Why now? How did this page change your mind? If anything, it's a big positive. All web portals collect data about you - Google at least shows you what they know and give you some amount of control over it.
It makes me wonder how they deal with DoS attempts and abuse; most large sites need to at least store IP addresses so they can identify if a user or group of users is trying to take down the site and block them.
That seems like quite a natural thing to collect to improve their search algorithm at the very least. "Are people finding what they're looking for?" basically.
It's not necessary to run trackers on everyone, all the time.
Sampling works. Randomly selecting accounts for inclusion and immediately dissociating that account identity from the data would provide substantively useful data.
Much the same way as it is possible, on the basis of 100 - 300 randomly selected G+ profiles to gain a strong sense of what the level of public activity of all 2.2 billion profiles (in use as of early 2015) was.
Sure, you can increase accuracy, somewhat, by bumping up that sampling count to 50,000 profiles. As I did. Though that (and monte-carlo resampling of subsets of the profiles) substantiated the trends which were clear from the first 100 or so results. Or you can bump up the value to 500,000, as Stone Temple Consulting did. Which again, largely re-substantiated the results I'd found.
Google receives something on the order of one billion searches per day. Sampling a very small percentage of those would provide very accurate results, at far smaller processing cost, and moreover, at far smaller data disclosure risk.
Data are liability.
Even if the concern were, say, edge cases regarding specific terms and the like, that would be possible to explore with targeted random sampling (stratified random samples). All very-well-established statistical techniques.
Well just making sure people are finding what they want is only part of it.
Since so much of their revenue is from ads, the better their targeting, the more money they make. If they have all this data on a person, they can target on a per person basis. And that money is probably talking louder than any care about liability from data based on how much they're collecting. They're a business, they have to have revenue in some way.
I'm making some assumptions, please correct me if I'm wrong.
Go to any Google results page, right-click a result and copy the URL. Paste it and see what's really in there. It's not the actual link you wanted, instead it's a link to a Google server with lots of metadata about your search that redirects you to the link you wanted after recording everything about your search.
Google is only showing a small bit about what they know so it's misleading to think they are a leader in this regard. There is nothing here about all of the sites they know you visit because of ad tracking, etc.
It makes it a lot more concrete for me. I can see not only all of my search activity, browsing etc, but also that my partner has done on our shared tablet. It's creepy. But it did make me aware of a Chrome setting to disable activity tracking. I'll change that as soon as I get home.
Neither. It becomes unassociated with your account. It still provides aggregate data to them, but respects your privacy.
"From better commute options in Maps to quicker results in Search, the data we save with your account can make Google services more useful to you. Using Activity Controls, you can decide what gets associated with your account and pause the collection of specific types of data — like your searches and browsing activity, the places you go, and information from your devices."
On the one hand, yes, it's a level of transparency. And there are some controls. Exceptionally cumbersome controls, particularly if you manage multiple accounts. Quite notably lacking in the ability to entirely disable multiple services -- I have no use or wish for Blogger, YouTube, Maps, or other activity tracking. I don't want Google tracking my location data at all, in any way -- not GPS, not WiFi connections, not cell towers. Nada. I can't say that.
I cannot globally disable or deny specific permissions from Android applications (Android 5.x, supposely 6.x offers slighly improved controls). I've written elsewhere about how the entire Android app store is a complete toxic cesspit and mess.
So, yes, Google give you some insight on what information they gather, which is better than many other services. They offer exceptionally poor controls over it. And the company has been either exceptionally passive-aggressive in re-enabling tracking of data users have denied it, and re-establishing or linking services they've expressely stated they don't want re-established or linked (see my comments elsewhere in this thread), or they're manifestly incompetent to manage what they've built.
I'm not sure which possibility concerns me more.
Keep in mind that Google:
1. Already are the number-one producer and software provider for personal pervasive hackable broad-spectrum surveillance devices. Which is to say, Android-based phones, tablets, notebooks, and other products.
2. Are service provider to a tremendous number of third-party services and companies. I can shun use of Google but still need to fight against its email servers, web tracking tools, fonts, and javascript servers, just off the top.
3. Put cameras directly on peoples faces and got all flustered when it turned out that the people those cameras were pointed at didn't like the idea. Google Glassholes.
4. Are planning to put a live, always-on, 24/7/365 microphone with remote processing in homes, offices, businesses, and other locations.
5. Are planning to produce "driverless cars" which will operate as either privately-owned or business-service vehicles, yet another venue in which my privacy is directly compromised in circumstances well outside my control.
The absolute mandate for Google to operate without the slightest hint of misplaced trust is extreme. I frankly don't see how they can meet it, and predict spectacular failure.
I doubt it. That would expose them to massive fines and exclusion from the entire EU market. Dark patterns in gathering information, as what Facebook has been doing with shadow profiles etc are bad enough - actually having a "delete" option that doesn't delete data (or storing data that a customer can't a) correct if wrong, and b) get actually deleted when they ask for it (and c) get a copy of on request) are all explicitly illegal in the EU, AFAIK.
You can't expect a company that runs its whole business through its Ireland subsidiary and had its offices raided by French and Spanish revenue authorities to play nicely by EU rules. In the UK they got a pat on the back and an extra 130M in taxes to pay. Of course they claim they did not break any laws and it's probably true - Google just found ways around them. I'm sure they've also found ways around EU data retention regulations.
