Skip to content

Posts from the ‘War on Privacy’ Category

16
Apr

Bloomberg: Google’s Facebook copycat moves leave it more exposed to privacy backlash

Facebook may be getting all the attention lately, but the Monster of Mountain View is still, well, a monster:

No one at Google envied Mark Zuckerberg last week as he was being grilled by Congress. But for years, they certainly coveted the personal data that made Facebook Inc. a formidable digital ad player. And the strategies they set to compete have now placed Google squarely in the cross hairs of a privacy backlash against the world’s largest social-media company.

A backlash that has been a long time in coming.

“Google, in every respect, collects more data. Google, in every respect, has a much bigger advertising business,” said David Chavern, president of News Media Alliance, a publisher trade group. Rather than “a Facebook privacy law,” he expects regulation to target the entire industry.

Google’s many brushes with controversy haven’t deterred the company from making its business practices ever more invasive. Mimicry of Facebook has been occurring for years.

In 2015, the search giant unveiled Customer Match, a tool letting advertisers target ads using consumers’ Gmail addresses. That mirrored a popular Facebook offering called Custom Audiences. Google Plus, the company’s social network, failed to catch on with users but did prompt millions of people to log in to Google’s other web properties, catnip for marketers. Those changes helped Google’s display ad business blossom. Morgan Stanley recently pegged its value at $36 billion.

Political advertisers are among those embracing DoubleClick. Last year, the unit touted a case study with i360, a marketing firm affiliated with the conservative power brokers Charles and David Koch. i360 uses its own data to slice online populations into segments, such as those for and against gun control and traditional marriage. A Google blog post explained how DoubleClick’s systems sucked in that information to help i360 boost the number of its ads people saw. i360 didn’t respond to a request for comment.

Google is incapable of regulating itself, so we clearly need an American equivalent of the European General Data Protection Regulation, or GDPR, as soon as possible.

22
Nov

Google admits tracking users’ location even when location services are disabled

Big Brother is watching you. Even if you’ve told Big Brother Google you don’t want to be tracked.

Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card?

Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed.

Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.

Quartz observed the data collection occur and contacted Google, which confirmed the practice.

When confronted, Google claimed that the tracking was happening in part to improve message delivery, which Quartz rightly deemed to be a completely bogus explanation.

It is not clear how cell-tower addresses, transmitted as a data string that identifies a specific cell tower, could have been used to improve message delivery. But the privacy implications of the covert location-sharing practice are plain. While information about a single cell tower can only offer an approximation of where a mobile device actually is, multiple towers can be used to triangulate its location to within about a quarter-mile radius, or to a more exact pinpoint in urban areas, where cell towers are closer together.

The practice is troubling for people who’d prefer they weren’t tracked, especially for those such as law-enforcement officials or victims of domestic abuse who turn off location services thinking they’re fully concealing their whereabouts. Although the data sent to Google is encrypted, it could potentially be sent to a third party if the phone had been compromised with spyware or other methods of hacking. Each phone has a unique ID number, with which the location data can be associated.

Read the whole thing.

17
Oct

Journalist’s Home Mini review unit was sending Google a recording of every sound it picked up

This journalist’s experience with a Google Home Mini is being called a glitch, or malfunction.

But let’s face it: these “smart home” devices are DESIGNED to perform 24/7 hour audio surveillance. And a user has no way of knowing when the device is “phoning home” without checking the logs. Anyone who installs one of these stupid things is signing up for the possibility of being surveilled, accidentally or intentionally by a hostile party, without knowing it.

The privacy glitch that befell Google’s new £49 ($49) Home Mini speaker last week was small but, critics might suggest, still revealing.

The trouble started when journalist Artem Russakovskii, who had been given a review unit at the launch event on 4 October, noticed that the Mini kept turning itself on even when not commanded to.

Deciding to search for clues in the device’s logs, he got a shock:

I opened it up, and my jaw dropped. I saw thousands of items, each with a Play button and a timestamp.

The Mini, it seemed had recorded and uploaded to Google every sound detected in its vicinity for a two-day period, which seemed to be every sound no matter how inconsequential. It even activated after a simple knock on the wall.

This behaviour could be disabled and recordings deleted but only at the expense of harming the system’s future voice recognition accuracy.

If you value your privacy, don’t install a so-called smart speaker in your home, whether made by Google, Amazon, Apple, or any other company. It’s not worth it. The fact that microphones and cameras are standard in laptops, tablets, and smartphones and can be remotely hijacked is problematic enough.

4
Oct

Big Brother Google unveils Clips, a $249 semi-autonomous recording device

Yikes:

Google has just announced Google Clips, a new hands-free camera that takes photos for you. Instead of having to pull yourself out of special moments to shoot photos and videos, Clips will capture moments so you can be in them.

Software is at the core of the camera, meaning Clips can be made smarter and more powerful over time as Google continues to push out new updates.

Clips can capture a 130-degree field of view at 15 frames per second. Each motion photo moment captured by Clips lasts several seconds and is called a “clip,” and they can be browsed using your Pixel phone. No audio is recorded. Each clip can be saved as motion photo, or you can select a single frame from the motion to save as an auto-enhanced, high-resolution photo.

