[–] Ajedi32 link

The big difference is Google doesn't sell that data to third parties; they just use it for ad targeting. There's a big difference between the company that makes my phone's OS knowing my location, and anyone willing to pay a few bucks knowing the same.

(Also it looks like in the situation described in the article you linked, they didn't even use the data for ad targeting: "we never incorporated Cell ID into our network sync system, so that data was immediately discarded, and we updated it to no longer request Cell ID".)

reply

[–] max76 link

The difference exists only to the point that Google is an ethical owner of the data. I'm concerned that Google is in the business selling products based on a monopoly of consumer data. These products are likely to become more and more invasive as time goes on.. It's possible that a future Google product will become a larger threat to privacy than geolocation because they have a wider variety of data collected.

In summary, today's Google handles geolocation much better than telecom companies, but the mass of personal data Google collects makes their potential future activity concerning.

reply

[–] notatoad link

A bounty hunter can't call up Google and get access to my location. If i were on T-Mobile or Sprint, they could[1]. This is not a theoretical difference.

Being concerned about how Google could potentially in the future abuse all the data they've collected is a completely valid concern, but they're in no way a larger threat than the companies currently actively exploiting that data.

https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-b...

reply

[–] mgleason_3 link

Right? And why is everyone talking about how bad Google is when AT&T, Verizon, T-Mobile, and Sprint are selling our freaking location?!? It's nuts!

If it's easier to become a bounty hunter than a barber in Idaho, then almost anyone can track someones location without their knowledge. Odds are the data's being made available in other ways we're not even aware of. And think about the impact on battered wives, someone on the wrong side of a vendetta, hell even road rage. The possibilities are staggering.

https://www.forbes.com/sites/instituteforjustice/2016/09/09/...

reply

[–] beavisthegenius link

Verizon stopped.

reply

[–] dna_polymerase link

The only ethical owner of my data is myself. Whatever Google says now is worthless the second growth stalls and shareholders want to see more.

reply

[–] jankeymeulen link

Given the majority of the voting rights is still with the founders, they may have a bit less shortsighted outlook.

reply

[–] max76 link

While this is currently true, there is no guarantee this will remain true in the future. What happens when a founder dies?

reply

[–] dna_polymerase link

I have no idea where this inherent trust in people comes from. Google has shown again and again that they are just like any other company in this system.

reply

[–] undefined link
[deleted]

reply

[–] skywhopper link

"just" for ad targeting is a big hole in this caveat.

reply

[–] jcfrei link

That's pretty much a straw man argument. Any company in the ad business will exploit collected data to the extent possible by law. Whether that data resides solely with one company or with many won't change that. The fundamental question we should be asking ourselves is what a company is allowed to do with our personal data.

reply

[–] thefounder link

As far as the advertising is concerned Google is no different(and so FB etc). Anyone with few bucks will know your location or better said will target you with ads. With Google they won't target only by location because as you said Google makes the OS so it knows pretty much everything about you.

reply

[–] guelo link

That's just not true. There's a reason the bounty hunters don't use Google Ads to locate individuals but they do use AT&T.

reply

[–] kaybe link

Well, they're going to use whatever is easiest. I don't think this is a strong argument.

reply

[–] vkou link

Please show me where I can buy thefounder's location data from Google. Which service is that, and how much do I need to pay? I can't find it at https://www.google.com/about/products/

> better said will target you with ads.

The difference between selling location data, and selling ad targeting, is the difference between actively stalking someone, and sending unsolicited spam to "Current resident" at "Every address in a city block".

What harm can I inflict to you, via targeted ads? Some. You can think of some creative ways to do so, but it's not a very effective way to inflict harm.

What harm can I inflict to you, via buying your location data? A hell of a lot.

If you don't trust Google to be a good steward of your data, that's one thing. But let's not conflate selling your data, with selling the ability to mass-advertise to a demographic that includes you.

reply

[–] lancesells link

> What harm can I inflict to you, via targeted ads? Some. You can think of some creative ways to do so, but it's not a very effective way to inflict harm.

Do you see how people have weaponized social media through data? Google ads might not have been used in a nefarious way just yet but that's likely because it hasn't been thought of.

reply

[–] vkou link

With ratings, on a scale of one to ten, how would you compare the individual harm of someone showing you a demographic-targeted ad[1], to someone having the real-time location data sufficient to start physically stalking you?

What about someone showing you an untargeted ad? Where would that fit in?

[1] Or, if you prefer, a remarketing ad, instead. I have very little patience for those.

reply

[–] taneq link

The harm to me isn't the harm of someone showing me a demographic-targeted ad, the harm is someone showing everyone demographic-targeted ads designed to manipulate public opinion.

Remember how everyone got very hot and bothered about precisely this thing happening in a recent U.S. election?

reply

[–] vkou link

Why are cookie-based demographic-targeting ads that manipulate public opinion bad, while demographic-targeting ads on television, in magazines, etc, are fine? Is it because more targeted ad spend is more efficient?

If your problem is that advertising is used to manipulate public opinion - consider - why do we even allow political campaigns and paid speech? Its only purpose is to manipulate public opinion, and to trick stupid voters into voting for bad people.

I'm afraid your position is not entirely ideologically consistent with how we determine what kind of political speech is allowed, and is not allowed.

reply

[–] thefounder link

Unless you are on the run the location data is not really that valuable. I could physically stalk you after all without buying the data from telecom companies. With Facebook the advertising can be quite precise. I remeber I read somewhere that you could actually target specific persons.

reply

[–] pjc50 link

> selling the ability to mass-advertise to a demographic that includes you.

