Taking into account that I’ve already admitted to being more than a little security paranoid (see Tinfoil Hat Time below), I was still very concerned when I read this article in The Register.
Apparently Google now want you to provide your mobile phone number when signing up to GMail. Of course, this comes with the usual assurances that they’re not going to use it for anything naughty, but the whole concept of providing this level of information just to get a webmail account is very disturbing to me. I do use GMail, but I’m glad I signed up before all these “security checks” were required – and if they become requisite to keeping GMail, then it will be “goodbye from me”. Google’s rationale, apparently, is to assist in reducing spam (which is, of course, a good thing), but the amount of personally identifiable data that one company ends up having access to, is worrying to me.
Because let’s not forget – this is a company – a business – not a government department (who may conceivably need all this information). Google’s informal motto is “Don’t Be Evil”, but please excuse me if that doesn’t make me feel all warm and fuzzy inside. A company does not build an annual revenue of $21.8 billion by being kitten-like, fluffy and huggable. The Register article, as usual, had its tongue very firmly in its cheek when making mention of the famous maxim.
Why, then, is this new development a cause for concern for all Internet users, and not just the security-paranoid like me? Well, just think for a moment about the amount of data Google could access about about an average business user. Now, I’m saying “could”, because I don’t know how Google encrypts or anonymises its data, but since all this stuff about you is stored on their servers or on servers belonging to Google companies, it’s conceivable that it could be accessed and aggregated:
- E-Mail & Contacts – if you have a GMail account
- Chat history – using GMail chat
- Search history – if you’re logged in to your Google account when searching, or via the infamous Google cookie
- Documents & Spreadsheets – if you use Google’s online office apps
- Appointments – from Google Calendar
- Your address & favourite locations – from Google Maps & Earth
- What blogs you read – if you go to a Google blogging company or syndicate the feed through Google’s RSS reader
- What videos you watch on Youtube
- What you purchase – if you pay using Google Checkout
- What websites you visit through Adsense or Google Analytics
- Your favourite websites if you use a customised Google homepage
- What Usenet groups you read (yes…some of us still love Usenet)
- Your photographs – via Picasa
And now, add your mobile phone number to that list. Of course, a lot of this data used to exist on your desktop PC anyway, but that’s the point: it was stored locally – in your house or office. Now all of this data is on the Internet, and it’s not even distributed, but on the servers of just one company. When the new Google desktop operating system appears, the dividing line between locally-stored data and information stored in the “cloud” will become even less distinct. In the future, we could see targetted ads appearing in your searches, that are based on keywords contained in your documents. Or complete profiles being generated from an aggregate of the bewildering amount of data Google holds about you.
At this point, you may be wondering whether to call the men in white coats to come and take me away for a holiday. Well, don’t worry, I actually live only 2km from a psychiatric hospital, so I can check myself in if necessary. But remember, I’m not saying Google does misuse the data it holds about us, and I’m certainly not saying that it will, your Honour. The crucial point, though, is that it could!
Information is power; power corrupts. That is the primary reason why I try to make my online data reasonably anonymous, and keep important stuff offline. It’s also why I use Linux and open source applications, rather than favouring the closed approach to source code. This applies to use of data as well, particularly when the policies surrounding it are shrouded in vague promises of “we’ll be good! Scouts honour!”
I may trust “primum non nocere” from my doctor, but I see a glaring conflict of interest with Google. They don’t just want your data to make it easier for you to access – they actually need it to drive their targetted advertising model. So why don’t more people see this and reduce their dependence on Google? I’ll give my opinions on this in a future post.