On the front of Clips is a button for capturing photos manually. With a tiny form factor, Clips is designed to be clipped to “almost anything” or set down to document things remotely.

Clips has facial learning features — the more it sees a person, the more it learns to capture more clips of that individual. It also learns to recognize pets like cats and dogs.

Google engineers have laughably attempted to address the privacy implications of their Orwellian creation by giving it an offline mode. In other words, they’re telling potential buyers you don’t need to connect it to the Internet to use it. But of course, you’ll be encouraged to do so — the device has been designed for semi-autonomous recording and the presumption is people will want to share moments they’ve recorded.

There’s also an indicator light — which is a standard feature of webcams.

Commenters at PetaPixel are rightly skeptical. Writes one:

This is not about memories. How many people actually have time to go back and relive the unbelievable amount of memories that would build up? This is about Google’s AI learning and growing. This is about amassing algorithms to make their AI smarter. Simply put, this is getting scary. A record of intimate moments kept on Google servers. But like you, I guess I have already given up freedoms because of my Google phones and tablets. What have I done?

Says another:

As if Google didn’t know enough of our lives yet….

And another:

I don’t like it… We’re getting into some real Orwellian #$%& here. Always listening microphones, bed facing cameras and 24/7 recording body cams… I don’t want any of this stuff, having a phone is bad enough.

Save your $250 and pass on Google Clips, another unnecessary invention the world doesn’t need.

3
Oct

Naked Security breaks down the Google tracking feature you didn’t know you’d switched on

This is a must-read:

Using GPS, Wi-Fi and cell tower data, Google’s Your Timeline can paint a very accurate picture of your daily life. If you’ve got it switched on, it stores every step you take and everywhere you go.

And the thing is, lots of people seem to have it switched on without even realising, including me, and my favourite hats come in tinfoil.

I was surprised it had slipped past me so I started asking other people if they had it switched on too. More often than not, without making a conscious decision to let Google follow them around, they had.

In the end I decided to ask 20 people at random and write down the answers. The result of my short, non-scientific survey? 95% of the people I asked – a mixture of people in technical and non-technical roles – had location history, or its slightly less obnoxious iPhone equivalent Frequent Locations, turned on, tracking their every step, without realising.

Check for yourself. On Android it’s under Settings > Location > Google Location History.

So what exactly is Google Timeline? Google says: “Your timeline in Google Maps helps you find the places you’ve been and the routes you’ve travelled. Your timeline is private, so only you can see it.”

Only you. And Google.

Read the whole thing. The WHOLE THING.

This could be the best post Naked Security has ever published.

Well done, Sophos, and thanks for helping more people understand how to liberate themselves from having their every move tracked by the Monster of Mountain View.

25
May

Google debuts a new way to follow your footsteps around the web

Google’s war on privacy is going really, really well:

On Tuesday in San Francisco, at Google’s annual Marketing Next conference, where it unleashes its latest tools for ads, analytics and DoubleClick, the company announced that it’s ready to answer the question that’s been bugging marketers for ages: “Is my marketing working?”

To deliver the answer, it will be training a machine learning tool called Google Attribution on our buying activity. It’s now in beta and will roll out to more advertisers over the coming months.

As Google’s schematic shows, the artificial intelligence (AI) marketing analytics tool will be following us across devices and channels – mobile, desktop, and probably while we’re scuba diving or trying to shop while we’re hiding in a cave, once Google figures those ones out – to see what we’re buying and match it up with what ads we’ve seen. It will then automatically tell marketers what we’re up to.

As Naked Security’s writers point out, Google’s hunger for data is being fed by masses of unsuspecting people who continue to voluntarily use its products.

Depending on which of its tools we use, Google knows what we think, what we need, what we desire, our political and spiritual beliefs, our age, our gender, what music we listen to, what we watch, what we read, where we’ve been, where we plan to go, where we work, where we hang out, where we live, who we meet, where we shop, when we shop, what we buy, how much money we’re worth, how much we spend, and how much energy we consume.

How does it amass all that data? Through Google search, the Chrome browser, Gmail, Google News, Google+, Book Search, YouTube, Picasa, Translation, Maps, Street Views, Waze, Nest, and… well, the list keeps going, and growing, as Google acquires more companies and more data-crunching ability.

Google now proudly claims that it has access to 70% of all credit/debit card transactions in the United States. That makes it even more important that people find alternative homes for their data. Trusting everything to the hands of one company is a really, really bad idea.

20
May

Google wants to share your photos with your nearest and not-dearest

Google’s war on privacy goes on:

Feeble human! Your spouse is clamoring for cute kid photos and you once again forgot to send them. Well, stand aside: Google’s artificial intelligence (AI) will now share your photos for you.

They will be shared automatically, aided by facial recognition and a somewhat kludgy understanding of who you have relationships with. It’s a concept that some are going to be very happy about: getting photos shared to the appropriate recipients has been a holy grail for plenty of startups, and Facebook already does it in its Moments app. Does it more elegantly, too, notes The Verge: after all, Facebook already knows who your friends are.

