Few people realize that Google, the company whose motto famously announces, “Don’t Be Evil,” is at the top of lists of privacy offenders.

Enamored of Google applications like Chrome, Googledesk, and Googlemap, customers don’t realize that Google isn’t primarily a search engine. It’s a data bank. The applications are simply the freebies, in return for which you give up your privacy.

And Google isn’t all that transparent about how much and how long your privacy is at risk.

Do you know, for instance, that every search term/string that you type into a search box, along with your IP address and date and time stamp, is recorded and stored on Google’s servers for months? It used to be 18 months, but it’s been cut down to 9 months. And after that, the data isn’t deleted.
It’s partially anonymized through a method that’s completely reversible. Cookies can also be retrieved for decades ahead.

Nor is Google the only one doing this. So are Yahoo, Aol, Microsoft, and many others. But Google is the worst on most counts. In March, this year, a prominent privacy advocate complained to the Federal trade Commission:

“The privacy group Electronic Privacy Information Center (EPIC) has asked the Federal Trade Commission to investigate Google for privacy breaches related to Google Docs and other Google services —– and to ban Google from offering any cloud services, including Gmail, Google Docs and others until the company can prove it is capable of safeguarding people’s privacy.

The complaint comes as a result of an incident in which people’s private documents stored on Google Docs were shared with other users without their permission on March 7.

EPIC, though, says that the security breach was far from isolated, and claims it’s part of an ongoing pattern at Google. It says that Google’s security is inadequate, and that Google misleads people into believing that data stored with Google is secure. It’s asking that the FTC investigate whether Google’s security is adequate, and until that is determined, asks that any cloud-relating Google service be shut down. That means Gmail, Google Docs, Google Calendar, and others.

The complaint, available here, pulls no punches. It claims that Google assures people that their data is safe with the company, and that Google urges people to store their personal information on various Google services. Consider this, straight from the complaint:

19. Google routinely represents to consumers that documents stored on Google servers are secure. For example, the homepage for Google Docs states “Files are stored securely online” (emphasis in the original) and the accompanying video provides further assurances of the security of the Google Cloud Computing Service.

20. Google also explicitly assures consumers that “Google Docs saves to a secure online storage facility . . . without the need to save to your local hard drive.”

21. Google encourages users to “add personal information to their documents and spreadsheets,” and represents to consumers that “this information is safely stored on Google’s secure servers.” Google states that “your data is private, unless you grant access to others and/or publish your information.”

22. Google represents to consumers, “Rest assured that your documents, spreadsheets and presentations will remain private unless you publish them to the Web or invite collaborators and/or viewers.”

The complaint then details a series of what it calls security breaches:

24. On March 7, 2009, Google disclosed user-generated documents saved on its Google Docs Cloud Computing Service to users of the service who lacked permission to view the files. (the “Google Docs Data Breach”) This is just one of many example of known flaws with Google’s Cloud Computing Services. For example:

• In January 2005, researchers identified several security flaws in Google’s Gmail service. The flaws allowed theft of “usernames and passwords for the ‘Google Accounts’ centralised log-in service” and enabled outsiders tosnoop on users’ email.
• In December 2005, researchers discovered a vulnerability in Google Desktop and the Internet Explorer web browser. The security flaw exposed Google users’ personal data to malicious internet sites.
• In January 2007, security experts identified another security flaw in Google Desktop. The vulnerability “could enable a malicious individual to achieve not only remote, persistent access to sensitive data, but in some conditions full system control.”

The complaint goes on to say that Google’s inadequate security is an unfair business practice and a deceptive business practice. s. It also asks the FTC to enjoin Google from offering Cloud Computing Services until safeguards are verifiably established.In other words, ban Gmail, Google Docs, Google Calendar, and other cloud-based services. In addition, it asks that Google

contribute $5,000,0000 to a public fund that will help support research concerning privacy enhancing technologies, including encryption, effective data anonymization, and mobile location privacy.As a practical matter, don’t expect the FTC to ban Google from offering Gmail and other services — and, in fact, the FTC shouldn’t do it. It would simply cause too much hardship for too many people who use the services. But the FTC should certainly launch an investigation, and Google should pay the $5 million for the fund.”

That’s an article at Computer World, recounting the latest in Google’s privacy mishaps.

Data breaches of this kind have become increasingly common among search engines, the most famous being the release of more than 650,000 search histories by AOL users in 2006.

There’s no simple solution, since proxies or IP disguises usually slow down your computer, add to computing costs, and are themselves not free of security problems.  Besides, if you get into trouble with the government, the fact that you used encryption (which won’t stand up to a government warrant) is going to  make your situation worse.

Which suggests that the whole notion of making a government agency responsible for privacy is untenable. It would be better if consumers simply began boycotting Google (and other search engines) until they stop retaining personal information, including IP logs.

Besides boycotting, here’s some other advice:

1. Don’t install Google toolbar, Googlemap, Chrome, Desktop, or any other of its applications. They’re simply too intrusive.

2. Disconnect from Facebook, or at least, don’t put any personal information on it.

3. Use Scroogle or Ixquick, when you want to search without a record of your IP and search terms being retained. Scroogle also scrubs out the ads and other intrusive elements of a Google search.

4. Use an anonymizer or proxy on the web, if you can.

5. Use Microsoft for searches you don’t mind being public. Microsoft does actually delete all search logs after 18 months. However, Microsoft is no good guy either. It shows government the contents of emails its users store in its folders. In February this year, whistleblower site, Cryptome.org was temporarily knocked off the web when Microsoft demanded that the “Microsoft Global Criminal Compliance Handbook” Feb, 24, 2010 document (now at wikileaks) be taken down.

6. Avoid Googlemail like the plague.

7. Use throwaway accounts and false names for most forms and questionnaires.

8.  Save personal information on a flash drive that’s stored away from the computer

9.  Post on forums and groups with great caution

10. Call your search engine provider and find out exactly what records of yours they retain. Consider suing them for not telling you clearly and upfront.