back to article Permissionless data slurping: Why Google's latest bombshell matters

According to an old Chinese proverb: "When a wise man points at the Moon, an idiot looks at his finger." Google may have been hoping that you were examining a finger, not reading a Quartz story yesterday, which reveals how Android phones send location data to Google without you even knowing it. Google received the data even if …

  1. tiggity Silver badge

    Are we surprised?

    Does anyone have any privacy expectations with a mobile?

    Does anyone have much location privacy expectations in UK with the stupendous amount of CCTV cameras?

    1. Anonymous Coward
      Anonymous Coward

      Re: Are we surprised?

      a couple of points to throw in

      The CCTV cameras aren't joined together and operating to map your path across this Green and Pleasant Land.

      Even if they were joined together the quality on most installed CCTV is barely enough to identify shoplifters directly in front let alone track you as you pass from home to work along the street and back and from one day to next.

      1. Dan 55 Silver badge

        Re: Are we surprised?

        The CCTV cameras aren't joined together and operating to map your path across this Green and Pleasant Land.

        ANPR.

        1. graeme leggett Silver badge

          Re: Are we surprised?

          That's cars not people. The rules, even if you don't like them, are clear. Unlike Google's.

          https://www.police.uk/information-and-advice/automatic-number-plate-recognition/

          And also unlike Google, there is a possible risk-benefit balance to society.

          1. Anonymous Coward
            Anonymous Coward

            Re: Are we surprised?

            "That's cars not people"

            False, cars are irrelevant in this context and the actual surveillance target is the owner of the car.

            Constant and automatic movement tracking of people who happen to own a car. Stasi would be proud of that.

            Cars themselves are irrelevant as this system never can "find" a stolen car. It tracks only owners.

            But of course Police will lie anything to cover that up, so it's irrelevant what they claim.

            " A record for all vehicles passing by a camera is stored," I.e. owners.

            That means that literally everyone is tracked, as a person. Car and the owner are one entity in this context and there's no such thing as 'not guilty' here.

        2. Anonymous Coward
          Anonymous Coward

          Re: Are we surprised?

          ANPR.

          If they're so connected, and so effective, and so monitored to be a threat to us all, why are DVLA having to have an ad campaign to try and frighten road tax dodgers to go and pay their road duty? And why was one of our household cars driven far and wide for twelve months with no MoT, an omission on our part that only came to light when we booked in for the subsequent annual MoT? And why do some people *cough* routinely exceed motorway speed limits on some of the most heavily be-camerad routes without getting their collar felt?

          By their own admission the public sector approach to finding needles in haystacks is simply collecting more hay. In the modern world, the best approach to protecting our privacy would be inciting the public sector to collect even more data - eg lobbying MPs for "the authorities" to have a compulsory real time feed from all commercial security cameras. The resultant zetabytes of data would be absolutely useless, but the civil servants would bathe in the vast, irrelevant pool of binary data, and be unable to find anything in it.

          1. Dan 55 Silver badge

            Re: Are we surprised?

            why are DVLA having to have an ad campaign to try and frighten road tax dodgers to go and pay their road duty?

            As well as the inevitable number of people trying their luck, I think it's more a case of not having the expiry date stare you in the face every time you walk towards your car before getting in.

            I guess the DVLA could do without the extra bureaucracy generated by fines and corrections. They dropped tax discs in their endless search for cuts and probably fired a few people too but I bet the workload generated by people's mistakes has gone up.

          2. Anonymous Coward
            Anonymous Coward

            Re: Are we surprised?

            "why are DVLA having to have an ad campaign to try and frighten road tax dodgers to go and pay their road duty!"

            Well if you're car isn't registered to your address, it's kind of hard to find them after the event.

            The in car ones often do flag up people.

          3. Anonymous Coward
            Anonymous Coward

            Re: Are we surprised?

            "why are DVLA having to have an ad campaign to try and frighten road tax dodgers to go and pay their road duty? And why was one of our household cars driven far and wide for twelve months with no MoT, an omission on our part that only came to light when we booked in for the subsequent annual MoT? "

            Simple: Cameras aren't designed for those purposes at all. They are designed for automated tracking of people: Movement tracking system, surveillance.

            Taxes or speeding are totally irrelevant in that context. Or stolen cars.

      2. Someone Else Silver badge

        @AC -- Re: Are we surprised?

        The CCTV cameras aren't joined together and operating to map your path across this Green and Pleasant Land.

        Upvoted for the Jerusalem reference (well, and for the rest of the post, too...)

        1. Anonymous Coward
          Anonymous Coward

          Re: @AC -- Are we surprised?

          And the answer to Blake is an emphatic "No".

      3. Andre Carneiro

        Re: Are we surprised?

        The CCTV cameras may not be joined in yet. But this is just a matter of technological advance and rest assured it will happen sooner than you or I might wish for, I suspect...

        1. CrazyOldCatMan Silver badge

          Re: Are we surprised?

          rest assured it will happen sooner than you or I might wish for, I suspect

          And, at about the same time, BASILISK STARE will also go live.

          Be afraid, be very afraid..

          1. Mooseman Silver badge

            Re: Are we surprised?

            " BASILISK STARE "

            Beat me to it !

      4. boatsman
        Coat

        CCTV camera's not coupled

        oh. really. just like google was not illegally harvesting our location, I guess.

        wake up.

        the NSA does not build $ 2,5 billion datacenters to play counterstrike.

        neither does the GCHQ nephews.

    2. I ain't Spartacus Gold badge

      Re: Are we surprised?

      tiggity,

      I'm not sure the UK has particularly more CCTV cameras than anywhere else. That famous figure from a few years ago showing we had startling more than anyone else, turned out to be from two researchers counting the cameras in two streets in Paddington. So was basically meaningless.

