Slashdot Mirror
Should the FTC Investigate Google's Location Data Collection? (engadget.com)
An anonymous reader quotes a report from Engadget: In December of 2017, the office of U.S. Senator Richard Blumenthal sent Google's CEO a letter asking for a detailed explanation of the company's privacy practices around location services. Based on a report at Quartz, the senator's letter had 12 specific questions about how Google deals with location data. In January, Google responded to all of the issues in a lengthy letter signed by Google's VP of public policy, Susan Molinari. Now, apparently unsatisfied with the response, Senators Blumenthal and Edward J. Markey have sent a written request to the FTC to investigate Google's location services, along with "any deceptive acts and practices associated with the product."
While Google's initial response refuted many of the claims made by Quartz, and explained again and again how Google and Android handles sensitive location data, the letter to the FTC again uses the report as its main basis. The crux of the new letter appears to be this: "Google has an intimate understanding or personal lives as they watch their users seek the support of reproductive health services, engage in civic activities or attend places of religious worship," wrote the senators. All it takes to expose users to data collection, say the letter's authors, is to allow an "ambiguously described feature" once and then it is silently enabled across all signed-in devices without an expiration date.
While Google's initial response refuted many of the claims made by Quartz, and explained again and again how Google and Android handles sensitive location data, the letter to the FTC again uses the report as its main basis. The crux of the new letter appears to be this: "Google has an intimate understanding or personal lives as they watch their users seek the support of reproductive health services, engage in civic activities or attend places of religious worship," wrote the senators. All it takes to expose users to data collection, say the letter's authors, is to allow an "ambiguously described feature" once and then it is silently enabled across all signed-in devices without an expiration date.
What about cell companies? They know where we are too.
As a long-time supporter of FOSS, EFF, Copyleft and essentially open access this has gone beyond mere 'best practices' and humanitarianism
Nobody, not a government or a private enterprise, can be trusted with private proprietorship of this much data at this level of detail.
The problem is neural networks, turning subjectivity into objectivity, and the unreliability of the source data. Whoever controls the data can use it for any purpose, and there is such a massive capability and potential for misuse, especially of human trust networks, that there simply is no acceptable level of trust.
All human governments and economic systems rely on trust. Before social media, social trust networks were the foundation of all government. Who do you know? Who knows you? When the answer is whoever has the data plus a few (maybe a couple of dozen) close family and associates, then the system is broken.
Most people can't possibly cover anywhere near the number of social connections that a single-process home computer can cover. My lab can millions of processes with petabytes of data and more than a TB of network pipe. That's a fairly good lab, but there are far better out there. With the right kinds of data, I can manipulate society like it's my own personal sandbox.
Without protections on the data, there is no way to detect, verify or validate who is doing what with it. One good person might be fine, but what happens when they die and someone else gets it? There just isn't any reliable assurance that it won't be misused, while history teaches us that it invariably will be misused by someone given opportunity.
Some kind of national infrastructure and protection must be placed around this level of power. It's not like nukes, you can't guarantee it won't fall into the wrong hands with traditional protection measures. Security has limitations... There is no other choice.
My $0.02 will always be worth more than your â0.02, so
SOMEONE needs to be up Google's ass. All the time. They pave the way for other creepy stalker companies.
My biggest concerns over companies like Facebook, Google, and Apple developing autonomous cars is not whether they can make them safe. Eventually I know that they will be safe. One concern is that these people will collect data non-stop about where I am going and how long I stay. I considered this picking up my daughter from school to take her to her pediatrician, specifically that its really none of their damn business that I did such a thing. That led me to my second concern for these 3 companies developing autonomous vehicles. Imagine every damn time you drive past a BugerKing or Wendy's having to suffer a damn commercial or have the car offer to stop because a Whopper is only $3 this week. Non-stop, never-ending barrage of advertisements. Think back to the scene in Minority Report when Tom Cruise's character had eye replacement surgery, replacing his eyes with a japanese businessman. It was more noticeable the second he walked near any store, how every single ad started addressing him by his stolen identity. The two technologies that ad-based companies should be forbidden from developing based on privacy concerns should be
1) any location based technology that requires knowing where you are to function (maps, gps, autonomous cars, etc)
2) any technology that specializes in identification (facial recognition, biometrics, retina identity, etc.)
