EBGAP: Error Between Google and Privacy
The year is 2031, and I'm going to see Avengers 7 in 8K-vision. I hop in my Goober self-driving car and notice something strange – my location is displayed on the Goober Dashboard, even though I opted out of Google AlwaysTrack™! There's a complete disconnect between what the user interface is telling me and what actually happens without my knowledge or consent.
Yesterday's Associated Press exposé by Ryan Nakashima is the 2018 version of this scenario. When people turn off Google "Location History" they, predictably, expect their location history to be turned off. Google, with its insatiable hunger for data, has designed location tracking to be much more invasive than that.
As it turns out, even digging through menu settings is not enough to keep your location private from Google. This prompted K. Shankari, a graduate researcher at UC Berkeley, to start asking tough questions about what exactly is tracked and when. The answer is anything but straightforward, as Princeton researcher Gunes Acar verified for AP when he mapped out Google's record of his travels.
The fact that there are a variety of ways for Google to track a user's location after they toggle "Location History" off is no surprise to privacy advocates and hackers. The problem is especially tangible on Android devices, where Google tracking software is fundamentally baked into the operating system, a layer of surveillance running on top of Free Software.
Android handsets were designed to gobble up information from the outset. With its purchase of Android, the Google ad behemoth hoped to fill its coffers with sensor data from millions of smart devices. Those devices now number in the billions. Android is the world's most pervasive operating system, by an order of magnitude from its nearest competitor, Apple iOS.
During Yale Privacy Lab workshops, we consider stock versions of Android and iOS a lost cause. Most consumer smartphones are untenable as privacy-respecting devices, with modifications requiring a steeper learning curve than we can cover in a reasonable time.
It's still far too impractical to flash a phone or tablet with alternative versions of Android. The most secure version I know is only available for a few handsets. "Jailbreaking" iPhones can be problematic from a privacy and security perspective, and many Android phones require risky hacking that can take hours and might "brick" the device if not done correctly.
Replacements for the spies in our pockets, like the GNU/Linux-powered Librem phone, are on the horizon. Carriers will continue to tie cellphone purchases to service contracts, however, and the grip of Android and Apple phones in the U.S. certainly seems ironclad.
So, what can be done as a stop-gap measure, besides throwing out your phone? Avoiding apps that require location permissions is a start. People can also try the steps outlined by AP to limit location tracking.
Since Google Play is incredibly polluted, Android users should replace it with the Free Software "app store" F-Droid. If people do want apps from Google Play, they can download them via the Yalp Store app, which now has Exodus Privacy's excellent scanner built in.
It's easy to dismiss the "Location History" issue as something that people should have already known and understood. I'm already bracing for the articles that say, "No one should have expected a magic button to actually stop location tracking." Perhaps even privacy experts will agree with proponents of the ad-based information economy on that point. A few days working with people stuck in the depths of the Digital Divide would flip that perspective.
Google's responses about this issue have not been encouraging, and the company dismisses any concerns about "Location History" as confusion on the part of users and reporters. Fears of location tracking may contribute to the fallout in the European Union, where Google is already facing $5 billion in fines for Android anti-trust violations.
Whether or not Google's location tracking runs afoul of the EU's new GDPR regulation remains to be seen. To me, it's clear that Google does not require the same "affirmative consent" it seeks from Android developers who ship apps via Google Play. Worse, Google seems to have learned nothing from last year's location scandal.
The furor over the "Location History" toggle is an encouraging sign for advocates of digital privacy and software freedom. Every time a news story exposes a little more of the seedy underbelly of surveillance capitalism, more fuel is added to the fire of dissent. As journalists get more savvy and informed about surveillance, they're reaching bigger and bigger crowds of privacy-conscious people.
Appearing at Yale Law School last year, Eben Moglen reminded us, "This isn’t over yet." Who knows? Maybe 2031 will be a better year than 2018, and Google won't try to sell us a toggle button as privacy panacea.
Sean O'Brien is a lecturer at Yale Law School and leads Yale Privacy Lab, an initiative of the Information Society Project.
Writing in The Journal of Health Economics, three economists claim (Sci Hub mirror) that "a one standard deviation reduction in daily stock market returns is associated with a 0.6% increase in fatal car accidents that happen after the stock market opening" and that this is robust across "a battery of falsification tests."
First Canada Wuhan virus case confirmed, more than 1,400 people worldwide now infected with 2019-nCoV
On Saturday, the government health ministry of Canada reported the first presumed case in Canada of a patient with the so-called Wuhan virus, officially known as Novel Coronavirus 2019-nCoV.
Google’s recently announced new redesign of desktop search results would have made ads pretty much look exactly like search results. Google is now backtracking, listening to the criticism, and trying a different visual approach.
There’s never been a better time to work as a web developer—regardless of whether you’re looking to work with a big company or as a solo freelancer. The Essential PHP Coding Bundle will get you up to speed with one of the world’s most popular and powerful web development scripting languages, and it’s currently available […]
There’s overwhelming support for clean energy, and the planet is giving us more reasons to invest in renewable power sources with every passing year. Even in the most inhospitable areas, wind and solar can provide a good chunk of our power, if not all of it. So why aren’t we all taking advantage of it? […]
It’s no secret that learning about data analytics is one of the best things you can do for your career in an increasingly data-driven world. Through five courses and over 70 lessons, the Data Analytics Expert Certification Bundle will give you the skills you need in order to become your company’s go-to numbers guru, and […]