Has Google ever disclosed exactly what data they collect, what they do with it, who can look at it, etc? We "know" that Google takes privacy "seriously", but that is a faith based position.
And I can't vouch for all of Google, but regarding location data, Google has been pretty transparent regarding which data is collected and stored; papers like NYT covered it extensively - see [1].
And Google also gives you clear ways to delete this data, as referenced in that NYT article [2].
And moreover, Google has been consistently on track to store less private data. Example: location data is going to be auto-deleted for users that want that, as of this month[3]. Maps now gets an incognito mode[4].
>but that is a faith based position.
Hope the links I referenced will help dispel this notion. Google does take privacy seriously.
(Disclaimer: I work for Google. The opinions expressed here are mine and not of my employer; etc - what I said is public knowledge.).
> And I can't vouch for all of Google, but regarding location data, Google has been pretty transparent regarding which data is collected and stored; papers like NYT covered it extensively - see [1].
How did you read that article and come away with the conclusion that Google has been "pretty transparent". The story was written after more than a year of other news outlets reporting on law enforcement using Google's location data to fish for suspects. Google has been providing this data for at least two years before the Times reported on it [0].
> And moreover, Google has been consistently on track to store less private data.
Such as credit card transaction data collected without most people's knowledge [1] or location data after you've explicitly told it not to [2]?
Technology companies need to understand that both words "informed consent" are important. We currently have very little in the way of choices when it comes to data collection. It is simply not possible to opt-out anymore without tremendous effort and personal cost. I like this quote from Maciej Ceglowski:
"A characteristic of this new world of ambient surveillance is that we cannot opt out of it, any more than we might opt out of automobile culture by refusing to drive. However sincere our commitment to walking, the world around us would still be a world built for cars. We would still have to contend with roads, traffic jams, air pollution, and run the risk of being hit by a bus. Similarly, while it is possible in principle to throw one’s laptop into the sea and renounce all technology, it is no longer be possible to opt out of a surveillance society."
A big push towards openness and privacy has happened over the last year.
On an individual level, I don't think it's hard to opt out of Google's tracking.
I won't argue with Maciej's quote, though, because, just like with automobiles, people will still opt into the surveillance society willingly: because the utility it brings them outweighs other considerations.
Ask people if they want to be tracked at all times, and they'll say "no".
Ask people if they want to be able to locate their phone when they lose it, and their answer might be different.
Ask them if they'd want be able to cal 911 and ask to come and help them even if they aren't sure where they are, and you'll get a different distribution of answers again.
In the latter case, lack of "surveillance" is seen as a "tragic shortfall" [0], and adding it is a "feature"[1].
So see, it's not the surveillance per se that people object to. It's implementation details. Welcome to Ceglowski's world.
Two of them are more than a year old, but the practices described in each are ongoing. The third, which describes Google's tracking of users after they've specifically opted not to be tracked is from nine months ago.
> A big push towards openness and privacy has happened over the last year.
After literally a decade of constructing what is very likely the largest database of personal information in the world. Since the late 2000s, when Google purchased DoubleClick, it has worked to collect information without the informed consent of its users. What fraction of your users know that Google purchases their credit card transaction histories?
What is the "big push"? The only things I can think of were the opt-in auto-deletion of a subset of data announced over the last week or two. All the user has to do is pay attention to the tech press, then remember to activate the feature when it launches at an unspecified future date!
What is this "openness"? Working on a censored search engine for China without informing their own head of security?
> ...people will still opt into the surveillance society willingly: because the utility it brings them outweighs other considerations.
Sure, they absolutely do. There can be significant utility gains from large collections of information. But much of the utility could be gained from information collected in a anonymity-protecting matter. In order to have traffic information, for example, Google doesn't need to continuously track your location history.
> Ask people if they want to be tracked at all times, and they'll say "no". Ask people if they want to be able to locate their phone when they lose it, and their answer might be different.
