--- beckman@angryox.com wrote: From: Peter Beckman <beckman@angryox.com> At least Google seems to be honest about it. ---------------------------------------------- Yeah, trust them... --------------------------- What does Bing say they keep about you when you search, not logged into your Passport account? IP + searches, date and time? And what do they actually do? --------------------------- NOW you're getting warm. What IS the difference in what a corp says they do and what they actually do? --------------------------- What about Yahoo, now that they will use Bing? Or even AltaVista? How do we know the difference between the reality of what they do versus their Privacy Policy? ---------------------------- Yahoo and Altavista are one and the same. Excite is owned by www.iac.com who own many other companies that collect and make money from knowing what you do. Webcrawler is owned by InfoSpace (www.infospaceinc.com). They are ALL making money doing the same thing. ---------------------------------- You don't get to have Privacy on the Internet. It's a fallacy. You have to work really hard to truly have privacy on the 'net. And lie a lot. ---------------------------------- Yes, you have to work hard and (one last time :-) DBS. Use your sniffers at home to see what's talking to what; manage your cookies; force your ISPs machinery to change your DHCP-assigned address a lot; use SSH tunnels, blah, blah, blah. In FF goto "Tools", 'Options', 'Privacy', and select: "Accept cookies from sites'; 'Accept third-party cookies'; 'Keep until: <ask me every time> just to get a taste. Be sure to click on 'Show Details' when the flood of cookies comes and pay attention to the details. Don't go to sites that bork when you use these settings any longer. Also, look in 'Show cookies' and 'Exceptions'. Funny how M$ won't let you do that in IE AFAICT. scott
In FF goto "Tools", 'Options', 'Privacy', and select: "Accept cookies from sites'; 'Accept third-party cookies'; 'Keep until: <ask me every time> just to get a taste. Be sure to click on 'Show Details' when the flood of cookies comes and pay attention to the details. Don't go to sites that bork when you use these settings any longer. Also, look in 'Show cookies' and 'Exceptions'. Funny how M$ won't let you do that in IE AFAICT.
Let's not forget about Flash LSOs and the nasty companies that offer "services" to "replace" your cookies if they're deleted. FF has "BetterPrivacy" for that. Only caveat is it drives websites like BoA and eBay bonkers .. they want to "verify" you every time you re-visit. Cheers, Michael Holstein Cleveland State University
On Fri, 11 Dec 2009, Scott Weeks wrote:
--- beckman@angryox.com wrote: From: Peter Beckman <beckman@angryox.com>
At least Google seems to be honest about it. ----------------------------------------------
Yeah, trust them...
I said "seems." It's hard to verify if ANY company follows what is said in their Privacy Policy.
--------------------------- What does Bing say they keep about you when you search, not logged into your Passport account? IP + searches, date and time? And what do they actually do? ---------------------------
NOW you're getting warm. What IS the difference in what a corp says they do and what they actually do?
Who knows? Since they won't let you check (then again, I never asked if I could), how do you know what they are really doing with the data you know they might have?
--------------------------- What about Yahoo, now that they will use Bing? Or even AltaVista? How do we know the difference between the reality of what they do versus their Privacy Policy? ----------------------------
Yahoo and Altavista are one and the same. Excite is owned by www.iac.com who own many other companies that collect and make money from knowing what you do. Webcrawler is owned by InfoSpace (www.infospaceinc.com). They are ALL making money doing the same thing.
I don't see that trend slowing. So when you search on AltaVista, assuming AltaVista uses Yahoo and Yahoo using Bing, does AV, Yahoo! AND Microsoft (via Bing) all get a copy of that single search request and thusly your data? I'm guessing the 3 companies have different privacy policies that each apply to that data separately... makes your head spin.
---------------------------------- You don't get to have Privacy on the Internet. It's a fallacy. You have to work really hard to truly have privacy on the 'net. And lie a lot. ----------------------------------
Yes, you have to work hard and (one last time :-) DBS. Use your sniffers at home to see what's talking to what; manage your cookies; force your ISPs machinery to change your DHCP-assigned address a lot; use SSH tunnels, blah, blah, blah.
