Brief Thoughts on Google’s ‘Shared Endorsements’ Policy

Simon Davies, one of the world’s most prominent privacy advocates, has filed formal complaints across the EU concerning Google’s ‘Shared Endorsements’ policy. Per this policy, Google may use:

the images, personal data and identities of its users to construe personal endorsements published alongside the company’s advertised products across the Internet

The legality of recent changes to Google’s policies that allow the company to share personal data across all its products and services are currently being investigated by a number of EU data protection authorities. The data protection issues and violations highlighted in my complaint go the heart of many of the aspects under investigation. Indeed the Shared Endorsements policy is made possible only through company-wide amalgamation of personal data.

In effect, Davies argues that the amalgamation of Google’s services under the company’s harmonized privacy policy/data pooling policy may be illegal and that, moreover, individuals may not know that their images and comments might be revealed to people they know upon leaving reviews of products and services in Google-owned environments.

Admittedly, I find that the shared pooling of information across my networks can be incredibly helpful (e.g. highlighting the reviews/opinions of people I know concerning various subjects and topics). Knowing that a colleague with whom I share book interests likes a book is more helpful to me than a review from someone that I don’t know. At the same time, I review products that I’ve purchased online quite often: given how helpful others’ reviews can be when I’m purchasing a product it seems like a courtesy to provide information into a private-commons. So, while I would prefer a review from a colleague I’m perfectly willing to make purchasing decisions based on what absolute strangers say/write as well.

The more significant issue with Google’s products, in my opinion, emerges from how the company’s business decisions are narrowing the range of commentary individuals may engage in. Such self-censorship is largely attributable to linking all comments to a person’s real name/public identity. Personally, this means that I often avoid leaving some book reviews, not because I’m ‘ashamed’ of the review but because I worry about whether it could detrimentally affect my future publishing opportunities. My reviews are (I think) reasonably high quality and fair but I refuse to leave some without some degree of pseudonymity. There is no reason to believe that my decision is unique: those in similar, tight-knit, industries likely experience similar pressures to avoid reviewing/commenting on some products, despite being experts concerning the product(s) in question.

I am not from  a ‘marginalized’ or ‘repressed’ social population, and Google is seemingly deploying platforms that are meant to serve people like me: people who freely review products online and who find it acceptable that such reviews are publicly shared and oftentimes highlighted to specific users. And yet, even I avoid saying certain (legal) things based on the (unknown) consequences linked to such speech acts. Despite being reasonably savvy concerning the collection, use, and sharing of personal information even I do not fully appreciate or understand how Google collects, retains, processes, or disseminates information I provide to the company. If even I am censoring legitimate speech because of the vicissitudes of Google’s privacy policies and uncertainties associated with providing content on their platforms then there is (to my mind) a very serious problem at the very base of the company’s contemporary data-integration and disclosure operations.

Link

Weapons-Grade Data

Cory Doctorow being brilliant in sprucing up the metaphor that personally identifiable data is like nuclear waste. While the metaphor isn’t new, Doctorow does a great job as only a novelist can.

Every gram – sorry, byte – of personal information these feckless data-packrats collect on us should be as carefully accounted for as our weapons-grade radioisotopes, because once the seals have cracked, there is no going back. Once the local sandwich shop’s CCTV has been violated, once the HMRC has dumped another 25 million records, once London Underground has hiccoughup up a month’s worth of travelcard data, there will be no containing it.

And what’s worse is that we, as a society, are asked to shoulder the cost of the long-term care of business and government’s personal data stockpiles. When a database melts down, we absorb the crime, the personal misery, the chaos and terror.

 

Link

Google to Internet: “Papers Please”

I don’t dislike Google. Many of the company’s products are incredibly delightful to use. I support a fair amount of the company’s public advocacy work, though not all of it (caveat: the same could be said of almost all organizations I’m sympathetic towards). That said, I think think that their policy regard real names and pseudonyms if fucking absurd. As noted by Ars:

On Monday, Google Product Vice President Bradley Horowitz wrote on Google+ that the company will roll out its name policy changes this week. One change is that anyone will be able to add nicknames in addition to their real names. The more significant change, however, is that Google will also let people use pseudonymsinstead of a real name, but there are caveats. Horowitz indicates that the pseudonym must be established and well-known in order to qualify for a Google+ profile.

“Starting today we’re updating our policies and processes to broaden support for established pseudonyms, from +trench coat to +Madonna,” Horowitz wrote. Google may flag the name that a person intends to use and ask for additional information to confirm the person’s identity, including “Scanned official documentation, such as a driver’s license” or “Proof of an established identity online with a meaningful following.” This would seem to raise privacy problems for those who need pseudonyms for safety reasons, but a post in Mashable says “Google will destroy all documentation you send them once the account verification process is complete.”

Seriously: your pseudonym has to be “established and well known”?! By who’s standards? If I have an offline pseudonym does that count? What if my pseudonym is ‘common’ and used by a lot of people – does that impact how well ‘established’ it is?

Google is actively trying to force people into their social network and they’re just being horrific to their end-users in the process. Demanding that people provide official documents to join a social network?! Ridiculous.

Link

Google Abandons Anonymous Accounts With New Signup Form

This is how you leverage a monopoly in one domain (search) to force yourself into other markets while strip-mining users’ privacy expectations. I’m so glad that Google is a ‘do no evil’ kind of company and that they value users’ privacy.

The revamped Google account creation page adds some additional fields to the sign up form, including name and gender which are both necessary for creating a Google+ account. There’s also a new agreement — turned on by default — granting Google permission to “use my account information to personalize +1s on content and ads on non-Google websites.”

I would note that Facebook didn’t become successful by requiring people to sign up; it made the service cool and prestigious to drive early adoption. They also weren’t pushing people from one service into another, separate and unrelated, one. I can’t wait to see what the Europeans do to Google: it’s going to make the hell the Microsoft went through look like a brief, and sunny, walk in the anti-trust regulatory park.