Skip to content

Posts from the ‘War on Privacy’ Category

17
Oct

Journalist’s Home Mini review unit was sending Google a recording of every sound it picked up

This journalist’s experience with a Google Home Mini is being called a glitch, or malfunction.

But let’s face it: these “smart home” devices are DESIGNED to perform 24/7 hour audio surveillance. And a user has no way of knowing when the device is “phoning home” without checking the logs. Anyone who installs one of these stupid things is signing up for the possibility of being surveilled, accidentally or intentionally by a hostile party, without knowing it.

The privacy glitch that befell Google’s new £49 ($49) Home Mini speaker last week was small but, critics might suggest, still revealing.

The trouble started when journalist Artem Russakovskii, who had been given a review unit at the launch event on 4 October, noticed that the Mini kept turning itself on even when not commanded to.

Deciding to search for clues in the device’s logs, he got a shock:

I opened it up, and my jaw dropped. I saw thousands of items, each with a Play button and a timestamp.

The Mini, it seemed had recorded and uploaded to Google every sound detected in its vicinity for a two-day period, which seemed to be every sound no matter how inconsequential. It even activated after a simple knock on the wall.

This behaviour could be disabled and recordings deleted but only at the expense of harming the system’s future voice recognition accuracy.

If you value your privacy, don’t install a so-called smart speaker in your home, whether made by Google, Amazon, Apple, or any other company. It’s not worth it. The fact that microphones and cameras are standard in laptops, tablets, and smartphones and can be remotely hijacked is problematic enough.

4
Oct

Big Brother Google unveils Clips, a $249 semi-autonomous recording device

Yikes:

Google has just announced Google Clips, a new hands-free camera that takes photos for you. Instead of having to pull yourself out of special moments to shoot photos and videos, Clips will capture moments so you can be in them.

Software is at the core of the camera, meaning Clips can be made smarter and more powerful over time as Google continues to push out new updates.

Clips can capture a 130-degree field of view at 15 frames per second. Each motion photo moment captured by Clips lasts several seconds and is called a “clip,” and they can be browsed using your Pixel phone. No audio is recorded. Each clip can be saved as motion photo, or you can select a single frame from the motion to save as an auto-enhanced, high-resolution photo.

On the front of Clips is a button for capturing photos manually. With a tiny form factor, Clips is designed to be clipped to “almost anything” or set down to document things remotely.

Clips has facial learning features — the more it sees a person, the more it learns to capture more clips of that individual. It also learns to recognize pets like cats and dogs.

Google engineers have laughably attempted to address the privacy implications of their Orwellian creation by giving it an offline mode. In other words, they’re telling potential buyers you don’t need to connect it to the Internet to use it. But of course, you’ll be encouraged to do so — the device has been designed for semi-autonomous recording and the presumption is people will want to share moments they’ve recorded.

There’s also an indicator light — which is a standard feature of webcams.

Commenters at PetaPixel are rightly skeptical. Writes one:

This is not about memories. How many people actually have time to go back and relive the unbelievable amount of memories that would build up? This is about Google’s AI learning and growing. This is about amassing algorithms to make their AI smarter. Simply put, this is getting scary. A record of intimate moments kept on Google servers. But like you, I guess I have already given up freedoms because of my Google phones and tablets. What have I done?

Says another:

As if Google didn’t know enough of our lives yet….

And another:

I don’t like it… We’re getting into some real Orwellian #$%& here. Always listening microphones, bed facing cameras and 24/7 recording body cams… I don’t want any of this stuff, having a phone is bad enough.

Save your $250 and pass on Google Clips, another unnecessary invention the world doesn’t need.

3
Oct

Naked Security breaks down the Google tracking feature you didn’t know you’d switched on

This is a must-read:

Using GPS, Wi-Fi and cell tower data, Google’s Your Timeline can paint a very accurate picture of your daily life. If you’ve got it switched on, it stores every step you take and everywhere you go.