As europe are the only ones with any success in this field.
Que the butthurt americans....
And preferably feed in a false location, like middle of pacific ocean, or death valley.
Problem solved.
Often when you read about what the Electronic Frontier Foundation is doing you may think you should be helping them somehow, but don't want to actually directly donate money.
By using smile.amazon.com (if you shop there) you can donate every time you make a purchase. I highly recommend it.
Yes.
But start with Facebook. I'm sure Google grabs just as much if not more information, but Facebook seems to be more creepy in how they use it. Google doesn't bother me yet, but I won't install any Facebook apps on my phone.
Investgate != regulate. An investigation will allow the FTC to determine if there is a problem and if so then they can regulate. If there is no problem then no harm was done. Other than the cost of the investigation, it seems like a no brainier. Investigate away and make a decision. Maybe investigate again later if something changes. It's simple, and should be common enough that it doesn't register as news.
While Google's initial response refuted many of the claims made by Quartz ...
And we believe them WHY?
I am aware of all (or at least countless) risks involved. Even if I don't and didn't have anything to hide I've been sending PGP encrypted emails since more than 20 years. And I stopped doing so for more than 20 years. I lived for half my life in a dictatorship where you could "go away" and never been heard of for less than 5 words said to the wrong person. I am in no way naive or uninformed, I've been following up on security (not only computing security), privacy, heavy handed governments and so on; this is not something you can turn off.
BUT I'm happy with Google having my location. All the time, the more precise the better (well, preferably without killing my battery). I tried to do it myself and keep a GPS log since 2006 or so. I was having a GPS with me with multiple batteries that I would replace over the day but of course I couldn't do it very often, it had to be only on special occasions.
It was very painful to melt tons and tons of files (I still have them) and in the end rather pointless. I managed (barely) to find a perl script that would at least tag my pictures with their location but there is no good software to manage the pics (if you have a lot of them, not only a small folder), even if they have proper GPS tags. Google Photos (yes, I give them my pictures too) finds places where I've been instantly. It even finds them if the pics are coming from non-GPS cameras, by correlating the location from the phone (the same thing I've been doing very painfully back in 2006-2007). Google Timeline (including the decent mobile version from Google Maps) helped me find again places I didn't know in advance I had to bookmark and once even answered the question "I know what you did last night" - because I DIDN'T (no joke, years ago I remember an article, most likely on slashdot too, that was half-jokingly saying google can tell where you've been last night if you can't remember - and that came in hand this Christmas...).
Funny thing is EU used to (for more than one decade if I remember correctly) force mobile providers to keep your metadata (including the location, albeit not as precise as Google does it now, but those were other times) for at least 6-24 months (at least, without any obligation to age it off). And make it available to the state when needed of course. Everything at your expense of course (as part of your mobile contract). And -here's the kicker- YOU COULDN'T GET THIS DATA. Even if you went to Vodafone and said: ok, I pay you already to store all my shit for at least 24 months, what about letting me have it too? I can pay extra for your trouble, how about that? Nope, no option. At least with Google you can download it via Takeout and use it how you like it and you can use it in the built-in Google Maps/Timeline and Photos too.
YES, I wouldn't give my mother or my significant other access to my timeline. But I'm happy with Google having it. Yes, I understand the risks and I understand there are meta-risks I can't even imagine now. But this is a risk I'm willing to take. And I'll be really, really pissed if the government comes and says I can't just tick a box and agree that Google tracks me, as much and as accurately as technically feasible.
