Hacker News new | past | comments | ask | show | jobs | submit login
Google tracks your movements, like it or not (apnews.com)
515 points by tombrossman on Aug 13, 2018 | hide | past | favorite | 259 comments



What bothers me is that lots of applications will start throwing errors even if you disable just one permission from Google Play Services (like body sensors). Quite some time ago Google started encouraging developers to use the google play permissions together with the respective android permission. This doesn't mean that apps can collect your data even when you disable the location permission (they still can't) but it forces you to either run google play services (with all it's permissions on) and all its data collecting abilities or basically run android without anything available from the play store.

It's a really anti-competitive strategy by google, because it gives users the ability to regulate permissions for single apps effectively (limiting the ability of other companies to collect personal data) and on the other hands strengthens googles own ability to collect all your data, making their marketing platform even more valuable. It is high time regulators start cracking down on this anti-competitive behavior when it comes to data collection. Either give all companies the same chance to collect users data or give users a real option to disable it for all applications (even the ones by google).


> collect all your data, making their marketing platform even more valuable

I think the oily rags metaphor applies. They collect all your data but it's not worth much individually. But yet they want all of it ignoring your needs and rights for privacy.


What is driving me away from Google's Android is that they keep asking me to turn stuff on I don't want to turn on.

I know that "when it's free I am the product" but the problem is that this is not very obvious when you buy a device.

My $100,- Motorola Moto C plus is great but I can't remove the Google search box from my home screen for example.

What would be great is that producers would tell how much I am the product because Google sponsored X, Y and Z to make the phone cheaper. Then a consumer can make the choice to buy a more expensive one or just accept that "you are the product".


My $100,- Motorola Moto C plus is great but I can't remove the Google search box from my home screen for example.

This was one of the grounds for the EU's recent antitrust action. If Google don't want to face another multibillion dollar fine in the very near future, we should see far more choice over whether to use Google services on Android.

http://europa.eu/rapid/press-release_IP-18-4581_en.htm


But doesn't this end up sending the message that you shouldn't share your OS and software with other companies? Keep everything proprietary like Apple and make your own phones.

Because Apple seems to get away with everything. They basically removed the ability to have other browsers on iOS by restricting the performance of other browsers, so all the other browsers became reskins of Safari. And nothing happened to them.


Apple don't have anything like a dominant position in the smartphone market, with about 15% global market share. The European Commission's ruling was strongly influenced by the fact that Android devices represent the majority of the market and that the Android OS is really the only choice for device manufacturers. Android has become the Windows of mobile, so it's inevitable that Google will face far more scrutiny than Apple. The greatest single issue in the Google antitrust case was that Google were found to be using their dominance in one area (mobile operating systems) to support their dominance in another area (search).

There are serious antitrust concerns about the iTunes Store, with a relevant case due to be heard by the US Supreme Court.

https://en.wikipedia.org/wiki/Apple_Inc._v._Pepper


> 15% global market share

Maybe that's true globally, but it's not true of first world countries.

iPhone's market-share is over 40% in the USA, for instance. https://www.statista.com/statistics/266572/


It is about monopoly abuse, an OS vendor should not abuse it's market share to get more web search market share.

If Apple would have a monopoly in EU and forced it's other services then I think Apple will have same issue Google and Microsoft had.

My opinion is that Apple should be forced to be repair friendly and give the user full control of his hardware(let me install what I want like in OSX) , so I am not an Apple fan.


I'm an Apple fan because I don't need to repair the device, nor do I require full control in order to use it.

Android is fun to tinker on but when I'm stuck on the side of the road needing help, I'm sure glad I don't have a hacking project in my pocket.


> I'm an Apple fan because I don't need to repair the device

Given that Apple has no data recovery service for any of their products (even if you tell them that you'll give them a limitless pile of cash) and that they solder storage into most of their devices (that is paired to the CPU -- so you cannot remove the flash chip and put it onto a working board to recover data), this is a very bold claim.

Maybe you don't need your phone to be repaired when it is water damaged and you can no longer get photos of your children (that you should've backed up, but didn't). Maybe you want to pay US$300 to replace an out-of-warranty phone when the only thing wrong with it is that a headphone jack got stuck inside the port[1]. Maybe you don't want to pay more than the device is worth to fix a brand-new device[2].

Apple devices aren't just hard to repair, Apple as a company is anti-repair -- and defending this practice is not a reasonable position to hold. I understand arguing that Apple products are easier to use, or that they are more consumer-friendly, or that consumers shouldn't have full control over their devices because they'll probably brick them, and so on. But arguing that them being irreparable is a good thing is not justifiable (even if you don't need your device repaired, someone else will, and out-right ignoring that is misinformed).

[1]: https://www.youtube.com/watch?v=OR5ZUl0Q-NI [2]: https://www.youtube.com/watch?v=9-NU7yOSElE


Apple has had iCloud backup for some time now, including cloud camera rolls. For your second source there, this is pretty common practice. You take the device apart and damage it in the process then why should the company stand by that? They have to worry about legal issues because the fine consumers sue them for every little thing they do, therefore as a result they cover their own ass. Sony is also a big offender here, they won’t repair a playstation that you’ve attempted to mod. Your first source is just some guy talking and nobody has the time to watch that BS


> Apple has had iCloud backup for some time now, including cloud camera rolls.

I believe Apple have the ability to read any data in an iCloud backup. The data on my phone include my password file, encrypted with an easy-to-type-on-a-screen-keyboard password, which means that it's not a high-entropy password. There's no way that I would allow a cloud provider access to that file.

Note, Apple do say on https://support.apple.com/en-us/HT202303 that it's all end-to-end encrypted and they cannot read the backup, but they also say 'To access your data on a new device, you might have to enter the passcode for an existing or former device,' which implies that if one loses a device then one can buy a new device and enter the old device's passcode — which means that Apple themselves could just try passcodes iteratively.

If it's possible for you to restore data from a lost device without typing in a high-entropy password, then it's possible for Apple to read the data without guessing a high-entropy password.


I use iPhone SE and my fingers are relatively fat. Yet I have no troubles to enter the strong password on the phone. Or do you mean that you do not use Touch ID?


Total 100% nonsense.

Apple's not going to violate the trust of all of its users by iteratively guessing each user's passcodes. Don't be silly.

Apple can't read your data even if they want to and the device itself is programmatically locked after a set number of attempts and wipes itself after several more. Stop spreading FUD.


> Apple has had iCloud backup for some time now, including cloud camera rolls.

This doesn't help someone who never set up iCloud, has forgotten their password and/or methods of recovery, or any other list of problems. iCloud is a form of backup, by the way, and I specifically mentioned people that didn't set up backups. If you think I'm cherry-picking or coming up with some imaginary position, watch some of Jessa Jones' videos[1]. Many of her customers are in a position where they need data on their phones, and it's not in iCloud.

> You take the device apart and damage it in the process then why should the company stand by that?

They wouldn't repair it at all -- they were willing and wanted to pay for the repair. There were many arguments online why they didn't want to repair it (including that the Apple store couldn't get the parts from Apple, they weren't certified to repair it because they were still on the certification waiting list, etc). And of course you can't buy replacement parts because it's Apple (though eventually they managed to get replacement parts, it definitely was not by following the rules). Other manufacturers don't act this way.

> fine consumers sue them for every little thing they do

"little things" like manufacturing defective keyboards and denying that it's defective and refusing repairs or returns until enough people get together to sue them so that they fix a defective product? Or "little things" like using the wrong kind of capacitor near a GPU, causing GPUs to fry in almost every edition of the Macbook -- prompting recalls (or as they call them: "extended warranty programs") only after lawsuits?

I can't imagine why consumers would ever sue such a lovely company. /s

> Your first source is just some guy talking and nobody has the time to watch that BS.

The tl;dr is that 3rd-party (unauthorised) repair shops appear to be far more knowledgeable and reasonable about repairing iPhones and other Apple devices than authorised repair shops. If you'd like the longer form summary, watch the video.

[1]: https://www.youtube.com/channel/UCPjp41qeXe1o_lp1US9TpWA


Since iOS 9 it continuously backs up to iCloud by default [1] so it's not true that it doesn't help someone who never set up iCloud.

As an iPhone and Macbook user I agree with you that repairability is an issue. To be honest it is something I am taking seriously in my next laptop purchase and might be the issue that tips me back over to PC/Android. I definitely will not be "upgrading" to the new touchbar, keyboard and trackpad.

[1] https://medium.com/@nweaver/the-in-security-of-icloud-backup...


> Since iOS 9 it continuously backs up to iCloud by default

Oh, I didn't know that. I haven't used an Apple device in more than half a decade.

However, there are still many people that use the data recovery service offered by people like Jessa Jones -- so I imagine that this is still an issue people have even with newer devices.


> This doesn't help someone who never set up iCloud, has forgotten their password and/or methods of recovery, or any other list of problems. iCloud is a form of backup, by the way, and I specifically mentioned people that didn't set up backups. If you think I'm cherry-picking or coming up with some imaginary position, watch some of Jessa Jones' videos[1]. Many of her customers are in a position where they need data on their phones, and it's not in iCloud.

So if you use the device incorrectly, it doesn't work? How exactly is Android better if whatever you happen to need is stored on the device and not an SD card?


> So if you use the device incorrectly, it doesn't work?