      Also, though we do have many cameras, most of them are just connected to videos, that get over-written every day - or hard disks that persist a bit longer (depending on storage). So aren't actually much of a threat. Sure they can be pieced together, but still only manually. I remember when that serial killer was on the loose in Ipswich, the police said they'd collected 80,000 hours of video material in a week. For one, small city. So the logistics of that are still too hard.

      Google, on the other hand, are a massive privacy threat right now. As are Facebook. And to a much lesser extent, Microsoft and Apple.

      1. Loyal Commenter Silver badge

        Re: Are we surprised?

        I remember when that serial killer was on the loose in Ipswich, the police said they'd collected 80,000 hours of video material in a week. For one, small city. So the logistics of that are still too hard.

        It is also worth noting that the killer in question (Steve Wright, the 'Suffolk strangler') was caught not because of CCTV evidence, but because his DNA was found on one of the bodies, and was already on file because of a previous crime he had been convicted for. Up until this point, the plod in Ipswich had actually been pursuing and had arrested another man, whose identity had been leaked to the press. Which all goes to show exactly how useless our ubiquitous CCTV is.

        1. Rich 11

          Re: Are we surprised?

          Which all goes to show exactly how useless our ubiquitous CCTV is.

          No, it goes to show exactly how useless our Plod can be.

      2. Tom 38

        Re: Are we surprised?

        I remember when that serial killer was on the loose in Ipswich, the police said they'd collected 80,000 hours of video material in a week. For one, small city town.

        FTFY. City are those uppity northern farmers wearing canary yellow.

        And yes, if you're from Suffolk, people from Norfolk are northerners.

        1. LewisRage

          Re: Are we surprised?

          "northern farmers"

          this from the Tractor Boys?!

      3. Charlie Clark Silver badge

        Re: Are we surprised?

        I'm not sure the UK has particularly more CCTV cameras than anywhere else.

        Compared with other European countries it certainly does. CCTV schemes are always sold as crime prevention schemes because this is popular. They are at best aids to crime solving. But usually they serve as excuses for lower head counts in police forces and invasions of privacy.

    3. yossarianuk

      Re: Are we surprised?

      In Tory Britain they have even pissed out human rights away let alone privacy

      https://www.theguardian.com/politics/blog/live/2017/nov/21/former-brexit-minister-urges-may-to-abandon-talks-with-eu-and-prepare-for-no-deal-politics-live

      If you voted for these shisters you are a moron.

      1. anothercynic Silver badge

        Re: Are we surprised?

        Whaa whaa Tory Britain, whaa whaa. This problem transcends political parties... Labour is as guilty as the Tories.

        1. Steven Burn

          Re: Are we surprised?

          You beat me to it.

      2. Tubz Silver badge

        Re: Are we surprised?

        "If you voted for these shisters you are a moron." that's whole point of a democratic vote, if we get it wrong we can vote them out, I suppose you insist we vote for Comrade Corbyn and his LALA brigade ?

        1. Richocet

          Re: Are we surprised?

          I'm not following UK politics, but “The definition of insanity is doing the same thing over and over again, but expecting different results”. Albert Einstein.

          Haven't the Tories been in power the majority of the last 20 year?

    4. JetSetJim

      Re: Are we surprised?

      In all honesty, I'd assumed Google was doing this anyway and wouldn't be surprised if Apple were doing it too.

      Doubt I'd ever been asked by Google, and I wouldn't be surprised if the "fix" Google might apply is to merely add one more step to the Google account login you do when you power up the phone, possibly with a "no" answer binning you out and nothing works on the phone from then on - i.e. a requirement of having a google account is to allow location tracking by any means.

      1. Doctor Syntax Silver badge

        Re: Are we surprised?

        'possibly with a "no" answer binning you out'

        That will be a big no-no under GDPR.

      2. Mage Silver badge
        Black Helicopters

        Re: "no" answer binning you out and nothing works

        Like Google's Android TV when you unpack a Sony TV. You can't scan for TV stations or set it up without agreeing Google's T&C. Surely illegal in EU?

        My solution is never to connect it to Internet. It would tell Google which BD/DVD, satellite or Terrestrial program watched and all voice commands.

        It's bit tricky now to have a phone.

        1. Anonymous Coward
          Anonymous Coward

          Re: "no" answer binning you out and nothing works

          "Surely illegal in EU?"

          Definitely, in many ways but the first thing is that you have to have all terms&conditions shown to you _before_ you make the purchase.

          That's directly in the directive, there's no way around it.

    5. rtb61

      'ER' Yes Privacy Expectations Here

      My phone has a user removable battery, when I want to be left alone, the phone gets very lonely missing it's battery. I use my mobile phone to contact others, I am pretty choosy about allowing others to contact me or my phone.

      What this article proves is you should abandon Google services because they are a truly evil company seeking to manipulate you via the psychological profile they have created of you. Honestly https://duckduckgo.com/?q=duckduckgo&t=ffsb&ia=web and make Google start to feel some pain. Can't sell you to advertisers if you do not receive their advertisements and Google go blrrrrrrrp a deflating balloon of corporate ego.

      1. Tree
        Mushroom

        Re: 'ER' Yes Privacy Expectations Here

        Gurgle is so evil, you should block scripts from them, Doubleclick, Googletagservicees.com, google-analytics.com, gstatic.com, youtube.com, Googleapis.com. Cut off their revenue. Your pages will load faster and you have fewer dancing, singing monkeys. Probably safer, too.

        Cell phones only need location services when you are lost. All the above will save battery power, too. If your main reason to surf is that you enjoy ads, then ignore this advice. NoScript and Remove This Permanently work wonders with Palemoon or Firefox browsers.

