Google had a brilliant advertising business with AdWords originally, where the ads were simply based on the search term and not a bunch of Orwellian surveillance on the person searching.
From the research I've seen, all this privacy-invading crap doesn't even improve ad performance much - it's small incremental gains at best. And per this article, those gains are clearly coming at the expense of user trust and goodwill, something not reflected in click thru rates and RPM.
Here's hoping we can get past all this invasive retargeting / surveillance / privacy-invading crap and get back to straightforward contextual ads, like car parts ads on a hot rod website - our world would be better for it, and maybe Google could restore a little of its rapidly fading goodwill.
The word advertising itself has been co-opted. It is like "freedom" or "justice" that is ambiguous and means one thing to advertisers and another to the public.
I'm reminded of the vitamin water lawsuit
"Coca-Cola criticized the suit as "ridiculous" on the grounds that "no consumer could reasonably be misled into thinking Vitaminwater was a healthy beverage"
The point being that normal people think "advertising" means showing a picture of a car or cereal, and google thinks advertising is identifying the individual.
I really hate that “reasonably think” defense. Yes most people, including myself, did think that vitamin water was healthy until reading the nutritional sheet. It’s one step away from selling chocolate as, “good for you bars,” and claiming no reasonable person would think they’re good for you.
I hate the lawsuit in the first place because nutrition information is printed on the back of every single bottle for exactly this reason and any actually concerned consumer (any reasonable thinking consumer) will simply look at the nutrition label when making purchase decisions. It was marketed as vitamin water because it does focus on providing additional vitamins. So what do we call it? Vitamin Sugar water? This drink has vitamins but please don't drink it persistently or you’ll develop type2 diabetes water? Relatively healthier than Coke but not as “healthy” as diet coke with added vitamins water? Does “smart water” make your smarter? Also most vitamins in dry form are mixed with 2-8 grams of sugar. Should those be renamed?
The real tragedy is people are woefully undereducated on the damage that over consumption of carbohydrates and sugars does to your body. So even when they do look at the label and see 13 grams of sugar per serving and 2.5 servings per bottle (the comparable bottle of Coke has 55g sugars so you don't have to search it) they’re helpless. And that seems, as far as I can glean, to be a giant corpo-political conspiracy because we had a lot of grains and corn syrup in the US and needed to make people believe it was okay to consume it all despite conflicting science. “A healthy (carbohydrate filled) breakfast (of Cheerios) is good for the heart kids.” So if anyone is to blame it’s essentially ourselves for letting capitalists control the narrative around what goes into a healthy diet and lacking the political wherewithal to develop dietary recommendations that are based in science and not big cereal marketing. There it is: advertising.
> It was marketed as vitamin water because it does focus on providing additional vitamins.
water + vitamins = vitamin water. But that's not what this is. So it's a misleading name.
People shouldn't have to be educated in order to make good decisions. A beverage company shouldn't be misleading people, it should be making beverages and helping people find the beverages they would want if they were educated about them.
To respond to your point, though, the application of your philosophy simply doesn't yield a remotely familiar society. I understand how it is alluring to, in an isolated example, argue that stupid people must be coddled. But if we have to build a society where nobody can make bad decisions then we have to apply this filter everywhere. What's the end result? Humans are no longer allowed to make any decisions because they could make the wrong one. Instead a central authority must decide for them. I don't see how this is even remotely tenable.
Now if you want to devolve into a discussion about how democracy itself is in fact a failure because it depends on an educated electorate, which we clearly don't have because we can't trust ourselves to make good decisions, that's a whole different topic. But I'm trying to apply my argument in the context of the world we live in currently to keep it somewhat grounded.
Fantasy names are a psychologically manipulative marketing tactic deployed to cause you to associate the thing you are consuming with something unrelated to the thing you are consuming so as to divert your attention from the thing you are consuming to some other (presumably more exciting) topic thereby increasing likelihood that you consume the product. Or they're a brand identity entirely divorced from the actual nature of the product which would also require you to look at the label into order to discern the healthiness of said product.
My side is that it’s absurd to hold Coke responsible for not choosing a name that might be misleading to somebody. And that I find the VitaminWater trial absurd. My point about fantasy names is exactly that they’re not any different from VitaminWater so what gives? It’s rhetorical.
Marketing is all manipulative tactics born out of a desire to push more product not help people be healthy. Assuming Coke is somehow responsible for our health is skirting personal responsibility and passing the blame no different than the “fast food makes you fat let’s tell McDonalds what type of oil to use but not the restaurant down the street which is twice as unhealthy” mentality. It’s downright irresponsible to operate under the assumption that a company’s marketing department is going to give you an unbiased wholesome view of reality. I don't see how pretending Coke is some angel of healthy drink knowledge and herald of good diets that fell from grace with vitaminwater because they neglected to mention in the title “oh btw there’s some sugar” so must be punished is anything other than blissful ignorance at best.
My visceral reaction to the absurdity of the trial is derived from what I perceive as lazy inconsistency in how we approach the ethics of advertising. Cherry picking VitaminWater, a drink where the facts are spelled out explicitly on the label on every bottle, of all things, feels more like an effort to dodge responsibility by attacking big soda than a true attempt to ask whether we should be allowing corporate propaganda to influence certain aspects of society. I really don't want the courts having an opinion on what makes a healthy diet. And I don’t want companies doing so either. It’s not a disagreement that we shouldn't try to stop manipulative marketing. It’s that I don't want any company anywhere trying to tell me what is healthy and what isn't when there is money to be made based on the message they present.
Essentially I believe all marketing is manipulative and we should do away with all of it of we truly want to build a smarter society.
I knew parents who didn’t let their children consume media with commercials. The internet has certainly made that more difficult and I don’t know how it turned out for them.
So everything that has sugar in it but doesn't explicitly spell it out in the name must be renamed to include a reference to sugar in the name? Frosted flakes -> sugar frosted flakes, rice crispy bars aren't just rice + crispy, they're rice + sugar + crispy. Orange juice -> orange juice and added sugar. I mean come on it doesn't work.
All that said, the term vitamin is also entirely subjective. Nothing about "vitamin" to me ever implied "healthy". It simply implied "has vitamin". It's just all around absurd.
Having a small (200ml or so) glass of orange juice once a day is going to net you most of your daily vitamin C requirement and a third of your recommended daily sugar intake. Whether it's healthy really depends on what the rest of your diet looks like: if you mostly live on sugary cereal, pizza, and chicken nuggets, OJ means you've got something vaguely fruit-like in your diet. If it's possible to substitute it for actual fruit, actual fruit is better, but the perfect is the enemy of the good.
Sometimes I worry that "X is unhealthy!" can make people eat an even worse diet.
> any actually concerned consumer (any reasonable thinking consumer) will simply look at the nutrition label when making purchase decisions.
That isn't the definition of a reasonable consumer. Reasonable people don't have infinite time to second guess everything that people trusted to give them health information are saying. If they imply it's healthy and they're trusted to tell you whether it's healthy or not (i.e. they're trusted to publish nutritional information on their bottle), then a reasonable person should be able to trust the implication. We've all got too much to do to assume that someone is both misleading and telling the truth at the same time.
As for names, the could have called it Nigglepuff Drink. Nigglepuff Drink does not imply any untrue health claims and it is not associated with any f&b products.
You've trusted Coca Cola to give you health advice? No offense but that's patently insane. Your doctor gives you health advice not a sugared soft-drink company with a motive to withhold any negative information about its products from you so you'll continue to consume them. I assume you trust Google to give you privacy advice, no?
I don't know what a reasonable consumer is then. The first thing I usually do when reaching for a new drink is glance at the nutrition label to make sure I'm not consuming 55 grams of sugar. It takes less than 10 seconds. I learned this from my mom, who was generally concerned as a parent about making sure her children were eating healthy. It's not rocket science.
I personally don't understand how Vitamin == Healthy. Maybe I'm N == 1, but the claim "has vitamins" which is what "vitamin" in the name implies to me is not, in fact, false. The leap from "has vitamins" to "is healthy to drink with abandon" is the problem here. Maybe if you could prove that the company knew the drink was unhealthy and deliberately fabricated the name so as to mislead their consumer base into making unhealthy choices, you might have a case?
But by this argument any instance of a name where somebody could plausibly make that type of jump must be regulated. If I was taught that fish are healthy because they have healthy fats then I could reasonably make the association that fish stix are healthy. Couldn't I?
