Google is pushing location data to devices and purging it on servers. From a citation within my comment I’ve cited below:
> This change means that Google will no longer respond to geofence warrants from law enforcement that request information on all devices near a particular incident.
The actual accuracy is worse than before but it’s a welcome change.
They do still offer a way to keep an encrypted backup of the database on Google servers (so you don’t lose it if you lose your phone) but its disabled by default and it doesn’t even have a modal popup making it easy to enable backups, you have to specifically click the UI button to see the modal with the info sheet and a button to enable backing it up.
Thank you for posting this. I had no idea that there was a default off option to keep encrypted backups. I would be pretty mad if I lost all my years of timeline data because I switched phones. It's ridiculous that Google didn't even show an option for this in the long and needlessly convoluted migration process.
Google's handling of this "change" was disastrous. I also value my timeline data and would hate to lose it.
Google's solution was to force me to acknowledge some weird dialog that had minimal information about the impact. This is beyond asinine and I don't know how they can say they gave me any informed consent on the change - the whole thing is bizarre.
I took a screenshot, and left it running for a few hours while I stewed over it luckily. Then went and confirmed the "backup" of my timeline afterwards just to be sure. But who knows if this "feature" even works as before, even though it has my backups.
Side note. The solution to this is not to move my data to "the device" and off their servers. The solution should have been for them to open-source the service that handles this data, and make it a configurable first-class option in their location app.
it is outrageous invasion of privacy to keep constant tracking records of all locations over long periods of time, yet a user is outraged when they "lose" access to it?! Does a faith in personal access to data stores override any and all opaque backend practices of a massive company? like a cargo cult -- the company will return all of our precious data and we will be made whole
Screenshot would show the users current location, and would not tell you anything that the directions didn't tell you. I followed the directions in that comment and confirm that I see what is described. A cloud icon in a top nav bar, on the right side, with a slash through it in my case as backup sync is off.
2. In iOS, turn off background permission to all Google apps. (You can do this for most apps without loss in functionality). Then, turn off location permission all apps. For maps, give it location permission to "allow while using" only.
This is the least intrusive you can get to. Beyond this, you can also use different google account for different google apps to minimize data mingling. Further beyond that, you can just stop using google apps.
Dragnet searches are controversial in many societies, not just the US.
There’s a balance between individuals rights to privacy and what makes law enforcement easier.
One argument against broad surveillance measures like this one is that surveillance infrastructure is easy to implement and hard to get rid of again. You might be fine with the laws that are enforced with it today, but you might not be with what it’s used for in the future.
Because law enforcement must be costly and non-automated to avoid the unbalanced power distribution between an individual and the gov, which only serves the individual and not rules them.
A cost to catch a criminal should be a manual and expensive work from an agent and thus provide no ability to mass abuse human rights on scale. Only on actual criminals when needed.
> "A cost to catch a criminal should be a manual and expensive work from an agent and thus provide no ability to mass abuse human rights on scale. Only on actual criminals when needed."
The problem is that we're expending huge amounts of engineering power to avoid the issue when we could instead be using it to provide a privacy-first option that still safely enables law enforcement efforts to track down violent people whilst not enabling this hypothetical power-inbalance of government over individuals.
Let's be honest though, it's a hypothetical boogeyman. The real problem is that we all secretly know that we don't live in a rainbow world where we all agree on what is "right". We can't even agree on supposedly simple concepts like protecting children's bodily autonomy and safety, so who's to say we will ever be able to agree on any other political issue which arguably pales in comparison.
This is something often implied but rarely stated, so thanks for spelling it out.
But I don’t think it’s an inherent tradeoff? In theory, anyway, the police work for us. They’re spending taxpayer money. It’s expensive. If there’s a way of making them more efficient then we should want them to use it. Maybe there are ways?
This doesn’t mean skimping on necessary safeguards, but that doesn’t mean we need to put up unnecessary obstacles about knowing where to look. We should still want them to win at finding criminals and we don’t want “game balance” because it’s not a game.
Catching the bad guys and not prosecuting the wrong people both involve having more accurate information. Bad information means more mistakes.
It doesn’t mean just trusting them. Defense attorneys, judges, and juries benefit from better information, too.
There was a time, not that long ago, when there was no such thing as Google Location History storing the geographical movements of all Android users by default. Now, in your mind, go back to that time period, and lets say there are elections coming up in your country.
Are you there yet? OK. Now, the manifesto of the candidacies in the upcoming elections is proposing that the location history data of every citizen in your country should be stored in a database, just in case law enforcement needs to know the exact location of any individual at any time to be able to do their investigations. Suppose that their plan to implement it is technologically feasible and requires no additional effort from the citizens.
Would this make you more or less likely to vote for them?
I still don't understand this perspective, other than slippery slope povs ('what if the Nazis take over?').
My bank knows everywhere I go (if I spend money). The main mobile phone companies know everywhere I go (in real time, and who with [if they have a phone]). Shops and supermarkets track you around the building by Bluetooth, et cetera.