The cynic in me would argue that EU tax loopholes are intentional, ways around the data retention directive, not so much. I suppose Google might have a secret deal with MI6 or some secret organization that no-one even knows exist (remember when the NSA was referred to as "No Such Agency" ?) - and get an exemption that way - through the "war on terror" back door, so to speak. But my impression is that the EU states prefer the Stasi-way - to have their own illegal secret archives rather than outsource that bit to private enterprises.
The data is actually deleted (at least in the case of FB data) when you delete your account, having sat through several audit meetings and known people who wrote the deleter code. It is not instant, since some of the deletion has to be queued up in async jobs so that when cold storage platters are re-written it skips your photos, etc. And you are correct that EU regulations are the big stick which keep everyone toeing the line regarding what must be done when a user requests the deletion.
Agree, assuming that this data is being secretly stored by major tech companies against stated privacy policies is abit tinfoil-hatty. The coverup that would be needed makes it highly unlikely. Not to say that smaller, niche, less scrutinized services don't pull this kind of crap - Ashley Madison is an excellent example.
Same here. In my case, I'd bet it's because I still use my old profile from before the G+ merger (I never agreed to use the new one, despite their insistence).
Yeah I have two types of Youtube accounts tied to my Google account. One is my official full name, and one is my nickname that I used before Youtube started trying to force people to use their full name. This activity site only shows activity from when I use Youtube under my full actual name.
It seems that this page lists activities I have done intentionally, such as queries I entered.
I'd be much more interested to see what data I gave to Google unintentionally - e.g. what Google-provided ads I saw on non-Google sites, what sites with Google Analytics I visited, etc.
Kind of funny that these pages require you to log in with a Google account. I don't believe Google won't record any data without the browser in question being signed in...
I am assuming it is on the same level as a guy sitting on a bench in a park watching people everyday. He notices certain people going to the same coffee shops around the same time of day, he notices others like to come out for a smoke a few times. He may even notice the types of coffee / clothes they prefer and build profiles in his head. All this without knowing the people personally.
Now this person could be doing this for fun, or he could be sent there for research (for advertising) or for surveillance.
Why is it then people are paranoid about a website collecting stats anonymously, but do not so about going into public places?
I don't know about you, but I'm not going public places in my underwear at 3 in the morning. It's a little absurd to state that there's no expectation of privacy on the web.
That, and Google isn't like one man sitting on a corner. It's like a network of guys, on every corner - that compare notes every evening. Regardless of why they do that, it's hard to call it anything other than surveillance.
Because the guy in the park forgets. And because the guy in the park only sees you a few minutes everyday, he doesn't have a complete listing of your browsing history, your calendar entries, your call history, what apps you use etc.
Ahh... It's so satisfying to see the stream of everything I was doing on Android suddenly stop when I switched to Cyanogenmod and not linked my e-mail account.
The trick was to use K-9 Mail. Otherwise, when configuring the e-mail (Gmail), the default mail application adds the entire Google account and the link to the mothership is reestablished. Although I have installed GApps, I transitioned to a dummy account per device plus Xprivacy, plus NetGuard.
Long before Android, the stream had dropped to a trickle when I started sandboxing the Google account to a special session for Gmail. Everything else, searches, youtube went on an incognito window or to a separate Firefox profile.
I knew it to be effective from the constant e-mails I was getting that "Google does not recognize your sign-on". Guess what, Google, I want it that way! Now myactivity.google.com confirms it.
It's true, you can cut off the data stream. I have done so, at times, myself. At this point, though, I have it on (with some device exceptions where I do anything that might be sensitive, or I might want to avoid someone accidentally finding out [e.g. gift purchases]). My reasoning is that I am likely being tracked no matter whether it's on or not. At bare minimum, even with stringent cookie policies and software removing "tracers" on a regular basis, my cellphone carrier, or isp, can track what I'm doing, unless I have a VPN on. While I don't mind having a VPN on, when I don't have it on, it makes the most sense to me to be able to view just what I've been doing. I like having that log, because I then have an idea of what other companies know about me. It sucks that I'm put in the situation where handing over my data to someone who does the responsible thing and reports it to me is a sensible choice in my eyes.
So I'm using stock LG G3 Android Marshmallow (completely stock manufacturer ROM). I have Google settings kinda locked down as much as possible and I've been carefully managing app permissions since I upgraded from Android 5.
My google activity shows only google maps searches from the device and some google website searches from desktop (probably from when I happened to be logged into GMail and made a search query via google.com).
I use Gmail on Android, Signal for SMS (no-one I know uses Signal) and Firefox with self-destructing cookies and uBlock origin (I use a similar setup on desktop too - to prevent persistent logins) I can't see any other activity being logged. That's not to say that it isn't flowing through Google's pipes somewhere or other.
My point is that I'm only conducting basic privacy measures but (as in, not having to root or reflash my phone) - and not having most of my activity recorded in this dashboard.
I'm a bit surprised, I was using the stock Android for Nexus and in my case the results were logged. Just as other people are reporting: every single application usage, call or what-have-you. I also had turned off everything I could find in Settings -> Google Account.
Do you maybe have multiple Gmail accounts? My first time visiting the link above, it only had 3 YouTube video views from this week. That was before I changed the selector from my work account to my personal gmail account. Then it correctly showed a very detailed log, like that I had opened Spotify 2 minutes ago.
