Security

Google: Being evil

There's a little new tarnish on the Google shine, thanks to CEO Schmidt's comments in a CNBC interview. Chad Perrin outlines his personal Google policy in response.

Somewhere along the way, Google's "Don't be evil!" motto became nothing more than a marketing slogan. Sure, Google still does a lot of good (releasing some great open source security software, for instance), but doing good does not mean you are not also doing evil. I expressed some concern over Google's potential for evil in "Should we be afraid of Google Public DNS?" but I also pointed out that — short of running your own DNS server — it might be the best option for some people who want to avoid intrusive monitoring by ISPs. I talked about the dangers of using new software incautiously in "Use Google Wave carefully during the testing period," but in that article I pretty much ignored the question of Google's trustworthiness entirely.

I was wrong. I should have been more critical of the privacy issues inherent in dealing with Google. The good Google has done gave me the excuse I needed to pay too little attention to the encroachments of the corporation into our online lives. I felt a great sense of foreboding when the company went public in 2004, because when a previously good company goes public it usually goes down the drain in terms of ethics and customer service, even if it becomes much more financially successful. Google CEO Eric Schmidt's comments on privacy in a CNBC interview, where he said, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." He went on to suggest that "it's important" that "all . . . information could be made available to the authorities." As a friend of mine put it:

Don't be evil! -> Don't Be Evil®

A few points should be addressed:

  • I have been looking into options for other search engines. I did not just want to swap out the devil I know for the devil I don't, though, so I started looking for alternatives that have strong privacy policies and whose actual technical implementations would help to protect my privacy. The privacy policies of Ixquick and Yauba in particular caught my eye; one of them does not even record IP addresses at all and the other discards them (as well as other data) in 24 hours and offers the shortest, most dramatic privacy policy statement I have ever seen on a site like this:

    We do not keep any personally identifiable information.

    Period.

    That is hard to beat. Unfortunately, between the two of them, I have noticed a single problem in common — they both return very limited, unsatisfying results. I have been spoiled by Google's excellent search results, and that is difficult to give up. Luckily, Yauba has a solution for that, too.

    First, do a search for Google on Yauba. Then, when the main Google site shows up as the first search result, click on the link that says "Visit Anonymously (slower)". This will actually use Yauba itself as an anonymous proxy for your visit to Google, and you can use the Google search engine with the Yauba search engine as an anonymizer!
  • I still look forward to the Chromium browser being ported to FreeBSD. While I have no interest in using the precompiled binary install of Google Chrome on my otherwise reasonably secure FreeBSD laptop, having a FreeBSD port of the underlying open source Chromium project available to me for compilation from source in the Ports system would be very welcome, especially given the bloat, instability, and poor interface design that has started creeping into Firefox ever since it reached release version 1.0 in 2004. As I pointed out in "What are the security implications for Google Chrome?" there are potential security advantages to Chromium that do not exist for Firefox, and so far it provides a superior user experience as well.
  • I will keep up with Google's security tool development, announcements, and so on. There is a lot of good security work going on at Google. I just do not expect much of it to be about how Google is improving the way it respects public privacy from itself.
  • I will wean myself off anything that requires me to accept cookies from Google domains or that otherwise connects my browsing habits with Google in any way. I have already stopped using a Firefox extension that checked Google PageRanks for sites I visited.
  • I will find alternatives to Google tools where I have included them in various Web sites that I maintain.

Even though I do not believe I am likely to suffer any really negative effects personally if I just go on using Google as I always have, I do not want to even tacitly support a corporation whose CEO has such an obviously bad stance on personal privacy. Any time someone says the equivalent of "if you don't do anything wrong you have nothing to hide," I know there is something wrong. After all, privacy is security.

About Chad Perrin

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks

Free Newsletters, In your Inbox