This is mostly for anybody from the UK: Councils, Privacy and Google - My Tiny Dick Forum

hoverfly · 10-25-2011, 11:07 AM

This is mostly for anybody from the UK

I do realize that this doesn't really belong on this forum but as it is something that should concern everybody living in the UK at the very least, I thought I do raise the issue here.

Councils, Privacy and Google

In the current economic climate in the UK (and elsewhere of course), there is a quickly growing and worrying trend to incorporate numerous services that Google offers to webmasters.

Where I live it started by utilizing googleapis.com (Google Code) (you may find that where you live they use yahooapis.com Yahoo! Developer Network instead), a service that provides webmasters with free API's (Application Program Interfaces, for details about what API's are and what they are used for, read the Wiki article here: Application programming interface - Wikipedia, the free encyclopedia), next followed google-analytics.com, a service that offers website analysis tools for webmasters, information on what you did where, how long you stayed on a certain page, etc. and I am sure, since Councils are driven to save money, more will follow. After all, the number of domains that Google uses is huge.

This then raises a number of severe privacy issue.
1. Most Councils offer a link like 'Where I live' to give accurate information about services rendered there, ie. waste collection. To do this, you will usually be required to enter your postcode and for convenience this will be encrypted (if you are lucky) and stored in a cookie. This cookie identifies where you live, not roughly but it'll point directly to your front door and guess where that cookie is created? On one of Googles servers.

2. More and more connections these days come with a static IP address, Sky, Virgin and all other cable providers will assign you a permanent IP address. Basically a unique address on the web, so that servers know who requested a page and where to send it to. This is of course also required in setting the cookie I mentioned under 1.

3. The combination of IP address and cookie(s), there are usually several of them, then is an explosive mixture that allows you to be tracked, in fact you provider can even assign a name to you, after all, by law they are obliged to keep track of your movements anyway. Though I don't think Google is powerful enough to access those data (yet), postcode in combination with IP is quite sufficient to build a profile of exactly where you live, where you surf to, how long you spend on any given website, which pages you look at and more.

4. This information gathering (data mining in webspeak) is, via the cookies and you IP then sent to the USA, we ought to be aware that their privacy legislation can be a bit lax to say the least.

5. What is worse, unbeknownst to the vast majority of internet users, Google also uses so called tracking cookies, cookies designed to track your movements not merely across a single sit but across a multitude of domains. Are you beginning to feel just a tad paranoid? Well, you should be.

To sum it up:
In order to save on operating costs running their websites, Councils across the UK are breaching and intruding into your privacy, providing a commercial American giant corporation with all the details they could ever ask for and as I discovered here, had not even had the decency to alter their privacy statements.

A few weeks ago I complained to my local Council about this, I will post my letter here later, and requested full disclosure of any data shared with Google, this was done in a Freedom of Information Act request. I have not received this information yet.

They did reply yesterday to inform me that they had altered their privacy statement to accomodate their, in my opinion, wrongdoing. I will post a copy of there too in a subequent post.

What can and should you do?
There are a few things to ensure your privacy is at least guaranteed to a certain extent by following a few simple rules.

1. Surf the internet using a stable FireFox version, not a beta and most certainly not Internet Explorer (did you know that IE sends any request for a webpage you make to Alexa.com?).

2. Once you have FF, install NoScript. NoScript is a powerful tool that allows you to actually see ALL the sites that are opened in the background on any given page (you'll be amazed, believe me, when you see who else is listening in to your surfing).

3. Set up FF to only accept cookies from a Whitelist (a list of domains you trust and be sparse when you create that list).

4. Blacklist anything that remotely starts with google*.* and forbid any scripts of theirs from being executed. You can always temporarily allow a forbidden site but only ever temporarily and don't forget to withdraw that right as soon as you are done surfing a page.

5. This may prove diffcult but whenever you can, avoid google as a search engine full stop but then don't just move to yahoo, they are just as bad. Try https://ixquick.com instead, they are publicly funded and will never store your IP. Also, as you may have noticed, you can use a secure HTTPS connection to their server.

