(Also it looks like in the situation described in the article you linked, they didn't even use the data for ad targeting: "we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID".)
In summary, today's Google handles geolocation much better than telecom companies, but the mass of personal data Google collects makes their potential future activity concerning.
Being concerned about how Google could potentially in the future abuse all the data they've collected is a completely valid concern, but they're in no way a larger threat than the companies currently actively exploiting that data.
If it's easier to become a bounty hunter than a barber in Idaho, then almost anyone can track someones location without their knowledge. Odds are the data's being made available in other ways we're not even aware of. And think about the impact on battered wives, someone on the wrong side of a vendetta, hell even road rage. The possibilities are staggering.
> better said will target you with ads.
The difference between selling location data, and selling ad targeting, is the difference between actively stalking someone, and sending unsolicited spam to "Current resident" at "Every address in a city block".
What harm can I inflict to you, via targeted ads? Some. You can think of some creative ways to do so, but it's not a very effective way to inflict harm.
What harm can I inflict to you, via buying your location data? A hell of a lot.
If you don't trust Google to be a good steward of your data, that's one thing. But let's not conflate selling your data, with selling the ability to mass-advertise to a demographic that includes you.
Do you see how people have weaponized social media through data? Google ads might not have been used in a nefarious way just yet but that's likely because it hasn't been thought of.
What about someone showing you an untargeted ad? Where would that fit in?
 Or, if you prefer, a remarketing ad, instead. I have very little patience for those.
Remember how everyone got very hot and bothered about precisely this thing happening in a recent U.S. election?
If your problem is that advertising is used to manipulate public opinion - consider - why do we even allow political campaigns and paid speech? Its only purpose is to manipulate public opinion, and to trick stupid voters into voting for bad people.
I'm afraid your position is not entirely ideologically consistent with how we determine what kind of political speech is allowed, and is not allowed.
A while ago there were some fun articles about "how to prank your roommate by creating an audience of 1 and running creepily personalised adverts". What's the smallest demographic you can define on google?
As far as I know, advertisers never receive personal information from Google. Google hordes the personal information and shows advertisements (provided by the advertisers) to their users, using their personal information.
It would be rather contrary to their interests if they were to send their user's data to other parties. They'd lose their commercial leverage and their ad network would become less valuable.
Not to say that they shouldn't be making this demand, but we should all keep in mind that they're not doing this out of the kindness of their hearts or because it's the ethical thing to do.
To be honest, there really shouldn't be websites out there that know you and your family members and your phone numbers. This stuff should be under lock and key and require special PI licences to get access.
It's only a PR stunt if they publicized it -- it's not a stunt if they did it without making it public.
It's a PR win for sure, but that doesn't make it a PR stunt.
They're all just trying to take their competitors down a few notches. You can't take any company that wants to profit from advertising and data sharing/selling seriously in regards to "fighting for privacy".
Google was recently found to be illegally tracking Android users' location, once by "mistake" and the second time they were ignoring their location tracking opt-outs. I don't even remember their reasoning for the second one - but who cares, it was a lie anyway.
Practically speaking, I would think that Google's data is even more susceptible to be found in court and used in that manner than data held and passed on by smaller, relatively unknown apps that lawyers may not even know are installed on locked phones.
You have a good point about there being a larger surface area and more weak points when more than one entity handles data, but I'd also be wary of heavy-handed regulations along that dividing line. I don't think we need to give Google monopoly rights to another big chunk of the ad industry. If a user might prefer an entity other than Google handle certain pieces of their data (maybe they strike a more transparent and rewarding deal than Google), they should have that choice.
As long as your Google account remains secured and no one manages to sneak a 2nd Google Account on your phone, that is. Find My Phone is a real time tracker that can be abused e.g. by spouses or stalkers. IIRC only triggering the "audible ring" leaves a trace on the phone (a notification + the obvious sound), to check if someone used FMP for tracking one has to dive deep into the Google Activity Logs.
Only way to protect yourself is, of course, to disable GPS on the phone - but what if you want to use Maps or another navigation at the same time?
Not true, a notification is shown whenever the device is located.
Though if someone can "sneak a 2nd Google Account" onto your phone they can probably install something more nefarious and less observable.
The recommendation that you could disable GPS is pointless because if they could sneak a 2nd account on it they can also re-enable GPS.
Cell phone companies have your location regardless of whether or not GPS is enabled. You don't even need a smart phone.
So, the fact that the providers are keeping tabs on you and storing all that metadata for some government agency (cause you might be dangerous!), just means that they have discovered a way to recoup some of the investment costs. Thank your government, because the phone companies likely wouldn't have been this creative by themselves.
