To clarify further since apparently this is confusing. I have used my credit card online before. As I already stated earlier "I don't have a problem with using a credit card online if I'm confident the information is going to remain private"

Google's practices of using that information to make ads specific to me and their practice of selling some purchase info in bulk makes me not trust that my information will remain private. Hence while I will buy something online with my credit card if it's not sold locally. If I can't find it anywhere besides a Google store or a Google owned company then I'll get a Visa gift card to make the purchase

@Draug, ad blocker, I don't get any ads, ever. If I do then I update the ad blockers filters and refresh the page

Oh draug, you don't have to lie to everyone, those diaper ads for your nighttime issues. We all understand. It's cool. We all age. ......lol

As I already stated earlier "I don't have a problem with using a credit card online if I'm confident the information is going to remain private

So, riddle me this. In what specific areas or sites are you CONFIDENT that you info will remain private.

Target......lol

And now we are back to the fact that your CC is online whether you use it there or not. Every bank and major CC company has an online portal. Your CC info is just as at risk if you never ever use it.

@Draug, not the type of security I'm talking about. I understand and work with dealing with those type of vulnerabilities. I'm talking about privacy in the sense of companies that aren't going to sell my data to data brokers.

Jmo--which ones are those

Oh lets see, I think the last one was a bakery in Virginia who sells a friends favorite cake. I check them out on a case by case basis.

Selling some wacky weed cakes. I knew it.

So perhaps we should make you the official inspector for "WebDip approved" sites?

Here here. I second the motion.

Dual modship mandate for you.

@JMO,

Your post is a huge soup of conceptual confusion.

"See this is the type of ignorant view that is the main problem with the internet. People have this misguided delusion that they have privacy rights on the internet. That is not how or why the internet was deigned. The internet by nature is an information hub. Designed to propagate the exchange and transfer of information in an easy way. It literally has changed the world, some good changes, and some bad."

Of course the internet was not "designed" IN ORDER TO protect privacy. Of course it was an information-sharing hub. That in no way suggests that there can be no safeguards for how certain types of information are used.

Take credit cards. You're apparently weirdly consistent in that you somehow believe it would be reasonable for somebody who had your credit card to abuse it, so you won't give it to them. I don't. If I give my credit card to Amazon, I expect them to protect that information and not to share it with anybody else, or to use it for any end other than charging me.

*That's even though I put it out on the big information-sharing hub of the internet.*

I imagine you have an email account. Would you be a little irked if your email provider unilaterally decided to publish all your emails online? Just a tiny, eency bit miffed? Well, maybe not, because you seem to think that all information is designed to be published on the public web.

But most of us don't have trouble conceptualizing the fact that, while the internet may have been designed to facilitate sharing information, it does not logically follow that it supports only one mode by which information can be processed, nor that all information must be processed the same. There is nothing contradictory in the ideas, "the internet exists to facilitate accessing and sharing information," and "web email should be kept private."

To point out that security can compromise these goals is a distraction, albeit an important one.

"The problem is when people automatically start using a free service with the completely false expectation that it is designed to secure data. That is simply wrong, in fact the opposite is understood by security professionals. There is literally nothing online that is 100% secure."

This is just more conceptual confusion. OF COURSE web systems are "designed to secure data." The fact that they fail sometimes doesn't change this. You think Amazon doesn't spend a lot of time thinking about how to secure data? Of course they do. So does Google. Its data is its asset. It takes securing it dang seriously, and there has never been a large-scale breach.

Your argument is like saying, "People mistakenly think that cars are designed to be safe in a crash. But they're not. They're designed to move people from A to B, and there will always be fatal crashes."

Of course there will always be fatal crashes; and of course cars are designed to be safe in one (and to avoid them).


"Any network, any site, any database can be compromised by someone with enough time and/or resources."

