Julia Angwin, ProPublica:
The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on the keywords they used in their Gmail. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.
Google also happens to run the most popular website analytics suite, estimated to be used on tens of millions of websites. They say that they are currently keeping browsing data separate from other Google activity, but they’re leaving the door open for that to change in the future.
I’m not trying to spread F.U.D., but Google’s change to their integration of DoubleClick data is significant. Datanyze estimates that DoubleClick holds a 75% market share within the top million websites, as ranked by Alexa. That’s more than enough to get a remarkably accurate picture of a user’s browsing history. If you use Chrome in signed-in mode, there’s already an option to make the websites you visit part of your Google profile. If Google is willing to reverse their stance on DoubleClick and has an option to track your Chrome history, a quiet policy shift towards blending analytics data doesn’t seem that far off.
There is no company that can do a better job of tying your name to nearly everything you do online. If any other company — or, indeed, a government — were to do this, there would be outrage. Yet, Google has largely managed to avoid deep concerns. Most people still use Google search, Android phones, watch YouTube videos, and trust Google Maps to get them where they’re going. What would it take for users to recognize just how risky this is? If this year has shown us anything, it’s that even the largest companies are susceptible to catestrophic breaches of security.