Slashdot Mirror
Should the FTC Investigate Google's Location Data Collection? (engadget.com)
An anonymous reader quotes a report from Engadget: In December of 2017, the office of U.S. Senator Richard Blumenthal sent Google's CEO a letter asking for a detailed explanation of the company's privacy practices around location services. Based on a report at Quartz, the senator's letter had 12 specific questions about how Google deals with location data. In January, Google responded to all of the issues in a lengthy letter signed by Google's VP of public policy, Susan Molinari. Now, apparently unsatisfied with the response, Senators Blumenthal and Edward J. Markey have sent a written request to the FTC to investigate Google's location services, along with "any deceptive acts and practices associated with the product."
While Google's initial response refuted many of the claims made by Quartz, and explained again and again how Google and Android handles sensitive location data, the letter to the FTC again uses the report as its main basis. The crux of the new letter appears to be this: "Google has an intimate understanding or personal lives as they watch their users seek the support of reproductive health services, engage in civic activities or attend places of religious worship," wrote the senators. All it takes to expose users to data collection, say the letter's authors, is to allow an "ambiguously described feature" once and then it is silently enabled across all signed-in devices without an expiration date.
While Google's initial response refuted many of the claims made by Quartz, and explained again and again how Google and Android handles sensitive location data, the letter to the FTC again uses the report as its main basis. The crux of the new letter appears to be this: "Google has an intimate understanding or personal lives as they watch their users seek the support of reproductive health services, engage in civic activities or attend places of religious worship," wrote the senators. All it takes to expose users to data collection, say the letter's authors, is to allow an "ambiguously described feature" once and then it is silently enabled across all signed-in devices without an expiration date.
What about cell companies? They know where we are too.
As a long-time supporter of FOSS, EFF, Copyleft and essentially open access this has gone beyond mere 'best practices' and humanitarianism
Nobody, not a government or a private enterprise, can be trusted with private proprietorship of this much data at this level of detail.
The problem is neural networks, turning subjectivity into objectivity, and the unreliability of the source data. Whoever controls the data can use it for any purpose, and there is such a massive capability and potential for misuse, especially of human trust networks, that there simply is no acceptable level of trust.
All human governments and economic systems rely on trust. Before social media, social trust networks were the foundation of all government. Who do you know? Who knows you? When the answer is whoever has the data plus a few (maybe a couple of dozen) close family and associates, then the system is broken.
Most people can't possibly cover anywhere near the number of social connections that a single-process home computer can cover. My lab can millions of processes with petabytes of data and more than a TB of network pipe. That's a fairly good lab, but there are far better out there. With the right kinds of data, I can manipulate society like it's my own personal sandbox.
Without protections on the data, there is no way to detect, verify or validate who is doing what with it. One good person might be fine, but what happens when they die and someone else gets it? There just isn't any reliable assurance that it won't be misused, while history teaches us that it invariably will be misused by someone given opportunity.
Some kind of national infrastructure and protection must be placed around this level of power. It's not like nukes, you can't guarantee it won't fall into the wrong hands with traditional protection measures. Security has limitations... There is no other choice.
My $0.02 will always be worth more than your â0.02, so
My biggest concerns over companies like Facebook, Google, and Apple developing autonomous cars is not whether they can make them safe. Eventually I know that they will be safe. One concern is that these people will collect data non-stop about where I am going and how long I stay. I considered this picking up my daughter from school to take her to her pediatrician, specifically that its really none of their damn business that I did such a thing. That led me to my second concern for these 3 companies developing autonomous vehicles. Imagine every damn time you drive past a BugerKing or Wendy's having to suffer a damn commercial or have the car offer to stop because a Whopper is only $3 this week. Non-stop, never-ending barrage of advertisements. Think back to the scene in Minority Report when Tom Cruise's character had eye replacement surgery, replacing his eyes with a japanese businessman. It was more noticeable the second he walked near any store, how every single ad started addressing him by his stolen identity. The two technologies that ad-based companies should be forbidden from developing based on privacy concerns should be
1) any location based technology that requires knowing where you are to function (maps, gps, autonomous cars, etc)
2) any technology that specializes in identification (facial recognition, biometrics, retina identity, etc.)