That's a lot of work, more overhead than many are willing to put in. Maybe someday I'll eat my words, but I'm just not paranoid enough to work that hard to avoid search engines or other companies to log my use of their service. I'm more worried about all the data at the doctor's office, the federal government, credit card and reporting companies, phone companies, etc. and I'm not doing much about that either.
In FF goto "Tools", 'Options', 'Privacy', and select: "Accept cookies from sites'; 'Accept third-party cookies'; 'Keep until: <ask me every time> just to get a taste. Be sure to click on 'Show Details' when the flood of cookies comes and pay attention to the details. Don't go to sites that bork when you use these settings any longer. Also, look in 'Show cookies' and 'Exceptions'. Funny how M$ won't let you do that in IE AFAICT.
Using a combo of Ad Blocker Plus and NoScript in Firefox helps reduce that significantly, without all the popups. But yeah, it's hard to use the Internet and not get tracked by a bunch of different entities you know nothing about. Which gives further proof that my earlier statement rings true: You don't get to have Privacy on the Internet. It's a fallacy. You have to work really hard to truly have privacy on the 'net. And lie a lot. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------
Peter Beckman wrote:
Using a combo of Ad Blocker Plus and NoScript in Firefox helps reduce that significantly, without all the popups. But yeah, it's hard to use the Internet and not get tracked by a bunch of different entities you know nothing about.
Which gives further proof that my earlier statement rings true:
You don't get to have Privacy on the Internet. It's a fallacy. You have to work really hard to truly have privacy on the 'net. And lie a lot.
I'm not naive enough to think all privacy policies reflect what a company is actually doing, but I'm surprised that people think Google protects their privacy at the same time they practically admitting they're selling your digital soul to whoever will pay for it. Hell, all you gmail users on this list right now are feeding the machine with all our data. The part that gets me: everyone seems happy with this. ~Seth
Seth Mattinen wrote:
Hell, all you gmail users on this list right now are feeding the machine with all our data.
The part that gets me: everyone seems happy with this.
This list has public archives that are already crawled and archived by Google. For example: http://www.merit.edu/mail.archives/nanog/threads.html http://seclists.org/nanog/2009/Dec/434 Subscribing to the list with a gmail account doesn't change anything about what Google knows about the list or list members. The part that gets me is that you don't already understand this. jc
This list has public archives that are already crawled and archived by Google. For example:
http://www.merit.edu/mail.archives/nanog/threads.html http://seclists.org/nanog/2009/Dec/434
Subscribing to the list with a gmail account doesn't change anything about what Google knows about the list or list members.
Indeed. BTW I'm impressed about how fast particularly the messages archived by insecure.org show up on the search results. Jorge
JC Dill wrote:
Seth Mattinen wrote:
Hell, all you gmail users on this list right now are feeding the machine with all our data.
The part that gets me: everyone seems happy with this.
This list has public archives that are already crawled and archived by Google. For example:
http://www.merit.edu/mail.archives/nanog/threads.html http://seclists.org/nanog/2009/Dec/434
Subscribing to the list with a gmail account doesn't change anything about what Google knows about the list or list members.
Those URL's don't seem to include "google.com" in them. Maybe I'm misreading them. Crawlers can be excluded with robots.txt if so chosen by the site owner so long as google respects said file. Some lists also respect a "no archive" header that some people choose to include with their messages. Preventing my email to gmail from entering their vast database of whatever they track doesn't have any such control features that I'm aware of. If there are, I'll stand corrected. ~Seth
This list has public archives that are already crawled and archived by Google. For example:
http://www.merit.edu/mail.archives/nanog/threads.html http://seclists.org/nanog/2009/Dec/434
Subscribing to the list with a gmail account doesn't change anything about what Google knows about the list or list members.
Those URL's don't seem to include "google.com" in them. Maybe I'm misreading them. Crawlers can be excluded with robots.txt if so chosen by the site owner so long as google respects said file. Some lists also respect a "no archive" header that some people choose to include with their messages.