Maybe, but I'm still waiting for the big Gmail Leak of 2014. Of course, maybe the people with that many resources would have other goals -- fair enough. But that just says that, by placing the resource costs so high, web companies have indeed protected the data very highly, even if not perfectly.

@Draug,

Sure, your barista always knew what you drank. Your movie store always knew what movies you preferred. And so on.

The difference with Google is that they know all of it, and much more: your postman didn't used to know what you were getting in the mail (and there were stringent controls to ensure that). Moreover, your barista didn't used to know what movies you liked. And none of them used to know what to do with that data, beyond a few clumsily targetted ads.

Anybody who has used Pandora or similar services is aware that a little bit of information can tell somebody a shocking amount about you beyond what you shared. And Google is a company that has all your email, your ad preferences, everything you search for online, and, if you're foolish enough to let them know it, where you are at every moment of the day. This is an ENORMOUS amount of data, and gives somebody a staggering amount of power over you, especially somebody with the data sophistication of Google.

The only responsible course of action with this data would be to institute audited guards whereby it was used exclusively for targetted advertising and then disposed of, much as the Postal Service wouldn't read your mail. That's not what's happening. People are giving Google extraordinary power over them, and asking for the merest of pixel promises in return.

Google does not *have* to use my data at all; it would do perfectly well with just targetted advertising, and so JMO's poor apologetics that "that's the internet, it must be" fall completely flat. It's a choice by a corporation, and I can and will make the rational choice as a consumer: my data is too valuable to be so unprotected in the hands of a company that won't give me appropriate guarantees. My relationship with Google is heading for a close.

@abge,

I hope the above addressed your questions as well. I am not so sure that there are other tech companies that would behave better, but few have the position to behave so badly as Google. I think it remains to be seen how Amazon will act on this stuff, and while Microsoft has acted badly in a lot of ways over the years, it remains to be seen how it will act on these issues.

@semck

I'm sorry, but I really don't understand.

If I offer a service and you and I agree to a set of terms why am I evil when later you don't like those terms but still want to use my service?

"Google is a company that has all your email, your ad preferences, everything you search for online, and, if you're foolish enough to let them know it, where you are at every moment of the day. This is an ENORMOUS amount of data, and gives somebody a staggering amount of power over you, especially somebody with the data sophistication of Google."

Not strictly true. Google only has what you let them have. For instance, the only mail they have for me is junk mail as Draugnar.com sits on my server in my house. I only use Gmail.com accounts to get junk mail sent to them.

@abge,

I already agreed to replace the "evil" adjective with the claim that the rational consumer should stop using Google because they cost too much. See post of 9:21 AM EDT.

@Draug,

"Not strictly true. Google only has what you let them have. For instance, the only mail they have for me is junk mail as Draugnar.com sits on my server in my house. I only use Gmail.com accounts to get junk mail sent to them. "

Well, OK, sorry. By "you" I meant "the trusting, enthusiastic Google user." You, by having your email stored elsewhere, are behaving as a more cautious consumer and not signing your life away to them. I applaud. Of course, your junk mail contains an enormous amount of information about you as well. (But I'm still using them for both, so I can't throw stones).

@semck

OK, I see now you're approaching the issue from the opposite direction, which I think makes much more sense.

Yeah, if you don't want to pay the "price" of using Google services, the great thing is there is a plethora of other options.

ROFL

OK, so it might be worth mentioning that I work for one of the world's largest data storage companies, so my opinion on this issue may be a bit skewed. That hadn't occurred to me until just now. : )

@semck, I'll premise this by saying that I don't have the slightest idea what overall point you're trying to make, besides enjoying debating with people over random points. However I will address some of your more seriously flawed points.

"If I give my credit card to Amazon, I expect them to protect that information and not to share it with anybody else, or to use it for any end other than charging me."

Amazon already sells packages of data to data brokers that contains information on purchases by people regionally, same with Google. Then the data companies less this information to all types of large companies who use it to create regional based advertisements. For example I'm sure you are aware that when you watch Television that most of the commercials are regional. So you can expect them not "abuse" your information all you want, but that's just pure ignorance.