6. If you can't stay away from google, don't click the links they offer to open a website but rather copy the link, create a new tab or window and paste the link. This way, the referrer will always be from about:blank (oh, I nearly forgot, set your initial browser page to be a blank page).

7. Should you be familiar with the process, you might want to go through a web based proxy server. All you page requests will then be addressed to the IP of that server and not the one at your home. Only the proxy will know where the data eventually ends up, so be careful who you trust.

I am fully aware that this is an incomplete list of how to secure your privacy, maybe someone on the forum has more to add to this but it is a start and do make sure that you check out your local Council for any breaches of its own privacy statement, complain till you are blue in the face and let others know about what our Councils are up to. I recently discovered a website, unfortunately I lost the link and I could kick myself over it, where UK Council webmasters discussed and bragged about how easy it was to implement all the wonderful offerings that Google makes and that leads me to believe that there may be grim times ahead for us in Britain, and of course elsewhere in the world.

People used to be paranoid about what information Microsoft might be collecting about its users, they even went so far and tried to break the company up. Let me tell you, Microsoft is nothing compared to Google, nothing, they can't even begin to imagine what their vision of our future is.

Google has and/or we have allowed them to, become so powerful, these days they are in a position to decide whos business thrives and who goes down the drain. Unless you show up on the first say 5 pages in the search results, you might as well not exist.

Every time you complete a Captcha, you are giving Google more ability to OCR books, even ones that they have no right to digitize on the first place. You may soon find that history may be written by Google, not the people that made history. Besides, our Governments are helpless and without the background knowledge about this, so where does that leave your local Council?

Sorry but I felt that this needed addressing. It may not be directly related to this site but the impact is such, that we all ought to be aware of it. After all, your real name, your nicknames, all stored and with that nice little IP address with it. If you were to ask google the right questions, you might not get that next job you've just applied for. And if that is not something to worry about, I don't know what is.

Invitation:
I would like to invite anybody with any insight into these security/privacy issues to share the knowledge with the community.

hoverfly · 10-25-2011, 11:09 AM

This email complaint was triggered by discovering that our local Council had apparently signed-up with googleapis.com and google-analytics.com, thereby transferring information such as IP addresses, etc. to the United States.

Anybody here that knows more about the legal situation? No guesswork, just plain fact and if available, any weblinks relating to this.

Quote:

Ladies and Gentlemen,

I visited your website today for the first time in a couple of month or so, only to find that it appears to be in breach of its own Privacy Statement.

The following section is a copy of said statement:

Quote:

Privacy Statement

This website does not store any personal information about individuals who access this website, except where they voluntarily choose to give us their personal details.

We do not pass your personal information to outside organisations and/or individuals except with your express consent.

The second sentence and the apparently recently introduced use of google application interfaces (API's loaded from googlespis.com) would seem to contradict that statement and therefore constitute such a breach of privacy.

Simply by loading scripts from their website googleapis.com, plus the use of the google-analytics.com site, suggest this breach. As soon as you load the page, both websites are called upon, thereby divulging my IP address, log-on node, etc. Whether or not any loaded scripts are made memory resident, ie. be available for googles use even after a page that no longer accesses such scripts, would have access to their functions I did not investigate but again, this gives additional rise for serious concern and the use of google-analytics.com would suggest just that.

Would it not be against UK privacy laws in general, providing an external, commercial website, located in the USA, where internet privacy is known to be, how shall we say, less of a concern, with such as I regard it personal information?

Why does the Council and its website developers deem it apropriate to provide said commercial corporation with such details about its users? I do appreciate that in these 'times of austerity' brought on by the banking crisis needs to save money, yet compromising its users privacy must surely be out of the question.

This is a worrying trend all across the internet, hardly any webpages fully load unless you give express permission to some dubious provider of supposedly 'free' software, even the BBC fell victim to this, though appears to have turned back from this approach in its latest beta version, probably after more or less massive complaints from the public or their own legal department discovering that this actually does contradict UK legislation.

