152 comments

[ 0.19 ms ] story [ 104 ms ] thread
This is a step in the right direction but my question is what information derived from your data do they retain? Getting rid of the raw data is great but there are still serious privacy implications if they retain highly sophisticated models trained on the data. The simplest example would be retaining a feature vector of your face while deleting the raw photos.
agree with you. I have kept location data on, because its something I revisit a lot, the other stuff is set to delete after 18 months. If I dont notice anything different ill set it to 3 months.

The original post from Google had this line https://www.blog.google/technology/safety-security/keeping-p...

"As always, we don’t sell your information to anyone, and we don’t use information in apps where you primarily store personal content—such as Gmail, Drive, Calendar and Photos—for advertising purposes, period."

>"As always, we don’t sell your information to anyone, and we don’t use information in apps where you primarily store personal content—such as Gmail, Drive, Calendar and Photos—for advertising purposes, period."

Wait, what? Is this some weasel word soup going on?

I do not believe this for one second.

What about this is unbelievable to you?
That the largest for-profit, personal data collection effort on earth would not try to exploit data about email, calendars, photos, files, etc. to sell me more stuff?

What about that is believable to you? You just take them at their word and call it a day?

I'd actually take them at their word that they don't sell your data directly. That'd be fucked up.

They do, however, use your data to make money by slotting you into segments and selling the anonymized _segment_ data to advertisers. It's still extremely invasive, just in a sorta subtle way.

Selling your data directly is the sort of behavior I'd expect out of companies that are evil and don't care about being seen as evil (see: wireless carriers, "location intelligence" companies, etc)

Advertising use is one of the uses I am least worried about, and yet is the only use that they promise to not pursue
Also, while this move is good, surely data that's 18 months old just isn't that useful to Google anymore, right? They've already trained their models and extracted the data they needed. I do see how this can have any real practical privacy effects, beyond someone's account being hacked.
IIRC from looking at this feature somewhat recently, they explain that they are not necessarily deleting the data, only not associating it with your account. OTOH, from what other commenters are saying it sounds like they may want to delete (some of) the data but currently do not do so because it is shown in the account. Presumably they will still keep whatever they find useful.

I hadn't used my account in a while and was going to just "delete" what I could and keep the account. They have a "download your data" button but refused to let me use it claiming they couldn't be sure it was really my account (but not providing any way to convince them), so at that point I decided to delete. Hopefully they did actually delete it. For me, it still showed the older history after I enabled the "delete" older history option (possibly it would have been removed after some delay), so I manually deleted it (it wasn't all that much) and that did seem to remove it.

I hate that I basically can’t ever delete any of my accounts any more. Usually the only option is “deactivate.” I think hn uses that policy too actually
The article contradicts the headline. Existing accounts, though, will still need to proactively turn on the feature

Presumably, the overwhelming majority of HN users already have an account.

the title should be changed
Ok, we've made that clear in the title above. Thanks!
The title was also carefully worded to leave out what data, making people worry that data they want to keep (e.g. their mail/photos/Drive files) will be deleted, just to get the click...
(comment deleted)
I know I am in the minority, but I like the feature of Google letting me know when I've been somewhere in the past or if I have been to a site. I understand the trade offs in terms or my privacy, but I see value in the way they use the data to show me information.
Understand where you're coming from and agree there are real benefits to using your data to improve experience.

I don't think the debate is whether this data can improve your experience. The debate is in how the data is leveraged.

Watching the WWDC 2020 keynote, lost count of how many times the presenters referred to "on device" computation to create the same improved experience you're describing, but without sacrificing privacy.

When Google does it, we know the data is being leveraged not only for the betterment of our experience, but also for the betterment of their advertising products.

Google also has been moving to federated learning for their products such as Translation, Keyboard, Voice Recorder where the data doesnt leave the phone. Your point is fair though reply
Some data could still leave the phone with federated learning. Although it is said to not be stored in the cloud.

> It works like this: your device downloads the current model, improves it by learning from data on your phone, and then summarizes the changes as a small focused update. Only this update to the model is sent to the cloud, using encrypted communication, where it is immediately averaged with other user updates to improve the shared model. All the training data remains on your device, and no individual updates are stored in the cloud.