I think they know much more than they are showing in that dashboard. Simply staying a few steps ahead and not giving them the option to even link to your account is worth for me.
To give an example on desktop, even using separate Firefox profiles for Google and non-google activity, it is embarrassingly easy to see that the activity comes from the same person. Just cross-check the bonanza of information like screen size, plugins, fonts etc. I would be surprised if they didn't do it. I prefer to not run the risk. So I go to even greater lengths than I mentioned above, however it was getting long.
To come back to your point, it's inconvenient only in the beginning to document yourself and to set it up. Whether it is rooting the device, or setting up your own e-mail server. In the end it is about the freedom of computing whatever you want on the device that you own.
EDIT: If I may add, it's not like I'm going full Stallman. Everything is a compromise, it would be nice if we weren't forced to go to these lengths, or to compromise at all.
Yes. Through technical guarantees, I like to think that the benefit is not merely "perceived". And it applies to other actors as well, not only Google.
I'm glad to see this data provided back to me, however, I'm very concerned about Google knowing absolutely everything I do while on the web and on my Android device.
- Used Messenger app, sent X messages
- Used maps, with location data, search data
- Use phone, with number of calls
- Used (Any installed app) included how often and what I did.
I've since turned everything off.
While browsing on my phone last night I saw a new Google.com feature where they were using my email address to try sign me up to email lists at the top of search results.... Not cool.
It's even worse due to all the dark patterns Google adds. For example Maps will refuse to locally store your previous searches if you don't let google keep your location history, making the use of application extremely frustrating.
Trying to use Google Fit, Now, etc. will keep popping up requests to let Google constantly track your location and web searches with o clear way to disable those annoyances. And more and more.
Most frustrating to me is the "high accuracy" location service. No, I do not want you to track what wireless SSIDs I'm near. Accurate within 25 feet, as GPS usually is for me, is just fine.
As far as I know, they've just mudded up the language, so it's not obvious that you check "Yes, please report all my friends and associates wlan ids/location and store them in one huge database that's available to Google, law enforcement etc. And once you've clicked yes, I don't think they ask again.
In my (Sony) Marshmallow/Android 6.0 phone it lets one choose: "Location mode": "High accurancy" (Use GPS, Wi-Fi, Bluetooth or mobile networks to determine location), "Battery saving" (Wi-fi, bluetooth or mobile networks) and "Device Only" (Use GPS to determine location).
Just now noticed it says "High Accuracy" (I believe Google Maps will nag you into submission on this, if you try to use GPS only).
It does indeed nag you and once you select "high accuracy" it will stay so forever, unless you go to settings and disable it every time. Aargh. Otherwise it just keeps asking until you allow it by mistake.
Don't forget the menu item "Scanning" in Settings > Location. It "improves location" by scanning wifi and bluetooth _anytime_ i.e. even when location is turned off. I like the sneaky location of the menu item (no pun intended).
This is, by far, the most important point. Google could make it very easy for you to use their apps offline, but they don't. The recent searches in Google Maps not being saved offline is especially annoying to me personally, and Google seems to think that it's impossible to store data if you don't send them to Google.
I can see them saying "we didn't want to confuse customers who thought syncing was broken when they didn't see their searches in other phones", but given how easy it is to tell the user "you have disabled sync", I don't think there's any excuse for Google to behave like this.
To me it seems most likely they have a syncing framework/library that takes care of both the local storage of recent items, forwarding those to the google cloud services, and retrieving them when necessary. And when you disable the cloud services, this framework becomes inactive.
Of course, you could say the design of the framework is hostile, or that they should fall back to something else, but I can see this being considered extra unnecessary work.
To me it seems obvious that adding these sync features was the original "extra unnecessary work". It is a dark pattern that Google is obviously engaging in to the detriment of their users. They went the extra mile to annoy their users to gather some more data.
Yes, which is great. But note that they require Location history for it! So to get saved (and synced) previous searches you need to let your phone upload your location constantly to Google.
To me, the tipping point was years ago when they changed the logout screen. Now instead of logging out with one click, you "log out" but the next time you come back to Google your profile is automatically selected, waiting for your password. You have to click "sign in with a different account", then click on the X to actually remove your profile from being tied to your browser.
Anyway, it was so satisfying to log in and see absolutely nothing, no activities whatsoever.
Just use Here Maps w/o an account. Screw Goolgle. Even if the different service providers track you the data is at least scattered among them, not in the hands of a single Big Evil Corporation Inc.
I uninstalled the Gmail iPad app because suddenly YouTube and the Google maps apps on the iPad suddenly knew who I was, even though I'd never logged into them. It turned out that all Google apps can access the same iOS keychain.
The iPad is a family device. The children watch kids stuff on YouTube. My wife and I both use Google maps for different things. I was the only one using Gmail.
So, no I don't want personalised YouTube tracking on the iPad. Every time i opened the maps app it drove me to login. The iPad is a shared device. Maps and YouTube logins on a shared device make little sense, especially when Google is building profiles from our usage.
I found it a pity that my only choice was to delete the Gmail app, in order to stop the nagging. So irritating!
TBH I'd blame Apple for that more than Google. Apple desperately needs to modernize iOS to match the reality that tablets (and even phones, for many people) are multi user devices.
This is one thing that Google seemingly has never understood: A single device doesn't represent a single person. Even when it does, it doesn't represent a single usage scenario or persona.