EDIT - for example I'm not sure the original "Bounty hunters" use case would be facilitated by Google's targeted ads. There's a big gap between "I might be able to target ads at people in a narrow geographical area" and "I can find our where someone lives"
In order to target adds "at people in a narrow geographical area" I need to know when those people are in that "narrow geographical area". I.e., I need to know their location to an accuracy good enough to say they are in that "narrow geographical area" (or in this case, their phones location, which is a good proxy for their location).
Once I can know "the phones location" to a level of accuracy to make "narrow geographical area" targeted ads profitable, all I have to do is average several overnight readings of 'location' together to get a very good estimate of "where someone lives".
The point of OP is that I can't use targeted ads to answer the question "Person X: where are they?".
With the result that you have to believe that the "targeted ads" provider is both secure and ethical.
"Secure enough" and "ethical enough". Plenty of organisations know stuff about me that I'd prefer not to be public or sold to the highest bidder. They might leak it to the government or one day be the target of a megahack - but I file that under either "meh" or under "acceptable risk".
Maybe you want multiple companies competing in the same realm rather than Google handling most of the private data and becoming incredibly powerful. Maybe you want to unmask Google's motives so as to not play into their PR strategy.
Sure "unmask" their motives, but it's also worth considering if their actions are a net good or not.
So we could come up with a hundred explanations for why Google took this action in this thread, some cynical, some conspiratorial, some altruistic and idealistic. And frankly, half of them would probably be sort-of correct, in that one or more of the decision-makers and their advisers might have considered that point or used it as a basis of their decision.
Occasionally you can state cleanly, "Company X did Y because Z", but it's usually more complicated than that. And when it is a case of "Company X did Y because A, B and C and despite I, J, K", you rarely have the information to reason out all of the variables that went into a decision, unless the matter is of such historical importance that you get the 27 books written after the fact based on years of investigation and interviews.
In Canada our two major wireless providers (oligarch) own most of the content providers as well.
These giants are most definitely involved in advertising at some level.
In India Google operates one of the largest Fiber Backed project called Railwire. It's a GOI enterprise, but we can say that officals are effectively bribed to participate in data harvesting schemes and enriching a few officials and one big American company.
Google offers this company internet technology expertise in return of harvesting data from railway stations, Users of the ISP called Railwire.
Basically, they set your DNS to Google's DNS and Google captures what websites are popular in these specific regions.
You can change your DNS obviously but 90% users don't bother and it doesn't save you from deep packet inspection.
Google also harvests non Https websites and run deep packet inspection of the traffic.
Why would it provide its tech expertise for free?
Google makes it pretty clear that they do not sell any personal information to advertisers: https://safety.google/privacy/ads-and-data/
So, in many ways they don't sell a person's data to advertisers, per se. However, they do control access to people located in a given area. Not sure there is much of a meaningful difference, for most people.
Facebook’s used that like, too.
"Google Ads location targeting allows your ads to appear in the geographic locations that you choose: countries, areas within a country, a radius around a location, or location groups, which can include places of interest, your business locations, or tiered demographics.
Location targeting helps you focus your advertising on the areas where you'll find the right customers, and restrict it in areas where you won't. This specific type of targeting could help increase your return on investment (ROI) as a result."
In a sense Google is spyware and adware at the same time. It shame these two terms are used less now then they used too, since they lost their meaning when so many apps and your Android phone itself is one.
That’s what the phone carrier is doing.
They monetize location, but from my perspective they do so in a way that’s more respectful of the person, because it’s in their interest to do so.
The carriers just sell data points and lack the ability or desire to add value to them.
Disclosure: I work at big G, not on ads.
However, it's still selling personal information to adbuyers. And, I don't think you can say "nobody is successfully using ads to determine ad clickers general location with a X mile radius".
This surveillance thing is getting out of hand and Google is annoyed that shady corporations tries to get ground which might bring new laws.
Of course. And I'm sure that you can find some people who would get riled up that they incremented a counter in a location-oriented semi-anonymous bucket of clicks. But I think most people are substantially less riled up about that than they would be if Google were actually disclosing their individual locations directly to buyers. It seems like a lot of the anti-Google folks on here equivocate between these two, and I speculate it's because consciously or subconsciously they realize the latter narrative is much more emotionally compelling to a much broader segment of the population. To me, that's deceptive rhetoric.
- they don't get your location if you don't click on the ad. Since people don't click on ads very often, only rarely does an advertisers get a person's location, and without a name attached.
- Mobile phone companies were letting people query a user's location based on their real name. How would you do that with advertising?
We need to move beyond one-bit thinking. Location-revealing services aren't all the same.
Depending on a user's location settings, we may be able to use a precise location for advertising, based on one of these sources of location data:
GPS: Accuracy varies depending on GPS signal and connection.