> https://ai.googleblog.com/2017/04/federated-learning-collabo...

> but also for the betterment of their advertising products

I guess this just doesn't really bother me that much. Honest question - why should it?

I generally filter advertising out of my consciousness. I've clicked on exactly one ad in my life (that mystery box company). Maybe if everything advertised to me was that interesting (to me), it would be a net win for everyone?

Everyone thinks they are not susceptible to advertising.

Advertising metrics continue to prove that they are wrong.

HN will continue to have "contrarians" who think they are smarter than everyone else, and who reflexively argue contrarian positions, like "privacy is bad, actually", not because those positions are smart, but because the speakers are addicted to being "clever" contrarians.

Wow you are so "woke"! Intellect level 10m
Less than 1% of Facebook ads get clicked. Not sure what sort of roi marketing folks have come up with to convince purse strings their ads are actually producing, but if the "marketing" department can't spin numbers to look good, might be time find a new marketing department.

Then you can get 2% of your ads clicked on.

All that said, I'd be interested in learning if my layman's perspective is garbage (which, let's be honest, it probably is).

(comment deleted)
The number is far less than 1%. Other than that, your layman's perspective is correct.

I'm in the custom apparel industry, where a lot of purchases are (were - it's dropped off) driven by facebook ads. If Facebook ads were as effective as the HN zeitgeist seems to think, there would be no other kind of commerce.

advertising is manipulation. It's not even always about a trying to get you to hand over your money, sometimes it's about pushing politics or changing opinions and public perception. You can filter advertising out of your immediate consciousness, but you can't keep it out of your subconsciousness and the ads you can't even remember have an impact on your decisions and your beliefs.
I'm trying to figure out what you're suggesting here. That we should ban advertising? That untargeted advertising is somehow socially better than targeted advertising?

Practically every commercial interaction (and most social interactions) are "manipulation" of some sort. At the moment we're trying to manipulate each other into adopting the other person's perspective. I don't understand what you find insidious about sales pitches; I'm sure they've been with us almost as long as prostitution.

You can get similar functionality by mapping the pictures you've taken using their coordinate metadata. Google is even working on this for Google Photos:

https://9to5google.com/2020/06/11/google-photos-explore-map/

In general, I think "privacy as a right" is a better approach for society. If people want to opt out of privacy, they should have that ability, but that should be a choice.

(comment deleted)
Not everyone snaps a selfie every time they go to the bathroom, so no, a lot of us can’t get the same functionality by mapping photos.

That is not to say your device can’t keep a location history without sending it to someone’s server.

You have a very narrow view of how people use smartphone cameras.

Want to remember your e.g. hotel room number, parking garage floor/zone, or bus stop? Snap. Backup your plane ticket? Snap it. Record the wiring before an upgrade? Snap. To input your dietary nutrition later? Food picture. Part/model number? That's a picture. See behind something? Etc, etc.

The fact you only think smartphone cameras are for "bathroom selfies" (?) says more about you than whomever you're trying to disparage, because you're obviously under-utilizing an extremely valuable tool in your pocket because you've put it into a tiny box and dismissed it.

“Bathroom selfies” is just a tongue-in-cheek way to refer to frequent photo takers. If you’re somehow offended, I apologize, what the hell.

I don’t need to remember my hotel room number or parking garage zone or bus stop every day. Even when I do I don’t need a photo, sorry, got a pretty good memory, and a digital notebook too. Under-utilize, sure, whatever, it’s my fucking phone and I didn’t ask you to judge. The fact is me and a whole host of people I know who don’t snap photos frequently enough (yeah, been talking to quite some friends about how we’ve basically been spending a fair bit of money on cameras that we don’t use very much) won’t get “the same functionality” as you were claiming, so I hope you’re not on a design panel for something like this where people who don’t conform to your expected usage pattern just get a FU.

Also: who the hell keep those parking garage photos around?

> Also: who the hell keep those parking garage photos around?

I do! Although, that's because I don't take a lot of pictures, and I look at them even less, so they just accumulate. But it's rarely become a space issue (because I'm not taking many), so whatever. The act of taking the picture seals the memory, so I don't usually have to look.

