I recall from my time in Google Geo years ago that the idea of integrating Search and Maps was a big part of the "New Maps" release that happened around 2014. The rumor I heard was that someone (possibly even Larry himself) wanted to be able to have interactive maps directly on the search results page, so that the navigation from a search query to a map wouldn't involve even a page reload. So the big Maps frontend rewrite actually ended up merging MFE into GWS, the web search frontend server. I recall seeing maps hosted at google.com/maps around that time, but I don't know if that was ever launched fully or if it was just an experiment.
In any case, though, my understanding is that the technical capacity for this has existed for nearly 10 years now, just behind a configuration setting. So it's possible that this change is just a code cleanup. It's also possible that someone is trying to increase the percentage of searches that have location information, that doesn't seem terribly far-fetched either, and I can imagine lots of ways people could try to rationalize it as actually benefiting users. (Whether it actually does benefit users is of course debatable.)
It is absolutely bizarre to me how half-assed Google is with integrating its products.
I have a week of events coming up in Google Calendar each with a different event location. Why can't I see a map of all those event locations alongside the calendar with all the same event details listed? Why can't I associate a Google Calendar event with a specific album or set of photos in Google Photos and see those in the map and calendar as well?
This is why I'm building https://visible.page with my brother. We have all these capabilities of visualizing data on the web, yet no one has actually put them together in a convenient and consumer friendly way to visualize any type of information together in one place.
All these big tech companies seem to just give up on any kind of significant innovation as soon as they reach a certain level of monopoly on their market. Twitter, Spotify, Facebook, Google, etc. I can think of a dozen significant feature experiments they could try that would make my daily life better using those tools yet they don't.
> It is absolutely bizarre to me how half-assed Google is with integrating its products
The answer can be summed up in one word: "privacy".
There are two forces at play here. One side wants privacy. When they give data to Google Calendar, they don't want Google Maps or Ads know about it. The other side (your opinion above) wants more integration between services.
In this political climate, the privacy side has an edge. This means if Google Photos want to access data on Google Calendar to provide the integration you asked above, they will have to jump through multiple quarters of privacy reviews, with a very high odd of being shutdown.
> All these big tech companies seem to just give up on any kind of significant innovation as soon as they reach a certain level of monopoly on their market
After I see how the sausages are made, I think claims like these are naive. It's worth learning more about the factors at play before criticizing something. More often than not, the agents are acting pretty rationally based on the situation.
first, showing maps for a location it is already showing on the screen... the data is already all there. it is pure and simple calendar team didn't want to bother using maps team's api. nothing else. nobody had a meeting and decided against it because of user privacy.
second, no matter the product, the only integration all of them MUST have is to both advertising and profile. those two internal apis respectively serve ads against your profile (ssp) and add events to your profile to later target ads.
so no, absolutely nothing on google deserve the privacy argument.
The privacy argument doesn’t make sense to me. The addresses are already in Google Calendar. They don’t need to be saved into a different service to be viewed anonymously in Google Maps. You can already do it in Google Calendar for one event/address at a time.
Yes there are business/internal-politics reasons why some obvious features or experimentation doesn’t happen, but those aren’t necessarily good reasons beyond short term benefit to specific individuals at a company.
But I do think some of it can generally be blamed on large companies losing their ability to be nimble due to the inherent friction of the politics and logistics that build up as an organization grows.
FWIW, I worked on the integration with calendar and maps - the GP comment is exactly right, it was due to privacy concerns. The terms of service for Workspace say that user data can never be used for anything not related to Workspace, so moving any user data from Workspace to another service has to be done very carefully.
In the example of this integration, allowing it to open in the sidebar was okay because it was a user action, and there is some data anonymization that happens (I don't recall the details, this was a few years ago).
But we couldn't share a list of your appointments with maps ahead of time to allow them to generate the view you describe, because there wasn't a way that guaranteed that the data wouldn't be associated back with the original user.
I don't think privacy has anything to do with it. Google Maps doesn't need to capture any user data to implement OP's suggestion. Google Calendar just needs to render a map with a set of locations marked on it using Google Maps. It doesn't need to tell Google Maps what or who the locations are for. This is something Google Calendar should already be able to accomplish using a public API. All other aspects of the feature could be implemented as part of the Google Calendar service without any further integration with Google Maps.
Further, I don't think users are generally against services using the information - which the user has presumably already provided intentionally - to better serve them. The problem is when that information is shared with third parties or used for purposes which are not obviously in the users' best interests. IMO, any user data stored externally should be subject to an opt-in permissions system which strictly defines how the data can be used. That doesn't stop companies like Google from being able to offer me useful services that I might actually be interested in. The notion that privacy discourages innovation is just silly.
After I see how the sausages are made, I think claims like these are naive. It's worth learning more about the factors at play before criticizing something. More often than not, the agents are acting pretty rationally based on the situation.
All of these concerns could be trivially addressed by leaving them up to the user. Add the necessary controls to the user account page, pick default settings biased in favor of privacy, and allow users to change them if they prefer.
IMO you’re spot on. The catch being that between showing an ad and matching photo locations, the former has a near straight impact on the bottomline while the latter is murkier. When both are going through reviews, that’s a lot of weight difference in the arguments and we’ll see more of one that the other.
The answer can be summed up in one word: "privacy"
I don't understand this.
Once Google has my data, how does it affect my "privacy" if Google Service A shares it with Google Service B?
I'm somewhat privacy conscious, but I don't understand the concern there. I assume that once I give them my data, they're already doing whatever with it internally.
It's amazing to me that people have already forgotten that Google had in fact already successfully done that with Google Inbox. It's not that they weren't able to do it.
It's that in their infinite wisdom they shut it down. Just like they shut down hangouts in their infinite wisdom.
what even was project inbox? at most five people used it.
hangout is now integrated in meet, which is integrated in gmail.
it's google doing a microsoft/apple and trying to be the leader in video calls/remote work/remote classes by forcing people to have it ready just by having the gmail app.
just like apple with facetime (but they have no idea how to expand on it) or Microsoft adding teams to windows status bar, you like it or not.
Both AOL and Google had, around the same time, secondary mail interfaces that provided extra features. Google's was Inbox; I've forgotten the name of AOL's. They were quite similar to each other, with each slightly better than the other in some ways. Both sites were slower* to load than AOL's and Google's standard email interfaces. Neither reached the market penetration or current-account conversion management wanted., and those of us who used them were sad to see them go.
* Google eventually added so many features to Gmail that they had to add a progress bar during page load.