So, what's the problem if the police get access to this data to solve heinous crimes. I'm not talking the RIP Act (UK, regulatory investigation powers) - which lets a ridiculously broad swathe of people see, eg your internet history - but major crimes ... why not?
To answer your question, as long as the parties had a sound moral basis, supported individual rights, then it wouldn't alter my voting intention. I guess I'm happy to limit the liberty to commit serious crimes.
Statistically, you can't rely on having a non-repressive government for your entire lifetime. The US has been fortunate in missing out on it for quite a while, but even then there has been HUAC and J Edgar Hoover, even if they didn't take over the whole government.
Not just those, the goverment has been historically repressive of many minorities, using the police to do this, from blacks to native americans, labour advocates, activists, and other categories, that's not confined to the HUAC and Hoover era.
Isn't that just showing that repression is orthogonal to ability to track people? A database of movements easily clears many people who might be falsely accused and also highlights crimes of false accusation allowing removal of perversions of justice. Of course it needn't be used that way, if you put {or don't prevent} the immoral/criminal in power then they'll do immoral/criminal things whether they have access to citizens movements or not.
Elect trustworthy people first.
If you don't start there we're all screwed... but a large number seem to elect 'people who'd sell their grandma to make a nickel'.
>Isn't that just showing that repression is orthogonal to ability to track people?
No, it just shows that you can repress even with less ability to track people (a fact nobody doubted. The Romans could repress people too and they didn't have mass surveillance).
It, however, absolutely doesn't refute the point that with more ability to track people you can repress more, more effectively, and in novel ways.
>Elect trustworthy people first.
Popular pressure (and even ocassional popular revolt), separation of powers, and various established checks and balances are there precisely so you don't have to depend on electing trustworthy people.
Of course if we could somehow magically only be electing trustworthy people, we wouldn't need to have this discussion (or have these problems).
Oppression of minorities is really just the outcome of democracy on long enough time scales. Run a democracy long enough and you'll have the boot of 51% of the population on the other 49.
>Run a democracy long enough and you'll have the boot of 51% of the population on the other 49.
Why is there a 49% of people with widely different ideas about what's to be done and what's good than the rest 51% of them? What kind of fucked up society would that be?
Democracy pressuposses a shared base consensus about reality and what's good, and then arguing about the specifics and the approaches.
This is 'drunk-driving kills so we should ban vehicles' level thinking.
If you don't want fascists then vote/act against that. You can't avoid fascists by making it harder to catch criminals for non-fascists. Then you get "well at least the fascists keep crime rates down".
If the ruling party has the ability to suppress dissenting views and the means to target people doing something completely lawful like attending a political rally then how, exactly, does one "vote/act against that"?
Maybe it's easier to just not give them the power in the first place?
Is it your thought that government agencies are generally competent and respectful of your data? Do you think the kind of people who run bureaucracies with zero accountability are likely to keep your info private?
No. "The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration (eight to nine months) in which the hackers had access."[0]
8 to 9 months of undetected access. Not hours. Not minutes. Months.
This seems an entirely different argument - the whole point of using movement data is to increase accountability. Why, excepting being immoral, wouldn't those supporting it agree to higher levels of accountability?
""And there are lots of ways of doing the legal process (including Google's warrant policy, although that's just one way) that are a lot more privacy protective than ordinary warrants. But I can see why this might be in Google's business interest. If there isn't a lot of economic value to Google in keeping the data, and having it means you need to get embroiled in privacy debates over what you do with it, better for Google to drop it.""
The public has the government to thank for this change because if they had not inundated Google with warrants, Google would have continued to collect and keep this data. The data collection and storage caused the warrants. The warrants caused the decision to purge.
These so-called "tech" companies will collect and store data to the detriment of the public's privacy even when it is unclear if doing so has any economic value.
So I just enabled the "encrypted" backup. The process of doing so is very unintuitive, they have the option in your settings and then tell you go to your timeline settings which leads you back to the same screen telling you to go to timeline settings. Its in another settings tab which isn't exactly straight forwatd.
That is definitely not true for everyone who has had their Google account for years, because back then, location data was an opt-out feature.
I definitely never actively opted in, and Google never disabled the tracking to force previous tacit consenters to opt in to account for the cultural shift from opt-out to opt-in, which probably happened in the early 2010s?
Location history is really just a setting asking if you want to see your own location data.
All of your location data from the E911 system through to Google Play Services and on to maps, etc is constantly being collected then sold and collated among all these companies.
It is impossible on a modern cellphone to fully disable reporting of your location to any provider in the stack.
I run GrapheneOS on my phone and have all location permissions denied for everything except for (offline) Organic Maps. I also make it a habit of keeping airplane mode enabled except on the (very) rare occasion when I need to make an outbound phone call while out of the house. With the recent revelations about the triangulated location data that AT&T left exposed for all of its customers I don't feel like this is an overreaction.
People can still call me and leave a message. I'll receive their message when I feel like it, not when they feel like it. It's really not all that terrible a thing. You should try it sometime.