Google doesn’t. Rather, it guesses, based on whether you’ve sent pictures of the same face to the same phone number or email address. “Must be a buddy,” Google Photos muses, then suggests you share your next few photos of that face with that same recipient.

If this supposed buddy is also a Photos user, they can save your photos to their own library with one tap, and they can share their own photos back to you.

What could go wrong? Lots. Tess Townsend used her imagination:

  • You set up photo sharing with your spouse or partner. The two of you split and you both forget to turn it off. They continue to receive whatever photos, and you may wish you hadn’t sent those or they may not wish to receive them. You can go still switch off the connection, but you can’t un-see the photos.
  • A demanding, and perhaps abusive, friend or family member insists that you turn on photo sharing. It becomes more difficult in an already difficult situation to maintain your privacy. Lieb notes that whoever you share photos with does not see an indication of whether you have the app set to show your selected sharing contact all of your photos or just a subset.
  • You’re taking photos of a group of friends and Google is suggesting you send the photos to someone you don’t want to show them to for whatever reason. Perhaps the suggested recipient is an ex or a former friend with whom you not longer speak. It’s your decision whether to press send, but this can be an unsettling experience, and sometimes fingers slip.
  • Maybe that person’s name is included in a group of names, you miss that it’s there or mistake it for another name, act quickly, and hit send.
  • You take a photo you don’t want to share with anyone. Google either automatically shares it or suggests that you share it.

The de facto Google slogan is Privacy Is Dead. The company has suffered from one privacy bugaboo after another (the WiSpy scandal, the Buzz debacle) but it keeps pressing forward.

There were reports a few years ago that Google had shelved plans to debut facial recognition technologies because it was concerned that there would be a backlash. Now, apparently, the brass at the Monster of Mountain View have judged that now is the right time to go forward.

13
May

New York Times expose: How Google took over the classroom

“The tech giant is transforming public education with low-cost laptops and free apps,” reports The New York Times’ Natasha Singer. “But schools may be giving Google more than they are getting.”

Key excerpt:

Schools may be giving Google more than they are getting: generations of future customers.

Google makes $30 per device by selling management services for the millions of Chromebooks that ship to schools. But by habituating students to its offerings at a young age, Google obtains something much more valuable.

Every year, several million American students graduate from high school. And not only does Google make it easy for those who have school Google accounts to upload their trove of school Gmail, Docs and other files to regular Google consumer accounts — but schools encourage them to do so. This month, for instance, Chatfield Senior High School in Littleton, Colo., sent out a notice urging seniors to “make sure” they convert their school account “to a personal Gmail account.”

That doesn’t sit well with some parents. They warn that Google could profit by using personal details from their children’s school email to build more powerful marketing profiles of them as young adults.

“My concern is that they are working on developing a profile of this child that, when they hit maturity, they are able to create a better profile,” said David Barsotti, an information technology project manager in the Chicago area whose daughter uses Google tools in elementary school. “That is a problem, in my opinion.”

Barostti is right. It’s a problem… a very big problem.

22
Oct

Google quietly kills ban on personally identifiable web tracking

Profit comes before people. It’s the Monster of Mountain View Way.

When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company’s “number one priority when we contemplate new kinds of advertising products.”

And, for nearly a decade, Google did in fact keep DoubleClick’s massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts.

But this summer, Google quietly erased that last privacy line in the sand – literally crossing out the lines in its privacy policy that promised to keep the two pots of data separate by default. In its place, Google substituted new language that says browsing habits “may be” combined with what the company learns from the use Gmail and other tools.

The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer.

Props to ProPublica for blowing the whistle on this latest privacy-endangering move by Google.

Google probably wanted to make this move years ago, but may have held off because of the uproar over previous privacy imbroglios (like Google Buzz and the Wi-Spy scandal). Now, however, the behemoth has gone ahead and knocked down the wall preventing its advertising business from fully exploiting user data to build detailed profiles of everyone’s browsing.

There are ways to fight back. Stop using Google products, turn on adblock, disable JavaScript and cookies by default, use tools like the EFF’s Privacy Badger to monitor and block cross-site requests. Take advantage of these tools!

19
Sep

Google creates new “Trips” app so you can feed it your vacation plans

Ripping off BlackBerry Travel, Google has created an app that “takes details from your Gmail and puts them into an easy-to-view package so you can easily find your itinerary, hotel reservation, and get recommendations about what to do.” Presumably, the app will also allow you to add information not automatically gleaned from your email, allowing Google to know even more about what you’ve got planned.

PCWorld’s Derek Walter:

The impact on you: If you’ve used the travel powers of Google Now, you’ll find this feels like an upgrade to that service. Of course if you don’t use Gmail, then there’s a lot less reason for you to explore this. Google services work best when you’re all-in, which means that you have to decide where you fall with handing the company that much information.

That’s by design. But no one should want all their data in the hands of one for-profit company.