Google's Location Info Failure Might Interest The FTC
from the do-better dept
Earlier this week, the Associated Press did a story revealing that even for Google users (on both Android and iPhone) who turned off location tracking Google was still tracking their location in some cases.
Google says that will prevent the company from remembering where you’ve been. Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”
That isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking. (It’s possible, although laborious, to delete it .)
For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude — accurate to the square foot — and save it to your Google account.
If you squint, you can kind of see why this might have happened. Apps like Maps and weather more or less need your location info to work well (though, the search part is a bit more baffling). But, even so, this seems like a huge blunder by Google, a company that should absolutely know better. The latest, of course, is that Google has quietly moved to update the language that users see to "clarify" that some location data may still be recorded:
But its help page for the Location History setting now states: “This setting does not affect other location services on your device.” It also acknowledges that “some location data may be saved as part of your activity on other services, like Search and Maps.”
Previously, the page stated: “With Location History off, the places you go are no longer stored.”
It's entirely possible, if not likely, that the location history feature is completely disconnected from the location specific data within these other apps. But, still, the average consumer is not going to realize that. Indeed, the tech savvy consumer is mostly unlikely to understand that. And Google's new "clarification" isn't really going to do a very good job actually clarifying this for people either. Google certainly has done a better job than a lot of other companies both in providing transparency about what data it collects on you and giving you controls to see that data, and delete some of it. But this was still a boneheaded move, and it's simply ridiculous that someone at the company didn't spot this issue and do something about it sooner.
As I've been pointing out for a while, a big part of why so many people are concerned about privacy on digital services is because those services have done a piss poor job of both informing users what's happening, and giving them more control over the usage of their data. This kind of situation is even worse, in that under the guise of giving users control (a good thing), Google appears to have muddied the waters over what information it was actually collecting.
I also wonder if this will make the FTC's ears perk up. There is still an FTC consent decree that binds the company with regards to certain privacy practices, and that includes that the company "shall not misrepresent in any manner, expressly or by implication... the extent to which consumers may exercise control over the collection, use, or disclosure of covered information." And "covered information" includes "physical location."
Would these practices count as misrepresenting the extent to which consumers could stop Google from collecting location info? It certainly seems like a case could be made that it does. There are many areas where it feels like people attack the big internet companies just because they're big and easy targets. Sometimes those attacks are made without understanding the underlying issues. But sometimes, I'm amazed at how these companies fail to take a thorough look at their own practices. And this is one of those cases.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ftc, google maps, location, location info, privacy, transparency
Companies: google
Reader Comments
The First Word
“It's probably that the wording is controlled by the marketing and legal departments, who aren't intimately familiar with the internals of the various products. The engineers, who truly know what's going on under the hood, aren't consulted until after the fact (if then). There's also the disconnect in world-view: to the engineers the fact that Weather stores location data in it's own data storage for it's own purposes isn't relevant at all to whether that same data appears in the Location History storage. As long as Weather doesn't feed the data to Location History, the statement that turning off Location History makes Location History stop recording your location is correct even though Weather is still tracking your location so it can show you the weather in places you visit regularly. To make matters worse, I suspect the average smartphone user's understanding is closer to the engineers' than the lawyers' so you end up with not one but two layers of translation errors.
Subscribe: RSS
View by: Time | Thread
It's probably that the wording is controlled by the marketing and legal departments, who aren't intimately familiar with the internals of the various products. The engineers, who truly know what's going on under the hood, aren't consulted until after the fact (if then). There's also the disconnect in world-view: to the engineers the fact that Weather stores location data in it's own data storage for it's own purposes isn't relevant at all to whether that same data appears in the Location History storage. As long as Weather doesn't feed the data to Location History, the statement that turning off Location History makes Location History stop recording your location is correct even though Weather is still tracking your location so it can show you the weather in places you visit regularly. To make matters worse, I suspect the average smartphone user's understanding is closer to the engineers' than the lawyers' so you end up with not one but two layers of translation errors.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
You don’t win by doing things right
The engineers all know KISS. Windows Phone/Mobile worked a lot better. Regardless of any permissions for individual apps, there was a single overriding toggle setting for location services. The location setting was either on or off. If it was off, the operation system would disable all location services, so no app and not even the operation system had access to new location data. You could immediately see whether location services were enabled from the status bar, and with Windows Phone 8.1, you could add a button to the Action Center to quickly turn it on and off.