How does it feel like living under a rock? Why even have a mobile phone at this point then? Just get a landline wired telephone at home and at work instead.
do note that while your location MAY not be shared, the absence of location information for when you turn on airplane mode reveals at least when you left and returned to the house.
i was worried also that airplane mode may not actually disable the radio but at least one random google result (from reddit, not graphene themselves) says it does.
> reveals at least when you left and returned to the house.
Sure, the neighbors' cloud-connected doorcams reveal that too. Although I do enable airplane mode here and there while I'm still at my house whenever I don't want to be disturbed for a couple of hours, and I don't always remember to disable airplane mode the instant I walk through my front door, so that's not terribly clean signal for "he left the house at this time and returned at that."
It's not an overreaction. The idea of everyone willingly sharing the details of their every movement with sociopathic corporations who are beholden to national security letters would have been met with ridicule 30 years ago.
It's met with ridicule now, but the value of ridicule has slumped in
30 years.
Ian Levy, when he was at NCSC spoke about "shame as a weapon against
Big Tech". But he missed a crucial flaw - they do not give a fuck.
Shame and ridicule only work in societies where people have dignity,
self-respect, mutuality and care.
It's true that nobody has any reasonable expectation of privacy when
using a Google smartphone. But the ruling talks about "willingly".
What does "will" have to do with modern life where people are badgered
incessantly to surrender their choice, boundaries, and dignity?
To exercise "will" these days, is quite a big deal, and usually means
going against the flow and suffering some loss.
Shame is far more often used as a weapon promoting Big Tech. I am constantly ridiculed for not having Facebook or Whatsapp accounts, and many people that I meet are suspicious of me. Try meeting women on Tinder without Whatsapp.
I get enough matches and interesting conversations. It's moving that conversation to a different medium that is problematic when they want to see "who you are" first and you have no Facebook to show them, and even not Whatsapp to write to them.
For what it's worth, mentioning Telegram is even worse because that application is associated with drugs in our country.
I don't think that actual history supports that assertion. 30 years ago, cellular networks were really taking off and people were starting to use mobile phones en masse. Always on, pinging the base stations, delivering that data to equally sociopathic and beholden carriers. The public was not up in arms.
What's changed in the meantime, aside from the richness and granularity of location data, is awareness of the potential for the abuse of it all, supported by well-publicized incidents. Which is a good thing; the public is quite tolerant of invisible machinations, as long as they remain distant and abstract.
Nowadays with a raspberry pi and a 128gb SD card you can go to town on "all location data for the last year for all American cell phones".
Back in 1994, even coordinating reliable central writes of all that location data would have been extraordinarily complicated, and there was not yet a panopticon appetite that would attempt the endeavor without a heavily funded psychopath behind it.
As "we the industry" have gotten more capable (and comfortable) processing huge quantities of data (eg: post map-reduce), and the hardware requirements have fallen to "my cell phone could compute it in an hour", the risk has increased tremendously.
Same story with muskets, cannons and tanks vs AK-47's. "Gun Control" in the musket era is materially different than an era of AK-47's and drones. Same with data processing.
Is there an alternative to google location history that is privacy friendly? I like the feature during trips to record where I went. Maybe just me but when I get a bit nostalgic I like to retrace my steps and find again some lost memories/places.
Google Location History is privacy friendly now. It was just recently changed a month or two ago and it no longer works in the way the article describes. The history data is now stored on your phone. Cloud backups are optional and default off and always end-to-end encrypted if enabled, so your location history database is not ever accessible to any Google server. Google made this change in response to issues like the ones described in this article.
They can't, obviously. Is this some kind of trick question?
Your location can be used for ad targeting in other contexts. For example if you granted location permission to google.com in your browser, Google gets your location at the time you do a query and uses it both to provide relevant results and to target ads. And if you have search history on, I assume that location snapshot would be saved along with the query in search history, which Google can see. But the comprehensive and much more detailed "Location History" that is collected constantly in the background (when enabled) can't be seen by Google anymore.
I've personally heard of https://owntracks.org/ though I haven't been able to try it myself. Seems like a location history and see where other members of your instance are.
Missing from this is the reality that the modern world increasingly requires using these applications. It is meaningless to present an option you are forced to agree to. Additionally there is, to me, a big difference between me enabling an app to use my data for the service I believe it provides and them using it for everything else.
>Missing from this is the reality that the modern world increasingly requires using these applications
From the second paragraph in the linked article:
>Location History is turned off by default, so a user must take several affirmative steps before Google begins tracking and storing his Location History data. [...] Roughly one-third of active Google users have enabled Location History.
This is specifically about the opt-in location history service, not some sort of opt-out/mandatory location reporting that's on android phones.
Google used to (still does?) disable many features of Maps if location history was disabled. I kept it off, but could easily see many people felt forced to give up on their privacy for the convenience.
