The Biggest Spy on the Internet – Part 1

Spying, intelligence gathering, surveillance, reconnaissance, eavesdropping, tracking – the Internet has made these activities much easier than they used to be.  The NSA, CIA, Russia’s Fancy Bear, China, North Korea – which organization is gathering more information about more people than probably any other.  While your information is unlikely (hopefully) to be in the NSA, CIA, or other governmental databases, a lot of information about you and me are certainly in the Google database.  Google may or may not be the largest (they keep the size of their data trove secret) but they are certainly in the top ten.  Other big commercial data collectors include Amazon, Sprint, and ATT.

So today and for the rest of the week we are going to focus on Google.  It is pretty tough to use the Internet in a meaningful way and not run up against the King of the Internet.  According to Wikipedia:

“Don’t be evil” is a motto used within Google’s corporate code of conduct. Following Google’s corporate restructuring under the conglomerate Alphabet Inc. in October 2015, Alphabet took “Do the right thing” as its motto, also forming the opening of its corporate code of conduct. The original motto was retained in Google’s code of conduct, now a subsidiary of Alphabet. In April 2018, the motto was removed from the code of conduct’s preface and retained in its last sentence”.

We can only hope that they are “doing the right thing” with the information they are collecting about us.

First, a quick background on Google.  Before there was Google, there was no such thing as Internet search.  Access to Internet content was kept in lists compiled by early Internet service providers such as AOL, CompuServe, Earthlink, and so on.  Stuff that was not on those lists was tough to find unless you were invited by the site owner, or someone told you the web address to find those resources.

Google was founded in 1998, and provided web search for free to all comers.  Tough to pay for the internet bandwidth, servers, routers and payroll providing a free service.  Their business model was, and still is, based on advertising revenue.  They collected information about website traffic, site popularity, and demographic information about the searchers that could be monetized and sold to marketing companies.  For instance, I have used Google Analytics for over a decade on my own websites to learn about my audience, and to help me make intelligent advertising purchases on Google’s Adwords platform.

Google has been very good at the data collection and analytics game, and had annual revenues last year of $110.8 billion.  The bulk of that, about 70%, came from its proprietary advertising service, Google AdWords, and advertising on Google owned website such as Maps, and YouTube. Just as meat packing companies “used every part of the pig but the squeal,” Google uses every bit of information it can collect about the users of its many products and services

In our next article, we will continue to explore just how much information Google has on all of us, and where it comes from.  We will look at the huge variety of Google products and services that feed the information database.  Personally, I find this wholesale data collection a bit disturbing, even if we accept that Google will “do the right thing” with all this personal information.

More information:

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.