Would Google in any way discern between those two sessions? Me sitting at the desk doing some hobby coding performing a query like "DBVTBroadPhase", her on the couch on my laptop looking for inspiration performing queries like "michelle branch instagram".
To a human it doesn't take much to jump to the conclusion that two totally different persons are using the same account at the same time.
But maybe that isn't even of interest to google. Me and my GF are basically one entity to them. We frequent HN and skinnycurvy.com, we like Michelle Branch and Steve Klabnik (;)), we do pilates at the gym while at the same time play underwaterhockey at the sports centre.
Any ads Google shows us might have a 50% chance of being shown to the right person, and that's probably good enough. Maybe they get lucky and I'll mention some womans brand I saw in an advert to my gf sometime.
Wow, never thought about how complex of a problem that can really be. To hijack your example: searching for [rust http library] and [clean rust from metal bookshelf] should be completely separate lines of querying but without understanding the full context, appear to have many false similarities (rust, library/bookshelf, 'clean' is a word associated with compiling software, and 'metal' can cause confusing with projects/articles on [bare metal programming with rust])
Google's methods for detecting clustering, or whatever they are using, are so 'clever' I feel like I'm unable to communicate what I want. I feel like I'm arguing with a particularly intelligent and malicious toddler sometimes.
Say I was to ask a toddler to bring me a beer, and they brought me a root beer. I'd be like, "no, bring me a beer, -root."
A normal child would bring me a normal beer, cause that's the only thing in the fridge that has beer in the title without root. The Google child would bring me some sassafras, because sassafras is a root beer, which is a beer, but it doesn't have root in the name.
Annoyed, I turn off safe search, and I say "Bring me a beer, -root -sassafras -sarsaparilla -ginger -cider."
The Google child comes back and says "I couldn't find what you were looking for." I get up off the couch, look in the fridge, and lo and behold it's completely full of beer.
Machine learning is definitely a big part of it, but you can also get surprisingly far with simple bag-of-words models when applied to enough data.
Probably would be easier just to use an anonymous account for every search, but is it easy to destroy all the patterns associated with the searches that would indicate it's the same person.
(The concept is similar to those proxy services out there that pay people to let them use their "good" IP address to e.g. scrape sites that will otherwise automatically block "obvious" server farms. Also Bitcoin mixing pools.)
You can even make desktop shortcuts to launch Chrome with a given profile, so in practice it's like having two different apps. I guess you could launch one instance and swap users but we don't bother.
Sounds like an Ignobel worthy paper in the making.
gberger's comment was pointing out that the original comment did not take into account that these particular queries could have been performed by the same people.
That said, it could have been phrased more productively.
gberger seems to be reacting (in a slightly less than constructive way) to that same uncomfortable sense.
That said, I am very thrilled with my interestingness and intellectuality.
I read it as a literal example - tinco saw those exact examples.
But they aren't in the example, and Google is understanding their specific situation wrongly/not in an optimal way. Maybe that's not possible to do, maybe the way they are doing it right now is the best overall, but it is not the best interpretation of the specific situation. Which is all I get from the original comment: "Here is something that they could understand better".
Pointing out that implementing this precisely would be difficult because you can't rely on interest subsets as an indicator would have been a fine response. Immediately accusing the poster of being sexist because it obviously is impossible to do is not, unless you have hard data to support that there is no way to tell the difference.
(I'd assume "disjunct" queries from different devices at the same time very often are different people, or at least worth treating as different sessions. But maybe people use multiple devices at the same time more often than I think?)
The trick was to use K-9 Mail. Otherwise, when configuring the e-mail (Gmail), the default mail application adds the entire Google account and the link to the mothership is reestablished. Although I have installed GApps, I transitioned to a dummy account per device plus Xprivacy, plus NetGuard.
Long before Android, the stream had dropped to a trickle when I started sandboxing the Google account to a special session for Gmail. Everything else, searches, youtube went on an incognito window or to a separate Firefox profile.
I knew it to be effective from the constant e-mails I was getting that "Google does not recognize your sign-on". Guess what, Google, I want it that way! Now myactivity.google.com confirms it.
My google activity shows only google maps searches from the device and some google website searches from desktop (probably from when I happened to be logged into GMail and made a search query via google.com).