[ link to this | view in chronology ]
Re: You don’t win by doing things right
To the Captains of Industry, that was a fault.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
I really think most programmers just don't care about data leakage. When I install a new Linux system I have to disable .bash_history, .lesshst, and about 100 others. Our best solution to this problem is to put the home directory on a ramdisk and reboot frequently (i.e., TAILS).
[ link to this | view in chronology ]
Android Apps ask permission
[ link to this | view in chronology ]
Re: Android Apps ask permission
[ link to this | view in chronology ]
Re: Re: Android Apps ask permission
[ link to this | view in chronology ]
Re: Re: Re: Android Apps ask permission
What will they do about? Censor their critics of course.
[ link to this | view in chronology ]
When are you going to get out of their pocket and start talking about the things they do wrong?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Thanks! Very informative!
Concerns over privacy and security have turned my phone into a frenemy, and I'm hoping that the FTC does wake up. With the current administrations indifference to citizens' privacy (and therefore security), however, I'm not optimistic.
[ link to this | view in chronology ]
'No amount of evidence will change a mind already made up'
This is a good article not only for the information, but it would also be a nice bookmark for when some idiot calls you a Google shill.
You'd think so, but no, they just dismiss articles like this by either pretending that they don't exist, or claiming that they're not actually serious and are meant as distractions from the pro-Google stance they attribute to the strawmen TD/Mikes they have in their heads.
[ link to this | view in chronology ]
Re: 'No amount of evidence will change a mind already made up'
Actually, I expect they'll dismiss this one as softballing the offense, being insufficiently negative about it and giving Google too much of the benefit of the doubt.
(And, yes, as being written with the purpose of providing something to point to as being negative about Google. But that's not nearly as effective a point - even in a world where it's effective at all - if the article is actually clearly negative, so the dismissal as not-negative-enough comes first in the resolution order.)
[ link to this | view in chronology ]
Re: Thanks! Very informative!
Trains and buses have been interesting lately. I saw a sticker on someone's front-facing phone camera last week, and have been seeing stickers over laptop cameras frequently—like, 10 or 20 per cent of people have them.
[ link to this | view in chronology ]
When you turn off location history, you're turning off location tracking -- you are no longer storing your location on Google servers.
However, any app or feature that requires location information will cache and/or log the result locally so it can use it.
From the article, it's unclear whether Google is still doing local logging when location tracking is disabled, or whether the information is being sent to Google and stored there for X amount of time.
Do you have any clarifications on this?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
GOOGLE Execs 'Misled Staff' On Censored Search...
At The Intercept from internal meeting.
Google-boy probably knew was more to come out and tries to deflect for his precious Google.
And why is he ALWAYS promoting or protecting GOOGLE?
https://copia.is/wp-content/uploads/2015/06/sponsors.png
[ link to this | view in chronology ]
With no respect to the writers of the Resident Evil films...
BLUE: I told you I’d be bringing that one link as proof.
ME: You should’ve brought more.
[ link to this | view in chronology ]
Well, turns out "academics" see everything GOOGLE does as good!
From Breitbart ('dirters won't read it, so no link):
[ link to this | view in chronology ]
For good reason: Breitbart is not only painfully partisan, it is rarely considered a trusted source for actual news/fact-based journalism. One blogger’s recounting of a week-long “Breitbart news diet” points out exactly why the site has no credibility as a mainstream journalistic outlet.
That plan would have little-to-no meaningful impact in China. A sizeable number of Chinese people need no reminders about what the government wants censored, given the way people try to route around that censorship.
One “academic” from one institution does not speak for everyone who works in an institution of higher learning.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The settings and "consent" dialogs are all about nudging people in the direction the company wants and establishing a defensible, but mostly empty, claim that users agreed to the data harvesting and were given meaningful choices.