An example of poor google integration that bugs me from time to time - when you search for a geographic feature, the info panel shows a great preview map with the outline of the feature. E.g. https://www.google.com/search?q=rhine+river
If you click into google maps, the outline is gone. Searching "Rhine River" just puts a marker at one point along the river.
This is not the case for me. I just now searched in mobile Chrome for "Lakeview Chicago" and the mini-map static image has a purple outline around the neighborhood. Clicking on that took me to Google maps with the neighborhood outlined in a red dotted line (which is harder to see, but obscures less of the other features/labels on the map). This was on Android, in the maps app, just now, but I've seen the same thing in a desktop browser.
Ah, you're right. It looks like the issue I'm complaining about only happens for "line" features - e.g. a river, or a road (https://www.google.com/search?q=route+66).
Innovation, oh my, sometimes it feels like the fat ones (and, by proxy, everyone else) are living in some alternate fantasy world where the mantra "you're not gonna need it" is taken to the extreme, so they're not even trying.
The pendulum should swing back to complex and more complicated interfaces sometime — but right now these are the dark times where, for example, Netflix, this huge, popular movie and show library, doesn't even have a way to find out exactly what movies with some actor or director it has available. It's hard for me to wrap my head around that.
Your project does look useful and on point though!
The rumor/theory I have heard about Netflix is that increasing discoverability too much would allow people to see two negative traits of Netflix: How often things come and go from the platform (which other apps like Criterion Collection embrace), and just how limited their library actually is at a given time.
Scroll through recommendations. It looks like they have hundreds of great movies for you to watch! And yes, technically they do. But look how many times they try suggesting the same movies in different categories, inflating the view in a way to make the library seem bigger. One movie might show up "Because you liked comedy..." then "Because you watched <comedy movie>" then "Light-hearted movies".
TLDR money and masking their poor library quality.
I wonder if AppleTV's atrocious single-line onscreen keyboard fits into this picture of making things less discoverable, or if it's just an extreme of form over function.
Definitely not, because Apple gives users the ability to type search in on an iPhone or iPad instead of using the apple TV remote. They also let you do voice-to-text, which is nice.
I’m about to enable the new Facetime Live Transcription feature in iOS 16 so my wife can have conversations with her father, who is rapidly losing his hearing. For this reason (and I can think of many) I strongly disagree.
Fair enough, but that’s also a cool new feature that drives sales.
I meant it more like, why wouldn’t they fix this objectively bad input mechanism? It would take tiny effort but it wouldn’t improve their sales or they might even calculate that it drives usage of iPhones and therefore good for them even though it’s bad for the users.
For the record I own both an Apple TV and an iPhone, inasmuch one can pretend to own these devices.
This makes perfect sense product wise, if I'm searching "bakery" on my mobile phone I probably want the ones around me and not the generic location-agnostic google search of it, just like I would if I was searching on map. Matter of fact, this is actually something I do a couple times a month, search then clic the maps tab to see localized results then from them click the website result to find their webpage.
As a techie I hate any direct change to the user-agnostic absolute search, but as a user I get it.
> if I'm searching "bakery" on my mobile phone I probably want the ones around me
And yet for me, even in google maps on my iphone, when I search for bakery, the first one is almost always one that's ~40 miles away, and the closest one is almost always the second in the list. The rest of the list is definitely not sorted descending by distance. If I've searched for a _particular_ ABC bakery, I get other bakeries commingled in the list even if I know damn well there are other ABC bakeries closer than those.
This behavior works exactly the way you would expect in Apple Maps. A search for a bakery returns relevant nearby results.
The fact that Google doesn’t see the blatantly obvious problem, or that they try to argue that the users are wrong is a textbook case of why Apple has been doing OK in the market downturn while Google’s business continues to crash. Apple prioritizes their core products and human interface design, Google prioritizes short-term (advertising) revenue, while neglecting their core products in favor of the latest shiny thing.
Somehow DuckDuckGo has taken this to absurd extremes. Almost any search that doesn’t get many natural hits shows branches of my local government toward the bottom of the first page of results.
What we see is likely the attempt to squeeze even more juice from advertising over which Google virtually have a monopoly. Google is trying to continue its exponential growth while relying on selling advertisements. The market had already been saturated and optimised to crazy levels. Smart thing would be to expand to other sources of revenue, but other projects inside Google fail. As they are failing to compete internally for resources against that crazily optimised source of revenue.
It is doubtful that Google can overcome that internally. Perhaps regulators should break up the monopoly in advertisement and search.
No, eg when I'm at the office, and we talk about where to go eat and I type restaurant, or I need a new stapler and I type office supply, etc ...
> Only if you're not at home?
Not really, eg "movie theater" or "flower shop" come to mind for things I would request while at home
> What if you want to find out what a bakery is?
I would type what is a bakery or define bakery ?
I'm a long time tech user, I miss the days of keyword centric search as I felt I could more easily communicate to the search engine what I wanted, but let's be honest those days have passed, most people type sentence and thus the engine interpret sentences
Not in my country - unless your ISP is in the business of selling customer PII to advertisers (coughvirgincough) your IP geolocation will often be a completely different city.
Of course, personally if I wanted to search for nearby bakeries on my phone I'd have just opened the google maps app....
Coming from the CDN land this isnt true. We didnt put too much effort in to precision, but on the order of 99% of IP addresses get down to metro area. Cheap commerical providers like Maxmind get to the right postcode on the order of 90-95% of the time. Building your own latency and peering maps bridges that gap to 99% or better. Simply based on network topology and latency we should be able to get you down to post code or general area of a city.
Google is my ISP. My geolocated IP is accurate within a 15 mile radius. It doesn't matter if I have location services turned off or I'm using my desktop, searching "bakeries near me" finds them without issue.
I suspect that isn't all just one big coincidence.
Google has what 3 or 4 cities where they operate as an ISP, each with a pretty small footprint. It's no surprise anyone knows where you are.
A cable or telephone company has generalized coverage measured in states; some of them organize their network and customer IPs by small geographies, but sometimes all of southern california is in a single pool of IPs.
"Achievable" is quite charitable from my experience. With the previous ISP I would get located in a city some 2000kms away, sometimes the scam ads would detect my location as null.
funny how that works. I never ever allow location access to anything Google or any website for that matter, and have a muscle memory to hit deny when the browser prompts me. The other day I was searching something and then clicking my bookmarked Google News and suddenly all news were UK specific, and my search results fro "heatpumps" were are UK companies and products.. I was confused until I noticed that my work VPN chose a UK endpoint because the NL one where I am had higher latencies.