I use Gmail on Android, Signal for SMS (no-one I know uses Signal) and Firefox with self-destructing cookies and uBlock origin (I use a similar setup on desktop too - to prevent persistent logins) I can't see any other activity being logged. That's not to say that it isn't flowing through Google's pipes somewhere or other.
My point is that I'm only conducting basic privacy measures but (as in, not having to root or reflash my phone) - and not having most of my activity recorded in this dashboard.
Does the cost out weigh the perceived benefits?
To give an example on desktop, even using separate Firefox profiles for Google and non-google activity, it is embarrassingly easy to see that the activity comes from the same person. Just cross-check the bonanza of information like screen size, plugins, fonts etc. I would be surprised if they didn't do it. I prefer to not run the risk. So I go to even greater lengths than I mentioned above, however it was getting long.
To come back to your point, it's inconvenient only in the beginning to document yourself and to set it up. Whether it is rooting the device, or setting up your own e-mail server. In the end it is about the freedom of computing whatever you want on the device that you own.
EDIT: If I may add, it's not like I'm going full Stallman. Everything is a compromise, it would be nice if we weren't forced to go to these lengths, or to compromise at all.
Other location suggestions? Crap unless explicitly entered in the Calendar. Article suggestions in Google Now? Crap. Despite having my entire Feedly info (300+ feeds) from which they pull most useless cards. Youtube suggestions in Google Now are somehow even worse than video suggestions in the Youtube app. Ads? Complete garbage and borderline fraud against all these companies paying to advertise mobile games which I almost never play and they know it.
Bizarrely, I have a Google Apps account at work with much, much less info and it's actually a little better.
Not my experience at all, in my case the suggestions have become so good that I find myself checking what articles Google has for me multiple times a day. It's easily the thing I check the most after Reddit and Hacker News. Heck, I'd love a standalone app or service just for the article suggestions alone.
Just because I search for something, say a business, on the web doesn't in any way mean that I'm interested in seeing future news stories about that business.
I spend at least an hour every morning and night waking up and falling asleep to the latest news I'm interested in, with probably 1 or 2 additional hours throughout the day -- and all from article suggestions in Google Now.
If you aren't seeing things that interest you, you can tap the dropdown menu in the top-right of each card and tap "I'm not interested in this" or "Not interested in this source" to train it towards articles that you actually do care about.
I have my calendar and email setup on my phone with contacts sync also enabled. When I get to work I have one of those pinned tabs on chrome set to inbox and all my searches on my phone and laptop are on Google. Adblocker is installed on my laptop so I never see ads there but after searching for property and a bed for the last few weeks, the ads I seem to be getting on my mobile browser point to just that. I've actually ended up buying a couple of items online because of google's suggestions (GPU, cellphone, gas heater, etc). So I think it depends on how much data you feed it and how you feed it. As for suggested places to visit, I can't comment much since I don't use that feature.
For some such inputs are rich, for others scary.
Most don't care anyways.
They're scary when they're the carrot used to persuade you to allow a full invasion of your personal life by an outside entity, which as a matter of course requires permission to store, search, aggregate, and use commercially all of the data that it finds.
Side-stepping for a minute that Google and governments can also see this data, this sort of wholesale data aggregation and presentation seriously ups the ante for account security.
Getting somebody's Google account from third-party breach-de-jour used to mean you got their email history, or could pretend to be them... But with this you have their browsing, app, search and location history. That is to say, you can discover: What they're doing. Where they're doing it. What they're thinking about (I search everything). Who they interact with.
Worse, I wasn't prompted for any sort of password. Physical access to my computer (and I assume phone) now gives easy access historical surveillance data.
Welcome to the new generation of identity theft.
I've been very impressed with their smarts about security, they seem to tow a fine line between security and convenience. Any sensitive account information like this will usually trigger a new password entry (unless you've entered it recently), or 2fa.
(I also had no results, though, because I've turned everything off.)
Much to my surprise, it was well populated again, with my web browsing/searching, YouTube, and location histories all turned back on again. I don't use the Chrome browser (aside from compatibility testing), and I don't use Android. I'd be very curious to know how all of this was re-enabled without my involvement.
Very unfortunate, and another straw for the camel's back.
See the activity controls to opt out here.
That said, since there were some controls disabled, and some enabled, I'm more inclined to believe that they were re-enabled, if not automatically, then via some dark pattern. It's also possible that they were just new tracking points, but one of them was my search history, which I recall explicitly disabling.