The article published by Quartz was irresponsible fear mongering. They did exactly zero research on this story aside from apparently hassling a Google employee about the practice. One would think they could have at least asked the person who supplied them with their screenshot what they thought the software was doing, but instead chose to take a Mulligan with: "It is not clear how cell-tower addresses, transmitted as a data string that identifies a specific cell tower, could have been used to improve message delivery."
It may not be clear to a dimwitted journalist, but it's something a decent network engineer is going to get a faraway look about when asked, because they're going to be thinking about whether or not it would be useful for network discovery. Quartz was also told up front that the practice was being ended because it didn't work out.
...but then Quartz goes straight to speculation and fear-mongering with: "But the privacy implications of the covert location-sharing practice are plain. While information about a single cell tower can only offer an approximation of where a mobile device actually is, multiple towers can be used to triangulate its location to within about a quarter-mile radius, or to a more exact pinpoint in urban areas, where cell towers are closer together."
The problem? Cell phones don't use multiple towers at the same time and that would be required for the triangulation the article mentions to take place. Their article's claim is so badly detached from reality that they might as well be speculating that the cell phones are using microwaves to slowly cook all the neighborhood children since they broadcast on such a high frequency. Another issue, Quartz is told that the data is gathered but discarded (and had always been discarded) but chooses to conflate the various meanings of the word "collected" in the article's title so that it seems Google was actually recording those results. Quartz uses another nasty conflation trick at the end of the article by bringing up the completely unrelated subject of geofenced advertising (which does actually require more granular data than looking up a cell ID would ever provide) and talking about that for a bit without ever providing a bit of relevance to the data collection.
This is turning into another endless bugaboo like the nonsense around collecting SSIDs by doing packet dumps that was somehow supposed to be eavesdropping on everyone's pornography habits or something judging by the way the press was talking it up. We eventually learned that a PR firm that was hired by Facebook was behind the schlepping of that terrible narrative. At the present time we can only speculate as to who is behind this crap story that won't die, but I'm sure it'll come out eventually. I find it highly dubious that a mediocre website would ever have been engaged in research of the type this takes, all on their own. Someone handed Keith Collins this story and they were shallow enough to run with it. Having looked at what other stories he's written for Quartz, he just isn't smart (or knowledgeable) enough to have come up with this all on his own.
during the Obummer presidency, Google's Director of Public Policy, Johanna Shelton, had more visits to the whitehouse than Facebook, Comcast, Oracle, ATT, and Verizon combined. That should tell you something creepy is going on. To put this in perspective, from 2009 - 2015 she was in the logs as visiting the white house 128 times.
Shelton's visits were just the tip of the iceberg. The Google Transparency Project found a total of 427 White House meetings involving employees of Google or related firms — more than one a week for the Obama administration.
from the article : http://www.googletransparencyp...
Nope. They should shut down. They'd only act long enough for Google to get around to bribing Trump, then he'd incoherently slap out a Tweet about solving the problem just like he did three times this weekend, and get back to mutual masturbation with Sean Hannity.
Seriously, while I would like some oversight of Google, the fact that a minority of Americans got their will and have managed to get a complete and utter moron into power is only evidence that we need Google to investigate things, and expose the sheer incompetence malignancy that's rotting the country as we speak.
obviously someone unaware of reality since you want to assume that trump would be the one bribed.. your former manchurian candidate was in bed with them non-stop. If anyone would have an axe to grind it would be someone who perceived he was cast in a bad light by google.
http://www.googletransparencyp...
Tower triangulation is well known and established. Amazingly enough, cell phones DO address multiple towers in order to provide quality uninterrupted service because the cell system assesses the best tower to use and people walk and drive around and stuff. Well known and not rocket science.
The author also quoted a representative of the EFF and a London security firm. This makes your assertion of zero research other than "harassment" of one employee a blatant lie.
What are you? The favorite hooker of the Google developer that was in charge of the canned program? I mean REALLY.
