I've seen a number of stories, most recently in yesterday's Times Online [2], that describe surprise and fear over what Google knows about its users.
This is silly, in my opinion.
[3]
Sergey Brin and Larry Page - Founders of Google
[4]
The Times Online headline is "Big Google is Watching You" and the article states:
"Google has an extraordinary amount of information about its users. It logs all the searches made on it and stores this information indefinitely. Because every computer has a unique IP (internet protocol) address, every visit to every website can be traced back to the computer making it — a fact which is well known in geek circles but remarkably under-publicised outside them."
and
"Users of Google’s Gmail service, who are already having their e-mails scanned to place targeted ads, have given the company their identity, a full record of all their searches and copies of all their e-mails, stored indefinitely. Users of Google’s Toolbar are inadvertently giving the company a list of not just all their searches but also of every single website they visit. And, as the lawsuit makes clear, all this information is potentially vulnerable to subpoena."
Maybe I'm one of those geeks that realizes that this happens on virtually EVERY web site you visit.
What's a Log File and What Does it Look Like?
When you visit a web site, most will keep a log of what information is requested along with the IP address of who requested it. What does the log file look like? Here's a real sample from the Fight Identity Theft site:
192.168.1.100 - - [29/Sep/2005:09:56:28 -0400] "GET /how-to-report-scams.html HTTP/1.1" 200 22806 " http://search.yahoo.com/search?p=how+to+report+a+scam" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
So here's what this glob of code shows...
This is how web sites work. They collect data and log the data for later analysis (e.g. "How many people visit my homepage?" "What did a person search for to find my web site?", etc.)
What Information Are You Sharing and Can You Hide It?
So what information are you sharing as you browse the web? ShowIpAddress.com [6] is one of many sites that will show you what a log file can capture about you. The only personally identifiable piece of information is your IP address. That number is assigned to you by your Internet Service Provider (ISP). One way or another that number can be traced back to you as an individual, even if you are surfing during work at a Fortune 500 company or other large organization.
Does that make you scared, angry, or just plain nervous? Maybe it should, maybe it shouldn't. In either case, you can browse anonymously if you choose.
There are many products and services that allow you to web surf anonymously. Most will route your requests through their servers, thus hiding your IP address. Anonymizer.com [7] has been around for a long time and they provide a service where you can use their site to browse anonymously for free.
But, back to Google...
Are they evil because they log this information? Powerful, yes, because so many people use their services, but I wouldn't say evil.
When I choose to sign up for a service like Gmail, I know that they will be reading my email content so they can serve up related ads. That's how they make money. That's how I can have a 2.5 gigs of free storage for my messages. Yahoo has a similar policy. Same with MSN Hotmail.
When I choose to use Google search I have to know that they log what I'm searching for and analyze it to spot user patterns. The same thing happens at Yahoo and MSN.
I have to realize that sites, like Google, store this information and will use it to improve their product and to make money. I also have to realize that it could be handed over to the government.
This is all part of the trade-off we make every day between security/privacy and convenience. If you are extremely concerned with privacy you probably shouldn't be using the internet and you certainly shouldn't sign up for a service that clearly states it will read and store your email messages. If you're concerned that your search history or email messages could be revealed at a later date you should consider using a product that protects your anonymity, like Anonymizer [8].
Here's the bottom line...
When information is aggregated, abuses, information leaks, subpoenas, and profiteering can occur. When it does occur it should be exposed and fought. I just don't see where Google has done anything evil or different than any other web site on the internet.
Feel differently? Then please append a comment to this story.
Derrell and Terrell Brittenum of Memphis, TN have been charged with forgery, theft by deception and financial identity fraud for purchasing a 2005 Dodge Magnum last June 2005 in Atlanta using someone else's identity.
The twins recently appeared on the most-watched show in America - American Idol. Evidently they were excellent performers and had moved on to the next round in Hollywood, CA. Unfortunately for them they've now been dropped from the show based on their actions.
Here's a before photo:
And an after photo:
E!Online [11] reports that:
"Both brothers were released from jail on bond Sunday morning and were preparing to travel to Los Angeles for the next round of eliminations when they received word that their presence was no longer welcome.
Though the twins may have blown their shot at Idol worship, they reportedly have other opportunities to consider. Bennett claims to have been contacted by "several" record labels interested in signing the brothers."
Great! Evidently some record labels are still interested in these gentlemen. Maybe their arrests will give them additional "street cred."
Whatever sells records, I guess...
The U.S. Federal Trade Commission reported earlier today that they received more than 255,000 complaints regarding identity theft in 2005. That's up from 247,000 reported in 2004. Total fraud reports topped 686,000.