Often when you read about what the Electronic Frontier Foundation is doing you may think you should be helping them somehow, but don't want to actually directly donate money.
By using smile.amazon.com (if you shop there) you can donate every time you make a purchase. I highly recommend it.
Yes.
But start with Facebook. I'm sure Google grabs just as much if not more information, but Facebook seems to be more creepy in how they use it. Google doesn't bother me yet, but I won't install any Facebook apps on my phone.
Investgate != regulate. An investigation will allow the FTC to determine if there is a problem and if so then they can regulate. If there is no problem then no harm was done. Other than the cost of the investigation, it seems like a no brainier. Investigate away and make a decision. Maybe investigate again later if something changes. It's simple, and should be common enough that it doesn't register as news.
I am aware of all (or at least countless) risks involved. Even if I don't and didn't have anything to hide I've been sending PGP encrypted emails since more than 20 years. And I stopped doing so for more than 20 years. I lived for half my life in a dictatorship where you could "go away" and never been heard of for less than 5 words said to the wrong person. I am in no way naive or uninformed, I've been following up on security (not only computing security), privacy, heavy handed governments and so on; this is not something you can turn off.
BUT I'm happy with Google having my location. All the time, the more precise the better (well, preferably without killing my battery). I tried to do it myself and keep a GPS log since 2006 or so. I was having a GPS with me with multiple batteries that I would replace over the day but of course I couldn't do it very often, it had to be only on special occasions.
It was very painful to melt tons and tons of files (I still have them) and in the end rather pointless. I managed (barely) to find a perl script that would at least tag my pictures with their location but there is no good software to manage the pics (if you have a lot of them, not only a small folder), even if they have proper GPS tags. Google Photos (yes, I give them my pictures too) finds places where I've been instantly. It even finds them if the pics are coming from non-GPS cameras, by correlating the location from the phone (the same thing I've been doing very painfully back in 2006-2007). Google Timeline (including the decent mobile version from Google Maps) helped me find again places I didn't know in advance I had to bookmark and once even answered the question "I know what you did last night" - because I DIDN'T (no joke, years ago I remember an article, most likely on slashdot too, that was half-jokingly saying google can tell where you've been last night if you can't remember - and that came in hand this Christmas...).
Funny thing is EU used to (for more than one decade if I remember correctly) force mobile providers to keep your metadata (including the location, albeit not as precise as Google does it now, but those were other times) for at least 6-24 months (at least, without any obligation to age it off). And make it available to the state when needed of course. Everything at your expense of course (as part of your mobile contract). And -here's the kicker- YOU COULDN'T GET THIS DATA. Even if you went to Vodafone and said: ok, I pay you already to store all my shit for at least 24 months, what about letting me have it too? I can pay extra for your trouble, how about that? Nope, no option. At least with Google you can download it via Takeout and use it how you like it and you can use it in the built-in Google Maps/Timeline and Photos too.
YES, I wouldn't give my mother or my significant other access to my timeline. But I'm happy with Google having it. Yes, I understand the risks and I understand there are meta-risks I can't even imagine now. But this is a risk I'm willing to take. And I'll be really, really pissed if the government comes and says I can't just tick a box and agree that Google tracks me, as much and as accurately as technically feasible.
not just once, as someone pointed out that trying to avoid detection directly will make you stick out. Instead how about other devices that feed false information simultaneously and more regularly than reality. Say that at any given time you appear to be taking 3 trips to and from 3 different locations and with such frequency that it dwarfs reality significantly. Perhaps even randomize the number of simultaneous feeds to prevent basic process of elimination. But this would need to happen on a scale that at least 70% of the population did this, or, at least, had their data altered, in order to make the entire database of information substantially worthless.
