Automotive Deals Best Books of the Month Shop Women's Clothing Learn more nav_sap_plcc_ascpsc $5 Albums Fire TV Stick Health, Household and Grocery Back to School Handmade school supplies Shop-by-Room Amazon Cash Back Offer TarantinoCollection TarantinoCollection TarantinoCollection  Amazon Echo  Echo Dot  Amazon Tap  Echo Dot  Amazon Tap  Amazon Echo Introducing new colors All-New Kindle Oasis Enter for the chance to win front row seats to Barbra Streisand Segway miniPro

Customer Reviews

4.5 out of 5 stars
11
Format: Paperback|Change
Price:$36.58+ Free shipping with Amazon Prime
Your rating(Clear)Rate this item


There was a problem filtering reviews right now. Please try again later.

on November 24, 2015
Very nice!
0Comment|Was this review helpful to you?YesNoReport abuse
on May 23, 2009
In his review of this book Ben Rothke, author of Computer Security- 20 Things Every Employee Should Know (2nd ed), stated "It has been suggested that if one was somehow able to change history so that aspirin had never been discovered until now, it would have died in the lab and stand no chance of FDA approval. In a report from the Manhattan Institute, they write that no modern drug development organization would touch it. Similarly, if we knew the power that Google would have in 2008 with its ability to aggregate and correlate personal data, it is arguable that various regulatory and privacy bodies would never allow it to exist given the extensive privacy issues."

Rothke may have been semi-prescient. Google Street Maps have been encountering increasing resistance and legal issues related to privacy concerns in countries from Japan, to Germany, to England, to Greece, and others. Granted, it is a decade or so too late to protect against most of the issues Conti analyzes in this book, but it illustrates that those concerns do exist as Google continues to expand the products and services it provides on the Web.

Johnny Long has evangelized on the topic of data security on Google for years. His book, Google Hacking, is more about targeted techniques for extracting sensitive information that users should have protected better rather than an indictment of Google or its methods. But, it illustrates essentially the same point- there is a virtually endless amount of data catalogued and indexed on Google's servers and, either intentionally or unintentionally, it can have significant privacy and security ramifications.

Greg Conti's take on the subject makes for an interesting and compelling read. It has tips, but is short on actual solutions. It is good to be aware of the security implications of resources such as Google though. Give it a read.
0Comment| 2 people found this helpful. Was this review helpful to you?YesNoReport abuse
on March 27, 2009
I think the book has good information (as other reviewers pointed out) and I enjoyed reading it. However, as I was reading the book, I developed an impression that this was a book meant to scare the reader into some kinda behavior change. In other words, I felt that the book was written to highlight the risks, to explain why given somebody so much information about your activities is a risky, bad thing and that you should do something differently.

Despite the fact that I enjoyed the book, I think this is where it fails. As somebody who works in security, I consider myself to be pretty paranoid, but the book failed even to scare me! After reading it, I did not become afraid of Google at all. The author highlights some of the presumed risks, but he fails to present scenarios that make the dangers come alive. So he ends up with a "non-scary Scary Tale."
For example, when talking about ads, and especially targeted ads, the book suggests that such consumer profiling is scary, but doesn't explain how and why.

To conclude: the book presents a good story of how much Google knows about you, but my impression was that the risks are not made to be scary enough and few resulting behavior changes are suggested. It goes a little like "OMG, you CAN be hit by the car if you cross the street!" At times while reading it I thought that "you have no privacy, get over it" trumps what's written in the book.
0Comment| 8 people found this helpful. Was this review helpful to you?YesNoReport abuse
on February 21, 2009
I have to give this book five stars, it is well researched and covers an important topic. I knew most of this already, but thought I was a delusional paranoid individual. Now I know there are at least two of us and am excited to join the Usable Security Blog.

The next to the last chapter countermeasures is what makes the book worth reading. OK, Google, Amazon, many of the online providers can piece my life together with incredible accuracy. I am thankful to have been introduced to the concept of learned helplessness. Starting tonight, I am going to make some of the changes suggested in the countermeasures chapter. I have already started using the ixquick.com search engine.

Thank you Mr. Conti! One tiny nit and if I missed it in the book please forgive me. The use of firefox plugins for privacy can be a double edged sword, more and more web client attacks are aimed at the browser. I had been only using NoScript. Now I need to really rethink what I do, because your suggestions sound awesome.
0Comment| 2 people found this helpful. Was this review helpful to you?YesNoReport abuse
on February 20, 2009
Greg Conti has really done a great job here collecting and organizing lots of information about Google even as they continue to collect data on all of us. This book breaks down the privacy aspects of several services provided by Google including G-mail, Search, Advertising programs, and many more. It uses great graphs and screen-shots to help illustrate the details where visual validation is necessary.

