19 May 2006
Here's the Google and PayPal snarling from February and March 2006:
Cryptome Yarp: The Google ads will remain for a while.
The ad for TSCM.com, a scarily informative site, is a
trial run on the Cryptome server. Viewing it here is only in our logs, clicking it is in TSCM.com's. [TSCM ad now gone.]
Visitors are strongly encouraged to anonymize net-surfing, not only to avoid
being logged by Google but by any
other means -- open and secret -- of snooping web sites and other communication systems, by governments and even
more so by commercial and individual data miners. As reported yesterday in the NY Times, intel agencies like
NSA are adopting less-regulated practices long-used for commercial purposes, and private snoops have always
been criminals -- many of these are former spies and cops engaging in domestic rendition. All blame the others
and "the enemy," lately, "the terrorists" to divert attention from what they are doing; that, too, is a long-standing
Protect yourself, and don't leave privacy to illusory and deliberately deceptive
privacy policies, and don't believe law
enforcement and national security justifications for snooping-cloaked secrecy laws.
Site visit logs and advertising on the Net are surely a greater threat to
privacy than government snooping. Site visits
and ad-viewing and -clicking data are the golden goose of site operators, the Net's dirtiest secret and use and abuse
of them are completely unregulated, and corrupting because not being available for visitor inspection -- a version of
corrupting national secrecy practices: "too important to allow public to know because the enemy would know, the
logs have to be withheld from competitors and to protect visitor privacy, and so on." Hey, who empowered site
operators to keep logs secret? Right, the sysadmins did themselves, kissing up to bosses, kicking down to customers --
call them secret spies.
Suggestions that Cryptome offer ads from its own server to protect visitor
privacy presumes the server and its logs are
secure, when they are not, or that the Cryptome operator is trustworthy, not true either, as we have often stated. We
delete logs, but the NTT/Verio server is located in Virginia. US agencies are known to have easy access to all the
equipment in the facility, and, as noted here now and then, NTT accepted as a condition of its purchase of Verio
that the FBI could have ready access to its networks. Who else has access, gov or com or crim, is likely worse --
remote hacking and tapping a server -- legal or illegal -- is very easy, Cryptome's server has been hacked before,
and there is nothing to prevent a recurrence nor is there any assurance that it is not continually data-mined.
Cryptome has an offer to buy advertising across the top of this page,
and we're thinking of replacing the Google
banner with four 125 x 125 commercial banners ads. Comments on the privacy impact? Send to jya[at]cryptome.net
The impact will depend on how the ads themselves are served, and what links they contain.
(1) If the ads are served by Cryptome, there will be no additional privacy implications for the pages on which they appear.
(2) If the ads are served from a third-party URL, privacy will be less.
(3) Privacy will always be affected by the ad link when clicked.
The common issue between (2) and (3) lies in the nature of the third-party content-source or link-target URL respectively. If this URL is unique to a Cryptome ad, then the third-party receives information that a given hit is referred from Cryptome. If it very clearly isn't unique to Cryptome (generic URL like http://www.spacewar.com/) then in most cases the only 'technical' privacy leak is the HTTP "Referer" header, which can be plugged various ways. The risk of going to the third-party site of course remains.
My suggestion: Serve the ads from Cryptome, and bill your advertisers for the bandwidth they eat. Embed their link in a redirector running on your site, to sterilize the "Referer."
Related report from spacewar.com:
We consider Google's action as an attempt to dictate what information will appear on Web sites, and what links will be allowed between Web sites. If true, this constitutes a gross abuse of market power, and it should cause our political leadership in the United States, Canada, Europe and Australia to investigate fully the business operations of Google Inc.
We are deeply concerned about retaliatory action by Google Inc. against our company and its various Web sites. In recent months, we have bet the business on Google advertising revenues, which has left us dangerously exposed to major revenue losses should Google cancel our AdSense contract, and delay payments and/or sue us for going public.-- Simon Mansfield, Google Inc, Bans Australian-based Military Space News Website, February 24, 2006
Who wants your banner ad space? Some front company for the CIA?
Many observers, including myself, felt in 1995 that search engines were going to cause major privacy problems, and the pubic was foolhardy to trust so much personal and business information to them. Of course all that is now part of the modern angst factor. We also send and receive most of our e-mails using using passwords sent in the clear, trusting that all will remain private.
My point being that whoever wants your banner ads, as long as they're not a CIA front, can't be much worse than Google. And if you can get up-front committed payments, based on average traffic, not per click-thorugh, you'll probably do much better financially.
One thing that might help a lot is if YOU could serve the ads, rather than the advertizer, thus NOT exposing everyone's IP address! Or at least have the ad serving done by a genuinely neutral party, such as doubleclick, assuming they won't get heavily filtered. Or try to demand an agreement not to retain logs of everyone's IP addresses, for more than say 10 seconds.
I still think you should be running ads for Anonymizers! Maybe you can do that down the side.
