Googling Security: How Much Does Google Know About You? and over one million other books are available for Amazon Kindle. Learn more
CDN$ 32.75
  • List Price: CDN$ 51.99
  • You Save: CDN$ 19.24 (37%)
Usually ships within 1 to 2 months.
Ships from and sold by Amazon.ca.
Gift-wrap available.
Quantity:1
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Googling Security: How Much Does Google Know About You? Paperback – Oct 10 2008


See all 3 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
Paperback
"Please retry"
CDN$ 32.75
CDN$ 32.75 CDN$ 16.21

2014 Books Gift Guide
Thug Kitchen is featured in our 2014 Books Gift Guide. More gift ideas

Special Offers and Product Promotions

  • Join Amazon Student in Canada


Customers Who Bought This Item Also Bought



Product Details


Product Description

About the Author

Greg Conti is an assistant professor of computer science at the U.S. Military Academy in West Point, New York. His research includes security data visualization, usable security, information warfare, and web-based information disclosure. He is the author of Security Data Visualization (No Starch Press, 2007) and has been featured in IEEE Security & Privacy magazine, Communications of the ACM, and IEEE Computer Graphics and Applications magazine. He has spoken at a wide range of academic and hacker conferences, including Black Hat, DEFCON, and the Workshop on Visualization for Computer Security (VizSEC). Conti runs the open source security visualization project RUMINT. His work can be found at www.gregconti.com/ and www.rumint.org/.


Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 10 reviews
13 of 13 people found the following review helpful
Excellent book that explores the many security risks around Google and other search engines Nov. 12 2008
By Ben Rothke - Published on Amazon.com
Format: Paperback
It has been suggested that if one was somehow able to change history so that aspirin had never been discovered until now, it would have died in the lab and stand no chance of FDA approval. In a report from the Manhattan Institute, they write that no modern drug development organization would touch it. Similarly, if we knew the power that Google would have in 2008 with its ability to aggregate and correlate personal data, it is arguable that various regulatory and privacy bodies would never allow it to exist given the extensive privacy issues.

In a fascinating and eye-opening new book Googling Security: How Much Does Google Know About You?, author Greg Conti explores the many security risks around Google and other search engines. Part of the problem is that in the rush to get content onto the web, organizations often give short shrift to the security and privacy of their data. At the individual level, those who make use of the innumerable and ever expanding amount of Google free services can end up paying for those services with their personal information being compromised, or shared in ways they would not truly approve of; but implicitly do so via their acceptance of the Google Terms of Service.

While the book focuses specifically on Google, the security issues detailed are just as relevant to Yahoo, MSN, AOL, Ask and the more than 50 other search engines.

Until now, Google and security have often not been used together. As an example, my friend and SEO guru Shimon Sandler has a blog around search engine optimization (SEO). In the over three years that his blog has been around, my recent post on The Need for Security in SEO was the first on topic of SEO security. Similar SEO blogs also have a very low number (and often no) articles on SEO and security. Sandler notes that when he mentions privacy issues around search to his clients, it is often the first time they have thought of it.

The book opens with the observation that Google's business model is built on the prospect of providing its services for free. From the individual user's perspective, this is a model that they can live with. But the inherent risk is that the services really are not completely free; they come at the cost of the loss of control of one's personal information that they share with Google.

The book lists over 50 Google services and applications which collect personal information. From mail, alerts, blogging, news, desktop, images, maps, groups, video and more. People are placing a great deal of trust into Google as each time they use a Google service, they are trusting the organization to safeguard their personal information. In chapter 5, the book lists over 20 stated uses and advantages of Google Groups, and the possible information disclosure risks of each.

In the books 10 chapters, the author provides a systematic overview of how Google gets your personal data and what it does with it. In chapter 3, the book details how disparate pieces of data can be aggregated and mined to create extremely detailed user profiles. These profiles are invaluable to advertisers who will pay Google dearly for such meticulous user data. This level of personal data aggregation was impossible to obtain just a few years ago, given the lack of computing power, combined with the single point of user data. The book notes that this level of personalization, while golden to advertisers, is a privacy anathema.