>To those men in their oddly similar dark suits, their cold eyes weighing and dismissing everything, the people of this valley were a foe to be defeated. As he thought of it, Dasein realized all customers were "The Enemy" to these men. Davidson and his kind were pitted against each other, yes, competitive, but among themselves they betrayed that they were pitted more against the masses who existed beyond that inner ring of knowledgeable financial operation.
>The alignment was apparent in everything they did, in their words as well as their actions. They spoke of "package grab level" and "container flash time" -- of "puff limit" and "acceptance threshold." It was an "in" language of militarylike maneuvering and combat. They knew which height on a shelf was most apt to make a customer grab an item. They knew the "flash time" -- the shelf width needed for certain containers. They knew how much empty air could be "puffed" into a package to make it appear a greater bargain. they knew how much price and package manipulation the customer would accept without jarring him into a "rejection pattern."
>And we're their spies, Dasein thought. the psychiatrists and psychologists - all the "social scientists" we're the espionage arm.
Reminds me of a video I'd seen on nestle chocolate drink/nutella being advertised as healthy foods[1]. Marketing/advertisers are the real villains in 2XXX.
Yeah they should really teach that at school: There are only a few things that are true on food packaging and they are government regulated. The rest is baloney and should be ignored. Oh and for next week prepare an essay on why some still thing small government is a good idea.
Insightful reasoning. The moat that Google built and maintains with privacy invasion is a legal moat rather than a business moat.
A competing ad service, naturally much smaller at first, would be hard pressed to replicate[1] even part of Google's privacy-invasive targeting, due to the costs involved. Even more importantly, a competing ad service would be nigh unable to replicate even part of Google's privacy-invasive targeting, due to the legal protections and regulatory oversight of privacy. It is much easier for a large, well established business to "continue as it always did" and get either a nod of understanding, or at worst a slap on the wrist from the regulators - than for a newer, smaller player to start doing anything shady. In the later case, stiff penalties and "making an example of" can be expected for variety of reasons - the new player tends to not be well connected in the regulatory circles, and tends to be less influential on the local economy either, thus there's little downside for slapping the new player hard.
This is yet another case where regulatory framework with somewhat arbitrary enforcement (relevant fines have wide ranges; judicial injunctions are optional and discretionary) entrenches and unfairly protects from competition the existing large market players.
--
[1] sadly, ability to replicate minute features is key to provide "bullet-point engineering" and getting sales to casual buyers who are easily impressed by long feature list - and to advanced buyers who are trying to squeeze every last bit of advantage from the service.
My opinion is that the target ads is just a cover, the real reason they want to track users is to give more data to their in-house AI system that learns what people do once they reach certain page. This knowledge (what people will do) is what is important to them, rather than simply showing certain ads. For example, if Google knows the profit potential of certain actions, they will raise the ad cost on that property by the true value, instead of relying on non-targeted auctions.
If this was true then every single ad campaign would be worth it then, no? I thought that lots of people try Google or FB ads with a couple thousand dollars and never recoup operating costs. If Google knows how much profit a certain page could bring then they could also tell you exactly what to price your product at to maximize returns.
> From the research I've seen, all this privacy-invading crap doesn't even improve ad performance much
Which research? From my experience, personalized ads perform ~50% better than non-personalized ads. This would also explain why Google and Facebook are fighting tooth and nail to keep their tracking infrastructure.
You shouldn't lump search ads in with display ads -- search ads are relevant to the search terms, and are much more valuable than display ads. Search ads get a much smaller lift from personalization.
Well, Google lump search and display ads together themselves. You can run display ads as retargeting campaigns from search ads.
> Search ads get a much smaller lift from personalization.
Search itself has seen huge improvements from personalization. It's hard to imagine that the same shouldn't be the case for the ads shown for a particular query as with the results.
It depends a lot on the content. If you're targeting a lucrative niche, contextual ads can be effective. But for the majority of (mostly low-quality) content, it's hard to find well-matched ads. The study you cited is based on "a rich dataset of millions of advertising transactions completed across multiple websites owned by a large media company". It's probably not that representative.
That’s not what a fiduciary duty is. The fiduciary duty is for a broker dealer to act in your best interests rather than rip you off.
A company’s management has a duty to shareholders to work on behalf of the shareholders and not on behalf of their own well being. That usually means profit because that’s what most shareholders own the company for, not for charity. But there is no particular duty to maximize it at all costs. Damage to reputation and legal risk and the like are real concerns.
If anything, it’s the self-interested managers violating their duty who cut the most corners and burn goodwill, in the name of hitting short term goals and chasing their bonus.
As an example, if shareholders invest in your company despite saying you will never show targeted ads then they can't sue you for not showing targeted ads to increase profits.
Yes, company has fiduciary duty towards its shareholders. That term applies to any situation where there is trust involved, not only brokers. Though it's mostly applied to financial advisors and fund managers.
It's not much, and there's certainly room for considering ethics. In fact, you can do nearly anything that isn't actively repurposing part of the business for the directors' own use.
For example, one of the landmark cases affirmed the Chicago Cubs' right to leave tons of money on the table because their president believed that baseball was a "day-time sport" and wouldn't install lights for night games.
This is a huge oversimplification. Short term gains of breaching ethics might result in middle- and longterm reduced profit, regulatory action or opportunity for other players to eat their lunch. Businesses can follow ethics if they decide to, even when breaking them results in more immediate profits.
I've seen people state this before and it's just not true.
Companies absolutely can be good environmental stewards and pay their workers well in the interests of making money.Just like they can donate to charity while still doing proper fiduciary duty.
Do you mind if I ask you why it is you believe(d) that to be true? I'm really quite curious. I've seen others claim the same thing, as though it's some sort of law and doctrine.
Try turning on a VPN from another country, opening an incognito window and doing a google search for 'pizza'.
See how the results are nearly useless...? A bunch of delivery services that don't deliver in your country, who want payment in a currency you don't have, and all written in a language you don't speak.
Location at the local level matters less, but even so it makes some search results substantially more useful. That is a benefit that other search providers (who don't have strong control of the browser/platform) will not have. It makes the moat bigger.
This isn't normal? Due to ISP internal networking, my exposed IP address either gets geolocated to my state capital or a state capital on the other side of the continent. And I like it that way. Wrong country might be annoying, but preferred language will get that right enough.
I get mistargeted geographic ads all the time; not on a VPN.
Heck, I even get ads in the wrong language.
Hint: Instead of noticing that I’ve been doing manual labor recently, and inferring that I’m not a native English speaker, just use contextual targeting: show me ads in the same language as the content I’m watching.
Ad blockers are making the problems tracking-based much, much worse. Whatever signal is left after people block aggressively block trackers is actually just noise. Hopefully the market will see this and self-correct.
> From the research I've seen, all this privacy-invading crap doesn't even improve ad performance much - it's small incremental gains at best
but at their present scale this small improvement would mean a lot of money, wouldn't it? Lots of businesses find that it is harder to get significant gains (i think they call that the 'law of diminishing returns'), however the stock market is demanding steady growth figures.
i guess location data is important for targeting of local services: you can't push an add for a specific restaurant to a person living in a different city; now if you know that he may be going to that city, then that's a slightly different thing.
I think the alternative to all this tracking would be to push more yellow page directories like DMOZ or jasmine directories, but I don't know if you could do that in practice. Another direction would be to push a directory of specialized search engines, like duckduckgo bang! operators (shameless plug: here is my directory of these https://mosermichael.github.io/duckduckbang/html/main.html )
What research? Multiple companies which use these practices have grown from zero to trillion+ dollars in market cap, so I find it hard to believe the narrative that all of it is useless and ineffective.
It doesn't have to work. Your customers just have to believe it works. Even just have to believe it might work, since they are looking for any competitive advantage. You need research to show it help just as much as you need research to show it doesn't.
I think you will find both sorts of research, because it seems obvious that results will depend on what sort of web site you run and what sort of audience you have.
Note that contextual ads still perform better than personalized ads on search results, given how you still don’t see eg. Spotify ads on search results for anything other than music.
Can someone point me in the right direction regarding the mentioned research? My feeling is still that google know what they are doing when it comes to ads.
I think that big corp must always grow (in earnings ) or various manager hierarchies start having problem.. sometimes this need forget to consider ethic , trust , monopoly , roots , ...
There’s a huge privacy battle on the horizon in tech. The initial scuffles are just the beginning. Google and Facebook’s business models depend deeply on being able to track information that consumers are increasingly unhappy to share. Both companies attempts to diversify their dependency on such info for their revenue have been broadly unsuccessful (Google fiber or a Google car anyone?).
Meanwhile the likes of Apple and others are taking a stance of making it increasingly hard for Google and Facebook to do what they want to via updates now advertised as “features” that protect consumers. As these documents highlight Google knows consumers want this privacy and it scares the $&!& out of them. Interesting days ahead.
as an American skilled in computer science, I am literally aghast at what the mobile phone has done in barely fifteen years, degrading decades and in fact centuries of individual rights mores.
Meanwhile, as far as I can tell, in East Asia, there was a completely different series of social evolutions, such that a large majority of people are not bothered and in fact expect services tied to identity tied to finance. This conveniently is expressed by a government issued ID tied to a smart phone number tied to banking. There are exceptions but not the majority. This simple formula is repugnant to my US Western sense of social boundaries.
Investors are the ones that seem to have no problem with individuals giving up their privacy, while the people in question cross the gamut of social condition.
In a way it seems pragmatic. You say all the boundaries are being violated, you might as well get something out of it. Also I’m not sure there’s a lot of difference in loss of privacy and tapping or swiping a credit card.
Using a credit card still has an easily recognizable physical interaction element that’s easy for most people to understand. “I swipe my card, so my card company and maybe others know what I bought and where”.
The pervasive passive collection on a mobile phone is harder to internalize. “I carry a persistent, always on radio beacon that can record and transmit to arbitrary third parties all of my actions, searches, continual location, contacts both electronically and in person, and is tied directly to my identity (many countries require ID to obtain a SIM card)” is not how most non tech people would describe their mobile phone.
Sorry I was ambiguous in my comment. The smartphone itself is a different privacy question, but is the digital transaction interface losing anything more than a credit card swipe?
I wouldn't say it's misinformation/FUD, if anything they missed a point or two. It's also the main interface to social media platforms with systems that are designed to take as much of your attention as possible, in an effort to use psychology to take ownership of your focus.
> Also I’m not sure there’s a lot of difference in loss of privacy and tapping or swiping a credit card.
Well for one thing, at least in my experience, most credit card transaction data does not include granular information about the transaction (like the list of groceries you bought).
> Well for one thing, at least in my experience, most credit card transaction data does not include granular information about the transaction (like the list of groceries you bought).
No, that information is collected as part of the "points" discount card and then sold to advertisers together with your credit card transation data.
Also, I know an engineer that was inside a monstrous grocery chain many years back. Back then the payment and loyalty systems were separated by technical measures and firing level policies. If you used a CC without a points card they were not able to associate it to any kind of account.
Obviously the CC processor could but they didn’t get a list of purchases.
If you use the same credit card at walmart.com and in a physical Walmart store, then your itemized in-store purchases will show up as orders in your walmart.com account. This is without providing any other form of ID.
home depot is the same way, i bought something online on HD once and one day went in the store and bought something with the same credit card and the emailed me about my in store purchase.
i never logged it or provided any other information than my credit card swipe in the store but they tied it to the account i had on homedepot.com
But to what benefit? I use a discount card at my local supermarket. It also saves me anywhere from $0.10 - $0.40/gallon on gasoline. Beyond getting lower prices, I don't see any personalized marketing tied to my use of the card.
But the supermarkets gather that data, for sure. Several times I've bought a brand name item, then reverted to generic, then got offers related to that brand (just because I was buying based on value). I assume if they can establish a buying pattern with a few offers then often that will convert someone to the brand goods. (It's way easier just to pick the packet that looks like the one you got before than it is to look for the best offer).
One thing about returning to relative wealth is how much stress it removes from 'weekly' shopping.
I was ambiguous in my comment, but in my mind I was thinking about the loss of privacy from newer electronic transaction standards vs credit cards transactions. I suspect itemized data is generally not transmitted with the newer standards but I could be wrong.
I think in the future in order to stay private online, there's no way unless web traffic is decentralized off their servers.
That is the real power behind a peer-to-peer system in my opinion: Offloading, and therefore removing the capabilities to track anything as a single node in the system.
The only issue is peer-to-peer transport encryption, which can be solved if done correctly.
Something like "statistically correct" DNS, or assets, or contents should've been the norm a long time ago. That's exactly what I'm striving for with my Tholian Stealth Browser [1]
(to clarify: I mean peer-to-peer as a networking concept, specifically as the opposite concept of a decentralized blockchain)
If a peer to peer system of interest caught on, I'm sure google would be glad to run 90% of the nodes (incognito) to have some view of what's happening therein.
Well, that depends on the scenarios that the threat model tries to identify.
The question at this point (or rather in that specific moment) is what will lead to classifying malicious actors, and how these malicious actors can be identified permanently.
If it's a blocked IP: not a good solution. If it's a TLS certificate for said peer: probably better.
Fighting anti censorship mechanisms is really hard due to its statistically local-true nature. The buckets have to be carefully sorted and randomized with multiple geolocations, ISPs, and fully-encrypted network protocols - to the very least in order to make this work.
All they would have to do is "support" the p2p network in chrome/chromium and because of the ease of use the majority of p2p nodes will be running code written by Google.
One thing I've been meaning to do for a while is try to use a 'hardcore' AOSP 'de-googled' Android rom, like ParanoidAndroid. I've no idea how much of a pain in the arse this will be. Heck, being rooted causes enough unexpected "why do you not work" moments for me. If anything, I feel Google has got more hostile to the privacy-conscious user over time.
The trouble with privacy as a product is that it's _very_ hard to verify it. Apple has basically said "Trust us, We're Okay" and smaller fry are even harder to verify.
I've never run, willing or knowlingly, an android phone that has not been de-googlified as my main phone (since my n900 died in 2012 ... I miss it ).
For my purposes, that works out well, there are, within reason, replacements for all the basics. And now that I have done it for so long, I don't really know how having an android phone with google works. The niche is big enough that something like https://microg.org/ exists that implements some of the core libraries for using google, without using google code. This enable installing some things from the playstore if neccessary ( I have not had the need - but I understand I am in a tiny minority ) - and it made it possible to install some corona contact tracing apps without having to rely on the google implementation.
I am sure though, and I see it around me, that things won't continue exactly as before just without google, because of how deeply ingrained tracking everyone and everything all the time is.
Do it! I switched from iOS to a Google 4a last week, and have flashed my phone with CalyxOS. I was very tempted by GrapheneOS, but having microg built into Calyx has meant the very few apps I want that aren't on fdroid work perfectly fine for me (so far, these are my banking apps).
CalyxOS turned out to be about perfect for my use case, and I've been incredibly happy with it.
They have a flashing tool, which basically involved me plugging my phone into my laptop and running a script. Only thing I really needed to do was follow the prompts.
This kind of stuff is not, in general, possible to verify. You will always be trusting someone to be doing what they say they are doing.
This isn't a bad thing. Society is built on trust. All it means is that there needs to be consequences for breaking that trust, to keep everyone honest.
threatening behavior of the carriers and net neutrality
obtaining access rights to add fiber when new placement occurred
… not trying to build a viable new business.
Waymo (and basically all of X) is there to make google look sexy and to provide an exec playground than actual businesses. The Waymo team is the most competent team in the space and they know there is no business there this decade.
The Google fiber project was very much a aligned with their regular business model.
Google fiber is dead because deep packet inspection is dead.
The preemptive bad PR around snoopvertising and AT&T trying to compete made Google go, “oh yeah man ... we totally will not engage in deep packet inspection. Psh, stupid AT&T, what creeeps (ok guys shut it down!)”
personal data should be 2-party consent for every data sale transaction by law, not this ‘opted-in by corporate mandate and backed by regulatory capture and monopolistic power’ we have now. people should be able to negotiate a rate at which they’re willing to allow the corporation to sell their data, including not allowing it at all ever.
Can't we have a smart contract system where every company in possession of some user data can be asked to provide a machine-verifiable proof that it legally obtained that information?
sure, but it’s essentially a social/legal problem, not a technical one. the onus is on the company holding data to show the chain of consent, which doesn’t require anything fancy outside a purpose-built database.
