Articles by Andrew Grossman

Andrew Grossman formerly wrote for the TLF.


A story linked from Drudge describes a new service that Google is offering: saved search history. Create a Google login, and the search service will keep track of all your searches, as well as the results that you’ve clicked-through to access. Anyone who has used Westlaw or Lexis-Nexis will find the idea familiar–those services have offered it for years.

Reaction, however, has not been uniformly positive. Once again the privacy wingnuts (so said to distinguish them from from people with legitimate concerns about privacy) are all worked up:

“It’s really a bad idea,” said Dixon, executive director of the World Privacy Forum. “If you need to keep track of your past searches, I recommend using a notebook. It would be a lot more private and a lot less risky.”

Had Google or any other operator of a web server some kind of malicious intent, it could keep track of every page you access on its servers and every search term you send to it. If you’ve ever sent them your email address or some other personally identifying information–then bingo, they’ve got you! For better or worse, this is the way that computer networks work, barring those that employ extremely complex, unreliable, and slow misdirection technologies. Dixon might as well caution users to stay away from the Web altogether, because the privacy implications are about the same as Google’s new service.

Still, she is right that some people don’t like like to divulge any information at all, ever, whether they’re using a computer network or boarding an airplane. At least in the case of Google, as opposed to boarding a flight, these people have options: they can choose not to use the search history service, not to use Google at all, or even not to use the Internet, period.

But the people who harbor such concerns are clearly on the fringe; the success of online services testifies to that. These are the sort of people who exclusively use anonymous proxies to access the Internet and send all their email encrypted. The really radical ones live “off the grid” altogether and pay for everything in cash. These are not normal computer users–who do take their privacy seriously but have proven more than willing to divulge certain bits of information when there is a payoff to doing so. All of us make that compromise every day when we access the Internet.

So Dixon is right that some people might want to think twice about Google’s search history service. Normal users, however, will probably make their decision based solely on whether it’s useful to them. And that’s the way it should be, that users get to choose what they’re willing to accept.

What this episode reinforces, though, is that privacy “advocates” like Dixon don’t really speak for normal users but for the paranoid. Whether their paranoia is legitimate–who’s to say? But the next time that privacy advocates come out calling for government controls on innovative technologies–a regular occurrence–remember that their concerns are likely far different from yours and those of most users.

“If you are one of the 10 million people who have purchased an Apple iPod, you’ve almost certainly loaded it up with songs from your favorite CDs,” Bob Sullivan writes on MSNBC.com.


But watch out. As the subtitle to his story so ominously puts it, “Database company provides song titles and quietly tracks digital music listener habits.” 


According to Sullivan, Privacy advocates” (not them again!) are concerned that a company called Gracenote is collecting data whenever you load a CD onto your computer and then onto your iPod.


Gracenote, as the article describes, has been doing this for years, whether you’ve noticed it or not. Usually when you insert a CD into your computer for the first time, it will send some information about that disc to Gracenote’s servers, which send back the album information–the artist, album name, track list, etc. That way, you don’t have to type it all in yourself. And after that, your computer stores the information instead of contacting Gracenote.


And Gracenote, as a company, seems to take privacy pretty seriously. To begin with, its network protocol includes no personally identifying information. (I wrote a Gracenote client a few years ago, when it was called CDDB.) It doesn’t even put a cookie on your computer or assign you a serial number. As a result, the company can’t really track what CDs you’ve put on your computer.


And it really doesn’t try to, either. Gracenote spokeswoman tells Sullivan that the company does not even keep users’ IP addresses, a way of identifying computers on the Internet, after they look up an album. But even if the company did, it wouldn’t make much difference: many users are behind firewalls and share a single IP address with dozens or thousands of other users. And among those non-server computers that get their own IP addresses, most only keep a single address for a few days or a week before they are assigned a new one. If Gracenote did log IP addresses, the most it could tell is that some unidentifiable user at a particular network address inserted into his or her computer, for the first time, a certain list of CDs.


What data does Gracenote collect? It can tell what client you’re using–whether it’s iTunes, MusicMatch, or whatever. It can tell, very roughly, what region you’re in–for example, the Washington metropolitan area, but usually not your city and certainly not your neighborhood or street address. And it can tell what the CD you put into your computer is–assuming that you haven’t turned this feature off in your software. (It’s a prominent preference item in iTunes.) That’s about it.


Gracenote can’t even tell if your CD is real or a copy because of the way that it works.


