Googling Security: How Much Does Google Know About You?
Product Description
What Does Google Know about You? And Who Are They Telling? When you use Google’s “free” services, you pay, big time–with personal information about yourself. Google is making a fortune on what … More >>
5 Comments
RSS feed for comments on this post.
Sorry, the comment form is closed at this time.
Some Content may originate from third party websites(i.e. Amazon, Yahoo Answers, Youtube)Internet SecuritT Group LLC is not responsible or liable for the content of any third party affiliate
All third party content is property of the respective owners.
I purchased this product on August 24, 2009. Today is September 24, 2009. A whole month has elapsed and I STILL HAVE NOT -(REPEAT: HAVE NOT)- RECEIVED MY PURCHASE!
How is that for service?
Rating: 2 / 5
There is a poignant episode in the book when Conti uses AOL’s published anonymised web search logs to list queries made by several people. The ancient Greeks had an Oracle, a fount of infinite wisdom, to which worshippers could ask questions. From the book, and ironically, not from a Google example, by from AOL, we can see a search engine as assuming this ancient role.
You should check out and read carefully the examples of those individuals. One person is probably (or certainly) female, and pregnant. She is also probably a Protestant, and she has other habits that come thru when scanning her searches. Another person seems older and has cancer, and contemplates mortality.
This portion of the book is the starkest in conveying Conti’s thesis that a search engine can collect an awesome amount of inferential data about you. Your questions are a window into your inner self, so how much privacy do you think you get or need or deserve from the search engine?
Granted, most of the text looks at Google, because of its sheer dominance of search, and the numerous ad networks and applications that it has set up. But much of the discussion would still be germane if Google vanished and other engines arose in its place.
The only pecadillo is an inexplicable passing reference to China having 2 billion people?! It has about 1.3 billion, and this is a fairly well known fact. Ironic given the subject of Google and its access of all types of data, that Conti made this slip up.
Rating: 4 / 5
Greg Conti has really done a great job here collecting and organizing lots of information about Google even as they continue to collect data on all of us. This book breaks down the privacy aspects of several services provided by Google including G-mail, Search, Advertising programs, and many more. It uses great graphs and screen-shots to help illustrate the details where visual validation is necessary.
The book is laid out by category of service types. One good example is the advertising chapter which discusses (among other things) all of Google’s advertising-related services including Adwords and Adsense. It goes on to discuss Google’s acquisition of doubleclick and all of its collected data and illustrates how all of this data can be tied together and tracked.
If you ever wondered if Google is collecting information on you and exactly how much information Google knows about you, read this book!
Rating: 5 / 5
Disclaimer: I know the author personally and was given a review copy of the book.
I haven’t read many (non-religious) books that totally change my outlook about the world we live in. In 2008, Robert O’Harrow’s “No Place to Hide” is one such book and Greg Conti’s Googling Security is the second.
The book begins with a simple question. “Have you ever searched for something you wouldn’t want you grandmother to know about?” A simple but powerful question. Of course all of us have searched for topics we would rather our grandmother, friends, or spouse not know about. Would you ever consider posting the sum of your Google queries on your blog or website? Probably not, but just about all of us have given this information to Google in our dealings with them over the years. The book helps you take a look at how the sum of that information gathered through the use of the multitude of Google’s “free” tools adds up to take a huge chunk of our privacy and very well could be giving Google a solid look into our personalities to include things most of us would prefer keep private.
Breakdown of the chapters:
Chapter 1: Googling 1
Chapter 2: Information Flows and Leakage 31
Chapter 3: Footprints, Fingerprints, and Connections 59
Chapter 4: Search 97
Chapter 5: Communications 139
Chapter 6: Mapping, Directions, and Imagery 177
Chapter 7: Advertising and Embedded Content 205
Chapter 8: Googlebot 239
Chapter 9: Countermeasures 259
Chapter 10: Conclusions and a Look to the Future 299
A common theme that the author found while conducting research for the book was “Google will collect personal information from you to provide you with a better experience.” Right now we expect Google to “do no evil” and their current policies say they don’t personally identify its users but as the author points out through the chapters in the book; Google gathers A LOT of data they DO tell us about and the ability to gather even more data is already built into its “free” services.
Some other reviewers have said that its “preaching to the choir.” While I agree that the normal person that would buy this book is in the IT field, I wouldnt be so quick to immediately say that the average system admin or evern security guy understands the magnitude of information gathering that could possibly be going on and the value and power of that information. While not specifically mentioned in the book I would encourage anyone interested in the topic to check out Conti’s DEFCON 16 presentation on “Could Googling Take Down a President, a Prime Minister, or an Average Citizen?” When you think about the importance or value of that first page of results returned by Google and think about how events, commerce, or public opinion could be shaped by crafting the results that are returned you have a powerful tool(weapon?). What if the top results for a certain political candidate consistently only returned negative commentary? or if events were “buried” by Google never returning those results? Just because Google doesn’t currently appear to be altering results or collecting and using personal information, its important to understand the power every user gives to Google in both personal information and the power of controlling what is presented to searchers.
One of the best things the book has that most books covering similar (privacy) type topics is a countermeasures chapter. While saying “don’t use Google” really isn’t an option for most people the best advice from the chapter was teaching people to know and understand what they are disclosing and adjusting the behavior accordingly.
My only dislike in the book was the coverage of “physical” information leakage (TEMPEST). The material is good, but I don’t think it was pertinent to the Google and privacy discussion.
Rating: 5 / 5
In his review of this book Ben Rothke, author of Computer Security- 20 Things Every Employee Should Know (2nd ed), stated “It has been suggested that if one was somehow able to change history so that aspirin had never been discovered until now, it would have died in the lab and stand no chance of FDA approval. In a report from the Manhattan Institute, they write that no modern drug development organization would touch it. Similarly, if we knew the power that Google would have in 2008 with its ability to aggregate and correlate personal data, it is arguable that various regulatory and privacy bodies would never allow it to exist given the extensive privacy issues.”
Rothke may have been semi-prescient. Google Street Maps have been encountering increasing resistance and legal issues related to privacy concerns in countries from Japan, to Germany, to England, to Greece, and others. Granted, it is a decade or so too late to protect against most of the issues Conti analyzes in this book, but it illustrates that those concerns do exist as Google continues to expand the products and services it provides on the Web.
Johnny Long has evangelized on the topic of data security on Google for years. His book, Google Hacking, is more about targeted techniques for extracting sensitive information that users should have protected better rather than an indictment of Google or its methods. But, it illustrates essentially the same point- there is a virtually endless amount of data catalogued and indexed on Google’s servers and, either intentionally or unintentionally, it can have significant privacy and security ramifications.
Greg Conti’s take on the subject makes for an interesting and compelling read. It has tips, but is short on actual solutions. It is good to be aware of the security implications of resources such as Google though. Give it a read.
Rating: 5 / 5