use providing a wifi hotspot to another phone for Facebook and Google account.. I just wish I could get two separate phones in one case
imho the current web is broken.. it has become entirely dominated by monopolists, which will only grow larger.. more dominating
we need: - The Decentralized Web (as it was originally envisioned) - Users in full control of their own data - Privacy-first approaches only - Stricter regulation (though tough to implement well)
> we need: - The Decentralized Web (as it was originally envisioned) - Users in full control of their own data - Privacy-first approaches only - Stricter regulation (though tough to implement well)
You have that now! Just stop giving your data to companies you don't want to have it.
The people who never give their data away wonder at the people who give their data away, then call for regulation.
sure, we have it.. but we need to use it pervasively, en masse :)
and not giving your data away is _really_ hard for average user, when google is so deeply engrained in the web
This isn't news. This has been well known for a while now.
Duck, duck, duck, duck, duck...
...go?
I hope duck duck go is not some google's back channel project just to have a leg in contradicting initiatives.