The article seems to go directly from “this piece of software talks to all the sensors and isn’t well sandboxed” to “Google has directed this software to profile and surveil users” without actually providing evidence to support that leap. Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user’s privacy?
If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills, because those sorts of scandals are important arguments for increased privacy protections. But we need to actually find that mismanagement occurring, not just assume it must be because Google wrote the code and it isn’t open source.
Why would you ever give the benefit of the doubt to the largest ad company to ever exist whose entire existence and history depends on tracking user data. They literally just had too settle a lawsuit for tracking users when they said they wouldn’t in incognito mode.
There are plenty of little hints in Android that they want to enable tracking (eg. Bluetooth and exact location permissions being linked despite there being no real need to). Y’all need Graphene yesterday. And we all need a new total alternative since Apple is quickly chomping at the bit for ad income.
It’s not that I want to give them the benefit of the doubt, it’s that the article neglects to bring in that whole thread of the argument that you give here. This should all be in the article.
Part of the problem with this stuff is that the corporations using it are very hush-hush about what exactly they use it for. The privacy policy just lists what they may collect (everything) and what they may use it for (anything).
Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge
Yes they track your phone’s location and movement constantly, but it’s not a secret.
For an example of the evidence you seek… Google SensorVault location data was how they identified and convicted the January 6 terrorists. You might argue that complying with warrants isn’t misuse of the data, but I’d argue that both the data itself, and the level of precision and detail, shouldn’t be captured and logged in the first place. And I’m fairly sure that most google customers have no idea how pervasive and extensive the tracking is.
The SensorVault data is “just” the Google Maps Timeline data though, right? Which people have always been able to turn on and off, if they knew about it.
I feel like Google not really respecting a concept of user consent and pretending people agree to poorly-publicized and often-modified tracking programs is a different, and, frankly, weirder, privacy problem than there being closed source stuff running with high permissions. If you could revoke permissions from Play Services, or if it was source available or even free software, that wouldn’t solve the problem because it would still be able to do stuff Google had manufactured consent for it to do.
When you open the maps indoor you get immedieate location. This is not from GPS but from Wifi and cell tower data. This is only possible because your phone constatly transmits your location and network data. You can also call it surveilance because its 24/7 logging and processing of your location data.
does not happen to me, probably because i keep mobile data off and in the developer settings there is a keep mobile data always option that is enabled by default, for “fast network switching”, I disable it and beyond that I disable google playservices and all google related or adjacent apps that cant be uninstalled from my oem rom
If you don’t collect the data in the first place, there’s nothing to mismanage.
Rather than users having to prove that Google is mismanaging OUR data, Google should prove it has a need to collect, aggregate, and sell access to that data beyond surveillance capitalism.
The default option should be that only fully anonymized data that is essential to device functions should be collected, and this should be validated through an independent audit. Everything else should be opt-in.
But they aren’t even showing collection of data in the article. For the data to be collected, it needs to leave the phone, not just be touched by Play Services.
Play Services does collect data it shouldn’t collect, by sending it back to Google. But the difference between “I am collecting your data” and “I wrote software you are running” is important and needs defending, because obscuring it is one way that independent developers are prevented from publishing and marketing actually-privacy-preserving software. If I am deemed to have “collected” your personal data every time you type it into a text editor I wrote, I can no longer distinguish my local-only encrypted text editor from Google’s one that stores all your data unencrypted on their cloud. We both have to say we “collect” your data, and nobody non-technical can tell the difference.
Play Services does collect data it shouldn’t collect, by sending it back to Google.
Right. And my argument is that this shouldn’t happen without users opting in.
But the difference between “I am collecting your data” and “I wrote software you are running” is important and needs defending,
I don’t disagree. Not am I arguing the content of the article. I just disagree with your notion that we have to prove negligence or malfeasance to deserve privacy.
Your original post placed the burden on users to prove that Google mismanages the data they collect. That’s not how this should work. I should own that data, just as I own the text I write with a text editor. I shouldn’t have to prove that Google is mismanaging it in order to keep that data private. I shouldn’t need any other reason than “it’s my data and I don’t want to share it beyond what is necessary for this technology to operate.”
I don’t think the burden should be on users, but I do think some of the burden should be on the press. If the press just assumes Google is up to no good and never does the investigative reporting needed to show it, we will miss out on having very politically useful evidence.
Yeah, journalistic integrity is important, and they shouldn’t slander Google, due diligence and what not.
But there wouldn’t even be a need for an article or any investigation if Google and other tech companies weren’t treating user data as something they have a god given right to.
That’s my point. It doesn’t matter what Google does or doesn’t do with the data. They shouldn’t collect it unless I tell them they can. It’s MY data. It’s MY right to keep it private or destroy it as I please. That’s the baseline all tech companies should adhere to.
