I mean sure. Google certainly doesn't want wireless carriers to compete with them in advertising, and everyone having access to location data from smartphones just devalues Google's own access.
The big difference is Google doesn't sell that data to third parties; they just use it for ad targeting. There's a big difference between the company that makes my phone's OS knowing my location, and anyone willing to pay a few bucks knowing the same.
(Also it looks like in the situation described in the article you linked, they didn't even use the data for ad targeting: "we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID".)
The difference exists only to the point that Google is an ethical owner of the data. I'm concerned that Google is in the business selling products based on a monopoly of consumer data. These products are likely to become more and more invasive as time goes on.. It's possible that a future Google product will become a larger threat to privacy than geolocation because they have a wider variety of data collected.
In summary, today's Google handles geolocation much better than telecom companies, but the mass of personal data Google collects makes their potential future activity concerning.
A bounty hunter can't call up Google and get access to my location. If i were on T-Mobile or Sprint, they could[1]. This is not a theoretical difference.
Being concerned about how Google could potentially in the future abuse all the data they've collected is a completely valid concern, but they're in no way a larger threat than the companies currently actively exploiting that data.
Right? And why is everyone talking about how bad Google is when AT&T, Verizon, T-Mobile, and Sprint are selling our freaking location?!? It's nuts!
If it's easier to become a bounty hunter than a barber in Idaho, then almost anyone can track someones location without their knowledge. Odds are the data's being made available in other ways we're not even aware of. And think about the impact on battered wives, someone on the wrong side of a vendetta, hell even road rage. The possibilities are staggering.
I have no idea where this inherent trust in people comes from. Google has shown again and again that they are just like any other company in this system.
That's pretty much a straw man argument. Any company in the ad business will exploit collected data to the extent possible by law. Whether that data resides solely with one company or with many won't change that. The fundamental question we should be asking ourselves is what a company is allowed to do with our personal data.
As far as the advertising is concerned Google is no different(and so FB etc). Anyone with few bucks will know your location or better said will target you with ads. With Google they won't target only by location because as you said Google makes the OS so it knows pretty much everything about you.
Please show me where I can buy thefounder's location data from Google. Which service is that, and how much do I need to pay? I can't find it at https://www.google.com/about/products/
> better said will target you with ads.
The difference between selling location data, and selling ad targeting, is the difference between actively stalking someone, and sending unsolicited spam to "Current resident" at "Every address in a city block".
What harm can I inflict to you, via targeted ads? Some. You can think of some creative ways to do so, but it's not a very effective way to inflict harm.
What harm can I inflict to you, via buying your location data? A hell of a lot.
If you don't trust Google to be a good steward of your data, that's one thing. But let's not conflate selling your data, with selling the ability to mass-advertise to a demographic that includes you.
> What harm can I inflict to you, via targeted ads? Some. You can think of some creative ways to do so, but it's not a very effective way to inflict harm.
Do you see how people have weaponized social media through data? Google ads might not have been used in a nefarious way just yet but that's likely because it hasn't been thought of.
With ratings, on a scale of one to ten, how would you compare the individual harm of someone showing you a demographic-targeted ad[1], to someone having the real-time location data sufficient to start physically stalking you?
What about someone showing you an untargeted ad? Where would that fit in?
[1] Or, if you prefer, a remarketing ad, instead. I have very little patience for those.
The harm to me isn't the harm of someone showing me a demographic-targeted ad, the harm is someone showing everyone demographic-targeted ads designed to manipulate public opinion.
Remember how everyone got very hot and bothered about precisely this thing happening in a recent U.S. election?
Why are cookie-based demographic-targeting ads that manipulate public opinion bad, while demographic-targeting ads on television, in magazines, etc, are fine? Is it because more targeted ad spend is more efficient?
If your problem is that advertising is used to manipulate public opinion - consider - why do we even allow political campaigns and paid speech? Its only purpose is to manipulate public opinion, and to trick stupid voters into voting for bad people.
I'm afraid your position is not entirely ideologically consistent with how we determine what kind of political speech is allowed, and is not allowed.
Unless you are on the run the location data is not really that valuable. I could physically stalk you after all without buying the data from telecom companies. With Facebook the advertising can be quite precise. I remeber I read somewhere that you could actually target specific persons.
> selling the ability to mass-advertise to a demographic that includes you.
A while ago there were some fun articles about "how to prank your roommate by creating an audience of 1 and running creepily personalised adverts". What's the smallest demographic you can define on google?
As far as I know, advertisers never receive personal information from Google. Google hordes the personal information and shows advertisements (provided by the advertisers) to their users, using their personal information.
It would be rather contrary to their interests if they were to send their user's data to other parties. They'd lose their commercial leverage and their ad network would become less valuable.