A while ago there were some fun articles about "how to prank your roommate by creating an audience of 1 and running creepily personalised adverts". What's the smallest demographic you can define on google?

reply

[–] vkou link

I don't know - which is why I leave the caveat that some creative forms of harm with targeted advertising may be possible.

reply

[–] stdgy link

I don't think that's the case at all.

As far as I know, advertisers never receive personal information from Google. Google hordes the personal information and shows advertisements (provided by the advertisers) to their users, using their personal information.

It would be rather contrary to their interests if they were to send their user's data to other parties. They'd lose their commercial leverage and their ad network would become less valuable.

reply

[–] warent link

Yeah, I was going to say... Of course Google made this demand. It's a no-brainer. Not only does it help ensure their competitors aren't profiting from the same data that Google does, but also its a beautiful PR stunt.

Not to say that they shouldn't be making this demand, but we should all keep in mind that they're not doing this out of the kindness of their hearts or because it's the ethical thing to do.

reply

[–] rhacker link

I much much much rather have the companies with a public image to uphold be the keepers of this data. There are soooo many scuzzy people out there. Beyond that, the US is highly due for both public records laws that make sense in the internet age, as well as digital data as a product, needs to have similar laws put in place.

To be honest, there really shouldn't be websites out there that know you and your family members and your phone numbers. This stuff should be under lock and key and require special PI licences to get access.

reply

[–] Johnny555 link

also its a beautiful PR stunt.

It's only a PR stunt if they publicized it -- it's not a stunt if they did it without making it public.

It's a PR win for sure, but that doesn't make it a PR stunt.

reply

[–] warent link

That's fair, I couldn't think of the term "PR Win" and chose the next closest thing to communicate what I wanted, but knew it was slightly off. Thanks for the correction

reply

[–] mtgx link

It's actually not so different from seeing Verizon lately "fight for user privacy" by lobbying for bills that would regulate "edge providers"-only, as opposed to lobbying for more general GDPR-style privacy bills that would also affect them. They actually did the opposite previously and fought to get the new FTC chairman to kill the broadband privacy rules "so that they can be on equal footing with Google/Facebook" (right before asking for regulation against Google/Facebook later on).

They're all just trying to take their competitors down a few notches. You can't take any company that wants to profit from advertising and data sharing/selling seriously in regards to "fighting for privacy".

Google was recently found to be illegally tracking Android users' location, once by "mistake" and the second time they were ignoring their location tracking opt-outs. I don't even remember their reasoning for the second one - but who cares, it was a lie anyway.

reply

[–] TACIXAT link

I think there is a difference between allowing ads to target an area and selling someone's real time location. I'm against the collection of data generally because that data can always end up in court, but Google has never given people access to my real time location.

reply

[–] drak0n1c link

Google's own location timeline also can be used in court, and is updated in near real-time.[1]

Practically speaking, I would think that Google's data is even more susceptible to be found in court and used in that manner than data held and passed on by smaller, relatively unknown apps that lawyers may not even know are installed on locked phones.

You have a good point about there being a larger surface area and more weak points when more than one entity handles data, but I'd also be wary of heavy-handed regulations along that dividing line. I don't think we need to give Google monopoly rights to another big chunk of the ad industry. If a user might prefer an entity other than Google handle certain pieces of their data (maybe they strike a more transparent and rewarding deal than Google), they should have that choice.

[1] https://theintercept.com/2015/11/06/how-law-enforcement-can-...

reply

[–] mschuster91 link

> but Google has never given people access to my real time location.

As long as your Google account remains secured and no one manages to sneak a 2nd Google Account on your phone, that is. Find My Phone is a real time tracker that can be abused e.g. by spouses or stalkers. IIRC only triggering the "audible ring" leaves a trace on the phone (a notification + the obvious sound), to check if someone used FMP for tracking one has to dive deep into the Google Activity Logs.

Only way to protect yourself is, of course, to disable GPS on the phone - but what if you want to use Maps or another navigation at the same time?

reply

[–] 124816 link

> IIRC only triggering the "audible ring" leaves a trace on the phone (a notification + the obvious sound), to check if someone used FMP for tracking one has to dive deep into the Google Activity Logs.

Not true, a notification is shown whenever the device is located.

Though if someone can "sneak a 2nd Google Account" onto your phone they can probably install something more nefarious and less observable.

reply

[–] sbov link

Yeah, if someone hacks my phone/account, then they will have access to my location. If that happens them having my location ranks pretty low on my list of concerns.

The recommendation that you could disable GPS is pointless because if they could sneak a 2nd account on it they can also re-enable GPS.

Cell phone companies have your location regardless of whether or not GPS is enabled. You don't even need a smart phone.

reply

[–] StillBored link

We are talking the cell providers here, disabling GPS only slows down the initial positioning as LTE has a number of alternative ways to determine your location. That is required in places like the US were its mandated by law (E911 IIRC) that the providers are capable of providing your location to government services in real time (like 911).

So, the fact that the providers are keeping tabs on you and storing all that metadata for some government agency (cause you might be dangerous!), just means that they have discovered a way to recoup some of the investment costs. Thank your government, because the phone companies likely wouldn't have been this creative by themselves.

reply

[–] undefined link
[deleted]

reply

[–] undefined link
[deleted]

reply

[–] andybak link

Well, kinda but there's some definite shades of gray here.

EDIT - for example I'm not sure the original "Bounty hunters" use case would be facilitated by Google's targeted ads. There's a big gap between "I might be able to target ads at people in a narrow geographical area" and "I can find our where someone lives"

reply

[–] pwg link

Unfortunately, the data underlying both use cases is the same.

