Being some additional space for me to vent on the topic of…
…a discussion related to Google’s recently added “search history” that started on Dave Farber’s IP list and eventually made its way over to Declan McCullagh’s Politech list. (Note that some fair portion of the discussion happened off list, so you get only some highlights in the links above.)
It started with a message from Dave Farber, entitled “BAD IDEA OF THE WEEK — Google Launches Personal History Feature,” which was just a forward of an AP story on the feature. I initially read that as a suggestion that it was a bad business idea for Google, and responded: since A9, AskJeeves, and Yahoo all offer some form of search history these days, it seemed to me that Google really had to respond with a similar offering.
The followup from there was people laying out privacy concerns, both actual and hypothetical, that could arise from such a feature. Just to get this taken care of up front, I totally agree that there are privacy concerns inherent in Google’s search history feature; where I seem to depart from most other people on these mailing lists, however, is that I see Google’s search history as one example of a sort of privacy concern that is already ubiquitous on the Web these days, rather than a dramatic first step on to a slippery slope. Further, I’m much more frightened by the decay of offline privacy in the US than I am by anything happening online.
So a couple of things, largely taken from a rather snide email that I sent to Declan McCullagh (if you see this, Declan, sorry — I should have gone to bed rather than replying to one last email):
If we’re concerned about Google explicitly retaining search history, so too should we be concerned about the fact that A9 already does the same thing, and that A9’s login is tied to the user’s Amazon login. As noted above, other search engines already offer explicit search history retention, as well. Yes, Google is currently bigger and more popular than other search engines, but focusing attention exclusively on Google — even getting them to eliminate the feature — would not effectively address the larger privacy issue.
Assuming that you aren’t so paranoid that you’re taking all of the privacy-enhancing steps above, you’ve got another big privacy issue: there are a whole lot of companies in the business of tracking you from site to site. Take a look at your cookies…atdmt.com, centrport.net, audiencematch.net, advertising.com…these organizations and others like them know as much or more about your browsing habits than sites like Google or Yahoo. That may or may not be a problem, but since many of those compaies have a reach that extends much further than any single content-based site, it’s an issue that bears examination from a privacy perspective. Again, do you know what the data retention and distribution policies are for these companies?
And then for US citizens, of course, there’s the offline world. Libraries, retailers, religious institutions, travel and communications companies…any and all records that these organizations have of your transactions must be provided to the government upon request, no warrant required, no notification to you required. Go, Patriot Act.
So yes, it’s possible that there are a couple of mysterious black helicopters circling above your house, but I don’t think that they belong to Google. Yet.
And yes, I still owe a followup on Fishtank and Habitrail. I’ll get to it…