Your family iPad is a perfect example. Another is the way I have personal emails and work emails both on my phone - but that doesn't mean I want to merge them all into one super-inbox and treat them all the same.
Oh well, they also store the phone numbers that you called along with the duration. And possibly more data than your mobile service provider manages to store.
For those of you interested, and I didn't see it in the above link, this is a link to all your Google Location History, it must only be Android because I'm not seeing a lot of travel I did while I had an iPhone:
It's not only Android. I use iPhone. I use Google Maps. I intentionally have location tracking on. I'm not sure which apps contribute but I assume all google apps can or do.
That last data points they have from me is April 20, 2015. Maybe I locked down all my privacy settings then. Or I guess it helps to be using an iPhone.
Interesting use of the language here: Google does not allow you to turn settings off, it merely allows you to PAUSE them. Say what you want about the end result, but the way they weasel around with words here makes me feel uncomfortable.
Funnily I've gotten pretty used to seeing my logged browser history the past week or so intermixed with a few other friends as I've built this webapp (http://www.websee.io/) that anonymously aggregates browsing activity from all the users and displays the content with the highest recent crossover, basically sharp peaks in browsing distribution across all URLS.
It's odd to me that Google collects all this data, but doesn't really seem to offer any specific applications that depend on it, individually or in aggregate. Even though they have trends, they don't have any lists like Alexa of top traffic websites, despite the fact they have a better sample than anyone, and could make such information available.
I guess I can just hope that between the more "interesting" ads they show me and whatever other magic they use the data for to improve their services, that it's worth letting them have it.
Your history is a silent input to search which radically increases search quality. Your browsing history would show up to you as chrome omnibox autocomplete syncing across devices and the ability to open on one device tabs that are open on your other logged in devices, if you use Chrome.
Can we start a thread (this one) listing the data that people see available, for someone who doesn't have a Google account and is curious what sort of data are collected?
There's some stuff scattered throughout the comments, but it'd be nice to have a single spot.
Even if I use and Android phone I don't use gmail (K9 instead) and don't login in Google (I search from the browser), YouTube and maps. Only in Play Store, that can't be helped. I opted out from every tracking they let me opt out from, ads, location, etc.
That service confirmed that there is no data about me. I believe they know much more than that, but at least I'm making it a little more difficult for them.
Funny - I remember opting out of all of Google's data collection years ago. I went there fully expecting Google to have no activity recorded, as I have seen when this page (or its ilk) have popped up in the past.
Much to my surprise, it was well populated again, with my web browsing/searching, YouTube, and location histories all turned back on again. I don't use the Chrome browser (aside from compatibility testing), and I don't use Android. I'd be very curious to know how all of this was re-enabled without my involvement.
Very unfortunate, and another straw for the camel's back.
That those are different controls says a lot about how Google feels about making it possible to opt out of all their tracking.
That said, since there were some controls disabled, and some enabled, I'm more inclined to believe that they were re-enabled, if not automatically, then via some dark pattern. It's also possible that they were just new tracking points, but one of them was my search history, which I recall explicitly disabling.
I think new controls are part of it, but they've also redesigned the account manager to brings all your settings (privacy and otherwise) under one roof. I noticed it when they started pushing the privacy check-up feature.
Unfortunately I didn't click a picture upon my last update. It happened few weeks ago, maybe a month. Even google keyboard settings were reset. Also, I have two accounts on my Android and it opted back in on both of them. I needed to opt-out again on both accounts.
I've documented on my G+ profile how my YouTube account, deleted, would get re-created even within a few hours based on utterly unrelated other activity.
Google have been screwing this up for a long, long, long, long, long, long time.
I opted out of search and location history. It bothers me when I turned off everything else, they auto opt-in'd me to things which I presumably wouldn't want and I had to turn off and delete everything.
You should have realized that opting out of all of Google's data collection years ago probably implies that Google wouldn't provide you access to information that they collect about you.
If it was well populated now, they actually screwed up. The data for the period that you opted out should not have been visible to you.
It's the opposite for me. I didn't remember turning anything off and the only data it had was some location data from times I was using GPS on my phone.
Apparently I turned all of their tracking off at some point and forgot about it.
I've documented on my G+ profile how my YouTube account, deleted, would get re-created even within a few hours based on utterly unrelated other activity.
Google have been screwing this up for a long, long, long, long, long, long time.
It's safer to assume everything you input into a device is being recorded regardless of settings. If I want privacy, I'll use Tails OS with Tor. Since that's a pain to use I just don't do or write anything on the internet I don't want tracked back to me.
I have this argument with my wife every few months. She posts things on a popular social media platform and sets them "private" in full expectation that the content will only be shared with those she selects. Then she gets pissed when she later discovers the privacy settings didn't work the way she expected.
Anything pushed to the internet should be assumed public unless encrypted using open source encryption tools you completely control in a safe zone (like in Tails). All internet activity should be assumed to be logged somewhere, somehow. I don't even 100% trust Tor.
I'm always surprised how little Google manage to do with all that info. I have a personal Google Apps account and their absolute highest achievement from knowing nearly my entire location history over the past three years, searches, current position, having all the contacts, calendar, list of my apps, even purchase history (through email receipts if they wanted it) is Google Now occasionally correctly suggesting the next destination.