Yeah, I was going to say... Of course Google made this demand. It's a no-brainer. Not only does it help ensure their competitors aren't profiting from the same data that Google does, but also its a beautiful PR stunt.
Not to say that they shouldn't be making this demand, but we should all keep in mind that they're not doing this out of the kindness of their hearts or because it's the ethical thing to do.
I much much much rather have the companies with a public image to uphold be the keepers of this data. There are soooo many scuzzy people out there. Beyond that, the US is highly due for both public records laws that make sense in the internet age, as well as digital data as a product, needs to have similar laws put in place.
To be honest, there really shouldn't be websites out there that know you and your family members and your phone numbers. This stuff should be under lock and key and require special PI licences to get access.
That's fair, I couldn't think of the term "PR Win" and chose the next closest thing to communicate what I wanted, but knew it was slightly off. Thanks for the correction
It's actually not so different from seeing Verizon lately "fight for user privacy" by lobbying for bills that would regulate "edge providers"-only, as opposed to lobbying for more general GDPR-style privacy bills that would also affect them. They actually did the opposite previously and fought to get the new FTC chairman to kill the broadband privacy rules "so that they can be on equal footing with Google/Facebook" (right before asking for regulation against Google/Facebook later on).
They're all just trying to take their competitors down a few notches. You can't take any company that wants to profit from advertising and data sharing/selling seriously in regards to "fighting for privacy".
Google was recently found to be illegally tracking Android users' location, once by "mistake" and the second time they were ignoring their location tracking opt-outs. I don't even remember their reasoning for the second one - but who cares, it was a lie anyway.
I think there is a difference between allowing ads to target an area and selling someone's real time location. I'm against the collection of data generally because that data can always end up in court, but Google has never given people access to my real time location.
Google's own location timeline also can be used in court, and is updated in near real-time.[1]
Practically speaking, I would think that Google's data is even more susceptible to be found in court and used in that manner than data held and passed on by smaller, relatively unknown apps that lawyers may not even know are installed on locked phones.
You have a good point about there being a larger surface area and more weak points when more than one entity handles data, but I'd also be wary of heavy-handed regulations along that dividing line. I don't think we need to give Google monopoly rights to another big chunk of the ad industry. If a user might prefer an entity other than Google handle certain pieces of their data (maybe they strike a more transparent and rewarding deal than Google), they should have that choice.
> but Google has never given people access to my real time location.
As long as your Google account remains secured and no one manages to sneak a 2nd Google Account on your phone, that is. Find My Phone is a real time tracker that can be abused e.g. by spouses or stalkers. IIRC only triggering the "audible ring" leaves a trace on the phone (a notification + the obvious sound), to check if someone used FMP for tracking one has to dive deep into the Google Activity Logs.
Only way to protect yourself is, of course, to disable GPS on the phone - but what if you want to use Maps or another navigation at the same time?
> IIRC only triggering the "audible ring" leaves a trace on the phone (a notification + the obvious sound), to check if someone used FMP for tracking one has to dive deep into the Google Activity Logs.
Not true, a notification is shown whenever the device is located.
Though if someone can "sneak a 2nd Google Account" onto your phone they can probably install something more nefarious and less observable.
Yeah, if someone hacks my phone/account, then they will have access to my location. If that happens them having my location ranks pretty low on my list of concerns.
The recommendation that you could disable GPS is pointless because if they could sneak a 2nd account on it they can also re-enable GPS.
Cell phone companies have your location regardless of whether or not GPS is enabled. You don't even need a smart phone.
We are talking the cell providers here, disabling GPS only slows down the initial positioning as LTE has a number of alternative ways to determine your location. That is required in places like the US were its mandated by law (E911 IIRC) that the providers are capable of providing your location to government services in real time (like 911).
So, the fact that the providers are keeping tabs on you and storing all that metadata for some government agency (cause you might be dangerous!), just means that they have discovered a way to recoup some of the investment costs. Thank your government, because the phone companies likely wouldn't have been this creative by themselves.
Well, kinda but there's some definite shades of gray here.
EDIT - for example I'm not sure the original "Bounty hunters" use case would be facilitated by Google's targeted ads. There's a big gap between "I might be able to target ads at people in a narrow geographical area" and "I can find our where someone lives"
Unfortunately, the data underlying both use cases is the same.
In order to target adds "at people in a narrow geographical area" I need to know when those people are in that "narrow geographical area". I.e., I need to know their location to an accuracy good enough to say they are in that "narrow geographical area" (or in this case, their phones location, which is a good proxy for their location).
Once I can know "the phones location" to a level of accuracy to make "narrow geographical area" targeted ads profitable, all I have to do is average several overnight readings of 'location' together to get a very good estimate of "where someone lives".
