
Facebook is in the privacy spotlight but should Google be next - randomerr
http://www.afr.com/technology/social-media/google/facebook-is-in-the-privacy-spotlight-but-should-google-be-next-20180412-h0ynog
======
notacoward
Google is on the list, but I'm going to break away from the flock and say they
shouldn't be _next_. Credit agencies and data brokers, who facilitate the
worst kinds of third-party privacy violation and about whom most people know
very little, should go next. Then the government itself. _Then_ Google, and
then Amazon.

BTW, if you want to have some fun, just try to imagine that the the
government's interest in Facebook's data practices is not so much to regulate
it as to _copy_ it - either for the government itself or for election
campaigns. IMO that makes a lot of their otherwise nonsensical or inconsistent
behavior much more understandable. Creepy. They totally want to know more
about us than Facebook and Google put together; they just don't know how.

~~~
bilbo0s
"...Google is on the list, but I'm going to break away from the flock and say
they shouldn't be next. Credit agencies and data brokers ... should go next...

Why can't it be both?

Serious question.

~~~
phonebucket
"Why can't it be both?"

In fairness to the OP, the notion of someone being next is coming from the
headline, not the comment.

------
alecco
Google is more dangerous than Facebook. In the later you usually have a
persona you pretend to be. But Google knows you better than yourself. You
can’t lie to Google. Is your teenage daughter pregnant? Do you have a disease
that is socially rejected? Do you want to have an abortion? Are those pimples
in your groin an STD? Are you secretly looking for another job? Google
probably knows that before you do. And their business plan is making money out
of that information.

And let’s never forget Eric Schmidt:

[http://precursorblog.com/?q=content/googles-top-ten-anti-
pri...](http://precursorblog.com/?q=content/googles-top-ten-anti-privacy-
quotes-part-3-googles-own-words-series)

"If you have something that you don't want anyone to know, maybe you shouldn't
be doing it in the first place;"

Google Chairman Eric Schmidt told CNBC's Maria Bartiromo 12-7-09.

The "Google policy is to get right up to the creepy line and not cross it;"

Said Google Chairman Eric Schmidt 10-1-10 per the Atlantic.

"Show us 14 photos of yourself and we can identify who you are;"

Google Chairman Eric Schmidt told the 2010 Techonomy conference.

"We know where you are. We know where you've been. We can more or less know
what you're thinking about;"

Google Chairman Eric Schmidt 10-1-10 per the Atlantic.

"It's a future where you don't forget anything…"In this new future you're
never lost...We will know your position down to the foot and down to the inch
over time;"

Explained Google Chairman Eric Schmidt at TechCrunch, 9-28-10.

"No harm, no foul;" Concerning Google's unauthorized collection of WiFi
signals from tens of millions of homes in 33 countries over three years,
Google Chairman Eric Schmidt told the Times of London in May 2010.

~~~
dvfjsdhgfv
If we really want to deal with Google's enormous power, we'll need to tackle
the issue at both ends: political and technical. As for politics, it doesn't
look like Google is going to be attacked the way it happened to FB - the CA
affair was almost an accident. And Google knows better and will do everything
to avoid accidents.

The second issue is technological. The competing search engines are not there
yet, although they're continuously improving. Google got where they are not
only by text search, but also extending the search categories horizontally.
The competing search engine would need some smart minds to come up with
something extra, something genuinely useful that would make people flock
there.

Then there are all other parts of Google ecosystem that people depend on:
Gmail, Adwords, Adsense, GA. And millions of Android devices. How to eradicate
all that from our lives? It will take decades to complete - if we started now,
that is.

~~~
bluGill
Using other search engines goes a long way to get them there - the more they
are used the more advertising dollars they get (and the less google gets),
which leads to dollars to invest.

I find that duckduckgo is good enough for everything these days.

------
dschuetz
Fun fact: Google collects much more data from Android devices than from iOS
devices. This might be unsurprising, and even obvious, but I was surprised how
precise and intrusive that data is.

The whole time I was using an Android phone with my google account logged in
on the device, google recorded and retained basically everything. My location,
without even me using the maps app. My old contacts which I deleted from my
contacts lists were still in the records. Any IPv4 or IPv6 address my phone
was assigned to. This was even more creepy than facebook's data trove. I
deleted my data on facebook as far as I could and also the account (not just
deactivated) and I deleted most of the data google had on me. The problem is
that I only can _assume_ that all the data is now gone, but how can I be sure?

