141 comments

[ 3.1 ms ] story [ 220 ms ] thread
Wait, what? They were saving it all before?
They have been saving it for years. How do you think they give so much away for free? By selling the information they collect.
When you say selling the information , do you mean actually selling the information or selling ad slots to target specific people/groups based on data.
Would it be overly cynical to say that I assume they'll do whichever gets them the most money?
Within reason. Data is valuable. You make far more money gathering data, keeping it private but selling the ability to advertise against that data , than outright selling it. Think of it as “Data-As-A-Service”. Your data loses value if you’re just outright selling it.
If you pushed the consent button when prompted on your Android phone, yes.
It is not as easy or silent as you are implying. If you enable Location History you get a monthly email reminding you that it is enabled, with a link at the top of the email to go turn it off if you want.
Google Maps won't let you set a home or work location without enabling location history. It's bullshit tying.
False. Prove it to yourself. Visit https://timeline.google.com/ to verify that it is off, or to turn it off. Now go to https://www.google.com/maps/ , click menu → Your places → Labeled to see your home and work, or to add one.
He might have web and app activity off, as everyone should...

https://support.google.com/maps/answer/3093979?hl=en&co=GENI...

Fix problems with home and work in Maps

To use home and work when you search or use directions, you must turn on Web & App Activity. If you can't find home and work in Maps, learn how to turn on Web & App Activity.

Oddly enough, I do have "Web & App Activity" disabled (everything disabled except YouTube history to sync watch progress across devices), yet I'm still able to register a home address and ask the Maps Android app to route to it.

...I wish you could delete YouTube history on a 1-week basis, yet Google only allows you to delete it after 3 months at minimum. More tying.

This was definitely the case as of ~1 year ago, in the Google Maps Android map. It appears to no longer be the case on the web or Android interface now. I'm glad Google has stopped doing it, but at this point my trust in cloud services has been spent and I won't be adding my home address or enabling location history (until I travel enough to make it helpful for direction-finding).

Another creepy incident that's happened with me is, with Location History off, the Maps app would prompt me to leave a review for a restaurant I visited and left. So Google (either the app locally, or the servers) is stalking you even with Location History disabled.

That's the juiciest data they can get, why wouldn't they?
> we notify people when we comply with government demands, unless we’re prohibited from doing so

The interesting part here is about which cases intrinsically mandate a prohibition.

All of them. It’s genius corporate-speak.
(full disclosure, I work for the Google but I think what I'm saying is equally true for Facebook, Twitter, Reddit, rsync.net, Backblaze, etc)

That's not true at all. Things like FISA gag orders are relatively rare (and maybe phased out now? Haven't followed that super closely). For a typical search warrant or subpoena, the person being targeted gets an email about it. If you're familiar with "warrant canaries", they're an interesting way to track the relative frequency of unspeakable law enforcement actions.

FISA 702 orders (PRISM) have not been phased out, but in fact scaled up. We're talking 20-50k/year.
> We're talking 20-50k/year

Please give a source for this. The huge range is suspect, and 702 orders aren't identical to the PRISIM program.

Apple did something like 30k per year several years ago (per their transparency report), and Google's numbers are presumably higher.

Your second assertion is false.

Ok, so no source on the numbers.

And you're incorrect - Section 702 of the FISA amendments act of 2008 applies to surveillance programs besides PRISM. Go read about it.

> Haven't followed that super closely

so, they're working exactly as designed, then?

It's nice to virtue signal for the-current-thing and all but what about Google's storage of user data for ad networks?

In comparison, how is Google defending China's citizens from undue "judicial process"?

Keeping someone out of jail is virtue doing, not virtual signalling.

Google has no presence in China and so is not subject to China's judicial process.

Virtue signalling is about the intent behind the action, not the action itself or its results.
Shanghai is the most populous urban area in China and the most populous city in the world. Google is there. https://careers.google.com/locations/shanghai/

Or, go to https://careers.google.com/locations/ and click on Asia-Pacific to see both a listing and a map of the offices in Asia.

