Let’s get right to it. Google Picasa Web Albums scare me… A lot.
Before I explain, you should probably get comfy and grab a cup of coffee. I’ve been thinking about this for several months now and with the release of Picasa for the MAC; I figure it’s time to sit down and get my thoughts on the site.
First, I want everyone to know that I’m a HUGE fan of Google Picasa and even Picasa Web Albums (especially with the latest security updates for Picasa Web Albums.) Despite that favorable preface, there are two huge problems I’m going to talk about today.
- Picasa Name Tags
- Google Terms of Service Agreement
Picasa Web Albums Name Tags
The Picasa Name Tags feature was announced with the release of Picasa 3.0. Name Tags (if you Opt In – Click Settings, Turn name tags ON) assist you in Tagging people in your photos. It uses a facial recognition technology to group photos/faces together so you can quickly add a name to the faces. Once all the FACES or PEOPLE are tagged, you can easily browse your pictures using the Name Tags. I did some testing, and the technology works Amazingly well. A little too well actually… And that’s when the thought struck me:
“Google is indexing the human race one face at a time!”
Yes, I know. You must “OPT IN” to enable Name Tags. Right? Well not exactly. Even if you don’t use the service and tag yourself, other people might be tagging your face without you even knowing it (especially if they make the Album Unlisted or Sign-In Required.) And THAT is when you lose your face… After YEARS of staying off the grid, no one (that I know of) had biometrics of me in a Database; Finger Prints, DNA, etc. That is until an Un-Groovy someone, decided to upload my Photo to Google Web Albums and Tag my face.
Google’s Terms of Service Agreement (NOT GROOVY)
“So what,” you say, “Google repeats OVER and OVER again they would never do anything with your Name Tag data.” Really? Have you read the Picasa Web Album Terms of Service Agreement? Or, have you read the “GOOGLE” Terms of Service agreement which applies to everything from Google Search to GMAIL to Google Apps?
You will want to read Section 11 of the Agreement; however here’s a “Cut and Paste” as of 01/12/2009:
11. Content licence from you
11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
11.2 You agree that this licence includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.
11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this licence shall permit Google to take these actions.
11.4 You confirm and warrant to Google that you have all the rights, power and authority necessary to grant the above licence.
Note: Google Chrome is the Exception to this rule although when Google first released Chrome back in September, its EULA contained the same language as the Google Terms. I was writing about that here but deleted the article when The Register beat me to it ;)
Now… I’m no attorney but, paragraph 11.1 pretty much gives away the farm including the use of my FACE as utilized by the NAME TAGS feature, not to mention my Gmail inbox and all my Search History over the last several years (including any other Google App I might have used.)
So, with ALL this data – My FACE, My Email, My Calendar, my Search History, (and anything else I’m not thinking about like Google Analytics…) – what could GOOGLE/a hacker do with this data? Or what could the Government do that might subpoena/hack in and take such data? What could they get from it? Well a few things come to mind, just narrowing the question down to Google Web Albums:
- Who was I with in the Photos? (Other Tagged Faces)
- Where was I? (GeoTag entered manually using Picasa or pulled from EXIF/IPTC data or landmarks)
- When was the Photo Taken? (EXIF/IPTC Data)
- Was I wearing the Jacket I just searched for on Google.com and purchased on Amazon (ABC Retailer uses Google Analytics…? Sorry couldn’t resist)
Scary isn’t it? Just think about it. Have YOU been indexed yet? How much of your LIFE has been indexed?
The good news is GOOGLE is not evil!!! At least I don’t “think” they are. With all the data they have on EVERYONE in the world, I sure hope I’m right…