Analyzing Google's Privacy Policy

in #ethical6 years ago (edited)


Google Eye image is provided by geralt via Pixabay.

In recent articles we've discussed how people are lulled into complacency by big data's illusion of safety and highlighted an article written by a privacy visionary about how Google has become a tracking company rather than a search engine company. The bottom line, as usual, is that you aren't truly the customer of their services. Their mission is to collect your valuable data and sell services based on that data to others, the real customers.

Google covers itself legally by disclosing what they collect, how, and why in their privacy policy. In this article, I will cover key points from Google's privacy policy and state what is implied by the capabilities and policies that are revealed. The latest version of their policy will be effective on the 22nd of January 2019. I can't say what has changed with the latest version of this policy, but I will cover what it says today.

The way that they deliver their privacy policy attempts to be cute and lively, which makes it all the more creepy and Orwellian to me. They don't bury the reader in unreadable legalese, but their whole approach seems geared to lure children in, like a fabled gingerbread house. The cute graphics and language are lighthearted and designed to make you feel at ease. Cartoon videos with cheerful young voices make you feel almost good about having all your data harvested. Perhaps urban-legend kidney thieves could learn a thing or two from Google. People might almost feel happy about waking up with a kidney missing.

The vomit-inducing delivery method is irrelevant. The cheerful spin doesn't change the information that they are revealing. When the thief tells you what he's going to do, you should take his word. He'll do at least what he says.

What Does The Policy Cover?

Google's single privacy policy document covers all of their many products and services. This includes their online platforms, such as their search engine, Google Maps, Docs, Photos, Drive, Calendar, Gmail, etc. It also includes the Android operating system installed in 1.4 billion devices worldwide (likely more, that's a 2016 statistic). This privacy policy also covers software that they provide. Chrome and other applications have their own specific privacy policies, too. This policy also covers 3rd party apps and sites that use Google's services to provide ads or embedded maps.

What Does Google Collect?

General Collection

It should be obvious that Google collects every piece of information that you provide to them. All of the files you keep on Drive, all the spreadsheets and documents in Docs, everything you've shared in Google+, all the snapshots you've shared with Photo, etc. Because they are storing all of this data for cloud-based convenience, one could argue that this is ethical. What you might not realize is that they know more than just file sizes and names. You've given them permission to access the metadata and internals of everything you provide.

Gmail and Related Services

Gmail is a very common email provider. Everybody knows a number of people who use @gmail.com addresses as their primary email account. It's not always obvious when Gmail is used, though. I've seen email addresses under several organizations' domain names where Google was providing their email service, calendars, and other functions. It was very economical and easy for them to set up, but I question why a business would share so much of their inner workings with a Big Data giant like Google. Unless you've made some kind of special paid agreement with Google, they are harvesting the internals of your email.

Social Media

When you are on Google platforms such as YouTube and Google+, all of your activities are recorded, including what profiles you visit, who you associate with, your subscriptions, your likes, comments, playlists, files you've shared, etc. None of this should be a surprise, as they couldn't really run a social media platform without recording that information. Keep in mind, however, that they will use any data that you provide to them for their own purposes and that they will aggregate that data along with the many other volumes of data that they have on you. The result is that they may construct information that even your spouse and family members don't know.

Android Devices

It should be noted that Android phones and other devices are highly connected to Google's services by default, especially Calendar, Contacts, and Photos. The default Play store is also a Google service. By default, the Android OS collects your use of apps, crash reports, your carrier, your phone's IMEI and phone number, all of your contacts, your calendar, and your photos.

Specific Information Collected

Whenever you use Google's services, they say that they collect the following (pasted directly from the Privacy Policy):

  • Terms you search for
  • Videos you watch
  • Views and interactions with content and ads
  • Voice and audio information when you use audio features
  • Purchase activity
  • People with whom you communicate or share content
  • Activity on third-party sites and apps that use our services
  • Chrome browsing history you’ve synced with your Google Account

Location Information

Location information is collected using the following information (again, pasted directly from their Privacy Policy):

  • GPS
  • IP address
  • Sensor data from your device
  • Information about things near your device, such as Wi-Fi access points, cell towers, and Bluetooth-enabled devices

If you have Location History turned on you can see where you've been using Google Maps. You might assume that turning off Location History would shut off Google's ability to track your location, but the privacy policy says nothing about this. You should assume that Google knows your location, even when you've shut your phone's GPS receiver off, because it can use the other methods listed above to determine where you are. For instance, they've collected information on WiFi networks such that they can often pinpoint your location based on the networks your phone can see.