Please be so kind and treat the issue raised above as a formal complaint about the uses of foreign websites while accessing a UK Council internet presence.

I reserve the right of filing a Freedom of Information request to divulge a full list of the data submitted to the USA.

I am looking forward to your reply most eagerly.

With best regards

Hoverfly (obviously changed)

If you live in Britain, maybe it's time to pay a visit to your local councils website and see what they may have been up to.

We do need to fight back, not just sit back.

hoverfly · 10-25-2011, 01:07 PM

This is the reply received yesterday regarding the above contact I made with them. This is not the outcome of my Freedom of Information Act request, that is still pending.

Quote:

Dear Hoverfly,

Thank you for your recent email in respect of the above. I am sorry for the delay in my replying.

The Council is currently reviewing its privacy statement in line with the latest guidance in relation to the use of cookies including Google Analytics. The review will include a revised Council privacy statement and an overview of privacy at Google.

In respect of Google Analytics, these cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

For your information, I have attached a link to Google's privacy overview below.

http://www.google.co.uk/intl/en/anal...yoverview.html

In the interim, I have asked the Council’s Web Services Manager to amend the current privacy statement, to reflect your concerns.

In answer to your remaining questions, these will also feature as part of the review and I will ensure that you receive a response once this review has concluded.

Yours sincerely

Group Manager - Information and Governance |Information and Governance

jobleau · 10-26-2011, 03:27 AM

Hoverfly, most of your post is pretty dead on and everyone, everywhere (not only in the UK) hopefully should be aware of that.

I don't have time right now to go thru the details of that post but I will eventually.

But that said, there is one wonderful file that exist on all OS, called "host" that can fix most, if not all, of those issues. Find that file and manage it.

Make sure you have that line first (it should already be there). This defines your own personal machine on the big net:

127.0.0.1 localhost

Then, add this line below for any site you don't want. An example:

127.0.0.1 WhatEverTheFuckYouD'ontWant.com

Want to know more? Check this site: Blocking Unwanted Parasites with a Hosts File

This site even offers a pre-configured host file with a lot of the bad sites already mapped. Simply replace yours with theirs.

Remember the old saying "There is no place like home"? Nowadays, you could say "There is no place like 127.0.0.1". That IP address is your PC's home on the net. Re-routing anything from the net to it will simply annihilate it.

hoverfly · 10-26-2011, 10:28 AM

See, I told you I'd probably forgotten something. Thanks for adding this to the thread, everybody should be able to edit that file or, as you say, get the preconfigured one.

Much appreaciated your contribution.

joey · 10-26-2011, 10:53 AM

WOW! that was an eye opener!
THANKS!

hoverfly · 10-26-2011, 01:50 PM

Yes, and thanks to Jo's contribution it became even more valuable, thanks again for adding to my forgetfulness.

Spreading just a little awareness of how to at least try and keep you safe in this wonderful digital world can be quite a daunting task and the issues raised here barely scratch the surface but I am pleased if it is of some little help.

Always remember...

There's someone watching you. ALWAYS

hoverfly · 10-26-2011, 02:05 PM

TD: People used to get paranoid about Bill Gates and his cronies taking over the world, I think it is high time to change that old tune and worry more, a lot more about Google, Apple, Amazon and Facebook.

Long gone are the days when Google was a search engine, Apple a manufacturer of consumer electronics, Amazon a mere retailer and Facebook a social network. These days it is more of a case of them having expanded into every little nook and cranny, businesswise, that can possibly imagine. So much so in fact, that soon, there will be little internet trafic that doesn't have to go through one of their servers for just that extra bit of filtering.

As I said in my original post, Google already has the power over who makes it in business and who doesn't, just by their placement in search results. I am not saying they are doing it but as we all know and history teaches us, if it can be done....

hoverfly · 10-26-2011, 04:31 PM

TD I am sure they've seen it all.

jobleau · 10-27-2011, 12:32 PM

Quote:

Originally Posted by hoverfly

TD: People used to get paranoid about Bill Gates and his cronies taking over the world, I think it is high time to change that old tune and worry more, a lot more about Google, Apple, Amazon and Facebook.