There's nothing illegal about that either. That's what you don't seem to understand. In my view it's a legal choice Google makes, but it's not one I feel is morally acceptable for a company to make, so I don't use purchasing services on Google.

Hopefully that's more clear for you.


Let me answer one of your questions just to show how unrelated it is to my Google comparisons.

"I imagine you have an email account. Would you be a little irked if your email provider unilaterally decided to publish all your emails online? "

Google tells you exactly what it uses your data for in the Terms and Conditions. If I signed up for an email provider who's Terms and Conditions specifically said they could randomly publish all my emails online, then no, the only person I would be irked at would be myself for not thoroughly checking out the company I was using.

And on one of your last incorrect comments

"OF COURSE web systems are "designed to secure data.""

Wrong, wrong, wrong again. Lets use Target as an example. The Target data breech would not have been possible in Europe. Because in Europe it is required that every credit card have a chip on it. The chip is encrypted and prevents data loss like Target faced. Do you know why these cards don't exist in the US? One simple reason, companies are cheap, and it would cost them money to switch over to a more secure method. People using internet based technologies have very little legal requirements forcing them to make secure systems, and they only secure their systems to the point that they are as secure as other similar businesses, and only for reputation sake.

Another example is facebook. Facebook sat on a security bug submitted by a regular facebook user for weeks and ignored it until that bug was used to post messages on Mark Zuckerburg's page. No, companies that offer free services are only concerned about securing their systems partially. Once they get them "reasonably" secured they stop, because they are more concerned about saving money then actually protecting privacy.

@JMO,

I'll just briefly dismiss these fallacies, as I have to get going.

1) You provide evidence that Amazon uses some of my data in ways I might not prefer. This in no way refutes my claim that Amazon does NOT misuse my credit card information. Since that claim is sufficient to refute your point that protecting ANY information on the internet is impossible and conceptually mistaken, your point remains refuted.

2) You argue that you would only be annoyed at Google for sharing your emails because they promise not to. But to admit this is to admit that it IS possible for a company to promise to use data in a certain way, and then do it, which eviscerates your initial claims about how "internet is all about sharing, protecting data is impossible, blah blah."

3) You advance the fact that companies do not spend all the money they might on data protection as evidence that they do not design systems to protect data at all. This is a sufficiently clear fallacy to need no further comment.

ABGE IS EVIL!

1) Proving that I don't have a specific example of Amazon abusing someones credit card information doesn't have anything to do with my original point. I have a personal opinion that Google and Amazon's information sharing is a legal breech of morality to make a buck.

Now if you want to move onto my point that everything online can be hacked I'm more then willing. Amazon for example http://www.zdnet.com/blog/btl/amazons-zappos-in-massive-data-breach-24-million-affected/67065. They also had several services affected by the heartbleed bug, which means that their data was not secure.

"Since that claim is sufficient to refute your point that protecting ANY information on the internet is impossible and conceptually mistaken, your point remains refuted."

That sentence should be taken out back and shot. That said, if you want to become even slightly educated on digital security you need to understand that anything online can be compromised with time and resources. I never claimed that this doesn't mean companies shouldn't try to secure information, just that people are idiots if they assume that their information is ever completely secure online.

2) I'm not claiming that the internet was designed for sharing information, I'm relaying that fact to you. Go search this anywhere you want, I'm not wasting my time educating you on this basic fact.

And I said I would NOT be annoyed at that company, I would be annoyed at myself for using such a crappy online service. Please don't put words in my mouth.

3) Fine let me get more technical here. The major theme in website and online service coding design is to make the code work in any way possible. If every company followed proper coding procedures then sure, you'd have systems designed for security, but any programmer can tell you that security typically comes last. You secure code and test it out for security after the functionality is created. This is asshat backwards to your claim that systems are designed to be secured.

