
Google will delete new accounts' data by default in 18 months - miles
https://www.wired.com/story/google-auto-delete-data/
======
pgrote
I know I am in the minority, but I like the feature of Google letting me know
when I've been somewhere in the past or if I have been to a site. I understand
the trade offs in terms or my privacy, but I see value in the way they use the
data to show me information.

~~~
chongli
In the old days of the web, before CSS became widespread, all links were blue
by default and turned purple when visited. Back then people would also
bookmark things and organize their bookmarks.

Somewhere along the line, we stopped caring about trying to manage our own
information and handed it over to big cloud companies like Google and
Facebook. Now we’re seeing the downsides of that tradeoff.

~~~
zaat
While I'm preety deep in the camp of those who don't want or let google save
their history, I didn't stop caring about managing my own information, I just
gave up. The amount of info I'm processing today is on a different scale than
it used to be on the good old days, and the tools we have - browser history
for instance - just didn't scale.

~~~
gentleman11
I wish we had a middle ground between browser history and favourites - just a
way to preferentially find something I’ve visited and tagged before by keyword
that works in the address bar. “What was the name of that one article Among
hundreds from 3 months ago about X...”

~~~
godtoldmetodoit
The Firefox address bar doesn't let you tag things by keyword afaik, but it is
pretty good at pulling up articles based on both their URL and title. It's
definitely improved my ability to go back and find stuff from a few weeks or
months back.

~~~
kroltan
You definitely can tag bookmarks in Firefox, and typing the tag will bring up
that item.

Adding a tag to bookmark:
[https://i.imgur.com/iVElOWb.png](https://i.imgur.com/iVElOWb.png)

Searching by tag:
[https://i.imgur.com/e3UmQDG.png](https://i.imgur.com/e3UmQDG.png)

I don't use any bookmark management addons, so this is definitely default
behaviour.

------
OminousWeapons
What irritates me about Google is they go to great lengths to tell you what
they don't do but they won't simply come out and tell you what they do
actually do. For example, I was reading the privacy policy involving
transferring Nest accounts to Google and they say "we absolutely do not use
your video or audio for advertising purposes". That's great, but it doesn't
tell me anything about other forms of data that could be used for advertising
(IP, usage data, whether I am inside the geofence or outside of it at a given
time, probe requests, Bluetooth data, device data, etc). I want companies to
come out and in clear language say "we collect X data streams, we try to
derive the following Y things about you from those X data streams
(demographics, whether you are home, other devices you own, etc), and we
create Z data products from those derivations which we sell to the following
types of companies. If you don't feel comfortable with that then don't use our
products." That is what a real commitment to transparency and privacy looks
like.

~~~
leokennis
If they loudly proclaim that they don’t use your audio or video for
advertising, I’d immediately presume that they do use everything else for
advertising.

If after an exam I would spontaneously say: “I absolutely did not cheat on
question 3 of the test!”, what would you assume I’d have done on questions 1
and 2?

~~~
bad_user
> _I’d immediately presume that they do use everything else for advertising._

For one that's illegal in the EU at least. Due to GDPR Google cannot use your
data for profiling without explicit consent.

Thinking about " _what they don 't tell you_" is how conspiracy theories work.
Such claims are either evidence based or they aren't.

And don't get me wrong, if you don't trust Google for whatever reason that's
fine, I just find your reasoning odd.

~~~
TeMPOraL
> _For one that 's illegal in the EU at least. Due to GDPR Google cannot use
> your data for profiling without explicit consent._

And presumably, EU users will get an extra consent screen going into details.
But as far as I know, this doesn't imply these details have to be the part of
the document called "privacy policy".

> _Thinking about "what they don't tell you" is how conspiracy theories work.
> Such claims are either evidence based or they aren't._

Absence of evidence is only weak evidence of absence, but it's still evidence.
In this case, you could call it "being suspiciously specific", which is a
known technique of lying by omission.

Privacy policies don't exist in a vacuum - they're formed by entities strongly
incentivized to make money every possible way that's not explicitly
illegal[0]. So a suspiciously specific privacy policy can be reasonably
considered worrisome, especially for a company known to make money off their
users' data.

Conspiracy theories are excessively using the "what they don't tell you"
reasoning, but that doesn't mean the reasoning itself is bad. It's just one
requiring finesse and a somewhat more complete picture of an issue at hand.
The best conspiracy theories are ones that balance this reasoning - any more,
and they'd be trivially debunked; any less, and nobody would find them
interesting.