    6. big_D Silver badge

      Re: Are we surprised?

      Living in Germany, where such data collection is illegal, as is the use of CCTV in many situations*, then yes, I expect a modicum of privacy as defined by the law when I am out and about and I am carrying my smartphone.

      If I have turned off location data, then I expect the device not to pass that on.

      * Even in car cameras are quasi illegal. You cannot use them as evidence and you cannot post them on the internet without anonymising the other persons in the film (E.g. blurring faces and registration plates). If you don't, you can be prosecuted.

  2. Jellied Eel Silver badge

    A simple solution

    Just legislate so that all the data collected by Google is also collected from it's executives and board members. Add a nice lil timeline to their bio pages so we can see their browsing history, movements etc etc. They see our data, we see theirs. Seems only fair as that's where their revenues are coming from.

    1. Sir Runcible Spoon

      Re: A simple solution

      Invasive tactics should always be subject to reciprocated activities, but it will never happen.

      If it could be achieved it would provide a valuable check & balance to abuse of power, which is why it will never happen.

      1. DropBear

        Re: A simple solution

        "Invasive tactics should always be subject to reciprocated activities"

        That would be utterly pointless. "Oh, I'm terribly sorry", said the elephant to the mouse with the crushed leg, writhing in agony, "it's ok, you're welcome to step on mine in return". If you want an effective deterrent, you'd need something sized to corporate / government / etc. standards.

        1. Sir Runcible Spoon

          Re: A simple solution

          I think you might have taken that to a literal extreme there DropBear :)

          In your example, if the elephant has crushed the mouse's leg, then the elephant should also have it's leg crushed - but I don't think that's a particularly useful example ;)

          Another example would be: Any MP signing a bill that permits everyone's internet connections to be stored for perusal by 100's of different government departments, then those MP's should have their internet connection records published on a weekly basis, rather than being exempt from having their data collected in the first place.

          1. Jellied Eel Silver badge

            Re: A simple solution

            I think there are some important distinctions. Official data collection results in official secrets. Personal data are classified & improper access governed by the OSA and other penalties, up to or including jail time. With the data collection legislated, access to bulk data are restricted and not for 100's of depts or NGOs to browse during their work or breaks. But there is of course a large element of trust.. And MPs record's should not have been exempted, especially given they're eminently corruptable.

            In the private sector, those rules don't apply other than various attempts at data protection legislation, which are largely toothless. Legislators occasionally attempt to fix that, but then there's a lobby representing data harvestors, aggregators and peddlers that object to attempts to restrict their ability to invade and/or monetise our privacy. And when companies do get caught, the penalties are small. There may be some reputational damage, but that doesn't seem to have affected Uber's valuation.

            Governments should just take a leaf out of their OSA books and offer jail time to execs at companies that abuse or leak personal information. That may just focus exec's minds, and isn't something that can be expensed or covered by a DOI policy.

            Bigger social issue is that companies think it's ok to hoover up & peddle personal information, often without user's informed consent. 'Do no evil' may be a nice mission statement, but history's shown Google's a serial offender when it comes to playing fast and loose with privacy.. So it's more of a guideline, rather than a rule. Don't get caught, and if you do, set your PR team and reputation managers on the case. The execs probably used to read their sister's diaries, so may have a different ethical view regarding people's privacy.

            1. Sir Runcible Spoon

              Re: A simple solution

              Ok, so it might not be hundreds...

              Metropolitan Police Service

              City of London Police

              Police forces maintained under section 2 of the Police Act 1996

              Police Service of Scotland

              Police Service of Northern Ireland

              British Transport Police

              Ministry of Defence Police

              Royal Navy Police

              Royal Military Police

              Royal Air Force Police

              Security Service

              Secret Intelligence Service

              GCHQ

              Ministry of Defence

              Department of Health

              Home Office

              Ministry of Justice

              National Crime Agency

              HM Revenue & Customs

              Department for Transport

              Department for Work and Pensions

              NHS trusts and foundation trusts in England that provide ambulance services

              Common Services Agency for the Scottish Health Service

              Competition and Markets Authority

              Criminal Cases Review Commission

              Department for Communities in Northern Ireland

              Department for the Economy in Northern Ireland

              Department of Justice in Northern Ireland

              Financial Conduct Authority

              Fire and rescue authorities under the Fire and Rescue Services Act 2004

              Food Standards Agency

              Food Standards Scotland

              Gambling Commission

              Gangmasters and Labour Abuse Authority

              Health and Safety Executive

              Independent Police Complaints Commissioner

              Information Commissioner

              NHS Business Services Authority

              Northern Ireland Ambulance Service Health and Social Care Trust

              Northern Ireland Fire and Rescue Service Board

              Northern Ireland Health and Social Care Regional Business Services Organisation

              Office of Communications

              Office of the Police Ombudsman for Northern Ireland

              Police Investigations and Review Commissioner

              Scottish Ambulance Service Board

              Scottish Criminal Cases Review Commission

              Serious Fraud Office

              Welsh Ambulance Services National Health Service Trust

              ..but it's a lot.

              [source: Article]

  3. yossarianuk

    More reason to get a Purism phone

    When they are eventually released...

  4. Dan 55 Silver badge

    You can accuse Oracle of many things but it isn't an ad-slinger and has no interest in becoming one

    That was true until recently...

    Oracle Makes Another Major Data Move, Inking a TV Ad-Targeting Deal With Charter Communications

    Oracle is quietly becoming the most intriguing company in advertising

    1. Andrew Orlowski (Written by Reg staff)

      Re: You can accuse Oracle of many things but it isn't an ad-slinger...