I'm saying that the underlying data is the same for both, so allowing one (targeted ads based on location) provides the data necessary for "locate where someone lives/works/hangs out/etc.".
With the result that you have to believe that the "targeted ads" provider is both secure and ethical.
> With the result that you have to believe that the "targeted ads" provider is both secure and ethical.
"Secure enough" and "ethical enough". Plenty of organisations know stuff about me that I'd prefer not to be public or sold to the highest bidder. They might leak it to the government or one day be the target of a megahack - but I file that under either "meh" or under "acceptable risk".
I trust Google a lot more than I trust all of these telcos. I think the big difference is while Google does have pretty much all my info, I know they do and roughly what they do with it. Flip side, I know the cell providers have some of my info but I've no idea what happens to it once it's sold.
While I understand the sentiment of this comment, isn't it still a good thing to reduce the number of companies with this data? As the companies that track your location goes down, it becomes easier to argue against the other ones doing it. Plus in the very least less places that could leak the data, so it would still be some form of progress.
>isn't it still a good thing to reduce the number of companies with this data?
Maybe you want multiple companies competing in the same realm rather than Google handling most of the private data and becoming incredibly powerful. Maybe you want to unmask Google's motives so as to not play into their PR strategy.
When the product involves selling my data to anyone, including bounty hunters, how does having multiple competitors benefit me? Unless I’m the one buying data on someone else?
The first point sounds like a defeatist mentality (of course assuming we share the ideal of our location data not being sold and if possible even stored) - at what point would we be able to push companies away from using location data if we are afraid it will make the others more powerful?
Sure "unmask" their motives, but it's also worth considering if their actions are a net good or not.
Google is not only worried about the competition, they are more likely more concerned with potential legislation. There is now bipartisan support for legislation to stop this practice. It could soon be next that there is regulation not allowing sale of this info or advertising based on it.
Consumers don't expect to be GPS tracked everywhere and have companies profit on that data. Granting location permission to us here means that because we know, but most people would consider giving weather.com access to your location just helpful to get your forecast. Even if it is nestled in the privacy policy. What is next? You download a camera app and then every photo is sent to someone who turns AI on it to learn about you? (could already be happening) Oh but it was in the privacy policy that we may share data with third parties.
I would also like to point out that corporations are made of people, many people, with diverse opinions, beliefs and motivations, and that corporate actions frequently arise from multiple decision-makers within a company.
So we could come up with a hundred explanations for why Google took this action in this thread, some cynical, some conspiratorial, some altruistic and idealistic. And frankly, half of them would probably be sort-of correct, in that one or more of the decision-makers and their advisers might have considered that point or used it as a basis of their decision.
Occasionally you can state cleanly, "Company X did Y because Z", but it's usually more complicated than that. And when it is a case of "Company X did Y because A, B and C and despite I, J, K", you rarely have the information to reason out all of the variables that went into a decision, unless the matter is of such historical importance that you get the 27 books written after the fact based on years of investigation and interviews.
Your comment doesn't make any sense. Wireless carriers will always have access to location (based on cell towers) and don't have successful advertising businesses.
In India Google operates one of the largest Fiber Backed project called Railwire. It's a GOI enterprise, but we can say that officals are effectively bribed to participate in data harvesting schemes and enriching a few officials and one big American company.
Google offers this company internet technology expertise in return of harvesting data from railway stations, Users of the ISP called Railwire.
Basically, they set your DNS to Google's DNS and Google captures what websites are popular in these specific regions.
You can change your DNS obviously but 90% users don't bother and it doesn't save you from deep packet inspection.
Google also harvests non Https websites and run deep packet inspection of the traffic.
The catch here, in many ways, is Google owns the advertiser marketplace. Literally, if you want to sell ads on common android settings based on a user's location, you have to do it with Google's data.
So, in many ways they don't sell a person's data to advertisers, per se. However, they do control access to people located in a given area. Not sure there is much of a meaningful difference, for most people.
Yes which is also in their interest because once personal information is sold someone else can use it without going through Google. And they benefit by having more personal information than anyone else. Instead they sell access to advertising on very personal information to you via them as a proxy. I don't see that being that much better and it is almost impossible to avoid. Which is why Google is worried if the government starts cracking down further on this it will hit them too. I don't want Google selling any information about my location or carriers as well directly or indirectly
Facebook also doesn't sell personal information to advertisers. Both Facebook and Google let advertisers target ads based on location and other personal info, which is not the same thing as actually providing that information to third parties.
I suspect JumpCrisscross is referring to the data leak scandals via the API that have been in the news in the last year. Of course, this was also not Facebook selling information. Rather, it was Facebook allowing users to share information about their friends automatically and without the friends' consent via the API. Not great, but not selling user information either.