Google might constantly assure that they handle everything with care, but the
extent of their intrusion into my private life is really scary.

~~~
mtgx
It also annoys the hell out of me how often companies get away with something
if they just say "Whoops, it was a mistake/bug."

Google was recently found to track Android users' location even when they
didn't have their GPS on. And they said it was a "bug". Like I'm just going to
believe that from a company whose main objective is to track as much about us
as possible.

But my point is the FTC should have slapped them with a major (at least tens
of millions to hundreds of millions of dollars, depending how long they've
been doing it and to how many people) even if this _was_ a bug.

If you tracked or collected data without users' consent, you get fined -
bigly. No ifs or buts about it. Enough with the BS excuses and apology tours
while they pocket billions from the "error" or "mistake."

~~~
jacquesm
As long as money and politics are strongly intertwined it is unlikely this
will happen within the country of origin of the company. Lobbyists are just
too powerful.

And that's before we get into the kind of tricks and entity like Google or
Facebook could pull if they decided to become an active participant rather
than just a channel for advertising. If that hasn't already happened.

~~~
dschuetz
Money and politics is basically the way people run things, as sad as it
sounds. You can substitute money with something different, it doesn't matter
as people need some system of exchange. Money seems effective and easy enough.

So, it's not the money that is the problem. It might have something to do with
people, but I haven't figured it out yet.

~~~
jacquesm
In most countries companies directly paying politicians is seen as corruption.

~~~
squarefoot
Unfortunately politicians can be lobbied/bribed in many subtler ways. A
corporation can invest in city infrastructure, donate medical equipment,
libraries, etc. then invite their friendly politician for a public speech to
the inauguration so that the public associates something good (that didn't
cost taxpayers a single dime) to his face. That politician gets a lot more
votes and the corporation gets a foot in the government door: a win-win
scenario for both and completely legal.

------
kozikow
Not saying Google is a saint, but it's orders of magnitude better at privacy
than Facebook:

\- Malicious actors can't access most Google data has on you. Especially not
by releasing psychological quiz app.

\- Google is not tracking logged out users. New id is assigned to logged out
users only for very short periods of time.

\- Mostly compliant with GDPR for years prior to the regulation being
released. The same can't be said for Facebook.

\- Search results are much harder to manipulate by malicious actors than
Facebook news feed ranking - based on the history of such manipulations.

\- I don't work on either right now, but at the time I did Google had way much
better internal access controls for employees.

Amassing personal data can be considered unethical on some levels, but
amassing personal data can't be equated with being bad at privacy. Among
"personal data hoarders" Google is by far the most coginzant about keeping
that data private.

~~~
sametmax
> \- Malicious actors can't access most Google data has on you. Especially not
> by releasing psychological quiz app.

If I remember well, Google was part of PRISM. And it did give data to a
malicious state actors. Plus it has analytics, which you can pay to have data
on people (although no personal, but personal data from facebook is aggregated
and used the same way in the end). Also google let you literally google people
to find any data that other service would leak.

It's not as bad, yes. But it's still a lot.

> Google is not tracking logged out users. New id is assigned to logged out
> users only for very short periods of time.

I'm not an insider, but I would imagine that with android, gmail, chrome,
various search tools and google Web APIs (fonts, graphs, analytics...), Google
tracks you everywhere, whether you are logged in or not. It doesn't even need
a cookie with all the behavioral data it has to fingerprint you.

And it's so big I doubt that any employee inside knows how everything works
and everything that is done.

> Search results are much harder to manipulate by malicious actors than
> Facebook news feed ranking - based on the history of such manipulations.

Now. But they've been at it for more time. I remember the early days of
Google, and it was black SEO everywhere. It became only hard to game the
system recently. Even when StackOverflow came out, we had so much spammy
clones, and it's not that old.