      No, Oracle isn't an ad-slinger. Oracle's bottom line would certainly benefit from a more diverse digital ad market, and this is why they're going after the Google-Facebook duopoly. Going after monopolies successfully usually does improve the market, with more new entrants.

      Oracle's complaint expresses what pretty much everyone in the ad industry says, but won't point out in public, for fear of being (metaphorically) kneecapped.

      1. Dan 55 Silver badge

        Re: You can accuse Oracle of many things but it isn't an ad-slinger...

        Every company they sign a deal with means their data is added to their "Data Cloud". So if a company signs a deal with Oracle to prove that their TV ads work, Oracle joins the dots to people's credit card purchases (they did a deal with Visa last year).

        Did anyone in the US give Oracle permission to slurp their CC usage and cable viewing habits?

        I'm not defending Google, but Oracle certainly isn't going to make things great for the little people.

        1. Andrew Orlowski (Written by Reg staff)

          Re: You can accuse Oracle of many things but it isn't an ad-slinger...

          "I'm not defending Google"

          You very much are, indirectly, by questioning the credentials of someone trying to break up an important monopoly. (Hence: "the idiot points at the finger").

          1. CrazyOldCatMan Silver badge

            Re: You can accuse Oracle of many things but it isn't an ad-slinger...

            You very much are, indirectly, by questioning the credentials of someone trying to break up an important monopoly.

            In your zeal to convict Google of everything, everywhere, you seem to have got a tad mono-focussed on the subject.

            It's possible to hold the two opinions at the same time:

            1) Google is bad

            2) Oracle is also bad and trying to find any vulnerability in Google that they can (and there are plenty to find) because it suits their business objectives.

            So, it's entirely possible to point out that Oracle is not accusing Google out of an overwhelming zeal to preserve the body politic but rather out of the desire to (possibly) deflect observation of their own dirty linen.

            My take? A pox on both their houses. Both deserve more governmental and social oversight. Both deserve having their wings clipped (as do Facebook, Twitter, Microsoft etc etc etc) and some transparency applied to their actions and what they do with data about people.

          2. Dan 55 Silver badge

            Re: You can accuse Oracle of many things but it isn't an ad-slinger...

            ^ This.

            And if I have to be pro every scummy multinational who is trying to muscle in on Google's space by doing exactly the same objectionable things or be accused of being an idiot, I'm happy to be accused of being an idiot.

  5. yoganmahew

    What else?

    The unknown slurp is the bothersome one...

  6. Anonymous Coward
    Anonymous Coward

    Google is Evil

    Just accept that and get on with your life (such as it is).

    Limit your use of them, their services and software. I know that this is a little difficult with all the Android fans who post here.

    Google is also like a Bully. They won't stop until they have ground you down into the ground, you are bankrupy, penniless, homeless and completely destitute. Then you won't be a target for their advertisers any longer.

    1. CrazyOldCatMan Silver badge

      Re: Google is Evil

      They won't stop until they have ground you down into the ground, you are bankrupy, penniless, homeless and completely destitute. Then you won't be a target for their advertisers any longer.

      Does not compute. Google don't want you penniless - they want you to carry on spending so that advertising and marketing companies carry on buying adverts and data from Google.

      Google exists to make money. End of story. Like most large corporates, morals are discarded the moment that they interfere with the holy process of making money.

  7. Triumphantape

    Faraday bag

    Keep a Faraday bag on you or in your car, of course this solution doesn't work for those constantly looking at their phones.

    1. Anonymous Coward
      Anonymous Coward

      Re: Faraday bag

      An electrician in WA (Western Australia) was sacked for doing that and skiving off to play golf. He tried to sue for unfair dismissal, but the tribunal thought that since he had deliberately crippled the GPS to play gold during work time, his employer was right to be annoyed.

  8. Zippy's Sausage Factory
    Unhappy

    Repercussions?

    Anyone willing to bet that anything more meaningful happens than a token slap on the wrist?

    Nope, me neither.

  9. dnj

    Alternative ROMS?

    Presumably this stuff isn't in the ROM but in the Google Apps packages?

    So if you have Cyanogenmod or LineageOS then they don't have your location data, unless you also install Gapps (because you want Google Play etc) and then they would?

    1. sloshnmosh

      Re: Alternative ROMS?

      I did find a small link to the Google Play Store in Lineage OS.

      But I promptly removed it:

      mount -o rw,remount,rw /system

      rm /etc/init/racoon.rc

      1. Anonymous Coward
        Anonymous Coward

        Re: Alternative ROMS?

        racoon.rc

        service racoon /system/bin/racoon

        class main

        socket racoon steam 600 system system

        # IKE uses UDP port 500. Racoon will setuid to vpn after binding the port.

        group vpn net_admin inet

        disabled

        oneshot

        Where? I don't see it.

  10. Anonymous Coward
    Anonymous Coward

    Are we even bothered?

    Most of the people I see plying with their phones down the pub don’t even know what location services is or leave it enable deliberately to ‘improve the user experience’.

    The fact that even more data is gathered should not be a surprise whichever phone manufacturer or indeed the government is doing it.

    The extent to which such data can be used for malign purposes is a small worry, but again your data is in the middle of a bleeding huge haystack.

    I think it is spooky and a bit amazing when well targeted advertising (for example) is served up, but would I rather receive irrelevant ads?

    Finally I hate to use the old innocent have nothing to fear trope; but I secretly long for the day I am falsely accused of some nefarious activity and nearly tell them to follow my digital breadcrumbs, and use that to eliminate me from enquiries ;-)

    1. DropBear
      Facepalm

      Re: Are we even bothered?

