[Cryptography] Depending on Google to protect your anonymity?!

[Theodore Ts'o]

> > This does not mean they are omniscient - their detection is spotty, and from
> > what they have caught, I know that some things they have not caught, I have
> > gotten away with lots of stuff, much of which might seem easy to catch, but
> > what they have caught is a lot more than you would think from this link.
> 
> Even without logging in, you can be cookied.
> Even without cookies, you can retain TLS session keys
> triggered by adsense, stats, CDN's, webbugs, etc...
> people hardly ever mention this, test your browser.
> Even without those, your browser is somewhat unique.
> So much data and metadata correlatable and brokered
> on the backside.

And that's just the beginning.  State can be stored via HTML5 and
Flash interfaces, and you can correlate based on all sorts of things
including IP address, screen size and resolution, etc., etc.

The other thing that's important to note that there are plenty of ad
networks beyond just Google and many of them are far less ethical (and
for that matter, competently implemented).  So just because you are
still seeing ads for restaurants in Honolulu weeks after your Hawaiian
vacation, don't necessarily be quick to jump up and blame Google as
the automatic boogieman.

I normally give permission to Google to know my location via my
browser's HTML5 facilities, because I *like* location-aware
advertising.  It's actually annoying to get ads about restaurants
which I can no longer enjoy.  So when I get ads for those restaurants
(which no doubt was coming from tracking cookies established while I
was researching fine dining experiences from my hotel room in Oahu),
I'm pretty confident that they aren't coming from Google's ad network
--- Google does a much better job targetting me, and for me that's a
feature, not a bug.  Relevant ads are actually *way* less annoying
than rubbing my nose in the fact that my vacation only for a week.  :-/

						- Ted