[EDIT: Apparently iCloud backups are enabled by default since iOS 9. TIL.]

iCloud is optional, is it not? The last time I used an iDevice (maybe 6 years ago) I didn't set up iCloud and I don't remember being forced to use it -- has that changed? If it is still optional, then I don't see how not using iCloud is "using the device incorrectly". Is this the new "you're holding it wrong"? Or "you should've bought AppleCare"?

Of course people should have backups, but I'd like to see you tell someone they should've known better when they've potentially lost their child's baby photos, or photos of their recently-deceased child. I'm not sure you'd be capable of being so callous in that sort of situation.

> How exactly is Android better if whatever you happen to need is stored on the device and not an SD card?

With most Android phones (such as Samsung ones) you can desolder the flash chip from the device and solder it onto a known-working board (or place it in a device that acts as a known-good board -- those devices can be bought from China relatively cheaply).

With iPhones you cannot do this because the data is encrypted and paired with the CPU (and a few other components on the board are paired to the CPU like the SMC). Now, you could reasonably argue that this is for security, but you couldn't argue that this is not anti-repair.

In addition, the new Macbooks have their soldered-in SSDs paired to the CPU as well. So you can't do data recovery on those without fixing the board (and apparently on those devices if a single USB-C controller dies, all of the USB-C ports die -- so you have to bring the board back to a completely working state in order to do data recovery).


Ok so are you arguing to Joe Public or for Dave Hacker? You can't have it both ways. Somebody who can desolder and resolder a flash chip to a good device isn't likely to forget their freaking iCloud recovery questions or password. Conversely, someone who does or rolls without iCloud isn't likely to have the skills to recover data in this way.


> Ok so are you arguing to Joe Public or for Dave Hacker? You can't have it both ways.

I'm arguing for Joe Public. Whether or not you can desolder or resolder a flash chip impacts whether Joe Public will be able to find a repair shop (run by a Dave Hacker) that can recover his data -- I wasn't arguing that Joe Public should be desoldering chips from his phones motherboard.

There are repair shops that recover data from Apple devices, but the fact that the chip is paired to the CPU means that (in the case of water damaged devices) you need to get the board to boot successfully with a working touch-screen in order to pull the data off via USB. If the CPU is dead then your data is gone, even if the flash chip is still fully functional. If you had the same situation with a Samsung device, you can remove the flash chip and place it into an "enclosure" that pulls the data off without needing to fix the broken phone.

And I completely agree that pairing the flash chip to the CPU is more secure against attackers taking your data if they've got hold of your phone. But it does mean that the phone is inherently less repairable -- which consumers should be aware of because it does affect them (even if they are just "a user").


I have an apple laptop and an android based phone (from One Plus).

One has a broken keyboard that I'm desperately trying to hold together with tape and one hasn't. Hint: the not broken device was a third of the price of a new iPhone X, while the broken one is more than 3 times as expensive. I want you to be right so bad..

Just sticking to phones: I switched from iPhone to android years ago and honestly things are more stable over here (the legacy iOS I used back than VS any android version I tried).


Does Google have a monopoly though? What's the percentages of Android vs Apple use in Europe?


According to StatCounter, Android has 74.2%, while iOS has 24.15% of the European market.

For comparison, in the USA, from the same source: Android 47.39%, iOS 52.19%.


> If Apple would have a monopoly in EU and forced it's other services then I think Apple will have same issue Google and Microsoft had.

I think that’s an accurate description of how Apple became a big phone company in the first place: Exploiting their monopoly of the MP3 player market.


First, I question your premise: did Apple, in fact, have a commanding share of the MP3 player market in 2007? (Not trying to claim you're lying here; I genuinely don't know offhand.)

Second, I question the mechanism by which Apple parlayed this into making the iPhone as strong a player in the cell phone market as it is (and it is certainly not in anything like a commanding position). Buying an iPhone would pretty much mean replacing your iPod. It wasn't a situation where having an iPod meant you would only be able to effectively use them together by buying an iPhone.

The only part of the puzzle I could see even remotely contributing to a "lock-in" factor was the DRM on the iTunes store. But by the time that was removed, in 2009, Apple still hadn't had a single quarter where they sold more than 8 million iPhones.

No; I dispute your conclusion entirely.

Apple became a big phone company by making a phone that people actually enjoyed using. It was the user-friendliness of the capacitive touchscreen and the overall iOS UI that made the difference, and continues to do so, not the long-since-defunct iTunes Store DRM or some other handwavy effect of their "monopoly of the MP3 player market".


First: http://fortune.com/2008/01/29/how-to-grow-the-ipod-as-the-mp...

Second: Good argument! :)

My line of reasoning was: iPod+iTunes -> lots of people with big music collections tied into iTunes -> release of iPhone, which requires iTunes to sync with desktop -> iPhone becoming a major player in phone world.


From what I remember all sorts of iPods were available for years (close to a decade?) after the iPhone was released, so I don't think that kind of lock-in played that much of a role.

There was a point where I got a Touch version of the iPod because it was much cheaper (thinner) than the equivalent iPhone at that time, and I was fine with whatever other phone I had. I'm pretty sure this was at a time when the iPhone was already extremely popular.


>But doesn't this end up sending the message that you shouldn't share your OS and software with other companies? Keep everything proprietary like Apple and make your own phones.

Sharing Android with other manufacturers is absolutely ok, that's not what the EU fined them for. It was the anti-competitive contractual clauses they used to strong-arm licensees on order to get preferential treatment in other ways that were deemed illegal.

Apple isn't using it's market position to coerce anybody though. There's no law telling Apple that they have to provide an App Store at all. The equivalent case would be if Apple were to make approving a company's App on the App Store conditional on the company agreeing to some other contractual conditions preferential to Apple, using app store approval to hold companies ransom. That sort of extortion would clearly be an abuse. For example Apple only approving App Store apps showing ads if they used Apple's own ad network might be a step too far.

In the case of browsers, Apple isn't using approval of other browsers on the App Store as leverage to extort anything out of anyone. They are simply selling a product that has this feature (a browser) and not this other feature (the ability to install browsers based on a different rendering engine). It's the extortion that's the problem.


They basically removed the ability to have other browsers on iOS by restricting the performance of other browsers, so all the other browsers became reskins of Safari. And nothing happened to them.

This isn't accurate, and Chrome and Firefox are viable, performant, alternatives to Safari. All browsers are using WKWebView engine, and at least for the last 2.5 years, all have access to Nitro JS engine, so there is no performance penalty for third party browsers.

https://arstechnica.com/gadgets/2016/01/new-chrome-for-ios-i...


> All browsers are using WKWebView engine

> all the other browsers became reskins of Safari.

That's what he's saying. You can't implement your own JIT on iOS. Even if you have a better idea/algorithm than Nitro JS, you're limited to how fast safari is.


To me "restricting performance" reads to mean they are slower than Safari, which is not true (though it had been during the initial Nitro rollout, which only Safari had access to). At this point, core engine speed isn't what is distinguishing browsers, they are all fast.


Because Apple seems to get away with everything.

It's funny how in a different discussion, it will be crowed that Android runs on 84% of smartphones world-wide. But when it's time to pull out the whataboutisms, Apple is first against the wall as a monopolist, while poor, beleaguered Android tries to fight them off.

I just pulled that number out my arse, but Apple has nowhere a monopoly on smartphone operating systems, so they can do what ever they please. Don't like it? They have competitors that would love for you to buy one of their phones.


It's also funny how all criticism of apple are deflected as "but they don't have a monopoly so its okay, use something else if you don't like it."


>> so all the other browsers became reskins of Safari.

really? didn't know that. and I've been using Chrome thinking it's better than Safari. Little did I know...


Correct me if I'm wrong, but these rulings would only hold power in the EU though, no? That's great for the EU, but that means we've still got to fix the problem everywhere else.


Yes, but it'll affect the whole market. The EU is a wealthy market with 510 million consumers - if Google's stranglehold on Android is broken there, then it is profoundly undermined internationally. Google might continue with anti-competitive practices outside the EU, but non-EU citizens will be free to import a device that is compliant with the EU ruling. In many cases, it will be possible to install an EU-compliant ROM on devices bought elsewhere. Some non-EU countries may decide to follow the lead of the European Commission and pass similar antitrust rulings.


Given the EU doesn’t affect the rest of the world like they think they do (see GDPR) and also given that I can already install a ROM on just about any Android phone, nothing will change for the rest of us.


As long as it's more expensive for these companies to maintain 2 frameworks then it will be beneficial for everyone. This of course might not be the case.


I was fed up with Google increasing insistence on pushing crap onto my home screen. The unavoidable news feed was the last straw. I have now installed Nova Launcher and it's made my phone great again. No Google crap on the home screen at all.


I also highly recommend nova launcher. I've been using it for years and honestly forgot that Google forces you to have a searchbar on the home screen.


is just second nature at this stage that nova launcher gets installed straight away. export/import the settings and you're all set to go


ADW Launcher is another, minimalist good alternative.


I switched to Lawnchair. It feels close to Google Launcher, but with just enough customization to be super easy to setup yet flexible enough.


Nova Launcher persisted in keeping that Do Evil search box out of sight, despite my upgrade to Android 9 two days ago. I'm very happy with Nova.


Did you manage to fix Android's Chrome homescreen to remove the feed there?


Yes! By using Firefox.


I sometimes wonder if HN is just another conspiracy-theorists forum.