      Don't. I'm sure you remember the xkcd strip regarding encryption and security - the crypto nerd dreaming about unbreakable secrets while his captors are readying the $5 heavy "decryption" wrench. Trust that the only thing one needs to be found innocent by the system is actually being innocent is equally misplaced - once you're in the grinder, your proximity to the whirring blades is the only thing that matters, and what you actually did or did not do will not save you.

    2. Anonymous Coward
      Anonymous Coward

      Re: Are we even bothered?

      "I secretly long for the day I am falsely accused of some nefarious activity and nearly tell them to follow my digital breadcrumbs, and use that to eliminate me from enquiries ;-)"

      A cynic might suggest that "they" would only present evidence from your digital breadcrumbs which confirms "their" case against you.

      1. Anonymous Coward
        Anonymous Coward

        Re: Are we even bothered?

        Yes, because exactly that happens.

        We already have a number of court cases where Police knowingly destroyed evidence or refused to give it to defending attorney claiming 'it would weaken their case'. After the attorney accidentally found they had more information he had been given. Even that was a secret.

        Illegal of course but lo and behold: No-one was convicted, ever.

        Anyone who believes surveillance data can prove them innocent, is a naive person: That is not going to happen: It only can prove you guilty, just like any other evidence.

        If pieces don't fit, throw them away until the remaining pieces fit. That's the modus operandi of Police.

      2. Richocet

        Re: Are we even bothered?

        Of course they will look through the data cherry picking information.

        Every person has confirmation bias, so they will be looking for data which supports their position. Hopefully you have a defense lawyer looking through the data for information that exonerates you.

        Because there is nobody whose job it is to look through all the data and form an impartial opinion about what they find.

    3. bitmap animal

      Re: Are we even bothered?

      > Most of the people I see plying with their phones down the pub don’t even know what location services is or leave it enable deliberately to ‘improve the user experience’.

      Most people want the phone to help them, they use it to communicate with various and broad circles of people, to find places to drink, to navigate there, to call taxis, to watch and wait to see the taxi arrive etc etc. To fully utilise these features the phone does need to know a lot about you and where you are. People love the convenience, and they are great tools which are becoming entwined in a lot of peoples daily lives. They don't want to know how it works, only that it does work.

  11. John Smith 19 Gold badge
    Gimp

    Not all data fetishists are government employees

    <gollum>

    We wants it

    We needs it

    We must have all your location data, all the time, forever.

    </gollum>

    When I put it that way does it not sound just a bit creepy to you?

    1. veti Silver badge

      Re: Not all data fetishists are government employees

      Sure, but you could do the same with "freedom, motherhood and apple pie", so that doesn't really add much to our understanding.

  12. Mark 85

    If Google was a person, it would have had a restraining order for stalking slapped on it by now.

    I would think that, here in the US at least, companies are considered persons for tax and legal reasons. Perhaps some lawyer could file a restraining order. It might just work and if it did or didn't, it would be interesting to watch*.

    *Popcorn would be optional.

  13. Sureo

    The EU may prosecute Google for this but elsewhere they'll probably get a medal for Creative Capitalism.

  14. Anonymous Coward
    Anonymous Coward

    Ah, the irony..

    .. of announcing this on a site with 13 trackers (according to Ghostery) on the page, but hey, let that one slide for the moment.

    I think this one is easily summarised: WTF? Google knows damn well we have privacy laws, so the "oops" excuse won't fly this time. It shouldn't even have flown with the Streetview Wifi collection scandal, but that time they got away with it.

    Now they should not, because there really is no excuse.

    1. Anonymous Coward
      Anonymous Coward

      Re: Ah, the irony..

      Ghostery is only picking 3 trackers, but I am using uBlock, so maybe the rest are ads?

      The only 3 trackers I have showing are Datapoint Media, Google Publisher Tags and Google Analytics...

      But why is El Reg feeding our browsing data to Google? Analytics can be provided by many people, is it the cost benefits that drive El Reg to the arms of Google?

      1. Anonymous Coward
        Anonymous Coward

        Re: Ah, the irony..

        But why is El Reg feeding our browsing data to Google? Analytics can be provided by many people, is it the cost benefits that drive El Reg to the arms of Google?

        No, El Reg has - like many other companies - not yet realised that paying attention to privacy is not always just a cost centre. If they would rent a host in another country for email they would save themselves at least 50% of what they spend now, and using Piwik(.org) instead of Google Analytics would sort out most of the privacy problems with the website too.

        The problem is that El Reg is strongly dependent on Google for its advertising. Ironically, if they were going to display their own ads for companies they'd get (a) more of the revenue (b) few blocks from the likes of me because of security and (c ) a world premier to show advertising returning to where it should be and how it could make money. As long as companies are in that lock, they will continue to be as beholden to Google as they once were to Microsoft (and some still are - try posting a negative comment on Microsoft and see how many -probably paid- trolls come out of the woodword, the Russian government is quite late with its use of online trolls).

        1. Anonymous Coward
          Anonymous Coward

          Re: Ah, the irony..

          The funny thing is, if websites returned to manual advertising, controlling their own adverts :

          A: Ads wouldn't be blocked by ad blockers, as they only stop syndicated adverts.

          B: Google and Facebook would lose their ad monopoly.

          Sure it would be hard at first, but once one or two big sites successfully break away from those two, the rest would inevitably follow.

          And the world would be a much better place...

  15. wsm

    Daniel Webster

    There is an old joke about Daniel Webster being caught by his wife in a compromising situation with the maid. She said, "Daniel Webster I am surprised at you!" He said, "Dear, I am surprised, you are amazed."

    At this point, I doubt many of us are either surprised or amazed. But we should be concerned.

  16. Anonymous Coward
    Anonymous Coward

    Np doubt the UK's chocolate teapot regulators

    Have it all in hand and are preparing for a good wrist slapping session.