Wi-Fi: Accuracy should be similar to the access range of a typical Wi-Fi router.
Bluetooth: If Bluetooth and/or Bluetooth scanning are enabled on a device, a publicly broadcast Bluetooth signal can provide an accurate indication of location
Google's cell ID (cell tower) location database: Used in the absence of Wi-Fi or GPS. Accuracy is dependent on how many cell towers are located within an area and available data, and some devices don't support cell ID location."
Geo IP data is accurate ~85% at the city level and ~99% at the state level, meaning they're approximately the same.
One way it leaks is that an advertiser generally knows what ad campaign a user clicked on. So if that ad campaign was only sent to a particular location, you know where the user was when they clicked on the ad.
These advertiser websites know your city already by the act of you visiting their website.
"You can choose one of the default radius settings or set a custom radius from a minimum of 1 km to a maximum of 1,000 km."
Knowing that someone in 6,000 people in an area clicked on your coffee ad is not leaking GPS data. Which is probably why bounty hunters are buying the data directly from cell carriers and not running targeted Google ads.
It's also not "one in 6,000 people" if it's someone who signs up for some service via the ad. That particular someone might not realize that the service knows their location.
The point in 1:6,000 is that whether it's ad targeting or just regular internet traffic, there isnt enough specificity to "leak" data about the person.
You can split hairs over, "Well what of they join that 1:6000 with other PII" and it's the same with Geo IP. The user gives up that data but it's not different than just visit the page normally.
I'm confused by your reference to me and my concerns. This isn't a discussion about me; I was making a point about leakage of location information.
Unpopular opinion: I feel like this is further evidence of Google being good stewards of user data.
There are many reasons Google may want to protect this data: They don't want user backlash from revelations like this, they don't want to have to be legislated, they don't want the PR spend of having to recover from such reporting. Or it could be that it is a company built of people who find such protection to be important.
They have more information about you that they choose not to sell than you can even imagine. They literally set the high-bar for PII and other types of tracking data.
The only ones who know nearly as much are Telcos and they have been openly selling and sharing all of your info to governments and shady shell corporations since day 1.
Edit - Forgot that Facebook is catching up to Google on data and they have been a leaky cup since day one as well.
But the fact that Google (or any centralized entity) has aggregated so much detailed information on billions of people's personal lives is itself a threat to global/national security.
What happens when that data is hacked/leaked and then sold to the highest bidder (who isn't interested in advertising)? That data could be easily weaponized for a shocking/devastating attack the likes of which we have not seen since the first atomic bomb.
But I'm on the outside looking in, someone with more hands on can probably provide more details.
Are you implying Google can't access their own data?
100% security is a dangerous myth. No internet connected system is impervious to hackers.
It really is a ticking time bomb.
When it comes to siphoning location data from Android devices, it looks like Google only cares about updating its help pages, and not really about addressing the actual points in such a backlash. There is no evidence on this topic that Google cares about a backlash or PR spend or anything else. All its actions show that Google wants more and more data, and that it wants to be the one that gets all the data.
The other one AFAIK doesn't sell user data, has publicly denied to help the FBI (Have other companies done that? If not then they assume complied), and has put in a large amount of effort to protect privacy (It's one of the main arguments of why IOS/OSX is so locked down).
Obviously this doesn't mean apple doesn't do bad things behind the scenes, but based on the information available to us is why people trust them more with privacy then google.
Google literally lead the charge on this with their transparency report for government data requests and won huge victories in allowing for the reporting of things like FISA requests.
It's great that Apple has followed Google's lead and also publishes a transparency report, but their own report also clearly shows that they DO comply with government requests: https://www.apple.com/legal/transparency/us.html
And both Google & Apple have comparable percentages of requests honored per their own reports.
Regardless an "assume complied" is an illogical position to take here. Assume a company did work that they didn't have to for one-off requests? That's a safe thing to assume they didn't do. Assume they did nothing, because that's way easier, cheaper, and simpler for them. Which means assume they didn't help anyone, including the FBI.
> large amount of effort to protect privacy (It's one of the main arguments of why IOS/OSX is so locked down).
No. iOS / OSX are locked down to prevent competition. There's no privacy benefit in keeping the user from poking at their own device.
Apple did a lot of work specifically to enable apps to do things like track a user's location in the background. Things that didn't used to be possible, but which Apple put in work to do. The only significant thing they did here on iOS was make it a runtime permission, which other platforms have similarly done. OSX continues to have no real restrictions or enforcement for apps, except to try and prevent you from installing them outside of the app store.
They put more effort into bragging about their privacy than they did in actually improving privacy. Advertising turns out to be extremely effective, as Apple frequently proves.
