EBGAP: Error Between Google and Privacy
The year is 2031, and I'm going to see Avengers 7 in 8K-vision. I hop in my Goober self-driving car and notice something strange – my location is displayed on the Goober Dashboard, even though I opted out of Google AlwaysTrack™! There's a complete disconnect between what the user interface is telling me and what actually happens without my knowledge or consent.
Yesterday's Associated Press exposé by Ryan Nakashima is the 2018 version of this scenario. When people turn off Google "Location History" they, predictably, expect their location history to be turned off. Google, with its insatiable hunger for data, has designed location tracking to be much more invasive than that.
As it turns out, even digging through menu settings is not enough to keep your location private from Google. This prompted K. Shankari, a graduate researcher at UC Berkeley, to start asking tough questions about what exactly is tracked and when. The answer is anything but straightforward, as Princeton researcher Gunes Acar verified for AP when he mapped out Google's record of his travels.
The fact that there are a variety of ways for Google to track a user's location after they toggle "Location History" off is no surprise to privacy advocates and hackers. The problem is especially tangible on Android devices, where Google tracking software is fundamentally baked into the operating system, a layer of surveillance running on top of Free Software.
Android handsets were designed to gobble up information from the outset. With its purchase of Android, the Google ad behemoth hoped to fill its coffers with sensor data from millions of smart devices. Those devices now number in the billions. Android is the world's most pervasive operating system, by an order of magnitude from its nearest competitor, Apple iOS.
During Yale Privacy Lab workshops, we consider stock versions of Android and iOS a lost cause. Most consumer smartphones are untenable as privacy-respecting devices, with modifications requiring a steeper learning curve than we can cover in a reasonable time.
It's still far too impractical to flash a phone or tablet with alternative versions of Android. The most secure version I know is only available for a few handsets. "Jailbreaking" iPhones can be problematic from a privacy and security perspective, and many Android phones require risky hacking that can take hours and might "brick" the device if not done correctly.
Replacements for the spies in our pockets, like the GNU/Linux-powered Librem phone, are on the horizon. Carriers will continue to tie cellphone purchases to service contracts, however, and the grip of Android and Apple phones in the U.S. certainly seems ironclad.
So, what can be done as a stop-gap measure, besides throwing out your phone? Avoiding apps that require location permissions is a start. People can also try the steps outlined by AP to limit location tracking.
Since Google Play is incredibly polluted, Android users should replace it with the Free Software "app store" F-Droid. If people do want apps from Google Play, they can download them via the Yalp Store app, which now has Exodus Privacy's excellent scanner built in.
It's easy to dismiss the "Location History" issue as something that people should have already known and understood. I'm already bracing for the articles that say, "No one should have expected a magic button to actually stop location tracking." Perhaps even privacy experts will agree with proponents of the ad-based information economy on that point. A few days working with people stuck in the depths of the Digital Divide would flip that perspective.
Google's responses about this issue have not been encouraging, and the company dismisses any concerns about "Location History" as confusion on the part of users and reporters. Fears of location tracking may contribute to the fallout in the European Union, where Google is already facing $5 billion in fines for Android anti-trust violations.
Whether or not Google's location tracking runs afoul of the EU's new GDPR regulation remains to be seen. To me, it's clear that Google does not require the same "affirmative consent" it seeks from Android developers who ship apps via Google Play. Worse, Google seems to have learned nothing from last year's location scandal.
The furor over the "Location History" toggle is an encouraging sign for advocates of digital privacy and software freedom. Every time a news story exposes a little more of the seedy underbelly of surveillance capitalism, more fuel is added to the fire of dissent. As journalists get more savvy and informed about surveillance, they're reaching bigger and bigger crowds of privacy-conscious people.
Appearing at Yale Law School last year, Eben Moglen reminded us, "This isn’t over yet." Who knows? Maybe 2031 will be a better year than 2018, and Google won't try to sell us a toggle button as privacy panacea.
Sean O'Brien is a lecturer at Yale Law School and leads Yale Privacy Lab, an initiative of the Information Society Project.
A new study reported in Nature (Sci-Hub mirror) tracks down the origins of the mysterious rise in CFC-11, a banned ozone-depleting greenhouse gas whose rise was first reported a year ago, and blames the increase on manufacturing in eastern China.
Mark Zuckerberg offered to let Chinese premier Xi Jinping name his firstborn (seriously), Apple purged the Chinese App Store of privacy tools at the request of the politburo; Google secretly built a censoring search-engine for use in China, but America's Big Tech companies are sounding the alarm that they will no longer be able to […]
Mountain View -- home to some of Silicon Valley's most profitable companies, including Google -- is one of the most expensive places in the world to live, thanks to the sky-high wages commanded by techies, who have gone on to bid up all the real-estate in the region.
If you’re into tools or gadgets, Memorial Day weekend is your Christmas. Take an extra 15% off the final price of these DIY accessories – all of which are already on sale – by entering the promo code WEEKEND15. LUXJET Universal 24-in-1 Magnetic Screwdriver Set & Repair Kit This small but sturdy kit won the […]
If you can build a cloud infrastructure, you can build a business. Companies are overwhelmingly turning to cloud computing to set up or bolster their network, and it’s easy to see why. It allows on-demand access to processing power, a la carte services, and nearly unlimited storage, all without adding extra systems and the maintenance […]
Does your gaming setup need an upgrade? No need to wait for Christmas. We’ve rounded up the latest tech accessories for your favorite video game platforms. All of them are already sale priced, but you can knock an additional 15% off the final price for Memorial Day by using the online code WEEKEND15. Audeze Mobius […]