Google search and seizure, etc. vs. technologists

1) Any practical attempt to "swamp" Google's database in such a manner is unlikely to succeed, given the sheer volume of legit queries that they receive. I suspect they'd be smart enough to detect abuse patterns fairly easily. That kind of analysis is their bread and butter. 2) Attempts to purposely "abuse" Google in such a manner (faked requests) may well violate their Terms of Service, and if they don't now you can be sure that they will in some future version of the ToS. The likely result will at a minimum be bans and ISP actions, and at the max lawsuits. Pull out your wallet. 3) Routing queries through anon proxies will provide some protection for the technological elite who understand such things. They will not protect the average user, who most likely doesn't understand the risks and issues, and will never use such proxies, even assuming that they were trivial to use. It is fashionable for some technologists to unwisely promote ad hoc, short-term technological "fixes" in a sort of cold war escalation mode, without dealing with the fundamental problems. This is especially unproductive when it comes to helping to protect average users who take the default settings for almost everything, but are just as much at risk of abuse, if not more so. In this case, it seems reasonable to ask that Google (and other search engines) show at least as much genuine interest in protecting people's privacy and rights as does the local library. And that library isn't making billions from people's activities -- Google is. Finally, the statement that:

Even if Google were to say that they no longer keep personally-identifiable search queries, there would be no way to verify it.

is of course not really correct. There are ways (not fullproof, but some are damned good) to audit such activities, assuming that appropriate laws are in place requiring such verification. A simple claim of compliance from the party in question is obviously not sufficient, even in the case of Google, whom I have no reason to believe is lying about what they are doing at this time. --Lauren-- Lauren Weinstein lauren@pfir.org or lauren@vortex.com or lauren@eepi.org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, EEPI - Electronic Entertainment Policy Initiative - http://www.eepi.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - -

From: Phil Karn Date: December 3, 2005 3:24:11 PM EST

1. Write and disseminate a little daemon that makes randomize queries to Google from your computer. Every few minutes to an hour (i.e., at random times) it would send a Google query with search terms randomly chosen from a large dictionary. This would pollute Google's logs and create reasonable doubt if you are later accused of entering queries for, say, the words "neck" and "snap".

2. Write and disseminate a web proxy filter that would route all Google queries through the TOR (The Onion Router) network and strip off all tracking mechanisms from the results. This may be a more palatable alternative to routing all your web surfing through TOR, which can be quite slow.

I consider it unproductive to scream at Google, as has become so popular of late. It is also misguided to call for laws to limit what they can do with our search queries. Even if Google were to say that they no longer keep personally-identifiable search queries, there would be no way to verify it. And any new privacy law for search engines would surely be riddled with enormous loopholes for government abuse.

As with confidentiality, the *only* solution here is technological. So let's get coding.

------------------------------------- You are subscribed as eugen@leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]