Guangzhou Taikoo Hui Tower 1, No.383 Tianhe Road Guangzhou, 510620 China

Shanghai 100 Century Avenue, Pudong Shanghai 200120 China Phone: +86-21-6133-7666

Google doesn’t allow people to target data like this in their ad networks and never has.
Title is inaccurate. They are not auto-deleting searches, but location history. Also, it isn't "health clinics", but a set of places that they are not being completely open about (but which does include some health clinics).
Title is incorrect and nonsensical. Google is removing health clinic visits from location history, not searches.
(comment deleted)
Wanna bet it's just "marked" as deleted, and actually stored forever, to be served in response to any subpoena?
I'll take that bet - announcements like these aren't made just for fun
Not for fun, but definitely for marketing.
I'll take that bet. Google has lots of flaws but it is still has lots of people who are genuinely trying to do the right thing. I just don't see the people at Google implementing a feature like this designed to make people feel safer about their personal medical data only to turn around and betray them to law enforcement.
They could have genuine intentions but still mess it up. Developers messing up secure and complete deletion of user data may be particularly likely since such deletions are not generally common practice (across the industry, not just at Google.)
That's not true at Google though. Google has a systematic user data removal architecture called Wipeout and Wipeout integration is a required checklist item for product launches. Wipeout compliance is systematically monitored by a central privacy group. I've worked at a bunch of companies and only Google has an organized, universal scheme for user data privacy. Everywhere else in my experience is just winging it and has basically no idea what's going on.
If there were one company who I trusted to delete shit correctly, it's Google. There are already loads of other laws that they need to comply with that require unrecoverable data deletion.

Look, I agree Google has tons of flaws, but these types of conspiracy theory "bet they're not going to really delete it" missives don't even make sense if you consider Google's incentives. It would be a gigantic, massive blow to Google if they said they were deleting data and they didn't. There is literally 0 reason for Google to do this. When Snowden's revelations came out, Google was furious and they rearchitected basically all of their systems to encrypt everything at rest and in transit.

"They might mess up" is not a 'conspiracy theory' in any conceivable sense of that used and abused term.

I don't think the competency of any organization of people is ever assured and beyond reproach, but you're welcome to disagree.

You're correct, with that comment I was more referring to the original "Wanna bet it's just "marked" as deleted, and actually stored forever, to be served in response to any subpoena?" than your post.

And while I agree that all organizations can make mistakes, I think it's more important to look at the structure and incentives of any company to see how reasonable those risks are:

1. Google knows they collect a ton of data on people, and they have giant, giant financial incentives to keep that data secure.

2. Google is profitable enough that they can have huge teams focused on data security and integrity (a smaller company may have the same financial incentives to keep data secure, but not the resources to back it up)

3. Google is large and established enough that they can ensure real rigor in their processes (again, as opposed to some rando company that did just enough to pass their SOC 2 audit).

Again, mistakes can be made but we all pretty much take risks every day (banking, getting in a car, getting on a plane, getting in an elevator, etc. etc.), and I think the risk of Google fucking this up is lower than failure of a lot of those other systems.

Would you bet your life on it?

Because that's what we're talking about here in some instances. You're asking people to bet their life on the fact that a theocratic government won't be able to compel Google to give up location data for the purposes of punishing people for what the state says is murder.

So would you bet your life on it?

> Because that's what we're talking about here in some instances

You have to opt-in to location history, and it seems to me Google is trying to act in good faith by automatically deleting information that might be sensitive. Who are we asking to bet their lives? People who don't feel like turning off their phone before going to the clinic and have opted-in to location history?

Isn't location history tied to other, very basic features to compel people to use it?

And I just accepted a software update on my Pixel phone a couple of days ago and found that it had reset my default apps for browsing and music playing -- what are the odds that Google will surreptitiously do the same to my location tracking consent?

I basically "bet my life on it" every time I take an Uber with some random driver where neither I, nor Uber, has much data about their driving ability beyond recent accident/ticket history.

I think the real risk to my life is about 1000 times worse in a car than some diaphanous threat of a future evil government, and I trust Google about 1000 times more than I trust some Uber (or Lyft or taxi) driver.

>If there were one company who I trusted to delete shit correctly, it's Google. There are already loads of other laws that they need to comply with that require unrecoverable data deletion.

They might be deleting the data but are they deleting the metadata? There are always some bread crumbs left.