It also came out at the cost of less relevant results: now I can always find
instantly what I know I want, but rarely discover something I'm happy I found
about that is related to my current search. The bubble is very strong.

~~~
zamalek
> I'm not an insider, but I would imagine that with android, gmail, chrome,
> various search tools and google Web APIs (fonts, graphs, analytics...),
> Google tracks you everywhere, whether you are logged in or not. It doesn't
> even need a cookie with all the behavioral data it has to fingerprint you.

Why would they take all that risk when they allow you to opt-out of targetted
advertising?

~~~
sametmax
Which risk. No actor has any way to verify that. It's incredibly complicated
software, lost in the forest of their billions lines of code and thousand of
servers.

Even if any actor had the will, the mean and the skills to check it out, and I
doubt we had even two of that, the task is immense and the ability to hide
high.

Add on top of that the power of a company that has the budget of a small
country...

There is no important risk.

Now even if there were like 0.00001% of chance they get caught. So what ? What
are the consequences ?

Bad PR ? Who cares, customers will forget in 3 months.

A fine ? Who cares, they can buy pay 10 times that before diner.

Prison ? Scape goats and lawyer will make sure it's not a problem.

------
open-source-ux
Google tracks online behaviour on an industrial scale. It's baffling how
little scrutiny the company faces, least of all from the tech community who
often rush to it's defence. (Does a multi-billion dollar company need your
defence?)

When you create a Google account, you're asked to provide your name, your
gender, your date of birth, your location and your mobile phone number. Some
of your most personal and private details, all of which will now be tied to
your online behaviour.

That ceaseless data capture starts right from school, where millions of
students use a cloud-based OS called ChromeOS that records everything they do.
It's quite horrible that this is happening - the kids don't even get a say,
it's the adults who've decided this.

It doesn't matter if that information is only collated in aggregated form and
detached from user accounts, we don't know how that information could be mined
or analysed either now or in the future. (In fact, I suspect that even Google
hasn't figure all the possible uses of the ginormous quantity of user
behaviour it has captured and continues to capture).

And we've seen from Spotify and Netflix how even aggregated data can reveal
very private and personal user behaviour.

Google and many of it's supporters conflate security with privacy. Just
because Google hasn't ever suffered a breach of user data, people say that
Google can be trusted. You can't have privacy without security, but security
by itself does not equal privacy. You're still being tracked relentlessly by
Google no matter how securely it's storing your online behaviour.

~~~
teddyfrozevelt
G Suite for Education very clearly doesn't track students using it.

[https://edu.google.com/k-12-solutions/privacy-
security/](https://edu.google.com/k-12-solutions/privacy-security/)

~~~
open-source-ux
Where does it say that it doesn't track students on that page?

The G Suite for Education Privacy Notice [1] clearly states that Google
collects device information, unique device identifiers, mobile network
information (including phone number of the user). Also logged are IP
addresses, location information, and app usage using unique application
numbers.

Even if this information is detached from individual accounts and aggregated,
it equals a phenomenal amount of data captured by Google on millions of
students in the US.

[1]
[https://gsuite.google.com/terms/education_privacy.html](https://gsuite.google.com/terms/education_privacy.html)

------
matlin
The difference is that Google doesn't share that information with other firms.
Having centralized information for a user is important to many (you can always
spread it across multiple emails and accounts) but I think violation of
privacy is the main reason Facebook is under investigation not centralization
of data.

~~~
notacoward
> The difference is that Google doesn't share that information with other
> firms.

Are you absolutely sure about that? Are you absolutely sure it will remain
that way tomorrow, or next month?

~~~
jacquesm
He may be sure but he's wrong either way. The Google real-time bidding spec
outlines pretty clearly what data Google will share with third parties.

~~~
matlin
> The Google real-time bidding spec outlines pretty clearly what data Google
> will share with third parties

This is exactly my point is it is clear you are consenting and have control
and can opt out here:
[https://adssettings.google.com/](https://adssettings.google.com/). I am very
aware of real-time bidding for ads works.

Also you shouldn't assume gender.

~~~
jacquesm
Anonymous profiles can be addressed using either gender until otherwise
specified, besides that HN is so skewed towards males that it is a safe
assumption.

If you want to distract from the discussion at hand by making it about gender
then that's on you.

As for 'consenting' and 'opting out' that's not how it should work, you don't
'consent' to being tracked by Google because you didn't opt out, that's Google
assuming your consent (which, to tie it in with the previous bit is a lot more
serious than assuming someone's gender).

