
Even Google engineers are confused about Google’s privacy settings - alpacaillama
https://www.theverge.com/2020/8/26/21403202/google-engineers-privacy-settings-lawsuit-arizona-doubleclick
======
Spooky23
There's a usability aspect to this.

If you disable location services for Yelp, it's pretty unfriendly -- it
chooses to make it as difficult as possible for you to use the app to get you
to turn location back on. The Google approach for Maps is more pragmatic IMO
-- lower resolution location data makes sure I don't get a McDonald's in
Finland when I'm in Kentucky.

The hard thing is that I don't want Yelp, Google, etc tracking my movements in
a 10-meter radius forever, but I want location from a contextual perspective.
I don't think you can do that without meaningful policy controls outside of
your local computer.

~~~
ForHackernews
Maybe people could just live with having to search: "<query> near <nearby
major town>" if they want to get geographically relevant results. It doesn't
seem that terrible to me.

~~~
orangecat
That's terrible for usability, especially since you're almost always going to
want better resolution than "anywhere in or around city X".

~~~
ForHackernews
Maybe you should have to opt-in to handing over all your data, and users who
value "usability" over privacy can make an informed choice for themselves.

------
TillE
I noticed fairly recently that YouTube has undeniably started tracking my
watch history even though I've had watch and search history turned off
forever, and it's still turned off with (apparently) no data in it.

On the front page, there are constantly recommendations of videos which I have
just watched (not liked, commented, only watched). Old, new, whatever. Videos
which would be quite random if I hadn't just watched them.

I stopped using Chrome a long time ago after similar observations of how it
tracks usage. Good thing I don't really do anything sensitive with YouTube.

~~~
molticrystal
Well Chrome does have an installation identifier that was/is transmitted only
to google properties.

That would explain the behavior you describe. Google says it is only for
tracking experiments and tests, but I doubt even they know what everybody is
doing with it, and perhaps you were a member of an experiment where they used
it to track you.

"Google tracks individual users per Chrome installation ID" [0]

An article about it was here [1]

Discussion on hackernews was here [2]

[0] [https://github.com/w3ctag/design-
reviews/issues/467#issuecom...](https://github.com/w3ctag/design-
reviews/issues/467#issuecomment-581944600)

[1]
[https://www.theregister.com/2020/02/05/google_chrome_id_numb...](https://www.theregister.com/2020/02/05/google_chrome_id_numbers/)

[2]
[https://news.ycombinator.com/item?id=22239641](https://news.ycombinator.com/item?id=22239641)

~~~
im3w1l
I use firefox and I see the same behavior with web&app activity turned off,
and youtube history turned off. Personalized frontpage when I visit youtube
normally. If I open incognito then I get unpersonalized. If I then login
inside the incognito session, then I get the personalized recommendations
again. This confirms that the recommendations are tied to the account.

------
nocturnial
I've tried to follow the links from the article and eventually came across
this document [0]

What the attorney general Brnovich references are emails which shows google
engineers are aware that people are confused by the settings. The specific
example in this case is that your location is still tracked if you enabled Web
& App Activity, but disabled Location.

The emails show the google engineers aren't surprised why users would expect a
different result. The main reason people are confused, the google engineers
think, is because google doesn't display they are still being tracked in their
timeline (in this specific case).

Disclaimer: I'm biased against google, but hope I kept it factual.

[0]
[https://beta.documentcloud.org/documents/20385394-arizona-v-...](https://beta.documentcloud.org/documents/20385394-arizona-
v-google-exhibits-212-227#document/p14/a2001255)

------
ocdtrekkie
This quote basically disproves the phrase Sundar repeatedly parroted to
Congressional members about making it easy for people to configure their
privacy settings. You can bet this quote is going to be read to his face if
there's another hearing.

The author of the statement was redacted in the public version, but my bet is
if that is still a current employee, they won't be for much longer. Because
this quote is going to hang over Google for the rest of this process.

And as many Google people are probably being reminded this week: Assume all of
your work emails may some day be public, and used against you or your employer
in a court of law.

~~~
Barrin92
>And as many Google people are probably being reminded this week: Assume all
of your work emails may some day be public, and used against you or your
employer in a court of law.

They don't need to be reminded because Google has been coaching staff to
basically adopt some sort of Google newspeak:

 _" One part of the presentation, subtitled “Communicating Safely,” advises
employees on which terms are “Bad” and “Good.” Instead of “market,” employees
may say “industry,” “space,” “area,” or simply cite the region, according to
the presentation. Instead of “network effects,” the presentation suggests
“valuable to users.”_

[https://themarkup.org/google-the-giant/2020/08/07/google-
doc...](https://themarkup.org/google-the-giant/2020/08/07/google-documents-
show-taboo-words-antitrust)

~~~
sukilot
That's regular legal speak.

