Google has my full search history, all my hangout chats, all my e-mails, and yet:
* On my Android, it keeps proposing ultra boring "stories to read" about soccer, wannabe celebrities and YouTube videos of stupid teenagers doing stupid things;
* With the sole exception of when the sponsored link is exactly the same as the first result, ad words in my search results have never ever been relevant or interesting in any way.
Facebook is supposed to know everything I like, yet it only shows me ads about stuff I dislike.
The same for Twitter and everything else.
They are supposed to know the inside of my heart and mind, but they have, till now, utterly failed to prove it.
So, do they know me and just pretend they don't for some strange reason, or do they actually know shit and just pretend they do so that they can sell to advertisers at a higher price?
Another classic is the repeated ads for the dish washer I just bought, for months at a time. There are glimpses of potential with targeted search results. It can be practical, for example when I search for open source software named after a common word. So the technology is there, but isn't remotely used to its potential.
My only guess is that there is only so many advertisements available in the pipeline at any given moment. It's the 90/10 rule all over again.
So close, yet so far...
So in a sense, targeted ads are only worth it for the ad seller who can try to squeeze even higher prices from the ad buyer.
Nearly a year later, I am still seeing ads for that dealership as well as competing dealerships in my area.
And this is the second reason I use an ad-blocker everywhere.
The first reason is that I can't stand being always tracked.
After reading one of those occasional "Turn off Google's privacy invasion in three small steps" posts perhaps...
I suspect it boils down to what the ad customers are willing to buy and what they're willing to buy isn't very creative. They buy "people who liked a gay dude's posts" not "People who Facebook knows are super gay and into flashy underwear".
The lawyers wrote the privacy policies that way because the companies intend to do other stuff with the data, or even that worst case scenario people think about, not just because "lawyers gonna lawyer". You don't think Google or Microsoft's general counsels know exactly what their CEOs/companies intends to do with that data 2-3 years down the road? Of course they do. They are usually part of all the long-term strategy planning.
So next time you see something like this, how about you stop giving these companies the "benefit of the doubt" (especially with their poor track record on this) and actually do assume the worst will happen, until they modify their privacy policies to specifically say what they're going to do or aren't going to do with your data.
And people still wonder why the EU could possibly want to investigate Google. Surely it's just American supremacy jealousy? I hope the EU brings everything it's got to Google, and brings the hammer down hard on them. The U.S. Justice Department seems to be completely unwilling to punish big corporations/elites anymore anyway (usually a big flashing sign for oligarchy).
Consider your choices.
The new Sync protocol is an abomination; the old one was actually secure; the new one is snake oil.
The data especially on Android can easily be hacked if someone has the expertise. This made me think how easy it would be for stranger to learn everything about me through my data.
Whenever i'm doing something with my normal chrome -> I'm part of the system and look / am normal.
Whenever i wanna do something little bit different, i use incognito mode and a different browser.
Isn't that pretty much what's happening with your data at google?
So what I do is disable everything without even thinking. Later when something isn't working as expected and it turns out it's because of one of those privacy settings, I start to think about whether or not I really need it.
So effectively, they give me an incentive to summarily reverse their opt-out strategy into an opt-in one. I suppose that's fine with them because most people won't do even that.
However, they should be aware of the fact that this is the second easiest thing to do after leaving everything enabled.
Over time, they may be creating a popular culture of "disable everything" just like they created a culture of ad-blocking (where "they" is the whole advertising industry in this case, not so much Google itself)
I can understand your point about allo more, though of course storing the local history unencrypted also means that it's going to be accessible to interested third parties in one way or another. If they don't keep it at all, it means that it won't be.
I tried to find information about it online, but the official documentation  is less than helpful to say the least. I'm guessing when they say "stuff", that's a euphemism for blob, but fuck if I know, maybe they are just trying to be hip in their documentation. After all, it's also business time, in case you didn't know.
Currently downloading the Chromium source code, to see if that's more helpful, but I kind of doubt it...
The official documentation talks about the folders /chrome/browser/sync/engine, /chrome/browser/sync/syncable and /chrome/browser/sync/protocol.
These folders are missing from the source tree, as you can see here: https://chromium.googlesource.com/chromium/src.git/+/master/...
