Spycloud, tracking - Rants and recommendations

johanafm

I started replying to http://board.phpbuilder.com/showthread.php?10388479-every-page-on-forum-very-load-to-slow&p=11021737&viewfull=1#post11021737]feedback post by Sneaky, regarding google spyware risks, but finally deciding in not hijacking a forum feedback thread and move it here instead 🙂

But I do find the topic interesting and I was also surprised a Dreokorian's attitude towards google. So I'm a bit curious about what people think about the topic. And if Derokorian is aware of Google's search filtering.

Derokorian;11021739 wrote:
Personally I just don't care if Google knows.

I recommend that you start caring: don't bubble us

The downside with letting Google know is that they tailor search results so that you get to see what THEY think you should see. I read an article about a guy who told his friends to google "Egypt". He posted the resulting top-10 hits presented to two of his friends. Even from just the screenshots you could tell that they contained completely different search results! They did this during the same time, and still one of them got only results about the uprising early 2011, while the other only got travel and tourist information.

Personally, when I search for information, I want what's matching what I search for and then use my own decision processes for determining relevance. That relevance might actually shift completely within the scope of 2 hours depending on what I'm up to.

Also, I've heard friends say that they were reading gmail while being presented with ads matching the contents of that email. It may very well be that they do "only" match email contents against existing ad keywords, but in my book you never ever even glance at someone elses (e|snail)mail or whatever else has a specific recipient stamped anywhere near it.

sneakyimp;11021737 wrote:
BTW, do you have any privacy concerns about using Chrome? I can't help but wonder if Google is tracking one's usage.

Well, the complete answer to that would be to point you to your own thread about "how can I know if X is secure": Write it yourself...

But let's start by assuming that you don't, and furthermore that browsers really do play nice if you turn on or off the proper options, and that all information gathering is done through things like Google Analytics 3rd party scripts (GA) included on web sites.

Looking at Chromes options, you might be surprised to find: 'Send "Do Not Track"-requests'. WTF? Reading up on what that means made me realize just how screwed up things are: this option makes the browser send HTTP headers requesting that the user not be tracked. Seriously? This sounds like something out of a 10 year old IE6 horror movie! A header! To REQUEST that you not be tracked!

Hmm, yeah. bloating requests with useless information, in order to make it so that "user privacy possibly might be respected (no it won't)" - now that sounds like a good idea. How about a bloody header "request to be tracked" instead? How about a bloody opt-in to be spied upon? Now that would be respecting user privacy. The other is nothing but a marketing stunt while going R-Kelly on our privacy.

My recommendation is to make how to make the internet not suck (as much) your first stop. Moreover, if we instead assume that browsers are nasty spyware in general, I'd recommend going with Firefox since I believe that it's more likely to play nice. This is mainly based on my general opinion on especially Apple and Google (and Facebook if looking at non-browser companies). And somewhat on my opinion that Firefox has little incentive to spy on their users while the multimarket interestholding companies probably feel they have a lot to gain from it.

Ashley_Sheridan

johanafm;11022187 wrote:
Looking at Chromes options, you might be surprised to find: 'Send "Do Not Track"-requests'. WTF? Reading up on what that means made me realize just how screwed up things are: this option makes the browser send HTTP headers requesting that the user not be tracked. Seriously? This sounds like something out of a 10 year old IE6 horror movie! A header! To REQUEST that you not be tracked!

To be fair to Google on this one, this is actually a legal thing in Europe (not sure where else at the moment) where you have to specifically be allowed to opt out of being tracked. The wording of the whole thing accepts that being tracked is now the norm, and making this an opt in process would have a detrimental effect on many businesses. I'm not saying I agree with being tracked, but I can see the point of the way the opt-out process works.

johanafm

Ashley Sheridan;11022191 wrote:
I'm not saying I agree with being tracked, but I can see the point of the way the opt-out process works.