In that context, this seems a bit shrill:



“The user has immediate benefit, but the potential trade-offs are very unclear,” said Alessandro Acquisti, an expert on the economics of privacy at Carnegie Mellon University. “This is a problem for us on the Internet. It is difficult to assign a value to our data… and there is a future cost which is uncertain. Under these conditions, we often opt for immediate gratification.”…


“It is a technology that could be privacy diminishing,” Ponemon said.  “People are starting to become more sensitive to things that relate to your hobbies, interests, your reading habits.  To some people, that’s really sensitive. … What music they listen to may be a surrogate for what political beliefs they have.”…


“If the data is there, at some point, I’d bet somebody would find a way to make use of it in the particular, not just the general,” he said.  While he hasn’t studied Gracenote, O’Harrow is an expert in marketing practices, and fears the chilling effect that could be produced if people know someone else knows their musical tastes.


“Those joyful moments when you are listening to Jimmy Page, maybe they aren’t as carefree anymore,” he said.


So what’s the beef? The real issue is probably that Gracenote sells some aggregate data to marketers. And once again, this raises “privacy advocates'” hackles. It’s not privacy that bothers them so much, it seems, as capitalism. Note that FreeDB, a less-comprehensive and less-reliable Gracenote knockoff run as a non-profit, doesn’t even merit a mention or complaint–even though it publishes pages like this and this!


But in this case, the critics are even more anti-consumer than usual. Think about it this way: Is it to your benefit, as a music listener, for an advertising exec to learn that, say, the Fiery Furnaces are gaining steam in Washington, D.C.?


Think about that the next time you’re watching television and marveling at how tone-deaf all of Madison Avenue must be.

This would be funny if it weren’t true:

Instead of competing head-to-head with his rivals in the business world, [True.com owner Herb] Vest has veered into the political world by pressing for new laws that would put True.com’s competitors at a severe disadvantage.


Vest has managed to convince legislators in states including California, Texas, Virginia, and Michigan to sponsor bills that would target rival dating sites like Match.com, Yahoo Personals, Spring Street Networks, craigslist and eHarmony.


Those sites would be required to stamp this stark warning atop every e-mail and personal ad, in no less than 12-point type: “WARNING: WE HAVE NOT CONDUCTED A FELONY-CONVICTION SEARCH OR FBI SEARCH ON THIS INDIVIDUAL.”

On second thought, it is funny, regardless.


The online-dating service True.com, no surprise, does perform such background checks–for felony and sexual convictions–while rivals like Match.com do not. But as Declan McCullagh reports, True.com’s background checks can be easily foiled: just provide a fake name. Any felon searching for love (or an easy mark) online should be able to figure that out.


Interestingly, the legislation, as proposed in California, would apply to any “social referral services,” including social networking sites (e.g., Friendster) and conceivably even message boards. Social software, a broad field now thriving with startups and energy, would be severely hamstrung. Could garage-stage entrepreneurs really afford to screen all their users? Would they want to?


So anyway, besides all the obvious concerns, there are two other problems with this particular proposal, assuming it could be made to work.


First, are mandatory background checks really in keeping with the free-for-all nature of the ‘Net? For many online flirts, a certain sense of freedom would be lost.

And second, shouldn’t consumer preferences matter? Should anyone visiting this site (or one of the many like it) really be forced to pay for a background check?

In the end, McCullagh’s conclusion is spot-on: “Leave love alone. It has enough problems flourishing without ‘help’ from politicians.”

So Now You Tell Us!

by on March 1, 2005

Is Steven Spielberg’s “Saving Private Ryan” too hot for broadcast television? That’s the question that ABC affiliates were asking themselves–and the FCC–back in November of last year as they readied to show the film on Veteran’s Day. The FCC was on an indecency-fine rampage–rhetorically, at least–and no broadcaster was interested in paying out fines or putting its broadcast license at risk.


You may remember the FCC’s response then to broadcasters’ inquiries. The agency said that it was barred from making a decision before the broadcast “because that would be censorship.” But said a spokesman, “If we get a complaint, we’ll act on it.”


No surprise, a number of ABC affiliates dropped the film despite having shown it, to great appreciation, on prior Veteran’s Days.


Well, those affiliates that did show “Private Ryan” last year can now breathe easier. Just yesterday, over three months after Veteran’s Day, the FCC has rendered its ruling:  “In light of the overall context in which this material is presented, the commission determined that it was not indecent or profane.”


So how is this any different, in terms of censorship, than if the FCC had said the same thing three or four months ago? Beats me. Of course, if the FCC had made its decision months ago, those affiliates that opted for tamer programming on Veteran’s Day could have shown “Private Ryan.”


