The Greatest Threat to Privacy Part II: Why I Worry More About ISPs Than Google

You may also like...

5 Responses

  1. anonymous says:

    Now that Google owns DoubleClick, they CAN track you on most of the popular websites.

  2. Paul Ohm says:

    Yes, the Doubleclick acquisition has increased Google’s “view” considerably, but it is still less than the ISPs.

    First, even if it is true that Doubleclick has deals with “most” popular websites, as you say, it does not have deals with all of the popular ones and probably with few of the unpopular ones. Millions (billions?) of sites visited by users every day have no deals with DoubleClick.

    Second, I confess that I haven’t looked closely at how DoubleClick uses third-party cookies (or other things like web bugs) in four of five years, but as I understand things, when DoubleClick shows an ad and receives a third-party cookie, it learns only the URL of the site visited. As I understand it (please correct me if I am wrong), third-parties don’t even get the content of the GET or POST queries that led to the page (unless that information is stuffed into the ad href.) In contrast, ISPs have access to _all_ of the content in the entire session. Header, payload, non-content, content, everything.

    Third, DoubleClick doesn’t give Google access to non-web traffic like e-mail, IM, or VoIP.

    Fourth, it is easier to block third-party cookies than it is to opt-out of ISP surveillance.

    Finally, I am only saying that ISPs pose a greater threat to privacy than Google/DoubleClick. I am not saying that Google/DoubleClick poses a low threat to privacy.

  3. Paul, I’d add to your rebuttal list:

    – It’s possible to block ad servers altogether, so even web bugs and iframes get defeated.

    – As long as you change your IP address regularly and do your searches without being logged in (use another browser or use Google Chrome incognito mode, for example), no cumulative dossier can be collected by a service provider out beyond your ISP.

  4. Forgot to mention (perhaps obvious) in my second point that clearing cookies regularly is also essential. Ideally, cookies should be cleared in conjunction with IP address change, so that there is no overlap that allows one to be correlated to the other.

  5. GATOR says:


    i agree as to the difference between nebuad-isp network issues and google type, but what about:

    1) what is at&t planning?

    “AT&T (T) says it hasn’t yet started systematically tracking Web users, but it will in the near future.”

    2) there has been much discussion about isp as a whole, but i think you should develop “models” to separate the levels of what is being done. I would think the “nebuad-isp model” would be classified as the highest level of privacy breach.

    3) what about the websites that are downline from “nebuad-isp model” that would be receiving “the goods” that nebuad aka fair eagle obtained when they know the source of how they were obtained. what are the privacy legal issues there?