E: What I mean by that is Google provides the means, but Google couldn't track nearly half of all sites if nearly half of all sites weren't complicit in the tracking.
It's like saying that because windows are transparent, it is ok to stare into people's living rooms. It's not - irrespective of transparency or lack of curtains.
In a world where that is clearly not ok, then why is it that this kind of thing (tracking) is deemed ok?
What we need is something that does to our online privacy, what curtains did for peoples real privacy. And, although I fear that this is not technically possible, the absence of the possibility of such protections, still does not make tracking right.
Nope. When you enter someone else’s place of business, you have no expectation of privacy. These websites belong to private entities. So it’s more like saying that because you voluntarily walked into my store, it’s ok for me to observe your behavior while you’re there. Which, of course, is completely logical and acceptable to most people.
Don’t want me to track your behavior while you’re in my store? There’s a very simple, 100% effective solution for that: don’t enter my store. Because if you do enter, you have no right to complain that I’m observing you.
That's not true at all. When I go to the hardware store to buy a box of nails, I don't have any expectation for the owner to begin following me around for the rest of the day (and in perpetuity thereafter). I also don't expect the hardware store owner to get on the phone with the grocery store owner and ask him what groceries and personal hygiene products I bought.
Also, the comment originally pertained to the Wall Street Journal, a newspaper. Are you suggesting that reading the newspaper at home grants the publisher the right to peer in through my window?
Expectations of privacy have long been enforced by social norms rather than laws. Since technology has granted corporations the means to do an end-run around social norms then we should expect the law to catch up and fill the gaps.
People may not have had a lot of privacy from their neighbours when living in small towns but they could generally count on their community to care about their well being. This is not the case with online businesses of any sort.
No, nor did I even intimate that. That's your property, not mine. That suggestion is as ridiculous as the one I was trying to refute. But when you enter my property - be it virtual or phyiscal - expect to be observed using whatever technologies and vendors I want that are legal (with a few obvious legal exceptions, such as bathroom surveillance).
If, to continue with your newspaper example, you took your newspaper into my store and decided to read it there, I am fully within my rights to observe that you did that, watch you to see if you buy something while you're there, and see if others exhibit that same behavior. Depending on the results of that analysis, I might then decide to move the newspapers to the front of the store, near tables, where you can sit and read because I have determined that newspaper readers are profitable customers. There's nothing wrong with that - I've now used data obtained while you were in my store (where you have no expectation of privacy) to improve both your experience and my profitability.
Browsers run code delivered by websites. It's generally considered impolite, at least, to provide code that mines cryptocurrency on visitors' machines. Most people wouldn't defend serving up malware, either. So there is well-established precedent for arguing that there are things a website shouldn't do to its visitors.
Extensive tracking scripts are now falling into the same category as crypto miners and malware.
The explosion of ad blockers on users' browsers is a direct result of websites pushing advertising tactics way too far and not putting enough effort into the safety of their visitors. Tracking scripts will be next. Firefox has a lot to gain from pushing browser features intended to make it look like a more privacy-conscious browser than Chrome; there are already extensions like Ghostery and Disconnect, and uBlock Origin blocks a number of other tracking scripts too.
If website developers don't accept some kind of middle ground in this discussion, they'll be relying on their access logs for all of their data before long.
That sounds like HN to me. Nothing likes analogies like HN likes analogies.
Put it this way--analogies are like cars. When they're good, they're great, but when they're bad, they're really bad.
That's definitely your opinion, and it is one that is not widely held. How do I know this? Because Facebook's usage - despite a deluge of recent headlines headlines that vastly overstated their privacy issues and made it the poster child for extensive tracking technologies - hasn't gone down. So, roughly 2 billion of the world's Internet users disagree with you.
Only 26% of web users in 2016 had installed ad blockers ; that doesn't mean you get to say, "74% of web users don't mind advertising and malware".
Facebook announced its first net loss of North American users last quarter. They're expected to post a much larger loss during the Q1 review on Wednesday  as a direct result of the Cambridge Analytica scandal.
I guess you can stand steadfastly behind the position that "nobody cares because there are 2 billion users", and ignore the falling metrics for user engagement , and the protests (see the picture at the top of ), and the senate hearing, and the media coverage, and the millions of Ghostery and Disconnect users who've gone to the trouble of searching for and installing extensions specifically to block tracking, and Firefox's built-in tracking protection. Sure, aside from all that, nobody cares.