Other location suggestions? Crap unless explicitly entered in the Calendar. Article suggestions in Google Now? Crap. Despite having my entire Feedly info (300+ feeds) from which they pull most useless cards. Youtube suggestions in Google Now are somehow even worse than video suggestions in the Youtube app. Ads? Complete garbage and borderline fraud against all these companies paying to advertise mobile games which I almost never play and they know it.
Bizarrely, I have a Google Apps account at work with much, much less info and it's actually a little better.
Users who use Inbox instead of gmail should get a lot more rich inputs to Now. Appointments would be deduced from emails, for example, and Now will show you tracking information taken from orders in your receipts, and much more.
Now hasn't started reading email now. Somebody gleefully mentioned to me several months back that Now reminds her of bills (due dates and amounts) automatically. Essentially by reading emails from gmail. I was also told that by evening it'd start telling by itself the approximate time it would take to reach home.
Any thoughts on what would have happened if Snowdens bosses could see his bills? His airline tickets? What the machine does with the bills is the scary bit.
For a third group, such inputs are rich if provided by an algorithm running locally, on your own personal data, whilst preserving your privacy.
They're scary when they're the carrot used to persuade you to allow a full invasion of your personal life by an outside entity, which as a matter of course requires permission to store, search, aggregate, and use commercially all of the data that it finds.
You don't need to be using Inbox for Google Now to have the appointment and tracking information parsed out. That's a setting in Google Now separate from the Inbox app. (I don't use Inbox but get those in Now)
Is that because you are using a "Google Apps" account? Apps has always lagged behind the "free" accounts in terms of functionality. Google Now works almost flawlessly for me with a Gmail account - appointment reminders, flight information, weather information, suggested places nearby, restaurant information, sports updates etc are generally always accurate.
Interesting that you say that. I've seen Google to suggest some interesting and relevant information in the last few years. I use a Windows phone now so I can't comment on Google Now since the desktop/browser version didn't really take off.
I have my calendar and email setup on my phone with contacts sync also enabled. When I get to work I have one of those pinned tabs on chrome set to inbox and all my searches on my phone and laptop are on Google. Adblocker is installed on my laptop so I never see ads there but after searching for property and a bed for the last few weeks, the ads I seem to be getting on my mobile browser point to just that. I've actually ended up buying a couple of items online because of google's suggestions (GPU, cellphone, gas heater, etc). So I think it depends on how much data you feed it and how you feed it. As for suggested places to visit, I can't comment much since I don't use that feature.
Not my experience at all, in my case the suggestions have become so good that I find myself checking what articles Google has for me multiple times a day. It's easily the thing I check the most after Reddit and Hacker News. Heck, I'd love a standalone app or service just for the article suggestions alone.
I spend at least an hour every morning and night waking up and falling asleep to the latest news I'm interested in, with probably 1 or 2 additional hours throughout the day -- and all from article suggestions in Google Now.
If you aren't seeing things that interest you, you can tap the dropdown menu in the top-right of each card and tap "I'm not interested in this" or "Not interested in this source" to train it towards articles that you actually do care about.
One of the most clueless things Google does is use general search queries to suggest articles in Google News.
Just because I search for something, say a business, on the web doesn't in any way mean that I'm interested in seeing future news stories about that business.
I'm only seeing the very few times I've signed into Google to upload a video to YouTube. I infrequently use Gmail on my Android but no signs of it in my activity - aren't Gmail logins along with location logged?
Side-stepping for a minute that Google and governments can also see this data, this sort of wholesale data aggregation and presentation seriously ups the ante for account security.
Getting somebody's Google account from third-party breach-de-jour used to mean you got their email history, or could pretend to be them... But with this you have their browsing, app, search and location history. That is to say, you can discover: What they're doing. Where they're doing it. What they're thinking about (I search everything). Who they interact with.
Worse, I wasn't prompted for any sort of password. Physical access to my computer (and I assume phone) now gives easy access historical surveillance data.
It also helps one keep tabs on activity in their account, so compromises will be more apparent. I had my phone stolen recently, and use this and android device manager to make sure nobody is in my google account (it was encrypted with a fingerprint, but you never know...).
I've been very impressed with their smarts about security, they seem to tow a fine line between security and convenience. Any sensitive account information like this will usually trigger a new password entry (unless you've entered it recently), or 2fa.
The scary thing about Google and other tech juggernauts is the single point of failure that represent for the security of one's identity. Integrating all of the tech services a person would use (social media SSO, acquisitions/mergers of smaller tech service companies) is great for convenience, but the compromising of a single account is now an event that can't just be shrugged off anymore. People now exist more and more online, and there hasn't been a parallel increase in the amount of thought put into dealing with the consequences of this shift.
It must depend on your privacy settings. I was prompted for a password, and then all it had to show was a handful of youtube videos I've watched over the past few years.
Same here. This just reflected to me that I seem to have locked down my 'privacy' controls better than I thought. YouTube is the only Google service using my recorded activity for ads or recommendations, but I actually like the recommendations.
A 'big corp' like Google uses fairly nefarious practices, makes it nary impossible to 'opt out' of their 'life tracking' measures, and uses that information for their own profit whilst at the same time 'virtue signalling' and extolling some kind of moral premise ... and you buy it?
The lack of self awareness in the Valley is sometimes disturbing.