In order to target adds "at people in a narrow geographical area" I need to know when those people are in that "narrow geographical area". I.e., I need to know their location to an accuracy good enough to say they are in that "narrow geographical area" (or in this case, their phones location, which is a good proxy for their location).

Once I can know "the phones location" to a level of accuracy to make "narrow geographical area" targeted ads profitable, all I have to do is average several overnight readings of 'location' together to get a very good estimate of "where someone lives".

reply

[–] ariwilson link

I don't understand what you're trying to say. If you already know where someone is, what's the point of using targeted ads to try to locate them?

The point of OP is that I can't use targeted ads to answer the question "Person X: where are they?".

reply

[–] pwg link

I'm saying that the underlying data is the same for both, so allowing one (targeted ads based on location) provides the data necessary for "locate where someone lives/works/hangs out/etc.".

With the result that you have to believe that the "targeted ads" provider is both secure and ethical.

reply

[–] andybak link

> With the result that you have to believe that the "targeted ads" provider is both secure and ethical.

"Secure enough" and "ethical enough". Plenty of organisations know stuff about me that I'd prefer not to be public or sold to the highest bidder. They might leak it to the government or one day be the target of a megahack - but I file that under either "meh" or under "acceptable risk".

But luckily

reply

[–] dawnerd link

I trust Google a lot more than I trust all of these telcos. I think the big difference is while Google does have pretty much all my info, I know they do and roughly what they do with it. Flip side, I know the cell providers have some of my info but I've no idea what happens to it once it's sold.

reply

[–] mav3rick link

When they don't protest you will say Google sucks. When they do protest you say Google sucks. Bravo.

reply

[–] rightbyte link

Is there a contradiction?

reply

[–] mden link

While I understand the sentiment of this comment, isn't it still a good thing to reduce the number of companies with this data? As the companies that track your location goes down, it becomes easier to argue against the other ones doing it. Plus in the very least less places that could leak the data, so it would still be some form of progress.

reply

[–] x220 link

>isn't it still a good thing to reduce the number of companies with this data?

Maybe you want multiple companies competing in the same realm rather than Google handling most of the private data and becoming incredibly powerful. Maybe you want to unmask Google's motives so as to not play into their PR strategy.

reply

[–] danso link

When the product involves selling my data to anyone, including bounty hunters, how does having multiple competitors benefit me? Unless I’m the one buying data on someone else?

reply

[–] mden link

The first point sounds like a defeatist mentality (of course assuming we share the ideal of our location data not being sold and if possible even stored) - at what point would we be able to push companies away from using location data if we are afraid it will make the others more powerful?

Sure "unmask" their motives, but it's also worth considering if their actions are a net good or not.

reply

[–] specialp link

Google is not only worried about the competition, they are more likely more concerned with potential legislation. There is now bipartisan support for legislation to stop this practice. It could soon be next that there is regulation not allowing sale of this info or advertising based on it.

Consumers don't expect to be GPS tracked everywhere and have companies profit on that data. Granting location permission to us here means that because we know, but most people would consider giving weather.com access to your location just helpful to get your forecast. Even if it is nestled in the privacy policy. What is next? You download a camera app and then every photo is sent to someone who turns AI on it to learn about you? (could already be happening) Oh but it was in the privacy policy that we may share data with third parties.

reply

[–] saalweachter link

I would also like to point out that corporations are made of people, many people, with diverse opinions, beliefs and motivations, and that corporate actions frequently arise from multiple decision-makers within a company.

So we could come up with a hundred explanations for why Google took this action in this thread, some cynical, some conspiratorial, some altruistic and idealistic. And frankly, half of them would probably be sort-of correct, in that one or more of the decision-makers and their advisers might have considered that point or used it as a basis of their decision.

Occasionally you can state cleanly, "Company X did Y because Z", but it's usually more complicated than that. And when it is a case of "Company X did Y because A, B and C and despite I, J, K", you rarely have the information to reason out all of the variables that went into a decision, unless the matter is of such historical importance that you get the 27 books written after the fact based on years of investigation and interviews.

reply

[–] ariwilson link

Your comment doesn't make any sense. Wireless carriers will always have access to location (based on cell towers) and don't have successful advertising businesses.

reply

[–] rapind link

Verizon own Yahoo and AOL (Verizon Media). AT&T owns Warner Media.

In Canada our two major wireless providers (oligarch) own most of the content providers as well.

These giants are most definitely involved in advertising at some level.

reply

[–] inequalitysir link

It's nothing.

In India Google operates one of the largest Fiber Backed project called Railwire. It's a GOI enterprise, but we can say that officals are effectively bribed to participate in data harvesting schemes and enriching a few officials and one big American company.

Google offers this company internet technology expertise in return of harvesting data from railway stations, Users of the ISP called Railwire.

Basically, they set your DNS to Google's DNS and Google captures what websites are popular in these specific regions.

You can change your DNS obviously but 90% users don't bother and it doesn't save you from deep packet inspection.

Google also harvests non Https websites and run deep packet inspection of the traffic.

Why would it provide its tech expertise for free?

reply

[–] mav3rick link

No sources. Just your bias and fantasy stories.

reply

[–] chomp link

Yep I was just going to say this. Google already sells your location data to advertisers, they are not the hero in this story.

reply

[–] cokernel_hacker link

Citation needed.

Google makes it pretty clear that they do not sell any personal information to advertisers: https://safety.google/privacy/ads-and-data/

reply

[–] taeric link

The catch here, in many ways, is Google owns the advertiser marketplace. Literally, if you want to sell ads on common android settings based on a user's location, you have to do it with Google's data.