The people making the announcements, and even some of the engineers working on higher-level systems, might not even know whether the (multiple layers of the) underlying storage system actually deletes or just adds a "tombstone" that won't take effect until the next compaction or equivalent. They also might not know about copies left around in caches, during rebalancing, etc. Or whether "trimming" or overwriting data on a particular device - really anything short of a full device wipe - really makes the data go away. Secure deletion is a harder problem than most people think; I certainly wouldn't assume that Google or any other organization has really handled all the corner cases.

Source: I've worked on many large storage systems, including the largest (by bytes at rest) at Facebook. They were subject to the exact same kinds of requirements as Google, and as the code continued to evolve gaps would still appear from time to time.

Googler here.

We have very strict and very well engineered data retention systems. When we say data is deleted, we mean it. Various levels of automation ensure the data is purged, and all data is tracked meticulously for violations across every datastore.

It's one of those systems I wish we talked about more -- it's a marvel to behold just how much work goes into retention policies and the automation that drives it.

I note that the announcement is VERY VERY SPECIFIC about the data being gone from the opt-in "Location History" feature (with the capitals and everything).

It does NOT say that every copy Google has is deleted. It just says that the user-visible copy is gone.

What about, say, Sensorvault? Or whatever other internal systems I don't know about?

Have you considered the possibility that someone on the inside works for an intelligence agency (domestic or foreign) and is secretly exfiltrating the data for the purpose of obtaining blackmail material?
It's definitely been considered because it has definitely happened before (explore the history of Google cutting ties with China for about a decade).

... in response, Google took measures to prevent that category of insider-knowledge attack. With audited builds, zero-trust internal model (xref BeyondCorp), and infrastructure cross-checked by multiple human beings to guard against hardware-level attacks, such an insider attack is infinitesimally probable now.

In the PRISM disclosure of 2013, the slide deck stated that the NSA had direct access to Google's systems. The deck claimed "collection directly from the servers". That, by its very design, goes around all the safeguards people are discussing here.
>We have very strict and very well engineered data retention systems. When we say data is deleted, we mean it. Various levels of automation ensure the data is purged, and all data is tracked meticulously for violations across every datastore.

Ok, how would you know that is true?

How many ways can you think of would there be for your statement to be false?

If someone "higher clearance" than you decided to make you believe the above, but actually retain it somewhere in someway you weren't allowed to see. Are the number of ways more than one? How valuable could deleted data be in the case of blackmail or espionage? Can you actually be confident that someone above or before you didn't write a false delete function?

I'm not implying, I'm suggesting that "things we know to be true" is a smaller list than people think.

You suspect WIPEOUT is real, but can't actually know, and you are inside. Why would I believe for even a second?

Some of us actually work or worked on wipeout systems. And said systems are run by the team running the service that deals with the data.

Also all the source code (for all systems) is visible to all googlers.

This kind of conspiracy theory is really boring.

Maybe the conspiracy theories are because some have a very long memory:

"NSA taps into Google, Yahoo clouds, can collect data 'at will,' says Post"

https://www.cnet.com/tech/tech-industry/nsa-taps-into-google...

"National Security Letters"

https://www.eff.org/issues/national-security-letters

There is a reason behind the usual in court phrase of "..tell the truth, the whole truth, and nothing but the truth...". So, if a third party would get copies of the data, it would be true Google deleted it...It just not be "the whole truth".

> How many ways can you think of would there be for your statement to be false?

Not as many as you might think.

The systems at Google may seem incredibly complicated--and they are--but when I worked there, the scenarios where somebody intercepts and exfiltrates data without your knowledge are extreme.

> If someone "higher clearance" than you decided to make you believe the above, but actually retain it somewhere in someway you weren't allowed to see.

The way this data is stored, it is designed so that access to the data is logged and the logs have various alerts / auditing procedures to catch exfiltration attempts. SREs will periodically create user data and try out clever ways of destroying or exfiltrating it to test that these controls work. The Snowden leaks also cast a long shadow over work at Google, and since then, basically, all the traffic and data in storage has been encrypted in ways that make it difficult for state level actors to surreptitiously intercept it. These systems are a bit nightmarish to design, because there are competing legal/compliance reasons why data must be retained or must be purged. For example, certain data must be retained for SOX compliance, data may be flagged as part of an ongoing investigation, data may be selected for deletion for GDPR compliance, etc.