You can disable Google News feed, you can remove Google Search from home screen, you can even use Bing as Assist app (long press on Home icon) in place of Google. Everything on stock Android Oreo on Sony Xperia.

Hey, you can even disable location services. Use VPN with split tunelling for Google Play Services.

Google is no saint but it ain't a devil either.


While your complaint is valid, replacing the launcher on your phone will remove the Google bar. (Nova launcher is very popular alternative to the built in ones and gives you quite a few options for customisation.)

The constant nagging to enable Location History is the worst though.


Strange, I keep location services off all the time unless I am actively using Maps navigation. Location history is off also. I don't receive "nags" excepting when I start Maps, I get a request to turn on location services.


> I can't remove the Google search box from my home screen for example.

You can remove it if you disable "Google Play Services" in Settings -> Apps. Of course if you do then can't use the android store or most apps.

I use the alternative fdroid repository and it works fine.


>I use the alternative fdroid repository and it works fine.

F-Droid doesn't have Signal, Whatsapp, Firefox and VLC. No one can seriously expect a normal user to do without Google Play Services (I checked F-Droid every week to, one day, hopefully, turn Google Play Service off. Forever).

So 99.9% of Android users are forced to feed Google with all their location data. And the .1% who resists have very little influence on the surveillance state. That's infuriating.


> Signal

You can sideload signal and it works without google cloud messaging. I use signal every day. It works fine.

> Firefox

You can sideload Firefox or use Fennec from fdroid, a firefox rebuild without proprietary software.

> Whatsapp

Yep that probably won't work. Most proprietary android applications use google play framework. This will only get worse. "Android" is less and less free with every release. Google keeps adding functionality to the proprietary libraries on top of the free base.

> VLC

It used to be in fdroid but is a nightmare to build so it was removed.

> No one can seriously expect a normal user to do without Google Play Services

Probably. I was just sharing my personal experience.

> very little influence on the surveillance state

Ha! Most HN readers are enthusiastically building the surveillance state.


https://www.whatsapp.com/android/

Whatsapp distribute the apk directly from their site if you want it, and have done for years. My MiL uses it on a 2013 Nexus7 as she doesn't want a smartphone (even though they say tablets aren't supported)


VLC is currently in FDroid, though perhaps there was a time when it had been removed.


Doesn't seem so. Link?


Thanks, I was unaware.


> Whatsapp

Sideloaded whatsapp works fine.

Also F-Droid has Yalp now which lets you download APKs directly from the play store without running play/play services.


FWIW, Whatsapp works on my Blackberry OS 10 device, which has an Android compatibility layer. I don't know the details, but I'm fairly sure Google Play Services isn't included.


i have phone with LOS15.1 without gapps, both Signal and WhatsApp work just fine actually WhatsApp even better without nagging permanent notification like signal (though you can disable and enable it to hide it)

i update apps through Yalp store

only app i really lost it's Google photos, sharing photos through 1TB Flickr or WhatsApp it's not exactly ideal compared to workflow with Google photos but i @willing to pay this price for not having Google in my life


> F-Droid doesn't have Signal, Whatsapp, Firefox and VLC. No one can seriously expect a normal user to do without Google Play Services

Not sure about the other 3, but I use firefox just fine on my phone without google play services. I use aptoide as my appstore in the absence of google play, and while it does have stuff in there that don't work without GPS anyway (Uber, for instance), it's been a decent replacement for me for quite a while, containing most of the stuff that f-droid doesn't have (because they're not open source) without forcing me to taint my phone with google's crap.

No argument on your 2nd point though, it's the unfortunate truth. Which is why it infuriates me a bit when the technical .1% who could actually do it the other way still don't bother and just follow the herd. I know not every hill is worth dying on, but still.


Just use Yalp Store. You can get all those apps without having Google Services (and without google play service, which is part of Google Services.)


You can try https://microg.org/ which stubs out or replaces the Play Services with FLOSS alternatives.

But I agree that's impractical for the average user.


F-Droid is also vulnerable to signing key compromise. All apps in F-Droid are signed by F-Droid keys. Ifwhen those are compromised, you could be backdoored. (Play Store apps are signed by each individual developer’s keys.)

Also: That’s not what “forced” means at all.


Same age-old argument as Linux.

You're perpetuating their control over you.

Sorry to be the messenger.


Yes, how dare they want to run the applications they have chosen to use.


all those apps you mentioned work just fine on phone without gapps


You're probably use a GOOGLE launcher. Of course they would not allow you to remove the search bar. Just use another launcher.


The company seems to have turned into a creepy controlling auntie that always needs to be informed and is nosy about everybody's life.


so much for "Don't Be Evil" huh


> I know that "when it's free I am the product" but the problem is that this is not very obvious when you buy a device.

If you buy a device, then it's not free!


LineageOS supports Moto C. You can easily take control of your phone and lock down any and all Google services.


There might be unofficial builds, but it's not included in their official list of supported devices: https://wiki.lineageos.org/devices/


> My $100,- Motorola Moto C plus is great but I can't remove the Google search box from my home screen for example.

I isnt googles fault. Ive not seen any naked android release where the user is forced to use the google search box from home screen or not able to remove it. Thats some 3rd party layer.


For what it is worth, I cant remove the google search box on the Google Pixel 1 phone, (plus a permanent date and weather widget at the top) so now I have both Google and DuckDuckGo search boxes on my homescreen...


You can, you just need to install an alternative launcher. The pixel launcher has those things, but you are more than free to replace it.


Try the Nova Launcher. I used it on my Pixel 1. It worked pretty well. Crashed a few times, but then I just had to reset it as the main launcher.


Ideally I would get an iPhone, but they are just way over my budget and I don't do contracts.


Google can also your location on your iPhone, you aren't free if you use any google service with location data.


Try a different launcher app.

Evie is the one I am using, and my searches go to duck duck go / firefox.


>My $100,- Motorola Moto C plus is great but I can't remove the Google search box from my home screen for example.

It's quite annoying and show how far Google goes to shove their data collection tools down our throats.

I recommend this free and independent launcher: https://f-droid.org/en/packages/ch.deletescape.lawnchair.pla...


It is not free.

Advertising is a $600+ billion industry worldwide market, about $200 billion online. Largely borne by the ~1 billion population of the G-20.

This is costing your household $125/yr per person.

http://www.bandt.com.au/advertising/global-online-ad-spend-s...


I just want root on my blackberry. I only use fdroid apps, disable permissions, etc, but I can't even uninstall the Facebook app, because, what, Facebook payed blackberry or google?

Has everyone forgotten the principle of first sale?

Google really ruined our opportunity to have linux mobile devices. Purism some type phones that are truly user controlled can't come soon enough.

I personally think it's a national security issue it's so bad.


If you are concerned about security, F-Droid is not the installer for you.


F-Droid is secure. IIRC there's never been any issue with malware on F-Droid, ever.


By only using gpl apps at least I can take a look at the source code.


> What is driving me away from Google's Android is that they keep asking me to turn stuff on I don't want to turn on.

Hey, that's exactly what drove me away from Facebook, 9 years ago ...


> My $100,- Motorola Moto C plus is great but I can't remove the Google search box from my home screen for example.

Can't you get around this with a 3rd party launcher like Nova?


You can return it if it doesn't match what was advertised.


I believe if you disable the Google app the search box will go away. This is just the app that handles searches, you can keep Google Play Services and other things.


> I can't remove the Google search box from my home screen for example.

Or the new tab page in Chrome. (I haven't been able to find it, at least.)


I disabled location permissions for everything I could after I discovered that Google had removed the "report location in background" feature toggle for applications. I discovered that it had been removed one day on a trip to Walmart when Google Maps popped up asking me to take a picture of the location.

I hadn't used Google Maps in weeks. :-/

My next phone will most likely be an iPhone since Google seems more and more intent on outdoing Facebook in the e-stalking business.


That was me as well. I’m a free software zealot, so it took me a long time to switch to iPhone. Eventually the amount of fiddling with Android permissions to keep some sense of privacy while still retaining some utility became too burdensome. The last straw was when an update disabled the pedometer feature I’d been using on my treadmill unless I enabled location so they could “help me map my routes”. I’m pretty sure I know where my treadmill is at all times, and entirely sure I don’t need Google to help.

Since then I’ve switched to Firefox or Safari and stopped using any Google things except YouTube. I was surprised at how easy it was to get this far.


This was me last year. After purchasing nothing but android phones, going back to the t-mobile G1, I decided enough is enough and got an iphone.

Switched to the new Firefox - it's great. Feels like when I moved to chrome the first time.

DDG is my default search engine. I still use the google bang over 80% of the time, but hopefully that goes down over time and it's gotten me out of the habit of thinking google right away.

With 60+ accounts, I've slowly started migrating to fastmail. It will probably take a full year to do it slowly, but it will be worth it.

My last real reliance is on google maps, truly a superior product. That said, I try to keep my use to longer trips between cities, including longer road trips. I try to use Apple maps for smaller trips around town.

This isn't even necessarily all because of everything I think google does wrong, rather it only makes sense to diversify a little.

So many people I know use google/chrome/maps/gmail/android/google photos/google docs. Once I realized I was one of them it spooked me a little.


I also switched my personal phone from ~8 years of android to the iPhone after getting an iPhone 6s for work. What a wake up call.