So, in many ways they don't sell a person's data to advertisers, per se. However, they do control access to people located in a given area. Not sure there is much of a meaningful difference, for most people.

reply

[–] specialp link

Yes which is also in their interest because once personal information is sold someone else can use it without going through Google. And they benefit by having more personal information than anyone else. Instead they sell access to advertising on very personal information to you via them as a proxy. I don't see that being that much better and it is almost impossible to avoid. Which is why Google is worried if the government starts cracking down further on this it will hit them too. I don't want Google selling any information about my location or carriers as well directly or indirectly

reply

[–] JumpCrisscross link

> Google makes it pretty clear that they do not sell any personal information to advertisers

Facebook’s used that like, too.

reply

[–] yaacov link

Facebook also doesn't sell personal information to advertisers. Both Facebook and Google let advertisers target ads based on location and other personal info, which is not the same thing as actually providing that information to third parties.

reply

[–] asdfasgasdgasdg link

I suspect JumpCrisscross is referring to the data leak scandals via the API that have been in the news in the last year. Of course, this was also not Facebook selling information. Rather, it was Facebook allowing users to share information about their friends automatically and without the friends' consent via the API. Not great, but not selling user information either.

reply

[–] rightbyte link

But they do. They let them target ads based on your location. It's the same thing as selling personal data. If someone clicks a location targeted ad the advertiser know the persons location.

https://support.google.com/google-ads/answer/1722043?hl=en

"Google Ads location targeting allows your ads to appear in the geographic locations that you choose: countries, areas within a country, a radius around a location, or location groups, which can include places of interest, your business locations, or tiered demographics.

Location targeting helps you focus your advertising on the areas where you'll find the right customers, and restrict it in areas where you won't. This specific type of targeting could help increase your return on investment (ROI) as a result."

In a sense Google is spyware and adware at the same time. It shame these two terms are used less now then they used too, since they lost their meaning when so many apps and your Android phone itself is one.

reply

[–] wlesieutre link

Letting someone target you with their ad based on your location is not the same thing as from telling them where you are

reply

[–] ams6110 link

Or telling them who you are. Google knows, but AFAIK they don't pass that along to the advertiser.

reply

[–] SketchySeaBeast link

And that's important. I'd rather just Google (which isn't great) have that information than literally anyone willing to pay $0.50 for it (which is infinitely worse).

reply

[–] Spooky23 link

How do I use Google Ads to send a tow truck driver to repossess a car when the debtor gets home?

That’s what the phone carrier is doing.

They monetize location, but from my perspective they do so in a way that’s more respectful of the person, because it’s in their interest to do so.

The carriers just sell data points and lack the ability or desire to add value to them.

reply

[–] asdfasgasdgasdg link

You're not going to be able to uniquely target someone in a radius, since the minimum is 1km (and I guess Google would artificially widen the radius to prevent uniquely identifying people in sparsely populated areas). You've also got to entice them to click, and that's notoriously difficult.I mean it might work occasionally but it's never going to be the shortest path to surveiling an individual. I would guess that ~nobody is successfully using ads to determine individual people's locations.

https://www.en.advertisercommunity.com/t5/Advanced-Features/...

Disclosure: I work at big G, not on ads.

reply

[–] rightbyte link

Yes. I'm not saying it is as bad as selling the information verbatim to banksters to collect someone's debt.

However, it's still selling personal information to adbuyers. And, I don't think you can say "nobody is successfully using ads to determine ad clickers general location with a X mile radius".

This surveillance thing is getting out of hand and Google is annoyed that shady corporations tries to get ground which might bring new laws.

reply

[–] skybrian link

There is location leakage but it's clearly not the same because:

- they don't get your location if you don't click on the ad. Since people don't click on ads very often, only rarely does an advertisers get a person's location, and without a name attached.

- Mobile phone companies were letting people query a user's location based on their real name. How would you do that with advertising?

We need to move beyond one-bit thinking. Location-revealing services aren't all the same.

reply

[–] bduerst link

Website owners already have your general location based on IP - they're not getting 'leaked' any information from location-based ad targeting that isn't already available to them when you visit the site.

reply

[–] rightbyte link

Geo ip doesn't have that accuracy, right? Google use GPS.

https://support.google.com/google-ads/answer/2453995?hl=en "Device location: Depending on a user's location settings, we may be able to use a precise location for advertising, based on one of these sources of location data:

GPS: Accuracy varies depending on GPS signal and connection. Wi-Fi: Accuracy should be similar to the access range of a typical Wi-Fi router. Bluetooth: If Bluetooth and/or Bluetooth scanning are enabled on a device, a publicly broadcast Bluetooth signal can provide an accurate indication of location Google's cell ID (cell tower) location database: Used in the absence of Wi-Fi or GPS. Accuracy is dependent on how many cell towers are located within an area and available data, and some devices don't support cell ID location."

reply

[–] bduerst link

Google doesn't share device GPS. Ad location targeting is at the country, state, and city level, or in increments as small as 3 sq. km.

Geo IP data is accurate ~85% at the city level and ~99% at the state level, meaning they're approximately the same.

reply

[–] Symmetry link

A bill board also lets advertisers target me by location.

reply

[–] ThrustVectoring link

They don't sell your location data, they sell targeting options for specific geographic locations. These are quite different. I'm okay with seeing an ad targeted at anyone within walking distance of a cafe. I'm not okay with my personal location getting sold to whoever thinks they have a valuable enough use for it.

reply

[–] greglindahl link

Location information leaks from ad targeting. Maybe that doesn't bother you, but it might bother other people.