The Chrome Browser

The Chrome browser is provided by Google free-of-charge and has its own privacy policy, in addition to the overall Google privacy policy.

If you sign-in on Chrome and use their synced mode, it uploads this information to their servers (pasted from the privacy policy):

  • Browsing history
  • Bookmarks
  • Tabs
  • Passwords and Autofill information
  • Other browser settings, like installed extensions

Nowhere does Google say that they store this information using a zero knowledge approach or that they won't access this information for their own purposes. When you use Chrome in synced mode, you should assume that they have all of the information you've seen on your browser, or that they can access it using the information you've provided (noting that they have collected your passwords).

Many will assume that incognito mode will keep their browsing activities concealed from others. Generally-speaking, this isn't true of the network you are on or the ISP you are using. You should probably know that all of your internet activities are easily tracked, unless you use a VPN (virtual private network) service. While incognito mode won't save your browsing history or allow existing cookies to expose your identity, your IP address is still exposed and some plugins may reveal your identity. The applicable privacy policies don't state whether your browser's unique identifiers are still exposed. When using Chrome, I would assume that they are exposed and that Google is still tracking your browsing activities while you are in incognito mode.

More on these unique identifiers in Chrome and other browsers that Google uses to track your activities online (from the privacy policy):

We use various technologies to collect and store information, including cookies, pixel tags, local storage, such as browser web storage or application data caches, databases, and server logs.

Note that many plugins will reveal your identity. Flash is notorious for this. With all of the means available to them, Google can track your activities without logging into Google.

Tracking Outside of Google

Google's collection of data on individuals doesn't end with their services or their affiliates. Google is running a search engine, after all, so it's easy for them to collect information on you from publicly accessible sources including newspapers, websites, etc. Literally anything associated with your name may be associated with your identity.

Also, "trusted partners" share information about users with Google that may be used to "protect against abuse." In the current social media environment, a large number of things can be labeled as abuse by Big Data, including politically correct and insensitive statements, as well as sharing information that challenges authority.

Why Should You Be Concerned?

How They Use the Data

Much of what Google is collecting is sold as being for your convenience. They use the data they collect to (again, pasted from their privacy policy):

  • Provide services
  • Build better services
  • Develop new services
  • Personalize services, including targeted advertising
  • Measure performance
  • Communicate with you
  • Protect Google, users, and the public

Note, especially, the last item on the list. This statement opens the door for Google to behave as Big Brother. In the following subsections, I will list a few areas where the data that they collect and share might be used against you. Primarily under the category to "protect ... the public."

Social Media

Protecting the public can easily include ensuring that nobody is "bullied," or has their feelings hurt; whether somebody is actually attacking somebody's character or simply presenting controversial information. As mentioned previously, a pattern has been observed in recent history where social media platforms have demonetized, shadow-banned, suspended, and even completely banned users who have posted information that is:

  • Politically incorrect. There's a certain disease in our culture today that says certain viewpoints cannot be tolerated, especially not by people who have preached "tolerance" for decades.
  • Insensitive. Closely-related to political correctness, content may not actually violate the unwritten PC "rules," but may still slight some protected group in some unpredictable way.
  • Against mainstream narratives. Some contributors may have ideas that deny historically-accepted or scientific "facts." They may also be reporting from an unusual point of view on a hot topic. Items in this category will often be labeled as "fake news."
  • Challenging authority. Much like going against mainstream narratives, some contributors will make statements that go directly against government and/or other "authorities'" assertions.
  • Offensive. Naturally, what is "offensive" is a matter of opinion and it's hard to apply an objective standard. It is truly the readers' decision on whether they are offended or not.

One can argue that free speech isn't guaranteed on privately-owned platforms, including Google's YouTube or Google+, but we can still state that certain censorship activities are unethical, we can be critical of their actions and decide to take our business elsewhere. However, with a system as ubiquitous as Google's, it might be tough to take your business elsewhere. We have to remember that they will likely be selling information to other platforms, such as Facebook and Twitter, which have been known to chastise users for behaviors that didn't happen on their platforms.

Effects on Business

It is true that most people use social media simply to communicate their ideas and opinions to the world for social purposes. Stating the wrong thing on social media has resulted in many firings and forced resignations over the past few years. So, in this sense, having everything aggregated by Google to sell to third parties doesn't do employees or job applicants any favors. The effects on business go even further if you are running a business online.