Obviously, it is POSSIBLE that someone is still exfiltrating data, but you have hundreds or thousands of smart engineers who are trying to prevent "insider risk" and "state level actors". People within the company are a big part of the threat model, and agencies like the CIA, Mossad, KGB, etc. are also part of the threat model.

The stack may be complicated, but it's also designed with defense-in-depth to prevent people at lower levels in the stack from subverting controls at higher levels in the stack. For example, people who work on storage systems may be completely unable to decrypt the data that their storage systems contain.

If you're going to get pissy about it, it's obviously true that we are not 100% certain that data is destroyed when we say it is. But this invokes a standard for "knowing" that precludes knowing the truth of any statement which is not an analytic statement.

You don't have to believe, even for a second, if you didn't work with the wipeout systems. That's fine. I'm not trying to convince that wipeout works as intended, because I know that I can't provide the evidence to you.

However, you seem to be arguing that other people don't know that the wipeout systems work--that it's somehow impossible to know.

This is just Pascal's Wager.

I can't know, lots of people have opinions, so I should just side with the one (avoid Google) that gives me the highest likelyhood of happiness.

You don't know, that's fine. You were saying that specific other people don't know either, which is weird.
I'm guessing you're speaking non-authoritatively.

The cloud documentation suggests a deletion period of 180 days; so for cloud data, at least, when it says it is "deleted" it seems to mean it will be [fully] deleted within half-a-year. https://cloud.google.com/docs/security/deletion

Why would the Google Cloud data deletion policy for 1/ paying 2/ enterprise customers deleting their own data that they 3/ opted in to store, and then 4/ opted in to delete have anything to do with the retention policy for Google Maps' 1/ free 2/ consumer customers having data deleted by Google that the customer 3/ did not choose to store, and then 4/ did not choose to delete?

At least 4 meaningfully different qualifiers about the situation for entirely separate parts of Google.

Oh for sure, can you point me to some documentation closer to the specific services in question (free maps data)?

I was only suggesting that it might be indicative of the period deleted data ordinarily takes to leave the backup cycle.

Former google employee, no knowledge of current situation, not involved in any of this stuff even when I worked there: different types of data get handled differently. If material is important enough then it's going to be backed up onto tape for disaster recovery purposes. If a user then requests it be deleted, that's a huge pain - the easiest thing to do is just wait until that tape has rotated out of backup, which may take a while.

More sensitive user data is likely to be handled differently - both for privacy reasons and because it's honestly just not as important to keep hold of it (a user's cloud data gets lost? That's a big deal. A user's location history data gets lost? Meh), so it's unlikely to end up in long-term backup storage.

Even the CEO of Google would not have a credible claim to know exactly what is being stored and by whom and when.
Let me ask you about an edge case: someone carries out an arson attack against a clinic providing abortion services and inadvertently leaks clues to their identity when gloating about it on social media, which information finds its way into the hands of law enforcement.

(to downvoters, that's something that happens and I have a specific and recent case in mind)

I think the downvotes are because your description doesn't make any sense. Can you rephrase the scenario to better describe what you mean?

Are you saying "Someone carries out an arson attack, they (the attacker) leaks clues to their (the attacker's) identity when gloating about it on social media, and those gloat-posts find their way to law enforcement?"

How does that scenario relate to Google data retention? Google data retention has nothing to do with Twitter policies.

You understood it correctly, yes.

It relates to Google data retention because law enforcement's next move might be to ask Google for geofenced location data from the 72 hours preceding the attack in hopes of confirming the arsonist's identity.

This would run afoul with data retention laws, which Google strongly adheres to. So it can't be true. It might be true for some definition of it, but not materially when it comes to records access.
How is Google by law required to retain data about my searches? Or specific locations I visit?
What specific data retention laws are you talking about and how do they apply to what is essentially involuntary telemetry?
What data retention law are you referring to that requires search history retention?
“When we say data is deleted, we mean it.”

i guess we’ll take your word for it. after all, you have no motivation to lie.

> When we say data is deleted, we mean it.

So that includes all online and offline + offsite backup systems, presumably? And hopefully any such data is "de-trained" from all applicable ml models and systems, of course.

Without going into too many details, yes. The trick is that you can key sensitive data, encrypt it, and delete it by throwing away the key.