This is false. The "Location History" setting that the article is talking about is a different feature entirely from the "Web and App Activity" setting that you are referencing. "Location History" has never been required for any Google Maps features other than (obviously) Timeline, AFAIK.
I have it disabled and at the very least I have to type my location in every time on desktop because it doesn't track frequently visited places locally
Source? I remember them disabling search history if you didn't sign in, but not any other critical features. Moreover as I mentioned in my previous comment, only a third has this feature enabled, so whatever feature google is withholding must not be that important to most people.
Search history is a pretty nice feature to lose unless you volunteer to share your information. I had multiple addresses I had to store elsewhere because Maps would purposely forget them.
>Search history is a pretty nice feature to lose unless you volunteer to share your information
I didn't say that you had share location history to get search history, only to sign in. Maybe there was some point in the past where sharing location history was tied to having search history, but I don't remember it, and it's certainly not the case today. If you think that's the case you'll have to provide some third party corroboration.
1/3 of active google users is a lot of people to opt into giving away their privacy. Either they actually don't understand what they did, understand but were forced in some way or understand and truly believe the value of the service was worth the privacy invasion. It is pure speculation on my part but my guess is that the first two reasons dwarf the third. The decision in question though would, in my view, only have merit if the third answer was overwhelmingly the case.
Have you considered the possibility that the average person doesn't care that much about privacy? That's entirely consistent with other things you can observe, like the lack of response to the Snowden leaks, or how commonly excuses like "nothing to hide" are invoked.
> Have you considered the possibility that the average person doesn't care that much about privacy?
it's not that they don't care - they didnt think they need to care. There's a big difference. Implicit trust in the data usage is the key here.
On the one hand, this implicit trust means the customer is a really good one. But abuses of this trust is inevitable imho, and eventually, it will be made public if it happened. Only then, will those average person actually reveal their real preference - that they do care!
> Have you considered the possibility that the average person doesn't
care that much about privacy?
I have. I considered it in depth and did a good deal of psychological
research on it. Then I went out onto the street and asked people;
dozens and dozens of ordinary people, old, young, rich, poor...
Result: People really care about privacy.
You can read all about it in the podcast and blog I am not allowed to
mention here.
What you're alluding to I think is the idea that people do not fully
understand the link between technology and privacy violation.
Our view here is also biased. The idea that "people don't care that
much about privacy" naturally gets bandied around amongst developers
for whom profitable software designs do violate people's privacy.
When you say “profitable software designs” my bet is that if you have any person off the street a “tour” of google and how their data is actually treated, more than 1/3 of them would be okay with sharing that information, and wouldn’t believe it to be a violation of their privacy.
What happened to Google on privacy could easily happen to any company- people complained about the total amount of data Google had, the gut response of the devs was
“oh, you can trust us, we’re not using it for anything nefarious, just features/debugging”
And then Apple took that and used it as a marketing opportunity.
And now, once you get to a certain size, you start having to develop without metrics/logs, or go through a bunch of red tape to get them.
I believe choice three covers this possibility so, yes, I explicitly considered it and gave my view that I think the other two choices, in my opinion, likely dwarf the third. Further, I think the Snowden leaks and google privacy abuses are likely linked. It isn't that people don't care, it is that they don't believe their choice matters or that there will be protections if they take the other choice. If your privacy is going to be abused weather you use the feature or not, why not use the feature? It is the only rational 'choice'. Things like the Snowden leaks show that there is, unfortunately, likely a lot of truth to this view.
HN is not a forum for “gotcha!” posts like this. If you mean to say something like “by carrying a cell phone you are already enabling AT&T or T-Mobile to legally sell your fully identifiable and detailed location history to anyone with cash” just say that. Not everybody knows exactly what you know, and sharing knowledge is the solution to that.
I believe choice two covers your implications. Not having a smartphone greatly impacts daily life and would make earning a living more of a challenge too. My argument is not that people shouldn't use these apps/devices, it is that because they are integral to daily life it shouldn't be allowed to abuse the user's privacy. In essence, people are given a false 'choice' which is just insult to injury and gives legal cover for abusing someone's privacy.
> Missing from this is the reality that the modern world increasingly requires using these applications
We don't have to accept this though, everyone in the modern world makes a choice to accept the implied requirements of being part of the system. We accept the assumption that we are all online, that we all have a mobile phone, and that we all keep up with news and pop culture to an extent that we all seem to zero in on the same transient topic like a solar eclipse or an interest in atching movies about both Barbie and Oppenheimer.
Anyone can choose to avoid any one of these parts of the modern world. We're parts of that world, we aren't victims of it.
The problem here is that the choices are all glued together. If you disable saving location history to third party servers and all your apps still work by just using it locally, that's one thing, and certainly when that option is available then people should choose it.
But if disabling third party storage breaks the apps, you can nominally stop using the apps, but that's often not a viable option and even if it isn't completely infeasible the user will be under significant pressure to indicate consent even if they would prefer not to. That's not where we want to be.
> Anyone can choose to avoid any one of these parts of the modern world.