But they do. They let them target ads based on your location. It's the same thing as selling personal data. If someone clicks a location targeted ad the advertiser know the persons location.
"Google Ads location targeting allows your ads to appear in the geographic locations that you choose: countries, areas within a country, a radius around a location, or location groups, which can include places of interest, your business locations, or tiered demographics.
Location targeting helps you focus your advertising on the areas where you'll find the right customers, and restrict it in areas where you won't. This specific type of targeting could help increase your return on investment (ROI) as a result."
In a sense Google is spyware and adware at the same time. It shame these two terms are used less now then they used too, since they lost their meaning when so many apps and your Android phone itself is one.
And that's important. I'd rather just Google (which isn't great) have that information than literally anyone willing to pay $0.50 for it (which is infinitely worse).
You're not going to be able to uniquely target someone in a radius, since the minimum is 1km (and I guess Google would artificially widen the radius to prevent uniquely identifying people in sparsely populated areas). You've also got to entice them to click, and that's notoriously difficult.I mean it might work occasionally but it's never going to be the shortest path to surveiling an individual. I would guess that ~nobody is successfully using ads to determine individual people's locations.
Yes. I'm not saying it is as bad as selling the information verbatim to banksters to collect someone's debt.
However, it's still selling personal information to adbuyers. And, I don't think you can say "nobody is successfully using ads to determine ad clickers general location with a X mile radius".
This surveillance thing is getting out of hand and Google is annoyed that shady corporations tries to get ground which might bring new laws.
> And, I don't think you can say "nobody is successfully using ads to determine ad clickers general location with a X mile radius".
Of course. And I'm sure that you can find some people who would get riled up that they incremented a counter in a location-oriented semi-anonymous bucket of clicks. But I think most people are substantially less riled up about that than they would be if Google were actually disclosing their individual locations directly to buyers. It seems like a lot of the anti-Google folks on here equivocate between these two, and I speculate it's because consciously or subconsciously they realize the latter narrative is much more emotionally compelling to a much broader segment of the population. To me, that's deceptive rhetoric.
There is location leakage but it's clearly not the same because:
- they don't get your location if you don't click on the ad. Since people don't click on ads very often, only rarely does an advertisers get a person's location, and without a name attached.
- Mobile phone companies were letting people query a user's location based on their real name. How would you do that with advertising?
We need to move beyond one-bit thinking. Location-revealing services aren't all the same.
Website owners already have your general location based on IP - they're not getting 'leaked' any information from location-based ad targeting that isn't already available to them when you visit the site.
GPS: Accuracy varies depending on GPS signal and connection.
Wi-Fi: Accuracy should be similar to the access range of a typical Wi-Fi router.
Bluetooth: If Bluetooth and/or Bluetooth scanning are enabled on a device, a publicly broadcast Bluetooth signal can provide an accurate indication of location
Google's cell ID (cell tower) location database: Used in the absence of Wi-Fi or GPS. Accuracy is dependent on how many cell towers are located within an area and available data, and some devices don't support cell ID location."
They don't sell your location data, they sell targeting options for specific geographic locations. These are quite different. I'm okay with seeing an ad targeted at anyone within walking distance of a cafe. I'm not okay with my personal location getting sold to whoever thinks they have a valuable enough use for it.
Location information leaks from ad targeting. Maybe that doesn't bother you, but it might bother other people.
One way it leaks is that an advertiser generally knows what ad campaign a user clicked on. So if that ad campaign was only sent to a particular location, you know where the user was when they clicked on the ad.
Ad location targeting at best is in a 3 sq. km area, not 1 km. For an average city in the U.S. (like St. Louis) that's an aggregate density of 6,000 people.
Knowing that someone in 6,000 people in an area clicked on your coffee ad is not leaking GPS data. Which is probably why bounty hunters are buying the data directly from cell carriers and not running targeted Google ads.
It's a leak of location information, which is what this sub-thread is about. The location information was only inside of Google, and now the advertiser has it.
It's also not "one in 6,000 people" if it's someone who signs up for some service via the ad. That particular someone might not realize that the service knows their location.
And that's the same deal with Geo IP, which this sub thread is about.
The point in 1:6,000 is that whether it's ad targeting or just regular internet traffic, there isnt enough specificity to "leak" data about the person.
You can split hairs over, "Well what of they join that 1:6000 with other PII" and it's the same with Geo IP. The user gives up that data but it's not different than just visit the page normally.
Website owners already know your rough geographic location via IP address. If it's that big of a concern for you, you should route 100% of your traffic through a VPN.
https://qz.com/1131515/google-collects-android-users-locatio...