I don't know if Google can do de-training (depends on how the training data is generated), but generally if the trained data can't be tagged for removal it also can't be reversed from the output of the training.

so if I have myactivity.google.com set to delete and not track anything is it deleted?
>Protecting our users’ privacy and securing their data is core to Google’s work.

haha

You can go haha all you want but the only thing it accomplishes is intentionally misunderstanding what they’re saying and then calling them hypocritical for something they didn’t say.

Google’s whole thing is “better living through data organization.” You can criticize that mission up and down but it doesn’t change that for Google protecting privacy and the security of user data means protecting it from access by other people.

Google's whole thing is selling ads and surveillance. Any impressions to the contrary is corporate PR working as designed.

And that's a very cute perspective - for Google, privacy means protecting my data from access by not-Google. But that's not what it means for me.

> But that's not what it means for me.

You made my own point back to me but in a tone that makes it sound like a refutation.

Expecting Google to frame their mission of protecting user data in terms of someone who considers Google themselves a threat is uncharitable to the point of just wanting to be mad.

Your stance makes no distinction between Google collecting data and keeping it between you two and just publishing it publicly.

> Expecting Google to frame their mission

They're not just framing their mission - they're redefining privacy. And there are plenty of companies that minimize the data they gather for exactly this reason ("considering themselves a threat", as you put it). Signal, Red Hat, Canonical, Duck Duck Go...

> impressions to the contrary is corporate PR working as designed

It's closer to propaganda if it serves to keep the rank and file in check.

Yea Google is protecting me from state sponsored hackers but they can't protect me from scammers trying to sell me fake medications or from scareware ads that are trying to lure me into buying their fake software or downloading their malware/spyware.

This are YouTube Ads that I see:

https://i.imgur.com/11J8Jq4.png

https://i.imgur.com/73C7abY.png

https://i.imgur.com/gdg0bqH.png

Such a thing is inexcusable! The only appropriate response must be to stop protecting your data entirely.
How about stop colleting data and change the business model? But ads are very lucrative business. Tbh at least they offer YouTube Premium subscription which is YouTube but ad-free.
> How about

How about just implementing it properly: _reasonably_ as opposed to "are you insane?", _effectively_ as opposed to "If I see this again I swear..", and with "win-win" _satisfaction of both parts_, as in "I am glad I was notified this opportunity: I will take it into consideration".

Don't be so foolish and do a health related search while logged in.
What could be the risks if collecting such data without consent is illegal where I live?
Only a small fraction of people even know they are logged. Only a tiny fraction of people would know how to logout first. It would essentially render their phone unusable.
Don’t be so foolish to think logging out is making your query data anonymous or safe from a court order.
what about cell phone data? The cell providers don't seem to intend to follow, and that data is extremely telling.

The abortion clinics would need their own GPS spoofers and Stingrays, so the data at all levels - Google's, cell providers', etc. - would clearly be showing location other the the clinic.

This comment shouldn't be at the bottom, they're right. An alternate read of these articles is that Google's building an automated system to identify abortion seekers, and you should ask yourself exactly how much you trust Google now and in the future. There are also other sources of location data which will not be following suit: AT&T's funding is the reason OANN exists at all (Google it if you're not already familiar).

If certain justifications are motivated to prosecute this as some form of murder (which is certainly within the realm of possibility now), Google's location history having holes in it when other data sources indicate that someone's phone traveled to an abortion clinic may not work in their favor. They might be better off perturbing the precise location to something else nearby.

This is basically trying to solve the fugitive state act with technology. Nice idea, but seems to seriously underestimate its adversaries

I watch in horror as this dystopian nightmare unfurls. Be strong America, this too shall pass.
Not this time, I don't think. America had a good run though.
This could start an interesting precedent of "protected locations" and hopefully lead to the abolishment of location history tracking that isn't managed by the user.
I wonder about persisting location info in the era of an over-state subpoena. Can I discover someone’s proximity to known locations via Apple?
As long as they keep blocking 99% of searches coming from TOR, any announcements about how much they protect privacy are a farce at best, deception at worst. They do their very best to leave us no place to hide, then carve out a few exceptions of their choosing for what they deem should be permitted activities.
>> Today, we’re announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit. This change will take effect in the coming weeks.