So, Google heavily tailors the results based on where it thinks you're at.
Also, I was delighted to know that inspire all the tracking Google probably does on me, it was easily fooled to think I was in the UK :-)
It gets really annoying when you are trying to search for some specific term in English and google keep guessing that you wanted something that sounds similar in your native tongue.
I have links to google.com/maps in my IRC logs dating back from June 2014, so this absolutely tracks.
I actually remember google.com/maps being launched at IO in 2014 -- the presentation had a broken link in it for the new version of Maps, and a few of us DoS SRE watching the livestream were able to hack together a config change in a few minutes to fix it without waiting for a urlmap push :)
> It's also possible that someone is trying to increase the percentage of searches that have location information, that doesn't seem terribly far-fetched either, and I can imagine lots of ways people could try to rationalize it as actually benefiting users.
Could you speak more to how this kind of thing figuratively plays out? With privacy on most of our (tech-focused) minds, I’m mostly curious how openly an initiative like this is/would be carried out. Would you imagine it as a buried lede or as a very transparent, explicit OKR?
It's easy to rationalize it as benefiting the users, so I'd imagine it's an explicit OKR, maybe even a few levels up in the org.
Like, one thing I've wanted on occasion is the ability to search for brick and mortar stores in a given radius who have the thing I want -- either because I want to physically inspect it before committing to a purchase or because for whatever reason the time/cost of shipping wouldn't be practical.
That sort of query is hard for Google to serve right now though for reasons including the lack of relevant location information in both the search results and the queries whose user behavior would help drive relevance rankings for those location-specific results.
Location information is a bit of a double-edged sword too though, even ignoring privacy concerns. I have to spoof my location and change my search language to get some results because of aggressive filtering happening behind the scenes. If a given query doesn't match Google's current understanding of the user then the right results existing in the corpus often won't imply that the user is able to find them with _any_ search operators.
With the document policy changes over the last 5 years, most decisions are now very opaque. Google TTLs everything except Docs and code history & reviews, at this point: emails, chats, bug reports, ...
There's probably a tech debt focused OKR for this work, but some other teams probably has OKRs that indirectly benefit from the data, and they're probably providing staffing support, tied to the tech debt OKR. OKRs are for telling people why you're great, if you're at the bottom of the pyramid, and for giving the rank-and-file some direction, if you're at the top. The top level OKRs are usually very precise and very vague at the same time.
So there's probably an OKR in search to improve the quality of the location signals. It can be vague on how. Plus, having more and better data filters into your downstream systems, so even without an OKR for the data you know it will make your models more powerful.
I remember the spiffy demo where the thumbnail in search results morphed into the full Maps UI without reloading.
But unification had started even earlier than that. Pretty much since Larry became CEO again, he pushed this mantra of "One Google", which brought the infamous Kennedy redesign across all services, as well as more of them available under the google.com host (e.g. maps as discussed here, but also flights and more). One of the ideas behind the latter was that you had to log into your Google account just once, which gradually made it all the way to YouTube(!). I vaguely recall other factors, such as compensating for the increased latency from going HTTPS everywhere, but also discussions about securing and hardening cookies.
As far as I know, google.com/maps has been around the entire time, but perhaps now it might be simply the canonical URL in a larger number of cases.
Funny, because there is a crummy form of Google maps present into he SERP, and it behaves completely differently from actual Google maps. It constantly annoys me, usually when searching for a business, that something that looks exactly like google maps, in Google, doesn't behave the same as google maps.
100%! I always ascribe it to some PM somewhere, but when I click on the "search maps" I would _love_ to be taken to the "real Google Maps".
The search maps is just a terrible experience, half implemented, doesn't do what I want, even down to little things.
My hack is to pick directions, which will get me to Google Maps, then cancel directions, this loses all state, but you're still in the location you want and can usually then just click the business you were looking for.
This reminds me of how Google integrated Maps into Calendar as a sidebar a while ago, a move that I absolutely hated. And instead of providing a preference setting to disable it, you have to “hide” the sidebar in a non-intuitive way [0]. I had to search to figure it out.
This is a fantastic example of motivated reasoning. This "change" (which apparently isn't even new) can have so many different reasons, some of which are less harmful and some of which are probably worse (privacy-wise) than the one mentioned here. There is no indication that re/mis-using permissions is specifically what they wanted to do here, there is also no example of them doing it right now. Don't get me wrong, there is also no evidence that this isn't the real reason and that they wouldn't do that in the future. But the blog post basically list a single symptom and jumps right to the one conclusion that fits what the author expects.
1. The change does exist (although it apparently has been live for quite some time in some regions at least)
2. The change does have the effect of Google gaining more permissions (and subsequently more data) than previously
3. The author assumes that (2) is the (main) reason why (1) was done in the first place
Regardless of whether (3) is correct or completely wrong - and regardless of whether the author truly believes (3), or only uses it as a rhetorical trick to increase the controversy (and therefore the reach) of their post - both (1) and (2) remain fact.
And (2) is the actual problem here - regardless of whether it was done intentionally by Google or not.
As for (3) - there's no proof either way, as you already said.
But collecting more of that data which their marketing business makes it's profits from, is likely to have a positive effect on their bottom line.
And since the change already has been live for a while in some regions, it seems likely that Google is well aware of how much impact this change has on their revenue.
You decide for yourself if money is or isn't the reason why a big corporation like Google would do something like that.
> The change does have the effect of Google gaining more permissions (and subsequently more data)
There's a huge logic gap here. Obtaining more permissions doesn't at all imply obtaining more data when it's caused by an incidental change. Maybe the permissions aren't being used outside of the Maps context, or maybe it doesn't matter because the data was already be known.
It’s true that we can’t really know whether Google is exploiting these expanded permissions to collect more data unless we have some insider information.
However, it’s generally very easy to predict what a company is going to do by observing their business model and incentive structure. In Google’s case, collecting as much data as possible is a major part of their business, so without more information, there’s no good reason to assume they won’t do it.
> It’s true that we can’t really know whether Google is exploiting these expanded permissions to collect more data unless we have some insider information.
You could track usage and see what pages on google.com are accessing these APIs.
I doubt that it's a lot. Google already has fairly good geo-localization based on IP, GPS-level accuracy isn't necessary for ads. They could've already connected your data from maps.google.com to www.google.com, because both are using consent.google.com and you're getting a .google.com unique cookie.
This is mostly just outrage because people don't understand how things work.
