I’ve found myself more and more wary of doing things that I’d like to do with Google applications simply out of some primal, lizard brain fear of giving too much control of my data to one source. It’s not that I don’t trust Google, it’s not that I don’t like the applications, it’s that I’m worried they might fall to some ill use, out of the control of the current brand as I’ve come to understand it today. Or perhaps it’s deeper than that – I simply can’t let too much of my online life run through any one control point, regardless of who it is.
Already, Google has my feed (through Feedburner), a portion of my business( through Doubleclick, which serves some of our ads at FM), most of my search history (I use Google more than any other engine), and another portion of my business (we use Google for backfill ads at FM). But yesterday I decided not to run Google Calendar for something business related, even though it would have been perfect for us, and earlier we decided to not run Google spreadsheets, because we didn’t want “Google” to have access to sensitive competitive information. I still use some Google services for other portions of the work I do – like planning conferences, for example.
But I have noticed that I’ve hit, perhaps, my “Google saturation point.”
How about all of you? Has this issue crossed your mind?
Update: Matt writes: given Google’s strict privacy policies, I wouldn’t worry about something like using Google Calendar or Gmail. I’ll check if someone at Google can talk a bit somewhere about the protections we have in place for data like that.
I would love to see the text applying directly to that, Matt. I recall the overall TOS for an account, but they include text like this:
11.1….By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
11.2 You agree that this licence includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.
And I recall Google’s privacy policy, which includes this:
# We may use personal information to provide the services you’ve requested, including services that display customized content and advertising.
# We may also use personal information for auditing, research and analysis to operate and improve Google technologies and services.
Well, that’s pretty broad, Matt. What if you use the data an entrepreneur gives you about his new startup, say through Analytics or Calendar, to make your competing service better?
Oh yeah. I try to keep all of my essential tools on my own domain. Yay to Mozilla for Sunbird calendar and also to phpicalendar. I have my emails on my own domain and hosted with Fusemail (used to be a great service, not really anymore). My blog on my own webhost. For searching I switch my default on Firefox every often (Just by pressing CTRL+UP/DOWN in the search field). Well I do this not for privacy but so that I know how different search engines are doing at the moment. And I have my Linux server at home for my online storage and music that I can access from anywhere.
I have no problems at all with Google (at present).
In fact, going to Mtn View to meet with Google Scholar and Google Books to solidify deals with both of them and get a better, first hand, understanding of their ops. Add to that the iPhone I’m getting next week (obvious Google footprint on the deck) and the adWords campaigns… The GWT and Gears stuff I’ve got going on… I’m under the sheets bigtime.
Nah, I’ve no problems with Google. Google’s earned my trust and indicates they’re trending (albeit slowly) in a direction where I’ll have control over my historical usage records. Still haven’t given into letting them onto my Mac desktop though. Hmm… might just rectify that tonight.
What startup that wants to stay under the radar from Google would ever use Google Analytics, for example?
I have reached my Google saturation point. I use Google for a lot of services, but some of the others – like Google Homepage and Google Notebook, aren’t my cup of tea.
I use Gmail, Google Reader, Google Search and Google Calendar.
I respect your choice, but given Google’s strict privacy policies, I wouldn’t worry about something like using Google Calendar or Gmail. I’ll check if someone at Google can talk a bit somewhere about the protections we have in place for data like that.
Saturation? Yes. Has the other shoe dropped yet? Not even close. For most of us, the purchase of FB hit close to home. It meant that Google was acquiring an immense amount of data about how we consume RSS and what content we are pushing through it. Google sits at both ends of that pipe now and it is a bit disconcerting but with any good ruffling some interesting stuff is bound to shake out in the form of competition to those Google services. Of course, that is until Google buys them too.
I’m feeling the same as you John and try to limit my usage to gmail only. But I’ve also got adwords and feedburner. My gmail account is not my main account though and never will be.
And I know we keep hearing how google will aggressively protect it’s users privacy and I’m not disputing that but that fact that you’ve written this post indicates that this statement isn’t good enough to make you comfortable is it?
Why is that?
How would google feel if we asked them to store some of their most sensitive data on one of your machines John with the promise that you’d aggressively protect their privacy?
Not that google doesn’t trust john but I’d be willing to bet that they’d say ‘no thanks’.
Let’s try it! Hey google, can John have copies of documents critical to your business to save on his machines? It’s ok because he has a privacy policy.
Sort of… I still find that google services offer uniquely what I want, but I feel a bit odd at all my info, and even some of my client info, that is floating around the google servers. Adwords, analytics, documents, email, reader, and blogger… Hmmm.
