Tag Archives: privacy

Google Web History, and Why You Might (or Might Not) Want To Turn It Off

If you’ve been anywhere on Google lately, you’ve probably noticed that their privacy policy is changing. But does that actually mean anything for you? Well, the thing they’ve been getting some complaints about is the way they can now tie your data across multiple services. So the information in your Web History could, for example, be used to decide what ads to show you in Gmail.

You probably didn’t even know Google had a web history feature. And it seems to be active for some people and not for others; in the couple of articles I’ve read so far, nobody seems to know what the criteria are. (Has it always been opt-in? Has it changed?) But if it is on, the the service is tracking all searches you make (and optionally, which results you click on) while you’re logged into your Google account. For many people, that’s a good percentage of the time they use their browser.

Now, before you start thinking Google is some crazy company keeping your data for who-knows-what, you do get something out of it. For one, you can go back and see what you searched for on any day in the past, which is actually a pretty cool way to look back, and on occasion it can help you remember what you were doing on a given day, if you need to figure it out. Also, if you know you’ve successfully searched for something in the past, but now don’t know what search terms you use and can’t find it anymore, you can probably figure out what your search terms were from the web history. Additionally, if you’ve enabled the more-powerful tracking options (these are opt-in), when you run a search you’ll see text underneath any results you’ve clicked on before, with the date you last accessed them through a search. This is really handy, because if you’ve been to a site before it makes it significantly more likely that you’ll be looking for it again. Google can also use the information to give you (supposedly) more relevant results.

Of course, having a history of all the searches you’ve ever performed might be unattractive to some. If that’s you, feel free to clear it out. But keep in mind that this won’t necessarily prevent Google from collecting some of this information about you anyway (see #2 on this CNET article). Especially with that in mind, I find that for me the benefits are worth the potential privacy risk. Personally, I never clear my history in either Google or my own browser, because I frequently want to go back and search where I was a couple of days ago. Someday this is probably going to come back and bite me when someone steals my browsing history, but that won’t be that big of a catastrophe, and I’m willing to take the risk for the convenience.

For the most part, I trust Google to keep my information. Someone has to deal with my email (okay, technically I could run my own mail server, but that’s not really practical for most people). In my opinion it might as well be Google. Some people decry the fact that Google “reads your email”—a computer scans the content of your messages to determine advertisements that might be related. That doesn’t, however, mean that anyone at Google is actually going to read the words in your email and get any meaning out of it, nor does it really scare me. There are plenty of much easier ways for someone to intercept the content of my email over the Internet, and I highly doubt that keeping an archive of the entire world’s email is one of Google’s goals. And in general, I trust Google enough to keep my information. I wouldn’t trust a random start-up company with my history or my email, nor would I trust Facebook. And in exchange for everything that Google offers me (search, email, YouTube, this blog, . . .), I’m perfectly willing to let them display targeted advertisements.

If you do want to turn off web history, either because of the slight protection from Google it might afford you, because you don’t want Google to “personalize” your experience by combining profiles about your web use across their services, or because you just don’t like all that information being easily accessible, it’s easy enough to turn off. Just keep in mind that that data is still out there and consider what you’re losing.
Soren “scorchgeek” Bjornstad
http://www.thetechnicalgeekery.com
If you have found an error or notable omission in this tip, please leave a comment or email me: webmaster@thetechnicalgeekery.com.
Copyright 2012 Soren Bjornstad.
Verbatim copying and redistribution of part or all of this article
is permitted, provided this notice is preserved.

How to Tell if a Web Site is Legitimate

Ever gotten an email like this one? (Click to enlarge the image.)

I often wonder how many people are actually big enough suckers to respond to these emails. It must be a surprising number, whatever it is, because we wouldn’t be getting them if there wasn’t some money in it.

 

Unfortunately, a lot of phishing scams are much more subtle. And that’s when even the most seasoned Internet users can accidentally type their login information (or even credit card information, Social Security number, and so on) into a fake form. It hasn’t happened to me yet, but I’m quite aware that it might.

 

I got sent a link to an enlightening quiz a few days ago. There are several things that you should watch out for to determine if a website is real or fake (if you look at the examples in the quiz, you’ll see the first two things, and the other two don’t really need screenshots, so I won’t take any):
  • Check the URL in the address bar. Every modern web browser puts the actual domain name (like google.com) in bold. This is because sometimes scammers create URLs that look like this: http://7436et.kjfgk.com/ebay.com/login/7463e8et.php. Then people look at the address bar, see “ebay.com,” and figure that it’s legit. So remember: the part that’s in bold is the only part that matters.
  • Check for a security certificate. If you’re being asked for sensitive information, the connection should always be encrypted, which will be signified with a small lock icon and sometimes the company’s name next to the address bar. SSL (the encryption system used for web browsing) is a really complicated topic, but basically, if you don’t see that icon, beware, and never, ever enter your financial information into a page that doesn’t have the lock. (Some legitimate websites have login pages that are unencrypted but then send your login information over an encrypted connection when you actually press Submit.)
  • If the website doesn’t look quite like the login screen usually does, beware. If at all in doubt, play it safe: close that tab, open a new tab, type the website’s URL into the address bar, and start again from there.
  • If you’re clicking a link in an email, check the status bar before you click. Just hover your mouse over the link and look in the very bottom-left corner of your browser, and you should see the URL displayed. Make sure it’s what you were expecting.
The biggest problem is not determining whether a website is real or fake when you’re suspicious–these four steps should catch just about every phishing attack out there. The real problem is remembering to check. Make it a habit to glance over and check the URL and the lock icon before entering any sensitive information, and if you’re ever asked to log in to a website when you weren’t expecting to (for instance, you click a link on Facebook and are presented with a login screen, even though you were already logged in), be sure to take a long, hard look.

 

If you haven’t taken the quiz yet, I’d encourage you to. After reading this post, you ought to get a perfect score.

 

Soren “scorchgeek” Bjornstad
http://www.thetechnicalgeekery.com

 

If you have found an error or notable omission in this tip, please leave a comment or email me: webmaster@thetechnicalgeekery.com.

 

Copyright 2011 Soren Bjornstad.
Verbatim copying and redistribution of part or all of this article
is permitted, provided this notice is preserved.