February 6th, 2004


Orkut Terms of Service

Many (http://www.zephoria.org/thoughts/, http://www.boingboing.net ) have already pointed out that the Orkut terms of service (http://www.orkut.com/terms.html) are overly broad and give Orkut an unlimited non-revocable license to anything uploaded to the service.

Jeremy Zawodny (http://jeremy.zawodny.com/blog/archives/001504.html) has pointed out that Orkut is likely a channel for Google to mine for personal information, but he overlooked the following privacy policy gap.

The Orkut privacy policy says that they can share personally identifiable information with Google. Neither the Google privacy policy nor the Orkut privacy policy seems to say anything about what Google can do with information about you that they get from Orkut. That seems to be completely unrestricted. Google's privacy policy only appears to covers information that Google itself collects on you. My email request to Google regarding their intended use of any information they may receive from Orkut has gone unanswered thus far (I will update this if I receive a response).

One possible application for this would be for Google itself to run a service allowing very highly personalized spamming or in-frame ads to your orkut account based on a combination of Google searches and personal profile data.

I think the framework is already in place for this.

This is pretty sophisticated, and it could be done in a way that's unobtrusive and not particularly nefarious.

However, simply the fact that they >can< correlate searches to identity is possibly a bad thing, even if they only make "benign" uses of it. If the data is there, it's waiting to be hacked, leaked, or abused. The fact that they've made no public mention of how or whether this information is to be used is worrying to me.