290 comments
[ 3.4 ms ] story [ 263 ms ] threadThat's factually incorrect: https://duckduckgo.com/about
Sampling works. Randomly selecting accounts for inclusion and immediately dissociating that account identity from the data would provide substantively useful data.
Much the same way as it is possible, on the basis of 100 - 300 randomly selected G+ profiles to gain a strong sense of what the level of public activity of all 2.2 billion profiles (in use as of early 2015) was.
Sure, you can increase accuracy, somewhat, by bumping up that sampling count to 50,000 profiles. As I did. Though that (and monte-carlo resampling of subsets of the profiles) substantiated the trends which were clear from the first 100 or so results. Or you can bump up the value to 500,000, as Stone Temple Consulting did. Which again, largely re-substantiated the results I'd found.
Google receives something on the order of one billion searches per day. Sampling a very small percentage of those would provide very accurate results, at far smaller processing cost, and moreover, at far smaller data disclosure risk.
Data are liability.
Even if the concern were, say, edge cases regarding specific terms and the like, that would be possible to explore with targeted random sampling (stratified random samples). All very-well-established statistical techniques.
https://ello.co/dredmorbius/post/naya9wqdemiovuvwvoyquq
Since so much of their revenue is from ads, the better their targeting, the more money they make. If they have all this data on a person, they can target on a per person basis. And that money is probably talking louder than any care about liability from data based on how much they're collecting. They're a business, they have to have revenue in some way.
I'm making some assumptions, please correct me if I'm wrong.
[1] https://matagus.github.io/remove-google-redirects-addon/
The reason I started running that extension is because I i was sick of waiting for google.com to redirect me.
I've learned to know that's never true, and even when people "know", often they don't actually know in a non-abstract sense.
You could pull up the (local) browser history and see exactly the same information there.
Is it just surprise that they are in fact collecting this information? Because I thought that was pretty well known.
Edit, maybe delete? From your view, you mean... or from their databases?
"From better commute options in Maps to quicker results in Search, the data we save with your account can make Google services more useful to you. Using Activity Controls, you can decide what gets associated with your account and pause the collection of specific types of data — like your searches and browsing activity, the places you go, and information from your devices."
https://privacy.google.com/take-control.html
On the one hand, yes, it's a level of transparency. And there are some controls. Exceptionally cumbersome controls, particularly if you manage multiple accounts. Quite notably lacking in the ability to entirely disable multiple services -- I have no use or wish for Blogger, YouTube, Maps, or other activity tracking. I don't want Google tracking my location data at all, in any way -- not GPS, not WiFi connections, not cell towers. Nada. I can't say that.
I cannot globally disable or deny specific permissions from Android applications (Android 5.x, supposely 6.x offers slighly improved controls). I've written elsewhere about how the entire Android app store is a complete toxic cesspit and mess.
So, yes, Google give you some insight on what information they gather, which is better than many other services. They offer exceptionally poor controls over it. And the company has been either exceptionally passive-aggressive in re-enabling tracking of data users have denied it, and re-establishing or linking services they've expressely stated they don't want re-established or linked (see my comments elsewhere in this thread), or they're manifestly incompetent to manage what they've built.
I'm not sure which possibility concerns me more.
Keep in mind that Google:
1. Already are the number-one producer and software provider for personal pervasive hackable broad-spectrum surveillance devices. Which is to say, Android-based phones, tablets, notebooks, and other products.
2. Are service provider to a tremendous number of third-party services and companies. I can shun use of Google but still need to fight against its email servers, web tracking tools, fonts, and javascript servers, just off the top.
3. Put cameras directly on peoples faces and got all flustered when it turned out that the people those cameras were pointed at didn't like the idea. Google Glassholes.
4. Are planning to put a live, always-on, 24/7/365 microphone with remote processing in homes, offices, businesses, and other locations.
5. Are planning to produce "driverless cars" which will operate as either privately-owned or business-service vehicles, yet another venue in which my privacy is directly compromised in circumstances well outside my control.
The absolute mandate for Google to operate without the slightest hint of misplaced trust is extreme. I frankly don't see how they can meet it, and predict spectacular failure.
I guess that's nice. I wonder if they'd still keep the original data points.
https://myaccount.google.com/activitycontrols
I tried turning on Web & App Activity just to see what it caught, and it turned it off again.
I'm not sure, but I think that makes me feel slightly better about my university.
I'd be much more interested to see what data I gave to Google unintentionally - e.g. what Google-provided ads I saw on non-Google sites, what sites with Google Analytics I visited, etc.
http://www.jaruzel.com/How-Much-Does-Google-Know-About-Me
Especially the Dashboard one. I use these a lot to make sure I'm not leaking any data more than I have to, to Google.
What, as someone who avoids Google accounts and most of their services like the plague, do you know about me? <= question I'd like answered
Now this person could be doing this for fun, or he could be sent there for research (for advertising) or for surveillance.
Why is it then people are paranoid about a website collecting stats anonymously, but do not so about going into public places?
That, and Google isn't like one man sitting on a corner. It's like a network of guys, on every corner - that compare notes every evening. Regardless of why they do that, it's hard to call it anything other than surveillance.
(Either that, or my phone briefly had a very incorrect time setting.)
For Unix, it's Jan 1, 1970.
For DOS, I believe it's Jan 1, 1900, though with a leap-year error (there is a Feb 29, 1900 included that shouldn't be).
