Google's Location Info Failure Might Interest The FTC
from the do-better dept
Earlier this week, the Associated Press did a story revealing that even for Google users (on both Android and iPhone) who turned off location tracking Google was still tracking their location in some cases.
Google says that will prevent the company from remembering where you?ve been. Google?s support page on the subject states: ?You can turn off Location History at any time. With Location History off, the places you go are no longer stored.?
That isn?t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking. (It?s possible, although laborious, to delete it .)
For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like ?chocolate chip cookies,? or ?kids science kits,? pinpoint your precise latitude and longitude ? accurate to the square foot ? and save it to your Google account.
If you squint, you can kind of see why this might have happened. Apps like Maps and weather more or less need your location info to work well (though, the search part is a bit more baffling). But, even so, this seems like a huge blunder by Google, a company that should absolutely know better. The latest, of course, is that Google has quietly moved to update the language that users see to “clarify” that some location data may still be recorded:
But its help page for the Location History setting now states: ?This setting does not affect other location services on your device.? It also acknowledges that ?some location data may be saved as part of your activity on other services, like Search and Maps.?
Previously, the page stated: ?With Location History off, the places you go are no longer stored.?
It’s entirely possible, if not likely, that the location history feature is completely disconnected from the location specific data within these other apps. But, still, the average consumer is not going to realize that. Indeed, the tech savvy consumer is mostly unlikely to understand that. And Google’s new “clarification” isn’t really going to do a very good job actually clarifying this for people either. Google certainly has done a better job than a lot of other companies both in providing transparency about what data it collects on you and giving you controls to see that data, and delete some of it. But this was still a boneheaded move, and it’s simply ridiculous that someone at the company didn’t spot this issue and do something about it sooner.
As I’ve been pointing out for a while, a big part of why so many people are concerned about privacy on digital services is because those services have done a piss poor job of both informing users what’s happening, and giving them more control over the usage of their data. This kind of situation is even worse, in that under the guise of giving users control (a good thing), Google appears to have muddied the waters over what information it was actually collecting.
I also wonder if this will make the FTC’s ears perk up. There is still an FTC consent decree that binds the company with regards to certain privacy practices, and that includes that the company “shall not misrepresent in any manner, expressly or by implication… the extent to which consumers may exercise control over the collection, use, or disclosure of covered information.” And “covered information” includes “physical location.”
Would these practices count as misrepresenting the extent to which consumers could stop Google from collecting location info? It certainly seems like a case could be made that it does. There are many areas where it feels like people attack the big internet companies just because they’re big and easy targets. Sometimes those attacks are made without understanding the underlying issues. But sometimes, I’m amazed at how these companies fail to take a thorough look at their own practices. And this is one of those cases.
Filed Under: ftc, google maps, location, location info, privacy, transparency
Companies: google
Comments on “Google's Location Info Failure Might Interest The FTC”
It’s probably that the wording is controlled by the marketing and legal departments, who aren’t intimately familiar with the internals of the various products. The engineers, who truly know what’s going on under the hood, aren’t consulted until after the fact (if then). There’s also the disconnect in world-view: to the engineers the fact that Weather stores location data in it’s own data storage for it’s own purposes isn’t relevant at all to whether that same data appears in the Location History storage. As long as Weather doesn’t feed the data to Location History, the statement that turning off Location History makes Location History stop recording your location is correct even though Weather is still tracking your location so it can show you the weather in places you visit regularly. To make matters worse, I suspect the average smartphone user’s understanding is closer to the engineers’ than the lawyers’ so you end up with not one but two layers of translation errors.
Re: Re:
So, basically it is marketing bullshit.
Re: Re: Re:
Not necessarily. It may be wrong, and it may be the marketers responsible for the text that is wrong, but it’s not “marketing bullshit” if they genuinely don’t understand that they’re spreading damaging misinformation.