I can see how it came to be an opt-out for historical reasons, but I'd never agree to there being a point to the system remaining like that. More importantly, if you go back to the first half: "I'm not saying I agree with being tracked" and ask people in general if they're ok with it, I suspect a fair more than 90+ % would say "hell no" to that.

Also, just because something is not legal doesn't mean it's right. Businesses usually go by "currently legal" as a guide if it means profit: bunnies and puppies be damned.

Besides, for pretty much any other information gathering in Sweden (and I'd guess, rest of EU) regarding private individuals, the process is severely restricted and legislated to protect people. E.g. collecting a private e-mail address (employee addresses is another thing) requires explicit consent. It has to be CLEARLY stated that your email address will be used for any other purpose than why you're giving it out in the first place (such as to be notified of winning a contest/lottery or some such).

Same thing with surveillance cameras. Even if you store nothing and only have people looking at the feeds, you need a permit for them. And you will need to notify people that there are cameras. Getting permits to store surveillance feeds is a lot harder. Is there any reason that they should be allowed to spy on you on the internet? Or do so without even clearly informing you about it?

What would the reaction be if there was some red flashing text in the top left corner of your browser all the time to inform people of the current situation?
We are watching you! You are NEVER alone, perhaps next to this little image
[ATTACH]4807[/ATTACH]

jack.jpg

Derokorian

I'd like to also point out you can turn all personal filtering on Google search options (at least if you have a Google account). When I got my new PC, without signing in to anything, I got the same results as when I used one where I was signed in, just by turning that option off.

Ads should be relevant to what you are viewing, if they aren't you won't ever click on them. If you don't click on them, they aren't generating revenue. I would much rather see an ad that interests me, than to see the same "You're a winner click here" sh*t over and over.

In my opinion, its just another tool, you have to know how to use it to your liking.

PS. I also run AdBlock, and Stylish, which allows me to not load whatever I want, thereby preventing third party tracking from things like facebook like buttons, which have FAR more tracking data on its members than most people even begin to realize.

bradgrafelman

johanafm;11022187 wrote:
I recommend that you start caring: don't bubble us

I personally don't care that much either. In my mind, that website actually did the opposite and reinforced my position.

Yeah, Google tailors my search results based on previous searches and whatnot. I agree with that. The point where we disagree seems to be that this is a "bad thing." If I do some generic Google search, I enjoy having the results filtered/reordered in a way that makes sense for me. If I wanted to find results that wouldn't normally be what I'm after, I'll make a more targeted query.

johanafm;11022187 wrote:
Personally, when I search for information, I want what's matching what I search for and then use my own decision processes for determining relevance.

That approach is rather impractical when you consider that, without any filtering, Google's searching algorithms might come up with tens of millions of results (or more).

johanafm;11022187 wrote:
That relevance might actually shift completely within the scope of 2 hours depending on what I'm up to.

... which should be reflected in your queries (e.g. using required words, exact phrases, words required to not be matched, etc.).

johanafm;11022187 wrote:
Also, I've heard friends say that they were reading gmail while being presented with ads matching the contents of that email. It may very well be that they do "only" match email contents against existing ad keywords, but in my book you never ever even glance at someone elses (e|snail)mail or whatever else has a specific recipient stamped anywhere near it.

The problem I have with this argument comes from potentially unsecure nature of the path e-mail messages travel while going from sender to receiver.

Yeah, Google might use some client- or server-side keyword matching to rank their pool of ads by relevance. So what? You're going to get an advertisement anyway... why is it a bad thing if the advertisement chosen just actually happens to be more relevant to the information being presented to you at the time?

(Again, if you're worried about the contents of that e-mail being divulged to others, well... I guess that means you've already verified the path the message traveled never contained an insecure connection and enforced the sender(s) to use some form of message encryption? I doubt it.)

johanafm;11022187 wrote:
Looking at Chromes options, you might be surprised to find: 'Send "Do Not Track"-requests'. WTF? Reading up on what that means made me realize just how screwed up things are: this option makes the browser send HTTP headers requesting that the user not be tracked. Seriously? This sounds like something out of a 10 year old IE6 horror movie! A header! To REQUEST that you not be tracked!