Maybe you should let APK know
obviously someone unaware of reality since you want to assume that trump would be the one bribed..
Who else would be? Somebody lower on the food chain? Not hardly. Trump's going to get his beak wet.
your former manchurian candidate was in bed with them non-stop.
Let me guess, you're worried about about somebody you can't name, because you know how pathetic you would look?
Yeah, I told you about that 15 years ago when your ass was whining about Microsoft being sued, and what did you do? Voted for Bush the Second anyway.
If anyone would have an axe to grind it would be someone who perceived he was cast in a bad light by google.
Yes, that describes Donald Trump. He does go into fuming outrages over criticism.
TL;DR.
You can always "OPT IN", but for the rest of us, and anyone under 13, no company, not google, twitter, facebook, MSFT, APPL, etc should TAKE our data without explicit, timed, permission.
For example, when I'm traveling overseas, I would also like google to track me, but not when I'm at home. At home, my habits would be traceable, which is a huge violation of privacy.
Is probably better than no investigation at all. Unfortunately, our government at all levels are abusing rights, privacy, and data of the citizens.
The problem? Cell phones don't use multiple towers at the same time and that would be required for the triangulation the article mentions to take place.
HTH, HAND
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Using multiple towers is EXACTLY how precision location services in a cell phone work. This is the core of the e911 locating service.
For the record I never whined about MS being sued, and as a libertarian, I never voted for bush. MS was the first, and should not to be forgotten, evil empire. since then many more evil empires have arisen to dwarf MS. MS' biggest revenue stream is that of being a patent troll over bullshit patent infringement claims toward Android, to which are merely paid only because Samsung found it a cheaper alternative than proving MS was full of shit. However MS has re-emerged with their new Pro-AI campaign. Given their history of 'features first, security last' approach (see letting Notepad execute arbitrary code with administrator privileges), this is likely going to result in some truly horrible shit. IF any company messing with AI results in bringing about SkyNet, my bet is on MS given their history of wondering if they CAN do something instead of if they SHOULD. Facebook, on the other hand, will probably be the first to discover SkyNet formed, and instead of alerting the public, will probably sell us all up the river in shackles.
That being said, since 2000 there has been a massive invasion of privacy and spying on citizens. From the patriot act, the NDA, project Carnivore, to project PRISM and beyond. Its so much that the american people are so numb from the articles and discoveries that they don't even care anymore. It goes back before 2000, but that was really the tipping point where it went from a slow creep to a downright avalanche. I would venture to guess that the Y2K scare was merely a smokescreen to cover the sort of spending it took to scale up this level of spying.
Trump certainly has his shortcomings. But it is very clear that he is not respected by any self described elitist group, secret society, shadow government, or deep-state organization. That puts him on the outside of the very groups that work for and with those that want to spy on you and sell your information. When those groups insult him or he perceived them as insulting him, he lashes out and hopefully in ways that reduce the amount of selling out our government has been doing. I do not harbor any belief that any one president will ever be able to put this damn genie back in the bottle; but hopefully, for his 4 year term, their progress will be slower than otherwise allowed.
Looking at my pay as you go phone (Moto E), on Fido in Canada without any data, I've used 667 MBs this month (no idea when the month started) with 549 Mbs used by Googles Play Services.
This is creepy and if I was paying for data, expensive as Canada has even more expensive data then everyone else. I'd guess a lot of this is location data.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
For the record I never whined about MS being sued, and as a libertarian, I never voted for bush.
You did, but won't admit it was whining, and your quibble that technicality you voted for an elector is bullshit.
MS was the first, and should not to be forgotten, evil empire.
First? No. Not even limiting ourselves to American corporations.
It goes back before 2000, but that was really the tipping point where it went from a slow creep to a downright avalanche.
At least you admit it is older than 2000, though you don't bother mentioning COINTELPRO I can forgive you.