> Also: who the hell keep those parking garage photos around?

Storage is cheap. Having the image for some currently-undefined later use can be invaluable. Never using it later is cheaper than the opportunity cost of knowing it was there but now isn't.

Huh? You claim you can get the same functionality of location tracking by just taking photos of everywhere you've ever gone, and oefrha said they don't want to take a picture at every place they've ever gone (like a bathroom). I don't think his take is that narrow or regressive.

When I go to a restaurant I don't like taking pictures of the food, or pictures of the restaurant. I like enjoying the food and the company I'm with - but maybe I'm regressive.

Consent is a big deal. It really grinds my gears when companies (or people) try to be sneaky by treating silence as consent.
I also like this feature - it's never been a problem for me. What is the problem is the data that they keep that I don't easily know about. I may be wrong, but this article sounds to me like it's going to delete the data you use so they don't have to store it (saving space) not the analytics data that they use to show you targeted advertisements.
While deleting data does save space, one 10-minute YouTube video is far bigger than a few years of browsing history. Google isn't turning auto-delete for storage reasons.

YouTube watch data is used to personalize recommendations, and browsing data is used to personalize ads: https://policies.google.com/privacy#whycollect.

Disclaimer: I work at Google.

I just don't get how Youtube recommendations are so bad. So often it recommends me things I have already watched.

Or the algorithm knows I like David Bowie so recommends me "Changes". The most boring possible recommendation it can give to a David Bowie fan.

I really wish it had a setting to up the daring of the recommendation. It seems designed to just never recommend something that I would really hate but in doing so it never recommends me anything all that interesting.

iOS remembers that stuff too. It just stores it device-side and doesn't use it for advertising.

Edit: Turns out it doesn't actually provide a location history visualization like GMaps does - it only shows "significant locations" - but to my knowledge there's no technical reason it couldn't do so

You don't have to save all the user's location data to a central server for the local device to remember your common navigation request endpoints.

You don't have to send any data to a central server at all.

Yeah, Timeline is the only thing that I find useful and wish to keep forever. Other people use photos to remember places they've been. I use Timeline. I like it because it works all the time. I rarely take selfies, because Timeline does it for me. I don't even have to take the phone out of my pocket when I'm tourist-ing.
I think the minority opinion is those who don't like this. This group is much more vocal about their privacy, while the other group is either okay with it or blissfully ignorant. I do prefer an opt-in default though, because the blissfully ignorant shouldn't have to bear such a responsibility.

I too really like this data, specifically location history. It's come in extremely handy for a number of reasons, whether finding a restaurant I really liked but forgot the name of, finding exact dates and times when I was in certain places (which is handy to know if said place had a COVID-19 outbreak, for example).

Even with their infinite retention, I've been annoyed recently at YouTube recommending videos I've already watched. Without the red bar beneath the thumbnail, I might get caught in an 18-month loop of watching the same videos forever...
If they delete your data, it's likely that still happens, just without the red bar...
>I might get caught in an 18-month loop of watching the same videos forever...

sounds like a feature (for them) to me. why bother showing your users new videos when they're perfectly content watching the same old videos over and over again? Better than not showing anything and them leaving your site because there's no more relevant/new videos.

Seriously. It's not like people don't rewatch things all the time. They already know you liked the video enough to sit through the whole thing and it costs them nothing to suggest it again.
The historical problem with a lot of these companies hasn’t been whether or not they keep data, but the lack of transparency and control given to end users about what data they keep and what it’s used for.

You should be allowed to make trade offs between privacy and convenience where it’s available, but it should be transparent exactly what tradeoff you’re making.

In the old days of the web, before CSS became widespread, all links were blue by default and turned purple when visited. Back then people would also bookmark things and organize their bookmarks.

Somewhere along the line, we stopped caring about trying to manage our own information and handed it over to big cloud companies like Google and Facebook. Now we’re seeing the downsides of that tradeoff.