Re: Re: Re: Re:
But they are known for same, if I had to guess …
Re: You don’t win by doing things right
The engineers all know KISS. Windows Phone/Mobile worked a lot better. Regardless of any permissions for individual apps, there was a single overriding toggle setting for location services. The location setting was either on or off. If it was off, the operation system would disable all location services, so no app and not even the operation system had access to new location data. You could immediately see whether location services were enabled from the status bar, and with Windows Phone 8.1, you could add a button to the Action Center to quickly turn it on and off.
Re: Re: You don’t win by doing things right
To you, the user, that was a feature.
To the Captains of Industry, that was a fault.
Re: Re:
Where oh where do we sign up for the class action lawsuit we’ve been waiting for against the fucking beligerant spying monster of a corporation??
Re: Re:
I really think most programmers just don’t care about data leakage. When I install a new Linux system I have to disable .bash_history, .lesshst, and about 100 others. Our best solution to this problem is to put the home directory on a ramdisk and reboot frequently (i.e., TAILS).
Android Apps ask permission
Adding to what TKnarr said, you also have to keep in mind that Android apps ASK PERMISSION before they are able to access location information. If the user allows location information to be used by the app, then the USER ALLOWED IT (whether or not they understood that when they agreed to it or remember later that they did are different questions entirely).
Re: Android Apps ask permission
The slight problem with this is that location access is required by all advert libraries and therefore basically all ad-based apps (which is effectively the same thing as “all apps full stop”). It’s not really optional to grant it if you want to install anything at all, unless you either use no free apps at all or you’re willing to go “full vegan” with open source apps only – well good luck with that because you’ll need it; I should know…
Re: Re: Android Apps ask permission
Not to mention that pre-installed apps (ie, a lot of google stuff) also come with pre-accepted permissions.
Re: Re: Re: Android Apps ask permission
… and here is a real problem with their product.
What will they do about? Censor their critics of course.
Another attempt for Mike Masnick, Google shill, to highlight how great Google is.
When are you going to get out of their pocket and start talking about the things they do wrong?
Re: Re:
lmao, the first thing that came to mind. Do you feel the smell of brains short circuiting?
Re: Re:
Did you read the post?
Re: Re: Re:
I’m fairly certain this is satire aimed at certain frequent commenters who are convinced that Techdirt is funded by Google.
Thanks! Very informative!
This is a good article not only for the information, but it would also be a nice bookmark for when some idiot calls you a Google shill.
Concerns over privacy and security have turned my phone into a frenemy, and I’m hoping that the FTC does wake up. With the current administrations indifference to citizens’ privacy (and therefore security), however, I’m not optimistic.
Re: 'No amount of evidence will change a mind already made up'
This is a good article not only for the information, but it would also be a nice bookmark for when some idiot calls you a Google shill.
You’d think so, but no, they just dismiss articles like this by either pretending that they don’t exist, or claiming that they’re not actually serious and are meant as distractions from the pro-Google stance they attribute to the strawmen TD/Mikes they have in their heads.
Re: Re: 'No amount of evidence will change a mind already made up'
Actually, I expect they’ll dismiss this one as softballing the offense, being insufficiently negative about it and giving Google too much of the benefit of the doubt.
(And, yes, as being written with the purpose of providing something to point to as being negative about Google. But that’s not nearly as effective a point – even in a world where it’s effective at all – if the article is actually clearly negative, so the dismissal as not-negative-enough comes first in the resolution order.)
Re: Thanks! Very informative!
Trains and buses have been interesting lately. I saw a sticker on someone’s front-facing phone camera last week, and have been seeing stickers over laptop cameras frequently—like, 10 or 20 per cent of people have them.
You appear to be writing about two distinct things here: location logging and location tracking.
When you turn off location history, you’re turning off location tracking — you are no longer storing your location on Google servers.
However, any app or feature that requires location information will cache and/or log the result locally so it can use it.
From the article, it’s unclear whether Google is still doing local logging when location tracking is disabled, or whether the information is being sent to Google and stored there for X amount of time.
Do you have any clarifications on this?
The FTC might care, the NSA cares much much more…
Trusting Google with your privacy is like trusting banks with your money.
Re: Re:
No google is far worse than any bank.
GOOGLE Execs 'Misled Staff' On Censored Search...
At The Intercept from internal meeting.
