I can’t remember where I saw Googling Security reviewed*, but the review made a strong impression. It exposed at least a couple of the provocative tidbits in the book, like that even if you personally refuse to use Google’s Gmail service on privacy grounds, as soon as a friend sends you a message with Gmail, Google knows that you and that friend are associated. It might have mentioned that as soon as some searches for, say, your full name and the word “plumber” (or something much less innocuous) Google “knows” in some sense that there’s an association between you and plumbing (or something much less innocuous).*
Conti is a computer scientist who researches things like security and information disclosure. As this job description requires, he’s both sharp and paranoid. I bookmarked a dozen or so passages that showcased one attribute or another. He starts out by saying that he considers Google “a sovereign entity equivalent to a nation . . . because of its top-tier intellectual talent, financial resources in the billions of dollars, and world-class information-processing resources,” a viewpoint which strikes me as patently absurd. Throughout there are asides like, “every time an old friend contacts you from a webmail account, a little piece of your privacy dies.” But in the chapter on maps, Conti offers this provocative scenario:
Let’s say [your company] has 1,200 employees located at 10 locations, some not publicly known. Imagine mapping activity form the IP address ranges used by our corporate headquarters, as well as the other locations, all seeking directions from Ministeri Pistarini International Airport in Buenos Aires to the street address of a meeting site at the outskirts of the city. Because this activity is out of the norm, you’ve just created a unique set of characteristics that ties together your various company offices with a potentially sensitive meeting. You’ve also disclosed with a high probability, the travel plans of the meeting participants, as well as given a clue to the strategic importance of Argentina to your company’s planning.
In the chapter on cross-site tracking via embedded content, after dissecting the roles of the (many) sites involved in serving up content for a typical MSNBC.com page, he makes the trenchant point that, “your real privacy in terms of visiting a web site is the equivalent of the worst [privacy] policy of all the sites embedded there.”
I don’t plan to make many changes to my web browsing habits as a result of reading Conti’s book, mostly because I already aggressively filter tracking cookies and minimize my use of problematic sites like FaceBook. But I did find it interesting and thought provoking, if sometimes a little shrill.
* I also didn’t remember the author or the exact title. I made a game of trying to track down the book without using Google, pretending that showing interest in this book might set some blackmark flag in Google’s servers. I searched on Amazon, Yahoo!, and even Bing. But I couldn’t track it down without recourse to Google.
** Or at least that someone is trying to establish a connection, which may be interesting in an entirely different way.
*** If nothing else, the end of normal matter in the universe will eventually impose significant changes on Google’s technical infrastructure.
needs more demons? I wouldn’t want to wish more demons on Conti; he seems to have enough of his own.