While I'm preety deep in the camp of those who don't want or let google save their history, I didn't stop caring about managing my own information, I just gave up. The amount of info I'm processing today is on a different scale than it used to be on the good old days, and the tools we have - browser history for instance - just didn't scale.
I wish we had a middle ground between browser history and favourites - just a way to preferentially find something I’ve visited and tagged before by keyword that works in the address bar. “What was the name of that one article Among hundreds from 3 months ago about X...”
Perhaps session buddy, if you're the type to have a bunch of tabs on a topic. You can search for names of sessions, or for pages in a saved session.
The Firefox address bar doesn't let you tag things by keyword afaik, but it is pretty good at pulling up articles based on both their URL and title. It's definitely improved my ability to go back and find stuff from a few weeks or months back.
One feature I've wanted since forever is a full text search engine of only stuff I've previously seen before. I've spent hours typing in various search queries for an article I'm sure I read 3 years ago but am fuzzy on the details of. Doesn't seem too hard to do technologically and would solve a real problem in my life.
I am currently evaluating worldbrains memex for firefox. It let's you full text search your visited sites the results can also be included in a google search via the plugin. Sites can be annotated, tagged.
Giving up is the same thing as stopped caring!
The tools that were developed in the interim were designed not to scale.
When I said we, I meant all of us, including developers. Economic forces had a lot to do with it, of course, but developers flocked to SaaS business models and away from traditional native apps. This is a huge loss for user control of their data.

Imagine if that hadn't happened! I think we would have amazing tools for managing our information locally, in a highly automated and intuitive way.

The seeds of these possibilities are everywhere. Search, of course, but also things like tagging and even automatic tagging with with machine learning models. Imagine if Chrome had the same tools for organizing bookmarks as Gmail has for tagging email, plus all of the power of recommendation engines under the user's control.

No, instead Google keeps bookmarks extremely underpowered because they'd rather have people search for everything all the time in order to drive traffic to their ads.

It's not just bookmarks. I didn't realize for a long time that chrome was silently deleting my browsing history. Now I bookmark anything that seems even vaguely interesting, which in turn makes my address bar suggestions less than useful.
Only in the very early days of the web, were links standardized around blue/purple text, and even linked images had blue/purple borders.

But quickly web designers decided that the conventions were boring or ugly, and changed the default color schemes and removed underlines and borders. The web as a whole began moving towards CSS and JavaScript and more full-fledged web applications.

Putting the disappearance of purple links on cloud companies and Facebook and Google is rather preposterous.

The web back then was also useless.

I know because I was there trying to learn programming, or anything, from the web of 1996-2000 and it was a freaking pain, a garbage dump of poor content filled with banner ads and popups and searching on AltaVista and Yahoo! was completely futile. The only useful content I found was not on the web, but in FTP directories. And learning was all you could (barely) do.

People were doing bookmarks because it was rare to find something good, so remembering stuff that wasn't crap was worthwhile.

People tend to glorify the old days. That's because memory starts playing tricks on us.

Google maps timeline allowed me to remain free. Though I explicitly opted into it for this reason.
I would like it if only it was opt in, temporary, and the data usage was strictly limited in scope. I only ever find that combination in open source
The feature is fine by itself and potentially very useful. But it’s not good if that data is mined and sold for profit without the user knowing what’s happening. For example if I could set up it in a way that the data is streamed into a database I control access to, things would be great.
Not minority. I love this stuff too, I can find project links I saved years ago by searching my own history. I like Timeline on Google maps and seeing where I've been. Check out the movie The Circle.
I always find it fascinating when you show up at a restaurants and google says you were last here 4 years ago.
Honestly, I agree with you.

I believe we should have control over our own data, and it looks like Google is giving us that.

So I'm glad we can choose to enable/disable this ourselves.

> I know I am in the minority, but I like the feature of Google letting me know when I've been somewhere in the past or if I have been to a site. I understand the trade offs in terms or my privacy (...)

There is no trade off because you can have both! It's just that Google doesn't offer this.

I am very privacy focused and I do like this feature. I like it so much that I've cobbled together a bunch of tools to do essentially the same thing without relying on Google. I have a program on my phone that is always running and capturing my location and saving it to gpx files in a specific folder. That folder is synced to my desktop (directly over SyncThing), and I can evaluate the files easily with Python to see where I've been at any given time. I usually don't do anything with the gpx files, but there have been situations where I needed to know how long I was in a particular place over a longer period of time (for work) where it was incredibly useful to have the data.