    Nothing to see here, move along...

    1. rmason

      Re: Np doubt the UK's chocolate teapot regulators

      We will fine you..

      *doctor evil finger pose*

      ONE THOUSAND DOLLARS.

  17. Anonymous Coward
    Anonymous Coward

    Google is the retail arm of the NSA

    That is all

    1. deadlockvictim

      Re: Google is the retail arm of the NSA

      I wonder about the relationship between the two.

      If Google was subservient to the NSA, why would the latter build such massive data centres when Google could do the work for them.

      Are they equals? Competitors (same data source but different markets)? Allies? Or simply both 800-pound gorillas with overlapping territories that eye each other cautiously?

      1. Anonymous Coward
        Anonymous Coward

        Re: Google is the retail arm of the NSA

        "Disaster Resilience"...?

        1. CrazyOldCatMan Silver badge
          Joke

          Re: Google is the retail arm of the NSA

          "Disaster Resilience"..

          I saw them at a festival once. The guitarist was OK but the lead singer needs to go..

    2. Steven Burn

      Re: Google is the retail arm of the NSA

      Paranoid much? If that were the case, the majority of the crap on the web would be gone (unless you're going to tell me, they're also responsible for the malicious URLs on there as well?)

  18. Doctor Syntax Silver badge

    "This entirely changes the terms of that human-machine relationship."

    It's not a human-machine relationship, it's a human-corporation relationship. By casting it in terms of the machine you're allowing Google to distance itself a little.

    1. dan1980

      @Doctor Syntax

      Exactly.

      It's exploitation by a huge, extremely lucrative corporation. Identified as such, there can be no surprise that this happens, is (generally) poorly regulated and that there is little real penalty or political will to change anything.

  19. Colin Tree

    our data has value

    So our data has value, shouldn't we all monetise it.

    If Google had to pay us to use our data, maybe they'd slurp less.

    Money is the only thing companies understand.

    1. ThatOne Silver badge
      Devil

      Re: our data has value

      > So our data has value, shouldn't we all monetise it.

      That would be like sheep trying to monetize their wool... Farmers would have a good laugh.

      1. Sir Runcible Spoon

        Re: our data has value

        That could work if they all agreed to piss on one anothers' wool.

    2. bitmap animal

      Re: our data has value

      > If Google had to pay us to use our data, maybe they'd slurp less.

      They give you a free search engine, free email, free maps & Steetview. I suppose you could look at it as payment in kind, or a barter system, so most people are effectively paying for it just not in cash.

      1. Anonymous Coward
        Anonymous Coward

        Re: our data has value

        "They give you a free search engine, free email, free maps & Steetview."

        "Search engine" nowadays as there no meaningful way to limit the amount of results.

        You remember time when + meant something? That time is long gone. And first page is paid ads, basically.

        "Free email" is usually one you get from your ISP anyway, nothing extra here.

        "Free maps" partially applies but here in North we have several other "free maps" so it's not the only one. And of course every phone/navigator has map/navigation application included.

        Street view exists but actual usefulness is questionable.

        What is the price of those? Total loss of privacy, up to email contents and location tracking even when your phone is "off".

        That's way too high.

    3. CrazyOldCatMan Silver badge

      Re: our data has value

      So our data has value, shouldn't we all monetise it.

      This is my line with the marketing survey scammers - if they want my data (that they are going to sell), then I was a fee for providing the data.

      Somewhat surprisingly, they tend to put the phone down at that point..

  20. Anonymous Coward
    Anonymous Coward

    Pissing all over the *little peoples* Tax and Privacy laws

    Because we can... There's no point waiting for Regulators to step in plebs. They don't get it, and any Politician who does is hooked on leashes 'for jobs' etc.... So when's the revolution coming folks? Lets string up Larry, Sergey and Zuk! ... What- Untouchable you say.... No way to get to them.... Maybe, or maybe each has a Harvey Weinstein / Kevin Spacey / Jimmy Savile skeleton tucked away somewhere? Look at Kalanick, Uber is toast! These US corps don't make anything! If users leave, there is no business!

  21. Anonymous Coward
    Anonymous Coward

    What is the path back to Google?

    If the phone has no SIM, what's the data path back to Google... Wi-Fi next time its used??? It seems so... So, during the period Wi-Fi isn't active the location-tracking info must be getting cached somewhere, but where? Plus which Android versions does this affect, and what updates need to have occurred this year.... And aren't most Android phones receiving few or no updates, which is part of the whole wider Android security problem?

    1. Anonymous Coward
      Anonymous Coward

      Re: What is the path back to Google?

      Any website with a Google analytics cookie. So pretty much all of them.

  22. JeffyPoooh
    Pint

    "Nobody suspected Google did this practice..."

    When I saw the Google Maps Traffic overlay, with red roads for slow traffic and green roads for free-flowing traffic, it was *obvious* to me that they were grabbing LOTS of location data. The reason that it was *obvious* is that I live in Nova Scotia (in Canada), moderately low population density, and the traffic isn't THAT heavy here that they could get enough data to provide that quality of information, just with volunteers. It seemed clear that they were siphoning location data, presumably anonymized, from just about everyone carrying an Android device.

    Sorry. I didn't know that you didn't know.

    1. Richocet

      Re: "Nobody suspected Google did this practice..."

      Google buy the traffic information from Telco providers who give them a data set about the rate at which devices enter and leave each 'cell' in the network. From that and the government supplied CAD files for the road network they can calculate the volume and speed of traffic flowing along each road.

      The telcos collect this data for every SIM device that is powered on, which explains why there is so much data.

      I know this because the digital map company I worked at was offered the ability to purchase this service before Google back in the day.

