Posted in Legal Troubles, War on Privacy

A reminder that Google offers one-stop shopping of your personal information for cyberthieves and cops

When you let a company like Google keep tabs on your every move, you let the company construct a repository of personal information that can be mined by your adversaries. Via Boing Boing:

Scott Budnick (producer of the “Hangover” movies) is embroiled in a complicated feud with an LA homicide cop named Sgt. Richard Biddle; Biddle has pursued his investigation against Budnick by securing an incredibly broad search-warrant to seize his Google data.

The warrant seeks:

1. All of Budnick’s account data (email addresses, connected applications and sites, etc)

2. Android info (phone make/model and IMEI, IMSI and phone number)

3. All stored “accounts, email accounts, passwords, PIN codes, account names, user names, screen names, remote data storage accounts, credit card/payment data, contact lists, calendar entries, text messages, voice mail messages, pictures, videos, telephone numbers, mobile devices, physical addresses, historical GPS locations, two-step verification information”

4. All calendars, including shared calendars (and whom they are shared with)

5. All stored contacts

6. “All user documents stored by Google”

7. Any records of securities, funds, etc

8. All Gmail messages, including metadata like read/unread

9. All Google Photo images

10. All stored location data

11. All Play Store purchases and downloads

12. All search history

13. All call records, voicemail messages, SMSes

14. All Google Wallet/Checkout data

It is a spectacularly broad warrant — and also a chilling reminder of how much data Google holds on us.

You can reduce the amount of data Google holds on you by deleting your location history, switching email providers, migrating to iOS, and so on.

Posted in War on Privacy

Google whistleblower: “The medical data of millions of Americans is at risk”

A chilling must-read:

Here I was working with senior management teams on both sides, Google and Ascension, creating the future. That chimed with my overall conviction that technology really does have the potential to change healthcare for the better.

But over time I grew increasingly concerned about the security and privacy aspects of the deal. It became obvious that many around me in the Nightingale team also shared those anxieties.

After a while I reached a point that I suspect is familiar to most whistleblowers, where what I was witnessing was too important for me to remain silent. Two simple questions kept hounding me: did patients know about the transfer of their data to the tech giant? Should they be informed and given a chance to opt in or out?

The answer to the first question quickly became apparent: no. The answer to the second I became increasingly convinced about: yes. Put the two together, and how could I say nothing?

So much is at stake. Data security is important in any field, but when that data relates to the personal details of an individual’s health, it is of the utmost importance as this is the last frontier of data privacy.

Read the whole thing in its entirety, then read it again.

Huge props to the whistleblower for having the courage to stand up to the Monster of Mountain View, their employer, and defend the public interest against surveillance capitalism. What a public service.

Posted in Menacing Monopoly, War on Privacy

Google admits to secret partnership with health insurance giant Ascension

This is very disturbing:

Google has signed a health care data and cloud computing deal with Ascension, a move that gives the search-engine giant access to health-related information of millions of Americans, helping it refine potentially lucrative artificial intelligence tools.

Clayton-based Ascension is the nation’s second-biggest health care provider by number of hospitals, with facilities in 21 states and the District of Columbia.

The partnership, first reported by the Wall Street Journal on Monday, will also explore artificial intelligence and machine learning applications to help improve clinical effectiveness as well as patient safety, Ascension said in a statement.

Google and Ascension claim that their partnership complies with HIPAA, the Health Insurance Portability and Accountability Act, but we doubt that’s true. There’s no way that Google — with its awful record of waging war on user privacy and gobbling up information for suspect purposes — can be trusted with the health records of millions of Americans.

People who have a relationship with Ascension should be outraged that the company did not get their permission before inking this deal with Google.

The federal and state governments should open an investigation into this arrangement immediately.

MORE FROM ARS TECHNICA…

Google: You can trust us with the medical data you didn’t know we already had

Posted in War on Privacy

Google gobbles up Fitbit for $2.1 billion

More personal data on millions of people? Yes, please! Gulp, slurp, lipsmack:

Google said on Friday that it is acquiring Fitbit, the maker of fitness-tracking devices, for $2.1 billion to close the gap with Apple in the growing market for wearable electronics and to add muscle to its expanding hardware business.

The deal is likely to face regulatory scrutiny from agencies already investigating Google for antitrust concerns, because Fitbit collects sensitive health and activity information from users through the device. Heading off a potentially thorny point, Google said it would not use health data gleaned from Fitbit devices in its core advertising business.