\--

[0] - And some even achieve success by crossing the line into squarely illegal
behavior - see e.g. Uber.

~~~
toyg
_> EU users will get an extra consent screen going into details. _

That would explain the unescapable modal "These are our privacy terms" popup
that every Google service displays the first time you hit it with a fresh
browser...

Obviously nobody reads anything, they just click "Agree".

It's all so broken.

------
mgraczyk
One surprising thing I learned by working at these large companies (I worked
at Google for 2 years): User data older than ~90 days is essentially
worthless. Other companies that I am aware of essentially do not use such data
for anything except people management (teams with better historical metrics
can hire more, etc).

~~~
Viliam1234
> User data older than ~90 days is essentially worthless.

For an average user, sure. But suppose the user suddenly becomes e.g. an
important politician. Now having their history older than 90 days is
interesting.

Hard disks are cheap, you can keep everything and wait for the ticket that
wins the lottery. If you are a company like Google of Facebook, it is almost
guaranteed that you will have juicy material about most people who become
important in a few decades. In a few decades, any politician who says "anti-
trust" will immediately have their porn history or edgy things they wrote as a
teenager leaked to public.

~~~
mgraczyk
If anybody at Google even attempted to do this, that employee would be fired.

------
chintan
What about the "profile" (i.e. the model) of me that is created based on the
history? i.e.
[https://adssettings.google.com/authenticated?hl=en](https://adssettings.google.com/authenticated?hl=en)

I'd think thats more valuable - raw data would not really be necessary unless
they need to re-learn things.

~~~
adrianmonk
How useful would it be to target ads based on what you did 19+ months ago? If
you ignore privacy, it seems like the model needs to be based more on a moving
window of what's relevant to you now.

------
ALittleLight
Personally, I'll be retaining my data indefinitely. I like that they give this
option, but I've used the indefinitely retained data multiple times and never
been hurt by it, so far as I know.

I've used it for "When did we go there?" Type questions, or "What was the name
of that restaurant?" And also, just sitting down to look at the history and
see "What was I doing X years ago" brings back memories. I think it's neat to
see something like, I went to the theater three years ago? What did I see?
Ohhh, I bet it was X! I feel like it's something like an automated diary of my
life.

~~~
mleonhard
I want to keep this data, too. But I want to keep it on my own devices, in my
home, running software that I control. This option doesn't exist yet.

~~~
Avamander
Browsers are IMHO the biggest culprit, I really wish Chrome had an option to
have a longer memory of things like visited pages.

On the other hand, Chrome remembers some thing for far too long, sites that I
haven't visited for a long long time still exist in
chrome://settings/siteData?search=cookies+and+site which is rather annoying.

------
toyg
That just means their internal processes are now good enough to do all they
need to do in 3 months.

Otherwise they would have custom cut-off capabilities, and wouldn’t basically
force everyone to turn collection back on at every turn after you’ve disabled
it. I explicitly did it three times before giving up, as Assistant would turn
it back on every now and then. That’s when I decided I’ll make an effort not
to use any G service if I can avoid it.

------
mynegation
Alice (Imaginary VP of something at Google): hey, Bob, could you please plot
usefulness of data by creation date?

Bob: _sends the chart_

Alice: Carol, could you please chart the amount of data by creation date and
send me alongside with our storage costs?

Carol: _sends the information_

Alice: _does quick cost benefit calculation, fires up an email to Diane in PR_

Alice: here is how we spin it...

------
jtth
Data exhaust older than a month is not monetizable for them. This lets them
save space and seem nice while nothing changes.

~~~
themodelplumber
Your comment made me wonder how much cost this may save, in terms of storage,
maintenance, electricity, etc. Are we talking petabytes of storage? Could the
data include things like imagery or massive encapsulations?

~~~
el_nino
It's also buying good will with users and regulators since privacy became a
hot topic in recent times. Google decided to make it a default to delete any
data older than 3 or 18 months. This is a clear sign that even 3 month old
data has just marginal value, if any.

------
timsally
This is a step in the right direction but my question is what information
derived from your data do they retain? Getting rid of the raw data is great
but there are still serious privacy implications if they retain highly
sophisticated models trained on the data. The simplest example would be
retaining a feature vector of your face while deleting the raw photos.

~~~
bilal4hmed
agree with you. I have kept location data on, because its something I revisit
a lot, the other stuff is set to delete after 18 months. If I dont notice
anything different ill set it to 3 months.

The original post from Google had this line
[https://www.blog.google/technology/safety-
security/keeping-p...](https://www.blog.google/technology/safety-
security/keeping-private-information-private/)

"As always, we don’t sell your information to anyone, and we don’t use
information in apps where you primarily store personal content—such as Gmail,
Drive, Calendar and Photos—for advertising purposes, period."

~~~
ciarannolan
>"As always, we don’t sell your information to anyone, and we don’t use
information in apps where you primarily store personal content—such as Gmail,
Drive, Calendar and Photos—for advertising purposes, period."

Wait, what? Is this some weasel word soup going on?