  23. JeffyPoooh
    Pint

    "Google received the data....even if you didn't have a SIM card in your phone..."

    I browsed the links (admittedly quickly), and I could not find any explanation of this.

    Can anyone point to where this is claimed, and explain how data makes it through the Carriers network in the absence of a SIM card?

    Thanks.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Google received the data....even if you didn't have a SIM card in your phone..."

      There's no actual explanation.

      I post it in a different article the following,

      "The Quartz report is is trust based not information based, which is just as good as any misleading fake news on FB. One guy reported on quartz about this but nothing for El Reg or anyone else to review or verify. Even El Reg was only able to report "Google slurped the data regardless of whether or not location services was enabled because, according to an unnamed source cited by Quartz, the data was tied to Google's Firebase Cloud Messaging service."

      If it is tied to the Google Firebase Cloud Messaging services, then it's just 'possibly' part of google services for android 4.0+."

      But whether or not that is true, we don't know.

      1. Dan 55 Silver badge

        Re: "Google received the data....even if you didn't have a SIM card in your phone..."

        In what way don't we know that the GCM/FCM client is buried in the Play Services binary blob?

  24. Charlie Clark Silver badge
    Stop

    Not GDPR relevent

    The Quartz article makes it clear that Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google.

    The comparison with Schrems' case against Facebook over data protection isn't valid. Doesn't mean the procedure isn't suspicious just that it's not about data protection.

    1. Andrew Orlowski (Written by Reg staff)

      Re: Not GDPR relevent

      Schrems original motivation was as I explained - permissionless tracking.

      1. Charlie Clark Silver badge

        Re: Not GDPR relevent

        Schrems original motivation was as I explained - permissionless tracking.

        Maybe, but I don't see the two things being as legally equivalent. But IANAL. This close to GDPR day they'd pretty stupid if they were collecting "personally identifiable data" without permission.

        I think Google's collecting the data for other reasons like footfall analysis and possibly even network planning. I noticed recently that it is starting to say how long people spend in certain shops.

    2. Doctor Syntax Silver badge

      Re: Not GDPR relevent

      "it's not about data protection."

      It looks very much like a data protection issue to me.

  25. Jason Hindle

    So, if I want the benefits of a smartphone, without the (opaque) slurping....

    What are my options? My Google Nexus 5X is pretty much everything. It''s my plane ticket, train ticket, bus ticket, tram ticket, taxi ride and method of paying for most transactions < £30 (and many other things). It also sometimes gets used a phone. I'm somewhat loathe to go back to the old ways of doing things, but are the alternatives (assuming the plural still applies) any better?

    1. rmason

      Re: So, if I want the benefits of a smartphone, without the (opaque) slurping....

      @Jason Hindle

      Stop using all those services. switch to a different platform/ OS and hope it's better.

      Not many more options. This is what google sees as your payment for using all the things you mention. It's why it's all "free".

      Which is exactly why your "average" user just doesn't care. My wife for example would much rather leave location services on than have whichever apps she use that like it on remind her each time that it would like permission to use location services, can it please be on.

      To an overwhelming majority of users having social media, crap games, email services, messenger services etc etc all FOC is far more important than anything I can say regarding privacy and security. "They" don't care.

      Lots of reg readers forget this why they bemoan privacy stuff, complain about the lack of removable batteries or storage on phones, the aspect ratio of laptop screens, windows updates and all the related guff etc etc

      It is all the way it is because "we" are a very low percentage of the target market for such things.

    2. Alister

      Re: So, if I want the benefits of a smartphone, without the (opaque) slurping....

      @Jason Hindle:

      My Google Nexus 5X is pretty much everything. It''s my plane ticket, train ticket, bus ticket, tram ticket, taxi ride and method of paying for most transactions < £30 (and many other things).

      Have you ever heard the phrase "single point of failure"?

      It sounds to me as though, if your phone breaks, you're basically screwed.

      1. FrogsAndChips Silver badge

        Re: "single point of failure"?

        If his phone breaks, he'll be pissed, probably not screwed.

        Assuming he carries at least a payment card and a piece of ID, he can re-issue plane and train tickets, take the tube and train, purchase whatever he needs. He'll just have lost the convenience of using the same tool for everything.

    3. Doctor Syntax Silver badge

      Re: So, if I want the benefits of a smartphone, without the (opaque) slurping....

      "My Google Nexus 5X is pretty much everything. It''s my plane ticket, train ticket, bus ticket, tram ticket, taxi ride and method of paying for most transactions < £30 (and many other things)."

      Looks on with sympathy - but not much.

    4. Mage Silver badge
      Alert

      Re: So, if I want the benefits of a smartphone, without the (opaque) slurping....

      I only use my smart phone as a feature phone since I got it years ago

      Location off

      WiFi off*

      Data off.

      Only voice & SMS calls.

      FM Radio, notebook, camera, media player used, eBook Reader (Had to replace Amazon one).

      All book, music, photo transfer via USB Mass Storage.

      Even so it seems that Google is breaking the law and controlling my phone and illegally tracking?

      [*WiFi used several times to get apps that don't need online connection]

      1. FrogsAndChips Silver badge

        Re: @Mage - wifi off

        Have you also thought of disabling Wifi scanning in the Advanced settings? If not, installed apps could still access your location.

    5. Dan 55 Silver badge

      Re: So, if I want the benefits of a smartphone, without the (opaque) slurping....

      Plane/train ticket?

      You run out of battery or the app updates and suddenly starts going wrong on your model or your phone gets stolen or something and you're screwed.

      Paper ticket every time.

    6. Steven Burn

      Re: So, if I want the benefits of a smartphone, without the (opaque) slurping....

