Mo-Fr: 10am-8pm
Sat: 11am-7pm
Sun: 12pm-5pm

Google’s New Privacy Policy: What Does it Mean?

at 2012.02.16

Google has combined their privacy policies into one.We’ve been inundated over the past couple of weeks with family, friends, and customers asking us about the recent changes in Google’s Privacy Policy. From an investigation by the European Union to being sued by privacy groups, Google has garnered quite a reaction. In fact, I can’t think of a single time that a privacy policy has caused such an uproar. So what does this change mean for web users? The short answer is: absolutely nothing. Despite predictions of Doomsday and one prominent Slate.com author lambasting Google for breaking their “Don’t be evil” motto, there is absolutely nothing terrifying or worrisome in the new policy. Here’s the long answer, with some explanations, as narrated through a series of questions we were asked recently.

What kind of information do websites store locally on my computer?

Websites, and this is almost all websites and not just Google, store little text files in your browsers local storage called Cookies. A Cookie is a machine-readable (not human readable, so you don’t have to worry about someone opening your computer and reading all your private information). For instance, here is the contents of a Cookie set on my machine by the site AccuRadio (an online radio provider):

Name: csrftoken
Content: 67295b5e6fd631932bb4ca4152a84dc8
Domain: www.accuradio.com
Path: /
Send For: Any kind of connection
Accessible to Script: Yes
Created: Tuesday, January 17, 2012 5:27:57 PM
Expires: Tuesday, January 15, 2013 5:27:57 PM

So, you can tell what site it came from, when it was created, when it expires, and…well, that’s pretty much it. The information about me is encrypted in that long string of numbers and letters near the top.  So what does all this mean? Not a whole lot, in and of itself. Very few sites these days actually store anything more on your computer than a user id. This user id is linked to a profile in their central database which contains information that these sites use to do things like personalize your experience, allow you to customize the appearance of websites, or (in the case of AccuRadio) make it easier for me to get to my favorite station (“Modern Rock Classics: 90’s Alternative”).

Because cookies are registered to a specific domain (such as google.com or amazon.com), websites don’t have access to the cookies of other websites with very few exceptions. More importantly, because cookies rarely contain anything other than a user id represented by a long string of numbers and letters, websites wouldn’t be able to do anything with cookies from other websites unless they also shared databases.

Can I make my cookies go away?

Absolutely. In fact, most browsers not only let you clear your cookies out all at once by going into the web history settings and clearing your web history, but they also allow you to see every time a website tries to put a cookie on your computer and reject or allow it. Because cookies are simple text files and not programs that can run themselves, you have full control over what cookies are accepted by your browser.

So if all a cookie stores is a user id, why the fuss?

Even though your local machine just stores a user id, that user id is linked to a database located on the servers for whatever website placed the cookie on your computer. These databases store information on your interactions with a website. For example, Amazon.com uses the user id stored in the cookie on your computer to save the contents of your shopping cart so that if you leave the site and then come back a couple of days later, you can continue shopping right where you left off.

Many websites use a cookie with a visitor id and a linked central database to track activities of users on their websites. Google, for instance, records what you search for, what ads you click on, and how much time you spend on various pages, and other information that is detailed in their privacy policies. Despite the ominous-sounding nature of this, it is no worse than what happens when you enter a store that is under video surveillance. It is also important to keep in mind that Google and other sites can’t collect any information on you that you are not willing to give them, usually through some sort of registration mechanism. So if you use Google while you’re not logged in, all they have is your i.p. address and anonymous data on a generic “visitor” that cannot be linked to you unless for some reason they can convince your internet service provider to disclose the identity behind the i.p. address.

So what does this have to do with the new Google Privacy Policy?

Everything and nothing. First, let’s look over what the new Google Privacy Policy actually changes. The truth is, it’s not much. The biggest change is that the new policy essentially allows Google to merge all of the individual user databases for all of their services into one. Previously, Google maintained separate databases for each one of their services. So any information they got from your Google searches would be stored separately from information they collected from your Youtube usage history which was separate from your Google Docs account. The new policy combines all of these separate privacy policies and databases into one.