It may not be the only reason, but you’re being too generous if you don’t think this was at least one of the reasons they did it.
Other than some abstract “branding” campaign, I cannot really see many other reasons why they would be doing this.
And as someone who worked in adtech in the past, it was very well known that Google used their domain as their tracking cookie domain as it’s nearly impossible for adblockers to just block without crippling other functionality. So they even have a history of using precisely these types of techniques.
> but you’re being too generous if you don’t think this was at least one of the reasons they did it
If you consider it absolutely unthinkable that it was not one of the reasons, it's you who is being too generous. Unconsidered side effects occur plentiful and all the time.
This is cute, but 100% no. In this case, those involved in the decision were aware of the privacy implications. Whether this was discussed openly, or whether the change was made 'pass-the-buck' style, it doesn't really matter. The association of privacy settings with domains is a well-established basic function in the browser.
> If you consider it absolutely unthinkable that it was not one of the reasons, it's you who is being too generous.
The person you are replying to didn't use the word "unthinkable" or even imply it.
I think you are being either incredibly naive or disingenuous if you believe an adtech giant like google doesn't factor changes to data gathering into every single decision they make.
My default mode is to trust everyone until they break my trust. Now that I am old, I have realized that trusting everyone by default is not a good idea, especially big tech.
In cases like this, I think it is better to assume malice, even if we are proved wrong later. This is not our fault, this is big tech screwing with us repeatedly for years, with no shame or conscience
Exactly. If you trust people you will often be rewarded by friendship and future help. If you trust cooportations they just exploit that to maximize shareholder profit with no value to me.
Perhaps you mean persons deserve the benefit of the doubt? People seems to be the root problem.
I expect there is no difference between an individual and a corporation operated by a sole individual. If one is trustworthy, they will remain equally trustworthy if they happen to have a stock certificate in hand. The corporation isn't able to act autonomously. It acts with equivalency to the person it is represented by.
Large corporations, involving people, is where communication breaks down, which leads to unintended consequences that wouldn't necessarily be realized if an individual was acting alone. When you have people there are bound to be competing interests created in the confusion and it is not always a straightforward answer who is best to honour. Even where intentions are pure humans are bound to make mistakes in their choosing.
I think the question is whether a effective feedback loop exists.
If a local dealer does something bad they quickly receive corresponding response.
A big corp is detached and anonymous. As long as there is no broad boycott there are rare cases where response really reaches them.
If a big corp has a sales force the sales force is responsive to feedback, however the corp then quickly turns anonymous to them and whatever they put in the system doesn't reach the right places ...
Even if it's entirely innocuous at present, that's still little better. It would signal modern-day Google engineers lack the nuanced understanding and user-first deliberation of their predecessors.
Given the breadth of services the company provides, a user ought to be able to restrict the permission to the scope of the maps tool.
bro, data is money and those corporates extract as much as they can. don't try to reason that google would not be interested in exactly that. one does not have to find a specific evidence for exactly this scenario in my opinion. this evidence likely might never emerge, while the spying definitely will happen. otherwise you would need to come up with a huge scenario where they actually farm a ton of benefits by doing this change, because a move like that you don't "just do for a better experience".
> But the blog post basically list a single symptom and jumps right to the one conclusion that fits what the author expects.
That conclusion isn't wrong though. Your comment basically claims author is twisting facts but the conclusion remains that giving google.com/maps permission to geotrack does give google.com permission to geotrack.
"Pinky swear I won't enforce that clause" is not reassurance enough.
The real reason or intention isn't that important, compared to the outcomes of the change. The author correctly evaluated one of those outcomes and the respective implications.
Given Google's track record, I think it is a sensible evaluation of the situation.
When companies like Google are involved, I believe the Hanlon's Razor works in reverse. I.e. never attribute to stupidity that which is adequately explained by malice.
I will accept motivated reasoning when in a friendly setting but big tech is not my friend. Their only and only purpose is to extract as much value (data or money) from me as possible.
Looking at Heartbleed and other famous security we should know that minor mistakes "disguised" as "typos" can have devastating effects.
The change may have happened for any of many reasons. Regardless of which reason was the motivator, it's clear impact is reducing user privacy. When talking about a tracking/advertising company, so it's kinda natural to assume that this was kept in mind.
Recently I have been trying to recover my gmail account. Besides sending verification code to my phone number, it also sent a code to YouTube app, high on the list. I have lost access to my google account, so I cannot open my YouTube. So it sent a verification code to the exact gmail address I am trying to recover. The whole process is unreal. This YouTube verification thing is definitely new, I don't know the motivation behind it, it couldn't even detect if my YouTube App was activate or not (or maybe it knows I wasn't using YouTube, maybe it is encouraging me to log in YouTube or open YouTube. Either way, I am not impressed.
Meta: my answer here is probably also a good example of motivated reasoning because I likely read a bit more into what the author wrote than is factually in the blog post. Oh boy.
I think my critique is somewhat correct in that you seem to suggest that this change was made to allow for expanding the permissions from one product to all products, which I don't think one can derive from the things we know.
I think I was somewhat wrong in that I may have suggested that you said this was the only reason (which you didn't explicitly) and also in that I dismissed that they factually can use these permissions from other products now, i.e., no matter whether it was intended or not, the permissions set for other products is broader now.
> [...] though I'm sure they're just beginning to transfer their services to the main google.com domain.
This and the wording across the article imply more than the factual changes. But granted, hooby's comment above is probably more correct than what I wrote.
Are people really surprised when they hand their location off to a domain that any other part of the domain might have access to it? Like, taking away the technical specifics of how location allows actually works, you’ve given the data to the _company_. At the very least, they throw it on an internal service and allow other parts of the company’s infra to grab it.
The only conclusion this article made is that google now has the permission to-do so, and this is 100% correct - motivated or not. Although, given you overly defensive response makes me suspect you have more insight than we do..
I disagree on the former, but I agree on the later, technology is not a good substitute for consent.
Regarding the privacy:
If you are using a VPN to protect your privacy, then you are effectively transferring your trust from your ISP to your VPN provider. The VPN provider is your new ISP. So you have to make sure you trust the VPN provider more than your ISP.
I don't use VPN when I'm on my home ISP but I do when I'm someplace where I don't control the gateway. My VPN is on a vultr VPS I control (in as much as I can control a VPS), and I do trust vultr (or digitalocean or any of the major VPS providers) more than I trust, let's say, the person who set up the wifi at the holiday inn.