The book is laid out by category of service types. One good example is the advertising chapter which discusses (among other things) all of Google's advertising-related services including Adwords and Adsense. It goes on to discuss Google's acquisition of doubleclick and all of its collected data and illustrates how all of this data can be tied together and tracked.

If you ever wondered if Google is collecting information on you and exactly how much information Google knows about you, read this book!
0Comment|Was this review helpful to you?YesNoReport abuse
on January 2, 2009
Disclaimer: I know the author personally and was given a review copy of the book.

I haven't read many (non-religious) books that totally change my outlook about the world we live in. In 2008, Robert O'Harrow's "No Place to Hide" is one such book and Greg Conti's Googling Security is the second.

The book begins with a simple question. "Have you ever searched for something you wouldn't want you grandmother to know about?" A simple but powerful question. Of course all of us have searched for topics we would rather our grandmother, friends, or spouse not know about. Would you ever consider posting the sum of your Google queries on your blog or website? Probably not, but just about all of us have given this information to Google in our dealings with them over the years. The book helps you take a look at how the sum of that information gathered through the use of the multitude of Google's "free" tools adds up to take a huge chunk of our privacy and very well could be giving Google a solid look into our personalities to include things most of us would prefer keep private.

Breakdown of the chapters:

Chapter 1: Googling 1
Chapter 2: Information Flows and Leakage 31
Chapter 3: Footprints, Fingerprints, and Connections 59
Chapter 4: Search 97
Chapter 5: Communications 139
Chapter 6: Mapping, Directions, and Imagery 177
Chapter 7: Advertising and Embedded Content 205
Chapter 8: Googlebot 239
Chapter 9: Countermeasures 259
Chapter 10: Conclusions and a Look to the Future 299

A common theme that the author found while conducting research for the book was "Google will collect personal information from you to provide you with a better experience." Right now we expect Google to "do no evil" and their current policies say they don't personally identify its users but as the author points out through the chapters in the book; Google gathers A LOT of data they DO tell us about and the ability to gather even more data is already built into its "free" services.

Some other reviewers have said that its "preaching to the choir." While I agree that the normal person that would buy this book is in the IT field, I wouldnt be so quick to immediately say that the average system admin or evern security guy understands the magnitude of information gathering that could possibly be going on and the value and power of that information. While not specifically mentioned in the book I would encourage anyone interested in the topic to check out Conti's DEFCON 16 presentation on "Could Googling Take Down a President, a Prime Minister, or an Average Citizen?" When you think about the importance or value of that first page of results returned by Google and think about how events, commerce, or public opinion could be shaped by crafting the results that are returned you have a powerful tool(weapon?). What if the top results for a certain political candidate consistently only returned negative commentary? or if events were "buried" by Google never returning those results? Just because Google doesn't currently appear to be altering results or collecting and using personal information, its important to understand the power every user gives to Google in both personal information and the power of controlling what is presented to searchers.

One of the best things the book has that most books covering similar (privacy) type topics is a countermeasures chapter. While saying "don't use Google" really isn't an option for most people the best advice from the chapter was teaching people to know and understand what they are disclosing and adjusting the behavior accordingly.

My only dislike in the book was the coverage of "physical" information leakage (TEMPEST). The material is good, but I don't think it was pertinent to the Google and privacy discussion.
0Comment|Was this review helpful to you?YesNoReport abuse
on December 8, 2008
There's no question that Greg Conti writes excellent books. Last year's Security Data Visualization book earned 5 stars, and I put Googling Security in the same league. Conti takes a thorough and methodical look at the privacy consequences of Google's services, incorporating technical realities and thoughtful analysis. My only question is whether this book will matter to the intended audience.

Ben Rothke's review does a nice job summarizing the book, so I won't do that here. Instead, I'd like to share this thought: do the millions of Google's users care about how Google collects and uses personal information? I argue the answer is largely "no," and I recognize that Conti's book is intended to try to change that point of view. However, I really doubt it will have that effect.

I see three main consumers for Conti's book, meaning groups of people most likely to play close attention to the technical details while trying to implement privacy-preserving countermeasures. The first includes organized criminals. A certain component of organized crime is tech-savvy, motivated, and likely to adopt practices to shield their less technical colleagues.

The second includes national intelligence services and related operatives. When reading Googling Security I thought to myself "This is a big OPSEC manual," similar to Johnny Long's great No Tech Hacking book. Google Security contains all the right material for an operative to construct a false identity, and then know how to act as safely as possible to not compromise that identity. In fact, the operative could move to the other extreme and use Google's services to construct what looks like a convincing false person, with a presence on a variety of sites.

The third group (which receives some attention in the text) includes national governments and other regulatory agencies. Even without sustained popular pressure, we have seen regulatory bodies exert privacy measures on private companies. This is probably the best route to move Google in the direction Conti would like.