Compare Linux Mint to Windows 10. The former is built for users and the later is built for Microsoft.
Mint doesn't need the 1001 "privacy" settings because users don't want most of the bullshit pretexts upon which data is collected.
Mint doesn't force update on you or take personal data without notice or meaningful consent because those things are not required for it to function as an OS.
Some App functions may need location data - but consenting for that data to be used temporarily by the app does not require consent for a company to store the data, re-purpose it for targeted advertising, or anything of the sort.
The data harvesting business model is dangerous and offensive and needs to go.
How about we just pay a few bucks a month for a quality app - and trust that our data will not be stored or sold or used for nefarious purposes - like getting Trump elected - because there are laws in place that are genuinely enforced to prevent that?
Is that really such a radical proposition?
[ link to this | view in chronology ]
Re:
Of course, you could be more radical and propose that actual human beings should be on equal footing any time they deal with a fictitious business person. Any form of contract may be negotiated, and data about you generated by yourself is yours to control (barter, offer, withdraw), which would be the relevant upshot here.
[ link to this | view in chronology ]
Re:
They may not exfiltrate it, but Linux programs will shit personal data all over your hard drive without consent or notice. Web browsers store history, cookies, and "new stuff" (HPKP, offline storage); history files and recent-file lists are everywhere and not always obvious. I want almost none of this and have to go to quite a lot of effort to disable it. And I've grown weary of prodding developers to disable it, because they almost always try to paint me as a crazy paranoiac (but it's only on your own computer! if your HDD isn't private you're screwed already! it's not that sensitive!—see the libvte fiasco).
Web browsers at least have privacy modes now, which help with some of this, although Chrome makes it suspicously easy to go non-private by accident (ever press ctrl+n instead of ctrl+n instead of ctrl+shift+n? careful!) and SSL-only or CA-free-SSL setups are not so easy to create.
[ link to this | view in chronology ]
Re: Re:
- You can turn off logging, it's not that hard to do.
"Web browsers at least have privacy modes now"
- Heh - sure, their "privacy mode", not yours.
Do you run a firewall?
[ link to this | view in chronology ]
Re: Re: Re:
Please, tell me how. I know I can set LESSHSTFILE=-, unset HISTFILE in .bashrc, link ~/.wget-hsts to /dev/null... but then there's .sqlite_history, .gnuplot_history, .w3m/history, .cache/awesome/history. And .config/libreoffice/4/user/registrymodifications.xcu, particularly pernicious because its MRU list is mixed with configuration data. Tomorrow I might install something else and later notice it's tracking me in some new location.
Though you're ignoring the part about "consent or notice", I'll be happy if you tell me the name of the global control for all of that.
[ link to this | view in chronology ]
Re: Re: Re: Re:
How did you acquire your linux system? If you built it yourself you would be aware of at least some of the available information which addresses your questions. This is not the forum for such assistance, please go do some research.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
You might say that's not "hard", but it's sure as hell time-consuming, and I know more than most "normal" users about this. That needs to be done for every program one might ever want to use. There's literally a whole Linux distribution (TAILS) with a team of people trying to keep this information from being recorded. For the most part, they're not even fixing the problem, they're just throwing away the home directory on every boot to work around it.
I know how to send patches upstream too, which I might be doing if I didn't get so much fucking pushback every time. It's exhausting. I want a system-wide "do not track" option, ideally; I don't know that anyone else does, but perhaps developers will start to care after some FTC actions or lawsuits.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
You may have heard of this new thing people are trying, "unauthorized access".
I'm aware some people find .bash_history useful, like Bradley Kuhn who's tracked every command since 2003. More commonly I've seen people surprised that ctrl+r can pull up a year-old command.
Some people rely on long-term browser cookies. I've never seen anyone use browser history, though such people must exist.
I've yet to see anything with "which one can not do much without." I'm not disputing usefulness anyway, I'm asking for notice and consent for the storage of tracking data, and a way to disable it by default.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
If you are developing, integrating, testing and/or deploying software it is a good idea to review all the relevant logs including some OS logs but the main focus is the software item being worked on.