So what trends show up in the report? Well, here are a few:
The complete report can be downloaded in Adobe Acrobat format from the FTC web site [16].
Can five million Britians be duped? Yes, according to a study done by the British consumer protection organization Which? [19]. Which? contacted more than 1000 Brits to see how widespread the scam problem is in the U.K. The results?
The funny thing is that I've even seen people outside the U.K. fall victim to these international lottery scams. Here's a typical email that arrived in our honeypot [20] inbox this week:
As I was saying, I've received email from U.S. residents wondering if they'd really won after receiving an email like this. They never questioned how they'd won even though they weren't residents of the country where the lottery was held and had never even entered the lottery.
Greed makes us stupid, doesn't it? That's what the scammers count on.
UPDATE!
Many of you have also received snail mail versions of this scam. In this scam you receive a letter saying you've won as well as a check for $3,000 - $4,000 dollars to cover the taxes and processing fees - supposedly.
Anyway, listen up people.
This is a scam. The check is fake.
It may initially be accepted at your bank but will eventually be worth absolutely nothing. So when you deposit it and then send them a check from your account, you will lose money.
Ask yourself... Why would they send you a check and then have you send them a check right back for the same amount? Does that make sense? It does if you're trying to scam someone.
No, this won't be a post about some political scandal in Iraq.
Instead, I wanted to post an scam email — one where a supposed American soldier wants to share some of Saddam Hussein's booty (booty here meaning "Plunder taken from an enemy in time of war.")
Here's the email:
I haven't seen an email like this since "Bradon Curtis" a "special forces commando" working in Afghanistan wanted to send us some Taliban money a few years ago [23].
As always, these emails should produce more laughs than greed as they land in your in-box. The scam is one of the oldest in the book and will involve you giving up more and more money as you try to get your grubby, greedy mitts on 7.2 million of Saddam's money.
Learn more here... [15]
If you're a victim of identity theft, you will likely need to contact banks, credit card companies, and department stores. Most companies have what's called an Interactive Voice Response (IVR) in place to "help" you.
These systems can be very frustrating, especially when you're stressed out and just need to talk to a fellow human being to work out your problems. That's where the IVR Cheat Sheet comes in handy.
Paul English, Boston resident and CTO of travel search engine company Kayak.com [26], decided to take matters into his own hands and create a cheat sheet for major institutions in the U.S. [27] and the U.K. [28]
Here are some examples of what you'll find:
Isn't this fun! The list contains over 259 companies as well as a how-to guide [29] for companies that aren't listed.
Here's the link: The IVR Cheat Sheet [27]
Peer-to-Peer (P2P) file sharing networks exist so people can download free mp3 files, DVDs, movies, etc. They work by having each member of the network share some personal files while downloading files from other people's computers. Share and share alike, right?
This has understandably driven the RIAA (Recording Industry Association of America) as well as the people in Hollywood crazy. So crazy that they are suing people they catch sharing copyrighted materials. We're not going to go into the ethics either way on this argument. Maybe some other time...
The problem is that people are not only sharing their ripped CDs and DVDs, they're also sharing (accidently, I'm guessing) sensitive files on their hard drive like tax returns, bank statements and cancelled checks.
A blogger recently decided to do a few searches on Gnutella, a major P2P network, for sensitive documents. It took him only 10 minutes to find a handful.
Take a look at what he dug up... [32] (maybe it's your tax return)
What is the lesson you should learn?
Now that more of you are ignoring, shredding, or opting out [35] of the junk mail that arrives in your mailbox every day, the Direct Mail departments in companies around the world are having to get smarter and sneakier in order to survive.
Here are a few examples of what they'll do to get you to open up that steaming piece of junk mail:
From the blog, Joel on Software "How Many Lies Can You Find in One Direct Mail Piece? [36]"
[36]
Joel dissects a direct mail piece from Earthlink, disguised to look like an overnight letter from FedEx. He quickly finds a dozen lies and distortions without even opening up the package!
From the excellent Signal to Noise blog "Fatalist Junk Mail [37]":
Jason shows off a new direct mail piece with a fake credit card showing through the envelope window along with the words "REMOVE CONTENTS before you discard."
Apparently they're trying to exploit the training you've received to shred credit offers in order to get you to open their lame offer.
Sounds desperate to me...
The Sober worm we talked about earlier [40] will possibly start clogging email inboxes on January 6 or even January 5.
If you aren't running anti-virus software (huh?) or haven't updated your definitions file recently, you'll want to so in the next day or so. If not, you could be one of the computers spreading more Nazi propoganda [41].