What will this mean for you? Not a whole lot, initially. In fact, most people won’t even notice. In the future, though, Google has made it public that they plan to combine data from various sources to make their applications more intuitive and more functional. The example they give is if you have a meeting scheduled in your Google Calendar, they will be able to pop up a reminder letting you know to leave early because they combined your location from Google Latitude on your cell phone with traffic information from Google Maps with the location of the meeting. Some people are spooked by this. Personally, I think it’s a great service, and is one step closer to the kind of seamless integration of life and technology that the Jetsons promised decades ago.

Can I opt-out of this?

It depends on what you mean by opt-out. Can you continue using Google’s services the way you have been without being subject to their new policies? No, nor should you be able to. Can you think of a single brick and mortar business that would let you walk into their stores and do whatever you wanted and expect to be exempt from their store policies? Of course not. To go back to the “premises under surveillance” example, it would be like walking into a convenience store that had security cameras on and demanding that they turn everything off while you’re in the store.

There are options, though, for those that are terrified of having anyone know anything about them. First, you can stop using Google products entirely. As much talk as there is of Google having a monopoly on things like Search, it’s actually not the case. Plenty of search engines exist that are not Google and not run by Google. Some examples include Bing, blekko, and many others, some tailored to specific fields and topics and other covering the whole range of the web. There are also plenty of email sites that are not GMail. In short, the reason people use Google is because it’s easy and it works, not because there is a lack of alternatives. Not using Google products is by far the easiest way of “opting-out” of Google’s new privacy policy.

If you want to have your cake and eat it too, there are tricks to making sure that Google can’t track you. First, as we’ve mentioned, most browsers allow you to monitor every cookie a website tries to place on your computer and allow or deny them one by one. Another option is to disable cookies entirely, although doing so will severely limit your ability to do things like log in to your favorite video streaming site or online bank. Another option is to use your browsers “incognito” mode (as Google’s Chrome calls it). Firefox, Internet Explorer, and Chrome all have options to enter an anonymous browsing mode that limits the kinds of cookies that can be placed on your computer, as well as erases all cookies the minute you close the browser (and also limits what they place in your browsers history folder). Finally, for those that want to completely disappear, there are programs like Tor, called proxies, that allow you to disguise the location of your computer by sending signals through one or more intermediaries before they get to the website you are trying to visit.

Are there any less-intrusive options?

Not really. While browsers and websites exist that claim to be either completely anonymous or to protect your privacy, the reality is that every website you visit collects information about you. The reason Google is raising such a fuss is primarily because we’ve all come to rely on Google so much for so many different facets of our lives. In doing so, we forget that their services aren’t really “free”. We may not pay in money, but we do pay them in information, which to a company that bases its revenue on advertising is just as good. Considering how many wonderfully useful products we get out of the deal, I consider this a pretty good trade. After all, the real measure of how “evil” or “intrusive” a company is not how much information they have on us but what they do with it. So far, Google has not given any indication that they have ever misused our information, or have any plans to do so.

What does it all mean?

Nothing, really. We often forget that Google is giving away products that, until Google, many of us paid good money for. The bottom line is, if you want to use free services, you have to play by the rules. Just like if you want to shop at a brick and mortar store you have to play by their rules, or if you want to live in a city, a state, or a country you have to follow their laws. Most people don’t complain that they don’t get to opt out of, for instance, the US Tax Code, because they understand that that is the price of living in the United States. Similarly, using services on the internet means having to pay the price of admission. In this Google’s case, the price of admission is a history of the things you search for, the ads you click, and similar mostly-benign points of data. The new privacy policy is far more transparent than the old 60+ policies Google had for its various properties, and does a much better job of explaining exactly what information they collect, how they collect it, and what they do with it. Far from being a bad thing, this is a great improvement over the old system.