Google-boy probably knew was more to come out and tries to deflect for his precious Google.
And why is he ALWAYS promoting or protecting GOOGLE?
https://copia.is/wp-content/uploads/2015/06/sponsors.png
Re: With no respect to the writers of the Resident Evil films...
BLUE: I told you I’d be bringing that one link as proof.
ME: You should’ve brought more.
Well, turns out "academics" see everything GOOGLE does as good!
From Breitbart (‘dirters won’t read it, so no link):
Re:
For good reason: Breitbart is not only painfully partisan, it is rarely considered a trusted source for actual news/fact-based journalism. One blogger’s recounting of a week-long “Breitbart news diet” points out exactly why the site has no credibility as a mainstream journalistic outlet.
That plan would have little-to-no meaningful impact in China. A sizeable number of Chinese people need no reminders about what the government wants censored, given the way people try to route around that censorship.
One “academic” from one institution does not speak for everyone who works in an institution of higher learning.
Re: Re:
out_of_the_blue just hates it when due process is enforced.
Re:
Dead cokehead days what?
Google’s business model is based on collecting as much personal data about people as possible and using it build profiles about them in order to sell things to them more effectively.
The settings and “consent” dialogs are all about nudging people in the direction the company wants and establishing a defensible, but mostly empty, claim that users agreed to the data harvesting and were given meaningful choices.
Compare Linux Mint to Windows 10. The former is built for users and the later is built for Microsoft.
Mint doesn’t need the 1001 “privacy” settings because users don’t want most of the bullshit pretexts upon which data is collected.
Mint doesn’t force update on you or take personal data without notice or meaningful consent because those things are not required for it to function as an OS.
Some App functions may need location data – but consenting for that data to be used temporarily by the app does not require consent for a company to store the data, re-purpose it for targeted advertising, or anything of the sort.
The data harvesting business model is dangerous and offensive and needs to go.
How about we just pay a few bucks a month for a quality app – and trust that our data will not be stored or sold or used for nefarious purposes – like getting Trump elected – because there are laws in place that are genuinely enforced to prevent that?
Is that really such a radical proposition?
Re: Re:
Sure it’s radical. You are asking the internet to go back to 1998 or pre-web, more or less, before businesses took everything over.
Of course, you could be more radical and propose that actual human beings should be on equal footing any time they deal with a fictitious business person. Any form of contract may be negotiated, and data about you generated by yourself is yours to control (barter, offer, withdraw), which would be the relevant upshot here.
Re: Re:
They may not exfiltrate it, but Linux programs will shit personal data all over your hard drive without consent or notice. Web browsers store history, cookies, and "new stuff" (HPKP, offline storage); history files and recent-file lists are everywhere and not always obvious. I want almost none of this and have to go to quite a lot of effort to disable it. And I’ve grown weary of prodding developers to disable it, because they almost always try to paint me as a crazy paranoiac (but it’s only on your own computer! if your HDD isn’t private you’re screwed already! it’s not that sensitive!—see the libvte fiasco).
Web browsers at least have privacy modes now, which help with some of this, although Chrome makes it suspicously easy to go non-private by accident (ever press ctrl+n instead of ctrl+n instead of ctrl+shift+n? careful!) and SSL-only or CA-free-SSL setups are not so easy to create.
Re: Re: Re:
“Linux programs will shit personal data all over your hard drive without consent or notice”
– You can turn off logging, it’s not that hard to do.
“Web browsers at least have privacy modes now”
– Heh – sure, their “privacy mode”, not yours.
Do you run a firewall?
Re: Re: Re: Re:
Please, tell me how. I know I can set LESSHSTFILE=-, unset HISTFILE in .bashrc, link ~/.wget-hsts to /dev/null… but then there’s .sqlite_history, .gnuplot_history, .w3m/history, .cache/awesome/history. And .config/libreoffice/4/user/registrymodifications.xcu, particularly pernicious because its MRU list is mixed with configuration data. Tomorrow I might install something else and later notice it’s tracking me in some new location.