To be honest I'm pretty disappointed with your overall arguments here. Normally you present your ideas in a fairly clear manner. These have just been a jumbled mess with a lot of incorrect assumptions.

I happily use Google's free, high-quality services. I just don't ever reveal sensitive or embarrassing information.

Google may be evil, but you can still use their products without 'paying' for them with 'dirty secrets'.

@JMO,

Thanks, I'll try to respond fully later. But I wanted to point one thing out. You write,

"I'm not claiming that the internet was designed for sharing information, I'm relaying that fact to you. Go search this anywhere you want, I'm not wasting my time educating you on this basic fact. "

I'm glad you're not, because I already agreed it was, and I haven't contradicted that anywhere. Please read what I actually write.

What I'm pointing out here is that just because something is designed for sharing information does not imply that there cannot be control over what data is shared, how, and where.

Moreover, if you think that Google's (and Amazon's) usage is immoral, I'm no longer clear what you were arguing with in the first place. You attacked me for complaining about a lack of privacy. But I wasn't asserting *legal rights.* I was precisely complaining about the fact that they don't voluntarily respect privacy. Since then, you have argued that they couldn't, because internet (which is a bad and fallacious argument, as I have focused on -- nothing about the internet prohibits them from trying). If it were true that they *couldn't avoid* doing what they do, they couldn't be being immoral by doing what they it, could they?

And JMO, before you flip out, when I write that there can be "control over what data is shared, how, and where," yes, I know that complete control is unobtainable and there will always be failures in these systems. An important point, but not one that rises to a refutation of the claim that there can be (imperfect but strong) control.

"which eviscerates your initial claims about how "internet is all about sharing, protecting data is impossible, blah blah."

Semck, my quote was in direct response to your quote here. You claim you haven't contradicted the fact that the internet is designed for internet sharing, and yet that's what you seemed to be trying to do. As I mentioned your posts really aren't as clear as normal.

I'm not really interested in debating with someone who's making contradicting arguments just for the sake of arguing.

As for my original point, I don't blame Google for taking advantage of what the internet is, and the fact that the majority of internet uses don't understand the nature of it or the services it offers. I personally choose not to partake in the free services that I disagree with morally, which is what I recommend others do. Sadly most people do not take the time to understand the internet, their privacy rights on the internet at large or their privacy rights under specific services offered online.

The key point in my original post was this:

"So if you want to blame anyone for using free online services such as Google that don't put a huge priority on user privacy you need to blame every single person using that free service. "

Do you disagree with the following ideas?

1) Every person should look into and understand how a service operates
2) Everyone using Google either values their money more then the possibility of information being used for possibly immoral but legal purposes, or has not bothered to learn about the service they are using.
3) Everyone using Google has the means to look up for themselves the information they need to make a decision on which service to use based on their own moral beliefs.

If you do I can't really see why you are upset with Google for their practices. They have to make money somehow since they don't charge for their services. People choose to use them despite the non-monetary costs. That's a personal choice by each user of Google.

The rest of my argument was explaining how I made my personal choices. I decided I was morally okay with all of Google's practices besides their selling of information in bulk to third party sites, specifically as it pertains to credit card purchases. The first part of the argument is really just a logical set of statements. The 2nd are some of my personal beliefs, I do apologize if I didn't make that distinction well in my original post.

"but any programmer can tell you that security typically comes last. You secure code and test it out for security after the functionality is created. This is asshat backwards to your claim that systems are designed to be secured. "

Patently and demonstrably false. I am "any programmer" and the systems I develop *start* with security. Even www.beating-diabetes.org already has the security infrastructure in place. Before I wrote the first line of CSS or HTML, I developed a security library for hashing, validating, and challenge/response along with password change requests going to verified email. Every company I have ever worked for has made security the first thing we developed if there was to be any personal information whatsoever.