One thing I've noticed is that Google must obviously do a lot of filtering and correction to the data, because my data is nowhere as clean as I've seen on Gmaps, and I haven't found a way to replicate that in any way. My data is totally sufficient for whenever I've needed it, but it's not perfect. The most I'll do is filter out data that is ridiculously out of bounds from what the data directly before and after say, but I wish there were a better solution (and if there is, I haven't found it yet).

I think one big problem with Google collecting all this data is that you don't own it. You can't choose to use this location data to solve your problems in a way that you'd prefer. Instead, you have to hope that Google has covered your needs for the data and if not, tough luck, you're stuck doing a lot of manual work.

One way to do it will be to get OpenStreetMap at least the road and path database. The quality of it vary at lot by cities/countries. The easy way, is to set a reasonable buffer for you GPX points (dunno, let's say 10m at least) and check if they intersect with the roads/path/street they connect to. It is a bit like your way of filtering (and probably a bit like Google must do it : Check around infrastructure and filter based on the probability to be on that road/path/poi between the two points before and after.)

If you want to go the extra miles, I remember this talk of Ilya Zverev "Hundred thousand rides a day"[1] seen at FOSDEM 2019.

[1] https://archive.fosdem.org/2019/schedule/event/geo_gpxtraces...

You know what computers can do for us if Google wanted to respect the spirit of Asimov's First Law? They could do all the things you like with your data while NOT doing want you don't like.

You wouldn't be in the minority if you thought of it this way.

My guess is that Google determined that old data with such granularity just isn't that important to keep around.
One surprising thing I learned by working at these large companies (I worked at Google for 2 years): User data older than ~90 days is essentially worthless. Other companies that I am aware of essentially do not use such data for anything except people management (teams with better historical metrics can hire more, etc).
> User data older than ~90 days is essentially worthlesl

Worthless, commercially - yes.

But priceless and utterly invaluable for historical interest and academic research! I hope Google keeps their Ngram, search-stats and even geolocation history for everyone (anonymized and aggregated, of course) - it'll be an invaluable tool for researchers of all kinds to be able to see, for example, how our movement patterns varied from ~2015 when we started collecting that en-mass to some point in the future.

Ditto Google Street View archives - Street View is now almost 13 years old and I'm looking forward to being able to see how things were in everyday life back in 2008 compared to however things are when I'm old and grey).

This is of course is incorrect. I worked at Google as well, and I can tell you that for text-based ML services 90 days often is not enough.
What I mean is that the data for a particular user is worthless after 90 days (really more like 30).

Aggregated data is useful for building models, but individual user data is not useful for targeting that particular user.

For example, suppose you are ranking search results for Alice. It may be beneficial to include old data in your language model or indexing models. However, it would likely not be beneficial to include Alice-specific features that go back more than 30-90 days. Such features include counters for her actions (clicks, queries, scroll), embeddings of her activity, etc.

On the other hand, site and query specific features would likely be useful for years.

> User data older than ~90 days is essentially worthless.

For an average user, sure. But suppose the user suddenly becomes e.g. an important politician. Now having their history older than 90 days is interesting.

Hard disks are cheap, you can keep everything and wait for the ticket that wins the lottery. If you are a company like Google of Facebook, it is almost guaranteed that you will have juicy material about most people who become important in a few decades. In a few decades, any politician who says "anti-trust" will immediately have their porn history or edgy things they wrote as a teenager leaked to public.

When has this ever happened?
If anybody at Google even attempted to do this, that employee would be fired.
I'm sure they think that. Frankly I'm sick of youtube thinking that watching one video suddenly means I watch nothing else.
This is only for new accounts, current accounts have to manually sign up for this feature.
It makes sense, otherwise they'd be deleting user data without consent. Maybe they could show an opt-in screen to every user pointing them to this setting.
A friendly reminder that the US government can read your emails without a warrant if they've been stored on a server for longer than 6 months.

https://www.propublica.org/article/no-warrant-no-problem-how...

I found the organization of this very readable. Thanks for the link and reminder.

