Review: Googling Security: How Much Does Google Know About You?

Googling Security is an interesting examination of the privacy issues surrounding the mass use of web services. It’s not just about Google, but “covers many facets of the problem of web-based information disclosure as seen through the lens of Google’s tools and services.” The tone isn’t generally that of bashing a particular company – the author for example goes out of his way to praise Google’s “awesome suite of tools”. However, Google as the biggest supplier of online services is clearly an obvious focus for this sort of analysis.

Early sections include a high-level overview of information flows and leakage, data retention and profiling. The book then moves on to chapters on individual types of web service – search, communications, mapping and advertising. The conclusion is a section on countermeasures and a look at the future.

It should come as no big surprise to any averagely-informed web user that online email, mapping and office applications or cross-site web analytics tracking can compromise their privacy. (However, many people may not realise that Google and other web-mail providers explicitly do not guarantee to delete your emails from “offline” backup systems when you delete them via the web interface.) The privacy case against Google Maps and especially their Street View application has been particularly well covered in the media.

The more scary part of the book for many will be the section on search which reveals the extent to which people can potentially compromise their privacy by day-to-day use of search engines. The examples which the author provides from the data-set of search activity released by AOL are very effective at showing there’s a serious potential issue here. The details on finger-printing techniques and the degree to which you can be personally identified over time by your search queries alone are also eye-opening. There is an emphasis on the need to think about your online activity in aggregate rather than as a series of single transactions. Each transaction may give little away on its own but could reveal a lot when examined alongside thousands of others.

Suggested countermeasures include becoming a more informed user of web services, educating others and campaigning for regulatory changes or for companies themselves to take privacy more seriously. The technical suggestions include deleting cookies, employing proxies and encryption, avoiding registered accounts, etc. – but the downsides to all of these are also clearly stated.

In the end, the book is quite a depressing read since the online privacy situation looks like it will get worse in the immediate future and there’s no easy solution for improving things. Avoiding using web services cripples your ability to use the potential of the web effectively, as does obsessively employing privacy technologies. As the author points out: “A bulletproof, anonymous web-browsing experience doesn’t exist.”

Googling Security: How Much Does Google Know About You? by Greg Conti is published by Addison-Wesley.