Long gone are the days when Google was a search engine, Apple a manufacturer of consumer electronics, Amazon a mere retailer and Facebook a social network. These days it is more of a case of them having expanded into every little nook and cranny, businesswise, that can possibly imagine. So much so in fact, that soon, there will be little internet trafic that doesn't have to go through one of their servers for just that extra bit of filtering.

As I said in my original post, Google already has the power over who makes it in business and who doesn't, just by their placement in search results. I am not saying they are doing it but as we all know and history teaches us, if it can be done....

'Do no evil' used to be Google's moto. So much for that...

Most people don't know or realize it but their never was any privacy on the net. From the very beginning, the second you're connected, you're traceable and trackable. This is normal too as it comes from the technology that connects it all. If you want a specific page, the server needs to know where to send it for you to see it.

But nowadays, it goes far beyond that. Those companies you mentioned and many others are actually embedding even more sophisticated ways to track you, store this data and share it with others. If these initiatives were up front and honest, telling you they are doing that and asking you before hand if you want to participate, I'd have no qualm about it. The problem is that not only they don't tell you, but they actually hide these tracking devices as much as they can and it is almost impossible to detect/stop/circumvent them.

This goes even further than the net. Just look at iPhones who 'phone home' back to Apple where your current location gets stored in a database.

If you don't believe all this, have a look at PrivacyChoice - Making privacy easier. It will give you some hints.

If you are using Firefox and want to be flaberghasted by a visual representation of who is tracking you, go there https://secure.toolness.com/xpi/collusion.html, install the addon, let it run while you do your usual surfing and you'll be amazed.

Happy surfing, and beware, especially those 'Like' buttons.