But this isn't an issue that's going away yet, no matter how much you want it to.
We'll have to agree to disagree on the rest of your argument. Most of the 26% of users that have installed ad blockers (including myself) have done it not so much to thwart tracking, but to put an end to the poor user experience that many intrusive ads create on web pages. Visit any local newspaper site with your ad blocker disabled to view what I'm talking about. Many sites aren't even usable without an ad blocker these days. I am in the ad blocking-for-user-experience camp...I could care less about tracking. In fact, for the ads that I do see, I like them being highly targeted. I went for years without clicking on a single ad on the web. Only in the last year or two have I found them relevant enough to click every now and then. Since these advertisers aren't given any personally identifiable data by the ad networks, I don't feel any violation of my privacy either.
The fact that the ads are highly targeted, and the fact that they are used by many companies, means that you are probably personally identifiable by correlation. They don't need your name. They probably have your locale (to a high degree of precision), your shopping habits, your sexual preference, your education level, your family size and many other details.
Secondly, that information is used to influence you. Cambridge Analytica still proudly proclaims, on their home page, that they "[use] data to change audience behavior." Ads on Facebook are being used by different groups to inflame political tensions . The tracking widgets used on nearly every site you visit now means that some company, somewhere, knows everything you're interested in. They are in the business of using that information against you, to their benefit, whether it's in crafting sensational stories with clickbait headlines to get more of your attention, or selling you products you don't need by preying on your insecurities, or just trading it for money to other companies who will use it in new and creative ways -- like CA, who specialize in tilting voting behavior. 
Thirdly, you're counting on advertising firms having perfect security and never accidentally giving your information away to people who shouldn't have it. Advertising companies just don't have good history when it comes to data security   .
People seem happy to ignore the ramifications of all of this, because it's not like they're feeling physical pain or discomfort or noticing any other immediate negative effect when more tracking data is collected or they see another ad. But this is a form of psychological warfare, and at least some of this stuff is designed to corrupt your thinking, to get more of your attention and change your opinions about things and convince you that it's all very harmless.
We've strayed away from tracking data and into advertising, but they are two sides of the same coin.
I did want to respond directly to one of your points that is dead wrong. With regard to this statement:
>Secondly, that information is used to influence you. Cambridge Analytica still proudly proclaims, on their home page, that they "[use] data to change audience behavior." Ads on Facebook are being used by different groups to inflame political tensions
There has been no scientific evidence that CA, the Russians, or anyone else was actually successful in their efforts to use Facebook to influence the election or "inflate political tensions". In fact, CA's own customers say that it didn't work . This whole thing was a manufactured controversy.
If CA were a "manufactured controversy", I think HN would've cottoned on to that quite a while ago, rather than the various comments (among thousands on the topic now) expressing surprise that people are suddenly paying attention to this:
50M Facebook profiles harvested for Cambridge Analytica in major data breach: https://news.ycombinator.com/item?id=16606924
Zuckerberg on Cambridge Analytica situation: https://news.ycombinator.com/item?id=16641550
How Cambridge Analytica’s Facebook targeting model really worked: https://news.ycombinator.com/item?id=16719403
Leaked email shows how Cambridge Analytica and Facebook first responded in 2015: https://news.ycombinator.com/item?id=16667805
The Cambridge Analytica scandal isn’t a scandal: this is how Facebook works: https://news.ycombinator.com/item?id=16621885 (solid top comment on that thread)
Palantir worked with Cambridge Analytica on the Facebook data it acquired: https://news.ycombinator.com/item?id=16690721
Users Abandon Facebook After Cambridge Analytica Findings: https://news.ycombinator.com/item?id=16644067
I'm not, by the way, providing any of these links in my comments to try to change your mind. I realized several comments ago that you've got an entrenched and unmovable opinion that pervasive user tracking on the internet is no big deal. I've been providing these links for anyone else reading who might be interested in the topic.
Should browsing the Sears website be more like reading a Sears catalog in your own home, or more like physically walking into a Sears store? It's clearly got some aspects of both.
You can't just assume one is the "right" view and then use that to argue your point, because once you boil it down that's precisely the thing you disagree about.
EDIT: I see thaumaturgy made essentially the same point in a sibling comment.