For SAS (statistical software), it's Jan 1, 1960.
Apple should use the Unix Epoch.
Curious.
The trick was to use K-9 Mail. Otherwise, when configuring the e-mail (Gmail), the default mail application adds the entire Google account and the link to the mothership is reestablished. Although I have installed GApps, I transitioned to a dummy account per device plus Xprivacy, plus NetGuard.
Long before Android, the stream had dropped to a trickle when I started sandboxing the Google account to a special session for Gmail. Everything else, searches, youtube went on an incognito window or to a separate Firefox profile.
I knew it to be effective from the constant e-mails I was getting that "Google does not recognize your sign-on". Guess what, Google, I want it that way! Now myactivity.google.com confirms it.
My google activity shows only google maps searches from the device and some google website searches from desktop (probably from when I happened to be logged into GMail and made a search query via google.com).
I use Gmail on Android, Signal for SMS (no-one I know uses Signal) and Firefox with self-destructing cookies and uBlock origin (I use a similar setup on desktop too - to prevent persistent logins) I can't see any other activity being logged. That's not to say that it isn't flowing through Google's pipes somewhere or other.
My point is that I'm only conducting basic privacy measures but (as in, not having to root or reflash my phone) - and not having most of my activity recorded in this dashboard.
Does the cost out weigh the perceived benefits?
To give an example on desktop, even using separate Firefox profiles for Google and non-google activity, it is embarrassingly easy to see that the activity comes from the same person. Just cross-check the bonanza of information like screen size, plugins, fonts etc. I would be surprised if they didn't do it. I prefer to not run the risk. So I go to even greater lengths than I mentioned above, however it was getting long.
To come back to your point, it's inconvenient only in the beginning to document yourself and to set it up. Whether it is rooting the device, or setting up your own e-mail server. In the end it is about the freedom of computing whatever you want on the device that you own.
EDIT: If I may add, it's not like I'm going full Stallman. Everything is a compromise, it would be nice if we weren't forced to go to these lengths, or to compromise at all.
- Used Messenger app, sent X messages
- Used maps, with location data, search data
- Use phone, with number of calls
- Used (Any installed app) included how often and what I did.
I've since turned everything off.
While browsing on my phone last night I saw a new Google.com feature where they were using my email address to try sign me up to email lists at the top of search results.... Not cool.
Trying to use Google Fit, Now, etc. will keep popping up requests to let Google constantly track your location and web searches with o clear way to disable those annoyances. And more and more.
In my (Sony) Marshmallow/Android 6.0 phone it lets one choose: "Location mode": "High accurancy" (Use GPS, Wi-Fi, Bluetooth or mobile networks to determine location), "Battery saving" (Wi-fi, bluetooth or mobile networks) and "Device Only" (Use GPS to determine location).
Just now noticed it says "High Accuracy" (I believe Google Maps will nag you into submission on this, if you try to use GPS only).
I can see them saying "we didn't want to confuse customers who thought syncing was broken when they didn't see their searches in other phones", but given how easy it is to tell the user "you have disabled sync", I don't think there's any excuse for Google to behave like this.
Of course, you could say the design of the framework is hostile, or that they should fall back to something else, but I can see this being considered extra unnecessary work.
Anyway, it was so satisfying to log in and see absolutely nothing, no activities whatsoever.
[0] https://news.ycombinator.com/item?id=8638157
https://f-droid.org/repository/browse/?fdfilter=osmand%7E&fd...
The iPad is a family device. The children watch kids stuff on YouTube. My wife and I both use Google maps for different things. I was the only one using Gmail.
So, no I don't want personalised YouTube tracking on the iPad. Every time i opened the maps app it drove me to login. The iPad is a shared device. Maps and YouTube logins on a shared device make little sense, especially when Google is building profiles from our usage.
I found it a pity that my only choice was to delete the Gmail app, in order to stop the nagging. So irritating!
Your family iPad is a perfect example. Another is the way I have personal emails and work emails both on my phone - but that doesn't mean I want to merge them all into one super-inbox and treat them all the same.
Oh well, they also store the phone numbers that you called along with the duration. And possibly more data than your mobile service provider manages to store.
https://www.google.com/maps/timeline
http://imgur.com/g0St0b1
gosh google...
https://myaccount.google.com/activitycontrols
It's odd to me that Google collects all this data, but doesn't really seem to offer any specific applications that depend on it, individually or in aggregate. Even though they have trends, they don't have any lists like Alexa of top traffic websites, despite the fact they have a better sample than anyone, and could make such information available.
I guess I can just hope that between the more "interesting" ads they show me and whatever other magic they use the data for to improve their services, that it's worth letting them have it.
There's some stuff scattered throughout the comments, but it'd be nice to have a single spot.
* My Google searches, this includes audio searches and it let me play the audio.
* Watched Youtube videos
* Pages viewed on Chrome
I don't see any Android activity besides the google searches, could be because I'm using Sultan's CyanogenMod.
Web & App activity (search activity on apps and in browsers)
Location History (Creates a private map of where you go with your signed-in devices)
Device Information (contacts, calendars, apps, and other device data)
Voice & Audio Activity (storing your voice and audio inputs to your account, for example, when you say "Ok Google" to do a voice search)
YouTube Search History (Store your YouTube searches)
YouTube Watch History
They all have an opt out toggle.
