EBGAP: Error Between Google and Privacy
The year is 2031, and I'm going to see Avengers 7 in 8K-vision. I hop in my Goober self-driving car and notice something strange – my location is displayed on the Goober Dashboard, even though I opted out of Google AlwaysTrack™! There's a complete disconnect between what the user interface is telling me and what actually happens without my knowledge or consent.
Yesterday's Associated Press exposé by Ryan Nakashima is the 2018 version of this scenario. When people turn off Google "Location History" they, predictably, expect their location history to be turned off. Google, with its insatiable hunger for data, has designed location tracking to be much more invasive than that.
As it turns out, even digging through menu settings is not enough to keep your location private from Google. This prompted K. Shankari, a graduate researcher at UC Berkeley, to start asking tough questions about what exactly is tracked and when. The answer is anything but straightforward, as Princeton researcher Gunes Acar verified for AP when he mapped out Google's record of his travels.
The fact that there are a variety of ways for Google to track a user's location after they toggle "Location History" off is no surprise to privacy advocates and hackers. The problem is especially tangible on Android devices, where Google tracking software is fundamentally baked into the operating system, a layer of surveillance running on top of Free Software.
Android handsets were designed to gobble up information from the outset. With its purchase of Android, the Google ad behemoth hoped to fill its coffers with sensor data from millions of smart devices. Those devices now number in the billions. Android is the world's most pervasive operating system, by an order of magnitude from its nearest competitor, Apple iOS.
During Yale Privacy Lab workshops, we consider stock versions of Android and iOS a lost cause. Most consumer smartphones are untenable as privacy-respecting devices, with modifications requiring a steeper learning curve than we can cover in a reasonable time.
It's still far too impractical to flash a phone or tablet with alternative versions of Android. The most secure version I know is only available for a few handsets. "Jailbreaking" iPhones can be problematic from a privacy and security perspective, and many Android phones require risky hacking that can take hours and might "brick" the device if not done correctly.
Replacements for the spies in our pockets, like the GNU/Linux-powered Librem phone, are on the horizon. Carriers will continue to tie cellphone purchases to service contracts, however, and the grip of Android and Apple phones in the U.S. certainly seems ironclad.
So, what can be done as a stop-gap measure, besides throwing out your phone? Avoiding apps that require location permissions is a start. People can also try the steps outlined by AP to limit location tracking.
Since Google Play is incredibly polluted, Android users should replace it with the Free Software "app store" F-Droid. If people do want apps from Google Play, they can download them via the Yalp Store app, which now has Exodus Privacy's excellent scanner built in.
It's easy to dismiss the "Location History" issue as something that people should have already known and understood. I'm already bracing for the articles that say, "No one should have expected a magic button to actually stop location tracking." Perhaps even privacy experts will agree with proponents of the ad-based information economy on that point. A few days working with people stuck in the depths of the Digital Divide would flip that perspective.
Google's responses about this issue have not been encouraging, and the company dismisses any concerns about "Location History" as confusion on the part of users and reporters. Fears of location tracking may contribute to the fallout in the European Union, where Google is already facing $5 billion in fines for Android anti-trust violations.
Whether or not Google's location tracking runs afoul of the EU's new GDPR regulation remains to be seen. To me, it's clear that Google does not require the same "affirmative consent" it seeks from Android developers who ship apps via Google Play. Worse, Google seems to have learned nothing from last year's location scandal.
The furor over the "Location History" toggle is an encouraging sign for advocates of digital privacy and software freedom. Every time a news story exposes a little more of the seedy underbelly of surveillance capitalism, more fuel is added to the fire of dissent. As journalists get more savvy and informed about surveillance, they're reaching bigger and bigger crowds of privacy-conscious people.
Appearing at Yale Law School last year, Eben Moglen reminded us, "This isn’t over yet." Who knows? Maybe 2031 will be a better year than 2018, and Google won't try to sell us a toggle button as privacy panacea.
Sean O'Brien is a lecturer at Yale Law School and leads Yale Privacy Lab, an initiative of the Information Society Project.
The China Law Blog (previously) reports on the kinds of questions that western businesses operating in China are raising; China's serious economic downturn and rising authoritarianism have turned the site's normally businesslike posts into a glimpse of a kind of cyberpunk stranger-than-fiction dystopia (for example).
Not everything is legal in New Jersey: Uber has to pay the state of New Jersey $650m in unemployment and disability tax for the employee drivers that it pretended were contractors. Uber is appealing. It will lose. Uber drivers in Jersey are now entitled to unemployment insurance. (via /.) (Image: Quotecatalog, Ervins Strauhmanis, CC BY, […]
Mysterious Galaxy is a wonderful, longstanding science fiction bookstore, host to readings for the Clarion Workshop, designated bookseller for Comic-Con signings, and much more.
If you’re doing any kind of data work, chances are you’re working in Excel. This venerable platform has evolved beyond its roots as a workhorse spreadsheet creator into an essential tool for data analysts and other high-level number crunchers. Want to brush up on this year’s version of the software? There’s no quicker way than […]
Does your computer gear need an upgrade? Don’t cross your fingers and wait for Christmas. You can get 15% off the final sale price of all these essential accessories now by using the online code BFSAVE15, including gaming mice and computer desks. Wireless Charging Mouse Pad Talk about a space saver. This high-quality mouse pad […]
WordPress is a fantastic tool for building web pages – if you know how to use it. Even with all the accessibility, a lot of the deeper features of WordPress are lost in translation to the average user. Enter WP Page Builder, a tool that not only makes WordPress site design easy but also more […]