It's more like Home Depot slapping a GPS tracker on my person, which I am take with me when I leave the store, isn't it?
When I walk into store (a) it's reasonable to assume that store (a) might be observing my behaviour, along with perhaps a sub-contracted security company etc. It's less reasonable to assume that walking into store (a) gets me observed by stores b-z and subcontractor 1-255 which is more like what happens on the web. They don't generally follow around town for the rest of the week either.
Go to web site or store and get observed by Google, Facebook, and dozens of assorted analytics companies who will then endeavour to track you wherever you go next, for as long as possible.
Now then, ignoring JS and adblocking for a moment, which mainstream ecommerce or news sites can one frequent in order to adopt the "100% effective solution" of not being tracked?
Well what about the new amazon retail store, that records your every move?
Also what about stores or shopping malls that contract their security cameras out to other companies? Surely those security companies may be doing all kinds of stuff with people's facial recognition data.
Amazon's high street store is an easy to avoid aside until a Tesco or Walmart tries it.
I hope that GDPR restricts the extent of "all kinds of stuff" that companies wish to do to cctv security footage. I suspect it won't be nearly enough. The trouble with cctv is the consumer/shopper has effectively no way of knowing thus should be quite strictly regulated.
When I somehow get upgraded to business class while flying it is rather flattering to be greeted by the stewards by name while being offered a glass of decent champagne.
What if your store could do the same for people considered social influencers or "whale" spenders? As they enter the store, dispatch your Personal Shopper squad to gently welcome them, and nudge them towards purchases -- or if nothing else, a little social media moment worthy to share with their followers.
Perhaps their social posting history will reveal a hyper-personalized special offer that can make them buy that $2000 handbag.
At what point does this behavior run afoul of stalking laws?
For example, stalking is illegal.
as is wiretapping
The point here is that they do it just because the snooping is invisible. And that irks me.
The point is, don't come on my property - physical or virtual - unless you don't have a problem with your behavior being observed while you're there.
You cant tracke in your bathroom or changing stalls. You cant listen to my phone calls or ask me intimate personal details about where I have been without explicitly asking me.
This is only somewhat true. At the spa for instance, you very much have an expectation of privacy. Practically speaking it is sort of contextual? Even at say a restaurant, I would be both surprised and disconcerted to discovered the business had recorded the entire conversation that occurred at my table, even though I would be unsurprised by a bit of eavesdropping.
So the rules of the tracking and surveillance road are well defined, and most businesses adhere to those rules. All of the privacy complaints I have seen recently did not involve violations of the law. Rather, these complaints are essentially that people have a fundamental human right to use private services being run at the cost of private entities on the terms that users choose, which just isn't how the world works.
No, it's more like saying that if I phone your store to ask how much some item costs, you think it's OK to come over to my house and peer through all of my windows.
So you'd have no problem with a restaurant owner bugging all their tables and listening in on their customers' conversations?
Tracking on websites works like this:
* the site sends your computer content and code
* your computer runs the code, which causes it to send data about you to a whole bunch of third parties
* meanwhile, your computer displays the content to you
All you have to do is decide not to do step 2. It's your computer, it's under your control.
But what's problematic is that most users are clueless. And that browsers by default send all that data. To prevent that, you must (at least somewhat) know what you're doing, tweak settings, install add-ons, etc.
It'd be cool if browsers protected users' privacy, by default.
Legally, it is. You might advocate to change that law.
However, exact same thing applies for Facebook and all the likes. If a website is entirely self-contained, nobody other than your ISP or your browser/OS may track you over there as you directly type its name out to the address bar.
If Facebook is to blame more than the websites putting their like button on their websites, then so is Google.
On top of this, many people use Google as a gateway to the Internet. Even for the websites that they are pretty sure about their domain names, people rather search for it on the google.com, and follow the link from there. This allows Google to track them, even when they do not use Chrome. Yet, many even do use Chrome, very likely tracking you even when you do not visit a website through google.com.
So Google isn't even dependent so much on the other websites using their analytics, definitely not as much as you state with:
> Google's ability to track users is 99% entirely due to companies like [...]
It would be interesting to know the breakdown of contributions of Analytics, google.com, Chrome, etc. to Google's tracking capabilities.