> I still use the google bang over 80% of the time, but hopefully that goes down over time

I've been using DDG since ~2011 and have found myself using the google bang more today than years ago. Maybe my searches today are harder for DDG? For sure though, DDG has changed. It used to respect weirder search terms much more than Google which made it more appealing to me as a programmer, but now it over zealously corrects keywords, and completely common keywords get left out. Doesn't seem to care as much about keyword order/distance in the results either. It's like they amped the fuzziness beyond what is helpful. I'm proactively quoting half of my search terms today.

> google maps, truly a superior product

I tried a few times to switch to Apple maps over the last 3 years and each time was disappointed. But about a month ago I tried again and have decided that they are really neck and neck. I don't know if it got better but my partner uses Google still and we compare options and sometimes Apple finds something better sometimes Google does but for the most part they get the same results. Some traffic data exists, including construction/accidents (I have no idea how). You lose streetview and I think the dependence on Yelp is annoying but makes sense. After using it consistently for a month I find the UI/UX is actually a lot better too. It has quirks but so does Google Maps. All that said, it's only getting better and the network effect will help! Give it another try!


> I've been using DDG since ~2011 and have found myself using the google bang more today than years ago.

See: https://news.ycombinator.com/item?id=17763031


Ehhhh... I don't know if it's the marketing doing its job or what but sifting through DDG and startpage meta pages I just get a better feeling from DDG. It's a little more modern, seems a little more transparent, I like the total break from Google, I like that DDG has other projects and a living community behind it. Frankly even the name DDG, while kind of dorky, is a lot easier to sell friends/family on than some generic term. Somehow I just don't trust them?

If I had to guess why startpage hasn't felt the ban-hammer yet, I would say it simply isn't big enough for Google to care.

That was a lot of hand waving.

Anyway, I will continue to use !g over !s because personally I'm not _that_ paranoid (yet?) and between 1) not being signed into Google, 2) uBlock/privacy badger/decentraleyes I'm not at all concerned about them doing a good job of tracking me. My trust for Google is still greater than startpage.


> DDG is my default search engine. I still use the google bang over 80% of the time

Use the Startpage bang !s, or use Startpage itself. Startpage provides results from Google, AFAIK, but Startpage is designed for privacy. Startpage even has a built-in proxy service - there's a link under every search result.

(I don't know how private Startpage really is; I don't know why DDG has more credibility with privacy advocates; I don't know how they get away with providing Google's results. Does anyone know?)


I really want a Linux phone.


They seem to do a similar thing with Youtube. I have both Youtube watch history and Youtube search history off. The other day I watched a very amazing video about iron smelting in Africa. Now, each time a open a Youtube link, that specific iron smelting video appears as "recommended for me". So, it is obvious that Google remembers which videos I have watched and openly advertises them again to me.

By the way, the video itself is super interesting: https://www.youtube.com/watch?v=RuCnZClWwpQ


> By the way, the video itself is super interesting: https://www.youtube.com/watch?v=RuCnZClWwpQ

Covering up your tracks, eh? Ok, we'll play along. Everybody click on the link provided by Jorge "Totally not into iron smelting more than anyone else" GT.


Unfortunately there's no accountability in these companies for bold-faced (bald-faced?) lying. They can just stress how much they're listening to our feedback and then kinda go quiet after their latest move goes against absolutely everything the users say.


And ... now they've linked your HN profile and are analyzing your comment history to serve you up even more personalized content.


This doesn't require remembering which specific video you watched, an abstract classification would be enough.


That doesn’t mean YouTube doesn’t store cookies on your device regarding videos you like. I accidentally clicked on a garbage video and after that all YouTube would recommend to me was more garbage.


I watch YouTube a lot. I have pfSense with lists for blocking Google as well as a Samsung phone with Disconnect (that supposedly blocks all tracking). When I watch YouTube, I usually gets only ads about visiting some place or some photography related ad. Then one day, I got an ad for a divorce attorney. I freaked out because the first thought I came to mind was the Target (?) story where the girl's dad found out she is pregnant because they send pregnancy related ads to her house. Did Google's algorithm figure out I am going to get divorced?

I am from India, working in US. My wife recently went back to India. Plan was I will go back after 4-5 months. But she and her parents were worried that I would change my mind. I am worried that she may leave me if I don't. One or two days after I saw the ad, I dismissed my fears of about to be divorced as my paranoia.

I have 2 YouTube accounts, the main one and another one that I use for watching porn (I like YouTube porn than those in porn sites). I never used this second account outside a VirtualBox VM. I always restore the VM to a known state every time I use this account. I have seen that sometimes I get recommendations related to the videos I watch in this porn account when I go to YouTube from my regular Windows without even logged in. I thought may be Google is showing it based on my IP address.

4-5 days after the divorce ad, when I was speaking to my wife, she mentioned about one of her friends who divorced her husband because he didn't love her or something. I immediately felt she is indirectly warning me.

7-8 days after the divorce ad, when I checked YouTube from my regular OS without logged in, there was a recommendation video similar to the kind I watch on my VM porn account.

One possibility immediately occurred to me. What if my wife searched for divorce related stuff from India and Google's algorithm decided to show that ad thinking she is still in US? I don't know.


> I like YouTube porn than those in porn sites

What do you consider YouTube porn? just asking for a friend


Get a divorce. Spouses in a healthy marriage do not use threats of abandonment as a manipulation tactic.


The article appears to describe only Google’s controls over your account, ignoring the iOS restrictions that allow iPhone and iPad users to prevent Google from seeing the data in the first place.

Unfortunate that they don’t make that clear.


Android enforces permissions on Google apps too. I don't think that's what this is about.

Rather, the AP is interpreting location history as a feature that controls all use of geographical location for any purpose across all products. But what it actually refers to is a specific product called literally Location History which lets you see where you've been on a timeline and map.

The article does admit half way down that Google says this clearly in popups that appear when you toggle these settings on and off. So the "story" here is, if you want to call it a story, that some AP journalist and a couple of academics believe these warnings are not worded clearly enough. They may well have a point but I'm not sure this rises to the level of news.

It'd also be very hard to really eliminate _all_ use of location across all products. Even very basic queries like [buy flowers] needs some rough idea of the user's location to give results that aren't nonsense. Even just opening Google Maps has to request the tiles for your current location, and as those tiles are customised to your prior usage of maps, who you are has to be sent along with the tile query. How do you implement that without Google knowing your rough location? The provider knowing this is rather inherent to the whole concept of digital maps to begin with.

So I can't imagine Google offering the sort of setting the AP wants.


> It'd also be very hard to really eliminate _all_ use of location across all products.

I'm sure Google has great programmers.

> Even very basic queries like [buy flowers] needs some rough idea of the user's location to give results that aren't nonsense.

No, they don't. Back in the days when no tracking was done, I could buy flowers without any problems using [buy flowers location] query myself. Hell, I often use it today, because I'm not at the location anyway and am looking for such things in advance.

Having location data is nice improvement, but it isn't a necessity.

> Even just opening Google Maps has to request the tiles for your current location

It doesn't. I can show me the world map initially until I type in what I want to see. I use it like this all the time and it works great.

> How do you implement that without Google knowing your rough location?

Let the user type in their address. It's inconvenient, but if people value their privacy more than convenience, let them.


You aren't disagreeing with me. Adding a location manually to a query makes it a different query, but I specifically stated one that doesn't have a location (and yes obviously users make such queries all the time!).

But yes, to your wider point, you can progressively delete all location sensitivity from every product and make them annoying and hard to use in the process. And even that wouldn't work. It's a fair bet that if you search for something with a location in the query, whether it be on web search or maps, that this is where you actually are.

The reality is nobody cares about this type of privacy feature, especially because Google can't avoid knowing at least your IP address. The AP only cares because it's gone digging for an attack story.


> Google can't avoid knowing at least your IP address.

Knowing it isn't the problem. It's in storing it permanently. When I need location-enabled services I enable location tracking on my hardware (GPS+wifi) and everything just works. Google doesn't need to keep a history of all my locations ever for their services to work properly.


"It doesn't. I can show me the world map initially until I type in what I want to see. I use it like this all the time and it works great."

And that would kill much of the usefulness for me.


The point is that it doesn't need to record that data.

It doesn't give technical details, but the article seems to make it clear that it does record locations.

If I just open Google Maps, I don't expect Google to permanently remember my location. I expect them to just serve the right map data anonymously.


And they'll do exactly that if you aren't logged in to an account.

The AP story is arguing that you should be able to have a Google account, and have a setting that removes all uses of location data anywhere. Google don't offer that. They do offer anonymous access though. Perhaps the AP should just use that instead.


The option to sign out of the Google Maps app is hidden under settings.

And anyway, I think many people – especially in Europe – would agree with the AP, that Google shouldn't store location, especially when it's been told not to under a setting described as "Saves where you go with your devices".


> Android enforces permissions on Google apps too. I don't think that's what this is about.

Google Play Services is a "location provider" for a device, which means it offers an API to other apps with "enhanced accuracy". It combines a number of different signals, including GPS, WiFi and dead reckoning, to improve location accuracy.

To turn it off you either need to switch "Location Mode" to "Device Only" (up to Oreo) or you need to go to the "Google Location Accuracy" menu and turn "High Accuracy" off.


And exact same thing is true for Android as well - even Google apps won't get location data if you disable the permission or toggle.


So, you're saying one can allow some apps to have access to location data *andµ not allow Google from accessing it?

Wow. Please tell me how to that. I've been trying to do that for yeaaaars (to no avail).