That service confirmed that there is no data about me. I believe they know much more than that, but at least I'm making it a little more difficult for them.
Much to my surprise, it was well populated again, with my web browsing/searching, YouTube, and location histories all turned back on again. I don't use the Chrome browser (aside from compatibility testing), and I don't use Android. I'd be very curious to know how all of this was re-enabled without my involvement.
Very unfortunate, and another straw for the camel's back.
See the activity controls to opt out here.
https://myaccount.google.com/activitycontrols
That said, since there were some controls disabled, and some enabled, I'm more inclined to believe that they were re-enabled, if not automatically, then via some dark pattern. It's also possible that they were just new tracking points, but one of them was my search history, which I recall explicitly disabling.
Surely it was a mistake to comment without the support of evidences of any kind, but anyway, I just though I could share my experience.
Google have been screwing this up for a long, long, long, long, long, long time.
https://plus.google.com/104092656004159577193/posts/ibshLn9Z...
If it was well populated now, they actually screwed up. The data for the period that you opted out should not have been visible to you.
Apparently I turned all of their tracking off at some point and forgot about it.
Google have been screwing this up for a long, long, long, long, long, long time.
https://plus.google.com/104092656004159577193/posts/ibshLn9Z...
Anything pushed to the internet should be assumed public unless encrypted using open source encryption tools you completely control in a safe zone (like in Tails). All internet activity should be assumed to be logged somewhere, somehow. I don't even 100% trust Tor.
That's a rather Orwellian statement ...
Edit: there is: https://myactivity.google.com/delete-activity
Other location suggestions? Crap unless explicitly entered in the Calendar. Article suggestions in Google Now? Crap. Despite having my entire Feedly info (300+ feeds) from which they pull most useless cards. Youtube suggestions in Google Now are somehow even worse than video suggestions in the Youtube app. Ads? Complete garbage and borderline fraud against all these companies paying to advertise mobile games which I almost never play and they know it.
Bizarrely, I have a Google Apps account at work with much, much less info and it's actually a little better.
For some such inputs are rich, for others scary.
Most don't care anyways.
They're scary when they're the carrot used to persuade you to allow a full invasion of your personal life by an outside entity, which as a matter of course requires permission to store, search, aggregate, and use commercially all of the data that it finds.
I have my calendar and email setup on my phone with contacts sync also enabled. When I get to work I have one of those pinned tabs on chrome set to inbox and all my searches on my phone and laptop are on Google. Adblocker is installed on my laptop so I never see ads there but after searching for property and a bed for the last few weeks, the ads I seem to be getting on my mobile browser point to just that. I've actually ended up buying a couple of items online because of google's suggestions (GPU, cellphone, gas heater, etc). So I think it depends on how much data you feed it and how you feed it. As for suggested places to visit, I can't comment much since I don't use that feature.
Not my experience at all, in my case the suggestions have become so good that I find myself checking what articles Google has for me multiple times a day. It's easily the thing I check the most after Reddit and Hacker News. Heck, I'd love a standalone app or service just for the article suggestions alone.
I spend at least an hour every morning and night waking up and falling asleep to the latest news I'm interested in, with probably 1 or 2 additional hours throughout the day -- and all from article suggestions in Google Now.
If you aren't seeing things that interest you, you can tap the dropdown menu in the top-right of each card and tap "I'm not interested in this" or "Not interested in this source" to train it towards articles that you actually do care about.
Just because I search for something, say a business, on the web doesn't in any way mean that I'm interested in seeing future news stories about that business.
What I'm not content with is that they're showing it in a wrong language, but I guess I can't ask for good webdesign from someone like Google.
Side-stepping for a minute that Google and governments can also see this data, this sort of wholesale data aggregation and presentation seriously ups the ante for account security.
Getting somebody's Google account from third-party breach-de-jour used to mean you got their email history, or could pretend to be them... But with this you have their browsing, app, search and location history. That is to say, you can discover: What they're doing. Where they're doing it. What they're thinking about (I search everything). Who they interact with.
Worse, I wasn't prompted for any sort of password. Physical access to my computer (and I assume phone) now gives easy access historical surveillance data.
Welcome to the new generation of identity theft.
(I also had no results, though, because I've turned everything off.)
I've been very impressed with their smarts about security, they seem to tow a fine line between security and convenience. Any sensitive account information like this will usually trigger a new password entry (unless you've entered it recently), or 2fa.
https://duckduckgo.com/?q=%22data+are+liability%22&t=ftas&ia...
https://encrypted.google.com/search?hl=en&q=%22data%20are%20...
https://www.reddit.com/r/dredmorbius/comments/3hn4r5/on_the_...
What's worse is the faux 'Silicon Valley' ethos / koolaid they put on us.
A regular company doing this does it for obvious reasons.
But Google sticks to their 'Do No Evil' mantra, which I find entirely hypocritical: 'We say we are Doing No Evil, ergo, we are not doing any evil'.
I find it doubly disturbing.
They're even worse than classical companies, and yet somehow through their own branding koolaid would have us believe that they are 'more moral'.
A 'big corp' like Google uses fairly nefarious practices, makes it nary impossible to 'opt out' of their 'life tracking' measures, and uses that information for their own profit whilst at the same time 'virtue signalling' and extolling some kind of moral premise ... and you buy it?
The lack of self awareness in the Valley is sometimes disturbing.