~~~
Barrin92
if you're required to engage in legal speak in normal workplace conversations
what's the difference exactly. The only other place I know of where you need
to talk in code between two coworkers to not draw the attention of authorities
is the mafia

------
robin_reala
I used to be pretty much in favour of opt-out for stuff like this, but I think
at this point the industry itself has managed to prove that it can’t be
trusted with anything but legislation guaranteeing opt-in.

~~~
the_snooze
Absent legislation, I'm all for a "nuke it all" approach when it comes to ad-
blocking and tracker-blocking. It won't catch everything, especially platform-
level privacy concerns like this, but it does move good usable defaults over
to the user's control. No need to rely on companies who continue to fail to
act in good faith.

~~~
sukilot
You can't block an app or site from accessing your geolocatable IP workout
extreme measures.

~~~
ForHackernews
Is that true even for IPv6?

~~~
betterunix2
Yes, because most users will want low latency more than they want a hard-to-
geolocate IPv6 address; IOW they will just use the IPv6 addresses their ISP
assigns them, which will be easy to geolocate even without the ISP's explicit
cooperation. Worse still, because IPv6 promises to eliminate NAT, geolocation
will likely become even more precise as user devices will have global
addresses that they are not sharing with anyone else.

~~~
freeAgent
How can per-device IPv6 addresses alone enable better tracking if they’re
long-lived and the device moves physical locations during that time? How would
a tracker with only IP address know that the device moved?

~~~
betterunix2
A number of ISPs have started using NAT for IPv4 due to the address space
crunch, which means that at best those IPv4 addresses can only be used for
coarse geolocation. The fact that IPv6 addresses are per-device means that at
a minimum you can get household level geolocation for each device (based on
the prefix). The fact that addresses are long-lived is not really relevant,
since addresses are only long lived with respect to a prefix and prefixes will
change when a device moves to a different network (almost always the case with
residential service).

------
RandallBrown
This isn't a surprise. Google is a huge company with probably hundreds of
teams working on these things. The fact that the privacy settings can be
figured out at all is a bit of a miracle.

I doubt the privacy settings are "designed" as much as it is a bunch of
disparate teams working on it together with maybe somebody coordinating it.

~~~
robin_reala
Sorry, that might be an explanation but it’s not an excuse. Privacy controls
in a global organisation are a legal requirement for your software, and you
don’t get to just haphazardly throw it together.

~~~
sukilot
It's a very recent requirement in a long established industry.

------
RedComet
Some sensible government intervention would be nice. Into Google and most of
these tech giants, actually. Who ever thought that our cyberpunk future would
be such a lame and mundane dystopia.

~~~
nickff
Do you think that the same governments which are against cryptography will
actually look after your privacy? They'll probably require a pop-up that asks:
"Is it okay if Google keeps your data, or should we just send it to the NSA?".

~~~
badRNG
I feel that arguments along the lines of "why should we have governments
protect consumers on 'x' if they willingly do 'y'" aren't really helpful, and
feel akin to whataboutism.

For example, yes, I expect "The Government's OSHA" to enforce worker safety
laws, even if "The Government's Police" later winds up brutalizing workers
during a strike.

The Government isn't this unified entity, it's more a collection of disparate
organizations often embroiled in disputes with each other, each representing
various stakeholders who's interests are often in contradiction with one
another.

~~~
nickff
I think you're right that my point is something close to whataboutism (though
not exactly whataboutism), but yours suffers from something similar to the
Gell-Mann amnesia effect.[1]

[1] [https://www.epsilontheory.com/gell-mann-
amnesia/](https://www.epsilontheory.com/gell-mann-amnesia/)

~~~
badRNG
Thanks for the recommendation, interesting read. I suppose how one lands on
this topic is based on how much continuity one believes there is in a
"government."

If a government is simply a large institution or cluster of institutions that
perform many roles and have a purpose towards the same end, then the claim of
"whataboutism" is simply nonsense and trusting one portion of a government and
not another is at least somewhat inconsistent, and this "Gell-Mann Amnesia
effect" seems clear when a person can go straight from criticizing the
government's treatment of striking workers to advocating for workers
protections from this same government.

I think "the government" doesn't exist as a unified entity in any meaningful
way aside from maybe linguistically. The government, in my view, is more a
collection of organizations that often have outright antagonistic relations to
each other, and interests that are fundamentally in contradiction. I don't
really view a regulatory body and the NSA to be meaningfully part of the same
organization (I'd say there are plenty of private businesses that are more
closely "part of the NSA" than some oversight board.) Claiming that the
perceived misbehavior of the NSA should prevent us from advocating for
consumer protections is clearly whataboutism according to this frame. This
view would make this "Gell-Mann amnesia" accusation appear incoherent, since
we are talking about disparate organizations with no meaningful connection to
one another.

~~~
nickff
You could make the same argument about different subject areas in a newspaper;
saying that the different editors are antagonistic towards each other, and
have varying levels of competence. In the cases of both newspapers and
governments, there is a similar oversight and management structure across the
organization, as well as unity in source of funding.

Perhaps we should expect different parts of the government to act with varying
motives, but similar competence.

I think the government organizations attempting to ensure backdoors in
encryption are acting deceitfully, malevolently, and incompetently, with the
stated motive of easing investigations. Thus, I think the privacy regulators
will act deceitfully, malevolently, and incompetently, with the stated motive
of protecting consumers.