I have a Moto G5 with Android 7.1. Please tell me.


Depends on what do you mean by "not allowing Google from accessing it"?

Setting location mode to GPS only and disabling Location permissions / Location History for Google apps in your app settings should probably do what you want.


>disabling Location permissions / Location History for Google apps in your app settings should probably do what you want.

Google services automatically re-enable these permissions.


Wait, the article title says that "Google tracks your movements, like it or not".

But if I don't like it I can turn off both "Location History" and "Web and App Activity", right?


Yeah, but the article does have a point:

> If you’re going to allow users to turn off something called ‘Location History,’ then all the places where you maintain location history should be turned off

It's very unintuitive that location data can be stored even when "Location History" is turned off, even if there _is_ another unrelated setting you can toggle to fix that. (Not to mention that setting turns off other things you might want to keep, like search history.)


Does "Web and App Activity" sounds to you like something that would track your location, especially when you have a separate "Location History"?


The whole point of the article is that it’s still tracked even if you turn it off.


For those of you wishing for a lower-surveillance experience on Android: please try LineageOS (AOSP) without any of the Google apps or Play Services. Instead, get your apps from F-Droid and Yalp Store. Firefox with NoScript plugin, AdAway, Syncthing, etc. This has been my daily driver for years. Google Maps works well enough in a browser -- I use it as a 'homescreen-installed' web app. Google sees my location only when I am actually using Maps.

I'm missing out on a few slick features in the Google native apps (mostly in Maps), but I'll gladly trade that for a device that is not trying to erode my privacy at every possible opportunity.


What are you doing about the missing GCM/FCM? Especially with messaging apps it's super annoying when they only receive updates when you actually open them.


Sorry for the late response: email (K-9 Mail) uses IMAP idle, Signal uses a persistent websocket, and XMPP (Conversations) also uses long-lived TCP connections. I don't use any proprietary messaging apps that rely on Google's push notifications.


As someone who has been doing this for a while, I find sometimes I don't get a notification until I open an app. You get used to it. Anyway, when someone calls me on Whatsapp it still works fine for instance.


Google maps are anyway inferior outside US to other apps like Maps.me which has anyway superior map design, much easier to navigate and read than Google maps with those isometric/3D buildings

Firefox it's too slow on android, better use Brave, Bromite or Kiwi browser

i run also LOS15.1 without gapps


Link to the "Web & App Activity" control panel: https://myaccount.google.com/activitycontrols/search?pli=1


The article claims otherwise.

> Google says that will prevent the company from remembering where you’ve been. Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

> That isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

> For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude — accurate to the square foot — and save it to your Google account.


> accurate to the square foot

Not sure where they're getting this. Which android phones are recording location with that level of accuracy?

My understanding is that, even with the latest Round Trip Time accuracy improvements accessible with Android Pie and 802.11mc WiFi, the best case scenario is one-meter accuracy:

"RTT measures the round-trip time between two Wi-Fi devices so both your mobile phone and your access points need to support the 802.11mc protocol. As you saw, RTT can give you very fine location estimates down to one-meter accuracy"

http://gpsworld.com/how-to-achieve-1-meter-accuracy-in-andro...


According to the article this page doesn't include everything they track.


They still track you with Location Services off, according to this map: https://interactives.ap.org/google-location-tracking/


No, according to this map they track you with Location History off (it says so right in the title, actually), not with Location Services off.


I keep all location services turned off on my Android device – unless I have a good use case, e.g., I’m in a strange town/city and I need to know where I am on the map. So, I figured I should be safe from the privacy violation(s) described in this article. Then I got to the section that reported about the tracking of Android users by “collecting the addresses of nearby cellphone towers”. :( Even though “Google changed the practice and insisted it never recorded the data anyway”, it appears that just carrying any Android device comes with the cost of ongoing background location tracking.

I’ve long accepted that carrying any kind of mobile phones allows mobile operators and state actors to track one’s location – but it seems to be a constant battle for citizens to understand how they might minimise the scope and quantity of personal data being harvested by large tech companies. I don’t know enough about the letter of the law but this kind of surreptitious location monitoring (via mis-leading options when Location History is turned off) seems to violate the spirit of the GDPR.


Pretty sure determining your location via the signal strength of nearby cell towers is a feature of Location Services, so if you have that turned off you're fine.


> For example, Google stores a snapshot of where you are when you merely open its Maps app.

Except in the case of using entirely offline map data, I don't know how the user can expect their location not to be revealed to the server in this case. To see the map, you have to have map data, and which data you pull is going to give a very strong hint of your location.

I guess you can distinguish between _a_ location (that you viewed) and _your_ location (that you definitely are at), but it's still an extremely strong hint that after a period of inactivity, the first location you load is probably the location where you are.


> To see the map, you have to have map data, and which data you pull is going to give a very strong hint of your location.

You are missing the point. While the location for which you fetch map data essentially reveals your current location, the request can be fulfilled without making a permanent record connecting that location to your Google account. The issue here is that when people turn off "Location History" in their privacy settings, they except Google not to store the location information to their Google account. But Google seems to be doing it anyway, unless you also disable "Web & App Activity".


Oh, I see. The article mentions https://myactivity.google.com/ but for some reason it didn't make it a hyperlink like it did with several other things. So I managed to not notice it.


Is this about caching map tiles or something else?


The question isn’t about revealling; it’s about storing. Where you look is stored in your web & apps timeline.


Keep in mind that Apple also has a map application that also needs to know the user's whereabouts to give good information, but there's no issue because Apple does not need that data to be collected, stored, analyzed, aggregated, and sold. Google could simply send the map tiles requested then discard the request data from their servers as Apple appears to do.


Well, Captain Obvious moment here. I personally am balls deep into Google's ecosystem (for obvious reasons) just like the next guy, but I never doubted they track everything, in fact I always assumed that. I don't disable location tracking, it's too convenient.

I do have a pretty good idea what I would do to disappear from Google's radar if/when I needed - a "clean" phone that connects to internet via VPN, I would check my gmail in browser. Third party maps/navigation app and few other essential apps, none affiliated with Google. Not as convenient, but functional enough.


Not at all surprising.

They were earlier found stealth downloading audio listeners on computers running Chrome that transmitted audio data back to Google.

Source: Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth

https://www.privateinternetaccess.com/blog/2015/06/google-ch...


Your source indicates it's part of Google's OK Google feature, which AFAIK is opt-out on Android as well. The headline makes it seem a little more overblown than it is.


Google's "opt-out" features are so difficult to uniformly turn off. The article points out that Google still tracks location data when you turn location tracking off because there is some other option in a different screen that you also need to turn off.

Further, most people never even know to opt-out of these tracking options in the first place, because they don't know that Google is collecting voice data.


> Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.

In my world that means chrome would be able to do that; not that is actually listen/recording/uploading stuff all the time. Thats what the image popup says, at least.


Google Play Services is probably the most intrusive app on the phone and good luck if you disable it. This one time I tried disabling most of the Google apps on my phone (Android 7.1.2) including Chrome and I did not have a WebView implementation remaining. Most apps started crashing until I re-enabled Chrome.

I have all Google apps disabled except Google Play Services but that too does not have any permissions granted (thanks stock Nougat). It keeps bugging me every now and then to enable permissions.

By the way, for people who would want to relieve themselves of Google Play Store, I use an alternate App Store https://f-droid.org/en/packages/com.github.yeriomin.yalpstor... Sure automatic updates are a hassle, but I don't have a lot of apps so things are alright. Plus, it lets me download previous versions of apps without digging up the whole internet. I am using an old imgur app that allows browsing without sign up. :)

I still hate the ever present search bar on the home screen even after disabling the Google App. Will try Nova Launcher soon.


This constant abuse of language to play duplicitous games with users is unethical and betrays crass opportunism. This is not a business, it is 'growth hacking' to a tyranny.

Posturing about evil while doing exactly that is vulgar. Google's language and design has been persistently deceptive. If you think users are 'idiots' as many software folks so derogatorily claim why go through such lengths to deceive them?

Another self serving myth to perpetuate denial and make the surveillance industry feel ok about being sellouts. Android is designed to leak data like a sieve. The very notion of privacy or security with the OS vendor and ecosystem obsessed with surveillance and collecting user data is fantastic.

Google would not be where there are had they been transparent in their communication. Users would be far more circumspect and as they learn the extent of surveillance utter disgust will quickly follow. This is just another type of corruption and fraud.


Location History is my biggest pet peeve with Google and nearly got me to switch to iPhone. After getting a super creepy "Here's Where You've Been in the last Week!" email that (a) wasn't accurate and (b) I never opted into, I disabled Location History.

However, the number of things this breaks is frustrating: Google Fit requiring it makes some sense, but most of my Google Home features refuse to work without Location History on. It's incredibly frustrating when a physical device is artificially limited for reasons beyond a consumer's comprehension.


With the amount of data Google has and the predictability of human behaviour, I would not be surprised if there's some hiden program inside Google with the aim to predict future events before they happen.


Remember when Microsoft used very basic telemetry in Windows 10 and everybody on HN lost their shit as if it's the privacy armageddon?

Google: (very intrasparently tracks your location history, even when settings are off)

HN: Yeah, nah, it's chill dude. Can't be that bad.


Micro$oft is evil man, don't you know that.

Google is geeky, they bid sums like $3.14 bil in auctions, how cool is that. And they have awesomely nerdy and human April 1 jokes. They are with us man. You are being paranoid.


