The second reason their response is significant is that users need to decide whether Google’s user privacy posture is genuinely changing for the better, as they would have us believe, or whether their consolidation of user data across multiple services represents a privacy threat. And by “users”, let me be clear that I include the growing number of business who use services like Google Docs…
Contrast that with another privacy-related change Google has made recently. In November 2011 Google announced that domestic wi-fi networks could opt out of its Street View geolocation database (you remember… the one which was populated by Google’s war-driving camera cars, sniffing packets of network traffic all the while…).
My question is this: were you aware that this wi-fi opt-out existed? It doesn’t feel to me like Google made much noise about it… and though I could guess why, I don’t have any inside information about that. Objectively, the point is that it is not in Google’s interest for users to have an effective opt-out mechanism.
It’s interesting, too, to see how Google describe the opt-out:
“An SSID-based opt out substantially decreases the risk of abusive or fraudulent opt-out requests – for example, it helps protect against others opting out your access point without permission. This method of opt out can also be seen by other location service providers, and we hope the industry will respect the “_nomap” tag. This would benefit users by saving them the hassle of having to request several separate opt outs.”
I have a few simple observations to make about this:
1 – You know what else would have users the hassle of requesting several opt-outs? An “opted-out by default” policy.
2 – You know what would be simpler than hoping that ‘the industry’ will respect the “_nomap” kludge? An “opted-out by default” policy, and a law that says you’re not entitled to intercept traffic on domestic networks. Oh, wait, we already have one the latter (in the UK, at least… it’s called RIPA).
3 – An SSID-based opt-out ‘prevents others from opting my network out without my permission’? Whuh… This is so about-face that I keep looking around to make sure I didn’t step through the looking-glass without noticing, and to check that giant chess pieces aren’t sneaking upon me from behind. Really, Google – you’re too kind. I hadn’t considered the possibility that fiendish hackers might maliciously opt my network out of having its SSID sniffed by a third party. Thank goodness you’re on the case. Again – you know what would be a simpler and more effective defence against malicious third-party opt-out attacks? An “opted-out by default” approach…
So do Google really ‘get’ privacy yet? Sorry, but I’m not convinced. On that basis, I think the aggregation of data across their multiple services represents a privacy risk which individual and corporate users should not ignore. But what do you think?
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.