10-25-2011, 11:07 AM	#1
hoverfly Tiny Dick Extraordinaire Join Date: Jul 2010 Location: East of England Posts: 1,567	This is mostly for anybody from the UK: Councils, Privacy and Google This is mostly for anybody from the UK I do realize that this doesn't really belong on this forum but as it is something that should concern everybody living in the UK at the very least, I thought I do raise the issue here. Councils, Privacy and Google In the current economic climate in the UK (and elsewhere of course), there is a quickly growing and worrying trend to incorporate numerous services that Google offers to webmasters. Where I live it started by utilizing googleapis.com (Google Code) (you may find that where you live they use yahooapis.com Yahoo! Developer Network instead), a service that provides webmasters with free API's (Application Program Interfaces, for details about what API's are and what they are used for, read the Wiki article here: Application programming interface - Wikipedia, the free encyclopedia), next followed google-analytics.com, a service that offers website analysis tools for webmasters, information on what you did where, how long you stayed on a certain page, etc. and I am sure, since Councils are driven to save money, more will follow. After all, the number of domains that Google uses is huge. This then raises a number of severe privacy issue. 1. Most Councils offer a link like 'Where I live' to give accurate information about services rendered there, ie. waste collection. To do this, you will usually be required to enter your postcode and for convenience this will be encrypted (if you are lucky) and stored in a cookie. This cookie identifies where you live, not roughly but it'll point directly to your front door and guess where that cookie is created? On one of Googles servers. 2. More and more connections these days come with a static IP address, Sky, Virgin and all other cable providers will assign you a permanent IP address. Basically a unique address on the web, so that servers know who requested a page and where to send it to. This is of course also required in setting the cookie I mentioned under 1. 3. The combination of IP address and cookie(s), there are usually several of them, then is an explosive mixture that allows you to be tracked, in fact you provider can even assign a name to you, after all, by law they are obliged to keep track of your movements anyway. Though I don't think Google is powerful enough to access those data (yet), postcode in combination with IP is quite sufficient to build a profile of exactly where you live, where you surf to, how long you spend on any given website, which pages you look at and more. 4. This information gathering (data mining in webspeak) is, via the cookies and you IP then sent to the USA, we ought to be aware that their privacy legislation can be a bit lax to say the least. 5. What is worse, unbeknownst to the vast majority of internet users, Google also uses so called tracking cookies, cookies designed to track your movements not merely across a single sit but across a multitude of domains. Are you beginning to feel just a tad paranoid? Well, you should be. To sum it up: In order to save on operating costs running their websites, Councils across the UK are breaching and intruding into your privacy, providing a commercial American giant corporation with all the details they could ever ask for and as I discovered here, had not even had the decency to alter their privacy statements. A few weeks ago I complained to my local Council about this, I will post my letter here later, and requested full disclosure of any data shared with Google, this was done in a Freedom of Information Act request. I have not received this information yet. They did reply yesterday to inform me that they had altered their privacy statement to accomodate their, in my opinion, wrongdoing. I will post a copy of there too in a subequent post. What can and should you do? There are a few things to ensure your privacy is at least guaranteed to a certain extent by following a few simple rules. 1. Surf the internet using a stable FireFox version, not a beta and most certainly not Internet Explorer (did you know that IE sends any request for a webpage you make to Alexa.com?). 2. Once you have FF, install NoScript. NoScript is a powerful tool that allows you to actually see ALL the sites that are opened in the background on any given page (you'll be amazed, believe me, when you see who else is listening in to your surfing). 3. Set up FF to only accept cookies from a Whitelist (a list of domains you trust and be sparse when you create that list). 4. Blacklist anything that remotely starts with google. and forbid any scripts of theirs from being executed. You can always temporarily allow a forbidden site but only ever temporarily and don't forget to withdraw that right as soon as you are done surfing a page. 5. This may prove diffcult but whenever you can, avoid google as a search engine full stop but then don't just move to yahoo, they are just as bad. Try https://ixquick.com instead, they are publicly funded and will never store your IP. Also, as you may have noticed, you can use a secure HTTPS connection to their server. 6. If you can't stay away from google, don't click the links they offer to open a website but rather copy the link, create a new tab or window and paste the link. This way, the referrer will always be from about:blank (oh, I nearly forgot, set your initial browser page to be a blank page). 7. Should you be familiar with the process, you might want to go through a web based proxy server. All you page requests will then be addressed to the IP of that server and not the one at your home. Only the proxy will know where the data eventually ends up, so be careful who you trust. I am fully aware that this is an incomplete list of how to secure your privacy, maybe someone on the forum has more to add to this but it is a start and do make sure that you check out your local Council for any breaches of its own privacy statement, complain till you are blue in the face and let others know about what our Councils are up to. I recently discovered a website, unfortunately I lost the link and I could kick myself over it, where UK Council webmasters discussed and bragged about how easy it was to implement all the wonderful offerings that Google makes and that leads me to believe that there may be grim times ahead for us in Britain, and of course elsewhere in the world. People used to be paranoid about what information Microsoft might be collecting about its users, they even went so far and tried to break the company up. Let me tell you, Microsoft is nothing compared to Google, nothing, they can't even begin to imagine what their vision of our future is. Google has and/or we have allowed them to, become so powerful, these days they are in a position to decide whos business thrives and who goes down the drain. Unless you show up on the first say 5 pages in the search results, you might as well not exist. Every time you complete a Captcha, you are giving Google more ability to OCR books, even ones that they have no right to digitize on the first place. You may soon find that history may be written by Google, not the people that made history. Besides, our Governments are helpless and without the background knowledge about this, so where does that leave your local Council? Sorry but I felt that this needed addressing. It may not be directly related to this site but the impact is such, that we all ought to be aware of it. After all, your real name, your nicknames, all stored and with that nice little IP address with it. If you were to ask google the right questions, you might not get that next job you've just applied for. And if that is not something to worry about, I don't know what is. Invitation: I would like to invite anybody with any insight into these security/privacy issues to share the knowledge with the community. __________________ Feeling a little peckish? Visit The Official Food Porn Thread Click here if you need help uploading pictures. Guide to Uploading and Managing your Attachments Click here if you need to contact the forum staff. List of Forum Staff