When you are trying to run a business, having your information and activities unnecessarily exposed to the world may lead to issues that hurt your ability to make a living. Combining multiple sources of information may lead to assertions by platforms that you've violated their terms of service in some way, leading to demonetization, suspension, or even banning you from their platform. While this is inconvenient for the normal user, these actions could put you out of business. Worse yet, some platforms may simply shadow-ban your content. This means that your content simply won't show up on subscribers' feeds, and you probably won't be told that you've been shadow-banned. Even when you've been demonetized, suspended, or banned in an outright fashion where you were notified, there's no guarantee that your appeals will be heard or that justice will be served and you'll be reinstated.

Many have found ways to get around demonetization on platforms such as YouTube by going to platforms such as Patreon and others that allow supporters to directly support content producers. Patreon is also caving in to social justice warriors' demands and quite a few content providers have been purged from that platform. Worse yet, payment providers like PayPal are also acting on these pressures, and cutting off the financial lifeline to content producers and platforms like BitChute.

The bottom line is that you really don't want every aspect of your life to be connected by some common link such as Google. You don't want some comment you made in personal channels to affect your business. Google's ability to collect, compile, and datamine every aspect of your life gives them the power to behave like George Orwell's Big Brother. They certainly have capabilities beyond what Orwell imagined, so the long-term impact may be worse.

The Police State

So, we've discussed why you should be concerned from the angle of what could happen to you on social media or what could be done to your business. The police state is an even greater threat. Google's privacy policy states that it will share information to "protect ... the Public," and we already know about their participation in the NSA's PRISM program from Edward Snowden's revelations in 2013.

I believe that every company operating on US soil is forced to provide an NSA backdoor to access user information. This became clear to me when I heard that Ladar Levison shut down Lavabit once the US government demanded access to his SSL keys:

It was also made clear to me by Snowden's remarks on the FBI's "attempts" to break into a terrorist's iPhone. No doubt the FBI already had access to the information on the phone.

So, here's the question: Even if you thought you could trust these companies with your information, do you really want the US Government to have access? How long before people with anti-authoritarian views get labeled as dissidents by more than just the Big Data companies and the payment processors? Will this affect your ability to keep your job? get a job? accept payments? make payments? keep your business up and running? leave the country? speak freely?

Privacy Settings

Google's privacy policy states that privacy settings for all of their services are adjustable and provides links to those settings. Types of privacy controls they provide include (titles pasted from Google's privacy policy):

  • Activity Controls
  • Ad settings
  • About you
  • Shared endorsements
  • Information you share
  • My activity
  • Google Dashboard
  • Your personal information

They also have privacy-related options to export, audit, and/or remove data from their systems. So...why, again, are we concerned?

Here's the problem: How much time do you want to spend staying up-to-date on every new way that Google is collecting data and what new settings need to be tweaked? This could become a major hobby or even a full-time job. Especially when you consider that you should be doing the same with every cloud-based platform you use, whether they are Google-based or not. Why aren't any of these platforms ethical systems that respect your authority by default?

Sure, the predominant business model is based on providing a free service that collects your valuable information. That doesn't lead to ethical platforms, unless the model changes to one where people actually expect to pay for the services they use.

What Can You Do?

We'll start off with the obvious: If you value your privacy at all, avoid Google at all costs! I'm still using a lot of Google services by default and in my future posts I'll be sharing suggestions for alternative services, platforms, software, and even operating systems that will allow you to break free from the Panopticon that we are living under.

For now, I'm going to suggest your first step: STOP using Google as your default search engine. I've been using Duck Duck Go for several years and have found it to be every bit as effective as Google at finding what I'm looking for. The search suggestions aren't going to be customized to my use, but I've always found that function to be creepy, anyways! The key is this: Duck Duck Go's business model isn't based on collecting your information and tracking your activities on the Web.

Get Involved

If you've found this information useful, you have corrections, or you simply believe that we are out to lunch, please let us know in the comments below!

If you'd like to provide inputs or would like to write guest posts for Ethical Developer Group, please use the Contact Us form on the left.

Also, please subscribe to our newsletters, so that you see our future posts and stay informed on where Ethical Developer Group is going in the future.


Posted from my blog with SteemPress : https://edgcert.com/2018/12/23/google-privacy-policy/
#developer #edg
6 years ago in #ethical by
$0.00
    4 votes
    Reply 0

    Coin Marketplace

    STEEM 0.18
    TRX 0.15
    JST 0.028
    BTC 63177.41
    ETH 2439.37
    USDT 1.00
    SBD 2.58