EBGAP: Error Between Google and Privacy
The year is 2031, and I'm going to see Avengers 7 in 8K-vision. I hop in my Goober self-driving car and notice something strange – my location is displayed on the Goober Dashboard, even though I opted out of Google AlwaysTrack™! There's a complete disconnect between what the user interface is telling me and what actually happens without my knowledge or consent.
Yesterday's Associated Press exposé by Ryan Nakashima is the 2018 version of this scenario. When people turn off Google "Location History" they, predictably, expect their location history to be turned off. Google, with its insatiable hunger for data, has designed location tracking to be much more invasive than that.
As it turns out, even digging through menu settings is not enough to keep your location private from Google. This prompted K. Shankari, a graduate researcher at UC Berkeley, to start asking tough questions about what exactly is tracked and when. The answer is anything but straightforward, as Princeton researcher Gunes Acar verified for AP when he mapped out Google's record of his travels.
The fact that there are a variety of ways for Google to track a user's location after they toggle "Location History" off is no surprise to privacy advocates and hackers. The problem is especially tangible on Android devices, where Google tracking software is fundamentally baked into the operating system, a layer of surveillance running on top of Free Software.
Android handsets were designed to gobble up information from the outset. With its purchase of Android, the Google ad behemoth hoped to fill its coffers with sensor data from millions of smart devices. Those devices now number in the billions. Android is the world's most pervasive operating system, by an order of magnitude from its nearest competitor, Apple iOS.
During Yale Privacy Lab workshops, we consider stock versions of Android and iOS a lost cause. Most consumer smartphones are untenable as privacy-respecting devices, with modifications requiring a steeper learning curve than we can cover in a reasonable time.
It's still far too impractical to flash a phone or tablet with alternative versions of Android. The most secure version I know is only available for a few handsets. "Jailbreaking" iPhones can be problematic from a privacy and security perspective, and many Android phones require risky hacking that can take hours and might "brick" the device if not done correctly.
Replacements for the spies in our pockets, like the GNU/Linux-powered Librem phone, are on the horizon. Carriers will continue to tie cellphone purchases to service contracts, however, and the grip of Android and Apple phones in the U.S. certainly seems ironclad.
So, what can be done as a stop-gap measure, besides throwing out your phone? Avoiding apps that require location permissions is a start. People can also try the steps outlined by AP to limit location tracking.
Since Google Play is incredibly polluted, Android users should replace it with the Free Software "app store" F-Droid. If people do want apps from Google Play, they can download them via the Yalp Store app, which now has Exodus Privacy's excellent scanner built in.
It's easy to dismiss the "Location History" issue as something that people should have already known and understood. I'm already bracing for the articles that say, "No one should have expected a magic button to actually stop location tracking." Perhaps even privacy experts will agree with proponents of the ad-based information economy on that point. A few days working with people stuck in the depths of the Digital Divide would flip that perspective.
Google's responses about this issue have not been encouraging, and the company dismisses any concerns about "Location History" as confusion on the part of users and reporters. Fears of location tracking may contribute to the fallout in the European Union, where Google is already facing $5 billion in fines for Android anti-trust violations.
Whether or not Google's location tracking runs afoul of the EU's new GDPR regulation remains to be seen. To me, it's clear that Google does not require the same "affirmative consent" it seeks from Android developers who ship apps via Google Play. Worse, Google seems to have learned nothing from last year's location scandal.
The furor over the "Location History" toggle is an encouraging sign for advocates of digital privacy and software freedom. Every time a news story exposes a little more of the seedy underbelly of surveillance capitalism, more fuel is added to the fire of dissent. As journalists get more savvy and informed about surveillance, they're reaching bigger and bigger crowds of privacy-conscious people.
Appearing at Yale Law School last year, Eben Moglen reminded us, "This isn’t over yet." Who knows? Maybe 2031 will be a better year than 2018, and Google won't try to sell us a toggle button as privacy panacea.
Sean O'Brien is a lecturer at Yale Law School and leads Yale Privacy Lab, an initiative of the Information Society Project.
Unsealed court documents reveal that Facebook knew kids were being tricked into spending thousands of dollars on their parents' credit cards
In 2012, Facebook settled a class-action suit with parents who claimed that their kids were being tricked into spending real money on game items, thinking they were spending virtual in-game currency; the parents said that Facebook had structured its system to allow kids to use their parents' credit cards without the parents' intervention, unlike competitors […]
Once-iconic American retailer Sears (owned by Sears Holdings Corporation) will not die a bankruptcy liquidation death after all. Chairman Eddie Lampert today won a bankruptcy auction to purchase the company’s assets, after presenting an upped offer of $5.2 billion, Sears said Thursday.
Pacific Gas and Electric has gone from Wall Street darling to bankruptcy, thanks to the $30 billion in liability from the fires that were started in California by its power-lines.
These days, there isn’t much our iPhone camera can’t do – except feel like an actual phone. Despite years of steadily increasing resolution and image sensing technology, we’re still taking shots awkwardly with two hands, fumbling for the shutter button. Leave it to an avid photographer to design Shuttercase, a versatile iPhone case that solves […]
Still determined to keep those New Year’s health resolutions? If you’re going to stick with the exercise plan, it’s enough of a challenge to budget your time. No need for your financial budget to take a hit, too. Here’s a more convenient – and cheaper – alternative to a gym membership or Peloton bike: Two […]
Want a career in web design? It’s true that these days, most anyone can throw up a page or two. But for true workhorse web design, you’ll sometimes need to match the platform to the project. Enter the Complete Front-End Developer Bundle, an educational grand tour around the best tools for the web. For beginners, […]