10-26-2011, 10:28 AM	#5
hoverfly Tiny Dick Extraordinaire Join Date: Jul 2010 Location: East of England Posts: 1,567	See, I told you I'd probably forgotten something. Thanks for adding this to the thread, everybody should be able to edit that file or, as you say, get the preconfigured one. Much appreaciated your contribution. __________________ Feeling a little peckish? Visit The Official Food Porn Thread Click here if you need help uploading pictures. Guide to Uploading and Managing your Attachments Click here if you need to contact the forum staff. List of Forum Staff

10-26-2011, 01:50 PM	#7
hoverfly Tiny Dick Extraordinaire Join Date: Jul 2010 Location: East of England Posts: 1,567	Yes, and thanks to Jo's contribution it became even more valuable, thanks again for adding to my forgetfulness. Spreading just a little awareness of how to at least try and keep you safe in this wonderful digital world can be quite a daunting task and the issues raised here barely scratch the surface but I am pleased if it is of some little help. Always remember... There's someone watching you. ALWAYS __________________ Feeling a little peckish? Visit The Official Food Porn Thread Click here if you need help uploading pictures. Guide to Uploading and Managing your Attachments Click here if you need to contact the forum staff. List of Forum Staff

10-26-2011, 02:05 PM	#8
hoverfly Tiny Dick Extraordinaire Join Date: Jul 2010 Location: East of England Posts: 1,567	TD: People used to get paranoid about Bill Gates and his cronies taking over the world, I think it is high time to change that old tune and worry more, a lot more about Google, Apple, Amazon and Facebook. Long gone are the days when Google was a search engine, Apple a manufacturer of consumer electronics, Amazon a mere retailer and Facebook a social network. These days it is more of a case of them having expanded into every little nook and cranny, businesswise, that can possibly imagine. So much so in fact, that soon, there will be little internet trafic that doesn't have to go through one of their servers for just that extra bit of filtering. As I said in my original post, Google already has the power over who makes it in business and who doesn't, just by their placement in search results. I am not saying they are doing it but as we all know and history teaches us, if it can be done.... __________________ Feeling a little peckish? Visit The Official Food Porn Thread Click here if you need help uploading pictures. Guide to Uploading and Managing your Attachments Click here if you need to contact the forum staff. List of Forum Staff

10-26-2011, 04:31 PM	#9
hoverfly Tiny Dick Extraordinaire Join Date: Jul 2010 Location: East of England Posts: 1,567	TD I am sure they've seen it all. __________________ Feeling a little peckish? Visit The Official Food Porn Thread Click here if you need help uploading pictures. Guide to Uploading and Managing your Attachments Click here if you need to contact the forum staff. List of Forum Staff

10-26-2011, 03:27 AM	#4
jobleau Tiny Dick Ultimate User Join Date: Mar 2010 Location: Near Montreal, QC Posts: 560	Hoverfly, most of your post is pretty dead on and everyone, everywhere (not only in the UK) hopefully should be aware of that. I don't have time right now to go thru the details of that post but I will eventually. But that said, there is one wonderful file that exist on all OS, called "host" that can fix most, if not all, of those issues. Find that file and manage it. Make sure you have that line first (it should already be there). This defines your own personal machine on the big net: 127.0.0.1 localhost Then, add this line below for any site you don't want. An example: 127.0.0.1 WhatEverTheFuckYouD'ontWant.com Want to know more? Check this site: Blocking Unwanted Parasites with a Hosts File This site even offers a pre-configured host file with a lot of the bad sites already mapped. Simply replace yours with theirs. Remember the old saying "There is no place like home"? Nowadays, you could say "There is no place like 127.0.0.1". That IP address is your PC's home on the net. Re-routing anything from the net to it will simply annihilate it.

10-26-2011, 10:53 AM	#6
joey Tiny Dick Intermediate Join Date: Oct 2011 Posts: 78	WOW! that was an eye opener! THANKS!