Though you’re ignoring the part about "consent or notice", I’ll be happy if you tell me the name of the global control for all of that.
Re: Re: Re:2 Re:
There is a plethora of information, manual pages, howtos, walkthrus related to all operating systems linux being one of them.
How did you acquire your linux system? If you built it yourself you would be aware of at least some of the available information which addresses your questions. This is not the forum for such assistance, please go do some research.
Re: Re: Re:3 Re:
I’m responding to the statement that it’s “not that hard”. The “plethora of information” is the problem, not the solution. I know how to mark files immutable, link history files to /dev/null, replace files with non-writable directories, create $LD_PRELOAD libraries to filter open() or openat() calls, and recompile programs. I know how to audit programs for history files, by using dummy $HOME directories, reviewing the code, or using strace. (Or on Windows: filemon and regmon to watch, directory and registry permissions to block.)
You might say that’s not “hard”, but it’s sure as hell time-consuming, and I know more than most “normal” users about this. That needs to be done for every program one might ever want to use. There’s literally a whole Linux distribution (TAILS) with a team of people trying to keep this information from being recorded. For the most part, they’re not even fixing the problem, they’re just throwing away the home directory on every boot to work around it.
I know how to send patches upstream too, which I might be doing if I didn’t get so much fucking pushback every time. It’s exhausting. I want a system-wide “do not track” option, ideally; I don’t know that anyone else does, but perhaps developers will start to care after some FTC actions or lawsuits.
Re: Re: Re:4 Re:
It is only a problem if you let strangers have access to said machine. Logging has many uses, some of which one can not do much without.
Re: Re: Re:5 Re:
You may have heard of this new thing people are trying, "unauthorized access".
I’m aware some people find .bash_history useful, like Bradley Kuhn who’s tracked every command since 2003. More commonly I’ve seen people surprised that ctrl+r can pull up a year-old command.
Some people rely on long-term browser cookies. I’ve never seen anyone use browser history, though such people must exist.
I’ve yet to see anything with "which one can not do much without." I’m not disputing usefulness anyway, I’m asking for notice and consent for the storage of tracking data, and a way to disable it by default.
Re: Re: Re:6 Re:
At first I thought you might be describing a home computer/lan setup, but 2nd thought it seemed to be more of an office – idk.
If you are developing, integrating, testing and/or deploying software it is a good idea to review all the relevant logs including some OS logs but the main focus is the software item being worked on.
But now I am convinced that you are not doing any development work so I guess you do not need any logs huh.
Ever experience a CPU panic? Have an application crash? Wonder why a device has stopped working? You probably then take the thing to Geek Squad because you have no logs to troubleshoot your issues. — Brilliant!
Re: Re: Re: Re:
No, I assume the LAN is compromised and run portscans to make sure nothing’s accessible; I use no unencrypted services. Firewalls don’t help much when programs can tunnel everything over ports 80 and 443, or DNS. I use Tor for almost everything, so I need those ports open (outbound).
Re: Re: Re:2 Re:
Your ISP supplied “modem” probably has one, hopefully you did not disable it.
Re: Re: Re:3 Re:
My ISP-supplied equipment is a modem, not router. Full passthrough. I wouldn’t trust an ISP-supplied firewall anyway—what helpful thing(s) might we expect it to do? Blocking inbound traffic is useless, because I have no undesired ports open (which is much better than enabling all kinds of shit and relying on another computer to block it). It doesn’t have enough information to block outbound traffic in any useful way; it can’t tell which user or which program is generating packets.
Network-level firewalls basically don’t work. They’re effectively defeated as soon as you connect your device to coffee-shop wifi.
Re: Re: Re:4 Re:
I think I have read some of your posts in the past about this same issue and at the time I thought you were a bit off plumb.
Why would one have a lan protected by a firewall and then plug in a box to that lan and open a wifi connection? This would bridge your lan to the wifi network thus allowing access to your lan bypassing the firewall. The firewall is defeated as you say because you defeated it when you bridged the networks.