If it was well populated now, they actually screwed up. The data for the period that you opted out should not have been visible to you.
Apparently I turned all of their tracking off at some point and forgot about it.
Surely it was a mistake to comment without the support of evidences of any kind, but anyway, I just though I could share my experience.
Google have been screwing this up for a long, long, long, long, long, long time.
- Used Messenger app, sent X messages
- Used maps, with location data, search data
- Use phone, with number of calls
- Used (Any installed app) included how often and what I did.
I've since turned everything off.
While browsing on my phone last night I saw a new Google.com feature where they were using my email address to try sign me up to email lists at the top of search results.... Not cool.
Trying to use Google Fit, Now, etc. will keep popping up requests to let Google constantly track your location and web searches with o clear way to disable those annoyances. And more and more.
I can see them saying "we didn't want to confuse customers who thought syncing was broken when they didn't see their searches in other phones", but given how easy it is to tell the user "you have disabled sync", I don't think there's any excuse for Google to behave like this.
Anyway, it was so satisfying to log in and see absolutely nothing, no activities whatsoever.
Of course, you could say the design of the framework is hostile, or that they should fall back to something else, but I can see this being considered extra unnecessary work.
The iPad is a family device. The children watch kids stuff on YouTube. My wife and I both use Google maps for different things. I was the only one using Gmail.
So, no I don't want personalised YouTube tracking on the iPad. Every time i opened the maps app it drove me to login. The iPad is a shared device. Maps and YouTube logins on a shared device make little sense, especially when Google is building profiles from our usage.
I found it a pity that my only choice was to delete the Gmail app, in order to stop the nagging. So irritating!
Your family iPad is a perfect example. Another is the way I have personal emails and work emails both on my phone - but that doesn't mean I want to merge them all into one super-inbox and treat them all the same.
In my (Sony) Marshmallow/Android 6.0 phone it lets one choose: "Location mode": "High accurancy" (Use GPS, Wi-Fi, Bluetooth or mobile networks to determine location), "Battery saving" (Wi-fi, bluetooth or mobile networks) and "Device Only" (Use GPS to determine location).
Just now noticed it says "High Accuracy" (I believe Google Maps will nag you into submission on this, if you try to use GPS only).
Oh well, they also store the phone numbers that you called along with the duration. And possibly more data than your mobile service provider manages to store.
I really wish they'd consider information density as a plus when designing pages like this.
That's not a material problem really. It's just this site.
We must rethink infrastructure to the point where the only data that we transmit is data that is inherently useless after a time. If I do something like revoke my key, it should be impossible for anyone to further use that data. Expiration dates should be baked directly into protocols so that revocation of keys and expiration are the same thing: either I revoke my key myself, or my software revokes it for me but no one else (and their buggy or insidious software) gets to decide how to respect the expiration time.
 An agreement, contract, or bylaw that prohibits some type of action (e.g. a union negotiator who's payment and continued employment is contingent on never negotiation away the pension).
It's odd to me that Google collects all this data, but doesn't really seem to offer any specific applications that depend on it, individually or in aggregate. Even though they have trends, they don't have any lists like Alexa of top traffic websites, despite the fact they have a better sample than anyone, and could make such information available.
I guess I can just hope that between the more "interesting" ads they show me and whatever other magic they use the data for to improve their services, that it's worth letting them have it.
Your browser is uniquely identified regardless of your network location or browsing mode or profile or whatever.
Also Chrome crashes multiple times a week on macOS nowadays.
Fine to switch, but the GP is wrong. This is not a thing that exists.
Chrome and FF keep it turned off by default for performance reasons.
I'd be much more interested to see what data I gave to Google unintentionally - e.g. what Google-provided ads I saw on non-Google sites, what sites with Google Analytics I visited, etc.
Especially the Dashboard one. I use these a lot to make sure I'm not leaking any data more than I have to, to Google.
There's some stuff scattered throughout the comments, but it'd be nice to have a single spot.
Web & App activity (search activity on apps and in browsers)
Location History (Creates a private map of where you go with your signed-in devices)
Device Information (contacts, calendars, apps, and other device data)
Voice & Audio Activity (storing your voice and audio inputs to your account, for example, when you say "Ok Google" to do a voice search)
YouTube Search History (Store your YouTube searches)
YouTube Watch History
They all have an opt out toggle.