One can only hope that is sarcasm


It reads like a Slashdot comment, 50/50 odds on whether it would be modded +5 Funny or +5 Insightful.


It's different when a phone-level tracking suddenly appears on your desktop. No privacy-minded person was using Android before, but they used Windows. Now they don't.


This just proves how little understanding and tech education most users have (still doesn't stop them from having strong opinions on this though).

Android data collection which has been happening for close to a decade is orders of magnitude more intrusive than what Microsoft does with basic telemetry.

Yet most people see MS as bad and embrace Google for being "ethical". A classic case of "guess what".


> most people see MS as bad and embrace Google for being "ethical".

IDK if it's just me, but I've seen an above-average number of news stories in the last year about how Google is not a consumer-friendly, trustworthy company now. The general public is, I guess, becoming more and more aware of this perspective.

We've certainly heard a lot about Facebook's privacy breaches and other problems. As a tech company, Google's reputation is probably hurt by that too.

It seems to me that Google has probably entered a new public relations era. And it's pretty hard to go back to the old days where consumers believed in "Don't Be Evil."


I don’t think people are seeing Google as “not evil”. Google most probably has a much larger reserve of everyone’s dirty laundry.

Most android users just don’t realize how invasive the entire OS is and there is little they can do about it. It sucks thah Apple is the only tech company that gives a shit about privacy seriously. We definitely need more pro-privacy choice.


Google most probably has a much larger reserve of everyone’s dirty laundry.

Like a record of every website you've gone to that uses JS served fast and free from Google, fonts served fast and free from Google, on-site search by Google (complete with a logo most likely served direct from Google), etc.

And that ignores the most obvious: Google Analytics, where in addition to telling webmasters # of distinct visitors to the site, for each of those visitors they can track "Visited site X" for their own internal use.


Microsoft added a bunch of hooks to get your location and track offline searches without adding almost any usefulness. Privacy advocates definitely hate Google's location tracking, but Google made it into a feature with the location timeline. Does Microsoft even let me see what searches or locations I've shared with them?


Google made it into a feature with the location timeline. Does Microsoft even let me see what searches or locations I've shared with them?

The point of the article is that Google is storing your location outside of the Location Timeline, and labeling it in ways that don't plainly indicate that's what's going on.


Yeah, Microsoft created a dashboard last year that let's you view all the privacy info they have on you https://www.engadget.com/2017/01/10/microsoft-privacy-dashbo...


Oh, that's pretty cool. I want to try this when I get home.

I think it would help me sleep easier with my Windows installs, though I don't know if any of them are logged into Microsoft accounts anymore.


Additionally, it has pretty much been a feature before, because tracking was used to implement the "live traffic" feature in Maps and create their WiFi AP to physical location database.


The flip side, and I bet more people see it this way than you think: I see the value and fruits of the labor for the data collection Google does on me: Unlimited storage emails and photos, the absolute best mapping application on the market completely free, the best search engine on the market completely free, most of their developer APIs like google reverse geocoding completely free for modest traffic, realtime traffic updates completely free, office products completely free, etc.

What did Microsoft give me? Locked down ecosystem, a subpar OS, expensive office products, and a paid-for vendor specific development ecosystem that is frequently becoming just a copier of the emergent industry trends, and a feigned attempt to embrace open source (capture market share) with cringeworthy bumperstickers displaying "Microsoft Hearts Open Source"


On the other hand, having access to phone data is exceptionally invasive. Location, accelerometer, contacts, call history, browsing history, all combined.


Don't forget camera and mic.


Let's not also forget the pretty much forced upgrade from Windows 8 to Windows 10. That really registered; I even saw my non-tech family members notice how the system tries to trick them into upgrade; this really made people curious about the purpose of "telemetry" in the system ("they wouldn't be forcing us to upgrade if they weren't making money off spying on us").


No one chooses to use Windows, Windows is a disease. Parents spread it to their kids and schools force it upon their students.


People choose Windows to get office work done. In a sense, this is forced by everyone else using Windows too, but this kind of "forcing" is common everywhere in life.


A lot of kids get forced into Windows through their schools.


I chose Windows as a development and creative machine. Visual Studio and .Net are great for what I do.


It's not different at all. It's just that on mobile the "frog" has been sufficiently boiled before this happened.

Didn't Google deny something like this very recently saying it was an "error" (Facebook's favorite excuse, too), though?


"Judgement error" I guess.

But with phones after destruction of privacy-minded Nokia there was basically no alternative, and they executed marketing flawlessly, having both geeks and normies desiring their phones, stuffed with tracking.


Everyone? I remember a large contingent defending microsoft. Remember Saint Bill and his magical "charity" foundation that is curing all of the world's ills?

Lately, there have been a vocal group defending corporate interests, globalism, monitoring/spying and censorship all over social media. Not sure why and where they came from but it's interesting how suddenly they appeared on the scene.


Suddenly? A large percentage of the industry HN's primary audience's jobs and its parent's funded companies are based on tracking data like this.


Huh? HN is about corporate interest and globalism. Also, I don't necessarily see why those are bad things.


[flagged]


What sort of argument is that supposed to be?

jevgeni made an excellent point and actually articulated his concern. Open source has absolutely nothing to do with how Google is tracking users here, and not only are there major parts in the Android ecosystem which are not open source but even more importantly, the case at hand obviously shows that is irrelevant whether something might be open source or not.

And that does not take into account that the vast majority of people do not run any version that has such features removed, as you hinted. If anything most users run versions which have additional stuff added (Samsung, etc.).

Once all of that is not true anymore you might have got a point, until then it is jevgeni who hit it on the head.


It's pretty easy to understand: Windows is closed so you'll never know if they're tracking you and if you find out they are, there's nothing you can do about it.

His post was flagged, so it looks like HN agrees with me about his whataboutism.


Running a custom hardware driver is easier in practice in Windows than Android.

Some parts of Android are open, but the closed-source Google Play Services are de facto part of the OS, and Google's business arrangements forbid companies from selling phones without them. So in practice you're in the same situation either way.


Is there any bad shit in say Google Maps app or GMail?


IDK exactly when it started, but at a certain point Google Maps and Locations services (or some other Google Play Services libs, not totally sure) on my phone started asking me to review a particular store or restaurant based on the fact that they knew I had visited that store or restaurant recently.

Sometimes the request for a review would appear while I was in that place of business. I found it both annoying and disturbing.


Yeah, you are right. And these apps are proprietary. So there is no way to look at their source and make sure everything's good.


Skimming filenames in my filesystem etc isn't "very basic".

Respectfully, fuck off.


Personal attacks aren't allowed here regardless of how wrong you consider another comment. Please don't do this on HN.

https://news.ycombinator.com/newsguidelines.html


Didn't know that. Could you provide a source? Everything that I read was about basic user behaviour.


What are you talking about? If you're a Windows user you're already in the privacy armageddon. And if the telemetry, which by the way can't be turned off, wasn't bad enough they're also operating a search engine and ad business that tracks people. And let's not forget that they also do a lot of business in China so they're also sharing their users data with the government. Microsoft has you covered with the anti-privacy trifecta.

As for the Windows 10 telemetry, during a Windows 10 install these are all of the things that are turned on by default.

Personalization

1. Personalize your speech, inkling input and typing by sending contacts and calendar details, along with other associated input data to Microsoft.

2. Send typing and input data to Microsoft to improve the recognition and suggestion platform.

3. Let apps use your advertising ID for experience across apps.

4. Let Skype (if installed) help you connect with friends in your address book and verify your mobile number. SMS and data charges may apply.

Location

1. Turn on Find My Device and let Windows and apps request your location, including location history and send Microsoft and trusted partners location data to improve location services.

Connectivity and error reporting

1. Automatically connect to suggested open hotspots. Not all networks are secure.

2. Automatically connect to networks shared by your contacts.

3. Automatically connect to hotspots temporarily to see if paid Wi-Fi services are available.

4. Send full error and diagnostic information to Microsoft.

Browser, protection, and update

1. User SmartScreen online services to help protect against malicious content and downloads in sites loaded by Windows browsers and Store apps.

2. User page prediction to improve reading, speed up browsing, and make your overall experience better in Windows browsers. Your browsing data will be sent to Microsoft.

3. Get updates from and send update to others PCs on the Internet to speed up app and Windows update downloads.


> ...they're also operating a search engine and ad business that tracks people

Wait, are you talking about Microsoft or Google here? :p

Most of your listed points don't relate to telemetry or are common practice with other OS vendors. I don't see why this warrants such an overreaction, when others get a pass.


I still think Windows 10 is several orders of magnitudes worse.

Android is a toy OS. Very few does anything serious on it. A desktop OS on the other hand has access to the very most sensitive information you ever come across. If you can't trust your desktop OS everything is game over.

Windows 10 telemetry is the most convincing reason to jump ship that has ever existed in my opinion.

That said, android is of course also very bad. Problem is that there is no decent alternative to iOS and android. It is quite frustrating.


> Android is a toy OS.

Aside from the fact that Google also owns a search engine you might've heard of (so it's not like they only make phone operating systems), I think this type of thinking is quite old-fashioned.

People put most of their lives into their phones these days. They carry them everywhere, document their lives through photos, call and text their friends wherever they are, read the news, direct them to their destination, play games, etc. To pretend that most people's primary computing device is a "toy OS" is to pretend as though we are still in 2004. That's not the world we live in anymore.