The FCC seems to think that if it doesn’t rule beforehand what’s acceptable and what isn’t that it’s not really censoring. But this premise is a bit flimsy. Facing vague indecency standards and the real threat of fines or worse, broadcasters will do the censorship themselves and, as with “Private Ryan,” may misjudge the FCC and withold perfectly decent programming. This isn’t voluntary compliance; it’s a chilling effect.


So should the FCC just go ahead and censor? It’s an unattractive choice, but it might be more honest than status quo’s de facto censorship. Would the FCC be flooded with inquiries from the networks, which would want every show to be FCC-approved? Surely, but that comes with the territory of vague content standards. And anyway, would it really be so different regular floods of complains from special-interest groups, on both sides of the cultural divide, that require investigation and, sometimes, post-facto punishment?


All this should be food for thought for those who wish to make the FCC’s response to programming judged “indecent” even harsher. With greater fines, stations will become even more cautious, and while that may cut down on poor-taste programming, worthwhile shows, like “Private Ryan,” will be affected, too.

Choosing the Greater Evil

by on February 22, 2005

Isn’t it great to see that there are so many people looking out for us?


Maybe not. Maybe that’s why we call those folks busybodies.


Leading lights of the technorati are calling a feature in Google’s new Toolbar a “strategic mistake” and a “bet the company decision.” Others, more simply, call it “evil” (well, he works for Microsoft) and directly opposed to Google’s code of conduct.


They bemoan a new Toolbar feature, AutoLink, that turns unlinked but standardized data–such as addresses, ISBNs, package tracking numbers, and VINs–into hyperlinks that point to Google-affiliated services. When you use the new Toolbar, plain-text addresses, for example, link directly to (the excellent) Google Maps.


Critics are saying this is too reminiscent of Microsoft’s stillborn smart tags concept, which would have, for example, linked ticker symbols to MSN finance. Internet protestors got Microsoft to back down from offering the feature.


One critic, a tech entrepreneur, wrote that he could only live with Google’s AutoLink “If this was an open tool, where the data sets I was using to tag the content were advertising free and not tied to the tool vendor.”


In other words, he could only accept it if it included difficult-to-implement functionality that would be lost on the vast majority of users. And many are even less accepting.


To their credit, most critics this time around aren’t crying “antitrust,” but that’s only because it’s not Microsoft. Some, however, do imply that there may be a role for the government here:



Google is to the Web what Microsoft is to PCs–the operating system everyone uses to search. It has nearly the same lock on consumers’ share of mind…And millions use the Google Toolbar. They shouldn’t get away with what Microsoft was unable to.


The truth is, this sort of functionality has been around for years, but only to the tech elite. For someone in the know, it’s not too hard to install a filtering proxy like Privoxy, write and debug a few regex matching rules, and modify (just on their own computers) any page on the Web in any way.


Now regular users who couldn’t tell a regex pattern from gibberish have a choice, too: install the new Google Toolbar.


This week’s busybody pushback is the same sort of reaction we’ve seen in response to every half-innovative feature that Google’s offered in recent years, from its Adwords advertising program to advertising-supported Gmail. Oddly enough, the tech elite still seem to respect the company’s technological prowess and innovation. They’re wary, however, that Google intends to profit from these services, no matter how much upside they offer users in the process. For too many, the idea of government intervention is only a step or two away, users be damned.


But here’s the thing: wrongheaded as they are, the critics are right to seize on the idea of regulation. There is simply no other way to keep a user from exercising the freedom that he now has to modify any data on his own computer. Web browsers have always made it trivially easy to change the color of all hyperlinks or enlarge text a bit. Newer browsers can, effectively, rewrite pages to block pop-ups or halt Flash animations. Hyperlinking regimented data isn’t too much of a step forward, really.


So what’s next? Expect the argument to heat up in the coming months, as the same tech-elite busybodies are in a preemptive snit over RSS news aggregators displaying ads beside bloggers’ entries and their fear may become a reality soon. Maybe the Toolbar episode is just a warm up for that inevitable fight.

In the end, though, isn’t it bizarre that so many  paranoid souls would campaign for government restrictions on what you can do with data that’s on your own computer?

(Thanks to James and Adam for inviting me to post and to PJ for setting things up.)

Update: After days of linking to others’ criticisms, Dave Winer weighs in. His chief complaint:

In 2005, adding links to a page is not different from adding to or changing the words on the page. It’s as if a machine editor had license to change our meaning or intent, without our permission, without disclosing to the reader that it was doing so, because it’s impossible to know which links were added by the author and which were added by Google.

And it’s even worse than it appears. AutoLink “opens the door for Microsoft,” worries Winer.

But if AutoLink is what users want, isn’t that a good thing?