One way it leaks is that an advertiser generally knows what ad campaign a user clicked on. So if that ad campaign was only sent to a particular location, you know where the user was when they clicked on the ad.

reply

[–] bduerst link

Knowing the city that someone clicked your ad in because you targeted the ad in that city isn't 'leaking' location data.

These advertiser websites know your city already by the act of you visiting their website.

reply

[–] rightbyte link

It's not city accuracy. It's 1000 m nominal. If you could target a peak or small island and get better effective accuracy, I would not be surprised.

"You can choose one of the default radius settings or set a custom radius from a minimum of 1 km to a maximum of 1,000 km."

https://support.google.com/richmedia/answer/7279179?hl=en&re...

reply

[–] bduerst link

Ad location targeting at best is in a 3 sq. km area, not 1 km. For an average city in the U.S. (like St. Louis) that's an aggregate density of 6,000 people.

Knowing that someone in 6,000 people in an area clicked on your coffee ad is not leaking GPS data. Which is probably why bounty hunters are buying the data directly from cell carriers and not running targeted Google ads.

reply

[–] greglindahl link

It's a leak of location information, which is what this sub-thread is about. The location information was only inside of Google, and now the advertiser has it.

It's also not "one in 6,000 people" if it's someone who signs up for some service via the ad. That particular someone might not realize that the service knows their location.

reply

[–] bduerst link

And that's the same deal with Geo IP, which this sub thread is about.

The point in 1:6,000 is that whether it's ad targeting or just regular internet traffic, there isnt enough specificity to "leak" data about the person.

You can split hairs over, "Well what of they join that 1:6000 with other PII" and it's the same with Geo IP. The user gives up that data but it's not different than just visit the page normally.

reply

[–] ThrustVectoring link

Website owners already know your rough geographic location via IP address. If it's that big of a concern for you, you should route 100% of your traffic through a VPN.

reply

[–] greglindahl link

GeoIP is not that accurate in many situations, and note that a VPN does not protect you against this kind of targeted ad location leak.

I'm confused by your reference to me and my concerns. This isn't a discussion about me; I was making a point about leakage of location information.

reply

[–] ThrustVectoring link

I was using the generic you throughout - https://en.wikipedia.org/wiki/Generic_you

reply

[–] undefined link
[deleted]

reply

[–] criddell link

Google uses that information to serve ads but they don't sell the location data to advertisers.

reply

[–] jonny_eh link

Do you have evidence of this?

reply

[–] undefined link
[deleted]

reply

[–] Despegar link

I mean sure. Google certainly doesn't want wireless carriers to compete with them in advertising, and everyone having access to location data from smartphones just devalues Google's own access.

https://qz.com/1131515/google-collects-android-users-locatio...

reply

[–] jklinger410 link

Google, data point for data point, is one of the best stewards of data potentially in history.

They have more information about you that they choose not to sell than you can even imagine. They literally set the high-bar for PII and other types of tracking data.

The only ones who know nearly as much are Telcos and they have been openly selling and sharing all of your info to governments and shady shell corporations since day 1.

Edit - Forgot that Facebook is catching up to Google on data and they have been a leaky cup since day one as well.

reply

[–] 50656E6973 link

Selling mass location data to the highest bidder is indeed extremely slimy and even a threat to "national security".

But the fact that Google (or any centralized entity) has aggregated so much detailed information on billions of people's personal lives is itself a threat to global/national security.

What happens when that data is hacked/leaked and then sold to the highest bidder (who isn't interested in advertising)? That data could be easily weaponized for a shocking/devastating attack the likes of which we have not seen since the first atomic bomb.

reply

[–] linsomniac link

Are you familiar with the design of the Google systems WRT securing this data? Based on the revelations Snowden was able to do, and a similar level of familiarity with Google's security measures, it sounds like Google even has the NSA beat as far as keeping data secure. In short: Even the people doing OS and hardware level maintenance of the machines in question don't have access to this data.

But I'm on the outside looking in, someone with more hands on can probably provide more details.

reply

[–] 50656E6973 link

>Even the people doing OS and hardware level maintenance of the machines in question don't have access to this data.

Are you implying Google can't access their own data?

100% security is a dangerous myth. No internet connected system is impervious to hackers.

reply

[–] jklinger410 link

I agree. I also think we have no idea what hardware manufacturers do, or what is happening with the main cables that the 5 eyes is tapping into. Or what types of high level subpoenas and so-on have been served to Google, that they have acquiesced.

It really is a ticking time bomb.

reply

[–] linsomniac link

Part of my judgement about them being good stewards of the data is past reports of them encrypting all their in-flight data when they found evidence of NSA tapping of long-haul cables, and their using lawyers to push back on information requests that did not go through due process.

https://arstechnica.com/information-technology/2013/11/googl...

reply

[–] jklinger410 link

I had not seen this article. Thanks for sharing.

reply

[–] wtmt link

> They don't want user backlash...

When it comes to siphoning location data from Android devices, it looks like Google only cares about updating its help pages, and not really about addressing the actual points in such a backlash. There is no evidence on this topic that Google cares about a backlash or PR spend or anything else. All its actions show that Google wants more and more data, and that it wants to be the one that gets all the data.

reply

[–] linsomniac link

So many people are saying "this is just further evidence of Google doing evil".

Unpopular opinion: I feel like this is further evidence of Google being good stewards of user data.

There are many reasons Google may want to protect this data: They don't want user backlash from revelations like this, they don't want to have to be legislated, they don't want the PR spend of having to recover from such reporting. Or it could be that it is a company built of people who find such protection to be important.

reply

[–] penagwin link

One is a massive advertising company that makes the vast majority of it's money on advertising and has a history of invasive privacy issues.