Jorge Amodio wrote:
I didn't get any results from that link. ~Seth
Seth Mattinen wrote:
JC Dill wrote:
Seth Mattinen wrote:
Hell, all you gmail users on this list right now are feeding the machine with all our data.
The part that gets me: everyone seems happy with this.
This list has public archives that are already crawled and archived by Google. For example:
http://www.merit.edu/mail.archives/nanog/threads.html http://seclists.org/nanog/2009/Dec/434
Subscribing to the list with a gmail account doesn't change anything about what Google knows about the list or list members.
Those URL's don't seem to include "google.com" in them. Maybe I'm misreading them.
I *found* them by searching with Google. I found the second link by searching for a unique phrase from your email: http://www.google.com/search?q=nanog+%22feeding+the+machine A mere 1 hour after you emailed it to the NANOG list, Google web search has that email archived from the website on seclists.org.
Crawlers can be excluded with robots.txt if so chosen by the site owner so long as google respects said file.
Google does respect that file, but you are counting on other subscribers respecting the site owner's wishes regarding web archives. In my experience, this has become a futile fight. If the list doesn't have a web accessible archive, it's likely one of the list's subscribers might start their own archive or have it archived with one of the many archive sites e.g. gmane.
Some lists also respect a "no archive" header that some people choose to include with their messages.
If you are emailing a publicly archived mailing list that you know is web archived and likely spidered by Google, a "no archive" header is mostly useless. When someone replies to your email (as I'm doing now) your quoted text in the reply will be archived, preserving what you posted to the list. At best, the "no archive" header merely messes up threading. The "no archive" header idea never really worked in the first place - witness all the old usenet server posts that ended up on dejagoogle even when the posts had "no archive" headers.
Preventing my email to gmail from entering their vast database of whatever they track doesn't have any such control features that I'm aware of.
Preventing any email you send to anyone from being leaked out to the public is something you have no control of. I.e. the CRU hacked email controversy. If you don't want what you write to be posted on or archived on the internet and findable with web searches, don't use the internet to write or transmit it. Even then, you are at risk of someone scanning and posting what you write. As a NANOG subscriber you should be clueful enough to know all of this already. So what's the big issue here? jc
JC Dill wrote:
Seth Mattinen wrote: <snipped>
What I mean was that everyone seems happy with the whole "don't do anything you don't want anyone knowing" thing, then this tangent started. There must be things you don't want people to know that have nothing to do with a potential issue with law enforcement, no? Companies that use gmail must not want trade secrets or IP to be considered fair game for everyone to know? ~Seth
Seth Mattinen wrote:
JC Dill wrote:
Seth Mattinen wrote: <snipped>
What I mean was that everyone seems happy with the whole "don't do anything you don't want anyone knowing" thing, then this tangent started. There must be things you don't want people to know that have nothing to do with a potential issue with law enforcement, no? Companies that use gmail must not want trade secrets or IP to be considered fair game for everyone to know?
True. But email isn't secure, no matter what provider you use. I refer you to the CRU "hacked email server" again, as well as wikileaks, as examples of what can happen. If you really don't want the info to potentially leak out, don't put it on the internet, which also means don't even put it on any internet connected computer. Any information that you send from your computer to anyone else can be leaked. It can be leaked by the recipient - intentionally or accidentally (e.g. forwarding it to the wrong address). It can be leaked by their ISP - and not just their mail provider. If they have a virus/trojan infected computer, (an unfortunately highly likely scenario) it can be stolen. If they sell their used computer, it can be recovered from the hard drive that they "thought" they had cleaned. If they put it on a laptop the laptop can be stolen. These things happen every day. Worrying about it being leaked because they use gmail is far down the list of things to worry about. AFAIK there are no actual cases of information being compromised or leaked because someone used gmail. The #1 thing you can do to minimize that theoretical possible leak, if you care, is to use encryption e.g. PGP. Everyone on NANOG should know all of this already. jc
participants (6)
-
JC Dill
-
Jorge Amodio
-
Michael Holstein
-
Peter Beckman
-
Scott Weeks
-
Seth Mattinen