Re: Re: Re:5 Re:
I’m not talking about bridging, I mean that if your laptop/phone is insecure, it can be infected while on a public wifi network. You’re likely to connect it to your home network later, and if that relies on perimeter security (rather than device security) the infection can spread. That’s not hypothetical, it’s a common attack vector.
Alternately, if your devices are secure, what’s the perimeter firewall there for?
An on-device firewall is different—it could, for example, protect against rogue apps. But you need OS hooks to know which app is which; an external firewall box will just see some connection to port 80/443 with no way to know whether it’s from an authorized app.
Re: Re: Re:6 Re:
“if your devices are secure”
This is not something one should assume is possible.
Re: Re: Re:7 Re:
Fair enough, but a firewall blocks ports rather than attacks, so let’s make that "if you don’t have ports open, what’s the perimeter firewall for?"
Home perimeter firewalls usually allow all outgoing traffic, and block new incoming connections. In effect, that only blocks certain worms. They’re better blocked by disabling services that aren’t required (services that are required would need to bypass the FW anyway).
Re: Re: Re:8 Re:
“a firewall blocks ports rather than attacks”
Firewalls are capable of much more than just that, the good ones anyway. I suggest some research in this field as you may find it enlightening. btw, one can setup a pretty decent firewall by themselves, no need for an expensive item in the home because you are not a high priority target.
“ome perimeter firewalls usually allow all outgoing traffic”
Depends upon how you, the user, sets it up.
What sort of “service” do you need which requires a bypass of the firewall? If you punch holes in a firewall it is a good idea to tie said hole to authorized MAC addresses. There is a lot of things a firewall may be capable of that apparently you are unaware of.
Re: Re: Re:9 Re:
We were talking about ISP-supplied ones, at least originally…
Is there a reasonable way to set it up without allowing all outbound traffic to ports 80 and 443? Any well-written malware is going to use those ports.
If you mean inbound: ssh. But inbound doesn’t make sense in the context of MAC filtering… outbound: web, ssh, ntp, email, tor, probably several others
Re: Re: Re:10 Re:
“If you mean inbound: ssh”
Why do you think SSH requires you to bypass the firewall?
“Opening a port”, as you say, for an application is not the same as bypassing the firewall as there are many things one can do with those packets.
“inbound doesn’t make sense in the context of MAC filtering.”
Why does this not make sense to you?
Re: Re: Re:
Log Files on your own machine are not a particular risk, as they only becomes available outside your machine if it has been compromised. If your machine has been compromised, then everything has become available to whoever compromised it,and then even disk encryption and TOR will not protect you.
Re: Re: Re: Re:
And here we go, “but it’s only on your own computer! if your HDD isn’t private you’re screwed already!”.
One can be forced to decrypt one’s machine at border checkpoints etc., or can be compromised in other ways (malware, subpoenas, …). The log files then allow the intruders to look into the past, which would not otherwise be possible. Disabling them is similar to requiring perfect forward secrecy for encrypted connections. It doesn’t protect against ongoing attacks, but can limit the damage. It shouldn’t be so difficult.
Re: Re: Re: Re:
Exactly.
If they are in your base killing yer dudes, yer already screwed.
Re: Re: Re:2 Re:
"What all these data breaches are teaching us is that data is a toxic asset and saving it is dangerous."
Data that doesn’t exist can’t be leaked. A compromise could enable logging and exfiltration of future data, but cannot reveal historical data that was never stored. If data isn’t useful to you, you should not be storing it.
Re: Re: Re:3 Re:
Off on a tangent and losing sight of the subject.
Google’s activity page actually has very good controls for controlling what history they store as well as the ability to delete anything you want, even to the detail of single datapoints. These include a separate option for turning off the app history. That’s not the problem.
The problem is, news like these are about the only place the average person even hears about the existence of that page. I myself had forgotten I’d been there before to turn those settings off.
Re: Re:
Is any of that available to people without Google accounts? I have do-not-track enabled, but I don’t have or want a Google account so I can’t see what they’re collecting and am not aware of a way to limit it. Do they respect DNT? I have Google Analytics and Doubleclick blocked but I’m still worried. Some sites will embed Google maps or spreadsheets and I have no idea what Google records.