It would be interesting to actually see the breakdown between Google's 1st party tracking (direct-from-Google) vs Google's 3rd party tracking (Tracking thanks to 3rd parties)
>If Facebook is to blame more than the websites putting their like button on their websites
I think the problem here is how Facebook sold the user data and/or used the data to target - as it allowed much more narrow demographic targeting than I think even Google provides. (I could be wrong on this, I've never actually USED either for ads - although I work for a company that does so I really should probably know this...)
I'm not advocating that either side is wrong in that statement, but just drawing a similarity.
Google Search, Google Fiber, Google Recaptcha, Google Translate, Google Adsense, Google Chrome (Safe Browsing checks etc.), Google DNS (18.104.22.168 etc.), Google Mail, Android Integrations, Google GSuite (Sheets, Docs, etc.), Google Drive, Google Analytics, Google AMP, YouTube
So on and so forth. Of course, Google keeps most of this data to themselves to improve products and sell ads, but it's scary how much they have especially since they broke down the firewall between services. 
I haven’t checked the other products, just wanted to point this out since people seem to assume worse than what’s actually happening (for Google Public DNS, at least).
> We don't correlate or combine information from our temporary or permanent logs with any personal information that you have provided Google for other services.
Of course, all of that is meaningless if you want to think that Google is lying in its privacy policies.
(Disclaimer: I work at Google, but not on 8888).
This is nice in theory but would prevent you from sharing your data with any third-party services in practice beyond your personal circle of trusted acquaintances.
I'd say that depends on what definition of "personal" they're using.
This is information which you provide to us which personally identifies you, such as your name, email address or billing information, or other data which can be reasonably linked to such information by Google, such as information we associate with your Google account."
That stuff is kept separate from all account data (like with Google DNS and fonts, too): no common cookies, "unauthenticated" (ie. no cross-referencing with Google accounts), logs retain no referrers
Is it simply that people don't seem library CDNs as a source of privacy piercing data?
SRI (no changing content for a specific user) + crossorigin ('The "anonymous" keyword means that there will be no exchange of user credentials via cookies, client-side SSL certificates or HTTP authentication'), no referrers via meta tag or header.
The other end gets your IP and browser UA, with nothing else. It is pretty low on the totem pole of worry.
Probably more critical here is Chrome Sync. They can and do read your entire browsing history through that.
With Safe Browsing, they at least still promise (in a legally binding way) that they don't store the data.
With the small drop of faith I have left in Google, I want to believe they don't read my files and use encryption. Is there any evidence to the contrary?
So, your data is uploaded over TLS or similar, gets decrypted on the server and then is re-encrypted before it's stored on hard drives.
So yeah, this does mean that they have access to your data. Since the at-rest-encryption happens on the server, Google has the encryption key for that somewhere and can at any point decrypt your data.
Presumably not everyone at Google gets your data for reading at home, but that's about as much comfort as you should assume.
The NSA, CIA, FBI can also request Google to decrypt your data and hand it over. They could not do the same, if Google used proper end-to-end-encryption.
There is one point to be made for not using E2EE, which is that you can't offer a "Forgot Password?"-link. If the user forgets their password, you can't decrypt their data either. All you can do is wipe their data and let them start anew.
If you use your cloud only for syncing, that's probably not a problem (for example Firefox Sync does exactly that on a scale of millions), but if you use it as a backup or to preserve hard drive space, it can certainly be.
So, you'll have to decide for yourself, if you think being allowed to forget your password is worth the surveillance and lowered security.
If not, use a different service. Spideroak, SeaFile and Mega.nz are a few that do E2EE.
If you do think so, at least use a service that's not at home in a surveillance state and surveillance company...
So, if every webpage you visit loads in its fonts from Google's CDN, they have your complete browsing history from that alone.
Other commonly used CDNs of Google:
GStatic, JQuery, ajax.googleapis.com
Example: Location history. It is turned off by default. I chose to turn it on, so I can know places I’ve been to previously (if I forget the name). It’s like a journal that writes itself.
Google has its privacy issues, but on a whole I voluntarily choose to give them permission to collect my data, because I get direct value from it.
I think this trust might be misplaced.
> Example: Location history. It is turned off by default.
Displaying your location history to you is turned off by default. Google's own recording of your location, for their purposes, cannot be turned off.