That service confirmed that there is no data about me. I believe they know much more than that, but at least I'm making it a little more difficult for them.
* My Google searches, this includes audio searches and it let me play the audio.
* Watched Youtube videos
* Pages viewed on Chrome
I don't see any Android activity besides the google searches, could be because I'm using Sultan's CyanogenMod.
A few months ago I searched for a business on maps, and had to type the full name. The second time I searched for it, it came up the top suggestion.
I do not trust these "privacy features" since.
Anything pushed to the internet should be assumed public unless encrypted using open source encryption tools you completely control in a safe zone (like in Tails). All internet activity should be assumed to be logged somewhere, somehow. I don't even 100% trust Tor.
That's a rather Orwellian statement ...
To avoid this you could try stripping out the user agent, changing the size of your browser window and using a VPN (I believe that's what the Tor browser basically does, anyways.)
The default Tor browser is stripped of identifying information. The Tor conection means your traffic is bundled with many, many others users.
The downside I've found, for Google search, is that Google subjects all, or at least all I've run, Tor search requests to a CAPTCHA request. Torbot and Torfox on Android get stuck on this, and it's consequently impossible to run Google Web search over Tor on Android.
So I use DDG, which is my default search anyway. DDG doesn't track users or history.
What, as someone who avoids Google accounts and most of their services like the plague, do you know about me? <= question I'd like answered
Now this person could be doing this for fun, or he could be sent there for research (for advertising) or for surveillance.
Why is it then people are paranoid about a website collecting stats anonymously, but do not so about going into public places?
That, and Google isn't like one man sitting on a corner. It's like a network of guys, on every corner - that compare notes every evening. Regardless of why they do that, it's hard to call it anything other than surveillance.
That's factually incorrect: https://duckduckgo.com/about
The reason I started running that extension is because I i was sick of waiting for google.com to redirect me.
Sampling works. Randomly selecting accounts for inclusion and immediately dissociating that account identity from the data would provide substantively useful data.
Much the same way as it is possible, on the basis of 100 - 300 randomly selected G+ profiles to gain a strong sense of what the level of public activity of all 2.2 billion profiles (in use as of early 2015) was.
Sure, you can increase accuracy, somewhat, by bumping up that sampling count to 50,000 profiles. As I did. Though that (and monte-carlo resampling of subsets of the profiles) substantiated the trends which were clear from the first 100 or so results. Or you can bump up the value to 500,000, as Stone Temple Consulting did. Which again, largely re-substantiated the results I'd found.
Google receives something on the order of one billion searches per day. Sampling a very small percentage of those would provide very accurate results, at far smaller processing cost, and moreover, at far smaller data disclosure risk.
Data are liability.
Even if the concern were, say, edge cases regarding specific terms and the like, that would be possible to explore with targeted random sampling (stratified random samples). All very-well-established statistical techniques.
Since so much of their revenue is from ads, the better their targeting, the more money they make. If they have all this data on a person, they can target on a per person basis. And that money is probably talking louder than any care about liability from data based on how much they're collecting. They're a business, they have to have revenue in some way.
I'm making some assumptions, please correct me if I'm wrong.
You could pull up the (local) browser history and see exactly the same information there.
I've learned to know that's never true, and even when people "know", often they don't actually know in a non-abstract sense.
Is it just surprise that they are in fact collecting this information? Because I thought that was pretty well known.
On the one hand, yes, it's a level of transparency. And there are some controls. Exceptionally cumbersome controls, particularly if you manage multiple accounts. Quite notably lacking in the ability to entirely disable multiple services -- I have no use or wish for Blogger, YouTube, Maps, or other activity tracking. I don't want Google tracking my location data at all, in any way -- not GPS, not WiFi connections, not cell towers. Nada. I can't say that.
I cannot globally disable or deny specific permissions from Android applications (Android 5.x, supposely 6.x offers slighly improved controls). I've written elsewhere about how the entire Android app store is a complete toxic cesspit and mess.
So, yes, Google give you some insight on what information they gather, which is better than many other services. They offer exceptionally poor controls over it. And the company has been either exceptionally passive-aggressive in re-enabling tracking of data users have denied it, and re-establishing or linking services they've expressely stated they don't want re-established or linked (see my comments elsewhere in this thread), or they're manifestly incompetent to manage what they've built.
I'm not sure which possibility concerns me more.
