15 comments

[ 0.16 ms ] story [ 32.4 ms ] thread
Thanks - this is way more informative than the article.

Google certainly should be doing more to combat this issue, but the crux of this issue seems to be that there are a lot of intermediaries and consumers (teachers and schools) in the ed-tech industry with a very clear obligation to do more about this but aren't.

Well hold on a minute. Part of the problem here was that when Google Apps for Education (GAFE) was introduced, privacy and security were touted as huge selling points. For years IT administrators in Education were told that GAFE was different, GAFE was a service for schools, it respected FERPA guidelines, it was isolated from the rest of Google's ad services.

But years afterwards, once everyone had migrated over, integrated everything with Google, then they it broke that Google had lied. And it's not like people sat on their hands either - there was a lot of anger and many complaints. But that only goes so far when you have an Education IT budget - migrations take a lot of tim and a lot of effort, and a lot of money.

The schools got conned hard, and it's not something you can just decide to switch on a dime either. Some Ed-Tech folk certainly carry the blame for evangelizing for Google, but the Education IT Administrators need to be given a break here when everything led them to believe Google's advertising.

You're expecting me to believe a company that relies on soaking up personal data, and tried to pull the "We will do no evil", is stiĺl at it? Say it ain't so.
Well, yes. We expect that when a company presents a legal contract promising not to do something and that service X doesn't do action Y that it's truthful. If they want to enter into it to intentionally violate said contract, it just seems absolutely bizarre that they'd even present a contract in the first place.

I get the feeling that this wasn't some insidious conspiracy from Google to get us hooked on GAFE so much as internal forces at Google not talking to one another and data-collection ultimately winning out. I find that the more complicated explanation is Google decided to do this despite the risk of fighting fines and additional regulations from the government as well as potentially thousands of institutions, and potentially tens of thousands of individuals led to believe the terms and conditions of the contract were different than what Google presented, as opposed to Google made GAFE and presented it at face value, and other forces within Google decided to go ahead with the data collection anyways. Right hand not knowing what the left is doing just seems more plausible and reasonable.

I don't know either way, and cynicism can be healthy, but this just feels like cynicism for the sake of cynicism. Yes, Google is a data blackhole, and it's an unscrupulous company, but this would just be absolute incompetency on their part. I'm not denying the possibility, but that's a big pill to swallow.

Citation needed
Right here on their page: https://edu.google.com/trust/

They promise not to do the things the EFF specifically calls out and the page has since been updated to change some of the claims that data is "not collected" to "data is not shared".

I skimmed the report but has been unable to find out how the EFF knows that Google collects more than they pledged to.

I am not trying to cast doubt on the report, I am genuinely curious.

The privacy implications of using ChromeOS has always been horrible. You cannot use this OS to its fullest extent without signing in. And once you are signed in, it tracks everything you do online. Even printing to your desktop printer routes the print request through the cloud first (where its recorded by Google) and then back down to your computer. (Google doesn't look at your documents when you print but they still know when you print and how often. They also record the print job title, which can reveal a lot about what you're printing, and the printer you have.[1])

Imagine if every time you saved a document in Microsoft Word or Apple Pages, a record of when you saved, and how much time you spent in the app was saved by Microsoft or Apple. Now imagine every app you run in the OS tracks your activity to some degree, and every website is tracked too. Imagine this wasn't anonymous either because you'd signed into the OS and your account has your name, your gender, your location, your date-of-birth and even your mobile phone number. In other words, some of your most private and personal details tied to your activity in the OS.

No, this isn't a dystopian episode of Black Mirror, but real life. It's called ChromeOS and it's spread like wildfire in US schools. It should never have gained a foothold in Education without stronger privacy assurances and a guarantee of no tracking of students (who don't even have any choice in the matter).

I'm just utterly baffled by the response of the tech community toward Google on the issue of privacy and data collection. There is a strong double standard.

Microsoft and Facebook are, quite rightly, criticised and scrutinised over the amount and the degree of tracking they undertake. Meanwhile, Google, who capture unimaginably huge amounts of data on users, escapes any scrutiny.

Assurances that the data is "anonymised" or aggregated are not enough. The sheer scale of the data collected, even in aggregated form, lets these companies interrogate the data in ways we simply can't imagine.

I don't blame ordinary users for not fully understanding the privacy implications and the myriad and insidious ways they are tracked. But what excuse does the tech community have for giving Google a free pass on privacy and online tracking?

[1] https://support.google.com/cloudprint/answer/2541843?hl=en&r...

> But what excuse does the tech community have for giving Google a free pass on privacy and online tracking?

Apparently it is still many people's dream at SV to work there, so they keep their shinny new rosa tinted glasses on with regards to Google.

This is typical modus operandi for Google. Ad company promises not to do its dirty analytics on students/health data/government data to get the contract, then it turns out they don't give a crap and do it anyway. Solution: don't use Google for anything, especially don't hand them contracts to handle data for large groups of people.

"Imagine if every time you saved a document in Microsoft Word or Apple Pages, a record of when you saved, and how much time you spent in the app was saved by Microsoft or Apple. Now imagine every app you run in the OS tracks your activity to some degree, and every website is tracked too."

You've just described Windows 10 telemetry. This is how low the privacy standards are for the US software giants.

I remember being part of a School District who was GAFE for 5 years before Google rolled out its "Google Vault" feature. You enable it to give yourself access to email/google docs ediscovery for FOI requests.

Creepy thing is, when we turned it on we could see deleted emails including spam, everything imaginable that had been sent, received, or created for the entire previous years we had been a GAFE School. Before Google Vault even existed. We don't have control over the collected data, these companies just give us the illusion of it by letting us disable our own access to it.

Don't want Google now notification for in store deals on your android phone? Ok, you can disable it...but Google is still tracking what stores you go to when and where.

A big thing I've seen that keeps schools in GAFE is affordability and ease of management. IT department workloads plummet, so no arguments from them. Also imagine the nightmare of trying to export all of your google docs to another platform somehow.

I don't like it and it isn't right, but before this can change I think we'll need good open cloud alternatives with easy migration paths. As far as chromebook hardware is concerned, we'll need another viable cheap alternative that respects privacy.

CopperheadOS is a mobile OS based on Android (AOSP, specifically) which doesn't ship any closed-source code and takes your security and privacy seriously.

I'm nothing to do with the project, I just like it.

https://copperhead.co/android/

I used to work in edtech and spying on students was seen as "normal". Schools are the main source of feature requests that allow them to see everything a student is doing or has done. Worse is most SIS are very insecure and full of sql injection issues. Not to mention that they use FTP and not SFTP to transfer data.

On top of the chromebook Google has the classroom project which also pulls all roster data from a school and stores it on their servers...

While I think that using Chromebooks in schools can make sense in many cases, I find it pretty bad that Google accounts are permanently tied to real identities of young kids. Schools should assign account names that are easy to remember but in no way use real names.