So how does that work then? How does Google prove that I clicked that accept-EULA button? Or that I approve of them keeping track of my information? I never put my signature anywhere and still there are companies holding or even trading my information.
> it’s essentially a social/legal problem, not a technical one
And ironically, it's the tech companies who are getting away with it.
right, that’s the social/legal problem, that consent is assumed, and i’d argue, coerced. bundling like this is actually an anti-trust concern, because it’s using power in one market (for instance, search) to exert control in another (data brokerage), but we’ve collectively lost sight of this being a problem.
but yes, they should be required to get your unambiguous consent for data sharing separate from any other transaction, otherwise it shouldn’t be considered consent.
For software that doesn't require you to click a EULA button or change a value in a EULA file to acknowledge you agree to the EULA, they can just make it part of the Terms Of Service that you inherently agree to by using their software/service.
Look, if some authority finds your personal information on some server, and they can't produce your digital signature on a contract which says that the company can keep the information from some date to some other date, then they are in violation. It is simply not possible to lie about it.
Now every person needs to have a government-verified signing key, and suddenly consent given on disparate sites can be trivially linked to the same public key that verifies it...
The best part is, that it's not proven that all this tailored ads really have the desired effect.
Especially if many buy those ads. Most of them are useless because the targeted customer only choose one to buy from for a wanted product, if he is choice is based on ads at all.
It would be one thing if you rip off all my data but I am constantly seeing ads for cool things I would never have found otherwise and can't wait to buy. Instead the ads are always shit that I never even consider.
If things were not tailored I would probably randomly run across products that are just outside my current taste but at least spark some interest.
The one who pays the most is the one who gets the spot. Tailored to make the most profit and you are part of a group of people who buy 'x' product. The group might be males, 20-25 year olds, sailors from Malta. You would expect ads for sailing equipment or vacations or beer. This group get's an ads for Corn Flakes instead. Why because Kellogg want to attract more young males and they may target a spot like sailing where they will sponser races and buy as many digital ads in that category as they can. You seeing cereal ads makes it seem very untargeted but in reality your data has been highly targetted to give you the unwanted ad.
> Google and Facebook’s business models depend deeply on being able to track information that consumers are increasingly unhappy to share
I see no evidence that regular people are particularly unhappy with sharing their information. While it's true that on the internet there's a loud privacy activist movement that's grown over the past few years, I don't think this movement reflects the true preferences of the silent majority. I think it's a self-serving moral panic.
Users benefit from the services that their information funds. It would be a mistake to incinerate trillions of dollars of institutional value on the say-so of a few strident and unrepresentative activist voices.
Because most users do not know what consequences their data can have.
The whole business is completely opaque.
A few years ago, it turned out that Apple users were shown higher prices in online shops just because they had used an Apple browser.
I doubt they were happy about it, but as long as they didn't know, they had seen no problem in sharing this information.
I think what it comes down to is that a small number of people coughs be "a problem", while still not being evidence that the median regular person or whatever cares.
75 million in the USA that voted for the Red team saw close up the stifling censorship and deplatforming. Awareness is growing but I do agree behavior will be slow to change.
Google has proven over and over again that they don't value customer support or long term maintenance. They will get bored and sunset services you depend on, or switch off your entire business because some employee sent suspicious email on his gmail.
I’m working on a piece of a project that’s on GCP and ran into an edge case issue. For at least this product, the engineer reminded me of the old school Sun and IBM support people. It was a breath of fresh air for me. I’ve heard AWS is similar but never experienced it firsthand. Other big tech companies are very different.
A few weeks ago, I submitted an incident with sample code and got a response back with code to implement a workaround, and the information related to the enhancement the engineer submitted so I could escalate if needed. They automatically transitioned support engineers in another geography at shift end without any drama or repetition from me. All within 12 hours.
> Both companies attempts to diversify their dependency on such info for their revenue have been broadly unsuccessful (Google fiber or a Google car anyone?)
IMO, you're wrong on this one. Things like Google fiber/car are not ways to diversify Google's revenue.
They are just more tools in their arsenal to keep collecting more data on users and improving their ads.
By offering things like Google fiber, they ensure more people get online and that's more data they can collect.
Same with FB. Terragraph and Aquila are/were just ways to get people online so more data can be collected and fed into "the machine"
I think there are three categories of projects at Google:
1) Working out how they can milk even more money out of their magic cash cow of online advertising by providing more opportunities to serve ads (YouTube, Gmail, Maps)
2) Protecting their magic cash cow (ads) from external threats, the main threat being a loss of tracking (Chrome, Android, Fibre, Google Analytics, Ok Google, Maps). (As an aside, if you use Chrome and want to avoid this kind of behaviour, please consider swapping to a truly open source non-tracking browser)
3) Trying to find another magic cash cow before the first one runs out of milk (Eg Google Cloud, YouTube Red)
Some things will fall into multiple buckets, for example Google Maps and Gmail offers both an opportunity to further track users and serve them ads - double whammy!
I suspect Google Cars are more about category 3, although have no doubt that they will be mined for data as much as possible to serve categories 1 & 2. Agree with your point on fibre - it looks like that is an attempt to own even more of the tech stack to provide even more methods to track.
I've had a string of Google phones going back to the Nexus 5x but, for the very reasons laid out in this article, my next phone will likely be from Apple. That will be my first Apple product.
Unfortunately, you will find iOS bad in different ways.
For example: you cannot install NoScript, or anything like it, on an iOS browser. You must choose between "all JS on" or "all JS off", and third-party browsers like Firefox are crippled because Apple forces all iOS browsers to use their WebKit engine under the hood.
The myriad of Safari "content blocker" apps are also pretty dismal, and often expensive. So ad-blocking is difficult as well.
They're better about app tracking, but you might want to keep an Android phone handy if you enjoy browsing the web.
Yup, Youtube Vanced (which not only blocks ads but sponsor segments too, while iOS can barely even block the ads in a browser) and proper Firefox are the main reasons I can't consider iOS.
> The myriad of Safari "content blocker" apps are also pretty dismal, and often expensive. So ad-blocking is difficult as well.
Not really. Firefox Focus is free and does a great job. Nomorobo is a call filtering service and it's $20/year, and it also does a great job of blocking ads & other objects.
You can turn JS off, which is quite similar to allowing no scripts, but more pragmatically, 1Blocker is remarkable, give it a look as one part of a phone-wide strategy. [Note: from sibling comments, you hate 1Blocker. Even so.]
Consider the iOS management profile from NextDNS along with a good set of their filter options (minimally NextDNS + AdGuard), enabling 1Blocker and learning how to tailor it, and turning on Apple’s native anti-tracking — then with all three in place enjoy browsing the web with relatively less footprint.
If you install Firefox Focus, you can use its as blocking in all browsers. I use it in regular Safari. I can’t remember if this happens by default after installing Focus, but if you go to Settings - Safari - Content Blockers, you can enable/disable the Firefox Focus blocker for regular Safari.
I mean that 1Blocker is terrible compared to uBlock+NoScript, and that's the best content blocker I could find after spending days researching them. Plus, it costs $3/mo or $40 for something that barely functions.
Web browsing in iOS is incredibly frustrating and privacy-unfriendly compared to Android. I recently bought an iPhone for the app tracking protection, but the difference between Safari and Firefox is like night and day.
Have you had a look at AdGuard Pro? I use it on iOS and I don’t notice any ads on the web, and it’s not really different from using UBlock Origin on Firefox in my experience.
Not sure how it compares to others, but a free option is to install Firefox Focus and enable its content blocking in regular Safari. I’m assuming since all browsers are using the same engine underneath that Firefox just installs a standard iOS content blocker and enables it for itself, but works for all browsers on iOS.
You can use an Android phone without Google services. You don't even need root or a custom ROM for that — there's a "disable" button on the app details page of every Google app, including GSF. You can complete the initial setup fully offline, too. In case you do need Google services, but want to have a say about which and how, there's MicroG, an open-source implementation of some of the most used ones like GCM (push messaging).
You can't use an iPhone without Apple services, period. An Apple ID is a hard requirement to activate an iOS device, it literally won't let you past that screen without one. Even after you're done with that, you can only install apps from the app store, subject to that unfair, opaque approval process.
UnifiedNlp allows you to choose the backends your Android device uses to determine the location, without providing any data to Google. Options include:
Examples? I get plenty of work done on apple hardware and refuse any other devices for mission critical applications (daily driver devices are all
Apple, because I know they’ll work, without me spending a whole day configuring it).
You can do anything you want to you computers, Apple won't send men in black after you if you open up your device(although they will make the parts impossibly hard to get ahold of). The issue is that apple won't let me execute any code I want on the phone/computer that I own, which is preventing me from doing something with my computer that I want to.
I'm not sure what my computer has to do with my phone, from a user's perspective. I find Macs increasingly irritating and frustrating to use, but I am extremely happy with my iPhone.
Apple may protect you from Google and Facebook but it won't protect you from itself. iOS is completely closed and you can't verify if it respects your privacy. Don't trust Apple. Open source software is a fundamental requirement for privacy. GrapheneOS is one of the best alternatives.
A Pixel 4a ($349 new) would cover you until August 2023, and a Pixel 4a (5G) ($499 new) would cover you until November 2023 with better performance. The Pixel 5 is not a particularly good value for the price. Used Pixel 3, 3a, and 4 devices (along with their XL counterparts) are less expensive options with vendor support timeframes that expire sooner. The Pixel 3 and 4 (non-XL) models have poor battery life, so choose an XL model if you opt for either of those.
Thanks! Unfortunately as you note recentish Pixels are not all that great, at least last time I checked. But perhaps at the next release I might change back (I really want to), if it’s suitable. But it is a real shame that other manufacturers make it very hard to replace the OS. The one other phone family I heard great things about is the One Plus, but they may also contain firmware that gets nulled.
Just looked that up, and the site describes the project as
> GrapheneOS is a privacy and security focused mobile OS with Android app compatibility
What does that mean? Is it a built-from-scratch OS with an Android compatability layer (like Blackberry 10), or is it just an indirect way of saying they’re based on Android (like Cyanognemod/Lineage OS)?
It's based on the latest Android (AOSP) + privacy/security improvements. From a UX point of view it's basically a vanilla Android without any proprietary Google code (which means no Google Play of course but you can install F-Droid). The main developer is a security researcher and many of his improvements have been accepted upstream to AOSP.
On which reasonably modern/performant phones can one install them? I did bought an iphone as my latest phone, because Google-riddled android is ridiculous (even though I like the ecosystem much better. Iphones can feel like some embedded software that only allows a few possibilities), but mainly because I could not find a phone on which installing some AOSP fork is safe, won’t delete important firmware (I believe quite a few mobiles will delete proprietary camera firmware)
Apple somehow found taking a privacy stance would be good for their profitability, and I hope that bet pays off. Between that and the M1, it's the first time in my life I've considered their products.
Lots of answers here on how an enthusiast can circumvent these problems on Android. I'm not going to give my mom a pinephone or custom rom, and I'm happy that there's an accessible mainstream option.
> get a pinephone if you value freedom and privacy. apple ios is just as bad as android or microsoft windows
It's not as black and white as that. Other people will have different requirements and make different tradeoffs to you.
The PinePhone is great if you value freedom, privacy, and have the time and inclination to make it work for you. Most don't, and an iOS device is a good compromise if you value privacy over freedom to run your own code. It's not perfect, but it's better than Android.
While some people can manage with a pinephone, it is not “production-ready” at all. I do own one, and I am very very thankful to all the people involved with it, but it is simply not comparable to even a low-end android phone, let alone a high-end one or an iphone.
It’s a hobby project as of yet (as even mentioned on the website). Hopefully once software matures there will come a pinephone 2 that will pack a more modern hardware and have full android app compatibility (there is no way around it, it is needed) that can be actually used as a daily driver.
But it doesn't matter. OS telemetry is the least of your problems. That much bigger threat is that of third-party apps on your phone. And the PinePhone does absolutely nothing whatsoever to deal with that threat, while iOS has a huge amount of security built to prevent this.
> And the PinePhone does absolutely nothing whatsoever to deal with that threat, while iOS has a huge amount of security built to prevent this.
Huh?
Most mobile-optimized distros offer apps through Flatpak, which gives much stronger sandboxing protections than iOS through Bubblewrap. You can block access to the network, Bluetooth, filesystem (outside the app's sandbox), GPU, accelerometer, webcam, etc. Most distros also offer SELinux and AppArmor for protections outside the sandbox. Accessing stuff from outside the sandbox (like files) is done through portals, similar to the iOS "share" dialog or file-choosing modals.
For non-technical users, all of this is enabled by default. Programs like FlatSeal let them toggle permissions on and off. Technical users can override permissions, spoof fake information, and dive into SELinux rules.
With iOS, users can't block network access from specific apps, spoof sensor data, block GPU access, etc. You're only as private as Apple thinks you need to be.
I agree that sandboxing should be decoupled from the distribution platform. Unfortunately, normal users aren't going to use bubblewrap or firejail directly until better GUI wrappers are made.
I also think that sandboxing is still a worthwhile pursuit for many FLOSS packages, since many programs--from moddable games to web browsers--run untrusted code. It also mitigates damage done by some forms of user and developer error (can't accidentally wipe a homedir if you can't access it).
It's similar to the rationale for not logging in as root unless necessary.
I saw some people saying that this makes them want to switch towards iphones next.
I'm not gonna lie, I considered it for a moment too, like a year ago... But apple is now engaging in its own share of dark patterns and is now collecting data too. There have been multiple articles on the matter shared here even.
Thinking that apple is better than google for privacy (or, even if it is right now, that it will remain so for any reasonable amount of time) is... overly optimistic, at best.
Unless it chances paths, of course, which I don't see likely.
1. Thanks..as it shows the article in question was full of holes, such as the Russians requiring an app be baked in and not being able to uninstall. This was false.
2. This is for iCLOUD backups. Yes, that's a problem. But you can turn off iCloud backups totally...and then use your computer to make the backup while tethered and THAT can be encrypted. If your security conscience, don't use iCloud back-up. Yes.
3. Adverts in the App Store aren't tracking you. They're adverts in the app store. I forget that when someone these days sees an ad, their face melts.
4. Again, Apple isn't sitting there looking over your shoulder watching everything you do for the ads. The ads are for the apps that are "free" and get revenue from the ads in their apps. Usually pushing people to pay the $1.99 for the app. Annoying, yes. On the level of Facebook or Google? Not even close. But keep an eye on this.
5. Apple took 3 years to fully cut ties with a supplier using child labor. Fully cut ties. They are no longer doing it...but took their sweet time. Again, hold their feet to the fire over this.
Same exact thinking here, plus apple devices being way expensive for not much gain over cheaper devices + not being able to install apps not from the app store + fully closed source OS is keeping me on the android team as well.
The difference is the "terms of service" on these things...something many, including many here, don't even bother reading. Apple specifically states they don't collect your data..which is why when there are times people find out that they have (like the time they were caught having real people listen in to Siri requests to see if they were accurate), all hell broke loose and there are several lawsuits about that very thing against Apple.
Google says right up front, right in the open "hey, we're gonna look over your shoulder at EVERYTHING you do with your phone. Go ahead and switch off all those placebo buttons on the "privacy" tabs, but we'll still glean telemetry from you". Ok, they don't use those exact words, but they do state that's what they do. But even then, it's not enough for them so they dig more and more and more.
Apple gets their feet held to the flames all the time, especially now that they're leaning into the privacy. Will the convince anyone here? I doubt it. Everyone here are "experts" and they're not gonna let Apple fool them! No-sir-re!
I've considered switching to iPhone many many times mostly just for iMessage and Facetime. Every time I change my mind after just a few minutes of considering what switching to iOS entails.
Yeah, I am not a huge fan of company lock-in. Apple makes their money on hardware, so they try really hard to keep people locked in [1].
"c. However, Craig Federighi, Apple's Senior Vice President of Software Engineering and the executive in charge of iOS, feared that "iMessage on Android would simply serve to remove [an] obstacle to iPhone families giving their kids Android phones". (PX407, at '122.)"
Yeah, Apple doesn't really seem very consumer friendly as people in this thread suggest.
Earlier this week there was a post regarding Google and its utilization of private health information. A number of Googlers came forward to describe how very seriously Google takes user privacy and keeping inappropriate data from being shared across silos. I got the overall impression of Googlers taking the position of “you guys don’t know how seriously we take peoples privacy.”
If any of those Googlers would please comment on how to square those statements with the featured article, I’d appreciate it.
I think its pretty straight forward that privacy protection for Google means protecting the data it has collected from their users. Not refraining or preventing itself from collecting user data. Google protects the privacy of your information from outsiders (and insiders) not from its own apps and services. That is what's meant when Google says they "take their user's privacy very seriously". And its obvious that this is true because this practice is effectively just protecting their business model.
"We take very seriously your privacy and we make sure no one can see what you do...because THAT'S OUR JOB! Hey, you want to know what our customers are doing, we're more than willing to sell you the data and telemetry we collect, but ya gotta go through us! We take that very seriously."
> we're more than willing to sell you the data and telemetry we collect
Except they don't, they sell access to targeting based on that data. Google's entire valuation is based on the data they have on users, if others could come in and scoop it up, they would have an instant competitor. I think calling it 'privacy' is the wrong word - Google takes data security and access control seriously, and only Legal and a dozen engineers can actually access data (and even then, it'd be logged and looked into if it was out of the ordinary).
Yes, Google goes to immense lengths to protect user data in all its forms. That is security.
Privacy is orthogonal, and Google is well aware of the difference and how they complement each other.
You are completely wrong about Google's treatment of privacy.
There are plenty of companies that say they take privacy seriously. There are a handful that actually do. But smaller still is the number of those that have actually built what it takes to deliver on those promises, or re-engineered massive systems to deliver on privacy and transparency promises.
I suggest you look at any of Google's public privacy statements. There's no need to read between the lines.
Health care data is the only thing with regulations in the US. Everything else is fair game. That is how Google rakes in the billions. They aren't going to leave money on the table to satisfy an ethical code.
I wonder how much evil they could actually be getting away with if they wanted to. Imagine all of the trade secrets and national security secrets they could easily obtain by analyzing who is Googling what from where, or who is accessing their services from where.
Which specific factual aspect of this story do you believe contradicts those claims? I'm a Xoogler, not a Googler, but in my post-Google experience I haven't seen anything that was even in the same league as Google's privacy controls. In my personal privacy threat model I think Google scores 10/10. They protect my data against external attackers, which in my view is the main problem faced by personal data, and their protections against insider risk are also excellent. Other places where I've worked, that you've definitely heard of, have security and insider risk practices that are a complete f-ing joke. There's nobody at Google who is "the DBA" who can just covertly access your data, there's no ad-hoc logs access (every logs access flows through a proxy that ensures only limited access for pre-defined purposes), and there are software controls that trigger privacy incident response (by a 24x7 user privacy incident response team) whenever an insider attempts to access user data in excess of their authority. In protocol buffer definitions, every field has an annotation for whether it contains private, sensitive, or non-private information so that even in crash dumps and debug logs those fields are censored before being printed. I really think Google has a pretty strong privacy story, compared to virtually every other company (except Apple and Microsoft) who leave themselves highly exposed to both outside and insider attacks, software (and even hardware) supply-chain attacks, accidental leaks, leaks into debug systems, poor encryption practices, and generally wanton behavior.
How is Google ranking 10/10 on protecting user privacy if they considered people choosing to shut off their location tracking as a crisis worthy of pressuring OEMs to make it harder?
The thing Googlers and Xooglers alike seem absolutely unable to grapple with is that Google itself is a major privacy threat, and we don't want Google itself to have this information.
The fox is guarding the henhouse, and all the fox is doing is telling us it's protecting it from other foxes.
Again, that you want, good for you. But when Google let people choose, and people choose in a way they didn't like, they immediately reversed course, pressured OEMs to make that user choice harder.
That's fine, but your comment makes no sense in response to someone who explicitly talked about their personal threat model. Of course they can grasp that other people have different ones, that's why they scoped the comment to their own.
I think it was pretty relevant nonetheless because by tweaking the UI and UX Google is actively harming their users abilities to implement the threat model they have chosen (no matter which one they choose).
Whether or not this is true, it's far from the original question. OP's question (in my reading) presupposes permission to monitor healthcare data. If you believe the xoogler and googler responses in this thread, Google's data stewardship will be superior to that of other people doing healthcare ERP stuff. So the only question is if Google can do something without ads tracking, and the answer is yes. Gmail and Docs and Drive isn't used for ads purposes (granted gmail used to be, but even then it was siloed and only used within gmail). It's just a freemium model.
What you suggest shows that individuals within the Google organisation do not have blatant open access to personal information. What do you think about the access of personal information to the organisation Google itself? Today the data is safe from menial concerns such as a google employee looking over private information, but what about tomorrow when whole troughs of such private information are made available to other organisations, a la Cambridge Analytica and Facebook, for commercial or other nefarious purposes?
The article here talks about how google executives deliberately made privacy settings harder to find because the people were actually using them. The article also suggests, through court documents, that google coerced other manufacturers to do the same.
This is almost impossible by design. As mentioned before, every field on a protobuf is tagged for sensitivity, meaning right down to the bare disks there is privacy controls on data.
Engineers under orders to decrypt & copy data literally could not, without a delegated authority from senior people (some will be GDPR officers too), and there would need to be a staggering level of process failure just to get at the data for a few users.
Ultimately you have to decide if you trust Larry & Sergey, nobody else could make this happen. But insider risk just isn't going to happen from a company that treats user data like military treat classified documents.
I’m suggesting that based on my experience google has better organizational defenses against individuals or even groups intentionally or accidentally setting a privacy-invasive agenda than other organizations with which I have first-hand experience.
In many large companies with multiple divisions the divisions operate to a large extent like separate private companies even if the company as a whole is a public company.
Is Google like that? If so, then it is easy to square things. The parts of Google that handle health stuff could have completely different policies about handling private information than the parts that deal with smartphones.
As a Googler, this sounds a little over-sensationalized to me (mostly because of the choice of quotes), but I bet there was some unpleasant sausage-making going on as well.
First of all, the quote from Jack Menzel about figuring out home and work locations sounds 1) about typical for him and 2) exactly correct. If Google is giving you directions and popping up traffic along your route between home and work every day, it's pretty clear what's going on. There's nothing weird or unexpected going on there.
Second, the settings thing. I see this as two issues: one, multiple settings, and two, making the settings hard to find. For the first, both search and maps had their own settings (web whatever vs location/location history), and they didn't talk to each other. I'm sure the relevant VPs talked about relevant VP-things, which probably did not include the config page. Both were sure they had an option to turn location off (for their project), so that box was checked, and done. Yes, someone should have made sure there was a single button, not three, but the org chart was shipped instead.
The hard-to-find thing is harder. I, as a regular schlub engineer, think that sounds pretty sleazy, but I have no idea how true it is. If someone's A/B test said, oh user engagement was down on this arm, I can see that happening. It'd be a failure, but I can see that happening.
I guess at my level, it seems like all the people I'm working with take user privacy really seriously. If someone wants their data deleted, we go through a lot of hoops to make sure it's really gone. Any feature using user-data gets a privacy review and usually ends up requiring pretty strict differential privacy bounds.
This is a little unfair and possibly just ignorant, but my impression is that Google is far better at protecting user location info than the telecoms, who have more complete data from cell-tower triangulation and who are generally willing to sell that data to whoever, and yet they get a lot less attention for it.
Sometimes people confuse effort with security. You could build a fortress with eight foot thick reinforced concrete walls but it's not secure if you leave the back door open.
No doubt google puts in heroic efforts to make sure that nothing that doesn't make them money gets access to your private data.
What really devastated me was when I found out that even if you try to keep yourself private, you'll get exposed by your friends: Just by tracking that you are regularly close to others, for example meeting for a camping trip, you suddenly get camping advertisements - probably because your friends searched for something or booked the trip via Gmail or whatever. I don't really know how it works, but it's awfully scary.
I would love to have a control panel that lists who I'm sharing my location with. Not what apps. What people and companies, including secondary buyers. With an on/off toggle. And this list needs to include my cell phone carrier, the OS vendor, the hardware manufacturer and, perhaps even the government where there's no warrant. Then extend the model to other things... one can dream.
what bothers me is the normalization of collecting this data in the first place.
some people are outraged, but hey if google does it, are you really surprised when someone else does it?
I have worked pretty hard to kick google out of my digital life. it’s hard but not impossible.
what apple is doing with their privacy schtick has probably raised the alert level to red on the Borg and on the Klingon ships. There probably is going to be an intense struggle following with more things like this coming out.
Ran into this today logging into PayPal (the password-must-be-8-20-characters payment service) for the first time in a long time to buy a band t-shirt. After jumping through two different types of CAPTCHAs, now they require you share your phone number to log in. I contacted support via Twitter saying they have my email if they want to verify a login because I'm not comfortable with SIM jacking nor how data-mining is cross-referencing phone numbers (I can set up U2F or TOTP after initial verification). They said call them... which is still giving out your phone. I tried to use a Google Voice number, but I got an error about these types of numbers being blocked. To get a non-useless level of support, you must log in so it's either give up your data or no service for you. You shouldn't be required to give out your number to most online services.
I just feel bad for the indie band I couldn't support.
This is my issue with authy(the 2fa provider that twitch and others use). TOTP needs 2 things to function, a shared secret and a synced clock. No phone number. No email. No account. No personal information. All you need is a secure connection to send a 16-32 bytes of data and to both have synced with an NTP server recently, yet there's no way to get the shared secret from authy without giving out personal information.
Could you call them with Calling Line Identification Restriction? (I. e. caller ID blocking) There is usually a prefix you can dial to suppress your ID. But the exact prefix depends on your location, I think.
Caller ID blocking only affects the consumer level feature, not Automatic Number Identification which was historically available with PBX lines and toll free numbers, but might be available to more people these days.
Stuff like paypal exist so that powerful people can shut you out of the economy if you challenge their power. They complain about money laundering while the CIA is the biggest money launderer in the world and no one goes to jail when Deutsche bank launders Jeffery Epstein's payments. But operating a Bitcoin mixer is a federal offense. They are scared.
In this case, Bandcamp, which I generally like, doesn't yet support crypto. I think it's also a lot to ask a small band to pick anything other than PayPal for international payment.
I didn't mean as applied to this band specifically, just that in general cryptocurrency solves this class of problem. There are a lot of detractors who don't feel it has value, but this is an easy place we can make things better with crypto.
To this day, if I scroll off screen on Google Maps and then hit the "center view" button I get nagged to allow Google to use my phone to wardrive even when wi-fi is turned off. It would be nice if I could use Google products without audibly wishing violent misfortune on their executives.
Notably, when I decided to check my Android 11 privacy settings, first thing I noticed is that every setting page has a help icon at the top with an explanation what the settings are...except privacy, which is the only section with no help, and no explanation, and no 'report feedback' option
At the same time, Google think allways I'm in germany on work, because our company has just one large internet connection for all company users from the whole world. And google does not even let me change the country.
Googles forced country localization is IMBECILICLY STUPID.
I am currently in a foreign country. My English OS laptop with English browser has been logging in to gmail in English for years, and I ask Google search to show results in English for 5 years and EVERY TIME it tries to show the local language. Going to google.com is IGNORED, why??
Google engineers are paid $$$$$$$$ of dollars to implement THE MOST STUPID CODE I HAVE EVER HAD TO DEAL WITH AAAAARGH.
Same for me, worse, I search for something in English and it shows me results in the local language. And if you think that SEO destroyed the English internet, try it in Spanish, there is literally nothing there, pure FB and Pinterest.
Funny, I've been using google since forever in an spanish speaker country and it always correctly (when logged in) shows me results in english (I have it set it to english).
I think the frustration is mainly that you have to be logged in and set some Google-specific setting in their application. A well-behaved HTTP server should simply honor the value of the Accept-Language request header regardless of what IP address a request is coming from.
Yes that’s annoying. In the past you could use a country’s domain to choose Google’s localization but it’s not the case anymore. And their “ncr” (no country redirect) feature doesn’t work anymore.
It’s one of the main reason I’ve been using Duckduckgo more and more.
Surveillance capitalism will implode not because of its exceptionally bad karma but under the weight of its own economic stupidity. In the "Mystery of Capital" de Soto waxes lyrical about "why capitalism triumphs in the west and fails everywhere else": Spoiler alert, it is due to conceiving and protecting private property. Spoiler alert II: that was once upon a time in the west and it is no more. If wealth is built on a system that secures property and if that applies to land, tangible assets, intellectual property etc it sure as hell also applies to digital "land", information flows, data sovereign business models, entrepreneurial agency and all the value that those can in principle support. In fact the panopticon "platform" system, conceived by sociopaths and inflicted on western societies by corrupt politicians is more feudalism than capitalism in outlook (Complete with the modern day serfs plying the rented clouds). To those individuals salivating to be part of this malevolent trillion dollar club: a trillion is sizable "value", I'll grant you that. But its nothing like the value that would be generated if society as a whole was empowered to be part of a digital economy. You can also throw in democracy and humanistic ideals as a bonus.
About two weeks ago I got an envelope in the mail from Google saying they were offering to pay $1000 per month to install a special router into your home that tracked everything regarding your internet usage. They disclosed everything they'd be tracking and said all the information recorded would be viewable by google. They even sent a $1 bill (I guess to prove they were serious). It was quite strange but really made me realize how invasive Google is planning to be in the future.
I think a more useful life lesson is that an organization's motto is not a useful measure of its true internal or external ethics - regardless of what it says - regardless of the type of organization.
A motto is, by definition, marketing.
Even more generally, I worry about the trend on social media to value words so much more than actions.
Or better yet, that a large corporation and a mega corporation are two different beasts.
The latter needs to be regulated.
I disagree that a motto is just marketing fluff. Especially in smaller companies, a mission statement can provide guidance that, in practical terms, acts as a tool for decision making for every employee in the organization (and to some extent, partners and clients)
But once they’re large enough where they could collapse the world economy if the CEO snorts a bad batch one day and decides to fire everyone, then that type of stuff is meaningless.
I've internalised the adage "Don’t listen to what people/corporations say, watch what they do" and found it very useful to see through these fancy statements.
It's especially useful at workplace to observe what people do and understand the politics. And at a different level observing how Google was acting more evil by the day made me completely switch over to the Apple ecosystem.
Corporations after a certain size become essentially AIs without moral values maximizing profit. It’s funny how some fear the paper clip AI, when capitalism is exactly that.
Any decision that seems to be in good moral is simply based on which direction is more profitable, eg, can Company get away in terms of public image with a non-moral decision, or would it then away more potential buyer?
Not even just after a certain size, the current trend in society is to quantify everything so that it can be optimized. There's many companies(like kausa.ai) which focus on quantifying, measuring, and optimizing every facet of your business that they can, no matter the size.
Amusingly, I've shared my location permanently with a couple close friends on Google Maps, and Google will not shut up about it, reminding me every month about it.
I get aggressive monthly warnings "Are you SURE you want to share your location with XX,YY,ZZ?". I wish there was a toggle where I could say "yes, I absolutely positively am OK with the privacy implications here, because I don't care very much; please forever stop bothering me."
This isn’t the point of the article. The point is that you can’t share your data with your friends without sharing that data with Google the company as well.
Going to have to say "duh" here. Short of an e2ee location sharing app, you have to send your location through an intermediary for your friend to see it.
I believe e2ee should be the default when I consent to share private information with someone through an intermediary. The libraries are already on every device with a web browser and the overhead is minimal, so IMO there's no excuse other than the intermediary wanting to look at the data.
It is "duh" that google has access to the information as they relay it from your phone to another party. But you could imagine it being like the post office, where in the US it is a federal offense to read someone's mail en route. Google could convey the location information with a "sealed envelope" policy. But they don't.
This cant be just location either. Anything you'd think of as private. I wonder what the privacy implications of using something like DDG on an android phone is like. I'm fairly sure google are quite desperately keen to grab any and all data from anything visited using the DDG app. I don't see any way to stop Google from doing it either.
the only way to fix this is to make it so that any information about a person is owned by that person, regardless of who is storing it or how it was collected. companies should have to pay rent to the data owners every year.
the only exception should be information collected by the government with a court issued warrant.
I'm always amused by calls for the breakup of the "unbearable monopoly" of Google, when it is itself the epitome of the Silicon Valley "monopolies need disrupting!" business model.
Got a better idea? I'd like to see them bankrupt and all their data being wiped, but I'm afraid that's just not going to happen. Breaking them up is the only option we realistically have as of right now.
I think we should simply pass laws to make their business model illegal (at least the evil parts), and let them sort it out.
If they go under because they can’t adapt, well tough luck. There will be tons of smart businesses, investors, and individuals eager to chase all the new opportunities the death of Google would create.