The other one AFAIK doesn't sell user data, has publicly denied to help the FBI (Have other companies done that? If not then they assume complied), and has put in a large amount of effort to protect privacy (It's one of the main arguments of why IOS/OSX is so locked down).

Obviously this doesn't mean apple doesn't do bad things behind the scenes, but based on the information available to us is why people trust them more with privacy then google.

reply

[–] kllrnohj link

> Have other companies done that? If not then they assume complied

Google literally lead the charge on this with their transparency report for government data requests and won huge victories in allowing for the reporting of things like FISA requests.

It's great that Apple has followed Google's lead and also publishes a transparency report, but their own report also clearly shows that they DO comply with government requests: https://www.apple.com/legal/transparency/us.html

And both Google & Apple have comparable percentages of requests honored per their own reports.

Regardless an "assume complied" is an illogical position to take here. Assume a company did work that they didn't have to for one-off requests? That's a safe thing to assume they didn't do. Assume they did nothing, because that's way easier, cheaper, and simpler for them. Which means assume they didn't help anyone, including the FBI.

> large amount of effort to protect privacy (It's one of the main arguments of why IOS/OSX is so locked down).

No. iOS / OSX are locked down to prevent competition. There's no privacy benefit in keeping the user from poking at their own device.

Apple did a lot of work specifically to enable apps to do things like track a user's location in the background. Things that didn't used to be possible, but which Apple put in work to do. The only significant thing they did here on iOS was make it a runtime permission, which other platforms have similarly done. OSX continues to have no real restrictions or enforcement for apps, except to try and prevent you from installing them outside of the app store.

They put more effort into bragging about their privacy than they did in actually improving privacy. Advertising turns out to be extremely effective, as Apple frequently proves.

reply

[–] Spooky23 link

Apple's position is more nuanced than that.

Apple is saying "we do not want to write code to compromise device security", which is different than "not helping the FBI". They are obliged to and do provide access to things like iOS backups, etc.

These companies are neither good nor evil. End of the day, if you care about privacy, cleartext cannot be in the custody of a third party.

reply

[–] wtmt link

That's pretty easy to conclude based on the business models of said companies. Why would anyone want to reach a different conclusion, especially when Google has shown apathy towards location data collection on Android, bypassing Safari's cookie handling to track users, etc.? The writing on the wall is crystal clear.

reply

[–] piyush_soni link

Apple was caught storing iphone users' location history in plain text! What are we talking here?

reply

[–] pdimitar link

Source?

reply

[–] piyush_soni link

Here : The location data was stored unencrypted on the device and most users didn't even know about it ! - http://radar.oreilly.com/2011/04/apple-location-tracking.htm...

reply

[–] wtmt link

That’s from 2011. If you compare issues introduced, remedies and preventive actions by the said conpanies since that time, you’d still find Apple leagues ahead of Google or Facebook (and Is say that Facebook isn’t even in the running).

reply

[–] piyush_soni link

Can you list how many such issues were introduced by Google and where they lacked in the preventive actions?

reply

[–] max76 link

It's simple. Apple doesn't use location data in their products. Google does. Apple specifically avoids these types of products. Google's main revenue stream depends on them.

reply

[–] kodablah link

This is about partnering with carriers that do bad things. One company that partnered with these carriers said "stop that" (granted not with enough eagerness/transparency for me). Another that partners with carriers remains mum.

> Apple specifically avoids these types of products.

No, Apple specifically partners with the companies selling this stuff and don't care at all. They could easily issue a statement saying they disagree with those they shake hands and share money with, but they won't. Google will though.

reply

[–] protomyth link

Because its hard to believe Google is protecting our privacy instead of protecting its own turf. Google does that, Apple doesn't. The interesting case would be if Microsoft still had a horse in the game. Given Windows 10 you might see the same reaction.

reply

[–] ucaetano link

Oh, Apple does when it is required to make money, like in China. They handed over all iCloud data to the government.

Companies are companies, they don't "care" about privacy, or anything at all. Google, Apple, Facebook, they're all in this for the money. And that is fine.

The sooner we realize that, the better.

reply

[–] protomyth link

Every company follows the law of each country they are in unless they are criminals. China is a country that affords no privacy.

reply

[–] ucaetano link

Yes, and faced with the option of making money in China and eliminating any and all user privacy, or not making money in China, Apple chose the former.

reply

[–] protomyth link

Comparing following laws in a country with willingly compromising privacy in a country that does not compel the company to do it is some serious false equivalence.

reply

[–] ucaetano link

No, willingly entering and operating in a country where you know you will have to compromise on privacy is putting profits ahead of privacy.

Take the Google/China situation. If Google entered China and handed over all info on Chinese users to the government, it would be doing exactly the same that Apple does now.

Just like other companies, Apple cares more about profits than privacy, so it will operate in China for the profits, even if it has to infringe on the privacy of every single user there.

reply

[–] dustinmr link

Apple doesn’t do that?

You enjoy using iMessages on your android phone and Linux laptop do you?