If only there was a drop in replacement for Google Workspace… even if you use Fastmail for email you don’t have Google docs anymore and that’s a huge piece…
I believe that's only if the GA account is connected to an Ads account (or set up to collect demographics, I think). By itself, GA will only use https://www.google-analytics.com/j/collect (or /g/collect for GA4).
google.com/maps would result in a DNS request for google.com so anyone monitoring DNS would know they are connecting to a google service but wouldn't know which one.
maps.google.com would result in a DNS request that show they are connecting to maps.google.com and could presume they want some maps.
DoH (and ESNI on the server side) would fix it, but iirc Chrome (the most used browser) doesn't use DoH by default.
My point about Chrome is not that it can’t do DoH but by default it doesn’t so relies on the system settings which for the vast majority of users (not us geeks who explicitly opt in) never change and use ISP supplied values so DNS snooping is still a thing for the majority.
Should a browser override system settings? That’s another question, because doing so can impact other things for the avg Joe. For example my mobile providers self serve website plays up when I use custom DNS, free hotspots with captive portals also can be an issue when you override the DNS provided by the access point.
I understand your point, but anyway, no app, no browser should ever think that "it knows better" and attempt to fix what it considers incorrect. It may think that it protects the user, but in reality, it will break what the user configured. Private DNS zones are common, and if the browser ignores user configured DNS, they will break. And as I wrote elsewhere, just because the machine is configured to use 53/udp for a resolver, it doesn't mean that the resolver is forwarding over 53/udp too.
If you want to solve unsafe defaults, this is not the way. Pushing for configuring safe defaults is.
If a general purpose browser can empower hundreds of millions or even billions of regular users with better privacy (and ultimately, security) by making a change that might disrupt a small handful of power users who manually configure this stuff, I say the browser should go for it. The power users are the very people who can, without much effort at all, reconfigure their stuff, or easily find a special purposed browser, so they'll be just fine.
Spock was right, logic clearly dictates that the needs of the many outweigh the needs of the few.
The problem I fear is the needs of the few who are not technology minded, don't want their browser (or in their eyes their internet connection) to stop working because their ISP issued router uses a DNS based captive portal to onboard people (I've seen this used by atleast one major ISP in the UK to on-board devices onto their per-device content filtering system - BT, however I think they rolled back on that after it was caused issues with IOT devices).
However I believe (not read the docs in a while) FireFox works around this by falling back to DNS if an issue with DoH is detected.
EDIT: However I'm still on the fence if it should be a browser decision. Yes browsers move more quickly then OS & ISP changes and can make things better for the masses quickly, but i'm also wary of those changes screwing up the avg person, the people like my mother who can just about order things online via her ipad but thats about it, if she accidentally lowers the screen brightness of her ipad I soon get a call about it. Its for those kind of people I don't like the idea of a browser messing around with a connection in unknown network conditions.
> If a general purpose browser can empower hundreds of millions or even billions of regular users with better privacy
This statement makes a huge assumption, that the DoH provider is more trustworthy than your existing DNS provider. Personally, I trust my ISP (Small, locally owned) with my query history than I trust Google (Massive, exploitative advertising company). The fact that Google is automatically turning this on to scoop up DNS information without users consent should be illegal.
…, I get the "wrong" IP for anything hosted by Akamai (i.e. an IP address that corresponds to a part of their CDN which has abysmal peering with my ISP and is completely unusable in the evening)
Even if you are using DoT, the DNS provider will still know you're using Maps if it resolved the subdomain, and the DNS provider itself might well be the biggest privacy threat here.
> DoH (and ESNI on the server side) would fix it, but iirc Chrome (the most used browser) doesn't use DoH by default.
It would fix it for some specific circumstances. Since maps.google.com resolves differently than www.google.com, you can ignore DNS and just look at TCP connections to tell what service is being talked to.
Granted that Google is basically the exception here. But when I query the IP's for maps.google.com I get 142.250.179.238 and when I query google.com I get 142.250.200.14
If make a http get request to 142.250.179.238/ (the maps IP) but with the host header set to "www.google.com" I get the search page returned to me. If I make a http get request to 142.250.200.14/maps I get google maps.
OK. /maps might be a bad example because well google.com/maps is already a thing :-p
So if I make a request to 142.250.179.238 with the host youtube.com I get youtube. This is because most of googles public facing servers can act as the front door for many other google services not just the service that its dns is set to.
Not really sure it it comes under "domain fronting" because isn't that tactic many used to bypass censorship, pretend your connecting to one CloudFront customer when really wish to connect to another. Where google explictly configured their services to do this so they can easily load balance as demand and network conditions allow. Anyways I'm rambling now.
My point is, with google you can't rely on the ip address alone to determine the service (however it still wouldn't stop you peeking into connection and pulling out the host header unless ESNI was used) but as I said at the start, Google is more the exception here.
> iirc Chrome (the most used browser) doesn't use DoH by default.
Last I checked, Linux was behind other platforms because there’s a lot of complex custom dns configuration that chrome (understandably) didn’t want to be accused of overriding/ignoring, but which isn’t all easily visible to the browser
Which is the correct behavior; if the user wants to configure his computer to DoT/DoH, system resolver is the correct place and Chrome has to respect it.
Even if the computer is using 53/udp to the configured local resolver in the local network, it doesn't mean that the resolver itself is using 53/udp. Many of them can forward queries using DoT/DoH/IPoAC and the app on the users computer will be none the wiser.
As others have noticed, this is not a new move. For the past several years I've been accessing Google Maps simply by typing in maps.google.com and it has always redirected me to google.com/maps.
Even more confusing and a regular cause of annoyance for me that's been ongoing for a while now is there's like a knockoff version of Google Maps built into Google search that it'll kick you into if you click a map from search results. e.g. you type "gyms near me" and it shows you a map in the search results, and you click it to expand. It's still at the google.com/search domain and while you can zoom and pan around, there doesn't seem to be a way to arbitrarily jump into street view wherever you want, which I frequently want to do.
I'm constantly ending up in this view, fighting with it before remembering I need to go to real Google Maps and do my search again.
Same. It's so annoying and I feel like they do not always include the relevant info like the URL in that mode. Though looking now I did not find examples of that.
Funny, for me it’s the opposite. I always try to use the web view, and there’s an annoying pop up that redirects me to download Google maps. When I switch back into the web browser to go back to the web view, it auto redirects me to the app download again. Super annoying.
Yeah, but do you want to bet that during the management call and the subsequent engineering call that made this decision, the main topic of discussion was the direct financial benefit from improved tracking?