Keep in mind that Google:
1. Already are the number-one producer and software provider for personal pervasive hackable broad-spectrum surveillance devices. Which is to say, Android-based phones, tablets, notebooks, and other products.
3. Put cameras directly on peoples faces and got all flustered when it turned out that the people those cameras were pointed at didn't like the idea. Google Glassholes.
4. Are planning to put a live, always-on, 24/7/365 microphone with remote processing in homes, offices, businesses, and other locations.
5. Are planning to produce "driverless cars" which will operate as either privately-owned or business-service vehicles, yet another venue in which my privacy is directly compromised in circumstances well outside my control.
The absolute mandate for Google to operate without the slightest hint of misplaced trust is extreme. I frankly don't see how they can meet it, and predict spectacular failure.
Edit, maybe delete? From your view, you mean... or from their databases?
"From better commute options in Maps to quicker results in Search, the data we save with your account can make Google services more useful to you. Using Activity Controls, you can decide what gets associated with your account and pause the collection of specific types of data — like your searches and browsing activity, the places you go, and information from your devices."
What I'm doing now is:
Logged out of Google maps, YouTube, etc.
Safari privacy settings to most private. Only exception was allowing cookies on current site only, rather than never
Focus by Firefox with all privacy options checked
DuckDuckGo for search.
Also, how do you do a non indented list in hacker news? I have never figured this out.
I added some stuff. I began using 1blocker. Disabled all cookies by default, but am whitelisting them on site only for a few sites I have to log in to.
Using this site to test. Now with Vpn on, only hardware, software and gyroscope are leaking. Not sure there is any way to block this on iOS.
1. First item.
2. Second item.
2. It works.
3. I'm happy. This will make for better comments.
Edit: there is: https://myactivity.google.com/delete-activity
Does anyone know if there are any opt-in data sources that feed into this? I'd like to keep it as comprehensive as possible.
But what is particularly insidious is the mobile click tracking. I am wary of clicking news items or links in Google Now that might reflect on my intentions in an undesirable way.
Or should I say "histories" -- there are multiple Google accounts involved, few having any variant of the names I'm known by in meatspace.
Still, for some reason, there's a bunch of Google Shit I Don't Use which I cannot simply get rid of or turn off. Instead I've got to laboriously go through each one (for each Google profile), and ensure that all tracking and history are disabled.
It'd be rather nice to have that fixed. After all, linking G+ and YouTube accounts just went so well, right?
I tried turning on Web & App Activity just to see what it caught, and it turned it off again.
I'm not sure, but I think that makes me feel slightly better about my university.
I feel good.
I thought I'd already turned everything off, but there were still a few youtube searches in there from several years back, I guess from before I'd turned things off fully.
My wife and I maintain a list of ridiculous oddball Google searches we've made in the past (no, you can't see it). It would be interesting to try to train an AI to find the ones we've missed...
Google actually are pretty good at providing that, and I think it does include search activity, if requested.
What I'm not content with is that they're showing it in a wrong language, but I guess I can't ask for good webdesign from someone like Google.
Google is effectively transforming itself from an ad company to a big/huge brother, the real big brother that now knows everything I do. Facebook is no better either.
You can delete / regenerate accounts.
If you've got a Google account in which you have a need for persistent data -- say, Gmail, Webmaster Tools, or YouTube, you might limit yourself to using those from only isolated accounts or tools.
Mind that using, say, the Android Gmail or YouTube app isn't sufficient for this as your Android device ID itself (which can also be regenerated) appears to be part of the information, and that these applications use the Android identity store to track IDs, which Google apps share amongst themselves.
Android as of 5.x does allow multiple device users, so you might split your use across multiple users.
For Gmail, you can enable IMAPS support and use a third-party IMAPS-enabled email app (K-Mail is a decent one for Android, it supports PGP as well).
Creating new Google accounts may demand you supply a phone number. I'm not sure where this is or isn't a requirement, and I've seen that come and go at various times.
There are alternative services, though these have their own issues. Google provides free-of-cost access, and using a paid service generally creates a payment-identity record should you use another service, as well as risks of service cancellation for non-payment. A long-term assurred service with privacy baked-in would be slick.
I've minimised though by no means eliminated my use of Google. I increasingly view it as directly hostile.
It doesn't allow you to type dates. :sad:
I guess that's nice. I wonder if they'd still keep the original data points.