The smart paranoid's guide to using Google
Here are down-and-dirty details on how to maintain your privacy while using Google's myriad services.
Do you realize that Google may have recorded and stored every single search term you have ever punched into its search box? Chances are some of those searches could be soberingly damaging to your reputation. What about Gmail? Have you ever sent any sensitive e-mails? How about business information stored in Google Docs?
Unless you sat out the last decade offline, you've likely been building a pretty thorough profile of yourself on Google Inc.'s servers. Depending on which of the dozens of Google services you use, data about your habits, interests, activities, schedule, professional pursuits, stock portfolio and medical history could be sitting somewhere on Google's servers -- along with records of the trip routes you've mapped, the Web sites you've visited and much more.
The good news is that Google anonymizes its server logs by removing the last three digits from the IP addresses associated with searches after nine months and by deleting the associated cookies after 18 months, which makes it very difficult to link you to searches that are more than 18 months old.
That's still a pretty big window into your life, though. What if any or all of that data ever became public? An attacker could conceivably get access to your information on Google by hacking directly into its servers, or by hacking into your individual account.
"There is a huge amount of stuff on Google," says Gartner Research VP Jay Heiser, "and it would be naive to believe that all that information wasn't of huge interest to a wide variety of people."
What's more, the large number of services Google offers means there are multiple ways of accessing data. "Each service brings its own unique risks," says Heiser. "There's potential for a minor vulnerability in one to add up to a more significant vulnerability when combined with something else."
Bottom line? Big Brother knows a whole lot more than you probably thought. But you don't have to avoid Google to keep yourself reasonably safe. You just need to take steps to prevent potentially dangerous information from being stored on Google's servers in the first place, and to protect the integrity of your account.
By taking some basic -- and not-so-basic -- precautions, you can minimize your exposure to bad guys, wherever and whoever they are. Read on to learn about things you can do to minimize the security risks involved in using Google, whether for search or for one of its myriad other online services.
For good measure, we've included two levels of advice on how you can protect yourself:
- "Defcon 2" (good security) tips are things you can do with the tools already at your disposal to keep yourself safe against typical attacks -- but not against a determined attacker.
- "Defcon 1" (best security) tips -- a.k.a. "the celebrity solution" (steps to take if you have, or intend to have, a highly visible public profile) -- offer far more security but are far less practical and often require using third-party tools.
In the end, only you can determine what trade-offs between security and convenience make sense for you.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- How Network Connections Drive Web Application Performance Users around the globe, on all sorts of devices, expect Web applications to function as seamlessly as desktop applications. This paper discusses the...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Web Apps White Papers | Webcasts