And the thing is, lots of people seem to have it switched on without even realising, including me, and my favourite hats come in tinfoil.

I was surprised it had slipped past me so I started asking other people if they had it switched on too. More often than not, without making a conscious decision to let Google follow them around, they had.

In the end I decided to ask 20 people at random and write down the answers. The result of my short, non-scientific survey? 95% of the people I asked – a mixture of people in technical and non-technical roles – had location history, or its slightly less obnoxious iPhone equivalent Frequent Locations, turned on, tracking their every step, without realising.

Check for yourself. On Android it’s under Settings > Location > Google Location History.

So what exactly is Google Timeline? Google says: “Your timeline in Google Maps helps you find the places you’ve been and the routes you’ve travelled. Your timeline is private, so only you can see it.”

Only you. And Google.

Read the whole thing. The WHOLE THING.

This could be the best post Naked Security has ever published.

Well done, Sophos, and thanks for helping more people understand how to liberate themselves from having their every move tracked by the Monster of Mountain View.

25
May

Google debuts a new way to follow your footsteps around the web

Google’s war on privacy is going really, really well:

On Tuesday in San Francisco, at Google’s annual Marketing Next conference, where it unleashes its latest tools for ads, analytics and DoubleClick, the company announced that it’s ready to answer the question that’s been bugging marketers for ages: “Is my marketing working?”

To deliver the answer, it will be training a machine learning tool called Google Attribution on our buying activity. It’s now in beta and will roll out to more advertisers over the coming months.

As Google’s schematic shows, the artificial intelligence (AI) marketing analytics tool will be following us across devices and channels – mobile, desktop, and probably while we’re scuba diving or trying to shop while we’re hiding in a cave, once Google figures those ones out – to see what we’re buying and match it up with what ads we’ve seen. It will then automatically tell marketers what we’re up to.

As Naked Security’s writers point out, Google’s hunger for data is being fed by masses of unsuspecting people who continue to voluntarily use its products.

Depending on which of its tools we use, Google knows what we think, what we need, what we desire, our political and spiritual beliefs, our age, our gender, what music we listen to, what we watch, what we read, where we’ve been, where we plan to go, where we work, where we hang out, where we live, who we meet, where we shop, when we shop, what we buy, how much money we’re worth, how much we spend, and how much energy we consume.

How does it amass all that data? Through Google search, the Chrome browser, Gmail, Google News, Google+, Book Search, YouTube, Picasa, Translation, Maps, Street Views, Waze, Nest, and… well, the list keeps going, and growing, as Google acquires more companies and more data-crunching ability.

Google now proudly claims that it has access to 70% of all credit/debit card transactions in the United States. That makes it even more important that people find alternative homes for their data. Trusting everything to the hands of one company is a really, really bad idea.

20
May

Google wants to share your photos with your nearest and not-dearest

Google’s war on privacy goes on:

Feeble human! Your spouse is clamoring for cute kid photos and you once again forgot to send them. Well, stand aside: Google’s artificial intelligence (AI) will now share your photos for you.

They will be shared automatically, aided by facial recognition and a somewhat kludgy understanding of who you have relationships with. It’s a concept that some are going to be very happy about: getting photos shared to the appropriate recipients has been a holy grail for plenty of startups, and Facebook already does it in its Moments app. Does it more elegantly, too, notes The Verge: after all, Facebook already knows who your friends are.

Google doesn’t. Rather, it guesses, based on whether you’ve sent pictures of the same face to the same phone number or email address. “Must be a buddy,” Google Photos muses, then suggests you share your next few photos of that face with that same recipient.

If this supposed buddy is also a Photos user, they can save your photos to their own library with one tap, and they can share their own photos back to you.