I don't personally own a smartphone anymore (precisely because of these sorts of privacy invasions), but I sure as hell wouldn't pretend that the majority of people don't use smartphones as their primary computing device. I agree that Windows is also absolutely immoral, but we shouldn't be debating which is worse here -- they're both reprehensible.


> To pretend that most people's primary computing device is a "toy OS" is to pretend as though we are still in 2004. That's not the world we live in anymore.

And yet it still is a toy OS, compared to what it could be if it was designed with productivity and empowering end users in mind, as opposed to being a shallow consumption and communications platform.

That's orthogonal to the tracking angle, though. GP is wrong in assuming that just because desktop Windows is not a toy OS, it's automatically exposed to more sensitive data. It's not, because - as you noted - most people use smartphones as their primary computation device (for what little it can do). There's also another angle here - desktop PCs may contain most of your work data, but people don't really care about securing that. Privacy of their personal messages and photos, which are mostly accessed via smartphones these days, is of more importance to them.


>most people's primary computing device

Phones are most people's only computing device. Many who have never used a traditional computer own and use smartphones.


I think a comment like this should be made with a reference to a source as it defies belief.


I don't have stats, but if you think about the number of phone users in places like India, China, most of Africa who probably had very little access to computers before it makes intuitive sense to me.


A problem with statements such as yours as that I imagine you would have difficulty even estimating the popularity of smart phones in America, let alone the world. For instance since I can find reliable data for 2015, what percent of Americans do you think had smart phones in 2015? The answer, written backwards, is rouf ytxis. Of course I suspect around your sample of people, it's near 100%. This creates the stage for a very poor level of intuition as you then extrapolate such views outwards where they become even less correct.

So for instance smartphone ownership rates in India is 18%. [1] By contrast this article [2] overviews some data in a survey from Dell India which gives various hints on PC usage. Overall 51% of families have somebody that is PC literate, 79% in East India stated they used a PC at cyber cafes, and so on. It's safe to say that your hypothesis is not really supported in India.

China has a vastly higher smartphone usage, but they also have a vastly higher PC usage with dirt cheap and constantly filled cyber cafes on seemingly every corner of every street. The only information I could find on PC usage was here [3] but that study is hopelessly outdated. As it mentions, "according to data published by the National Bureau of Statistics of China (NBSC) (2010), the average number of home computers per 100 urban households in China increased steadily from 5.91 in 1999 to 65.74 in 2009, or at an average of 27.24 percent per year." The absurdly rapid growth rate makes it difficult to say anything other than that PC usage is certainly not rare in China. Your hypothesis is going to be, at best, questionable there and exclusively dependent upon the rural population.

[1] - http://www.pewresearch.org/fact-tank/2017/03/16/china-outpac...

[2] - https://www.huffingtonpost.in/2015/06/12/what-indian-pc-user...

[3] - http://firstmonday.org/ojs/index.php/fm/article/view/3767/31...


>Your hypothesis is going to be, at best, questionable there and exclusively dependent upon the rural population.

Here's my personal experience

I live in Africa. In my middle-class household, there are 10 adults - 4 Laptops, 14 smart phones and 9 TVs.

In the few African countries I have lived, cyber cafe business/usage is rapidly declining because of a combination of cheaper smartphones and cheaper mobile data.

A brand new dirt cheap smartphone costs approximately 1-2 months of minimum wage salary. It'll work 8 - 48 hours before needing a recharge. A small power bank can triple the hours.

A brand new Core i3 laptop on the other hand costs at least 6 months salary. Battery life 4 - 6 hours. And needs a modem to get online.


Interesting! Yeah the reason your comment stuck out to me is because I enjoy traveling around Asia in particular, and over here in many places PCs are bigger than ever. You have entire multistory shopping centers dedicated to PCs and PC parts which you can pick up for dirt cheap. And even in rural[ish] areas there are internet cafes absolutely everywhere that are always loaded. People use them mostly for gaming, but every once in a blue moon some work gets done on them as well. In either case not really something smartphones are so great for.

For what it's worth the smartphones are also very popular and start around $20, computers around $50. But they're certainly complimenting each other rather than cannibalizing. Why do you think the same might not be true in Africa?


>smartphones are also very popular and start around $20, computers around $50

I can't even get a used laptop for $50 in my place.

>Why do you think the same might not be true in Africa?

I can't speak for the whole of Africa. However I know two personally (Nigeria and Ghana). And a few others by acquaintances - togo, Benin...

First reason: Earning power, salaries have remained relatively static for at least 10 years but the local currencies have depreciated at least 4 times within the same period.

Second reason: Production. Computers and smartphones are produced in China and India. All components needed for these devices are available within the continent. Thus, the price would be dirt cheap there.

To put the first point in context. I'm using a 5 year old HP Envy without touch screen. I bought it for N130,000 then. The equivalent of the same laptop should cost less right? Nope. It costs N250,000+ right now.

Same thing in Ghana. 8 years ago, 1 cedi = 1usd. Now 1 cedi = 4.85 cedi. Salary for a government secondary school teacher was 800 cedi then. It's 800 cedi now.

>But they're certainly complimenting each other rather than cannibalizing. Maybe in Asia. People who grow up using Macs find it difficult to use Windows right?

It's easy for people who grew up with PCs to use smart phones. But the reverse isn't the case. I know many people who grew up with phones but now have laptops - it's easy to spot them - they use abbreviations excessively on chat.

All they use their laptops for are movies and the occasional Microsoft word. Everything else - even gaming is done on their phones or tablets.

I hope this partly answers your question.


Interesting. Appreciate the insights!


I made a slight edit. 1 cedi = $1 USD in 2012...


> Very few does anything serious on it. A desktop OS on the other hand has access to the very most sensitive information

Thats why more and more people use it exclusively for everything, including online banking.


I wonder if Google has an organizational structure where groups of people work on "dark" projects, that the other groups shouldn't know about. And the uninformed groups get these strange specifications that they need to fulfill but shouldn't ask about.


It's unclear from the article what they're talking about, but that's usually not how it works. More likely, some other teams are not writing code to check if Location History is on. Or they decided it doesn't matter for reasons.

Making sure rules are consistently followed in a large organization takes a company-wide effort. It doesn't happen by default.


This not very different from when the Wall Street Journal published a story a few weeks back about how: "GOOGLE IS LETTING PEOPLE READ YOUR EMAILS (provided you've given them the permission to do so)".

It would seem that news organizations are trying to entangle google in a cambridge analytica type of controversy, maybe thinking about the potential traffic going their way or maybe they just don't like it that the bulk of ad spending is going to Google/FB, or probably they just think it's worth publishing.

The reality is that the conflict of interest is hard to ignore and the publishing industry should consider adding disclaimers when reporting on their business rivals.


Google's a monopoly in multiple areas by any reasonable definition.

So yes, I hope they are being entangled in a Cambridge Analytica type scandal. It is the job of the press to do so.

Personally, I think the YouTube recommendation algorithm is a huge problem. Once everyone understands it, that will be the relevant scandal.

How YouTube's recommendation algorithm makes everyone more extreme, in all directions: https://www.nytimes.com/2018/03/10/opinion/sunday/youtube-po...

How YouTube's recommendation algorithm causes creation of appalling content targeted at children: https://www.youtube.com/watch?v=v9EKV2nSU8w

It is harming our society in deep and scary ways.


You obviously dislike them and is willfully conflating a bunch of stuff but it's definitely not "the job of the press" to manufacture scandals.


The job they are supposed to do and the one they actually do are two different things.


https://myaccount.google.com/privacy is the place to go to double-check your own settings.


Google will say it is for better user experience, but we users know its a privacy breach. The same thing happened to me many times, without GPS switched on, without location history enabled, many times Google maps used to ask me to write a review about a place which i visited recently. Recently Google Drive asked for permission of using Wifi information. Why to ask permission just abuse it internally.


It's funny that when corporations track users to provide customers with content they find useful, people are up in arms about privacy violations; but when governments set up 24 hour city or nation-wide video surveillance, people are much more receptive. Given the relative risks involved (companies want to make it easier for you to buy stuff; governments can send you to prison) one would think it should be the other way around.


maybe because people don't want to become victims of crimes but they don't care as much if they buy the "best" TV.... but either way, the government has access of all the data ...


The governments have access to Google's data and Google will be more than happy to help send you to prison.


While I'm also not fond of the government side of surveillance, I think there is one major difference here for many people. And that is artificial creation of demand. Effective advertising can manipulate your wants and desires to convince you to desire things you really have no need or want of. And they go through every possible method to try to achieve this, including psychological manipulation. The reason I'm not fond of advertising is because I'm not arrogant enough to believe I'm immune to it. Collect enough data on me and you can probably create campaigns that would artificially push my interests towards things I would otherwise have 0 interest in.

When the government collects data on you the fundamental reason is to protect and grow itself, not to try to empty your wallet. Some of these data may end up getting, let's say, "leaked" and used for more self serving purposes by individual politicians or political parties, but that's at least a technically illegitimate use of the data, whereas such self-serving exploitative functions by corporations are the primary use of the data.


I wonder what really counts as manipulation?

Maybe you walk by an ice cream store and you think "I should get some ice cream". If the ice cream store wasn't there, you wouldn't have thought that. I'm sure someone could talk this up as "convincing you to want things that you otherwise wouldn't have wanted."

