The Biggest Spy on the Internet – Part 1

Spying, intelligence gathering, surveillance, reconnaissance, eavesdropping, tracking – the Internet has made these activities much easier than they used to be.  The NSA, CIA, Russia’s Fancy Bear, China, North Korea – which organization is gathering more information about more people than probably any other.  While your information is unlikely (hopefully) to be in the NSA, CIA, or other governmental databases, a lot of information about you and me are certainly in the Google database.  Google may or may not be the largest (they keep the size of their data trove secret) but they are certainly in the top ten.  Other big commercial data collectors include Amazon, Sprint, and ATT.

So today and for the rest of the week we are going to focus on Google.  It is pretty tough to use the Internet in a meaningful way and not run up against the King of the Internet.  According to Wikipedia:

“Don’t be evil” is a motto used within Google’s corporate code of conduct. Following Google’s corporate restructuring under the conglomerate Alphabet Inc. in October 2015, Alphabet took “Do the right thing” as its motto, also forming the opening of its corporate code of conduct. The original motto was retained in Google’s code of conduct, now a subsidiary of Alphabet. In April 2018, the motto was removed from the code of conduct’s preface and retained in its last sentence”.

We can only hope that they are “doing the right thing” with the information they are collecting about us.

First, a quick background on Google.  Before there was Google, there was no such thing as Internet search.  Access to Internet content was kept in lists compiled by early Internet service providers such as AOL, CompuServe, Earthlink, and so on.  Stuff that was not on those lists was tough to find unless you were invited by the site owner, or someone told you the web address to find those resources.

Google was founded in 1998, and provided web search for free to all comers.  Tough to pay for the internet bandwidth, servers, routers and payroll providing a free service.  Their business model was, and still is, based on advertising revenue.  They collected information about website traffic, site popularity, and demographic information about the searchers that could be monetized and sold to marketing companies.  For instance, I have used Google Analytics for over a decade on my own websites to learn about my audience, and to help me make intelligent advertising purchases on Google’s Adwords platform.

Google has been very good at the data collection and analytics game, and had annual revenues last year of $110.8 billion.  The bulk of that, about 70%, came from its proprietary advertising service, Google AdWords, and advertising on Google owned website such as Maps, and YouTube. Just as meat packing companies “used every part of the pig but the squeal,” Google uses every bit of information it can collect about the users of its many products and services

In our next article, we will continue to explore just how much information Google has on all of us, and where it comes from.  We will look at the huge variety of Google products and services that feed the information database.  Personally, I find this wholesale data collection a bit disturbing, even if we accept that Google will “do the right thing” with all this personal information.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.