

Google's new privacy policy and TOS - antichaos
http://googleblog.blogspot.com/2012/01/updating-our-privacy-policies-and-terms.html

======
lawnchair_larry
I saw a talk at defcon by a former google employee named Brian Kennish, author
of disconnect.me. He said that google has 3 data sources in particular that,
if tied together, would be very worrisome. Those were:

Google Analytics - Every time you visit a page with this javascript, google
obviously receives a get request from your IP address

+1 Button - Similar to what facebook is doing, hits for the +1 button, whether
you click it or not, are another GET request to google

Your google account - if logged in, they obviously have a ton of information
about you.

If I recall correctly, he said that the idea of tying these together came up
frequently, but has always been shot down as too invasive. At the time, he
said he believed they had no plans to ever do this when he left the company.
Doing this would be easy, and would tie nearly all of your browsing activity
to your google account. That, to me, is evil.

This update sounds suspiciously like they have gone ahead with this idea. If
so, I don't understand how people are ok with this.

~~~
mvgoogler
The purposes for the update are way more simple and common sensical than that.

Until this change, pretty much every product had it's own privacy policy. I
think there were something like 70-ish different policies. For both users and
people within the company having so many slightly different privacy policies
is a complete mess.

As a user, trying to keep straight in your head the subtle difference between
gmail's policy and search's policy and the policies for photos, google+,
blogger, etc. is probably impossible for most people. It gets even harder when
products start interacting in interesting ways. For example, if you share a
picture from a Picasa album to G+ contacts, which then generate message in
gmail with pointers (or copies) of the picture, which privacy policy applies?
If you're in gmail and you chat with someone from you circles, which policy
applies?

(Note - I'm not at all interested in debate about whether people like the
features I used as examples. I am simply using examples off the topic of my
head to try to show some of the problems inherent with having per-product
privacy policies when the lines between products is blurring)

The goal is that, by having a single and comprehensive privacy policy that
applies to all Google products, it will be easier for users to understand
exactly what promises Google is making and not making. It also makes it easier
for engineers (like me) that are creating and improving products.

~~~
lawnchair_larry
Will data from these 3 sources, or any subset, be correlated in any way (or
are they already)?

1\. Requests for the +1 button (not clicks)

2\. Google analytics

3\. Google accounts

~~~
mvgoogler
I'm not in a position to make any promises about future policy decisions. So
I'm not not comfortable trying to speculate about future plans. I can say that
I believe in the character of the current leadership, but beyond that...

As to whether it is done currently? The simple answer is I don't know. I
haven't heard anything that would make me think it is, but I don't work close
enough to those areas that I necessarily would.

I would be _surprised_ if the things you list are combined in an meaningful
way (obviously, if you use analytics, there is a link between your account and
your analytics data, the same way there is if you use docs or picasa - but I'm
pretty sure that's not what you're asking about :-) )

------
Trufa
Disregarding all the other discussions going around about Google, I think this
is a great approach to get the user to know the TOS, I hope many more
companies follow this path.

In fact, now that I think of it, it is the first time I have fully read a TOS
agreement (as a user), I thought it was simple and clear, though IANAL and I'm
not sure about the legal implications.

~~~
pseudonym
Devoid of the proper context, it's amusing to think about your post in terms
of the uncertain legal implications of users actually reading and
understanding the TOS.

------
wotsrovert
Of late, I've paid attention to how many letters I must type into "google"
before it generates an auto-completed phrase I'm searching for.

I am profoundly impressed by how little typing is required. It certainly feels
like communicating with an artificial intelligence.

This feels like value created on a giant scale.

My father was one of the first computer programmers: starting sometime around
the late 50's, he wrote code in a language called octal, using vacuum tubes
and wires. One of his first projects was to write a routine to calculate
square roots.

Fifty years later, a computer knows that when I type "toc", I'm probably
looking for the "Tournament of Champions Squash Tournament" presently being
held in Grand Central Station. Remarkable.

------
devindotcom
I've been seeing this new development being characterized as Google's "evil"
moment, but I'm not convinced. I thought it was more evil when they changed
account creation last week to require both a Gmail and G+ account. That's bad
for users. This doesn't seem that way to me.

~~~
jnorthrop
How can you characterize Google's effort to make their privacy policy and
terms of use more simple and clear as "evil?"

~~~
trobertson
I think the "evil moment" is more about the new "Search Plus Your World".
Every big social site that doesn't let Google index (and therefore, display)
their content has called SPYW "evil", in that it "pollutes" Google Search
results with content from Google+, Youtube, and other Google sites, instead of
using stuff from Facebook, Twitter, etc. (who, as mentioned above, do not let
Google see their content). The whole thing reeks of "You can't see my data,
Google, but I DEMAND to be in your search results anyways".