So where can you scan your computer for free? Here are a few ideas:
- http://housecall.trendmicro.com/
[42]
- http://us.mcafee.com/root/mfs/default.asp [43]
- http://www.pandasoftware.com/products/ActiveScan.htm [44]
These services will allow you to scan for free, but you'll probably have to pay a small fee to remove anything they find. In either case, it's best to know if you're clean (or not).
Think your check is safe after you fill it out? Think again...
Your writing can be removed using a procedure called "check washing." A solvent is used - usually rubbing alcohol or nail polish remover - to fade out or completely remove what you've put on your check.
Here's a before and after picture:
The check is now ready for a new amount (I'm guessing larger than $10) and a new recipient.
An even better trick for the forger is to cover your signature so it remains in place while everything else is removed.
Use the right pen.
Based on the excellent testing of Sean Kane, he found that gel pens worked best at resisting these check washing procedures.
See the whole experiment and complete results on Sean's site [47].
Links:
[1] http://www.fightidentitytheft.com/blog/technology/is-google-evil
[2] http://www.timesonline.co.uk/article/0,,2092-2014215,00.html
[3] http://www.forrester.com/mag
[4] http://www.google.com/intl/en/corporate/tenthings.html
[5] http://www.fightidentitytheft.com/how-to-report-scams.html
[6] http://www.showipaddress.com/
[7] https://www.anonymizer.com/
[8] http://www.anonymizer.com
[9] http://www.fightidentitytheft.com/blog/technology/is-google-evil#comments
[10] http://www.fightidentitytheft.com/blog/identity-theft/american-idol-contestants-guilty-of-identity-theft
[11] http://www.eonline.com/News/Items/0,1,18244,00.html?fdnews
[12] http://www.fightidentitytheft.com/blog/identity-theft/american-idol-contestants-guilty-of-identity-theft#comments
[13] http://www.fightidentitytheft.com/blog/-2/ftc-releases-2005-fraud-statistics
[14] http://www.fightidentitytheft.com/lottery_scams.html
[15] http://www.fightidentitytheft.com/internet_scam_nigerian.html
[16] http://www.consumer.gov/sentinel/pubs/Top10Fraud2005.pdf
[17] http://www.fightidentitytheft.com/blog/-2/ftc-releases-2005-fraud-statistics#comments
[18] http://www.fightidentitytheft.com/blog/scam/british-lottery-scam
[19] http://www.which.co.uk
[20] http://en.wikipedia.org/wiki/Honeypot
[21] http://www.fightidentitytheft.com/blog/scam/british-lottery-scam#comments
[22] http://www.fightidentitytheft.com/blog/scam/iraq-scam-email
[23] http://www.fightidentitytheft.com/blog/?p=15
[24] http://www.fightidentitytheft.com/blog/scam/iraq-scam-email#comments
[25] http://www.fightidentitytheft.com/blog/identity-theft/how-to-bypass-phone-systems-and-talk-to-a-human
[26] http://www.kayak.com
[27] http://www.paulenglish.com/ivr/
[28] http://www.paulenglish.com/ivr/uk/
[29] http://www.paulenglish.com/ivr/info.html
[30] http://www.fightidentitytheft.com/blog/identity-theft/how-to-bypass-phone-systems-and-talk-to-a-human#comments
[31] http://www.fightidentitytheft.com/blog/identity-theft/are-you-sharing-your-tax-return-or-bank-statement-online
[32] http://trenchier2.blogspot.com/2005/05/people-share-darndest-things.html
[33] http://www.fightidentitytheft.com/blog/identity-theft/are-you-sharing-your-tax-return-or-bank-statement-online#comments
[34] http://www.fightidentitytheft.com/blog/junk-mail/junk-mailers-getting-smarter
[35] http://fightidentitytheft.com/junkmail.html
[36] http://www.joelonsoftware.com/articles/fog0000000019.html
[37] http://37signals.com/svn/archives2/fatalist_junk_mail.php
[38] http://www.fightidentitytheft.com/blog/junk-mail/junk-mailers-getting-smarter#comments
[39] http://www.fightidentitytheft.com/blog/worms/worm-set-to-attack-jan-6-are-you-ready
[40] http://www.fightidentitytheft.com/blog/?cat=6
[41] http://www.fightidentitytheft.com/blog/?p=24
[42] http://housecall.trendmicro.com/
[43] http://us.mcafee.com/root/mfs/default.as
[44] http://www.pandasoftware.com/products/ActiveScan.htm
[45] http://www.fightidentitytheft.com/blog/worms/worm-set-to-attack-jan-6-are-you-ready#comments
[46] http://www.fightidentitytheft.com/blog/-2-2-2/check-forgery-101
[47] http://www.celtickane.com/projects/washing/index.php?
[48] http://www.fightidentitytheft.com/blog/-2-2-2/check-forgery-101#comments