      Prefer actual tickets and cash for those myself ;) (wouldn't even consider putting my DC or CC data into the phone, let alone storing it in there)

  26. gooeygooeyworms

    Consent?

    unfortunately under GDPR consent isn't the only option - there are plenty of legitimate interests that Google could use to justify collecting this data without consent.

    I would have thought the last resort would be consent - after all consent needs to be easily withdrawn and who on earth would consent to this in the first place?!?

    1. Anonymous Coward
      Anonymous Coward

      Re: Consent?

      "... legitimate interests that Google could use to justify collecting this data without consent."

      Nope. GDPR is very, very strict on this: Basically it boils down to that that _any data collection_ is illegal unless you have written permission. And no, EULA or similar is not enough, not even near.

      You need to have personally signed paper and the identity of the signee verified from ID card. Then it's done by the book.

      So "legitimate interests" are irrelevant and either you've permission or you are a criminal.

      That's the whole idea of privacy, you know?

  27. Michael Thibault

    Mandate Corporation Kill Switches

    Nice bit of disruptive innovation you have there. 'Twould be a shame if something were to happen to it.

  28. small and stupid

    As a total idiot luddite, i ask:

    Can you get a cookie fucking program that deliberately corrupts the data in them?

  29. Anonymous Coward
    Anonymous Coward

    I'm still not sure why (here in the USA) it is wrong or immoral to drive company owned vehicles down public roads, capture the names and details of wifi networks broadcasting into the streets (no expectation of privacy in public) and for a business to build a database based off this data it can use to its advantage? Let alone often using it to the advantage of millions of others for free. If I don't want to consent I can either make sure my wifi signal doesn't leave my property of use ethernet cables. I don't need to consent once it reaches the street.

  30. This post has been deleted by its author

  31. Sssss

    I was on a website the other day, and was required to fill out and excessive firm on a contact page. I noticed Google Android chrome form data had my complete address data for every feild. Now, the only way it could have gotten that data, in my opinion, is through my mail in Gmail or by snopping on wifi hotspots, as I am pretty certain I never have put it online (deliberately). Maybe it could have been picked up at the newspaper when I sent a letter in. I also thought I disabled firm data or something. IT'S NONE OF THEIR BUSINESS and CREEPY.

    We need to be in a hot continuous war path. It doesn't matter if you can't put Google in gaol, you can put all the individuals responsible in gaol, and seize all their assets in compensation, issue international arrest warrants further all of them (I imagine Russia and China would consider this). That would likely stop a lot of things stone dead. Governments are able to put sanctions and seizure, and restrictions of access on what ever company is involved, and nation. There is the ability to act, but the voters will is needed. The actions of the American political system is opening itself up to promoting left wing parties over there. The more the situation gets out of control, the more people defect to alternative parties, and it happens in avelanches. The tea party will look like a tea party when suddenly disgruntled people decide to suddenly vote for something new.

    Real Security:

    Below is real security provisioning, and which can be implemented under existing laws, and by design in operating systems and app stores:

    ....But security is so frustrating, I'm not a security expert, and a lot of things I don't know about, but what I do know from when I was designing my own OS decades ago, is do it right the first time and NOTHING leaks. Developers are their own enemy, and should be sued under class action for negligently making code where that is proven. In the end of thousands, or even millions, of class actions, we should have better developers. This also includes any leak, spy, mal ware in it, which should also attract compulsory gaol terms for intended acts (meaning the compulsory gaol terms passes down the chain to the collusion of perpetrators (so that innocent developers don't get nicked for the actions of others on their code).

    What is needed, is complete automatic privacy for every user, without harrassment (as another compulsory gaol term crime). Harrassment obviously to any reasonable person, is asking for permissions more than once at install and at use. A function/permission list function being maintained where the user can go and look and select new "temporary" and switch on and off permissions as they wish, and a resolve issue button that takes them their, when the requested function does not work because of an expressly needed to actually do such a function permission problem. That permissions be required to be limited in breadth to those actually needed to expressly perform the express function expressly intended (no going and snooping more than intended. Like in storage). That it be an offence to ask for permissions unrelated to the express functionality of the program as expressly overtly expressed to the user (think about that one). That there is no stalking (tracking) physically, between sites, or between organisations in sites, or inside pages in a sites, or potentially, even non aggregate tracking between pages even (however, exception be made for browser local history and forwards and backwards functions). That all handoffs between sites be push orientated from the users direction and possibly involving user's central repositories (like password manager at Google) but in a non tracking way. Maybe then app stores can make money by charging and making software worth something again. All crimes are to be counted under treason and espionage laws, because they do cover spying on government organisations and contractors and individuals involved, and under business espionage as they do cover business organisations, their contractors and individuals working for them. Thanks for existing laws.

    Let jurisdictions, spruik that.

    What hubris, that these people think that they should do more than present non tracking/ed ads based purely on content on the page visited/app used, the country, state or region somebody anonymously is being served too, or general ad. No tracking at all is needed. The user should be able to nominate a region or block region information. Ads are actually much more interesting and enjoyable without tracking I find. They should only see it has to deliver something to such and such a region and not who or where, the browser/system should protect the anominity by regulating the access according to the users sole wishes. This even can use a tor like infrastructure service with virtual session ID lasting the life of the online session, with gaps of X seconds between sessions and sites to stop people gaming the system with repeated virtual visits, with reports sent to authorities and IP time information, that somebody is trying to defraud an advertiser. Sites will have to get back to actually selling advertising space like all other media. None of this illegal spying to make a dwindling buck, which the the people doing it make hefty income from rather than the average sites themselves, who are actually doing most of the work. The day of a painful, for users, free ride must end. I don't care if I have to pay a cent per hundred pages visited, it is out of control frankly, in my opinion illegal stuff going on now that should be stopped.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like