Wonderfully vague. Should be obvious to anyone that deleting merely the track within the parking lot isn't enough. Needs to be unwound far enough to give no clues. Which might be all the way back to home, both outbound and return.

Your Honor, the person in question never visited Location History, so we never deleted the data. That's exactly how we said we would operate.

Oops, sorry Your Honor, scratch what I just said. That was a mistake. I meant to say that our systems never identified the person as having visited any of those places, so we never deleted anything. That's exactly how we said we would operate.

This goes both ways. It will protect somebody who vandalizes a clinic equally as well as somebody who visits the clinic for medical services.
Personally as a utilitarian, that's a trade off I'm willing to make, as I would guess the latter is much more common than the former.
The fact that they STILL don't see how this constant surveillance could backfire any day is beyond me!

What if a country like the UAE or Hungary start asking for location data matching LGBTQ events or locations? How about political/media headquarters location data?

At what point will they realize that surveillance data is radioactive, and manually patching categories will leave people at risk?

What makes you think countries like UAE or Hungary haven't already asked Google for this information?
I didn't want to turn my comment in a did they already or didn't they debate.

The fact that this data COULD be asked for should be enough to stop collecting it.

Honestly, Google doesn't have the luxury of that shortcut thinking. It's very "if man were meant to fly he'd have been born with wings" reasoning.

The amount of good enabled by data collection far often outweighs the bad. Better to collect, use for benefit, and protect than to just say "This area of technology is forbidden to mankind."

Besides, it doesn't solve the problem; countries can do their own data collection without Google.

I don't think arguments of the form "If I wasn't doing it someone else would be" are very persuasive.

Especially given that in all likelihood Google is much better at it than them.

Good for whom? It has surely been good for those who are collecting and distilling the data, but we can say the same for those being watched, manipulated, and worse.
Here's a small set of technologies that benefit the end user that are powered by data aggregation:

Gmail spam filtering, Maps business data, Maps traffic signal, Google voice recognition (basically the entire technology stack, which was piggybacked off of analysis of samples from Google 411 and continues to be refined by analysis of audio snippets from corner cases where the technology fails), search (obviously, it is just a scraper pointed at the web), Google voice spam number identification (crowdsourced signal), Google Translate, Google image search, and of course the ad products that pay for a not-insignificant portion of the sites available on the internet, without which a significant chunk of the internet would go dark unless it was beholden to other monied interests.

Big Data from large user numbers enabled the creation of technologies that had not been possible before at the level of quality that they are now possible. I don't think a lot of people fully wrap their heads around how big data analysis enabled the internet that we know today.

Agreed that big data aggregation can do quite a bit and aid some features. I work with it myself except in operational rather than personal data. Some benefits accrue to consumers, but most go to the holders of the data. Most if not all of these features you mention are accomplished by other companies without the collection of personal data and the many accompanying problems such as creating this surveillance state.

People are making decisions about the products they buy and use based on how they are made and choosing the ethically produced products. If I have a choice in buying something that was produced ethically or not, I almost always buy the one made ethically even if it might cost a little more or be of lower quality.

> Most if not all of these features you mention are accomplished by other companies without the collection of personal data and the many accompanying problems such as creating this surveillance state.

How many are as good, and how many are boot-strapped or piggybacked off of datasets that started as big data analysis and were eventually published? I'm not personally of the opinion that big data analysis is unethical; I think broadly speaking, it's been win-win. Companies collecting the data obviously benefit, and users also benefit because their data, aggregated with the data of others, enables utility for them that they would not have gotten alone.

Was a time we called collective action where people generally benefited a good thing, and novel analysis of available data to draw new conclusions "research," not "unethical."

I have found great alternatives to all of these. They are great to me based on factors I consider important.

I did not say that big data analysis is unethical. It is that which relies on surveilling and manipulating people/cyborgs which is unethical. I work on big data that surveils and manipulates robots, but they are not sentient and have no rights.

What alternative to Google voice recognition have you found? That's the most important one that I cannot find a better solution for.
For text to speech, there are a locally processed options from providers such as RH Voice and Mycroft AI. For voice recognition, I am not aware of any local processing options. Of course Apple, MS, and Amazon have ones that process on their computers. I personally don't have a need for voice recognition and have not researched.
It's pretty key for my use case. And the absolute revolution in that space came from Big Data analysis on hours upon hours of voice samples from people asking real world questions.
Some US states would be interested as well
Just because something could potentially backfire doesn't mean you have to avoid it, but you should have a contingency plan in place.
Deleting data that was just requested by law enforcement will get you in a world of trouble.

