Web browsing privacy in the news

Web browsing privacy in the news

If you have listened to the news recently, you are well aware that there is a major controversy about at least nine major Internet and phone companies turning over a massive number of records to the National Security Agency (NSA). I’ll make no attempt here to politicize or judge what has occurred regarding; instead, I’ll review the privacy policies of some of the major players in cyberspace.

Whatever our personal feelings, Microsoft is unarguably one of the giants in the personal computer and smart device industry. And as is the general rule, Microsoft claims to take our personal privacy seriously. In its “full privacy statement” (privacy.microsoft.com), Microsoft discloses what personal information is gathered, how it is gathered, how it is secured, and what can be done with our personal information. People may not be totally aware that Microsoft, as well as all of the other major search providers, track search requests, scan e-mail content (note that Microsoft claims that its new Outlook e-mail service is more private than Google’s Gmail), and gather other information about its users. Under the heading “Sharing of Your Personal Information,” Microsoft states, “Except as described in this statement, we will not disclose your personal information outside of Microsoft and its controlled subsidiaries and affiliates without your consent.” The statement goes on to explain how the user can choose to share personal information with Microsoft or “select Microsoft partners so that they can contact you about their products, services or offers.” Later in its privacy statement, Microsoft says, “We may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers or the public.” The section of the privacy statement that applies to the data mining controversy that has been in the news recently is the section about complying with the law or lawful requests.

Google, which needs no introduction, has made billions of dollars by utilizing our personal data within its stated privacy policies. Google’s primary privacy statement can be found at google.com/policies/privacy. At the top of its privacy statement, Google says, “When you share information with us, for example by creating a Google Account, we can make those services even better – to show you more relevant search results and ads ... we want you to be clear how we’re using information and the ways in which you can protect your privacy. We collect information to provide better services to all of our users – from figuring out basic stuff like which language you speak, to more complex things like which ads you’ll find most useful or the people who matter most to you online.” Google compiles personal information in several ways. When registering for a Google account (including Gmail, Google+, and other services), Google utilizes the personal information provided by the user; this information can include the user’s name, e-mail address, phone numbers, credit card information, and other personal data. Another way that Google gathers personal information is whenever a user accesses any of the Google services (such as search), Google can utilize Web beacons (1 pixel image files), cookies and other devices. Whenever a Web surfer visits a website containing any of the many Google advertising services and interacts with that information, Google collects “ ... details of how you used our service, such as your search queries, telephony log information like your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls, Internet protocol (IP) address, device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL, (and) cookies that may uniquely identify your browser or your Google Account.” Now that location technology has improved via a variety of methods (including Google’s infamous cars driving down every street in the country capturing street level photos and Wi-Fi network locations), Google says, “We may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.”

Google can also store a variety of cookies, flash objects and other information on the user’s computer, which Google calls “local storage” — “We may collect and store information (including personal information) locally on your device using mechanisms such as browser Web storage (including HTML 5) and application data caches. ... We use various technologies to collect and store information when you visit a Google service, and this may include sending one or more cookies or anonymous identifiers to your device. We also use cookies and anonymous identifiers when you interact with services we offer to our partners, such as advertising services or Google features that may appear on other sites.” Since Google wants to protect some of our most sensitive personal information, “When showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.” Google does allow users to have access and control the usage and distribution of personal information through its Dashboard service at google.com/dashboard.

In its privacy statement, Google states that it does not share personal information about its users with companied organizations and individuals unless certain circumstances apply. Obviously, a user may voluntarily consent to share data if desired, but can control what information is shared. As has been on the news recently, there has been massive sharing of Web data with federal government agencies; this may be in compliance with Google’s privacy statement under the heading “For legal reasons.” While several apparently legitimate legal reasons are listed in the privacy policy, the section that has drawn media scrutiny indicates that Google will share to “ ... meet any applicable law, regulation, legal process or enforceable governmental request.”

In terms of privacy, Yahoo is not much different from the other major Web services. Yahoo gathers personal information through much the same means and methods as the others, also primarily for the purpose of generating revenue. The Yahoo privacy site is at info.yahoo.com/privacy/us/yahoo/details.html. Yahoo’s Ad Interest Manager can also be set to turn off so called “web beacons” used for tracking purposes; instructions for opting out of other sites’ Web beacons is available on one of Yahoo’s privacy pages. While I have personally utilized Yahoo!’s Ad Interest manager to opt-out of tracking, and it shows no tracking history of Web searches, pages visited, and other information, it does disclose other personal information about me. It shows my location (city and state), IP address, operating system, browser, screen resolution, the color depth setting of my video card, my age range and gender. Yahoo says that the purpose of this is, “We may customize some ads based on information sent to us by your computer and cookies. These ads are not interest-based.”

Read the privacy statements of all of your Web service providers such that you will be better aware of how much privacy, or lack thereof, you really have when using the major Web based services.