Yeah, yeah, it’s different. Except that it’s the same in the areas in which each competes. There’s plenty of examples of Apple freezing out others from a market.

reply

[–] protomyth link

Apple doesn't sell data to third parties, so Apple doesn't do that.

reply

[–] icelancer link

Yeah, they just gave it to China.

reply

[–] noxToken link

Selling user data to a 3rd party company and turning over user data to a local government are two very different things. They both have their own sets of implications. Ideally, you'd wish that a company would never turn your personal data over to either. However, governments and 3rd parties are very much not the same.

reply

[–] piyush_soni link

Wait. Isn't everyone talking about how Apple is "fighting" the goverment / FBI for protecting their users' privacy in the US? But sharing with the Chinese goverment is ok because otherwise they won't be allowed to function there. Am I right? So that means they're not that big on fighting for your privacy is their business suffers because of that. In the US in fact their business is growing because of this little stunt they had with the FBI so they continue it.

reply

[–] piyush_soni link

How people's sentiments change here based on who tries to protect their privacy. If it's Apple, "wow, they are god's own people with purest intentions of protecting users' privacy". When Google does it : "Yeah, because they want to sell it themselves so obviously they don't want any competition".

reply

[–] zachberger link

Note: I'm a Googler but I've used Fi since its inception and log before I was a Googler. These are my thoughts alone.

I have had times where it took 45 minutes to reach Fi support which was very frustrating. And looking on the Google Fi subreddit you're not the only one with the shipping issues. That being said, I've only had outstanding interactions with their support department. I had reoccurring problems with my Nexus 6P and they RMAd it several times, overnight.

I've found their coverage and WiFi calling to be better here in Mountain View than Verizon. It is hard to beat their experience when travelling internationally, you pay the same as you would domestically, and you have access to the high speed networks. The Fi app is beautiful, and doesn't try to sell you anything. I recently checked out the Verizon app and its 90% ads and 10% useful.

reply

[–] juvoni link

Google Fi, is one of the best services I've been on thus far and I've been with 4 other carriers in 10 years.

It's great for domestic and international travel and I don't have to worry (as much) about my number getting ported, so big security win.

reply

[–] skraelingjar link

I've used Fi since getting a Pixel 2 just over a year ago. I haven't had any issues with it and can't comment on the quality of their support. The coverage and service is as you'd expect from Sprint & T-mobile. I've used the built-in VPN feature with no noticeable drop in speed or connection, even when switching from cell to wifi.

reply

[–] chihuahua link

I've ordered 2 phones through Google Fi and both were shipped very quickly. Trade-in of old phone via mail also went perfectly. So far Fi's execution has been great. The phones were cheap (Nexus 5X 32GB for $250, Moto x4 64GB for $300) and the monthly cost is extremely low for someone who doesn't use a lot of data.

reply

[–] sjs382 link

I've been a customer since April 2016 (with a Nexus 5, moto x4 and a Pixel 3 XL) and I've been very happy with Project Fi.

Their service and support have been wonderful, including replacing a device twice (with overnight shipping) free of charge, outside of warranty.

I haven't had a desire to cancel my service, so I can't help you with the cancel button being missing. :)

reply

[–] arebop link

My Pixel 3 was delayed several weeks with no ability to cancel or understand why or get status info. Then it was delivered. So, really crappy fulfillment experience but the phone is great and the data service coverage has been a little better than it was with my old provider.

reply

[–] wvaughan link

I've been on it for a month and have been really happy with the service. That said I brought my own devices and haven't had to deal with the support team at all.

reply

[–] format997 link

Sounds like your phone was so delayed because of a huge black friday promotion they ran that put their pixel stock a month or more behind back orders. My experience with them, outside of this one massive underestimate of how many phones they would sell because of the phenomenal deal that they ran, has been really good. Phones are normally in stock and ship almost immediately. And customer service is very responsive.

reply

[–] format997 link

As a side note, the phone that I snagged during that promotion just barely arrived a week ago. And I ordered it at the end of November. I think you just ran into some unlucky timing, at least in regards to the delays in shipments that you encountered.

reply

[–] atr_gz link

I like it. Support had been fast and helpful, and it's hard to beat for international travel. I've used it in 5 countries with good speeds (although I've mostly been in cities). And as an added bonus it gets around the firewall in China. I've seen people try TMobile here and it's definitely slower than Fi, although it also gets around the firewall.

reply

[–] peu4000 link

I have been using it for a little over 2 years (6p and refurb Pixel XL) and it's been fine. Though I haven't had to contact support...

reply

[–] neolefty link

Even my support calls have gone well. Used it for about 2 years now, me + 3 family members.

reply

[–] vanattab link

Ask HN: Is anyone here happy with Google Fi service? I ordered a Pixel 3 phone directly from Google Fi and signed up for service with Google Fi the end of December. When I ordered the phone it showed up as in stock and estimated I would get my phone by the 4th of January. On the 2nd I got an email saying that the phone shipping was delayed and I would receive an email when it ships. I have heard nothing from google so I called Google Fi support and was told I would get an email from the shipping team letting my know when my phone would ship but that was 2 days ago and have not heard a word from them. I tried following there instructions to cancel the order but when you click the edit order button where they say there is a cancel button none can be found. Anyone else have similar experience? Before I placed my order I was thinking the user experience from Google must be better then T-Mobile or Sprint but I am starting to regret the choice.

reply

[–] annefauvre link

I hate the idea that we're so beholden to one company's ethical compass over another. It's so clear that we're in need for some sort of regulation to great guideposts around what is ok and what is not... sigh... not like the government will ever get its act together on this.

reply

[–] foobiekr link

Revenue as true north?

reply

[–] RHSeeger link

True. Unfortunately, it tends to be pointed towards Evil much of the time.

reply

[–] SquareWheel link

Why, because they show you ads for tracked interests? Something they're quite upfront about, and allow you to opt-out of if you'd like.

Is that so "evil" that it somehow outweighs the hundreds of open-source projects they've released? Or the extremely useful free-services they provide like Maps and Search? The thousands of jobs they've created in our industry? The new protocols they've released for free to the IETF? The security bugs they've helped uncover?