------
wepple
My personal gut feel is that in the fairly long history (for a tech co), we’ve
seen surprisingly little malicious use of data come from google. In a company
of their size I’d expect a lot more screw ups and scandles, so perhaps they
deserve a little more trust?

At the same time, they’re at the size and momentum that they should always be
under scrutiny even if the answer keeps coming back “yeah they seem to be
acting responsibly”. We don’t want to have an ambulance at the bottom of the
cliff.

------
hlecuanda
Reprising my comment from a few weeks ago:

Facebook never gave me anything of value in exchange for constantly monitoring
and profilingmy behavior online. in fact, as it became ubiquitous,it added a
new chore for me: maintaining ever changing privacy options on a defensive
profile on their network.

So it takes peoples time, attention, and details on top of behavioral
monitoring.

In contrast, Google provides me with a very competent productivity suite, a
superb photo-managing software navigation, maps, aggregate traffic data,and a
host of tools to actually build a business and educate myself and others.

Plus i get enterprise class security for my account and -arguably- the best
web email service.

The day theres a data breach or in this case a breach of trust, im more likely
to view google in a better light and give them the benefit of the doubt.
Facebook gets my contempt and scorn.

>Inb4 "well then don't use Facebook": I don't. But that doesn't stop FB from
building a shadow profile on me, so if I want some measure of control over my
digital footprint, I have _no choice or recourse_ but to open and maintain a
_defensive profile_ whose only purposes are a) claim my username / URL used on
most services where I'm provided with such a srfvixe, b) "squat" my name and
likeness so I can't be unknowingly impersonated on their network and c) keep
up with their ever changing privacy controls

>Inb4 "sounds like cringe material from Google's social team": -I don't work
for Google. I admit I'd love to, but I'm too old, perhaps. OTOH, I don't see
how it's "cringe" since I succinctly describe the services the company does
provide for me in exchange for my data and observing my behaviour; services
I've used in making a living lately. Try making a living by developing on the
FB platform, where every API Iteration makes you re-evaluate your business
model.

------
anoplus
In the age of information, Google obviously has disproportionate power.
Society must raise awareness about concentration of power, post more about
this topic, demand justice and transparency from the rulers. I think Google
workers have special ethical responsibility to demand transparency and trust,
organize and resist evil orders. We all have responsibility as a society to
demand justice if we want a promising future.

------
troyvoy88
I absolutely agree Google has a much wider ecosystem they cover: social media
with google plus or whatever is left of it, video via YouTube, Images via
google Photos, cloud infrastructure via Compute Engine, google work via G
Suit, ISP via Google Fiber etc... All these have Term of Services with very
broad language they can dragnet collect whatever they want. I don't mind
sharing the information and I don't want the government involve and regulate
how private entities work. But I also wouldn't mind having this companies put
on the spot and have to explain how they handle the data they gather. How they
handle ToS and/or Data breach. Facebook is a speck of dust compare to google.

~~~
sixothree
You say you don't mind sharing information. Do you mind them collecting
information about you outside of what you share?

~~~
troyvoy88
Yes that is the VERY reason why I said wouldn't mind having them put on the
spot that way we can ask. Provided the right people are asking the questions.
If it comes up through the questioning that they are grabbing information I
chose not to share with them. I'll stop using the services and go somewhere
else no one has a gun to my head.

------
yuhong
It is funny that my essay on this exact topic don't seem to get much coverage,
even though I have been working on the problem for a while now.

------
sixothree
The problem I have is the lack of transparency. Google lets you download "all
of your data". But it's nothing near the entirety of what they collect about
you. It's insulting.

It's time we learn what they know about us. I want to know.

------
mtgx
I expect we'll see some major leaks about Google by the end of the year, too.

------
stewofkc
Facebook is the perfect company to take all the heat. Mainly because Mark
Zuckerberg is such an icon.

[https://hackernoon.com/why-facebook-is-the-perfect-
represent...](https://hackernoon.com/why-facebook-is-the-perfect-
representative-of-techs-privacy-problem-5e5c29063d47)

------
pepecantina
Yes.

~~~
sharemywin
And the I's have it.

~~~
jacquesm
'Ayes'.

~~~
usernum3hundred
Nyes