I’m absolutely concerned about this as Google is involved in more of our revenue stream than I am comfortable with. I think about it in the same terms as the vulnerability to a business associated resulting from having a majority of revenue coming from one customer – good or bad today you can bet it will change in the future.
How we all feel on the day Google has a data leak of some sort?
I trust Google – not because of what they promise in terms of never abusing data, but for what they stand to lose if they were ever proven to be doing so. The company would likely be ruined forever in a matter of hours.
It’s a bit like the old saying, “locks are for honest people”. I can’t put a lot of stock in the “Big Brother” paranoia that seems to permeate the search industry. Google is the least of my worries, and an amazing contributor.
I thought about the same issue when Google started saving search history. Then I thought about it again when they started the personalized home page (my preferred RSS aggregator). And then again when I moved my Go Daddy hosted email to Google’s Domain Apps. Finally, I considered this when I used Google Checkout this past Christmas. That was the first time Google had ever asked me for my credit card information. (In retrospect, I really don’t know which is more _valuable_, my search history, gmail and personalized home pages settings or my credit card info.)
I think it’s hard to give that much control to one entity but then it’s even harder to separate all these services that are so entwined. Deep down I have a great respect for Google. With each new service Google produces I ask this same question, but I just can’t get away.
I think it’s a decision you make any time you put data out of your control, whether it be using a hosted service, data center rackspace, or an offsite backup storage provider. I would daresay Google is better from a technical, security and ethical perspective than most other choices, assuming you’ve already decided to put your data out there on the net. The aggregation issue, trusting one company with multiple kinds of data, is generally lower risk than spreading your information across multiple sites.
Personally I have decided that Google security, stability, and redundancy is superior to what I can provide on my own. They have every incentive to not do the silly things that John proposes, such as have a human peek at your gmail- their very business depends on it.
Trust is not a binary yes/no question, it’s a continuum. You just don’t trust Google enough to host sensitive information, and that’s OK.
I don’t trust Google to host any personal information, and disable all Google cookies on my primary browser. I will occasionally use GMail on a secondary browser when testing email connectivity, but that’s it.
We use google for our corporate mail and love it. It takes away any sysadmin issues, allows our Outlook users to still use it, and I love the gmail interface. Calendar is a stickier issue…not so much from a privacy perspective, but from functionality of syncing with phones (perhaps there is something I haven’t seen that enables this). As for the office apps, we are still in limbo. We try to do more and more, but the web interfaces are just not as fast or flexible. When it comes to working in Excel, it is hard to beat the desktop experience.
As for security and privacy? The only way to truly do it is protectionism and run everything internally. Not sure if the danger outweighs our ability to innovate in our own space. Would rather have our small team focused on servicing our customers and innovating rather than worrying about the day to day management, security, and upgrades of business apps.
saturated and queasy from what i’ve come to call ‘insidiously free’. I just noticed and deleted my credit card from Google Checkout for a 2006 purchase of google earth.
That they still retained CC info there is at serious odds with the ToS that John cites.
Fair question!
Just for the hell of it, I just typed hosting.com into my location bar and hit enter (I think other people would normally restrict their “direct navigation” to maybe only a handful or at most a dozen domains, but I’m a wild & crazy guy 😉
After all: I *knew* “hosting” has got to be one of the hottest keywords on the net, and like ED, I’m a *firm* believer in markets.
Boy, was I amazed! Look at that “customer list”!! OK, so lemme go to the shop next door: hosting.net — hmm, no client list, but they’re “certified” (whatever that means).
Now “hosting.net” may not be 5th Ave. — but it’s at least Madison or maybe Park. I mean, I wouldn’t go looking around Cameroon Blvd. or anything…. So, would I trust hosting.net? Well, why not? I mean, this property is pretty valuable, right? Would they risk that on a front page headline saying that they had revealed that my customers mainly search for graphic images? Or even that they’re “doing deals” with publishers? Would anyone who owns hosting.net risk losing that reputation?
I don’t know — your guess is as good as mine….
🙂 nmw
Then again, I don’t think I would hire them for SEO:
Hosing.net
;D nmw
My primary issue, stated before, was their using search to push their other products, specifically Google Checkout. Bad form, and no doubt helped to piss off eBay.
However, I keep waiting for a “community of smaller groups” to come together and offer their list of apps jointly, to compete with what Google and the other large corps offer. I would rather support ten independent groups working together than one massive one. So I get my email through one, calendar another, but I just have one UN and PW and can link back and forth very easily. Call it the “community applications” or something, give users some voice in deciding what apps are added or not each year. Make it a community-oriented network — that would be cool, as long as they have good tools.