Apple is saying "we do not want to write code to compromise device security", which is different than "not helping the FBI". They are obliged to and do provide access to things like iOS backups, etc.
These companies are neither good nor evil. End of the day, if you care about privacy, cleartext cannot be in the custody of a third party.
> Apple specifically avoids these types of products.
No, Apple specifically partners with the companies selling this stuff and don't care at all. They could easily issue a statement saying they disagree with those they shake hands and share money with, but they won't. Google will though.
Companies are companies, they don't "care" about privacy, or anything at all. Google, Apple, Facebook, they're all in this for the money. And that is fine.
The sooner we realize that, the better.
Take the Google/China situation. If Google entered China and handed over all info on Chinese users to the government, it would be doing exactly the same that Apple does now.
Just like other companies, Apple cares more about profits than privacy, so it will operate in China for the profits, even if it has to infringe on the privacy of every single user there.
You enjoy using iMessages on your android phone and Linux laptop do you?
Yeah, yeah, it’s different. Except that it’s the same in the areas in which each competes. There’s plenty of examples of Apple freezing out others from a market.
I have had times where it took 45 minutes to reach Fi support which was very frustrating. And looking on the Google Fi subreddit you're not the only one with the shipping issues. That being said, I've only had outstanding interactions with their support department. I had reoccurring problems with my Nexus 6P and they RMAd it several times, overnight.
I've found their coverage and WiFi calling to be better here in Mountain View than Verizon. It is hard to beat their experience when travelling internationally, you pay the same as you would domestically, and you have access to the high speed networks. The Fi app is beautiful, and doesn't try to sell you anything. I recently checked out the Verizon app and its 90% ads and 10% useful.
It's great for domestic and international travel and I don't have to worry (as much) about my number getting ported, so big security win.
Their service and support have been wonderful, including replacing a device twice (with overnight shipping) free of charge, outside of warranty.
I haven't had a desire to cancel my service, so I can't help you with the cancel button being missing. :)
Is that so "evil" that it somehow outweighs the hundreds of open-source projects they've released? Or the extremely useful free-services they provide like Maps and Search? The thousands of jobs they've created in our industry? The new protocols they've released for free to the IETF? The security bugs they've helped uncover?
Google does an immense amount of good for society. I don't understand how people can so easily lose sight of that.
- They release good versions of existing products, let people use it for free or cheap, and then (when all the other companies making said product type give up because they can't compete), they discard the product and leave people without any version of it.
- They forced a horrible social platform on everyone. I don't have a problem with them creating the platform; experimentation and variety are good. I do, however, have a problem with them forcing people to use it in order to use other products they own.
- There's other items in my list of reasons to think Google is out for it's own benefit, and the rest of us can slowly die as long as they make money.
Note that I was born in India and have different views than American citizens due to having first hand experience with what information can do to transform lives.
Compare to Apple, which actually handed over the iCloud keys of all its Chinese customers to the Chinese government.
We should continue to pressure Google to make fewer mistakes like these, but let's not pretend they're in the same league as truly bad actors like Apple and Facebook when it comes to privacy.
Hey, stop doing that, please?
Just like they made a big stink about getting everyone to HTTPS. It wasn't to reduce 3rd party incidental access to your browsing data. It was to retain their 3rd party incidental access while icing out ISPs.
> "We have never sold Fi subscribers' location information,"
In other words "we never directly sold the info, but we never contracted them not to do anything with subscribers' location information". In cases like this, I'd say you are responsible for downstream data use. This isn't some API or hole, this is a large b2b contract and Google should have contractually obligated them to what they could do with their subscribers' data and then sued when they found out it wasn't the case. Why didn't they? Either leverage (Google has to rely on someone), ignorance (doubtful), or apathy (we don't care until the media does). I'm inclined to guess #1 and #3.
> a Google spokesperson told Motherboard in a statement late on Thursday.
In other words, we had to ask and get a small statement because being open, upfront, honest, etc is not their approach.
> "[...] as soon as we heard about this practice, we required our network partners to shut it down as soon as possible [...]"
In other words "we have asked, refuse to say whether they agreed, refuse to say when it will happen, and in general are as opaque as those we are deflecting towards".
Obviously the cell carriers are bad actors. But deflecting instead of accepting responsibility is bad too. Just admit you have no leg to stand on because you require them, or show us where, in writing, they promised to do this and when. Can't do that? Yeah, because you're not in control and/or your shitty business practices are all behind closed doors. And I don't limit this to Google, this goes with anyone partnering with these companies (especially the more traditionally reticent ones). Be open or get hate.
You don't seem to understand how the press works. When you write an article about a company (or a public figure), you reach out to them for comment.