Told You So: Google walks on the dark side once again

1 February, 2012 CloudPowerTechnology

– Jeffrey J. Hardy

I have been sounding the skeptical alarms on Google for years (blog posts).  I have not been alone in this, of course.  But since Google has updated their privacy policy once again with, in my view, new and insidious flavors of digital tyranny it seems a good time to point out a few of their updated consumer data offenses.

What has been largely reported has been the cross-sharing of information between the various Google properties—Gmail, search, YouTube, Google+, etc.  Previously the data collected by each kingdom in the Google Empire was allegedly segregated (I never fully believed that, by the way).  While this is indeed a new and important change with sweeping implications for both privacy and ad relevancy, it has been adequately reported on and so I want to focus on two other aspects of the recent changes—one directly related to the privacy policy and the other related to Google methods and ethics.

Phone Privacy … NOT!

Almost two years ago I was reviewing the licensing and patent revisions for Microsoft Exchange ActiveSync 7 and noticed something significant.  As opposed to the old ActiveSync that was used in PDAs, MS Exchange ActiveSync (EAS) is the best way to date for keeping mobile devices synced with calendars, contacts, notes, tasks, and email with true “Push” technology.  There are a ton of reasons for this and I have written about them in the past.  But the new version 7 allowed something totally new.  Version 7 had methods for not just syncing devices and servers with data for the customer’s benefit and use, it also allowed the parent service to capture information from the mobile device—things like phone number, make and model of the phone, and servicing network.  Hmmmm ….  This was ostensibly for service improvement and reporting.  Hmmmm … again.  The ONLY service that I could find that was using this aspect of EAS was, perhaps not surprisingly, Gmail.

Fast-forward to today

Google’s new privacy policy is likely mis-named.  It is a bit closer to a “lack of privacy” policy.  The few thousand words of text might have easily been replaced with “we will harvest all of the information on you, your contacts, your family, and your friends—basically everyone you interact with—from our apps AND from your devices to use for profit.”  The new policy allows Google to harvest:

Device information – make, model, OS, unique device identifiers, phone number, etc. and to associate these with your Goggle account.

Log information – cookies, browser data, telephone logs (think about that), search queries (not just on Google search), call forwarding numbers and data, day and time for calls inbound and outbound and call durations, various system activity, IP addresses, your hardware settings (think about that), and more.

Location information – Remember the ruckus when some people discovered that their iPhone kept a little database file on their locations?  Remember how awful that was?  Ever use Google maps or Google Earth on your mobile, even once?  The new rules let them now grab it all, including, but not necessarily limited to GPS data, phone sensor data, and WiFi access points.

Local Storage – The new rules let Google store data on the device itself for retrieval later on when it is convenient for Google.

Anonymous identifiers and cookies – If you use a Google service or product—any of them to my reading—these rules let them track across the spectrum.  That’s just the way it is.  And it allows them to “share” this information with “partners.”

Google goes on to talk about openness and options.  But this speaks directly to my second point.  Google, as an organization, practices incrementalism.  Those of us who have been around technology for a while understand that policies and practices change.  They have to.  But in my opinion when Google says “we will never” it means “we do not right now, but as soon as we can we will.”  And when they say “we want you to understand” they mean “we do not want you to know where we are headed.”  In short, without regard to any company slogans or Google-plex group think, they cannot be trusted.

I use some Google services and I largely protect myself.  That’s OK, because I try to stay on top of these things and understand what I am signing on for.  Heck … I read all of these terms of service and privacy policy things (it’s an illness).  But the vast majority of folks do not.  And before you shake your head and dismiss them by saying “caveat emptor” (buyer beware), remember that these people are our less-technical family members and friends.  Google, Facebook, and the like are carving up the data and preferences on all of us and creating an imbalance of information that dramatically shifts the power—social, economic, and political.  We should sit with a little trepidation at the next incremental intrusion that is, in my opinion, undoubtedly on its way.

Tags:  , ,