Maybe this is more of a problem for some people and a liquor store? But the advertising can just be: the store is there.

So much of advertising is attempting to remind people to think of things they already like, even when it's not physically present. It's a much easier sell than getting someone to try something new.

I can just mention Twitter and some people will think about checking to see what's new on Twitter.


I only used manipulation in reference to psychology. And there I meant it quite literally. Most recently an internal memo at Facebook indicated something literally described as a "psychological trick" to get teen users to use the platform. It relied on actively micro-targeting and misleading teens. Real classy stuff.

The word I used for general market targeting was exploitation. And no, in general the mere presence of stores is not exploiting individuals. However, if I see there is a large alcoholics anonymous group at a location and decide to build a liquor store right there because of that, this would certainly be exploiting individuals. But we need not just stick with moral platitudes. The issue is not the morality, in my opinion, but the active targeting of individuals.

Want to advertise deals on nails beside a hammer display? Sure, makes sense. Want to try to turn as large of swaths of the internet as possible into data collection nodes to try to siphon off each and every detail of individuals, trade these details among companies to build even greater profile collections, and then micro-target as finely as possible while appealing to everything you know your profile indicates drives this individual's decisions? I consider this exploitative. I'd say everything is then a sliding scale in between, but we're already far enough to the extreme end that it's not especially far off to assign many of the major American tech companies to what should be the hyperbolic extreme end of that scale.

-------

EDIT: Coincidentally enough, somebody just shared this [1] link. It's extremely related to this very line of discussion. Though again it relies on moral platitudes in that targeting children is somehow the heinous act. No, that may be particularly heinous but the fundamental problem is the way they actively target everybody. This is a quite demented industry we've created.

[1] - https://news.ycombinator.com/item?id=17750959


Another thing that might make definitions tricky: knowing your customers' desires and catering to their individual preferences is an important part of providing good service. Or at least it is when a person does it. Although, people can certainly be manipulative too.

Maybe one of the issues is that some forms of personalizations are hidden? A billboard is obvious to everyone. When an ad is seen by people who are not its target, this raises awareness of what's going on.


It has always seemed likely to me that Google tracks more information than one might immediately suspect, so I try not to do anything which might make it convenient for them. With reference to location, I leave GPS turned off essentially all the time, and I never enter any Google account credentials into an Android phone. I don't know how much it helps, but it can't hurt.


I guess I'm the only one here who actively turns Location History on. That way I do get the benefits like being able to exactly pin-point when I was where and I can make sure the data Google believes isn't wrong. Then if I don't want to be tracked I can just leave my phone at home and everything will look absolutely normal and no one is any wiser.


Slightly unrelated but something amazing and terrifying happened two days ago. I moved about 6 months ago and I keep a separate OS (Windows) for mainly gaming.

When I was waiting for some updates to finish, I was browsing HN and came across a Show HN that shows you food places etc (https://www.justgetmefood.com/ - https://news.ycombinator.com/item?id=17746497). Since I was on my gaming OS, I was not logged in to Google or any of my accounts, only Steam and some other non-important things.

I tried out the app, and it promptly showed me restaurants that were 20 minutes of walking distance, from my old place! Down to the street-number. Even though I never gave away the address on that operating system (also installed after the move actually). Somewhere along the pipes, Google picked up that this was me (IP probably?) but somehow mapped me to the old address.


Do you have multiple devices that connect to your router that could identify you?

Have you ever logged into any services like Google or use Google Search/YouTube/Maps on your gaming PC?

I still don't know if this is a Google thing. Browsers can share location and it may be possible that it's serving up the last known location because it can't provide the current one.


How about your wireless access point, did it move with you, and remain the same, possibly unique, "wifi name"?


Hm, good thought but no. New ISP, new modem and new router. None of the existing network gear was moved together with me. However, the wifi name was reused to be the same. But, the computer I'm on doesn't have any wifi so it wouldn't be able to know.


   «Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”
That isn’t true.…»

Can Google be sued for … lying?



I wish they had an alternate business model where you could pay to opt out of data collection on all their services, but until then I just don’t use them anytime I don’t need to.


In thinking about this there is some interesting irony in that the people that would pay to opt out are probably the last people Google would ever want to do this, as those are extremely high value accounts willing to pay for even relatively trivial digital services or 'features' as we might call this.


We're going to need a small army of lawyers who understand code and can subpoena repositories and databases to get out of this horrible dystopic nightmare.


This really sounds like certain (google employed) app developers aren't aware that they have to abide by certain setting values?


Wish there were a viable alternative to the duopoly--for now, Apple remains the lesser evil.


Buying that Sailfish phone was a prescient move in retrospect...


What part of Android is not FLOSS that makes harder for us to look into the code and guess where there's spying ?

Is there competition in Android distribution with all the features needed by most people (replacing GGL Maps with OpenStreetMaps etc.) ?


On a typical OEM Android device, there's likely more non-free software than free. Due to Android's permissive license, any OEM can change any part of the OS for each device and not publish the source code. On a Lineage or AOSP install, the only significant non-free part are hardware drivers and some library components such as RAR. While this isn't ideal, I doubt Google is spying through them. Using a Android phone without Google (using F-Droid, and OpenStreetMaps) is definitely doable but I don't think most non-geeks would even consider it. I used one for about a year and a half, until I went no-smartphone.

I think Eelo is trying to make a "user-friendly" distro, but it just looks like a coat of paint on top of Lineage+microG, I don't think there's much new to it.


Well, the core of Android is open source (as part of the AOSP), but Google's launcher, the Google Play Services which most apps rely on, lots of the apps which are installed by default, all driver code, etc. is all closed source.


Google Play Services are closed source, proprietary, and required for many third-party apps to run properly.

There is a project trying to offer FLOSS alternatives, https://microg.org/ but it's still pretty rough.


Am I the only person in the world that uses Timeline?

I don't use Google's search but I do use Timeline frequently and find it useful enough that it's worth the risk. So I understand the difference between these different privacy settings, which AP is calling "an issue". It's not an "issue". People are freaking out like frightened mice and making it into something it's not. Fear is the motivator here, not facts.

The ability to feed the Timeline app with location data is a separate thing from turning off all other apps' ability to use location data.

Why is this so difficult for people to understand? I know the answer. Viral fear shuts off your brains' ability to think. I answered my own question.


This is a typical engineer comment, completly removed from Joe user.


Everyone remembers decades ago, the fear of having a first/last name online.

That turned out to be significantly less dangerous than we anticipated.

What if our movements are similar? Everyone knows where you work and where your home.

Whatever the case, the next few years will decide if we value privacy or endless features.


That turned out to be significantly less dangerous than we anticipated.

...where "we" is limited to people in Western democracies with governments that don't oppress their citizens. People in countries that have less enlightened governments have often had a pretty bad time after posting things online in ways that security services have been able to monitor, track, and use as the basis for imprisonment and worse.

I don't believe that Google is passing data about people to oppressive regimes, but there are damn good reasons why people think privacy is important for all internet users.


The fact Google is making a search engine specific to China to meet their requirements for censorship opens the door for that very specific thing. First it's hiding results that the government doesn't want seen. Next it will be reporting who's looking for censored topics. It's a slippery slope.


Real names has led to people being fired people being fired. The fear around social media and guarding your profile is to prevent future employers, family and people you know in life from finding out things you do not wish to share. Being tracked with a real name attached creates these privacy issues.

The advertisers demanded but it lessens the experience ij many ways.


I dont care what your fullname is, but mind telling me what your address is and when you're leaving home with that 50' plasma TV for 2 weeks holiday?


A tv that has basically zero resale value?


A killer drone would have a much easier time eliminating someone knowing their location compared to just knowing their name.


For people who think this is BS: better not use Google products in Pakistan for example.


Same story for mobile service providers.

Cellphone companies have known your "exact" location for the last 20 years. There is a lot less oversight or scruples in the engineering teams of providers (that I have worked at) then I have seen at Google and the likes.

Nobody (but a couple of spies, smart crooks & prewarned govermental types) take any measures to hide from them, or complain about this information being available.

Luckily for us, telecom companies are not that smart|agressive when it comes to finding new revenue streams. Be it based on your (phone's) location or their excellent position to offer verified identity services, since they have a payment relation with all their customers.


Bullshit. They're great at it. They just don't tell you/"you" (general populace) don't bother to inform yourself about it.

See: Verizon buying up ad networks, CarrierIQ, etc


> Whatever the case, the next few years will decide if we value privacy or endless features.

Or if it's worth making cool new features that preserve the user's privacy. I don't see that there is an inherent tradeoff.


I think that cool features that protects user privacy is hard to come by because this is not the type of feature that brings money.

Protecting the user is (in most of the cases) fighting ads.


> That turned out to be significantly less dangerous than we anticipated.

Tell that to people who have been doxxed. Or people who have had their stalkers find them. Or people who have been arrested by oppressive governments...

The list goes on


This sounds like a male perspective. Women have a very different view on how safe they are when anyone can find out who they are and where they live.


What a sexist view.


I thought it was indisputable that women are stalked vastly more frequently than men, harassed more often online, and typically less comfortable being alone in dangerous areas.


Lack of scepticism, if anything.


Has having your SSN online become less dangerous since the Equifax leak?


Not really. I expected the Equifax leak to lead to a widespread move away from SSN being effectively your password for signing up for new financial accounts, but nothing has really changed as far as I'm aware.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: