Not defending google but this guy has manually enabled one of the most privacy sensitivity features on Google, the Maps location history timeline (which is great if you like it and want to trade your privacy), and then expects google to be perfect at detecting specifically "personal" visits like clinics and deleting them automatically, proving that this new "feature" kinda works but not very well as it misses multiple cases (although who knows if developers accounted for someone visiting 20 abortion clinics one after the other the same day, and waiting in the parking..., What if developers account for GPS signal loss, wifi network identification or other location information??)
The journalist refers to the feature to delete sensitive locations as a "Privacy promise". Google never uses the word promise, but it does market this feature as something that can keep your health data secure. The user shouldn't have to understand how technology works, or have a grasp about how hard the problem is. This is Google over promising and under delivering. This tech is not applicable for the use cases Google bills it as. Users will always hate over promising and under delivering.
This puts people at personal risk, erodes their faith in tech, and provides an image of political grandstanding. (Washington should protect you, but Google will is a major message [0]). I'm defending this guy. He saw Google make a promise it couldn't keep, ran real world tests, and told the world where they fell short. I wish there was more we could do to keep tech companies accountable for failed promises, but this is the bare minimum.
> The user shouldn't have to understand how technology works, or have a grasp about how hard the problem is.
They enabled location tracking, and got mad when their location was tracked. You can really only do so much from the product side here. Personal responsibility has to come into play at some point.
We're engineers, we could implement location tracking in a way that only the user being tracked has access to it. Google could store it in the cloud but encrypted with a key Google has no access to.
It's irresponsible I think in 2023 to have any technology that is this privacy-vacuous.
> We're engineers, we could implement location tracking in a way that only the user being tracked has access to it. Google could store it in the cloud but encrypted with a key Google has no access to.
Many other features that people find useful wouldn't be possible in this world. If that's the product you want, find an alternative that's not Google maps. I suggest OsmAnd.
> Location History: Location History is a Google account setting that is off by default, and for those that turn it on, we provide simple controls like auto-delete so users can easily delete parts, or all, of their data at any time. Some of the places people visit — including medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others — can be particularly personal. Today, we’re announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit. This change will take effect in the coming weeks.
This seems to be pretty clearly what was happening, as described by the author of the article. *If* the systems detected an abortion clinic visit, it was deleted. No further guarantees were made in the blog post. The same post provides links to documentation on managing your location settings and history, so the user can adjust if they are unhappy with Google's behavior.
The blog post spends lot of effort talking about the importance of privacy, and protecting your health data. It shames other organizations for not protecting your privacy. It describes how privacy is a value at Google. Then it announces auto-delete as one of their major features. A journalist reported auto-delete works about half of the time.
Strictly speaking I'm unsure if something illegal happened. Ethically it feels like Google is overpromising and making empty political gestures. I just hope no one relies on this feature for their personal or legal safety.
You're leaving out the critical part where the VP of whatever signed off on the press release, then moved on while the feature was implemented as described in the release.
My name is Rene Wiltord. It is actually horrific that HN has violated my privacy so badly that my name is publicly visible here. I propose that the site be shut down.
Also I did not consent to your comment being the parent in this thread to mine. When will the rights of consumers like mine be respected. We can't expect a non techie to even know what comment thread parent and child relationships are.
This isn't about the journalist, it's about the millions of people they are trying to help that have no freaking clue about what location history means.
He's probably not even mad, but rather eager to seize on a flimsy pretext to write a hysterical headline. A simple report to Google would have sufficed.
It applies to corporations all the time. Really big corporations with lots of money and influence (like human beings with lots of money and influence) may avoid responsibility for their actions, but most corporations are _small_ and a best-effort but unintentional misstep of the law can wreck them.
People work for a corporation, but a corporation is not a person. It is a legal entity that exists separately and distinct from the people that work for it.
Legally, a corporation is a person. It's not a human being, but it is a person.
This was not some accident of the law: this was deliberately designed hundreds of years ago and is well understood outside of internet comment sections.