Well my apartment building is about to replace the doorbells with a cell phone app (or phone calls as an alternative). No cell phone -> no door bell. I'm just a renter; I get no say in the matter.
I assume they would need to rap on the main entrance door, which could be five floors below this individuals apartment - not just their apartment door.
(I.e. this is an entry phone that permits you to remotely unlock the street level door which is being replaced with a mobile app / phone call)
No, I saw that. My comment was a poorly worded attempt to suggest that, as a renter, they can certainly choose to avoid it by moving just as they chose to avoid the other apparents they evaluated but never moved into.
> enabling an app to use my data for the service I believe it provides and them using it for everything else.
I completely agree, but I think we need to push society away from requiring for profit products into our life, or at least recognize that they have an association cost to the user. What is the reasonable expectation of a business to profit off a product that we’ve deemed “required”? Who would make or support a product they can’t profit on?
In the EU, they required Facebook to offer a no-tracking version of the product, which meta replied by making a paid tier. Then they required Facebook to not charge for their no-tracking version. So why should facebook stay in the EU if it can’t profit from providing a service? While no one will shed a tear over Meta’s business, it is a massive way for people to connect with each other. Google Maps could theoretically suffer the same fate - and free access to maps seems like a public good. YouTube is another example that can be for the public good due to its educational content. The list of products that are “free” and probably good for society is huge now thanks to effective online advertising.
I don’t want us to shed a tear for billionaire-corporations profit margins, but instead address that we’ve come to rely on them and they probably won’t be altruistic about watching their profits legislated away.
> I completely agree, but I think we need to push society away from requiring for profit products into our life, or at least recognize that they have an association cost to the user. What is the reasonable expectation of a business to profit off a product that we’ve deemed “required”? Who would make or support a product they can’t profit on?
We kind of urgently need new models for certain things that start as for-profit and then fade towards more publicly owned utilities. This is the essence of the idea behind things like patents and copyright, and when we're talking about a service where the creators have been wildly successful the basic issues are mostly the same. Fair compensation, but not ownership in perpetuity. The thing about maps and similar is, it's not an idea to be protected because the idea is the easy part but the data is hard. Since google did some part of the actual mapping, they certainly deserve credit, but of course the whole thing could not exist if GPS wasn't essentially available as a public utility. Maybe if they want to be stingy with the map data forever, they should pay license fees for the GPS technology, since that's a piece of infrastructure they outsource to the public? Or for our individual data, since it's required to build their models?
Regardless of your stance on political/economic ideology, surely individuals can agree that it's not sustainable for society to be beholden to for-profit corporations forever for things like maps, the ability to use a flashlight or a toaster, the ability to open doors on houses or cars you own, or access to water/air. Maintenance is a real issue for most technology even after it's figured out, so probably the corporations should be forced towards spinning off actually separated co-ops/nonprofits/utilities in the fullness of time.
So basically wild profits and all the awful antisocial and anti-competitive behaviour you can get away with, but having some explicit expiration date for service-monopoly as well as idea-monopoly. And as for the question of motivation.. does it really disincentivize creative crooks to know that the next generation of crooks will need a new scam? I think not because the whole point is that this type of person is out for themselves.
> Since google did some part of the actual mapping, they certainly deserve credit, but of course the whole thing could not exist if GPS wasn't essentially available as a public utility. Maybe if they want to be stingy with the map data forever, they should pay license fees for the GPS technology, since that's a piece of infrastructure they outsource to the public? Or for our individual data, since it's required to build their models?
The problem with this is that it doesn’t really make sense in the context of the world we live in.
Google built the maps and the servers to host them. Google is entitled to monetize their property (in today’s world). Sure GPS is free to them, but that was a gift to society decades ago and it has spawned countless life-improving enterprises.
They already do pay for access to our data - by giving us maps which are not free to them to create and maintain. We all assume that these companies owe us money for the data but if you didn’t want to give Google data you should be paying a fee to access their maps. Companies used to charge - a lot- for maps and that’s why Google maps was amazing. Just look at how much they and others charge for map APIs.
Let's talk about a community that needs water, but doesn't have the capital to drill a deep enough well. Private company comes in, drills the well, and the people rejoice.
But then the price-gouging comes, and it's not exactly simple for anyone to "compete", because if another corporation has deep enough pockets to drill a well in the first place then a) they aren't likely to have gotten that way from generosity, and b) in terms of profit it's much easier to go dig another well elsewhere and just start squeezing a different community.
Exactly how much and for how long do we want to let the company squeeze people since they are "entitled to monetize their property"? What if they give the water away for free, but the "price" to the community is that they are subject to medical experiments without their knowledge or their informed consent, or just without any real ability to opt out? What if every well in every town looks like this, so that people can't vote with their feet?
This is clearly a problem in the limit.. anyone who thinks this general scenario is fine, or that it automatically works itself out somehow is not being serious.
Water just makes this a simple story to understand. There's more nuance and less urgency in a different setting, but most of the basic issues remain the same.
> they [google] should pay license fees for the GPS technology
but you yourself don't pay for your own access to GPS - so why should google foot a bill?
> access to water/air.
there's no universally free access to water. And i imagine in a future dystopian world, air could be metered out for which you have to pay, or breath polluted air.
> having some explicit expiration date for service-monopoly as well as idea-monopoly.
i think this is just another way of having the gov't authorities nationalize assets. If google maps is so useful, and you can't live without it, they are by definition generating value and they needs to be paid, in perpetuity as long as said value from the service is being produced. It's actually somewhat amazing that they're able to sustain this value production fueled by purely using advertising and private data extraction/exploitation.
I mean, if you use farms as a example of your idea of expiration dates, it will start to sound like communism!
First off you're making the mistake of equating ads with tracking. You do not need tracking for ads - context based advertising is widespread on YouTube already.
Secondly there's nothing special about these services except their moat. Even when serving video was a novel problem, there was dozens of competitors. Nowadays it's a solved problem. If they leave, they'll be replaced overnight, just like many other social networks, messengers, video platforms, etc. before them. They'll go far not to give up a position they will likely never claw back.
That’s neither here nor there. The question is do you reasonably expect that this information is private. The answer is obviously “no,” because you’re handing the information over to a company with hundreds of thousands of employees. Whether you think you have a good reason to give up your privacy like that or not is neither here nor there.
Wait, so if I get medical care a company with United Health, a company with hundreds of thousands of employees, I have no expectation of privacy just because of their headcount?
“Expectation of privacy” isn’t in the constitution. The 4th amendment says: “ The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…”
Other people’s records concerning you plainly aren’t “[your] … papers.”
No, of course not. It's a law passed by Congress. Not all rights emanate from the Constitution. Often they are derived from English common law, or else from laws passed by Congress or the states. Unlike Constitutional rights, rights from these latter two sources can be overridden by other laws (or indeed the Constitution, as interpreted by judges).
This is a terrible take. I expect that any such company has more than sufficient wherewithal to enforce good privacy practices on my data, which belongs to me. If they do some calculations on my behalf using that data on their servers, the data still belongs to me.
The data Google has about you belongs to Google. The Supreme Court has already held in Riley that your documents stored in the cloud are covered by the 4th amendment. But this case is about Google tracking your whereabouts for its own purposes.
> Location History is turned off by default, so a user must take several affirmative steps before Google begins tracking and storing his Location History data.
Do people really think Google isn't tracking location data without this setting enabled? How would anyone (save for a whistleblower) know? Location history seems like the data Google lets you collect/see for yourself, and not the totality of location data (which includes data collected from nearby wifi networks, nearby cellphones, and other bluetooth devices) that google collects.
> Even after a user opts in, he maintains some control over his location data. He can review, edit, or delete any information that Google has already obtained.
This is pretty misleading. You can see the location information your device sent to google, but you can't see or delete the assumptions that google has made about you based on that data. A list of GPS coordinates showing where you frequently go on Saturday nights isn't what people are concerned about Google having. The fact that those GPS coordinates show that you spend hours at, for example, a gay bar is more of an issue. It doesn't matter if you delete the list of GPS coordinates from your google account because what you can't delete is the "This user is gay and often goes to gay bars on Saturdays" flag that google put there the instant they got that data. No matter what you delete that data stays with Google along with the "here's how long this user stays at the gay bar, when they usually leave, where they go afterwards, and who they are with when they do" flags.
Even worse, the situation with google is just the tip of the iceberg because it's not just our phones that are tracking us. It's also our cell phone companies, the random cameras and license plate/toll transponder readers we pass by, our "smart" cars, etc. There's so much tracking going on that the typically American has zero control over at all, but which police (and others) could tap into. We really need more protections against this.
>Do people really think Google isn't tracking location data without this setting enabled? How would anyone (save for a whistleblower) know? [...]
You can't, in the same way you wouldn't know whether Carl Sagan really has an invisible dragon in his garage or not. It's impossible to prove a negative.
>It doesn't matter if you delete the list of GPS coordinates from your google account because what you can't delete is the "This user is gay and often goes to gay bars on Saturdays" flag that google put there the instant they got that data.
Is there any evidence this actually happens? The bike thief example you linked is more straightforwardly explained with police using a geofence warrant, rather than some ML system that recorded "this guy bikes at 4pm to 6pm".
Sounds like a good reason not to trust them. That said, it's not impossible to be reasonably assured that our data isn't being stored or used inappropriately, but that would require strong regulations which protected that data and a proven record of companies being caught and facing meaningful consequences for violating those regulations. It'd be nice if we had strong whistleblower protections as well. Maybe a massive bounty to anyone who can prove to regulators that their company is violating customer's privacy would help.
> Is there any evidence this actually happens?
Well, yeah. That's literally Google's entire business model. They collect as much data as they can about you, so that advertisers can request their ads to be show to certain segments of the population. That's what targeted advertising is. Nobody is sending Google updates on their lives, google just makes a bunch of guesses and inferences using the massive amounts of data they collect about you, and as long as they are correct most of the time it pays off for advertisers.
Among the worst are lists of people with mental illness, dementia, poor education/literacy, low intelligence, etc. I doubt Google lets you target people based on predatory lists like that, but they might keep them for their own uses. They have collected the test scores and grades of a lot of children through schools that force students to create google accounts and use chromebooks. It'd be pretty easy for them to sort people into buckets like "smart" or "dumb".
Lots of companies privacy polices state specifically that they collect this kind of data. For example, here a company that collects "Personal Information used to create a profile about you, which may include your preferences, reading or writing levels, abilities, aptitudes, and other data or analytics provided about you or your account by our third-party partners or data aggregators. " (https://www.captivoice.com/capti-site/public/entry/privacy_p...)
I can't promise that this happens in the EU, but it does in the US. Literally any child using a chromebook for school, as many are forced to by the schools, is forced to hand massive amounts of personal data to Google. Google may claim that they aren't keeping the data they are collecting, but they are collecting it and their services wouldn't function if they were not. This leads to some weird situations where a student who violates youtube's ToS can be locked out of the chromebook their school requires them to use to take tests and do homework (see https://old.reddit.com/r/k12sysadmin/comments/109cn00/suspen...)
I completely distrust Google. I have no Google apps on my iPhone. I don't use any Google services.
But I do not believe they have any other identity-linked location data. The way you would know is that there would be an article about the police requesting it.
> The way you would know is that there would be an article about the police requesting it.
I think police just send requests to google for location info without specifying how that data was obtained. It's either, "Tell us everything you know about the location of this user between timestamp one and timestamp two", or "Tell us everything you know about all persons within however many miles of this location between timestamp one and timestamp two" and they don't bother sending requests like "Give us the data from your Location Reporting feature" or "Give us all the data from your Find My Phone feature" or "Give us all the data from your Nearby Connections API"
That link is a story from 2020 about a geofence warrant. It appears that around the end of last year, Google changed their system to store location on the device (with optional encrypted backups), so warrants like that won't work anymore. More info:
It might not be completely over. There might be other other location stored somewhere. But, it's important to celebrate the win when something like this happens.
If that chance actually goes on to protect people, I'll agree that it's a good thing! We'll know when time goes on and nobody else ends up being arrested because the police when fishing using location data I guess.
My mother was told that she spent over 200 hours shopping last month. When she looked into it, Google had tracked all the time spent at the retail store she operates. It was amusing and annoying at the same time. She never asked Google to track her location.
“You're receiving this email because you turned on Location History, a Google Account-level setting that creates Timeline, a personal map of your visited places, routes, and trips.
You can view, edit, and delete this data anytime in Timeline.
Timeline is changing. To avoid losing visits and routes, update your settings by December 8, 2024.“
……
> Do people really think Google isn't tracking location data without this setting enabled? How would anyone (save for a whistleblower) know?
Frankly I think that Google wont track me if I flip the bit (bugs not withstanding). Maybe I’m a fool. Do I trust mega corps? No, but I trust them enough to not blatantly lie when there’d be huge legal repercussions.
They’re a massive corporation with tons of lawyers. They have an huge reputational risk, and they are already known to track a lot of data. Ignoring the user would be a massive violation. I’m sure there is massive legal penalty to this, enough to make the company care about being honest. You can find the most useless crap they stored it you do a data takeout request, so what’re the odds that entire teams of people have been secretly working on something violating laws and agreements and everyone including legal has just turned a blind eye?
Everywhere I’ve worked required privacy and legal reviews just to touch data that could be a location, nevermind store or use it associated with a user. Frankly the lack of whistleblowers or leaks should be a massive sign that it’s not happening. Google has been terrible at avoiding leaks, and everyone working there seems to be jaded after the layoffs rocked the company.
Regarding the “gay bar” anecdotes - I think there are some weak protections around “derivative data” in some jurisdictions but this is likely a gap in laws. There is a chance that it could be considered derived location and be purged too.
Ps totally agree on the point about police abuse though.
I don't understand this argument. The most hated corporations in the US are all insanely rich and are at zero risk of going out of business even though most people hate them. After a certain point, corporations have basically nothing to fear from bad press. Google specifically has been found guilty of violating the law and people's privacy on numerous occasions already, including misleading users into thinking they had turned off location tracking in their account settings even though Google was still collecting that information. Here's a short and very incomplete list:
What reputation does Google have to protect at this point?
They've repeatedly demonstrated a willingness to break the law when it's convenient for them and even after being caught they've generally profited from doing so and at no point were they in danger of going out of business due to punitive fines.
> Frankly the lack of whistleblowers or leaks should be a massive sign that it’s not happening.
whistleblowers are extremely rare. The few protections they have are being reduced all the time, and the risk is huge. Very few people will give up their career and risk becoming unhirable.
>whistleblowers are extremely rare. The few protections they have are being reduced all the time, and the risk is huge. Very few people will give up their career and risk becoming unhirable.
