|
Relax, I Know You've Visited My Website | |
Posted Oct 27, 2010 - 8:57:29
|
|
 Internet privacy is a serious issue, no doubt - but there is a point where people just start pointing at everything an screaming "violation!" and it just doesn't make sense. While Facebook shouldn't expose data that you had previously set not to share and people's email should be secure - there are some things that are just a bridge too far.
A ridiculous class action lawsuit has been filed in Northern California against Google, claiming they're violating people's privacy because "user search queries, which often contain highly-sensitive and personally-identifiable information ('PII'), are routinely transferred to marketers, data brokers, and sold and resold to countless other third parties."
How does this happen? Well, to get a little technical, every time you search for something on Google, it uses a "GET" query. Unlike a "POST" query (which is more secure, and is what you use for say a log in form), a GET query places the form's contents in the URL. This is fast, easy, doesn't stress the server as much, and allows other sites to easily write search widgets. So, yes, your search terms are in the URL. Now with the fundamental way that the web works, when you click through a link, the site you arrive at is told how you get there. This is because the HTTP protocol contains something called (and notoriously misspelled) "referer" data.
Now, this is handy data to have for a webserver. It's how a site like mine can block other websites from stealing my images, it can be used in basic ways to secure an application, and it's overall a good thing.
The problem these people have is that because the search data is in the URL, it means a site like mine can know what search terms brought people to our sites (long time readers of my blog have seen it used in my "Strange Search" entries).
Allow me to tell you why this is dumb. If you're searching for "PII" you aren't going to arrive on a website that doesn't already have this data. If you search for your SSN, and you find a website with said SSN on it, it means they already have the number. Now it's true, I could generate a website with numbers 000000001 to 999999999 and guess which SSNs are accurate based on who clicks through, but I think that at some point you should remember that Google offers an encrypted search function.
Really, what the problem these people have is with a fundamental way the web is constructed, and if you really don't want that data passed around, there are plug ins for your browser to hide your referer data. There is no reason to sue Google unless you want to sue every single website on the internet.
And that, my friend, would be stupid.
- Traegorn
Now this is funny, and I did not think people could get any more stupid.
I passed this on to my co workers who also thought it was dumb.
|
