> Do people really think Google isn't tracking location data without this setting enabled? How would anyone (save for a whistleblower) know?
Frankly I think that Google wont track me if I flip the bit (bugs not withstanding). Maybe I’m a fool. Do I trust mega corps? No, but I trust them enough to not blatantly lie when there’d be huge legal repercussions.
They’re a massive corporation with tons of lawyers. They have an huge reputational risk, and they are already known to track a lot of data. Ignoring the user would be a massive violation. I’m sure there is massive legal penalty to this, enough to make the company care about being honest. You can find the most useless crap they stored it you do a data takeout request, so what’re the odds that entire teams of people have been secretly working on something violating laws and agreements and everyone including legal has just turned a blind eye?
Everywhere I’ve worked required privacy and legal reviews just to touch data that could be a location, nevermind store or use it associated with a user. Frankly the lack of whistleblowers or leaks should be a massive sign that it’s not happening. Google has been terrible at avoiding leaks, and everyone working there seems to be jaded after the layoffs rocked the company.
Regarding the “gay bar” anecdotes - I think there are some weak protections around “derivative data” in some jurisdictions but this is likely a gap in laws. There is a chance that it could be considered derived location and be purged too.
Ps totally agree on the point about police abuse though.
I don't understand this argument. The most hated corporations in the US are all insanely rich and are at zero risk of going out of business even though most people hate them. After a certain point, corporations have basically nothing to fear from bad press. Google specifically has been found guilty of violating the law and people's privacy on numerous occasions already, including misleading users into thinking they had turned off location tracking in their account settings even though Google was still collecting that information. Here's a short and very incomplete list:
What reputation does Google have to protect at this point?
They've repeatedly demonstrated a willingness to break the law when it's convenient for them and even after being caught they've generally profited from doing so and at no point were they in danger of going out of business due to punitive fines.
> Frankly the lack of whistleblowers or leaks should be a massive sign that it’s not happening.
whistleblowers are extremely rare. The few protections they have are being reduced all the time, and the risk is huge. Very few people will give up their career and risk becoming unhirable.
>whistleblowers are extremely rare. The few protections they have are being reduced all the time, and the risk is huge. Very few people will give up their career and risk becoming unhirable.
Except you don't need to whistleblow by testifying in front of congress or whatever. You can anonymously post on HN (or similar tech-oriented forums) with proof and it would be enough to get the ball rolling. Android and google play services is archived everywhere it'll be easy for others to check your work.
> Except you don't need to whistleblow by testifying in front of congress or whatever. You can anonymously post on HN (or similar tech-oriented forums) with proof and it would be enough to get the ball rolling.
I'd bet that very few people would have the kind of access to see what violations of people's privacy are taking place and that proof someone posted to social media (besides a massive leak of innocent people's personal data) may not be verifiable by anyone other than google employees or regulators/government who could get into Google's internal systems.
I suppose that they could if there was a lie_to_public_about_data_collection() function in Android's source code or a massive store of location data that shouldn't exist just sitting unencrypted on our devices and being transmitted to google unencrypted, but other situations would be much less clear.
For example, when you open Google maps, you'd fully expect that your location would be sent to google. You'd also expect that google wouldn't keep that information tied to your account if you'd opted out of that tracking in your account settings. If google were keeping a copy of that location data on an internal server somewhere, associated with your dossier, but not made visible to users (or even most google employees) what proof would you expect to see posted to HN that we could verify for ourselves? Screenshots of the database/internal tool/documentation might be good, but screenshots can be faked and since we don't have access to the database, or the server deep inside google that hosts it, or their internal documentation we'd be unable to say for sure if it the screenshots were real.
Companies are using all kinds of tricks these days to catch whistleblowers like logging anyone who accesses sensitive information and adding hidden watermarks to documents and images. Just going to social media or the press could be very risky.
"You can anonymously post on HN" - New account? flagged / green / unvouched and HN will still be able to connect the account unless <extra work>. And you know they all connected with each other
Could do speech analysis on the text and compare against company slack / email.
only a few people have the access to the leaked info and trivial to work out
> whistleblowers are extremely rare. The few protections they have are being reduced all the time, and the risk is huge. Very few people will give up their career and risk becoming unhirable.
We get the new pixels leaked every year for a decade. We get all sorts of leaks from Google very regularly in the news.
If you work for a tech company and you have juicy new stories you can quite literally call a journalist and get something in the news that week.
It would be reasonable to expect that there are vastly more employees who have access to pixel phone specs than some secret server collecting private information google keeps when they shouldn't. Google is known to be pretty restrictive about employee's access to the user data they're allowed to collect (at least they are now, after some embarrassing cases of Google employees cyber-stalking teenagers and ex-girlfriends (https://www.dailymail.co.uk/news/article-9862857/Google-fire...)
> Ignoring the user would be a massive violation. I’m sure there is massive legal penalty to this, enough to make the company care about being honest.
Is this satire? There are countless discussions about how GDPR for example is not being enforced properly, how fines are not small enough to move the needle for corporations and are just a cost of doing business. Apple and Google and Microsoft and Facebook are continuously fighting the EU Comission about privacy and market domination on multiple fronts, and recently the US DOJ has started fighting them too. I have never seen any clue that they are afraid.
Frankly I think that Google wont track me if I flip the bit (bugs not withstanding). Maybe I’m a fool. Do I trust mega corps? No, but I trust them enough to not blatantly lie when there’d be huge legal repercussions.
They’re a massive corporation with tons of lawyers. They have an huge reputational risk, and they are already known to track a lot of data. Ignoring the user would be a massive violation. I’m sure there is massive legal penalty to this, enough to make the company care about being honest. You can find the most useless crap they stored it you do a data takeout request, so what’re the odds that entire teams of people have been secretly working on something violating laws and agreements and everyone including legal has just turned a blind eye?
Everywhere I’ve worked required privacy and legal reviews just to touch data that could be a location, nevermind store or use it associated with a user. Frankly the lack of whistleblowers or leaks should be a massive sign that it’s not happening. Google has been terrible at avoiding leaks, and everyone working there seems to be jaded after the layoffs rocked the company.
Regarding the “gay bar” anecdotes - I think there are some weak protections around “derivative data” in some jurisdictions but this is likely a gap in laws. There is a chance that it could be considered derived location and be purged too.
Ps totally agree on the point about police abuse though.