[teej]

I once sat in on a pitch from an antivirus software company who was selling the ability to look at the full browsing history of people who had visited your website. You could see all of their searches, if they visited competitors, and more. Most of the time I get annoyed of the FUD of "they're selling my data!" but this was different. It was true and it was scary.

[afandian]

Why not name them?

[brudgers]

If I had to guess, it's all of them. By "them" I mean all the anti-virus packages that are targeted at consumers and small business. That seems to have been part of the business model starting over a decade ago. My guess is that the negative effects of anti-virus is what prompted Microsoft to first build free products and then eventually roll anti-virus into Windows.

I'd put it this way. My first inkling that something was wrong was when Norton Anti-Virus shifted to a subscription model and charged me full retail for a renewal back around 2006. What does disabling virus updates for ordinary users with the explicit intent of leaving them vulnerable says about a company's attitude in regard to long term trust?

I left Norton for Kaspersky and paid it protection money for a few years. It seemed refreshing at first. One day, a few years later, I learned how to look at my LAN traffic and saw how often I was sending data to its servers. It was more often than seemed reasonable. That's about the time Microsoft started providing its own free anti-virus and I started switching machines...the Windows XP Professional x64 box stayed on Kaspersky despite my misgivings until I upgraded it to Windows 7 because Microsoft did not port its anti-virus to that platform.

Spyware is often the basis for free software. Adobe Reader and Google Chrome and the Ask toolbar that shipped with Java are pretty obvious examples.

[flipp3r]

If I could take a guess I'd say its likely to be Avast, which has multiple browser extensions that send all your browsing activity to them, while simultaneously offering a service to remove other browser extensions.

They'll even set their own search engine as your default homepage.

[devrandomguy]

That would identify the GP to within a small group (the meeting). They probably worked under an NDA.

It would be great if an unrelated leak were to happen, though.

[teej]

I'm not anonymous. You can identify me by going to my profile if you'd like.

To be completely honest, I don't remember. It was 2 years ago and I sit on lots of these pitches. I remember pushing back on them about the methodology, hearing how the sausage was made, and noping right out.

I want my team to be able to spend marketing dollars efficiently but I would never compromise my ethics to do so. Luckily I work somewhere that I can give a justified 'no' and keep my job.

[javajosh]

> Luckily I work somewhere that I can give a justified 'no' and keep my job.

That is lucky! Where do you work?

[softawre]

> You can identify me by going to my profile if you'd like.

[javajosh]

Actually, I can't identify you from your HN profile. I guess I could google your username or something, but I'm a little unclear why you wouldn't just, you know, say where you work.

[OJFord]

> > [I'm not anonymous. You can identify me by going to my profile if you'd like. ...] Luckily I work somewhere that I can give a justified 'no' and keep my job.

> That is lucky! Where do you work?

[yuhong]

I wonder if it was AVG.

[gaius]

Google can do this for anyone using 8.8.8.8 for DNS. You don't think they run it out of pure altruism do you?

[simonw]

Running a DNS service doesn't give you the ability to see which pages someone visited when they navigated a website - just that they resolved that website's host name for some reason.

[gaius]

Many individual things Google does aren't too bad by themselves; the problem is that they are all integrated.

[smokeyj]

Google isn't misrepresenting what a DNS service does. Zuck is kind of a slimy weasel.

[gaius]

I don't think most users fully appreciate that it exists purely to log your activity on sites that Google doesn't directly track through ads

[TheSpiceIsLife]

I'm just a welder, but...

DNS can't log your activity on a website, can it? All DNS does is resolve hosts, right?

DNS service can log that you resolved a host, but doesn't know what you did with the IP address it returned.

[bllguo]

That's a big distinction though. I don't think Google has the obligation to make sure users are educated and informed. The deceptive practice of Facebook with Onavo is what people object to.

[ballenf]

True this. I think it was on Ars Technica that I was downvoted to oblivion for raising the privacy implications of Google's DNS service.

There is a huge segment of the semi-tech literate crowd that feel wise for using it. I think it's because it's the only time they get to type in an IP address and it makes them feel l33t.

[cookiecaper]

To be fair, Google DNS is more trustworthy than ISP DNS, and if you're using Chrome, you're not exposing anything that Google isn't reading anyway. DNS requests are much less informative than full browsing history.

It is probably better to use OpenDNS, but they used to do the same spammy redirect on NXDOMAINs that ISPs do (I think I heard they stopped that). To be honest, the real reason I don't use them much anymore is that their IPs are harder to remember. It's easier to do 8.8.8.8 or 8.8.4.4.

[fenwick67]

The internet isn't just the web. Setting your DNS to Google's will also tell them what other applications you use and what you connect them to.

[gfodor]

This reminds me of people who would re-sell search query data via aggregation of google referrals across a network (usually ad based.) In general, if there's a way to get that kind of data (search data is gold due to the ability to mine it for adwords niches), you can presume there are people out there who are going to skirt right up to the line of acceptable ethical behavior to try to aggregate it to sell it.

[tim333]

Yeah antivirus is kind of scary. I guess they could access all your files too if they wanted.