Chapter 6 is particularly interesting in that it details the risks of using Google Maps. Conti explains that the privacy issue via the use of Google Maps is that it combines disclosure risks of search and connects it to mapping. You are now sharing geographic locations and the associated interactions. By clicking on a link in a Google map, the user discloses and strengthens the link between the search they performed and what they deemed as important in the result. By aggregating source IP addresses and destinations searches, Google can easily ascertain confidential data.

After detailing over 250 pages of the risks of Google and related services, Chapter 9 is about countermeasures. Short of simply not using the services, the book notes that there is no clear solution for protecting yourself and company from web-based information disclosure. Nonetheless, the chapter lists a number of things that can be done to reduce the threat. Some are easier, some are harder; but they can ultimately add up to a significant layer of protection. Chapter 9 details 11 specific steps that help users appreciate the magnitude of their disclosures and make informed decisions about which search services to use.

Googling Security: How Much Does Google Know About You? is an important book given that far too many people do not realize how much personal information they are disclosing on a daily basis. An important point that the book makes is that small information disclosures are not truly small when they are aggregated over the course of years. Advances in data mining and artificial intelligence are magnifying the importance of the threat, all under the guise of improving the end-user experience. The book emphasizes the need to evaluate the short-term computing gains with the long-term privacy losses.

The final chapter notes that apathy is the enemy. As a user becomes aware of the magnitude of the threat, they will see it grow every day. But the next step is to take action. Be it with technical countermeasures, taking your business where privacy is better supported, or petitioning lawmakers.

As to the underlying question, "how much does Google know about you?", the answer is that it is a colossal amount, far more than most people realize. For anyone who uses the Internet, Googling Security should be on their list of required reading. The risks that Google and other search engines present are of great consequence and can't be overlooked. If not, privacy could slowly be a thing of the past.
7 of 7 people found the following review helpful
resistance is futile Nov. 24 2008
By Pablo - Published on Amazon.com
Format: Paperback Verified Purchase
In buying this book on amazon, and leaving a review on amazon, the net knows that much more about me.

This book addresses one of those game theory scenarios, where whats good for the collective (maximum data) is bad for the individual (loss of privacy). The rational response is to let everyone else fully disclose and capitalize on that, while maintaining your own privacy.

I probably knew most of the material in this book beforehand, being in tech, but its unlikely I can abide by the recommendations. My Google RSS Reader is loaded up with 100+ feeds, some of which spool up 100 articles per day. Google Calender is best of breed. And Google Email offers POP/IMAP for free, whereas Yahoo email does not. All three of these "killer apps" work best when logged in continuously. So I login from home and work, and they stay logged in 24x7. As a result, whenever something pops in my head, and I do a search, Google is able to track that, and tie that to my name because my name is tied to my email.

I may switch to NewsGator or Bloglines, and go back to Yahoo email/ Calender. And I may code up something on my linux firewall to switch its MAC / IP address on a weekly basis. And I may ditch my Grandcentral, with the cost that I will have to give out my real cell phone number to merchants. But I probably won't.

I was able to muster a small pyrrhic victory, and steer clear of the G1 (google) phone. Which is integrated tightly with Google, such connecting with a Gmail address, and all the contacts associated with that email address.

Also, re. chaffing countermeasure, with Firefox TrackMeNot is interesting. I tried that out sometime back, and had it cranked up to some number of queries per minute. It wasn't long before Google (temporarily) blocked my IP address with some error message. And I just noticed that I have TrackMeNot turned on at work at a rigorous "chaffing" pace, and it was not disabled. I assume that is because Google cannot easily turn off chaff coming out of a big corp, thats behind a firewall/ NAT. This might be something of a loophole. I will have to explore this further.
4 of 4 people found the following review helpful
Good, but may be preaching to the choir Nov. 26 2008
By Adrian D. Crenshaw - Published on Amazon.com
Format: Paperback
This is a well written book, and an interesting read. It really points out the possibility in data mining the details from what you give Google via search, mail, finance or other services they offer. The downside to the book is if you are already a privacy enthusiast you already know most of the material, so it may be preaching to the choir. Still, it's a good book to hand to your less techie friends so they understand what they expose about themselves online.
8 of 10 people found the following review helpful
Fails to scare a paranoid March 27 2009
By Dr Anton Chuvakin - Published on Amazon.com
Format: Paperback
I think the book has good information (as other reviewers pointed out) and I enjoyed reading it. However, as I was reading the book, I developed an impression that this was a book meant to scare the reader into some kinda behavior change. In other words, I felt that the book was written to highlight the risks, to explain why given somebody so much information about your activities is a risky, bad thing and that you should do something differently.