You’re in the minority, but I don’t think you’re alone. Even though I use one of my personal Gmail accounts for things like this post (because it’s not my primary email account) I have increasingly eased a bit away from it and some other Google services of late – at least for my personal web usage. Much like Larry Dignan’s ‘Life Without Google’ series over at the Zdnet blogs, I’ve even been increasingly using other alternatives of late in Google’s core competency – search. Where they used to be head and shoulders above the competition in this area, some of the alternatives are often just as good.
However, as a webmaster for multiple clients Google is pretty much the main point of contact on so many fronts. More than half of the shortcuts on my work-browser’s links bar go to Google-related products. Webmaster Central. Google Mini. AdWords. Urchin. Analytics. AdSense. These are all areas we have to deal with daily and when you step back and think about it for a moment, it is a bit alarming to see how ubiquitous the company has become. And that’s despite the fact that I actually like most of these services and am considered ‘the Google Guy’ around our office.
The interesting thing to me is that while Google still has an overwhelmingly positive reputation, I’m starting to see more and more bleeding edge tech people ask this same question. Danny Sullivan has talked about ‘tipping points’ a number of times in reference to Google’s image. I’m not sure we’ll ever see a point where Google is thought of negatively by a majority of people. They’re big but they really don’t seem scary. And they really do offer some great services. But I think it’s pretty much inevitable that as they continue to grow and reach out into seemingly every facet of the digital world that some people (perhaps even a significant minority) will become increasingly distrustful.
John, I think you are a little paranoid. I would rather give all my info to the one company from whom I know I can get it back if I ever want to switch than to distribute it among little players who may disappear or fail to give it back losing me all the history that I have built.
One example, last.fm has every song I have listened to in the last two years. I think they have stagnated. iLike is the new player in town and I’d like them to have it. I am not at all worried about last.fm/cbs keeping it, I just want it back so I can pass it to iLike. Now they let me take it, but will CBS let them keep doing that?
Same with Yahoo. They have my song ratings, do I trust them to let me get them back? No. Do I trust google to provide a standard output file of my search history so I can move to someone new when the time comes? yes. Does it bother me that they keep it? not one bit, as long as they make it easy for me to turn off collection for an hour or so when I’m shopping for surprise presents or undermining governments.
I am much more concerned that my data not be lost than that it it be misused. Maybe for business uses it is different(I am an academic and not concerned about anything I do leaking, as it will ideally be leaked anyway), but as long as Google has a product explicitly for businesses I think they will treat the information therein in a manner consistent with that usage.
I have reached that point over a year ago I think.
But I still use many Google services, just because they are good. (I found no better Calendar app than Google’s for instance)
And search of course. You can’t avoid it.
Ouch! Google saturation – could be the killer app killer.
I know the feeling but I think we are protected by a very powerful force – the fact that Google abuse of the info would undermine their credibility so greatly that it’s almost impossible to think of areas where they’d abuse personal or corporate online data in some systematic way. Frankly, I’m amazed there have not been at least a few incidents of disgruntled employees/spouses/rivals at Google sharing confidential info about somebody’s search history. That alone is an indication they are doing something very right over there with respect to privacy.
I don’t like Google having so much control; but for now, they ARE the best.
I’d really appreciate some decent competition, however. So I _could_ focus more on intangibles.
“just cuz’ i’m paranoid doesn’t mean they’re not out to kill me…” 😉
but i ain’t worried about google anymore john… that’s *so* last year. nowadays, i worry about Facebook & how much power i’m giving to all the crazy Facebook apps i run.
on to bigger & better worries!
– dave mcclure
http://500hats.typepad.com/
Many times. Because of the ubiquity of Google services on the web, I’m even willing to use the service on the web just because they aren’t Google. But unfortunately no thinks they can leverage this mindset and are not building head-on competing products.
More at:
http://umangjaipuria.blogspot.com/2007/03/what-does-google-know-about-me.html
http://umangjaipuria.blogspot.com/2007/04/web-history.html
Google lost me when they launched their desktop search application. They have a great search engine and I use it often, but, beyond Google News & Blog Search, I don’t use anything else.
Just last week I attended a Google@Work seminar here in Detroit. Many of the questions were related to the same privacy concerns you bring up in your post. Google claims that the license agreement for enterprise is different than their free versions and that all your company data is strictly private. The example they used was companies that outsource their email have all sorts of private corporate data going through the outsourced email servers. I agree with the concept, but my email provider also isn’t Google with all sorts of other information about me and my company. I couldn’t find the license agreement for Google Enterprise on their site… maybe that would clear things up.