What could go wrong? Lots. Tess Townsend used her imagination:

  • You set up photo sharing with your spouse or partner. The two of you split and you both forget to turn it off. They continue to receive whatever photos, and you may wish you hadn’t sent those or they may not wish to receive them. You can go still switch off the connection, but you can’t un-see the photos.
  • A demanding, and perhaps abusive, friend or family member insists that you turn on photo sharing. It becomes more difficult in an already difficult situation to maintain your privacy. Lieb notes that whoever you share photos with does not see an indication of whether you have the app set to show your selected sharing contact all of your photos or just a subset.
  • You’re taking photos of a group of friends and Google is suggesting you send the photos to someone you don’t want to show them to for whatever reason. Perhaps the suggested recipient is an ex or a former friend with whom you not longer speak. It’s your decision whether to press send, but this can be an unsettling experience, and sometimes fingers slip.
  • Maybe that person’s name is included in a group of names, you miss that it’s there or mistake it for another name, act quickly, and hit send.
  • You take a photo you don’t want to share with anyone. Google either automatically shares it or suggests that you share it.

The de facto Google slogan is Privacy Is Dead. The company has suffered from one privacy bugaboo after another (the WiSpy scandal, the Buzz debacle) but it keeps pressing forward.

There were reports a few years ago that Google had shelved plans to debut facial recognition technologies because it was concerned that there would be a backlash. Now, apparently, the brass at the Monster of Mountain View have judged that now is the right time to go forward.

13
May

New York Times expose: How Google took over the classroom

“The tech giant is transforming public education with low-cost laptops and free apps,” reports The New York Times’ Natasha Singer. “But schools may be giving Google more than they are getting.”

Key excerpt:

Schools may be giving Google more than they are getting: generations of future customers.

Google makes $30 per device by selling management services for the millions of Chromebooks that ship to schools. But by habituating students to its offerings at a young age, Google obtains something much more valuable.

Every year, several million American students graduate from high school. And not only does Google make it easy for those who have school Google accounts to upload their trove of school Gmail, Docs and other files to regular Google consumer accounts — but schools encourage them to do so. This month, for instance, Chatfield Senior High School in Littleton, Colo., sent out a notice urging seniors to “make sure” they convert their school account “to a personal Gmail account.”

That doesn’t sit well with some parents. They warn that Google could profit by using personal details from their children’s school email to build more powerful marketing profiles of them as young adults.

“My concern is that they are working on developing a profile of this child that, when they hit maturity, they are able to create a better profile,” said David Barsotti, an information technology project manager in the Chicago area whose daughter uses Google tools in elementary school. “That is a problem, in my opinion.”

Barostti is right. It’s a problem… a very big problem.

22
Oct

Google quietly kills ban on personally identifiable web tracking

Profit comes before people. It’s the Monster of Mountain View Way.

When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company’s “number one priority when we contemplate new kinds of advertising products.”

And, for nearly a decade, Google did in fact keep DoubleClick’s massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts.

But this summer, Google quietly erased that last privacy line in the sand – literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default. In its place, Google substituted new language that says browsing habits “may be” combined with what the company learns from the use Gmail and other tools.

The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer.

Props to ProPublica for blowing the whistle on this latest privacy-endangering move by Google.

Google probably wanted to make this move years ago, but may have held off because of the uproar over previous privacy imbroglios (like Google Buzz and the Wi-Spy scandal). Now, however, the behemoth has gone ahead and knocked down the wall preventing its advertising business from fully exploiting user data to build detailed profiles of everyone’s browsing.

There are ways to fight back. Stop using Google products, turn on adblock, disable JavaScript and cookies by default, use tools like the EFF’s Privacy Badger to monitor and block cross-site requests. Take advantage of these tools!

19
Sep

Google creates new “Trips” app so you can feed it your vacation plans

Ripping off BlackBerry Travel, Google has created an app that “takes details from your Gmail and puts them into an easy-to-view package so you can easily find your itinerary, hotel reservation, and get recommendations about what to do.” Presumably, the app will also allow you to add information not automatically gleaned from your email, allowing Google to know even more about what you’ve got planned.