> Legally, a corporation is a person. It's not a human being, but it is a person.
A corporation is a unique legal entity that has a limited subset of the rights of a person, but is not considered the same as a person as a blanket statement.
Specifically, a corporation is considered a "person" for the purposes of being able to enter into contracts, being able to sue and be sued, and similar.
There are privacy "promises" and then there are privacy laws like CCPA in California which companies are supposed to comply with. CCPA requires data brokers and large tech companies to maintain at least two channels by which users (including users who have no account / nothing to do with the company) can submit basic privacy requests like right to know and right to delete.
I searched for a couple hours last week and couldn't find a single way to submit a CCPA request to Google.
If anyone has the links, I'd love to be proven wrong here, but the sense I came away with is that Google is somewhat hostile towards real, accessible user privacy.
The privacy policy can differ from country to country, I had to proxy into the US to get the section on US state law requirements, otherwise from the UK it's replaced with a European requirements section instead.
> CCPA requires data brokers and large tech companies to maintain at least two channels
My interpretation of the CCPA is such that a business that operates exclusively online only needs to provide an email address and the two or more designated methods does not apply.
This is 100% the right take. Thinking about it from the perspective of, "well I'm in tech and I know we're all bad at our jobs[1] so of course this will have these failure modes" for a thing that is an actual security feature is totally unacceptable. It cost them nothing to do nothing on this front. There could have been an incognito mode for location history and a "delete the last 4 hours" that, while manual, would have worked 100%.
Also, are those purely abortion clinics? Can't you get just a checkup or birth control or anything else there?
Othrwise I agree with the comment... if you want a large corporation to have your location data, don't complain if that large corporation has your location data.
I suspect that having visited one of those places could be considered proof of wrongdoing in a legal proceeding.
I’m not sure that visits are sufficient to lead to incrimination now, but it might be soon — enough that those visits should be considered “sensitive” by any commonly understood acception of the word.
> I suspect that having visited one of those places could be considered proof of wrongdoing in a legal proceeding.
No as there are other services- breast exams, birth control, consults, etc. Most people visit planned parenthood for things other than abortions.
I think the risk is to cast a net for everyone who visited and then buy deid medical data on those individuals and then subpoena specific records of individuals. So this data is just the first piece since they can’t just read everyone’s medical record.
this guy has manually enabled one of the most privacy sensitivity features on Google
You must not be bothered by being constantly nagged to turn it on. From TFA:
"many Google services — from search to maps — try to get you to hand over location data with the promise of a better experience."
Moreover, people only have to give in to Google's pleas and hollow promises once. Five years down the road when they're in a desperate situation, their last thought is going to be "I'd better turn off a trillion-dollar advertising company's invasive tracking of my every movement before I engage in this life-altering behavior."
I use at least 9 devices (four laptops, a desktop, watch, two phones, tablet) with Maps on them and very much appreciate having the location data synced serverside.
You can sync data in a privacy preserving way. For example, chrome sync passwords but google doesn’t have access to them. Apple syncs health data and have access.
Etc etc.
Sync is not a reason to have server side access to location data.
> Not defending google but this guy has manually enabled one of the most privacy sensitivity features on Google
Google told the public that it didn't need to fear that particular feature.
From TFA: Google offered a partial solution: It would proactively delete its trove of location data when people visited “particularly personal” places, including abortion clinics, hospitals and shelters.
I would be shocked if Google didn't have highly accurate location information of sensitive places like abortion clinics. It also has highly accurate location information either directly from your device or through other lookups.
It's highly unlikely they lack the capability to /dev/null this location history.
I wonder if Google allow people to run advertising campaigns targeting people in abortion clinic waiting rooms?
I wonder if Google allow people to run advertising campaigns targeting people in abortion clinic waiting rooms?
From a technical standpoint, it should be possible.
Years ago, before ad tech became nearly as out-of-control as it is today, lawyers were using either Google or Facebook (I forget which) to target ads at people waiting in hospital emergency rooms.