On topic: this just in, person (corporation) who has lied and abused your privacy many times says they promise not to do it anymore, more at 11.

> they can obtain opened email as well as unopened emails that are at least 180 days old with only a subpoena as long as they notify the customer whose email they've requested

This seems to contradict "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized"

I was wondering why you were getting downvoted, and perhaps because the target link describes something a little bit more nuanced than that.

"The government can also get older unopened emails without notifying the customer if they get a court order that requires them to offer "specific and articulable facts showing that there are reasonable grounds to believe" the emails are "relevant and material to an ongoing criminal investigation" — a higher bar than a subpoena."

Data exhaust older than a month is not monetizable for them. This lets them save space and seem nice while nothing changes.
Your comment made me wonder how much cost this may save, in terms of storage, maintenance, electricity, etc. Are we talking petabytes of storage? Could the data include things like imagery or massive encapsulations?
There is no guarantee that this feature doesn't just flip a "deleted" bool column in their database outside of GDPR countries. And maybe derived products of the data stick around for longer, i.e. weights of custom ML models, HMM states, etc.
It's also buying good will with users and regulators since privacy became a hot topic in recent times. Google decided to make it a default to delete any data older than 3 or 18 months. This is a clear sign that even 3 month old data has just marginal value, if any.
Search history, ad clicks, etc. can serialize to very tiny records. I don't think this is about saving storage space. One day of YouTube uploads probably takes more space than every user's data combined.
Sure. Still saves space. Also closes over the envelope of their legal exposure.
Having exabytes of storage space and saving a few TB does functionally nothing.

It'd be like you deleting a single doc file.

> auto-delete activity and location every 18 months by default

Does this mean any data older than 3/18 months is deleted or that every 3/18 months they delete everything?

P.S. I assume that they may have already put a price on 3/18 month old data and decided that by then it has lost enough of its value to make such a loss worth it in order to buy a bit of good will from users and regulators alike.

The former, any data older than 3/18 months is deleted.

so if you set it up for 3 months today, then any data on and before 3/15/2020 will be deleted

The sincere take: It's better for big corporations to move towards more privacy than less, even if it is not enough and they have a suspicious history.
I liked Sundar somewhat when I was at Google, after he shortly become CEO, until 2019 I left.

Looking back, I always felt something missing when I think of him, in comparison to Larry Page.

Right at this moment, it felt to me that Sundar is meant to be another typical professional manager for a "conventional company". The primary issue is that he, like other manager, lacks the inert urgency for their task.

Apple has been playing the privacy card at least 2 years ago. That by itself threatens Google at its core. Yet I never see the decisiveness in rethinking Google's identity; it was always reactionary, 2nd timed, backward looking...

Google is about to decline. Hopefully that will be something like the 90s' microsoft, and waiting for next revival...

That just means their internal processes are now good enough to do all they need to do in 3 months.

Otherwise they would have custom cut-off capabilities, and wouldn’t basically force everyone to turn collection back on at every turn after you’ve disabled it. I explicitly did it three times before giving up, as Assistant would turn it back on every now and then. That’s when I decided I’ll make an effort not to use any G service if I can avoid it.

If Google cared about privacy, they would have detailed guidance on how to let an individual opt-out of every single google data collection point, including:

analytics, recaptcha, fonts, JS libraries.

Except they've inserted themselves at every layer, to the point where you can't avoid your data going via Amazon/MS/Google.

Just the way the US wanted it :)

What irritates me about Google is they go to great lengths to tell you what they don't do but they won't simply come out and tell you what they do actually do. For example, I was reading the privacy policy involving transferring Nest accounts to Google and they say "we absolutely do not use your video or audio for advertising purposes". That's great, but it doesn't tell me anything about other forms of data that could be used for advertising (IP, usage data, whether I am inside the geofence or outside of it at a given time, probe requests, Bluetooth data, device data, etc). I want companies to come out and in clear language say "we collect X data streams, we try to derive the following Y things about you from those X data streams (demographics, whether you are home, other devices you own, etc), and we create Z data products from those derivations which we sell to the following types of companies. If you don't feel comfortable with that then don't use our products." That is what a real commitment to transparency and privacy looks like.
If they loudly proclaim that they don’t use your audio or video for advertising, I’d immediately presume that they do use everything else for advertising.