Google does an immense amount of good for society. I don't understand how people can so easily lose sight of that.

reply

[–] RHSeeger link

Actually, I don't have a large problem with them showing ads and trying to know enough about me to do so properly. I'd appreciate it if you didn't attack me over your mistaken ideas regarding my thoughts.

- They release good versions of existing products, let people use it for free or cheap, and then (when all the other companies making said product type give up because they can't compete), they discard the product and leave people without any version of it.

- They forced a horrible social platform on everyone. I don't have a problem with them creating the platform; experimentation and variety are good. I do, however, have a problem with them forcing people to use it in order to use other products they own.

- There's other items in my list of reasons to think Google is out for it's own benefit, and the rest of us can slowly die as long as they make money.

reply

[–] forgottenpass link

Dragonfly.

reply

[–] hcnews link

Dragonfly is a complex topic. The good part about it is that Google is still having a conversation about it and hasn't launched the product once it was publicly known.

Note that I was born in India and have different views than American citizens due to having first hand experience with what information can do to transform lives.

reply

[–] lern_too_spel link

Ended before it even launched. https://theintercept.com/2018/12/17/google-china-censored-se...

Compare to Apple, which actually handed over the iCloud keys of all its Chinese customers to the Chinese government.

We should continue to pressure Google to make fewer mistakes like these, but let's not pretend they're in the same league as truly bad actors like Apple and Facebook when it comes to privacy.

reply

[–] izacus link

Google employees risked their jobs to protest against Dragonfly.

reply

[–] x220 link

people with perhaps the highest demand for their labor than any other professionals risked their cushy jobs to influence their company to not be complicit in the censorship of over a billion people with a regime that has committed genocide? that's superhuman dedication right there, good job Google superheroes

reply

[–] kevinh link

There are other tech companies doing related work in China. Are you saying that the employees of those companies are all complicit with genocidal actions?

reply

[–] x220 link

Assisting a regime (which has committed genocide) with censorship isn't the same as assisting genocide. That should be clear from reading my comment.

reply

[–] skybrian link

Someone risked their job to leak it to the press. The average Google employee joining a protest isn't risking anything since Google has a tradition of internal debate.

reply

[–] undefined link
[deleted]

reply

[–] jonny_eh link

What's your point?

reply

[–] mtgx link

I think it's this case it was more of a case that they didn't stand to make money themselves from T-mobile and Sprint selling that data to others, since it's not something they could control.

reply

[–] hcnews link

Say what you want about Google, its one of the few companies with a moral compass.

reply

[–] microcolonel link

As shrewd and cynical as this move is, it is good. With Google you at least have some options for how much you want them to know about your location (even if they rely on dark patterns still to trick average people into reenabling it)

reply

[–] joobus link

"... as soon as we heard about this practice, we required our network partners to shut it down as soon as possible.” Google did not say when it made this a requirement.

Hey, stop doing that, please?

reply

[–] wtmt link

Pot, meet kettle. This is rich coming from Google, which doesn't respect users' choices in Android not to collect location data and yet the company wants others not to deal in that data from its other services. Perhaps it's just the worry of enabling other companies to make money off of customer information in any way possible, and wanting to be the only company that should be able to make money from this data. As far as the user is concerned, both are privacy violations and an expression of disrespect to them. The bar on privacy is so low that Google seems to be imagining that its behavior is "better than the others".

reply

[–] wpdev_63 link

I guess the attorney general is going to stay silent on this?

reply

[–] kerng link

This seems more of a do not compete attempt.

reply

[–] forgottenpass link

This isn't a win for consumers, it's just the changing boundaries of a turf war.

Just like they made a big stink about getting everyone to HTTPS. It wasn't to reduce 3rd party incidental access to your browsing data. It was to retain their 3rd party incidental access while icing out ISPs.

reply

[–] ucaetano link

> In other words, we had to ask and get a small statement because being open, upfront, honest, etc is not their approach.

You don't seem to understand how the press works. When you write an article about a company (or a public figure), you reach out to them for comment.

reply

[–] kodablah link

Of course I understand. What I'm saying is that comment/information should be available eagerly, by the company, upfront to all of their customers when they found out about this problem without requiring a journalist.

reply

[–] kodablah link

Let's translate PR speak here...

> "We have never sold Fi subscribers' location information,"

In other words "we never directly sold the info, but we never contracted them not to do anything with subscribers' location information". In cases like this, I'd say you are responsible for downstream data use. This isn't some API or hole, this is a large b2b contract and Google should have contractually obligated them to what they could do with their subscribers' data and then sued when they found out it wasn't the case. Why didn't they? Either leverage (Google has to rely on someone), ignorance (doubtful), or apathy (we don't care until the media does). I'm inclined to guess #1 and #3.

> a Google spokesperson told Motherboard in a statement late on Thursday.

In other words, we had to ask and get a small statement because being open, upfront, honest, etc is not their approach.

> "[...] as soon as we heard about this practice, we required our network partners to shut it down as soon as possible [...]"

In other words "we have asked, refuse to say whether they agreed, refuse to say when it will happen, and in general are as opaque as those we are deflecting towards".

Obviously the cell carriers are bad actors. But deflecting instead of accepting responsibility is bad too. Just admit you have no leg to stand on because you require them, or show us where, in writing, they promised to do this and when. Can't do that? Yeah, because you're not in control and/or your shitty business practices are all behind closed doors. And I don't limit this to Google, this goes with anyone partnering with these companies (especially the more traditionally reticent ones). Be open or get hate.

reply