Google Privacy Death Star

Google Privacy Death StarThe unofficial motto for Google is “Don’t be evil”.  It’s written on its Code of Conduct page as part of its investor relations information. 

Google has 7 simple areas in this code of conduct that cover serving its users, respecting employees, avoiding conflicts of interest, preserving confidentiality, protecting Google’s assets, ensuring financial integrity and obeying the law.  If you read them, it sounds like the company intends not to be evil.

Google’s privacy policies and terms of service are what affect most of the users of its services and websites.  On January 24, 2012, in an effort to simplify the somewhat arcane policies of numerous Google services, it issued notices to users of a pending change in its privacy policies. 

The beginning of the notice is below:

Dear Google user,

We’re getting rid of over 60 different privacy policies across Google and replacing them with one that’s a lot shorter and easier to read. Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google.

We believe this stuff matters, so please take a few minutes to read our updated Privacy Policy and Terms of Service at These changes will take effect on March 1, 2012.

If you have ever read a privacy policy, your head might explode with some of the legalese and gobbledygook in it.  Google has a separate policy for all of its services.  If you use Gmail, Google+, Picassa, Calendar, Alerts, Reader or any of the other services, you have to slough your way through individual policies.  A lot of governmental agencies and privacy advocates have asked Google and others to simplify the somewhat onerous language into something that we mere mortals can understand.

To Google’s credit, it has done just that.  It’s replacing the separate agreements with one – “One agreement to rule them all”.  But what does this single agreement say?

The major changes affect any user logged into Google and how information is shared across services.  If you just perform a search without logging into Google, this doesn’t affect you.  Unfortunately many of us are logged in all day.  If you use an Android phone, you are probably logged into Google.  If you use Gmail or Calendar on any device, you are logged in.  Many people think it’s only when they are in a browser, but it’s also when you are on an Android device, iPad, iPhone and all the services that connect to Google. 

I use Thunderbird as one of my email clients and that’s logged into Gmail.  My calendar app on my iPad is too.  Calendar information moving between my PC, Mac and iPad also uses Google services.  And synching some information through Apple iCloud is using Google.  This doesn’t take into account services that let you authenticate by connecting to your Google account.

Sharing your own information between your own accounts may be benign, but time will tell when Google implements its new policy on March 1, 2012.  The “don’t be evil” mantra may be cracking because many people aren’t sure what will happen to this information.  The stated goal is to improve your services and search results, but Google is proposing to pass information back and forth.  And where will it actually go and who will use it.

Every time Facebook makes privacy and security changes, people scream because it becomes more complicated and we are less sure of our security.  Hopefully Google is not becoming Facebook when it comes to privacy and security.

If you haven’t looked at your privacy settings in your Google accounts lately, do it.  You can find them in your Google Dashboard.  Check on the following as a minimum, but look at the settings for all your accounts to make sure they are set as you intended.

  1. Go to and log in with your Google id and password.
  2. Next to Account, click Manage Account.
  3. Check the section under Security to update anything.
  4. Click on the “connecting your accounts” hyperlink under Connected Accounts to see what else you are connecting to.
  5. If you have a Gmail account, click “Manage HTTPS settings” under it and make sure you have “Always use https” checked.
  6. If you have a Google+ account, scroll down and click Edit profile. 
  7. Click each item in About and check the settings.  You can choose Public, Extended circles, Your circles, Only you and custom.  Click on Photos and check the settings there too.
  8. Go to Web History and click on “Remove items or clear Web History”.  You can turn this off, so no web history is kept when you are logged into a Google account.
  9. If you have a YouTube channel, click on “Manage privacy settings” next to it to verify your settings.
  10. Check all other services and click Manage privacy, Manage privacy settings or any Shared settings links to edit those settings.

My hope is that Google will simplify privacy and security settings when they implement this new policy in March.  Whether or not all our information will become more or less secure with the sharing of information across these services is to be determined.  While you are waiting, make sure your privacy and security settings are as locked down as you want to make them.  Darth Vader may be smiling as we devolve into the clutches of the new evil empire.


Photo credit Insight Forge

Book a meeting