We'll never know, but if we could find out, say 1 year from now, I'd bet 100:1 that was the main driver.
The 2 things aren't mutually exclusive. Because it reduces complexity you will likely see a financial benefit from the cost of the engineering team alone. Having managed an infrastructure with a ton of subdomains I can say that it's almost certainly in their best interest to standardize the domain across all tools at least for engineering. Your data is just an added bonus :)
I actually find that somewhat reassuring, similarly to a Google employee criticising the security practices of a Google-operated certificate authority in public[1]: it demonstrates that the team responsible for instituting security policies in the interest of users still has some autonomy.
thought they have moved mail.google.com to google.com/mail a while ago. Tracking would still be possible over 2 domain, but then google would have to do a bit of ETL operations. Guess this will save some more engineering.
Genuine question. Is it reasonable as a user to expect data collected by Google via maps.google.com to not be shared with other Google applications e.g. mail.google.com?
I'd have thought data collected on any of their domains would be meshed/merged behind the scenes where it suits them to do so?
I think the concern is less about other Google businesses having access to maps data as you suggest.
It’s more about the fact that using non map Google services on google.com will not prompt asking for location service permissions, if they’ve been granted when prompted on google.com/maps already.
Users may not want location to be collected for searches, but are okay with the privacy tradeoff for it being collected when using maps.
I think the concern is more about when Google is able to collect said data, not whether it's shared or not.
I don't have location enabled for Google maps in the browser, but if I did, then presumably Google could collect that data also when I'm just searching for a website.
No, what they are talking about is all Google properties (eg Google search) now being able to collect your location every time you use them, if you granted permission for maps to get your location.
So it’s now not possible to block location for search, and grant it to maps (at least using the standard browser domain permissions model).
But they could've been doing that all along because they control both sites, they would've just needed to use an iFrame. What changed beyond "it's a little easier now"?
Is that how browser permissions work? Naively I’d assume the browser grants only search.google.com permissions on that url, even if maps.google.com is opened as an iframe.
It's been ages since I've played with iframes, but I'm pretty sure it does (or at least did?). You might have to specify an allow policy [0] but that's no problem if you control both sides. Since iframes are secure, data wouldn't leak unless the iframe explicitly posts it.
I don't know if you can request permissions from the iframe (might confuse people), but if you already have them, it ought to be fine.
Thanks for the docs. The examples (2 & 3, https://github.com/w3c/webappsec-permissions-policy/blob/mai...) seem to me to say that search.google.com can’t grant location permissions to an iframe if the parent was forbidden them, but I didn't find an explicit example for what happens if the iframe domain already got permission previously.
As you say the UI for requesting in this case would be weird, and this seems like a big security hole to me, but I can’t see a bit of the spec that explicitly forbids (though I only scanned the doc.)
They can already join your activity across everything. This is about access and collection. So if they move store.google.com to google.com/store, they will have access to all browser permissions you gave google.com/maps or google.com/flights.
I'm ok with sharing my location with maps (and therefore google) WHILE USING MAPS.
Not when I'm reading my emails, or searching for something on the web.
It could be tricky with permissions on different users: for instance you authorize google.com/maps to track your location while logged as user A.
You logout and switch to user B to look at another Google service, but google.com is still allowed to get your location, and will stick it to user B, which is something you might not have wanted. This didn't happen with the previous domains, so could be a surprise.
Oh having though about it I agree, I just think we're probably a minority.
As others have pointed out the line has been blurred between search and maps so far that maps has search embedded, and search has maps embedded. A lot users of Google search likely expect results to be location aware without realising what privacy has been eroded to enable that.
Applications are not juridical entities, so at the absolute best it is debatable.
Most probable version is that they share as much data as their internal regulations say, or a bit more. They definitely have some form of internal regs on this, for basic security hygiene, but they write it.
FWIW, there's an EU regulation coming that prevents companies from using data necessary for a product (like maps) to be used to improve a different product (like search).
I'd be interested to find out whether this works as intended. There's a good argument that maps is a subset of search. Most people don't open Google maps just to look at a map, they search the map for a place.
IIUC, maps would send your location to search if-and-only-if you make a search from inside maps, since that is necessary to do the precise location-based search.
I suspect this may more be to do with large organisations (and equally foreign governments) wanting to block Google translate, since it can be used as a proxy in some cases.
It's a very strange move indeed. maps.google.com implies an application lives there, far better than being on the root domain.
It also means that when you start typing maps.google, you'd get all your history searchable related to maps, although arguably that's useless.
I can't think of a reason why this would be a good technical move for Google (ignoring the don't do evil thingie), other than simplifying... certificates? Less lines in the firewall config... I'm stretching here, help me understand.
Other things: slightly simpler external DNS surface, probably tiny speed improvements because users only need to have the IP of www.google.com, not one for maps, one for www, one for whateverelse.
More possibility for connection re-use, as you'd only need to have a connection open for www.google.com, not one for each service.
And security wise: ISPs can now only see that you're accessing something at google, but not which service exactly. If they also bring in accounts.google.com into the fold, that would make it harder to see whether you have an account or not.
True. I’m sure being a beyondcorp company they can’t figure out how to add dns entries. Those google guys really should learn more about the internet and it’s technologies.
I don’t buy the simplicity argument for a second. The infrastructure exists, has existed for many years, and is not particularly exotic in the world.
The only thing that matters to a surveillance and advertising company is surveillance and advertising. You don’t need to overthink this one.
That’s a rather simplistic take; a company that makes money by surveilling you as you use their products also must care about the quality of their products. If their products suck, fewer people will use them = fewer people to surveil = less money! So not all changes are necessarily directly in the service of surveillance.
Also, I don’t think your reply to the above comment was entirely fair; they didn’t say anything about adding DNS records, and also mentioned several other potential benefits of not using subdomains.
All changes are in the service of surveillance. If making the honey pot sweeter works then they’ll do it. If making it more pervasive and intrusive while not offending anyone away they will do it. They will do nothing that hurts the mission to mine and sell advertisements, and all actions will lead to that.
I know you mentioned other things but they’re all sort of in the same bucket of “not that hard once done” and “google can surely do that without blinking an eye”. I would posit the move away from a subdomain to a root domain is hard and complex and benefits end users not one bit. Perhaps the end state is easier on the margins, but again, I doubt given it’s been that way for so long it’s effectively any easier for engineers or operators at google in any way what so ever.
Well, other than those responsible for surveilling all the things.