Citation needed. Android even lets you turn off AGPS, which collects anonymous location data to update itself. As far as I know, this is not even possible on iOS.
On Android, I noted before that when I turned on and off location services, the GPS lock was near instantaneous (i.e. when I turned on location, Google Maps located me with GPS precision immediately. There could be other ways of how this happens, it was noted in another post of mine, but that had still had me a bit suspicious. I replaced Google Play Services with microG recently (https://lineage.microg.org/). I then saw that it was MicroG, NOT the OS, that had control over my location, and MicroG still tracks my location when Location is off(https://github.com/microg/android_packages_apps_GmsCore/wiki...).
While none of this conclusively points to Google Play Services tracking me when it is off, the way that Android is set up makes me very strongly suspect that's what they did.
Google maintains a database of wifi networks and their locations (I don't know the ways this data is acquired) to help triangulate the position: https://www.quora.com/How-does-android-use-WiFi-to-get-your-...
It's been acquired from a range of sources. Most notably, Google Streetview cars collected a very large initial data set. Once you have that, it's quite easy to maintain an up-to-date dataset by verifying new routers picked up against nearby known routers (as well as verifying against GPS sensor data obviously).
This tech is not only in Android phones, but also every Chrome browser, so that's a lot of incoming data. The API used to be used by iOS and Safari (before Apple Maps) and Mozilla Firefox (before they launched their own WiFi and cell network database; theirs is released under CC0 though so I'm sure Google use their data too).
There are also other competitors to Google, Apple, Mozilla here with their own databases, like Skyhook, Navizon, AlterGeo.
I welcome any alternative conclusions though.
Play Services has a lot of stuff in it because it's easy for Google to upgrade it without going through phone vendors or carriers. It was a way to counteract the effects of many phones being on old versions of Android.
I meant MicroG, it is documented on their site (see the link).
That has nothing to do with the GPS setting of your phone.
(Disclaimer: I'm an engineer at Google)
Either you have no clue about what is going on in your company or you are here as a PR guy.
I really hope that GDPR will hit you hard, as far as I am concerned you are far worse than Facebook, more harmfull than Monsanto, you have opened Pandoras box of user tracking and becoase of you now every single company is doing it. And just so you know, by writting this, my karma will fall for at least 10 points as your fanbase (which typically doesnt even understand what I have written) will downvote me a lot. I am telling you this just for you to understand how very pissed off on behaviour of your company some people are. The only thing that is into your favor was actually your biggest mistake - you have mistakenly made android open source which makes it far more feasible to silence it down to the point where it no longer communicates with your domains. This was maybe when you were still having the "don't be evil" attitude, at least as form of PR.
When you log in to a service (eg. Google), the device doesn't "silently" communicate with the servers, you asked it to. It sends a request with credentials, as it should. That request naturally comes with an IP address, which can be mapped to a rough location with no further information by the client.
"Android even lets you turn off AGPS, which collects anonymous location data to update itself. As far as I know, this is not even possible on iOS."
AGPS is GPS, assisted but still GPS.
That ggp prefixed that line on AGPS with "even"; they were asking for citation that Google persistently tracks location, and just used AGPS as one example.
The point being, saying Google allows you to disable GPS is a world away from saying Google allows you to disable location tracking. And I'm not talking about IP geolocation.
I don't even know if they do completely respect your choice to disable GPS (citation needed indeed here), but I do know that they persistently track you via WiPS/WFPS at the very least, if not other methods.
Do you want to turn Location History on?
Are you suuuuure you don't want to turn location history on?
To use maps effectively you need location history on. Turn on?
Location history may affect ____ you wanna turn it on?
How about now, location history is a great thing to turn on....
EDIT: for those of you who downmodded this, the point was that if you have location history off, Google spams you constantly with requests to turn it on. You'll get this request for opening up maps, using Google Now, or a dozen other things generated from many apps. There is also no option to temporarily turn on for app.
Not so nice uses of LocHis: https://www.androidauthority.com/google-android-location-his...
Explains how LocHis tendrils are everywhere: https://qz.com/1183559/if-youre-using-an-android-phone-googl...
Seemed like a low enough bar.
Firstly, I was pointing out one small example of Google's privacy settings being non-obvious, which the GP mentioned in their post. There are many, many others one could go into, but we'll stick with just user location privacy for now.