The article published by Quartz was irresponsible fear mongering. They did exactly zero research on this story aside from apparently hassling a Google employee about the practice. One would think they could have at least asked the person who supplied them with their screenshot what they thought the software was doing, but instead chose to take a Mulligan with: "It is not clear how cell-tower addresses, transmitted as a data string that identifies a specific cell tower, could have been used to improve message delivery."
It may not be clear to a dimwitted journalist, but it's something a decent network engineer is going to get a faraway look about when asked, because they're going to be thinking about whether or not it would be useful for network discovery. Quartz was also told up front that the practice was being ended because it didn't work out.
...but then Quartz goes straight to speculation and fear-mongering with: "But the privacy implications of the covert location-sharing practice are plain. While information about a single cell tower can only offer an approximation of where a mobile device actually is, multiple towers can be used to triangulate its location to within about a quarter-mile radius, or to a more exact pinpoint in urban areas, where cell towers are closer together."
The problem? Cell phones don't use multiple towers at the same time and that would be required for the triangulation the article mentions to take place. Their article's claim is so badly detached from reality that they might as well be speculating that the cell phones are using microwaves to slowly cook all the neighborhood children since they broadcast on such a high frequency. Another issue, Quartz is told that the data is gathered but discarded (and had always been discarded) but chooses to conflate the various meanings of the word "collected" in the article's title so that it seems Google was actually recording those results. Quartz uses another nasty conflation trick at the end of the article by bringing up the completely unrelated subject of geofenced advertising (which does actually require more granular data than looking up a cell ID would ever provide) and talking about that for a bit without ever providing a bit of relevance to the data collection.
This is turning into another endless bugaboo like the nonsense around collecting SSIDs by doing packet dumps that was somehow supposed to be eavesdropping on everyone's pornography habits or something judging by the way the press was talking it up. We eventually learned that a PR firm that was hired by Facebook was behind the schlepping of that terrible narrative. At the present time we can only speculate as to who is behind this crap story that won't die, but I'm sure it'll come out eventually. I find it highly dubious that a mediocre website would ever have been engaged in research of the type this takes, all on their own. Someone handed Keith Collins this story and they were shallow enough to run with it. Having looked at what other stories he's written for Quartz, he just isn't smart (or knowledgeable) enough to have come up with this all on his own.
during the Obummer presidency, Google's Director of Public Policy, Johanna Shelton, had more visits to the whitehouse than Facebook, Comcast, Oracle, ATT, and Verizon combined. That should tell you something creepy is going on. To put this in perspective, from 2009 - 2015 she was in the logs as visiting the white house 128 times.
Shelton's visits were just the tip of the iceberg. The Google Transparency Project found a total of 427 White House meetings involving employees of Google or related firms — more than one a week for the Obama administration.
from the article : http://www.googletransparencyp...
Because a great many of us actually work with this technology on a daily basis, and recognize it as the type of thing you might look at hoping you could use it to make services more reliable but would probably have to give up and toss if it didn't pan out. Also, Quartz's article was mostly tin-foil shade-throwing.
obviously someone unaware of reality since you want to assume that trump would be the one bribed.. your former manchurian candidate was in bed with them non-stop. If anyone would have an axe to grind it would be someone who perceived he was cast in a bad light by google.
http://www.googletransparencyp...
Maybe you should let APK know
The problem? Cell phones don't use multiple towers at the same time and that would be required for the triangulation the article mentions to take place.
HTH, HAND
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
For the record I never whined about MS being sued, and as a libertarian, I never voted for bush. MS was the first, and should not to be forgotten, evil empire. since then many more evil empires have arisen to dwarf MS. MS' biggest revenue stream is that of being a patent troll over bullshit patent infringement claims toward Android, to which are merely paid only because Samsung found it a cheaper alternative than proving MS was full of shit. However MS has re-emerged with their new Pro-AI campaign. Given their history of 'features first, security last' approach (see letting Notepad execute arbitrary code with administrator privileges), this is likely going to result in some truly horrible shit. IF any company messing with AI results in bringing about SkyNet, my bet is on MS given their history of wondering if they CAN do something instead of if they SHOULD. Facebook, on the other hand, will probably be the first to discover SkyNet formed, and instead of alerting the public, will probably sell us all up the river in shackles.