However, I decided to give the benefit of the doubt and did a few file-searches, in case the files were moved at some point and the documentation was just not updated.
And it seems like that's actually the case. The folder /sync contains all three missing folders (engine, syncable, protocol) and more: https://chromium.googlesource.com/chromium/src.git/+/master/...
A successful experiment may be deserving of a blog post.
Didn't they drop it like 9months ago and moved to Firefox Sync?
The new system is still end-to-end-encrypted, though...
The system is still end-to-end encrypted, if you reset your password it will also reset the storage (by definition).
Does that mean you lose your history when you change your password? Or just that you need to use the new password to access (old and new) data?
Firefox Sync is unacceptable for password — or any other private data — storage. This is a pity, since the old protocol was very suitable.
It wasn't, because I've managed to lose my history with it. I very much prefer my history to be synchronized to a server I cannot lose.
> you download the browser once
That's not true. Modern browsers are set to upgrade automatically in the background, without notifying the user.
If you're paranoid, you can self-host your own Sync server, but then if you don't trust the vendor of your browser, then you've got bigger problems and I hope you're compiling your own binaries.
My browser isn't; I use the Debian Firefox package and update it on my schedule.
> If you're paranoid, you can self-host your own Sync server
Only if you host it locally; if you host it at a VPS/dedicated-system provider then you're trusting that provider never to break into your system.
It's bad social hygiene to develop systems which are breakable.
The problem with that is that if the auth server is on a machine you don't have complete control over (e.g. one hosted by a dedicated-system or VPS provider) then you are trusting that provider to never break into your machine; you are also trusting that machine never to be broken into via some remote exploit.
That's far too much trust for a system hosting sensitive data like passwords. The only secure thing is to deploy a system with as little trust as possible.
The great thing about the self-hosted sync server is, the storage and auth components are separated, and the storage one just stores encrypted blobs.
I do not appreciate this change, however, and I hope that they reconsider it.
> firefox is really sluggish
But I wouldn't go so far as to suggest that one browser is sluggish -- there are too many environmental variables to have a good discussion on this subject.
Could you ELI5 Chromium's license to me? Is the whole thing open source, or just part? Can I build the whole thing myself, or does it rely on Google's magical binaries?
EDIT: also, smooth scrolling. If there's something that ruins my day is going on a browser with smooth scrolling. First world problems.
EDIT2: also, I'm struggling to remove add-ons. I know I have pocket installed because I see its icon on the top right, but it's showing up neither on Extensions nor on Plugins. Proof: http://i.imgur.com/ShUW5CK.png
EDIT3: manage to turn off smooth scrolling. Firefox is now skipping frames. Some times there's no difference (for example in google.com Firefox scrolls as well as Chrome.) Some times there's is a clear difference (for example, http://en.flossmanuals.net/chromium/ch008_installing-chromiu... Chrome is really smooth, while in Firefox there's noticeable jerking). Some times the experience is really REALLY bad (example, imgur)
I'm curious about the frame skipping is caused by -- I've never seen that problem. I'm wondering if maybe it's video card related? Might be worth asking someone involved in the project about to see if it's a known issue.
If you're logged into a Google account and haven't already made a choice on the page you can see it at http://www.google.com/settings/ads.
I'd respect them a lot more if they came right out and said "let us sell your data or start paying for our services." That would at least be a fair choice, and I'd be happy(ish) to pay google 10 bucks a month if they promised not to sell my information on the side.
> What’s still the same?
> Google does not sell your personal information to anyone.
The wording may matter so here are real questions that I can't seem to get definitive answers for because everyone seems to have strong opinions either way but no reference ever:
- Does "aggregated data from multiple users" or "anonymized data form a single user" still counts as personal from Google's PoV?
- Is Google effectively selling data in any way or is it only using data to back a service up? (e.g ads are getting served based on profile but the profile itself never leaves Google)
I'd be thankful if anyone points me to unambiguous text (ToS or other) pertaining to each question, whatever the answer is.
I think it's not just your data. It's not completely theirs either. Your search history is very important from a privacy standpoint, but it's still just data about how a particular user account, session, IP address or browser GUID used their services. It's not data you have explicitly uploaded (let's say like you do with YouTube or Photos).