Also, minor disclaimer: What Google does or doesn't collect varies over time (as their policies and regulation changes, and in response to various court-cases). What they might have done according to one source a certain number of weeks/months ago they might have since stopped doing. But my point is that they cannot be trusted to follow the implied behaviour of high-level settings.
However, since you've refuted my statement, some examples:
1. Google's own terms at 
> some information (such as the association of your Google Account to your Google Wifi network) is stored by Google even if all privacy controls are turned off.
This is bundled with Google's tracking of the geographic location of each Wifi network to feed their WiPS/WFPS services.
2. As @lern_to_spell has alluded to, "Location Reporting" and "Location History" are separate settings; the former does allow you to turn off some (though not quite all) location recording for your Android device at least, but the latter setting is still very misleading, and the former setting comes with a sacrifice (some apps become unusable). See 
3. Even with all of the above granular settings and admissions in terms, Google still have demonstrated in the past that they cannot be trusted to follow even their own loose promises w.r.t. respecting user privacy. e.g.    - note these articles are spread over 3 years, and are about events from 6 years previous; not exactly a promising sign of Google's policies being corrected by the court actions.
-  https://support.google.com/wifi/answer/6246642?hl=en
-  https://www.howtogeek.com/195647/googles-location-history-is...
-  https://www.theguardian.com/technology/2010/may/15/google-ad...
-  https://www.wired.com/2012/05/google-wifi-fcc-investigation/
-  http://www.bbc.com/news/technology-24047235
It’s like a journal that writes itself.
Google is actually creepier to me than Facebook just by comparing their market share in online advertising (Google is twice as much as Facebook), and how actively their officials engaged in political issues.
In this case, they just blame you for installing an extension that behaves badly.
If you create an open system that allows users to do anything to their systems, you create footguns. I don’t see you whining that this is universally true for desktop computers as well.
It's reckless and it's irresponsible. And it's unique to Google.
EDIT: Also, re: desktop computers, if you check out my Reddit comments, you'll find I've been actively advocating for developers to support UWP sandboxing on Windows, and mostly telling off their excuses why their apps need full system access.
Unreviewed browser extensions should not be permitted, full stop. Microsoft has (finally) figured this out: There's a few dozen Edge extensions which Microsoft has vetted, and that's it.
Additionally, scrutiny for extensions can be filtered by their capabilities. In my given example, the issue is the ability to read and modify content on all websites you view: This permission should only be granted after extreme scrutiny, whereas an extension which can only access a single domain and does a simple thing needs only a cursory glance.
Unfortunately, reviewers who can vet extensions for malicious code also come in lesser volume than reviewers who can watch YouTube videos.
> But there's little to gain from an endless supply of browser extensions.
Debatable. Every move by Mozilla and Google in the past to restrict add-ons has been met by criticism from developers. I doubt many here would share the love for the Windows Store.
> Microsoft has (finally) figured this out: There's a few dozen Edge extensions which Microsoft has vetted, and that's it.
I'm sure Microsoft's gatekeeping has kept many shoddy extensions out of the store, but the fact that Microsoft introduced support for Edge extensions only recently compared to Firefox and Chrome and that Edge has relatively low marketshare probably also factor into the low number of extensions available.
> In my given example, the issue is the ability to read and modify content on all websites you view: This permission should only be granted after extreme scrutiny, whereas an extension which can only access a single domain and does a simple thing needs only a cursory glance.
The add-ons I use that can be restricted to a limited number of domains already do so, but most of the add-ons I use must be able to access any given site in order to function: password managers, tab organizers, etc.
It's true the permission is powerful, but if you're going to ask for "extreme" vetting of extensions which use it you might as well ask for extreme vetting of all extensions since legitimate use cases are not exactly a small category.
Google search itself creepily insists on telling you your location on every search when it has nothing to do with it and is completely irrelevant.
In this way it constantly seeks to legitimize creepy behavior and has gone all out to make stalking and hoovering up data look as if it is ok and harmless.
Combine Google's massive access to data across properties and their creepy behavior and the results are far more sinister.
They gave all their China user data to the China government so they could stay in China to make a buck. Is that not selling users data?
Versus Google chose to leave China instead of handing over the data.
Campaign targets Apple over privacy betrayal for Chinese iCloud ...