That being said, since 2000 there has been a massive invasion of privacy and spying on citizens. From the patriot act, the NDA, project Carnivore, to project PRISM and beyond. Its so much that the american people are so numb from the articles and discoveries that they don't even care anymore. It goes back before 2000, but that was really the tipping point where it went from a slow creep to a downright avalanche. I would venture to guess that the Y2K scare was merely a smokescreen to cover the sort of spending it took to scale up this level of spying.
Trump certainly has his shortcomings. But it is very clear that he is not respected by any self described elitist group, secret society, shadow government, or deep-state organization. That puts him on the outside of the very groups that work for and with those that want to spy on you and sell your information. When those groups insult him or he perceived them as insulting him, he lashes out and hopefully in ways that reduce the amount of selling out our government has been doing. I do not harbor any belief that any one president will ever be able to put this damn genie back in the bottle; but hopefully, for his 4 year term, their progress will be slower than otherwise allowed.
Looking at my pay as you go phone (Moto E), on Fido in Canada without any data, I've used 667 MBs this month (no idea when the month started) with 549 Mbs used by Googles Play Services.
This is creepy and if I was paying for data, expensive as Canada has even more expensive data then everyone else. I'd guess a lot of this is location data.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
not just once, as someone pointed out that trying to avoid detection directly will make you stick out. Instead how about other devices that feed false information simultaneously and more regularly than reality. Say that at any given time you appear to be taking 3 trips to and from 3 different locations and with such frequency that it dwarfs reality significantly. Perhaps even randomize the number of simultaneous feeds to prevent basic process of elimination. But this would need to happen on a scale that at least 70% of the population did this, or, at least, had their data altered, in order to make the entire database of information substantially worthless.
But that will get you banned from Pokemon GO.
YES, it is opt in. Without giving explicit permission not even Google Maps (the default navigation app on your phone, at least for those related to Google's ecosystem) would access your location, not even once. Storing your location is again a different step in the wizard (separated from accessing it in the first place). If anything there's TO MUCH opt in but hey, you asked for it!
Now let's say they "trick you" this way and you opt in to something you didn't want to, just because you like to opt in to everything instead of thinking about what you want to actually chose.
BUT! Once enabled it's sending you now and then emails with Location Reporting Privacy Reminder
To protect your privacy we would like to remind you that your mobile device is reporting your location data to Google.
In the Maps app "Your timeline" isn't at all hidden, actually it is in the first level menu, just under "Your places" (basically your bookmarks). You ARE bound to check it out.
Also, if you browse to google maps while logged in to your google account it will tell your location clearly and also showing:
"From you phone
(Location History)
Update
Learn More"
In short there is no shortage of opt in, if anything there's too much. And if you got something wrong they'll remind you in many ways. The only real danger is as I mentioned if they make it just illegal for you to opt in, completely. Which they can very well do and I actually see it happening, "for your own good".
Normally we see charges brought up by a law enforcement entity and then get all the paper work and interviews put into play. Now we have the reverse. No charges are made yet the responding entity is expected to deliver all kinds of information. When False accusations are made and cause legal actions the accuser needs to be punished. That is absent from this investigate now and charge later tactic. Why not sweep up lower level people and put them on trial and then allow them to give up all that they know to reduce or eliminate their punishments? That is what we are seeing in the Trump investigation. Those easily convicted are being rounded up and you just know that most will sing like a song bird to avoid steep punishments.
Why do you care who a living tourist attraction / inbred upper class twit marries?
American software industry nominal pay rates have been stagnant for over a decade, while cost of living exploded.
That's why smart young men no longer go into software.
Yet another way the Chinese are beating us at absolutely everything.
#GoogleShill
Oh, yeah, sure. Government getting involved always makes things better. Oy vey iz mir!