PCWorld’s Derek Walter:

The impact on you: If you’ve used the travel powers of Google Now, you’ll find this feels like an upgrade to that service. Of course if you don’t use Gmail, then there’s a lot less reason for you to explore this. Google services work best when you’re all-in, which means that you have to decide where you fall with handing the company that much information.

That’s by design. But no one should want all their data in the hands of one for-profit company.

21
Apr

Google executive: Humans are inadequate without implanted nanobots

This is horrifying:

Google’s director of engineering, Ray Kurzweil, isn’t so pragmatic. In fact, when you read what he said in a new interview with Playboy, you get the impression that humanity, to him, is a sad, low-level species.

“We have limited capacity in our brain,” he said. “It’s at least a million times slower than computational electronics.”

In essence, then, computers are sneering at our incompetence.

Ergo, Kurzweil declared, we need nanobots shoved inside our heads to turn us into, well, what? The sorts of humans Ray Kurzweil would rather hang out with? Or perhaps, as he once intimated, gods?

It gets worse:

“We’re merging with these nonbiological technologies,” he mused. “We’re already on that path. I mean, this little Android phone I’m carrying on my belt is not yet inside my physical body, but that’s an arbitrary distinction. It is part of who I am.”

To say this is futurism run amok would be an understatement. What nonsense! Smartphones, tablets, and personal computers are the latest iteration of something humans have had for millennia: tools. They are highly advanced tools, but tools nonetheless. Tools are not organisms. They are not alive. They’re not capable of feeling any emotion. They do not have a symbiotic relationship with humanity; they are creations of humanity.  They run on instructions conceived and supplied by humans. People in the future may choose to unnecessarily implant microchips into themselves out of a desire to become better, faster, or stronger, but if we get to that point, we’ll be in a pretty sad state as a species.

Kurzweil is wrong when he says his smartphone is “part of who I am”. That Android phone is actually just hardware and software that he’ll be replacing in the span of a few months with newer hardware and newer software. He’s an engineer, after all, and presumably, his daily driver changes often since he’s the head of engineering for the Monster of Mountain View.

Kurzweil’s vision of the future is dark and disturbing, and ought to be rejected. Just because humanity is capable of doing something doesn’t mean it should.

30
Sep

The Monster strikes again: Google to give marketers the ability to target people via email address

The latest salvo in Google’s never-ending war on privacy has just been fired. Via Naked Security:

Let’s say you’ve joined a travel company’s rewards program. In doing so, you handed over your email address.

As you plan your next trip, maybe you’ll do a Google search on “non-stop flights to new york,” much to the delight of the advertising-engorged company.

If you’re logged in to any Google account, you may very well see ads from that same travel company, whether you’re watching your favorite videos on YouTube, running a Google search or catching up on your Gmail inbox.

Google’s Senior Vice President of Ads and Commerce, Sridhar Ramaswamy, announced a new tool that will enable that advert penetration – Customer Match – in a post on Sunday.

Customer Match will enable advertisers to get to us via our email addresses, which can be matched to signed-in users of its search engine, Gmail or YouTube in what the company says is a “secure and privacy-safe way.”

There’s no such thing as secure, privacy-safe targeted marketing, just as there’s no such thing as clean coal. They’re oxymorons. Targeted marketing is, by its very nature, intrusive. It has to be.

Facebook and Twitter already sell targeted ads. Google has long wanted to be in that game, but has held off. Until now, that is. Now, they’re going to allow advertisers to upload lists of email addresses and sell those advertisers targeted access to users of their YouTube and Gmail properties, as The Wall Street Journal reported months ago.

In its early years, Google was described as a search engine, and Google is still synomous with search today. But while Google may have been search-focused as a startup, it is today a mature advertising company with some curious sibling businesses. Undercutting privacy is part of Google’s business model. Google’s so-called free offerings aren’t really free at all. The price people to pay to use Gmail, YouTube, and other Google products is the surrender of their privacy.