If after an exam I would spontaneously say: “I absolutely did not cheat on question 3 of the test!”, what would you assume I’d have done on questions 1 and 2?

> I’d immediately presume that they do use everything else for advertising.

For one that's illegal in the EU at least. Due to GDPR Google cannot use your data for profiling without explicit consent.

Thinking about "what they don't tell you" is how conspiracy theories work. Such claims are either evidence based or they aren't.

And don't get me wrong, if you don't trust Google for whatever reason that's fine, I just find your reasoning odd.

> For one that's illegal in the EU at least. Due to GDPR Google cannot use your data for profiling without explicit consent.

And presumably, EU users will get an extra consent screen going into details. But as far as I know, this doesn't imply these details have to be the part of the document called "privacy policy".

> Thinking about "what they don't tell you" is how conspiracy theories work. Such claims are either evidence based or they aren't.

Absence of evidence is only weak evidence of absence, but it's still evidence. In this case, you could call it "being suspiciously specific", which is a known technique of lying by omission.

Privacy policies don't exist in a vacuum - they're formed by entities strongly incentivized to make money every possible way that's not explicitly illegal[0]. So a suspiciously specific privacy policy can be reasonably considered worrisome, especially for a company known to make money off their users' data.

Conspiracy theories are excessively using the "what they don't tell you" reasoning, but that doesn't mean the reasoning itself is bad. It's just one requiring finesse and a somewhat more complete picture of an issue at hand. The best conspiracy theories are ones that balance this reasoning - any more, and they'd be trivially debunked; any less, and nobody would find them interesting.

--

[0] - And some even achieve success by crossing the line into squarely illegal behavior - see e.g. Uber.

The issue is saying "we don't use <these two things>" isn't suspiciously specific. What people actually want, which is "we don't use <these 87 things>" is.
> EU users will get an extra consent screen going into details.

That would explain the unescapable modal "These are our privacy terms" popup that every Google service displays the first time you hit it with a fresh browser...

Obviously nobody reads anything, they just click "Agree".

It's all so broken.

I find the location history feature in Google Maps immensely valuable. Is there any way to run a similar self-hosted feature? I'd love to import my existing timeline if possible.
Ditto. I think it would be great if one could use Google and set to autodelete after 3 months, but still periodically download and import the history to a private instance of a similar service. Same goes for the Search History.
In theory you could just:

- Write your own mobile app that has access to fine grained location, logs it, and periodically uploads the location trace to your own server.

- Download the traces from your server and convert them to an appropriate format.

- Upload the traces to Google MyMaps - or use a map rendering engine you control if avoiding 3rd party online services is a goal - for visualization

By doing this you give up additional features provided by Google Location history - things like semantic place detections (i.e you were at airport X or mall Y) trace error correction, auto-segmentation of traces, etc.

But if all you care about is a seeing a trace on a map, then that should work.

This general approach is already widely used by software that has an external location logging system (i.e. wildlife tracking transmitters, commercial vehicle fleet tracking) but need to visualize/track those on a map.

Disclosure: Google employee but not currently working on Maps.

At least the data collection part is very easy to set up on Android and zero maintenance afterwards:

Use GPSLogger[1] to record the position. It can auto-upload to pretty much anything from DropBox to SFTP (FTP over SSH). It can auto-start on boot, run in background, and rotate files daily. (If you do SFTP, use ForceCommand internal-sftp in sshd_config to restrict the phone to file transfers.) No excessive energy usage.

Use GPSMapper[2] to visualize the GPX files on phone, or https://www.gpxsee.org/ on Linux (this tool works well even with hundreds of GPX files loaded, unlike all others I've tried).

None of the viewers are really "nice" unfortunately.

If someone needs a side project idea, a personal location history visualizer would be nice. All existing tools focus on individual tracks (eg day hikes), there's nothing that does much useful when you dump a few years worth of history into it. Actually most just freeze or crash. But there's so much that could be done (performance, filtering by time, exporting/sharing specific parts, postprocessing like removing outliers, correcting cut corners by matching against a map, detecting places/businesses and hyperlinking to services like AllTrails, visualizations like speed over time (this part is common) but auto-detecting and showing this for all traces along the same route (no software does this yet) (think "how fast was I on which part of my commute each day over the past year"), multi user eg. family capability, etc.)