I guess you could close shop and leave that specific market, but that's not feasible everywhere.

Well if it gets to the point that the government is going after basic human rights then I think we're already past the point of avoiding a world of trouble.

But for the specific scenarios you mentioned, I don't see what the Hungarian government for example can do beyond just ban Google's services.

That point is reached far more often than many people imagine, and often far closer to home than they imagine, because human rights abuses are typically incremental and selective rather than universal and ubiquitous.

If you look book at the the canonical bad exemplar of nazi Germany, hindsight leads people to conceive of it as a juggernaut-like attack on all jews, communists, homosexuals etc., but in reality it was a scattered and uneven aggression over a 12 year period whose aggregate effect was massively genocidal.

Huge unstoppable genocidal actions that are highly coordinated and happen over a very short timeframe do exist, eg the Turkish genocide of Armenians or the Hutu genocide of Tutsi people in Rwanda. But I believe they're atypical in modern history compared to incremental genocides. The latter can end up being worse because they're easier to deny, dismiss, or ignore as abuses accumulate.

In the specific example, an authoritarian government could not only ban the product but arrest corporate officers/employees; if there are none in that country, it could arrest people attempting to use the prohibited product, or create fake access portals that were actually honey traps.

(comment deleted)
I had a conversation about this rthe day before yesterday with someone providing reproductive health services in Tennessee.
Do you realize that they don’t need Google? Your phone operator can get precise location data all the time even with the dumbest phone. If you don’t want to be tracked don’t use a phone.
> If you don’t want to be tracked don’t use a phone.

Thats old school. You don't not need a phone to be tracked.

If you don't want to be tracked don't go out in public.

> don't go out in public

Please clarify.

> What if a country like the UAE or Hungary start asking for location data matching LGBTQ events or locations?

Then as an American company, Google will generally tell them to pound sand unless the country invokes right to do business, at which point Google gets to do a fun calculus on whether that country's business is worth compliance.

They pulled out of China once over such calculus.

Why would they intentionally sabotage their profits? They're acting in the interest of the company. Any concern for the user stops at the doors of the PR department.

They're doing their best to fight off governments from snooping around in their business, but ultimately this will require regulation if we ever want it to stop.

It's just a shame that governments are kind of interested in the same data these companies have, so there's really no incentive for anyone to change things.

We're living in Orwellian times.

Or Ohwellian: When someone realizes they live in a dystopian world and just says oh well.
"We're living in Orwellian times."

lol talk about hyperbole. Please actually read 1984 and get back to me

I wonder how hard it would be to have my personal residence classified as one of these protected places. Incorporate some kind of business or non-profit, make sure it shows up the right way in Google Maps, then enjoy freedom from Google surveillance.
Related:

Google will delete location history data for abortion clinic visits - https://news.ycombinator.com/item?id=31956944 - July 2022 (28 comments)

Google will remove user location history for abortion clinic visits - https://news.ycombinator.com/item?id=31954401 - July 2022 (158 comments)

Google will start auto-deleting abortion clinic visits from location history - https://news.ycombinator.com/item?id=31953171 - July 2022 (6 comments)

Google urged to stop collecting phone location data before Roe vs. Wade reversal - https://news.ycombinator.com/item?id=31509772 - May 2022 (8 comments)

Democrats urge Google to limit geo tracking to protect people seeking abortions - https://news.ycombinator.com/item?id=31507351 - May 2022 (6 comments)

Lawmakers ask Google to stop collecting data before reversal of abortion rights - https://news.ycombinator.com/item?id=31501871 - May 2022 (12 comments)

On one hand, the deletion net is wide enough that it isn't just about abortion. On the other, the timing is suspect (visits to domestic violence shelters weren't sensitive last week?!), and it leaves out sensitive, legally similar (legality varies by jurisdiction) locations like brothels.
If location history is an important piece of evidence used by law enforcement, then this is tantamount to selective enforcement of law by the mercy of gargantuan corporations. Another step in the direction of anarcho-tyranny.
I'd like them to automatically delete all the data they have on me, and then never collect any more.