The new privacy policy is only incidental, and, as nknight mentions here [1],
it is probably motivated by government regulation as much as it is Google's
focus on integration.

[1]: <http://news.ycombinator.com/item?id=3507707>

~~~
ceejayoz
> ... instead of using stuff from Facebook, Twitter, etc. (who, as mentioned
> above, do not let Google see their content)

Oh come on. A quick Google search shows three billion results from
Twitter.com, and nearly eight billion from Facebook.com.

~~~
saalweachter
How many days worth of tweets do you think 3 billion is? Answer: about a
fortnight's worth.

[http://www.quora.com/Twitter-1/How-many-tweets-per-day-
are-t...](http://www.quora.com/Twitter-1/How-many-tweets-per-day-are-there-on-
Twitter)

~~~
ceejayoz
Do you really want individual tweets showing up in Google's main search
results? Google doesn't seem to individually index Google+ posts, either -
there's only 15 million search results for "site:plus.google.com".

------
webwanderings
"new Privacy Policy makes clear that, if you’re signed in, we may combine
information you've provided from one service with information from other
services"

Google, you were nice enough to provide a toggle button to turn off the
personal search feature. Now, could you be nice enough to provide an option to
opt-out of this combined-information utopia of yours? I don't want to
participate in this combined information experiment.

------
teja1990
There is so much talk about SPYW and its evil implications. If google just
adds a new tab , saying social search , wont that solve the problems. And if
twitter wants to share its tweets , fine , lets get twitter on board as well.
And I dont think facebook will let google access its data , and it might still
say its evil.

~~~
munin
probably, no one would use it

------
andrewfelix
The TOS is short, but the arguably more important Privacy Policy for Google
products is still huge: <http://www.google.com/policies/privacy/>

~~~
nknight
You're actually linking to the old policy, the new one is here and will go
into effect in March: <http://www.google.com/policies/privacy/preview/>

It's actually longer than the "existing" policy, but covers a lot more of
Google's services under one umbrella.

In any case, a TOS is basically governed by ordinary contract law, which
allows for a much more generalized, principles-based document.

Privacy policies are increasingly governed by regulatory requirements, and
those requirements are increasingly demanding a fair bit of specificity, so
you're seeing an inevitable and likely permanent state of affairs.

~~~
andrewfelix
Thanks for the correction.

The length of the new privacy policy still seems to counter the assertion that
this is something people will find easy to read.

~~~
devindotcom
Well - there's "easy to read" as in Goodnight Moon, and there's "easy to read"
as in a layman can get the gist in 15 minutes.

~~~
ams6110
Why shouldn't a privacy policy should be as easy as "Goodnight Moon" ?

~~~
icebraining
Why did you use 12 words in your post instead of a single one?

------
thekungfuman
I can't be the only person who assumed Google already shared data between it's
properties, right? I don't go into the grocery store and assume what I buy in
produce is hidden from what I buy in the deli.

In fact, I want this. I use Google services for their convenience and
function. If the things I share on Google+ or the videos I view on youtube
alter the ads I see, it probably makes them far more relevant. And it's
honestly about 1 time in 500 I don't get what I was looking for in the top 10
results in a regular search, even when logged in.

~~~
Silhouette
> I don't go into the grocery store and assume what I buy in produce is hidden
> from what I buy in the deli.

You probably don't talk to the shop assistant in produce about your medical
problems and then ask the deli staff about life insurance.

You probably don't book a four night away break in produce and then meet a
friend (who happens to be a divorce lawyer) in the deli, where the staff know
all about what he does for a living.

You probably don't discuss homosexual relationships in produce and then call
your boss, Colonel Gaybasher, from the deli's payphone.

One of the most valuable things about privacy is that it lets us
compartmentalise our lives. That helps people we know by not inflicting parts
of our lives they don't care about on them. It also helps us, by allowing us
to explore and develop one aspect of our lives with people we trust to help
us, without allowing others who we don't trust to know about it or interfere
with the rest of our lives as a result. One specific example of the latter
idea is that maintaining privacy means someone who is trying to assess us
doesn't get incomplete information that they consider relevant and then jump
to conclusions based on getting the wrong idea.

The likes of Google and Facebook are now so ubiquitous that the complete
destruction of that privacy for millions of people is a profit-seeking
executive's sneeze away from happening. It's bad enough that they rely on this
sort of perma-snooping on their own users on their own sites for their own
advertising. It's downright creepy that they are abusing the nature of the
Internet and the ignorance of most people about that nature to spy on people
visiting other sites as well.