The iCloud-China situation is unfortunate. The situation is very different from Google, both in the opportunity costs, and the fact Apple's products are dependent on China to be manufactured.
Additionally, if you forego iCloud services (namely iCloud backup), then the data that the CCP can access is actually quite limited. All of their phones since the 5s in 2013 have been leaders in security, and if you use a passphrase or 10-digit pin as a passcode then not even the most recent iPhone cracking tools could brute-force your phone (within a dozen years, within a century for 11-digits).
I'm miffed about China, but I still believe Apple is the best option because I don't think there's much that can be done in their position and the impact is limited. For me that would change the instant an actual iOS backdoor is made for any gov't.
Versus Apple handed over all there user data to make a buck. Plus this is actual data not a targeted ad.
Do I have this correct?
Cloud services are required to use Google services & devices. G had to choose between giving China everything or withdrawing from the market.
Cloud services are an add-on to Apple's products. The iPhone is still useful without enabling anything from iCloud. Cloud services are optional with the iPhone.
The two are actually very similar.
Google services do not matter if you have an Android phone or an iPhone. Suspect there is actually more consumption of Google services on the iPhone then even Android but do not have numbers handy to support.
As a third party observer, you have gone completely off the rails here.
This is certainly true, and given that under Cook Apple has clearly decided this is a strategic asset to invest in, will probably become more true over time
> and are much more transparent about what data is collected and how it's used
This is false - Google does just as good a job on transparency. It's trivially easy to see what data they have on you, and control it as you wish. Google's business model would be threatened if people used these facilities, but of course they don't.
We all should be highly critical of Apple's stance in China and we should all fear the direction China is going because a great many Western politicians like that direction too and simply are working out how to sell it to us, from think of the children, stopping exploitation, stopping hate speech, and more.
Can you clarify what you mean by "sold" here?
Clinton and Obama als bought ads there, but the controversy is primarily about Trump.
If the cambridge analytica story was about selling cars or home appliance, it would have been forgotten in a few days.
Edit: And perhaps it's a good thing that it was about the elections? It would mean that it might force a change on first Facebook, then maybe other internet companies
Ok ok, maybe the mass public is finally becoming more aware of these issues, but they're also even more heavily invested in the services Google/FB provide than when these revelations were first known to a more niche online community.
I find it hard to believe that all this media attention is anything other than too little too late.
Be careful what you wish for. Weighing all of the possibilities I can imagine and the likeliness of their occurrence (regardless of intent), I'll take the status quo.
The NYT can publish stories centering on this notion despite being ??% reliant on said online advertising in order to stay in business.
Would Google (or Facebook) publish similar warnings against the annoyances and harms of online advertising despite being 98% reliant on said online advertising in order to stay in business?
How strong an argument is "Newspapers use trackers in their online editions therefore any news they publish about tracking has no educational value." (or is somehow compromised in some way)
Did newspapers have a choice in whether they chose to participate in the www as we see it today (overrun with advertising and fraudulent, insidious tactics)?
If yes, what was the choice?
What would happen to these newspapers if they failed to "cooperate" with Google?
Just know when we get things like the cloud act, the next sopa, or the next government-over-tech bill, we asked for it by building this furor. Seems quite unbalanced to me. I wonder how I or others can stop feeding this growing furor.
WSJ is owned by Murdoch's News Corp. He has been in a anti-Google crusade for a while.
Anti-Tesla articles are another example of places to be suspicious of the source because a) day traders trying to short the stock have deliberately tried to spread damaging information and b) fossil fuel companies and regular car manufacturers have a vested interest.
That’s not to say all anti-Tesla articles are wrong, just one should be careful that you aren’t being a rube to propaganda.
Also, Facebook wasn’t dinged for collecting data, they were dinged for allowing a third party to scrape it.
The people using Facebook are quite aware of all of the stuff they’re telling FB interests, likes, groups they join, what they don’t want is third parties who shouldn’t know, to know.
I don’t care that Facebook knows what articles I liked. But I don’t want Cambridge Analytica to know in an individually identifiable manner.
Search - Use DuckDuckGo or startpage.
Use Fastmail or any other email provider that is not Google.
Watch Youtube videos without creating an account and clear out cookies regularly.
Use Vimeo or some other service to host your videos for private use.
Use Google Translate without a Google Account, and make sure you're not logged into a Google account in another tab or even the same browser.