The whole problem is the infrastructure they have in place. It's not transparent, and thus we don't know who gets to drink from their firehose of [meta]data.
It's a very good and hard ethical question (problem) to judge this trade-off. (Short term gain for our civilization, since we get awesome services for free - as in the population just uses it and generates the data, so it's endogenous growth, - but in the long term we increase the risk of having to face an efficient totalitarian surveillance system.
They don't have to do that because Google doesn't sell any data
https://goo.gl/XNykgg (Disclaimer: Referral)
But basically, Google for Work is like normal Google services (Gmail, Google Drive, Hangouts, etc), except without advertisements and more restrictions on what they do with your data:
There are of course other benefits and extra controls/features as well, but it at least covers your main point.
I in fact explicitly remember clicking no to a prompt similar to this one, so I'm very puzzled how I got auto-opted in anyways..
> Also use Google Account activity and information to personalize ads on these websites and apps and store that data in your Google Account
Should be off if you didn't opt-in though. I just tested it with a new Google account and it was off after I opted out.
"Not opting in" implies you are are opted out by default. Thus everyone's negative reaction.
(note that not recalling doesn't mean I never enabled it, however it would have had to have been fairly inconspicuously for me to "opt-in")
It's actually the very first line of their code of conduct.
A few Hacker News users being opposed to this doesn't make Google evil. A lot of people don't care, and I've met some who think it's a good idea.
I can choose where to draw the line. I care more about privacy than most of my friends, so I use a browser that helps that while they use Chrome because that's their choice. Google isn't preventing that from happening, so what they're doing isn't unethical, evil or wrong.
Nowadays all that seem to be less of a priority for Google; now what happens with the shareholder value when a large proportion of the customers again start to value their privacy over convenience ?
Collection isn't what you should be worried about. The problem is that the collected data is persistent and combined with other data in the future. Just timestamps from the browser can paint a surprisingly fine-grain picture of your pattern-of-life. I'm sure far more interesting interpretations can be found with the many machine learning techniques and other analysis methods that are currently being invented.
You can go to Google and say "here's an ad I want you to show to a group of people, none of whom will ever be identifiable to me in any way, who are male aged between 18 to 34 who like cars and drink beer."
That's what I don't understand about all this outrage - nobody, not Facebook or Google or Amazon or Apple, is selling your personal information to anyone for any reason, all they're doing is providing a platform that lets advertisers specify broad categories of people to show ads to. What's the problem with that? Ads will be slightly more relevant to my interests? So what?
To be clear, I completely understand why people don't want Google collecting their data in the first place, and that's a perfectly legitimate concern, I'm saying that once the data is collected, what difference does it make if that data is used to refine which adverts you see?
But what doesn't change is they have the data. So my preference is they don't have it in the first place. Then I don't have to be concerned about the changes.
Also, in my opinion there is a difference between collecting data and exploiting said data. You can store items at your friend's place, but you might not want your friend to look into the stuff you stored (for instance, your high school diary).
So you might be fine with Google storing your history (it's better for you when you want to retrieve the website you visited last week), but you might have concerns with this data being actually used by Google.
I do have my own concerns about bulk data collection. I've mentioned in other posts that I used to do everything I could to avoid being tracked online, but have since changed course to allowing google to track as much as they want. My reasoning is that if I am at risk of being deanonymized in a way that would make me uncomfortable, it's the service that gets the most information from me that is going to notice first. If that is a service that is responsible in its reporting (e.g. I can look at what is tracked about me and make my own conclusions), I'm better able to protect myself from harm. I am, of course, concerned with giving even a responsible corporation all of that information for the bare reason that even responsible corporations hire people who are not quite so responsible. But I would rather have knowledge of what can be known from my history, than fight off everyone who attempts to track me online. At least, as long as there is a strong incentive to track people who do not want to be tracked.
I was going crazy. never search on google shopping again on chrome.
Edit: To better explain, I also don't care for ads. Thus, I don't care if all my ads are from products that launched 5 years ago. Or for a new Hotmail account. Or a new PalmPilot. I would eventually notice, but I'd just shrug and continue browsing.