Of course even if viewers are limited today, one can still collect the data in case someone writes a better viewer tomorrow ;-)

Google Takeout can export raw location history, and there are tools to convert that standard GPX.

Only issue I have with GPSLogger is that the accuracy filter is not adaptive. At a high value, you'll get outliers, at a low value, it won't record during flights.

[1] https://play.google.com/store/apps/details?id=com.mendhak.gp...

[2] https://play.google.com/store/apps/details?id=com.mendhak.gp...

There are multiple apps on Fdroid that log your location. Most of them are designed as fitness/walk trackers, but there's at least one that reports to a self-hosted server.
Personally, I'll be retaining my data indefinitely. I like that they give this option, but I've used the indefinitely retained data multiple times and never been hurt by it, so far as I know.

I've used it for "When did we go there?" Type questions, or "What was the name of that restaurant?" And also, just sitting down to look at the history and see "What was I doing X years ago" brings back memories. I think it's neat to see something like, I went to the theater three years ago? What did I see? Ohhh, I bet it was X! I feel like it's something like an automated diary of my life.

Pro tip if you want this and also value your privacy: take photos of places you visited, books you read etc. on your iPhone.

On the Photo map you can see your photos grouped by location, on the normal photo timeline grouped by year/month/day and the ML powered search is good enough to recognize stuff like “book”, “restaurant”, “beach” etc.

I want to keep this data, too. But I want to keep it on my own devices, in my home, running software that I control. This option doesn't exist yet.
I suppose there's some way to download it from Google. If nothing else they'd to support GDPR. If you could download it, ingest it into some system, maybe add a shell script on your phone to ping a server once a minute with your geo data or something...

It seems doable, but also like it would take some effort to get to be nearly as good as Google is now. I get why some people want to be private from Google, but it doesn't really bother me.

Browsers are IMHO the biggest culprit, I really wish Chrome had an option to have a longer memory of things like visited pages.

On the other hand, Chrome remembers some thing for far too long, sites that I haven't visited for a long long time still exist in chrome://settings/siteData?search=cookies+and+site which is rather annoying.

Alice (Imaginary VP of something at Google): hey, Bob, could you please plot usefulness of data by creation date?

Bob: sends the chart

Alice: Carol, could you please chart the amount of data by creation date and send me alongside with our storage costs?

Carol: sends the information

Alice: does quick cost benefit calculation, fires up an email to Diane in PR

Alice: here is how we spin it...

This is a great discussion forum to surgically point out the flaws and hypocrisy of big players in the tech, especially on privacy. However, do you think Google (or any other big firm) executives look at discussions in Hacker News to improve their future policies? What could we do more than just having a discussion on these issues that we see everyday? Opting out of Google is sadly too painful to be a viable option.
This is an easy give-away for Google, they are essentially giving users the option to automatically delete data which has no value to Google themselves. This isn't really a win for consumers and privacy at all.
I have the impression that Privacy to Google only means that it is difficult for a human to see your data. They don't see an issue with their software using your data.
What about the "profile" (i.e. the model) of me that is created based on the history? i.e. https://adssettings.google.com/authenticated?hl=en

I'd think thats more valuable - raw data would not really be necessary unless they need to re-learn things.

I’m not 100% sure I mind the profile as long as the data behind it is gone. It adds an element of “cant confirm or explain” the profile which means you cannot be as convincingly associated with it. Still not ideal but a big improvement to me
(comment deleted)
How useful would it be to target ads based on what you did 19+ months ago? If you ignore privacy, it seems like the model needs to be based more on a moving window of what's relevant to you now.
Well I want to keep my data basically forever. I just don't want Google to have a copy of it. Possibly what is happening here is the exact opposite.
It's difficult to have both, no?
Do I have to do anything to ensure this stuff doesn't get deleted for me? I really like Timeline and don't want it truncated.

It looks like I have to do nothing but I'm not sure.

Important distinction: it’s for new users only. Existing users will need to opt-in.