~~~
badRNG
I think we'll need to agree to disagree about the government's organization
then. A newspaper is a far more cohesive organization that exists to a single
end and has a largely uniform consistency, regardless of the beliefs of
individual editors.

> I think the government organizations attempting to ensure backdoors in
> encryption are acting deceitfully, malevolently, and incompetently, with the
> stated motive of easing investigations. Thus, I think the privacy regulators
> will act deceitfully, malevolently, and incompetently, with the stated
> motive of protecting consumers.

I just don't see any good reason to make this leap. Furthermore, I don't see
the utility of arguing against consumer protections simply due to the
perceived misbehavior of an intelligence agency. Europe passed the GDPR, and
despite its many inadequacies, it has positively impacted the privacy of
European citizens, and proves that some ground could be made by way of
consumer protection.

Privacy regulations aren't so pie-in-the-sky that they aren't worth fighting
for. That's simply an unreasonable concession in my view.

~~~
nickff
My view on privacy is simply that it's too important to trust to the
government. If we care about what a web browser sends out, it's a problem that
should be solved by the browser, not the government. You don't trust the
government to ensure the privacy of your communications; you shouldn't trust
them to ensure your privacy in any other respect.

------
typenil
These dark patterns around location tracking was what finally made me give up
on Android. I knew Google tracked location even when the location setting was
turned off, so I had App & Web activity disabled.

As Google bricked more and more functionality to dis-incentivize disabling
that setting, they dis-incentivized me right off the Android platform and off
of the rest of their services.

They did me a favor, really. I was far too naive about them prior to that
wake-up call.

~~~
freeAgent
Same here. By totally borking the user experience when one attempts to disable
location tracking, they just encouraged me to stop using their services. I
switched to iOS for mobile devices and now I don’t even use Google Maps on
mobile. Apple Maps is good enough. Now Google have no idea where I am when I
leave my house, and that’s a good feeling.

------
princevegeta89
To be frank, the entire thing around "privacy checkup", and the way settings
are presented to users to allow them to control what they want to share and
what not to, is so damn confusing. I tried following my Privacy Settings, and
every now and then, Google seems to revise/change existing settings by
introducing new sharing settings, which are turned on by default.

Honestly, all of this seems to be a false painting to calm down Congress folks
and other legal entities alongside users who are either amateur or those that
"don't care" so that things don't blatantly look evil.

------
motohagiography
Nothing is stupid, it works for someone. It's called a "dark pattern,"
([https://darkpatterns.org/](https://darkpatterns.org/)) and it's by design.

Can pretty much guarantee the accountability for the design decisions goes to
a "consensus," from a series of informal meetings, with no individual
ownership, because that's also by design. I'm not involved with this at all,
but having spent time in many different organizations as a consultant, this is
very much a common strategy.

------
aboringusername
Hopefully Google is forced to follow Apple's lead and implement consent
dialogs into Android to allow/deny tracking or usage of any form of
identifier/fingerprint.

I am surprised the EU haven't investigated Android and found it breaches GDPR
requirements, simply due to the fact it's too easy to collect information that
can later be used for analytical purposes without the users consent.

I imagine you can find instances of GDPR breaches in all modern OS' if you
looked hard enough - something as simple as a HTTP POST request may be illegal
depending on the payload.

Sadly, progress is often slow, but Apple's progress in this area will
hopefully inspire Googlers like the one in this article to make statements and
drive progress forward.

~~~
jmnicolas
The GDPR is one of those "useful" laws created to open the possibilities to
strong arm any company at will.

Most of the time it's not really enforced (apart of a couple unlucky few to
show they mean business) but if they need to put pressure on any company they
know they'll find something to hang them with.

------
mnutsch23
After reading this article, I signed into my account. I found that even though
I turned off tracking in Google years ago, it still kept my old history.

The article says that Google turned on auto-delete for new accounts by default
as the result of a lawsuit. However, if your Google account is older than x
years, then they still keep all of your location history unless you go in and
manually choose to delete it. Even then, I no longer trust that Google will
actually delete it.

------
elchin
As an ex-Googler it makes me sad that an internal discussion leaked like this.

~~~
nitrogen
Are you sad about the leak, or about the nature of the discussion?

------
wruza
"The current UI <cut> is designed to make things possible, yet difficult
enough that people won’t figure it out."

Let's be honest. Don't attribute it to the system complexity or interop
failures — that's bullshit. When they need to shove you an ads under your
finger, the complexity suddenly vanishes.

~~~
1f60c
Isn't that the point?

~~~
wruza
Not for some commenters here, it seems.