That’s a worthless promise. The Monster of Mountain View will say whatever it needs to say right now to get this acquisition through. A few years down the line, they can change course and there’ll presumably be nothing to stop them.

Buying Fitbit is part of Google’s play to compete with Apple in every market segment Apple is in. The Cupertino giant designs phones, tablets, computers, and smartwatches, and has them made in Asia for markets the world over. Google used to be purely a search, advertising, and software services company, but it has expanded into phones (with its Pixel line) and partnered with companies to Dell to make what are called “Chromebooks” (dumbed down computers that don’t run a proper operating system and aren’t cheaper than computers running Windows). It also bought Nest so it would have a lineup of “smart home” devices.

Now it wants to own Fitbit.

This acquisition is not in the public interest. Fitbit may want to sell itself, but it should not belong to a company that is waging a war on privacy. People’s personal health information says a lot about them, and there’s no way Google can be trusted to look after that information. Monetizing information about people is what Google does. It’s why the company exists.

Posted in War on Privacy

Google Chrome was always a surveillance browser

Washington Post columnist Geoffrey Fowler has decided he’s done with Chrome because he doesn’t like being spied on:

You open your browser to look at the Web. Do you know who is looking back at you?

Over a recent week of Web surfing, I peered under the hood of Google Chrome and found it brought along a few thousand friends. Shopping, news and even government sites quietly tagged my browser to let ad and data companies ride shotgun while I clicked around the Web.

This was made possible by the Web’s biggest snoop of all: Google. Seen from the inside, its Chrome browser looks a lot like surveillance software.

It’s wonderful that Fowler has seen the light. It’s a shame it took him so long.

Google Chrome has always been surveillance software. It didn’t become one — it has always been a means by which the Monster of Mountain View can vacuum up user data. That’s why it was created.

This site is over ten years old and has been warning that Google is “the web’s biggest snoop of all” for the entirety of that time. People in the tech press have known that surveillance underpins Google’s business model, yet they have chosen to use and recommend Google’s offerings anyway.

It seems like that is starting to change.

For Fowler, the last straw is Google’s refusal to protect users by limiting the extent to which cookies can be used for tracking purposes.

Google itself, through its Doubleclick and other ad businesses, is the No. 1 cookie maker — the Mrs. Fields of the Web. It’s hard to imagine Chrome ever cutting off Google’s moneymaker.

Like Matthew Green, he also felt betrayed when Google modified Chrome to make automatic sign-ins the default.

I felt hoodwinked when Google quietly began signing Gmail users into Chrome last fall. Google says the Chrome shift didn’t cause anybody’s browsing history to be “synced” unless they specifically opted in — but I found mine was being sent to Google and don’t recall ever asking for extra surveillance.

And so he has made the switch to Firefox.

Let’s hope many more people do likewise.

Posted in War on Privacy

Tracking phones, Google is a dragnet for the police

A must-read from The New York Times:

When detectives in a Phoenix suburb arrested a warehouse worker in a murder investigation last December, they credited a new technique with breaking open the case after other leads went cold.

The police told the suspect, Jorge Molina, they had data tracking his phone to the site where a man was shot nine months earlier. They had made the discovery after obtaining a search warrant that required Google to provide information on all devices it recorded near the killing, potentially capturing the whereabouts of anyone in the area.

Because of Google’s ubiquitous, privacy-destroying data collection practices, it has become one stop shopping for law enforcement, just as foretold by Google’s critics.

The warrants, which draw on an enormous Google database employees call Sensorvault, turn the business of tracking cellphone users’ locations into a digital dragnet for law enforcement. In an era of ubiquitous data gathering by tech companies, it is just the latest example of how personal information — where you go, who your friends are, what you read, eat and watch, and when you do it — is being used for purposes many people never expected. As privacy concerns have mounted among consumers, policymakers and regulators, tech companies have come under intensifying scrutiny over their data collection practices.

Some people — some of us — foresaw that this would be a problem.

This site is now ten years old and has been calling attention to the awfulness of Google’s business practices for a decade. And it will continue to.

Props to The New York Times for publishing this story. It’s much needed.

Posted in War on Privacy

Google in hot water after not revealing it had hidden a secret microphone in home alarm product

When you buy Google products, a major part of what you’re purchasing is unwelcome nasty surprises that greet you down the road.

As if some folks weren’t concerned enough about the infiltration of potentially privacy-busting devices into the home, Google has admitted it did not disclose that it hid a secret microphone inside one of its products.