Except you don't need to whistleblow by testifying in front of congress or whatever. You can anonymously post on HN (or similar tech-oriented forums) with proof and it would be enough to get the ball rolling. Android and google play services is archived everywhere it'll be easy for others to check your work.
> Except you don't need to whistleblow by testifying in front of congress or whatever. You can anonymously post on HN (or similar tech-oriented forums) with proof and it would be enough to get the ball rolling.
I'd bet that very few people would have the kind of access to see what violations of people's privacy are taking place and that proof someone posted to social media (besides a massive leak of innocent people's personal data) may not be verifiable by anyone other than google employees or regulators/government who could get into Google's internal systems.
I suppose that they could if there was a lie_to_public_about_data_collection() function in Android's source code or a massive store of location data that shouldn't exist just sitting unencrypted on our devices and being transmitted to google unencrypted, but other situations would be much less clear.
For example, when you open Google maps, you'd fully expect that your location would be sent to google. You'd also expect that google wouldn't keep that information tied to your account if you'd opted out of that tracking in your account settings. If google were keeping a copy of that location data on an internal server somewhere, associated with your dossier, but not made visible to users (or even most google employees) what proof would you expect to see posted to HN that we could verify for ourselves? Screenshots of the database/internal tool/documentation might be good, but screenshots can be faked and since we don't have access to the database, or the server deep inside google that hosts it, or their internal documentation we'd be unable to say for sure if it the screenshots were real.
Companies are using all kinds of tricks these days to catch whistleblowers like logging anyone who accesses sensitive information and adding hidden watermarks to documents and images. Just going to social media or the press could be very risky.
"You can anonymously post on HN" - New account? flagged / green / unvouched and HN will still be able to connect the account unless <extra work>. And you know they all connected with each other
Could do speech analysis on the text and compare against company slack / email.
only a few people have the access to the leaked info and trivial to work out
> whistleblowers are extremely rare. The few protections they have are being reduced all the time, and the risk is huge. Very few people will give up their career and risk becoming unhirable.
We get the new pixels leaked every year for a decade. We get all sorts of leaks from Google very regularly in the news.
If you work for a tech company and you have juicy new stories you can quite literally call a journalist and get something in the news that week.
It would be reasonable to expect that there are vastly more employees who have access to pixel phone specs than some secret server collecting private information google keeps when they shouldn't. Google is known to be pretty restrictive about employee's access to the user data they're allowed to collect (at least they are now, after some embarrassing cases of Google employees cyber-stalking teenagers and ex-girlfriends (https://www.dailymail.co.uk/news/article-9862857/Google-fire...)
> Ignoring the user would be a massive violation. I’m sure there is massive legal penalty to this, enough to make the company care about being honest.
Is this satire? There are countless discussions about how GDPR for example is not being enforced properly, how fines are not small enough to move the needle for corporations and are just a cost of doing business. Apple and Google and Microsoft and Facebook are continuously fighting the EU Comission about privacy and market domination on multiple fronts, and recently the US DOJ has started fighting them too. I have never seen any clue that they are afraid.
Get an iPhone. Android and iOS are equivalent, while Apple’s revenue is overwhelmingly based on hardware and services, unlike Google’s revenue which is overwhelmingly based on advertising and tracking.
Apple sells your traffic to Google for tens of billions of dollars. Of course they're not leaving the equivalent money on the table, they just hope people will be fooled by the indirection.
HN ist not "most users". Yes they both have apps, an icon grid, a swipe down notification panel... but there are oceans of difference beyond that surface. HN is always full of new ones.
How is turning on a feature the same thing as handing data it collects to Google etc? I turned on computer backups, does that mean the feds can read all of that?
I'm not sure I'm making any better argument, but technically it's 2nd party. If I turned on a Google feature, that's between us. And honestly that's kind of the point I'm trying to make. Enabling a feature doesn't mean I want anyone to have access to that features data.
I don't have a direct source but I found some other posts that suggest many people are unknowingly turning it on.
"While this feature is turned off by default, many of Google's services and apps require it to be turned on, so unless you're actively keeping it off, there's a good chance it's enabled for your Google account." https://www.xda-developers.com/google-location-history/
Is there any obligation to announce exonerating data found by prosecutors during a dragnet search? I was under the impression that they could just pick something that makes you look bad and build a case on that, and that unless your defence has access to all the same data (do they?) and is equally motivated and funded, that in this case you’re probably just boned.
In fact, just yesterday, a judge dismissed a case in the middle of a trial to punish a prosecutor for not disclosing information to the defense -- and the information had only a tenuous relevance to the case:
You have access to your own location data, at least if you have location history enabled. It's an interesting question if defense can request this data from google if you don't have it enabled..
> This change means that Google will no longer respond to geofence warrants from law enforcement that request information on all devices near a particular incident.
https://news.ycombinator.com/item?id=40869536
(edit to fix my mistake, thank you Centigonal!)