Despite the fact that I enjoyed the book, I think this is where it fails. As somebody who works in security, I consider myself to be pretty paranoid, but the book failed even to scare me! After reading it, I did not become afraid of Google at all. The author highlights some of the presumed risks, but he fails to present scenarios that make the dangers come alive. So he ends up with a "non-scary Scary Tale."
For example, when talking about ads, and especially targeted ads, the book suggests that such consumer profiling is scary, but doesn't explain how and why.

To conclude: the book presents a good story of how much Google knows about you, but my impression was that the risks are not made to be scary enough and few resulting behavior changes are suggested. It goes a little like "OMG, you CAN be hit by the car if you cross the street!" At times while reading it I thought that "you have no privacy, get over it" trumps what's written in the book.
5 of 6 people found the following review helpful
An excellent book, but I question the audience Dec 8 2008
By Richard Bejtlich - Published on Amazon.com
Format: Paperback
There's no question that Greg Conti writes excellent books. Last year's Security Data Visualization book earned 5 stars, and I put Googling Security in the same league. Conti takes a thorough and methodical look at the privacy consequences of Google's services, incorporating technical realities and thoughtful analysis. My only question is whether this book will matter to the intended audience.

Ben Rothke's review does a nice job summarizing the book, so I won't do that here. Instead, I'd like to share this thought: do the millions of Google's users care about how Google collects and uses personal information? I argue the answer is largely "no," and I recognize that Conti's book is intended to try to change that point of view. However, I really doubt it will have that effect.

I see three main consumers for Conti's book, meaning groups of people most likely to play close attention to the technical details while trying to implement privacy-preserving countermeasures. The first includes organized criminals. A certain component of organized crime is tech-savvy, motivated, and likely to adopt practices to shield their less technical colleagues.

The second includes national intelligence services and related operatives. When reading Googling Security I thought to myself "This is a big OPSEC manual," similar to Johnny Long's great No Tech Hacking book. Google Security contains all the right material for an operative to construct a false identity, and then know how to act as safely as possible to not compromise that identity. In fact, the operative could move to the other extreme and use Google's services to construct what looks like a convincing false person, with a presence on a variety of sites.

The third group (which receives some attention in the text) includes national governments and other regulatory agencies. Even without sustained popular pressure, we have seen regulatory bodies exert privacy measures on private companies. This is probably the best route to move Google in the direction Conti would like.

One related note on nation states: Conti writes on p 4: "I view Google as the equivalent of a nation-state because of its top-tier intellectual talent, financial resources in the billions of dollars, and world-class information processing resources combined with ten years of interaction data." I reject that argument, just as I reject similar arguments regarding Bill Gates' wealth and so on. Neither Google nor Bill Gates nor any other similar actor can deny a person of life, liberty, or property. If any Google employee tried to imprison any person on behalf of "Google," he would suffer criminal charges. The tiniest nation-state on Earth has more legal power in this regard, especially when you add in other aspects of sovereignty like issuing passports, minting currency, imposing taxes, and the like.

I also think Conti fails to appreciate the benefit of putting your data in the hands of a provider. At one point Conti mentions having one's data "safe on your home computer." Safe from what? Theft? Fire? Disk failure? Intruders who convince someone to click on a malicious link? The more consumers become service users and less system administrators, the better overall level of security we will attain.

Regardless of my reservations, if you want to read the best book on how Google services impact your privacy, I strongly recommend Googling Security.


Feedback