The article seems to go directly from “this piece of software talks to all the sensors and isn’t well sandboxed” to “Google has directed this software to profile and surveil users” without actually providing evidence to support that leap. Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user’s privacy?
If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills, because those sorts of scandals are important arguments for increased privacy protections. But we need to actually find that mismanagement occurring, not just assume it must be because Google wrote the code and it isn’t open source.
Why would you ever give the benefit of the doubt to the largest ad company to ever exist whose entire existence and history depends on tracking user data. They literally just had too settle a lawsuit for tracking users when they said they wouldn’t in incognito mode.
There are plenty of little hints in Android that they want to enable tracking (eg. Bluetooth and exact location permissions being linked despite there being no real need to). Y’all need Graphene yesterday. And we all need a new total alternative since Apple is quickly chomping at the bit for ad income.
This right here.
Don’t be intentionally naive.
It’s not that I want to give them the benefit of the doubt, it’s that the article neglects to bring in that whole thread of the argument that you give here. This should all be in the article.
Part of the problem with this stuff is that the corporations using it are very hush-hush about what exactly they use it for. The privacy policy just lists what they may collect (everything) and what they may use it for (anything).
Yes they track your phone’s location and movement constantly, but it’s not a secret.
For an example of the evidence you seek… Google SensorVault location data was how they identified and convicted the January 6 terrorists. You might argue that complying with warrants isn’t misuse of the data, but I’d argue that both the data itself, and the level of precision and detail, shouldn’t be captured and logged in the first place. And I’m fairly sure that most google customers have no idea how pervasive and extensive the tracking is.
The SensorVault data is “just” the Google Maps Timeline data though, right? Which people have always been able to turn on and off, if they knew about it.
I feel like Google not really respecting a concept of user consent and pretending people agree to poorly-publicized and often-modified tracking programs is a different, and, frankly, weirder, privacy problem than there being closed source stuff running with high permissions. If you could revoke permissions from Play Services, or if it was source available or even free software, that wouldn’t solve the problem because it would still be able to do stuff Google had manufactured consent for it to do.
When you open the maps indoor you get immedieate location. This is not from GPS but from Wifi and cell tower data. This is only possible because your phone constatly transmits your location and network data. You can also call it surveilance because its 24/7 logging and processing of your location data.
Do you mean “transmits” as in “from the location service on the phone to the mapping app on the phone”?
Or do you mean the phones are all updating the wifi SSID geolocation database, which they then all can use for doing wifi-based geolocation?
yes the SSID database
does not happen to me, probably because i keep mobile data off and in the developer settings there is a keep mobile data always option that is enabled by default, for “fast network switching”, I disable it and beyond that I disable google playservices and all google related or adjacent apps that cant be uninstalled from my oem rom
If you don’t collect the data in the first place, there’s nothing to mismanage.
Rather than users having to prove that Google is mismanaging OUR data, Google should prove it has a need to collect, aggregate, and sell access to that data beyond surveillance capitalism.
The default option should be that only fully anonymized data that is essential to device functions should be collected, and this should be validated through an independent audit. Everything else should be opt-in.
But they aren’t even showing collection of data in the article. For the data to be collected, it needs to leave the phone, not just be touched by Play Services.
Play Services does collect data it shouldn’t collect, by sending it back to Google. But the difference between “I am collecting your data” and “I wrote software you are running” is important and needs defending, because obscuring it is one way that independent developers are prevented from publishing and marketing actually-privacy-preserving software. If I am deemed to have “collected” your personal data every time you type it into a text editor I wrote, I can no longer distinguish my local-only encrypted text editor from Google’s one that stores all your data unencrypted on their cloud. We both have to say we “collect” your data, and nobody non-technical can tell the difference.
Right. And my argument is that this shouldn’t happen without users opting in.
I don’t disagree. Not am I arguing the content of the article. I just disagree with your notion that we have to prove negligence or malfeasance to deserve privacy.
Your original post placed the burden on users to prove that Google mismanages the data they collect. That’s not how this should work. I should own that data, just as I own the text I write with a text editor. I shouldn’t have to prove that Google is mismanaging it in order to keep that data private. I shouldn’t need any other reason than “it’s my data and I don’t want to share it beyond what is necessary for this technology to operate.”
I don’t think the burden should be on users, but I do think some of the burden should be on the press. If the press just assumes Google is up to no good and never does the investigative reporting needed to show it, we will miss out on having very politically useful evidence.
Yeah, journalistic integrity is important, and they shouldn’t slander Google, due diligence and what not.
But there wouldn’t even be a need for an article or any investigation if Google and other tech companies weren’t treating user data as something they have a god given right to.
That’s my point. It doesn’t matter what Google does or doesn’t do with the data. They shouldn’t collect it unless I tell them they can. It’s MY data. It’s MY right to keep it private or destroy it as I please. That’s the baseline all tech companies should adhere to.