Owners of the Nest Secure were surprised earlier this month to read an announcement from Google that it was adding a new voice control feature to its home alarm product:

“Starting today, we’re adding a feature to Nest Secure to do just that: the Google Assistant will be available on your Nest Guard, so you can ask it questions like, “Hey Google, do I need an umbrella today?” before you set your alarm and leave the house.* Nest Guard is the brains of your Nest Secure; it contains a keypad and all the smarts that power the system. It’s usually placed in a spot with lots of traffic (like the front doorway) making it useful as you come and go.”

This “announcement” is naturally coming as quite a shock to people who bought Nest Guard and didn’t fathom that there was a microphone inside of it. But it’s not surprising to us. Typical Google behavior.

Posted in Legal Troubles, War on Privacy

Google fined for GDPR violations

Bring on the penalties!

Google has been fined 50 million euros (about $57 million) by a French regulator for not properly disclosing to users how their data is collected and used for targeted advertising.

The penalty is the biggest yet imposed under a new European privacy law that went into effect in 2018. The European Union’s General Data Protection Regulation gives Europeans more control over their information and how companies use it.

France’s National Data Protection Commission said on Monday that it imposed the fine after determining Google hadn’t met its obligation for transparency by making information about its data collection easily accessible to users. The commission found that Google didn’t present information about data-processing purposes and data-storage periods in the same place, sometimes requiring users to make five or six clicks to obtain the information.

The General Data Protection Regulation may not be perfect, but it’s already been a boon for users around the globe, including those outside Europe. Companies like Google will never care about user privacy on their own because their business model is monetizing people’s personal information. That’s why it is so important that laws like the GDPR exist… and that they be vigorously enforced.

Posted in War on Privacy

Slate writer: “I used to trust some of [Google’s] products, like Chrome. I increasingly don’t.”

People like Matthew Green are waking up to reality.

A couple of weeks ago, I noticed something strange was happening to my Google Chrome web browser. Where Chrome had always allowed me to browse the internet as an anonymous user, suddenly my browser had signed itself into my Google account.

A bit of investigation (and a visit to a nerd forum) pointed me to the cause: Chrome had logged itself in after I visited my Gmail account.

The change in Chrome’s behavior, it turns out, was not a bug. It’s part of a new technical “feature” in the browser called “identity consistency between browser and cookie jar.” Despite the gritty technical name of the feature, it represents a truly fundamental change in the way Chrome works.

For the first 10 years of Chrome’s existence, Chrome was simply a typical web browser. You had the option to sign the browser into Google—and thus take advantage of Google’s many data-sharing and cloud-synchronization options—but you never had to.

In the stroke of an update, the sign-in became mandatory: If you happened to visit a Google property, the browser would attach itself to your Google account.

To Google’s credit, it recognizes the privacy implications of this change, and simply signing the browser into Google does not immediately send your data to Google’s servers. But it brings users within an accidental click of sharing their bookmarks and browsing history with Google.

It is truly a tragedy that so many people use Google Chrome when there are better, privacy-respecting browsers available, like Mozilla Firefox. Mozilla now even makes a special mobile version of Firefox that cleans up after itself called Firefox Focus. Google will never, ever make a tool like that, because it is anathema to Google’s objective of collecting as much data about everyone as possible to monetize all of us for advertising purposes.

It was inevitable that Google would change Chrome to make it easier for it to spy on its users. We’ve been warning of this for years. Unfortunately, many people haven’t listened.

Posted in War on Privacy

Google and Mastercard Cut a Secret Ad Deal to Track Retail Sales

Big Brother Is Watching You:

For the past year, select Google advertisers have had access to a potent new tool to track whether the ads they ran online led to a sale at a physical store in the U.S. That insight came thanks in part to a stockpile of Mastercard transactions that Google paid for.

But most of the two billion Mastercard holders aren’t aware of this behind-the-scenes tracking. That’s because the companies never told the public about the arrangement.

Alphabet Inc.’s Google and Mastercard Inc. brokered a business partnership during about four years of negotiations, according to four people with knowledge of the deal, three of whom worked on it directly. The alliance gave Google an unprecedented asset for measuring retail spending, part of the search giant’s strategy to fortify its primary business against onslaughts from Amazon.com Inc. and others.

Remember, Google has made it their business to attempt to learn everything… EVERYTHING…. about you. The company’s aim is to eradicate the whole idea of user privacy, one blow at a time. They’ll do whatever it takes to get their hands on our data, whether convincing us to give it to them, buying it, or secretly capturing it without our knowledge.