I do not believe this for one second.

~~~
gipp
What about this is unbelievable to you?

~~~
ciarannolan
That the largest for-profit, personal data collection effort on earth would
not try to exploit data about email, calendars, photos, files, etc. to sell me
more stuff?

What about that is believable to you? You just take them at their word and
call it a day?

------
hughes
I find the location history feature in Google Maps immensely valuable. Is
there any way to run a similar self-hosted feature? I'd love to import my
existing timeline if possible.

~~~
Ao7bei3s
At least the data collection part is very easy to set up on Android and zero
maintenance afterwards:

Use GPSLogger[1] to record the position. It can auto-upload to pretty much
anything from DropBox to SFTP (FTP over SSH). It can auto-start on boot, run
in background, and rotate files daily. (If you do SFTP, use ForceCommand
internal-sftp in sshd_config to restrict the phone to file transfers.) No
excessive energy usage.

Use GPSMapper[2] to visualize the GPX files on phone, or
[https://www.gpxsee.org/](https://www.gpxsee.org/) on Linux (this tool works
well even with hundreds of GPX files loaded, unlike all others I've tried).

None of the viewers are really "nice" unfortunately.

If someone needs a side project idea, a personal location history visualizer
would be nice. All existing tools focus on individual tracks (eg day hikes),
there's nothing that does much useful when you dump a few years worth of
history into it. Actually most just freeze or crash. But there's so much that
could be done (performance, filtering by time, exporting/sharing specific
parts, postprocessing like removing outliers, correcting cut corners by
matching against a map, detecting places/businesses and hyperlinking to
services like AllTrails, visualizations like speed over time (this part is
common) but auto-detecting and showing this for all traces along the same
route (no software does this yet) (think "how fast was I on which part of my
commute each day over the past year"), multi user eg. family capability, etc.)

Of course even if viewers are limited today, one can still collect the data in
case someone writes a better viewer tomorrow ;-)

Google Takeout can export raw location history, and there are tools to convert
that standard GPX.

Only issue I have with GPSLogger is that the accuracy filter is not adaptive.
At a high value, you'll get outliers, at a low value, it won't record during
flights.

[1]
[https://play.google.com/store/apps/details?id=com.mendhak.gp...](https://play.google.com/store/apps/details?id=com.mendhak.gpslogger&hl=en_US)

[2]
[https://play.google.com/store/apps/details?id=com.mendhak.gp...](https://play.google.com/store/apps/details?id=com.mendhak.gpsvisualizer&hl=en_US)

------
partiallypro
This is only for new accounts, current accounts have to manually sign up for
this feature.

~~~
wwwwewwww
It makes sense, otherwise they'd be deleting user data without consent. Maybe
they could show an opt-in screen to every user pointing them to this setting.

------
jeena
I'm conflicted on this, it's kind of the worse of both worlds, they mark your
data as deleted in the database and you don't have access to it anymore but
they can keep using it indefinably as long as they don't fuck up and some
legislation forces them to delete it. So now only they have access to your
data but you don't anymore.

Anecdote: I was really happy about the data Google maps saved about me a
couple of weeks ago when I got a letter from the migration agency which asked
me to send in a list of my journeys abroad since 2017. The list was supposed
to have: date traveling out, date coming back, country and purpose. Last year
I was abroad 19 times and 126 of the 355 days, without Google maps collecting
the data in the background for me I would have no chance in hell to get it
right, and I guess the migration agency has access to this kind of data too so
they can double check if I was telling the truth or not.

But in 2018 when Google introduced the possibility to mark my data as deleted,
I clicked the button and lost the ability to see the data for 2017 and early
2018 which I really regretted now, because I needed to try to come up with
dates and countries according to photos on my phone which had GPS coordinates
and my DSLR which had just the dates.

~~~
zhengyi13
Internally, a lot of companies have a standard corporate damage-limiting
process that actively deletes old email. You can't have subpoena'd data you
really no longer possess. That's a (potentially significant) legal win.

OTOH, if you claim you've gotten rid of data to one party, and then another
party is able to dig that same data up in a legal proceeding, I expect the
first party might be upset, and seek compensation.

Quite apart from that, if you have metrics that show long tail data are
infrequently accessed, but _do_ take up an appreciable (and ever growing)
amount of resources, it's a OpEx/engineering win to actually get rid of that
on a proactive basis.

------
jdofaz
I have the impression that Privacy to Google only means that it is difficult
for a human to see your data. They don't see an issue with their software
using your data.

------
ipnon
The sincere take: It's better for big corporations to move towards more
privacy than less, even if it is not enough and they have a suspicious
history.

------
el_nino
> auto-delete activity and location every 18 months by default

Does this mean any data older than 3/18 months is deleted or that every 3/18
months they delete everything?

P.S. I assume that they may have already put a price on 3/18 month old data
and decided that by then it has lost enough of its value to make such a loss
worth it in order to buy a bit of good will from users and regulators alike.