And neither of these require surveillance. The phone could be located either by returning its location on command, or by uploading encrypted location data which only the user has the key to. Whatsapp, for example, shows that end-to-end encryption can be seamlessly integrated.
> Ask them if they'd want be able to cal 911 and ask to come and help them even if they aren't sure where they are, and you'll get a different distribution of answers again.
>
> In the latter case, lack of "surveillance" is seen as a "tragic shortfall" [0], and adding it is a "feature"[1].
Once again, this does not require ubiquitous surveillance, and it is misleading, at best, to imply that it does. Do you really not see the difference between location data provided to assist emergency response from a 911 caller and continuous location monitoring so that Google can serve more profitable ads?
Pre-Disclaimer: I don't mean to only pick on Google here, it applies to any company that collects such a vast amount of personal data on users. Also.. nothing personal :)
>Actually, Google has.
In extremely vague terms, yes. I want to see an itemized list.
For e.g. At company X, this is what we collect:
1) Your Name, age, location, DOB.
2) Your location is sent to COmpany X every 10 minutes
3) Your IP is tracked per-session
4) All this data is linked to your profile
5) Any thing you type in the search bar is sent to a company X server
6) After anonymizing (if we do it) this is what your data looks like
7) We never delete any of the above for the following reasons
etc,etc,etc
>And moreover, Google has been consistently on track to store less private data.
The default should be zero/as little as possible collection of data. From what you've said it seems like people can opt-out of some data collection, but its vague as to the specific nature of what data is still being collected versus what isn't.
>Hope the links I referenced will help dispel this notion. Google does take privacy seriously.
Unfortunately they don't. I won't dispute your second claim.
> The default should be zero/as little as possible collection of data.
Really? What about telemetry for self-driving cars? Is it immoral to develop a system that leads to less blunt trauma and death on roads? We (HN users, I don't work for any of these companies) can define your term "as little as possible" about like you seem to define parent's term "seriously". The point being that such adjectives are difficult to pin down but also difficult to avoid. Define "difficult" however you see fit.
They own the cars so they can track them all they want.
Tracking me all over the place after I click the "Do Not Track Me" button isn't acceptable.
> Is it immoral to develop a system that leads to less blunt trauma and death on roads?
It quite could be. Just as we humans decided to not use the scientific research generated by the Nazis on unwilling human subjects there are definite limits to what is acceptable even if the overall benefits are huge.
Collectively, we did no such thing. Many individual researchers and journals refused to use Nazi research, but many felt that it was unethical not to use it if it could save lives. In particular, I believe that the results of Nazi hypeothermia experiments were extensively used after the war. It's certainly not a cut-and-dry problem with an obvious ethical answer.
Facebook has their privacy policy too. So what? Even if all the listed policies are followed, even if they don't have loopholes (and they almost certainly do), Google still collects and retains metric fuckton of information that isn't necessary to provide the actual services it provides. The NYT article is great demonstration. And there is very little oversight around this.
Thanks for linking to the policy document. They have this convenient line that allows them to do anything.
"We provide personal information to our affiliates and other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures."
>It's all here, and you can delete it (including batch delete by period or source)
That scratches the surface, but an iceburg hides underneath. For one, how do we know its all the data? For another, there is no indication as to who has seen it or how Google uses it. That is my point. Google has never detailed those things..I suppose for legal reasons. A user has a right to know exactly what they are trading with Google in exchange for free services. They can then make up their own mind if they think its worth it. I'm just picking on Google here, because its a soft target, but it should apply to any service. We need new privacy regulations to formalize this.
Sounds like they just needed to spin up one "affiliate" and provide the data to that for data mining / etc purposes.
Anyone deleting the data "Google" holds would have zero effect on the affiliate, while giving some people the feeling Google was doing the right thing.
So they claim, but I don't know why anyone should trust them about that.
Aside from that, though, what about the data collected from me? I have no Google account, but they're collecting data from me anyway. Same as Facebook.