As you mention there are plenty of performance reasons to run everything under a single hostname. There's also one especially vital for Maps, it loads a tonne of resources and maps are used in various other services at Google. Now that caches are being siloed down to the host level, having all the resources accessible in a same-origin cache will save bandwidth and increase performance for users.
> "It's a very strange move indeed. maps.google.com implies an application lives there, far better than being on the root domain."
How does "maps.google.com" imply an application "lives there" any more than "google.com/maps"?
Technically speaking, "google.com/maps" is far superior to "maps.google.com" (check out the rest of the comments in this thread for examples: simpler DNS configuration, simpler certificate management, CORS, cookies, etc).
google.com/maps is simpler to type on a mobile phone and more consumer friendly, I’ve always used google.com/ pattern, way easier to leverage autocomplete, type a g to autocomplete google.com then if you are looking for flights type f and in 2-3 clicks you are on google.com/flights
Yeah, but flights.google.com or translate.google gets you there even faster.
dns segments are shown backwards for a reason. it was done so that the most specific part shows up first when searching for something.
I have to admit as a data structure snob. I vaguely wish it were the other way around, sigh, as much as I hate to admit it java classes got it right. I also have to admit it does not really matter that much.
Yep. Noticed when I didn't want to enable JS on the whole of Google's domain in μBlock Origin. I switch to another browser for this task alone—especially as some regions have incomplete data for OpenStreetMap
- "Organic Maps" (a fork of the old MapsMe codebase) if you want a clean, simple user experience
- "OSMAnd" if you want a very powerful, highly customizable map application, which comes at the cost of a steeper learning curve
Both apps are open source and support navigation, offline maps and POI search.
The things I miss most compared to Google Maps is live traffic information and the powerful search. However, this has a privacy cost, so I generally try to use OSM first, and only fall back to Google Maps (in the browser) if I really need to.
Lets not forget StreetComplete is a dead easy app to use to help contribute to OSM. It just asks you a few questions like "is this bench still here" or "is there a bike lane on this road" etc
Can I use this app to suggest issues? In one of my projects I found a bunch of buildings that have either the wrong direction or the wrong coordinates. Think "Random street 1, 2 and 4 are next to each other, but Random street 3 is 500m away". But since it's a city I don't live in I can't go there in person and confirm.
I use OSMand for walking and biking and it's great, much better than Google Maps in my region. Just remember to choose the right kind of traffic in the settings when starting navigation.
Organic Maps is also significantly more optimized in my experience (or maybe a more fair thing to say would be: is faster because it does less). So it pays to have both because OM is basically the "fast path" for its use case in more ways than just the interface.
The performance is good (especially on a budget Android device, better than the recent versions of Google Maps, even), they're reasonably accurate (I'm in Eastern Europe) and include navigation, traffic information, public transportation, as well as the ability to save regions for offline browsing.
I can't comment on the company behind it, though, but it's a nice alternative nonetheless (and there are simple prompts for choosing whether you want to send them any data, e.g. to enrich traffic information).
Edit: as a criticism, some Android reviews suggest that recent updates have made the app less performant than previous versions, though I didn't notice anything in particular on my current device (2020 budget phone). Some also suggest that navigation needs more work.
From where do they get traffic information? The only viable app that I've ever seen for traffic data is Waze, because of the huge install base. I do remember HERE from when they were a Nokia brand, but even with that history I think that they'd be too small to have good traffic information.
Is panning and zooming in OSMAnd not a huge pain for anyone else? The map rendering (of downloaded maps) is extremely sluggish and absolutely useless for me to use. (Even worse than the tile-based rendering of early Maps on iPhone.)
Organic and MagicEarth work fine for me. I really wonder if it is just my setup or if everyone else suffers from this. I am on a Pixel 5 with CalyxOS using the OSMAnd+ from Fdroid (but same with normal OSMAnd from Aurora)
I have the exact opposite experience with OSMAnd on Android.
The map rendering of OSMAnd is faster than Google Maps (using a 3+ year old smart phone with a low-end Realtek SoC). Like really way way faster/snappier.
My setup is a Chinese brand Android 10 with default OS (rooted)and OSMAnd+ from Fdroid.
The only possible cause I could think of is that CalyxOS is somehow missing proper video drivers for your Pixel?
It may be a bug of Android:
Newer Android versions have further locker down sd card access. The implementation is apparently super slow for stuff like what Osmand uses. Dont put the map data onto the sd card or use one of the predefined locations
Edit:
If that is not the culprit then check if OpenGL rendering is activated.
You can also deactivate unneeded features from being rendered (buildings, areas, etc). And lastly there are smaller road-only maps (no POI data and no adresses though)
Thanks for letting me know. I don't have a sd card, activated the dev plugin and enabled opengl but did not see any real improvement. I will open an issue with a screen recording on their repo now that I know it is not supposed to be this bad.
It's not just you. This comment claiming better performance than Google Maps is baffling to me. OSMand has been slow on every phone I've owned (OnePlus 2, Pixel 3a and Pixel 6a). Enabling OpenGL and restarting improves panning/zooming framerate, but tiles are generated at the same slow speed (maybe even slightly slower).
What really matters is the amount of data. In my local town I can scroll around no problem, but in a more actively mapped area like Amsterdam it takes at least couple seconds to load.
I'm a OSMand user and OSM contributor. However, sometimes I hate the routing OSMand provides, taking me through narrow streets with awkward turns. Wish they used GraphHopper...
A nice feature in OSMand is that even if you get the free version off the Play store, if you log in with OSM and are active, you get free map updates and all the "plus" functions. And on top of that, the full plus version is available off F-Droid.
By the way, OSMand has some support for reporting traffic issues (police, crashes), but it's very very limited due to low adoption way below a critical mass. Also, reporting traffic status would probably require OSMand to run a pretty beefy server and get the current speed/traffic info from all the users - many chose it exactly because they don't want that.
Maybe you know. I've been told twice that OSMand can show the altitude above sea level of a location, but I cannot for the life of me figure out how. Have you any idea?
- go to pugins section and activate the contour lines plugin
- then go to download maps and load the contour lines data for your region
- go to configure map and check the show contour lines option
I think you need the f-droid Version or the paid pro Playstore version or the subscription. Please note that this will only show marked contour lines and not interpolate/estimate the elevation for any point. So you need to search for the next line and get your own idea what that means for the specific location. Not ideal for very flat areas with sparse contour lines.
For the current position you can show GPS elevation (settings, configure screen, widgets)
On iOS, I have mine configured to show the altitude in the top right corner of the map view. The settings are admittedly confusing but if you just poke around in the map display settings you should find it!