~~~
bilal4hmed
The former, any data older than 3/18 months is deleted.

so if you set it up for 3 months today, then any data on and before 3/15/2020
will be deleted

------
renewiltord
Do I have to do anything to ensure this stuff doesn't get deleted for me? I
really like Timeline and don't want it truncated.

It looks like I have to do nothing but I'm not sure.

------
seesawtron
This is a great discussion forum to surgically point out the flaws and
hypocrisy of big players in the tech, especially on privacy. However, do you
think Google (or any other big firm) executives look at discussions in Hacker
News to improve their future policies? What could we do more than just having
a discussion on these issues that we see everyday? Opting out of Google is
sadly too painful to be a viable option.

------
aboringusername
If Google cared about privacy, they would have detailed guidance on how to let
an individual opt-out of every single google data collection point, including:

analytics, recaptcha, fonts, JS libraries.

Except they've inserted themselves at _every_ layer, to the point where you
can't avoid your data going via Amazon/MS/Google.

Just the way the US wanted it :)

------
2OEH8eoCRo0
Do they use your data to train an algorithm and "simulate" what you like? Toss
the data afterwards.

I'm a machine learning noob but it feels like they could train a vague
representation of you with your data to throw products or sites against and
get a thumbs up or down.

------
m0zg
The only three choices are: 18 months, 3 months, nothing. So I choose nothing.
How about 2 weeks, Google? I'd enable if you promise to delete after 2 weeks.
It's all you need for ad serving anyway.

------
optimaton
Not a popular opinion, but I have a feeling that this is going to quickly go
from _your privacy is our responsibility_ to _gatekeeping is virtuous, so we
won’t let you do that_.

------
Weryj
My guess is that Google determined that old data with such granularity just
isn't that important to keep around.

------
ndesaulniers
myaccount.google.com -> Data & Personalization -> Manage Your Activity
Controls -> Auto-delete

Note: there's multiple auto-delete's to select, one for Web & App Activity,
Location History, Youtube history.

------
ogre_codes
This is an easy give-away for Google, they are essentially giving users the
option to automatically delete data which has no value to Google themselves.
This isn't really a win for consumers and privacy at all.

------
NewEntryHN
Well I want to keep my data basically forever. I just don't want Google to
have a copy of it. Possibly what is happening here is the exact opposite.

~~~
pwaivers
It's difficult to have both, no?

------
bad_user
You can also disable the collection of data completely, or delete the data
automatically after 3 months. The later is what I now do.

People freak out about what they see in the Google profile, but you have to
give them credit for being transparent about it, even before GDPR came into
effect.

------
zelly
So it takes 18 months for G to train their models. Good to know.

------
codegladiator
Oh I hope so. I don't believe it will.

------
Retric
The article contradicts the headline. _Existing accounts, though, will still
need to proactively turn on the feature_

Presumably, the overwhelming majority of HN users already have an account.

~~~
tgsovlerkhgsel
The title was also carefully worded to leave out _what_ data, making people
worry that data they want to keep (e.g. their mail/photos/Drive files) will be
deleted, just to get the click...

------
megamindbrian2
Hackernews should do this too.

------
ed25519FUUU
A friendly reminder that the US government can read your emails without a
warrant if they've been stored on a server for longer than 6 months.

[https://www.propublica.org/article/no-warrant-no-problem-
how...](https://www.propublica.org/article/no-warrant-no-problem-how-the-
government-can-still-get-your-digital-data)

~~~
tantalor
> they can obtain opened email as well as unopened emails that are at least
> 180 days old with only a subpoena as long as they notify the customer whose
> email they've requested

This seems to contradict "the right of the people to be secure in their
persons, houses, papers, and effects, against unreasonable searches and
seizures, shall not be violated, and no Warrants shall issue, but upon
probable cause, supported by Oath or affirmation, and particularly describing
the place to be searched, and the persons or things to be seized"

------
justicezyx
I liked Sundar somewhat when I was at Google, after he shortly become CEO,
until 2019 I left.

Looking back, I always felt something missing when I think of him, in
comparison to Larry Page.

Right at this moment, it felt to me that Sundar is meant to be another typical
professional manager for a "conventional company". The primary issue is that
he, like other manager, lacks the inert urgency for their task.

Apple has been playing the privacy card at least 2 years ago. That by itself
threatens Google at its core. Yet I never see the decisiveness in rethinking
Google's identity; it was always reactionary, 2nd timed, backward looking...

Google is about to decline. Hopefully that will be something like the 90s'
microsoft, and waiting for next revival...