But now I am convinced that you are not doing any development work so I guess you do not need any logs huh.
Ever experience a CPU panic? Have an application crash? Wonder why a device has stopped working? You probably then take the thing to Geek Squad because you have no logs to troubleshoot your issues. --- Brilliant!
[ link to this | view in chronology ]
Re: Re: Re:
No, I assume the LAN is compromised and run portscans to make sure nothing's accessible; I use no unencrypted services. Firewalls don't help much when programs can tunnel everything over ports 80 and 443, or DNS. I use Tor for almost everything, so I need those ports open (outbound).
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Network-level firewalls basically don't work. They're effectively defeated as soon as you connect your device to coffee-shop wifi.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Why would one have a lan protected by a firewall and then plug in a box to that lan and open a wifi connection? This would bridge your lan to the wifi network thus allowing access to your lan bypassing the firewall. The firewall is defeated as you say because you defeated it when you bridged the networks.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Alternately, if your devices are secure, what's the perimeter firewall there for?
An on-device firewall is different—it could, for example, protect against rogue apps. But you need OS hooks to know which app is which; an external firewall box will just see some connection to port 80/443 with no way to know whether it's from an authorized app.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
This is not something one should assume is possible.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
Fair enough, but a firewall blocks ports rather than attacks, so let's make that "if you don't have ports open, what's the perimeter firewall for?"
Home perimeter firewalls usually allow all outgoing traffic, and block new incoming connections. In effect, that only blocks certain worms. They're better blocked by disabling services that aren't required (services that are required would need to bypass the FW anyway).
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:
Firewalls are capable of much more than just that, the good ones anyway. I suggest some research in this field as you may find it enlightening. btw, one can setup a pretty decent firewall by themselves, no need for an expensive item in the home because you are not a high priority target.
"ome perimeter firewalls usually allow all outgoing traffic"
Depends upon how you, the user, sets it up.
What sort of "service" do you need which requires a bypass of the firewall? If you punch holes in a firewall it is a good idea to tie said hole to authorized MAC addresses. There is a lot of things a firewall may be capable of that apparently you are unaware of.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:
We were talking about ISP-supplied ones, at least originally...
Is there a reasonable way to set it up without allowing all outbound traffic to ports 80 and 443? Any well-written malware is going to use those ports.
If you mean inbound: ssh. But inbound doesn't make sense in the context of MAC filtering... outbound: web, ssh, ntp, email, tor, probably several others
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:
Why do you think SSH requires you to bypass the firewall?
"Opening a port", as you say, for an application is not the same as bypassing the firewall as there are many things one can do with those packets.
"inbound doesn't make sense in the context of MAC filtering."
Why does this not make sense to you?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
One can be forced to decrypt one's machine at border checkpoints etc., or can be compromised in other ways (malware, subpoenas, ...). The log files then allow the intruders to look into the past, which would not otherwise be possible. Disabling them is similar to requiring perfect forward secrecy for encrypted connections. It doesn't protect against ongoing attacks, but can limit the damage. It shouldn't be so difficult.
[ link to this | view in chronology ]
Re: Re: Re:
If they are in your base killing yer dudes, yer already screwed.
[ link to this | view in chronology ]
Re: Re: Re: Re:
"What all these data breaches are teaching us is that data is a toxic asset and saving it is dangerous."
Data that doesn't exist can't be leaked. A compromise could enable logging and exfiltration of future data, but cannot reveal historical data that was never stored. If data isn't useful to you, you should not be storing it.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
The problem is, news like these are about the only place the average person even hears about the existence of that page. I myself had forgotten I'd been there before to turn those settings off.
[ link to this | view in chronology ]
Re:
Is any of that available to people without Google accounts? I have do-not-track enabled, but I don't have or want a Google account so I can't see what they're collecting and am not aware of a way to limit it. Do they respect DNT? I have Google Analytics and Doubleclick blocked but I'm still worried. Some sites will embed Google maps or spreadsheets and I have no idea what Google records.
[ link to this | view in chronology ]