You're a lot more forgiving than me here. Adsense told me to bugger off on one of my sites, and the next thing I did was update robots.txt to exclude googlebot. I understand what you did, but the only way that Google is going to realize that their policy is asinine is to make sure that an Adsense rejection is permanent, no matter what happens later. As for privacy implications, you actually have illusions still on that point? How quaint.
You suggest readers use anonymizer.com if your site is blocked. However, Anonymizer.com is very limited. A better choice is Anonymouse.org
A 5 writes:
A whole lot of hours go into making the cryptome sites work. Who pays for that? Are readers who object to the Google ads offering to send money? If they are, I don't see it. And what do these readers do for a living? You know, to PAY THE BILLS? Are they, for example, working for companies that may, in some way, be contributing to surveillance, to war-making, to toxic effluents, to bigger government, to the heap of useless little consumer items that keep the endless buying-crap mentality in full bloom? Are the people who object to the Google ads all saints busy saving the world full-time? Maybe Young should respond to these puerile objections by requiring that every visitor to his site fills out a complete profile first, to assure him that only absolute purity of mind and heart enters.
Cryptome: We'll think about that, too. The enticing ads on Cryptome.CN have been censored.
Daniel Brandt (google-watch.org) writes:
If you decide to forego the filthy lucre from Google but still want the search functionality you are currently testing, use our Scroogle Scraper proxy. We have no cookies, no search terms records, and our access logs are deleted within 48 hours. There's sample HTML at http://www.scroogle.org/masters.html that shows webmasters how to set up a site search box on their pages.
Google, as you must know, never deletes anything. They have recently admitted to inquiring journalists that they have the capacity to pull up a history of search terms by either the IP address, or by the unique ID in their cookie that expires in 2038. I've been screaming about this now for five years, but it's only in the last two months that no one has hurled the "tin-foil hat" slur at me. That's because of all the attention focused on the U.S. subpoena for Google's search-term information.
At last, everyone is waking up and saying, "Wow, I had no idea that they saved all that stuff!" Duh.
With the recent concern for the Google Ads, maybe you could point out using TOR: http://tor.eff.org/ . I'd also like to know what if any visitor logs you keep, and if you keep them, for how long they are kept on your server.
Cryptome: Logs for all Cryptome sites are deleted daily, more often if traffic is heavy.
Well after seeing the GoogleAds on the Cryptome site, I decided to add my opinion. I know many people, including myself, are grateful for all the time that is put into the cryptome.org and related sites, and not everyone appriciates that bandwidth, etc doesn't just grow on little trees. I think you're doing well to INVESTIGATE the potential of utilizing GoogleAds on the site, but there is one thing that now concerns me... As "A" nicely points out "it lowers the standard of privacy for visits to your site, and makes the question, "What addresses have visited Cryptome's front page?" answerable by the third-party server." Although I agree with him 100%, what worries me is what is next. If cryptome is willing to lower security & privacy (even by a bit) of its users now, what is next? Surely there is a way to generate some profit some other way.
Cryptome: $115 of villany so far, with the ads on about 60 files out of 33,000. Ads on the main page appear the most objectionable so we'll think about keeping the main page free of Google ads, with new files kept ad-free for a few days, say a week or so before ads are inserted. A major chunk of bandwidth is used by accesses for archival material, and a big chunk of that coming from Google searches, so maybe ads will only go on archival files. The current DVDs are free of ads, hint; but to get one you have to give a mailing address, to us, not Google. There are regular requests for a Cryptome search feature, so that will probably remain. The ads will be tried for a week or two see if they are worth keeping . If not, the contaminated files will be purified. Protect your privacy by staying away during the trial period. Best, keep away from the Net and other enlightenment pimps, climb a desert mountain and rot there awaiting levitation. To answer another question, we use anonymizer.com, one of the earliest, set up by Lance Cottrel in 1995 -- despite the risk all anonymizers are snooped by the evildoers. There is, or was, free code on the Net to set up your own anonymizer to cloak the first hop. And Google! IP-address cloaking methods, there are many of them. Try http://anonymouse.org/anonwww.html
Although I object to your inclusion of google adsense ads on cryptome.org I can see your motivation (ca$h). However, it downright insulting for you to include the ad sense banner on cryptome.cn. Adsense inclusion is a disservice to the readers of cryptome.cn. It indicates that cryptome.cn is not sincere in its motives behind the site, nor is it respectful of the privacy of its visitors.
Cryptome: The Cryptome.cn ads today show the New York Times milking interest in PRC censorship which it advidly covers with lingerie ads galore:
Cryptome: Good criticism, and we'll think about it. So far, $54 of corruption. We're testing the Google ads on four Cryptome sites and a dozen or so files. Ads being assigned by Google based on content change over time and vary by countries and the geo-location of the browser (the ones I see are aimed at New Yorkers); some are bizarre. For Iraq-Kill-Maim.org, which offers 4,000 photos of bloody carnage, here are the ads:
I object to the inclusion of Google-served content on Cryptome's front page, for the same reason that I objected to a Paypal-served graphic there in 2004 -- it lowers the standard of privacy for visits to your site, and makes the question, "What addresses have visited Cryptome's front page?" answerable by the third-party server.