Use Firefox instead of Google Chrome.
Google Adsense - Block ads using adblocker, Ghostery, and if you're up for it, use Adnauseum. Again, make sure to not leave a trace of a Google account in that browser.
Google DNS - Use your carrier's DNS or even better something like Quad9 instead. Keep changing it among the open ones if you dont want a single DNS provider getting all your history.
Android Integrations - Use iPhone :-) But, if you have something against Apple or dont like it, Use as plain Android as possible. Check if you can live without the Play store. Rooting?
GSuite - Use local Office programs with files living in Nextcloud or something.
Google Drive - Use Nextcloud instead.
Google Analytics - Adblock/Ghostery it.
Google AMP - Note sure what you reveal if you can avoid a Google account. Clear out cookies frequently.
The point being, do NOT use a Google account in the browser, clear out cookies as often as reasonable.
works as usual. Putting "http://facebook.com/l.php?u=" before the url does the trick.
I've had picked up this technique from a fellow HN user, wanted to share.
Worked at a privacy obsessed place before (Mozilla) where I worked on building privacy-preserving ad infrastructure.
I think we've more to fear about the other data brokers (so-called DMP's and their sources of data, e.g. your bank) than Google. At the very least, we have some assurance Google is competent with handling the data.
Google is a big well-known target and definitely poses a central point of failure for our data, but this piece could've been more than a dig at Google and rather, could have explored how private information is handled in the Ad industry in general.
> Google gathers more personal data than Facebook does, by almost every measure—so why aren’t we talking about it?
Because one problem at a time. If we are going down this path, how about,
> Many people die of hunger every year more than Facebook, by almost every measure—so why aren’t we talking about it?
Whataboutism would be if we were to suggest Facebook isn't that bad because Google does it too. But articles like this are trying to point out that both companies are doing bad things: We should be going after both of them.
This is dealing with one problem at a time. The problem is unchecked commercialized mass surveillance, and any laws that come out of this should apply to Google, Facebook, and every other company that has been engaging in these practices.
Your attempt to spin these as unrelated with that last line doesn't even make sense.
Obviously it’s inconvenient and I wouldn’t use it for the lion’s share of my emails, but if I were sending something like a password or a code I certainly would.
(Android is mostly a lost cause even if you try and strip Google out of it, and doing so in an even mildly secure fashion is beyond most people's competency. Most other OSes are more or less toys without even basic ability to replace a modern smartphone.)
 - https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%...
Apple terms let them collect tons but no dashboard. No transparency. No way to download.
Why? Apple is legally required to hand over the court ordered data whether or not they participate in the FBI's data integration program. By implementing a proper data integration system, Apple can standardize audits and alerts and make sure the FBI gets only what is required and not somebody else's data by accident as might happen if the data were sent by hand each time.
No, according to Snowden's documents, PRISM is a data processing system that consumes data sent to the FBI's Data Intercept Technology Unit following a Section 702 order for communications sent to or from a specific foreign user not in the US.
The wiki page's synopsis are contradictory as usual, but the original images as well as Snowden's comments are not ambiguous. The slides show real time access to video, voice, VOIP, etc.
Snowden's synopsis was, "In general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."
Quoting Greenwald who received the information and disclosure directly from Snowden: "...even low-level NSA analysts are allowed to search and listen to the communications of Americans and other people without court approval and supervision." Greenwald said low level Analysts can, via systems like PRISM, "listen to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents. And it's all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst."
For the specific users whose data was requested in the Section 702 request.
> Quoting Greenwald who received the information and disclosure directly from Snowden: "...even low-level NSA analysts are allowed to search and listen to the communications of Americans and other people without court approval and supervision."
Funny how Snowden didn't have any evidence of this. All his documents match the description I gave you. The FBI's DITU is right there in the system diagram slide. This is just a misunderstanding of the documents by a low-level sysadmin who never actually saw the programs and a credulous reporter who didn't even try to check his facts.
Apple gave up their user data in China so they could make a buck and Google instead chose to leave China instead of giving up the data to make a buck.
Apple it is more data and more money made and therefore believe the largest selling data example we have had in my lifetime? Do you know any examples that are bigger?
This is also actually giving the data instead of targeting an ad.
Primarily, the onus is on them to show that they do not have contractual allowances to sell data to internal or 3rd parties.