I have Organic Maps, because I thought it would be nice to have in case of an emergency where I don't have internet, but sadly just a few weeks ago, I had such a case and Organic Maps couldn't find the address and the map itself didn't have all the roads on it (nor satelite or topology map), so I couldn't even use it as a normal map... In the end I had to resort to one archaic ways and ask local humans for directions...
Google maps does offer being able to download for offline use, but if you don't have internet it quite often doesn't want to do navigation, unless you trick it with saved directions.
How does Garmin do it (I'm guessing map licencing issue)?
I hope the author of OSMAnd makes enough money from the play store to finance continued development, because the application is amazing, it has an interface that is not dumbed down, it does not phone home to the mother ship, it gives you great tracks, in short it is a great tool that respects the end user.
I wish more applications were like it, first thing I install on my phone.
Unfortunately this is really not an option for (some) areas in the US. After having moved to a populous LA area from Germany I was baffled at the lack of detail in the maps. Basic things like building numbers are entirely missing. Even after adding more and more details I would never fully rely on OSM here sadly. And if it only works sometimes why even bother using it in the first place? At least this was my progression. From fully using OSM, I am back to Google.
The only good in-between solution is MagicEarth which supplements OSM maps with data from lord knows where. However although they claim to be privacy cautious they are quite opaque.
Also, do not fully rely on Google Maps knowing house numbers. Looks like in some areas (in UK for example) Google used some sort of OCR to find house numbers. There are houses and Wales with random house numbers that only have a house name; Numbering ends a few houses into dead-end alley where the Street View car didn't come; Or totally wrong numbers where house number sings are hard to read.
Australia went to mandatory house numbers in, I think, the 60s but my grandmother refused and gave out only her house name until she passed away in the 21st century.
Does your location have a Place ID? Google originated Place IDs for exactly this type of use case, so that people could find places like yours without an address.
A lot of the US road map was imported from TIGER (<https://en.wikipedia.org/wiki/Topologically_Integrated_Geogr...>). This is an electronic mapping system set up in the 90s by the US Government to aid in conducting the census. The TIGER data doesn’t have any address information at all, just road shapes. No information about the type of road, the number of lanes, the quality of the surface, presence of sidewalks, signals at intersections, anything. Just the paths the roads follow, and those paths are often of extremely poor quality. The resulting OSM maps are barely usable; sometimes they are not even recognizable by locals.
So OSM has decent geographical coverage of the US, but relies very heavily on individual contributors to correct the deficiencies and add useful information to the maps. The only way it will be usable for you is if others have improved it. The only way it will be usable for others is if you jump back in and do the same.
> TIGER data doesn’t have any address information at all
In the EDGE tables it does have ZIP codes and house number ranges, split into left and right side of the road. ZIP codes were imported into OpenStreetMap data. House number ranges are imported into the OpenStreetMap search into a separate database table, so searching works in a lot of areas but it's far from complete, all the issues you mentioned with roads that don't even exist etc
Not heard of MagicEarth before - looks interesting but what's missing is a "Why/how is it free" statement. They don't cover how they monetise this, what's their business model.
Makes more sense to switch to bing maps, since they have ever so slightly better satelite imagery and there's no way in hell anyone would use bing for anything else anyway.
Interesting. In my experience, OSM's level of detail in Amsterdam is much higher than Google's. Especially in bike routes, an area that Google often sucks at.
I live about 1 mile from suburbs in a town called Bingley in Yorkshire, England.
I can't trust Google maps locally (though its good for local business searches), as the mapping quality is terrible.
My village and local town have roads missing, numerous public rights of way missing (over both public and private land). Major areas of trees missing. OSM is much, much better.
I am noticing more and more how poor Google maps is for non-drivers (such as myself recently having to stop driving), such as not being able to do walking routes over local foot bridges, OSM with OSRM or Grasshopper is fine:
Sorry, I don't know. I used the OSM website for the purpose of this comparison.
I use the Magic Earth app on my phone, which has proprietary route planning (using open street maps).
While I like OSM for some use cases, and have contributed, it can not work as a replacement for google maps for every day use. My biggest problem is the search - absolutely unusable.
Technical nit: OSM as such does not have "a search". Geocoding (as it's known) is a separate component and if you dislike the one used by the openstreetmap.org there are other services that render OpenStreetMap data for you – perhaps with a better search!
Here's a question for someone who understands cross-site cookies (which isn't me): Why does www.google.com/maps 's site permissions show https://www.openstreetmap.org/ as one of the sites 'that can use cross-site cookies and site data'?
I found OsmAnd absolutely essential in my extensive off-road travels in Central America and Spain, paid to support it via Google Play, but i could not for the hell of it figure out how to submit photos and places. It forced me to create a separate account and then always gave me errors when i tried to submit
The separate account is needed for openstreetmap uploads/notes/corrections. You can add places on osm.org also or retry with the osm account using Osmand.
I have what i think is a separate account. Could you link a GitHub where i can create an issue and upload error screenshots? Even if it's not a bug but a feature, it should still be useful, because this flow is very confusing.
osm and wikipedia are proof that an alternative, more desirable, digital universe is not utopically distant but begging to be born. imagine if the world would somehow muster to dedicate something more than token support to such projects / designs
prediction: osm will eventually surpass wikipedia as the most successful crowdsourced effort because the more objective and simple nature of its data allows dramatic scaling. if even 1% of the billions of the world's roaming mobile devices get into the habbit of augmenting the osm database (e.g. using streamlined UI's like streetcomplete or yet to be build apps) the disruption will be on its way
Would you bet money on that? Google Maps is pretty entrenched. A competing 2.4 trillion dollar company that preinstalled their app on the most popular phone in the US couldn't dethrone Google Maps.
The problem is you loose a certain percentage of businesses and also user recommendations (no real alternative there). There is no real incentive for businesses to make yourself visible on OSM (probably many don't even know it exists).
Really depends, it can be much better than Google depending on country/region. Google Maps is not in every country good. Definitely better for any kind of outdoor activity like hiking, bicycle, ski etc. and offline usage.
In any case, though, my understanding is that the technical capacity for this has existed for nearly 10 years now, just behind a configuration setting. So it's possible that this change is just a code cleanup. It's also possible that someone is trying to increase the percentage of searches that have location information, that doesn't seem terribly far-fetched either, and I can imagine lots of ways people could try to rationalize it as actually benefiting users. (Whether it actually does benefit users is of course debatable.)