Google’s moves to store more and more of my data are pissing me off. I use Google Talk to chat with my wife (yes, my household is 20% of the entire user base). It used to log my chats to my hard disk, which was handy. A few months ago they released a client update, as part of the update process, it asked if I wanted to log my chats to Gmail. Of course, I said no, not realizing that they had eliminated local logging of chats in the process. So, today I want to look for a URL I IMed her a few days ago, only to realize the full featureset of the “upgrade.”
Like you, I worry about Google. For me, the problem is that Google has released a _lot_ of very, very useful products.
I don’t think any other webmail compares to Gmail.
Reader is among the best feed readers out there (though the limitations of the interface are starting to get to me).
I would be using GrandCentral, but I found out about it just before they bought it, and routing my calls through them seem like a very, very bad idea.
Google Calendar, Google Analytics, Google Groups, Google Earth & Maps (I really was not happy about Street View)…
But they’re very, very good at what they do. Though I’m hearing some rumbles that, not only have consumers reached a Google saturation point, but that Google might have also peaked in terms of finding talent (mind you, not very reputable sources).
I’ve been teetering around my personal Google saturation point for a while now, making that decision on an app-by-app basis. I think (and hope) that widespread adoption of single-sign-on techniques will allow for greater competition in the apps space as that may allow for more federated interoperation rather than monolithic (as we get from turning to Google as our sole software provider).
Hey John, I asked for an official answer and got one, and then it sat in my inbox for well over six months. I’m finally circling back around to post the official answer. The delay is entirely my fault, and I apologize for that. The official response is pretty long, so I’m just going to highlight the section that I think is most relevant: “our internal user data access agreement explicitly mentions that Google employees are not allowed to try to access data on any public figure, any employee at a particular company, or any acquaintance. To do so would be grounds for immediate termination. So for the case that you’re worried about (running a start-up using Google’s tools), we have mechanisms and policies in place that specifically protect your privacy in that situation.”
I’ll include the entire response below.
Matt Cutts
We recognize that our continued success is based on earning – and keeping – our users’ trust. There’s a distinction to be made between who can access user data stored in our web apps because the user wants them to and who can access this data without the user choosing to make it available. Many users who use calendar share information with others in their lives—e.g., I share my work travel calendar with my partner. These collaborating and sharing functionalities represent a benefit of cloud computing that’s important to our users and central to why we built Calendar the way we did. As long as access to user data is driven by a user choosing to share it, such access respects privacy concepts of user control. But then there’s the question of unauthorized data access or exposure through security breaches/leaks and through law enforcement requests.
With respect to security:
– In general, hosted software is reliable, safe, and secure. Where we’re at now in terms of people trusting online applications is about where we were when people started realizing that their money was safer in a bank than under their mattress. We and all providers of hosted software services have extensive policy and procedure in place to ensure the highest levels of data availability and protection.
– Product security is a very important factor in the design and development of products and services at Google. We strive to create innovative products that serve our users’ and customers’ needs and operate in their best interest. This includes our commitment to providing products that do not expose users and customers to undue security risk.
– An important factor in our approach to security is our view that security engineering as an ongoing process of risk management that requires the cooperation of everyone involved in the design, development, delivery and operation of our products and services. In our experience, processes where security is “done” only by a security team are not scalable and tend to be ineffective. We strive to integrate security into the overall product development process and are constantly developing increasingly sophisticated measures and continually monitor and update our products and services. Some examples of our security processes include coding style reviews for our engineers, and peer code reviews to ensure high quality code. We also continually look for ways to automate tools or processes to further reduce the need for even this limited set of people to view systems with personal information.
– For example, for Gmail, a very small set of Google employees interact with user data. In order to have access to user data at Gmail, employees must agree to additional restrictions designed to protect our users’ privacy. For example, our internal user data access agreement explicitly mentions that Google employees are not allowed to try to access data on any public figure, any employee at a particular company, or any acquaintance. To do so would be grounds for immediate termination. So for the case that you’re worried about (running a start-up using Google’s tools), we have mechanisms and policies in place that specifically protect your privacy in that situation. We are also continually looking for ways to automate tools or processes to further reduce the need for even this limited set of people to view systems with personal information.
– We use the web apps we develop (Gmail, Calendar, Docs & Spreadsheets, etc.) ourselves as Google employees—all 10,000 of us. If Google designs these authentication systems to be large enough for our own needs that’s probably the best recommendation we can give to our users about the security of these systems, since lots of confidential information passes through them every day. In addition, our campus doctors store their information, so we have HIPAA-controlled data stored in our system.
– It’s also important to point out that, in some ways, keeping confidential or personal information “in the cloud” presents less risk than housing it on your laptop, since laptops get stolen and such thefts have been a source of major data leaks for many organizations. For example, there’s a recent story of a computer theft at a financial services company which revealed strategy plans that the CFO was working on from her laptop.