One related note on nation states: Conti writes on p 4: "I view Google as the equivalent of a nation-state because of its top-tier intellectual talent, financial resources in the billions of dollars, and world-class information processing resources combined with ten years of interaction data." I reject that argument, just as I reject similar arguments regarding Bill Gates' wealth and so on. Neither Google nor Bill Gates nor any other similar actor can deny a person of life, liberty, or property. If any Google employee tried to imprison any person on behalf of "Google," he would suffer criminal charges. The tiniest nation-state on Earth has more legal power in this regard, especially when you add in other aspects of sovereignty like issuing passports, minting currency, imposing taxes, and the like.

I also think Conti fails to appreciate the benefit of putting your data in the hands of a provider. At one point Conti mentions having one's data "safe on your home computer." Safe from what? Theft? Fire? Disk failure? Intruders who convince someone to click on a malicious link? The more consumers become service users and less system administrators, the better overall level of security we will attain.

Regardless of my reservations, if you want to read the best book on how Google services impact your privacy, I strongly recommend Googling Security.
0Comment| 5 people found this helpful. Was this review helpful to you?YesNoReport abuse
on November 28, 2008
How much could you learn about someone based only on the words or phrases used in Google search? Maybe just a little bit. But imagine that you are also able to track the links this person selects. And don't forget the IP address, which indicates the geographical location. Oh, yes, and the personal Gmail account with contacts, chats, and e-mails with their attachments. Did I mention that this person also searches information in Google Groups, uses Google Maps, and enjoys watching YouTube videos?

Those wonderful "free" services offered by Google (and other companies) come with a price: your personal data. Greg Conti raises the alert. He describes in a very understandable manner the way this profiling/fingerprinting could happen. He also highlights parts of the Google's privacy policy and analyses the implications about the way the information could be used and the fact that the data maximum retention period may not be as well defined as one could think. Fortunately, he also suggests some countermeasures that can be taken in order to reduce our personal-data disclosure to Google.
At the end of every chapter, the endnotes nicely complement the treated topic by providing the sources of the information he presents or additional resources to better understand the subject.

The book is addressed to any Google user (beginner, intermediate or advanced). Some basic understanding of concepts such as IP-address, DNS server, and cookies may help to understand some very specific sections of the book but it is not mandatory.
It is definitely a recommended read for any internet user concerned about privacy and the way personal data could be (mis)used.
0Comment| 2 people found this helpful. Was this review helpful to you?YesNoReport abuse
on November 26, 2008
This is a well written book, and an interesting read. It really points out the possibility in data mining the details from what you give Google via search, mail, finance or other services they offer. The downside to the book is if you are already a privacy enthusiast you already know most of the material, so it may be preaching to the choir. Still, it's a good book to hand to your less techie friends so they understand what they expose about themselves online.
0Comment| 4 people found this helpful. Was this review helpful to you?YesNoReport abuse
on November 24, 2008
In buying this book on amazon, and leaving a review on amazon, the net knows that much more about me.

This book addresses one of those game theory scenarios, where whats good for the collective (maximum data) is bad for the individual (loss of privacy). The rational response is to let everyone else fully disclose and capitalize on that, while maintaining your own privacy.

I probably knew most of the material in this book beforehand, being in tech, but its unlikely I can abide by the recommendations. My Google RSS Reader is loaded up with 100+ feeds, some of which spool up 100 articles per day. Google Calender is best of breed. And Google Email offers POP/IMAP for free, whereas Yahoo email does not. All three of these "killer apps" work best when logged in continuously. So I login from home and work, and they stay logged in 24x7. As a result, whenever something pops in my head, and I do a search, Google is able to track that, and tie that to my name because my name is tied to my email.

I may switch to NewsGator or Bloglines, and go back to Yahoo email/ Calender. And I may code up something on my linux firewall to switch its MAC / IP address on a weekly basis. And I may ditch my Grandcentral, with the cost that I will have to give out my real cell phone number to merchants. But I probably won't.

I was able to muster a small pyrrhic victory, and steer clear of the G1 (google) phone. Which is integrated tightly with Google, such connecting with a Gmail address, and all the contacts associated with that email address.

Also, re. chaffing countermeasure, with Firefox TrackMeNot is interesting. I tried that out sometime back, and had it cranked up to some number of queries per minute. It wasn't long before Google (temporarily) blocked my IP address with some error message. And I just noticed that I have TrackMeNot turned on at work at a rigorous "chaffing" pace, and it was not disabled. I assume that is because Google cannot easily turn off chaff coming out of a big corp, thats behind a firewall/ NAT. This might be something of a loophole. I will have to explore this further.
0Comment| 7 people found this helpful. Was this review helpful to you?YesNoReport abuse

Send us feedback

How can we make Amazon Customer Reviews better for you?
Let us know here.