Why is it wrong for web services to assume that you want them to remember where/how you've already used their services in the past in order to possibly better shape your future use of them?

johanafm;11022187 wrote:
How about a bloody header "request to be tracked" instead? How about a bloody opt-in to be spied upon? Now that would be respecting user privacy. The other is nothing but a marketing stunt while going R-Kelly on our privacy.

Sorry, but this argument makes absolutely no sense.

Consider the generalization that there are two different buckets in which you could categorize the "suppliers" on the Internet: those that respect the user's wishes (in regards to privacy), and those who do not. Now, tell me, how is using a "Please Track Me" header is any better or worse than a "Please Do Not Track Me" header? The only answer I can come up with is: it isn't - both have the same results.

johanafm;11022187 wrote:
My recommendation is to make how to make the internet not suck (as much) your first stop.

Hmm... hand over my ability to connect (or not connect) to a given entity based on the subjective decision of this "Dan Pollock" fellow? No thanks; never even met the man.

(This, of course, is not even touching on how archaic and slightly misleading it is to use a HOSTS file for such things.)

In summary... it's not that I don't care about user privacy in the least. I just think there are too many tin-foil-hat-wearing people out there who want to have their cake and eat it, too. There are plenty of opportunities for entities to be devious and underhanded when it comes to respecting (or, more aptly, not respecting) user privacy that slide right under the radar. If you're really serious about protecting your privacy with an ironclad fist regardless of any entity's intentions... don't use the Internet. Period. (Maybe even 'exclamation point.')

Weedpacket

johanafm wrote:
I can see how it came to be an opt-out for historical reasons, but I'd never agree to there being a point to the system remaining like that.

There may not be a point but free trade agreements can make it illegal to change the law. If the change affects how a company in another country party to the agreement does business, their profitability could be hurt (because of the costs of adapting and/or the lost opportunities for revenue) - and that could be a violation of the trade agreement.

cretaceous

Weedpacket;11022217 wrote:
There may not be a point but free trade agreements can make it illegal to change the law. If the change affects how a company in another country party to the agreement does business, their profitability could be hurt (because of the costs of adapting and/or the lost opportunities for revenue) - and that could be a violation of the trade agreement.

At which point it's clear that the companies concerned are too large and have too much power

Anyway what other search engine is there that doesn't track or tailor results?
I have tried DuckDuckGo but I got indoctrinated to the Google bits and pieces - and which are now essential..

dalecosp

Bump.

I was just reading up on some requests I have for work in this area.

Very interesting discussion, particularly in historical context now that we have Snowden's revelations.

Didn't know if anyone cared to revisit the topic....

Weedpacket

Derokorian wrote:
PS. I also run AdBlock, and Stylish, which allows me to not load whatever I want, thereby preventing third party tracking from things like facebook like buttons, which have FAR more tracking data on its members than most people even begin to realize.

Which reminds me; Weedpacket doesn't have any facebook, google+, twitter, or linkedin accounts, so their buttons and associated script here aren't much use and only slow the page load with connections to fbcdn et al.

It still occurs to me: if someone is searching for information, then - if you are going to bias the results based on what sites the user frequents - wouldn't it be more useful to serve results that are likely to be different from what the user is already familiar with?

Derokorian

Weedpacket;11039875 wrote:
Which reminds me; Weedpacket doesn't have any facebook, google+, twitter, or linkedin accounts, so their buttons and associated script here aren't much use and only slow the page load with connections to fbcdn et al.

I only have linkedin. The others still gather data even if its not tied to an account.

Weedpacket

Derokorian wrote:
I only have linkedin. The others still gather data even if its not tied to an account.

The point being that they are therefore less than useless to me, so I should get on with blocking requests for them 🙂