And since the evil business models are illegal, the ones that come next will (probably) not be evil like Google was. And if they are, more regulations!
the dinosaurs ruled the earth for quite a long time, while mammals were squelched into a weasel-rodent protomammal skulking in the dark. after the extinction level event the mammals emerged from thier bunkers previously hidden from the purview of the dinosaurs. A new hope was born, the mammals were relieved of pressure and wandered the earth, and the day and diversified, then bought a penthouse in manhattan and took a job as a day trader investing in a large advertizing corporation,,,, [dejavoux]
Exactly which parts of their business model should be illegal? It's pretty standard Silicon Valley stuff - give away your product until there is no competition left, then you can do what you like.
> Exactly which parts of their business model should be illegal?
For starters, this part:
> give away your product until there is no competition left, then you can do what you like.
The free market doesn't work without competition, and that's a blatantly anti-competitive practice. Just because a lot of SV companies do it, doesn't mean it's right.
But really I was referring to their data collection practices, and doing things like intentionally making it difficult for users to find privacy controls. No matter which way you look at it, that's harmful to consumers.
Uber and Lyft tackled local monopolies, sure, but not national or international ones. They also took a strategy of actively flaunting and breaking of laws in their growth. Not sure that’s a good form of disruption.
What monopoly did AirBnB tackle?
I’m guessing you’re suggesting PayPal went after Western Union? There are plenty of ways to exchange money though.
Would my point be better if I clarified the monopolies? Perhaps if we focus on national monopolies?
What VC money is going to challenge Facebook, Amazon or Google, or any area close to them?
what about users who don't sign into their android phones with a google account and don't actively use google apps like maps or chrome or whatever they have? i suspect they still have your data but it isn't tied to "you" unless you tell them by linking who you are so you should be fine?
The problem here is that there are some apps that don't work without Google services, and those are the apps that you need the most: banking apps, payment apps, Uber, etc.
even just extracting the apk's and side loading then is good enough for 95% my use cases. there are show that key you extract, but you would still want something that is trustworthy though. tasker is what I've been using lately and you can automate the process a bit more.
i turned off auto updates in the play store years ago after i got stuck with an app that had some bug in it, where it was working fine before the update. now i only update and app if something is broken or if i really need the new features it offers.
Oddly, when loaded Google News this afternoon and clicked on "Local News" it showed me news for New York. I live in SW Missouri. I'm using Firefox with FB Container and Privacy Badger on a Mac mini (Late 2009).
Sounds like lots of people are going to have to re-take the "You Said What‽" training. But seriously why would a product manager know with certainty how different settings interact? The only person who really knows would be the authors of the features that read those settings, and possibly not even them. These systems are too complex, no intelligent person should claim to understand them perfectly.
Considering all the dark patterns they've implemented to force location tracking there's no way management doesn't know about what the settings are meant to accomplish.
You couldn’t prevent location tracking unless you disabled the numerous switches in settings and turned off WiFi as well.
The real damning allegation is that location data collected from google maps/apps and non-google apps was siphoned to all other google products through something that is redacted in the court docs.
>"So there is no way to give a third party app your location and not Google? That doesn't sound like something we would want on the front page of the NYT
Additionally this process was deemed so critical to Google’s overall revenues because of something else that was also redacted.
OK "siphoned" is an opinion. Apple Maps also provides location services to other Apple products on its platform. Unless I disable the switch which is buried at Settings, Privacy, Location Services, System Services, Significant Locations, Apple will "allow your iCloud connected devices to learn places significant to you in order to provide useful location-related information in Maps, Calendar, Photos, and more." If I try to disable it, because I use iOS but I don't use any of those apps, it warns me that "Disabling Significant Locations will affect many Apple apps and services … such as Maps, Do Not Disturb While Driving, CarPlay, Siri, Calendar, and Photos." I'd like to know how that's different.
From Apple's site: "By enabling Location Services for your devices, you agree and consent to the transmission, collection, maintenance, processing, and use of your location data and location search queries by Apple and its partners and licensees to
provide and improve location-based and road traffic-based products and services."
You might want to look up the meaning of the words partners and licensees.
"Location-Based Suggestions: The location of your iPhone will be sent to Apple to provide more relevant recommendations. If you turn off Location Services for location-based suggestions, your precise location will not be sent to Apple."
So...not sending your precise location. But sending something not precise. To Apple.
OK, but I don't find the distinction as stark as others on HN seem to. My location data being used by Apple-authored applications running on my device, none of which I've ever intentionally used, is not that different to me than my location data being used on my behalf by Google-written applications, many of which I personally enjoy, running in Google data centers. I like that I can see my location history in Google Maps for web, I also like that I can get that data as KML from Google Takeout.
Apple collects location data solely to help you. They've built themselves no financial benefit to collect it, so they keep it only on the device and discard it as much as possible, while still providing all the features users want. If you want a location tracker on iOS, you can install one, but it's not a condition of using their mapping product.
Google has a financial incentive to violate your privacy, and all of it's products are designed to serve that goal. So everything that could stay on the device is designed to collect and send data to Google, for their purposes, while they tell you it's to benefit you.
It's a very distinct difference, and the entire design of their respective ecosystems reflects that.
As an ex-Android user who switched to an iPhone because of privacy concerns, I’d still like sources and hopefully proof for these claims.
The more I think about it, the more I suspect trusting another big tech company with my privacy with no material proof other than their word might have been foolish.
It can be difficult to vet closed source applications, but I think this policy describes a truly stark difference between the two: https://support.apple.com/en-us/HT212039
Whereas every location ping is seen by Google as an opportunity to attach data to your account, Apple Maps goes beyond not tying to your account, but regularly trying to make it difficult for them to tie the activity to any sort of cohesive profile entirely.
If you are not paying for it, you're not the customer; you're the product being sold.
Few years back you could easily root your android device and get custom ROM installed. Now, only solution is use a feature phone without gps and wifi and have a separate device for connecting to internet.
IPhone is also a good alternative but I don't agree with thier walled garden development philosophy.
Edit: You pay a separate fee for using Microsoft windows but for Android thier is no separate fee hence the product reference. Downvoting won't change the fact.
> I would say the saying has stopped being accurate.
I wouldn't say so. The saying states that not paying implies being the product. Your example shows that being the product does not imply not paying. The two are independent and can be true at the same time.
That'd be a good point if there were companies offering the full price model, but unless you want to buy a commercial panel and do a bunch of hoop jumping yourself, you literally cant buy a TV without adware in it.
It would be great if we, the customers, were actually given a genuine, competitive choice. As you say, right now you literally don’t have a genuine choice.
There is precedent for this too. Amazon Kindles came (come?) with two options - one with ads and one without. The latter cost something like $20 more. That was good!
Having said that, I bought the one without ads and they increasingly, with software updates, devoted greater and greater screen space to the Amazon ebook store. I consider that to be an ad too (and arguably worse because of anti-competitiveness reasons).
You are still able to root android phones and install custom ROMs. Note that even then though, even if you don't have any gapps installed, it sends your approximate location to google by querying its AGPS services.
I didn't pay for the OS on my pinephone, but for some reason the vendors decide not to use that as an opportunity to create a mass surveilance campaign.
Yes, I'm aware of that, but that's search on iOS, nothing to do with Google Maps, which I'd say is a much much much smaller problem on iOS compared to Android, and getting more and more irrelevant as Apple Maps gets better. There's is a very large number of Android phones though, many of which at least historically have been advertised to include these Google services. Hence the "in a way" – whether or not there is money flowing into Google Maps directly or indirectly from that purchase, buyers of such phones pay for a device with that service. If that service isn't there, I can return it in most jurisdictions. I'm sure a large part of such users would have the expectation of not being producticized by that service on a phone they paid for, and I doubt anyone cares how exactly Google shuffles money around to make that happen.
Regardless of how much you pay, what is their incentive as a large organization not to get more money out of you, if they know they can get away with it?
From the research I've seen, all this privacy-invading crap doesn't even improve ad performance much - it's small incremental gains at best. And per this article, those gains are clearly coming at the expense of user trust and goodwill, something not reflected in click thru rates and RPM.
Here's hoping we can get past all this invasive retargeting / surveillance / privacy-invading crap and get back to straightforward contextual ads, like car parts ads on a hot rod website - our world would be better for it, and maybe Google could restore a little of its rapidly fading goodwill.