Also, from what I can tell, the parent post is about a Google program that's opt-in rather than opt-out so it's not even on by default anyway, I can't see what's so bad about it.
I always feel like artificially patching a project that doesn't care about your concerns natively to be plugging holes in a sponge boat, but I realize sometimes you need to use that boat because reasons.
I installed it from the AUR and it seems to work pretty well for the testing I do in it anyway. I don't daily driver it or Chrome.
Unless the concerns are always "more features"... forever. Any new features will do, so long as the project keeps growing. The more changes and updates the better.
I could put Microsoft Windows in this category along with hundreds of other projects. Chrome is deceptive because it has some useful features... but ultimately this browser is the tool of advertisers. Because they are the only hand that feeds the Google.
These folks are not aligned with my concerns. They cannot be. It is a conflict if interest. Will Chrome use my DNS server instead of Google's? Why should it? It's not my browser to control.
At one point the Googlers put a resolver into Chromium. I think they removed it but just the idea they considered this was enough to scare me away permanently.
I enjoyed the spongeboat analogy. One can use a patched alternative. One can write extension after extension to modify default behaviour. At some point it becomes a losing battle and a waste of time. The browser is designed and maintained by an advertising company.
Avoiding mothership home-calling is a wonderful way to navigate a world with too many software choices. It makes choosing software much easier. Because not many projects today consider home-calling a legitimate concern.
When you do find a project that fits your values, that you know will not change to suit advertisers, it can be a software you can stick with as things and times change. At least this has been my experience.
Some plugins can interfere with Electrolysis. To check if it's enabled go to about:support and look at the "Multiprocess Windows" entry, it should be 1/1 or higher.
You can block those ads, and the scripts that serve them and collect data.
From that page it sounds like it is on by default.
* No google keylogger in the main url bar (but local autocomplete based on previous history, bookmarks etc)
* access to autocomplete in search field next to url bar (I think removing this was one of the simplifications in the original Chrome.)
Ctrl-L: go to url bar
Ctrl-K: go to search field
¹ — https://qutebrowser.org/
Not that it's new, but it appears that the context has now been expanded to include the entire browsing history, just not the session.
[One should really consider using Firefox, and DuckDuckGo for search.]
The benefits could outweigh the cost (of increasing the likelihood of someone subverting Google into a brutally efficient totalitarian surveillance system).
You haven't figured it out yet, but we consider advertising unethical.
Oh, I was mostly worried about how an advertising company was using my interests to decide whether to show me an ad for batteries or hair cream.
"He snarkily shitposted to the internet whenever someone cared about an issue that wasn't the most pressing societal issue at the time. Even if their profession brought them into closer proximity to one than the other."
We need a project like the Linux kernel, except for a good browser.
* An organization set up to oversee it that does not need to care about money (pipe dream part here).
* Easy to install.
* Standards compliant.
* Open source.
All in all, Firefox is the closest (imo). What rubs me wrong about chrome is that originally it was to be monetized - at least I don't remember such.
The depths to which advertisers go to with tracking feels rather unethical at times, however.
It is psychological warfare, conducted by corporations instead of States. But the objective is the same; trick you into changing your behavior to benefit them.
It uses your fears, your neuroses, your addictions and your need to remain involved and up to date against yourself as a way to extract your hard-earned resources and time.
There is at least some "communication with Google" that could be considered innocuous. For example - accessing their Safe Browsing API (also used by Safari and Firefox).
Otherwise I agree, Chromium is faster and has less suprises
Edit: Turns out that the Unique Id is an install-only thing and is gone after the first update  (look at "Identifiers in Chrome" section) but it appears they can conduct "Field Trials" without your knowledge (certainly appears to be without your knowledge from what I can see)
Edit 2: removed pointless text
 - https://www.google.com/chrome/browser/privacy/
So for example, send search requests to google randomly for items like "ducks", "fishing ponds", "banana leaves" etc, totally unrelated nonsense that will skew these tracking giants provided enough people install and run these tools.
That however searches more for things like "how to appear funny", "why are my thumbs uneven", "am i lack toast and tolerant" or also "your youre difference".
I head about that.. it's a TV stuff no ?
Open Source is just an excuse to be able to fork others work and damage the source project with this.