I would venture to guess that the Y2K scare was merely a smokescreen to cover the sort of spending it took to scale up this level of spying.
That's less believable than the Transformers movie.
Trump certainly has his shortcomings. But it is very clear that he is not respected by any self described elitist group, secret society, shadow government, or deep-state organization.
This is true. They don't respect him. That is the problem.
That puts him on the outside of the very groups that work for and with those that want to spy on you and sell your information.
Nope. It is actually because they see him for the pea-brained stooge he is, easily distracted by waving a candy around.
When those groups insult him or he perceived them as insulting him, he lashes out and hopefully in ways that reduce the amount of selling out our government has been doing.
Oh, you hope? Turns out you are wrong.
I do not harbor any belief that any one president will ever be able to put this damn genie back in the bottle; but hopefully, for his 4 year term, their progress will be slower than otherwise allowed.
Then look upon his works and despair. Because he'll take the bribes, knuckle under to the extortion, and order the Minute Men to engage in the most patriotic and liberating thuggery they can.
Trump would literally hand the AI the nuclear codes as quickly as Homer Simpson
We all must be well aware of, by now (unless we tapped 'Agree' at some stage...), of the Dark Pattern embedded in Androids UI, where every time you enable GPS, you get prompted to enable Google Location services data sharing - Every. Single. Time. you enable GPS.
Get Fucked Google :) big smile on my face, reading this - hope they get slapped with a fucking multi-billion fine.
Normally we see charges brought up by a law enforcement entity and then get all the paper work and interviews put into play. Now we have the reverse. No charges are made yet the responding entity is expected to deliver all kinds of information. When False accusations are made and cause legal actions the accuser needs to be punished. That is absent from this investigate now and charge later tactic. Why not sweep up lower level people and put them on trial and then allow them to give up all that they know to reduce or eliminate their punishments? That is what we are seeing in the Trump investigation. Those easily convicted are being rounded up and you just know that most will sing like a song bird to avoid steep punishments.
There was telecomix, cyberguerilla, factions of Anonymous, Hispangatos, I2P, Tor, and various other cryptoanarchist attempts at limiting surveillance, increasing anonymity, or defeating government measures to censor the internet, whether domestic access or international access.
While many of them made headlines or were news in nerd circles, all of them are effectively dead or in decline.
Just as an example, there was a venezuelan coming into one of the cyberguerilla ops chatrooms looking for help with cyberactivism against Maduro's government computer systems. He explained their plight and what help they needed. There was no response at all. The same is true on channels all over Clearnet, Tor and I2P. Most of the previous generation of cyberactivists are now in white collar jobs, busy working on cryptocurrency scams, or full time as for-pay hackers/pentesters/security consultants.
I am not saying no new blood exists, but it doesn't appear to be replenishing the supply, unless everybody has moved to slack/discord/skype as their leet proprietary hacking communication medium.
If you think autonomous cars are bad, you can't even get around that data collection thanks to private security contractors for all the traffic cams at city intersections, which when combined with the privately available real-time cell phone monitoring, can give accurate locations on people down to a few hundred meters at worst, and probably within less than a meter at best. And that accuracy will only improve as camera tech improves.
In order for America, if not other parts of the world, to have a serious change at regaining any privacy, we need the 'undefined' part of the 9th amendment placed into the spotlight, and more effort put into legally closing the loopholes allowing these forms of surveillance. Just shifting ownership of the cameras to a private company should not resolve the government of their constitutionally required protection of citizens rights.
Why do you care who a living tourist attraction / inbred upper class twit marries?
Oh, yeah, sure. Government getting involved always makes things better. Oy vey iz mir!
It wasn't long ago that my favourite WiFi Scanner did NOT NEED LOCATION SERVICES. Oh, Bluetooth for my fit bit? NEEDS LOCATION SERVICES ON. WTF Google? For a company that says they don't do evil, you sure do it well. MF'ers.