[dannyw]

I think Google is a lot less creepy than Facebook. Yes, they vacuum a lot of data, but I do get directly related benefits from it, as well as controls that I trust.

Example: Location history. It is turned off by default. I chose to turn it on, so I can know places I’ve been to previously (if I forget the name). It’s like a journal that writes itself.

Google has its privacy issues, but on a whole I voluntarily choose to give them permission to collect my data, because I get direct value from it.

[lucideer]

> controls that I trust.

I think this trust might be misplaced.

> Example: Location history. It is turned off by default.

Displaying your location history to you is turned off by default. Google's own recording of your location, for their purposes, cannot be turned off.

[lern_too_spel]

> Google's own recording of your location, for their purposes, cannot be turned off.

Citation needed. Android even lets you turn off AGPS, which collects anonymous location data to update itself. As far as I know, this is not even possible on iOS.

[kop316]

I'll copy an earlier post of what I found:

On Android, I noted before that when I turned on and off location services, the GPS lock was near instantaneous (i.e. when I turned on location, Google Maps located me with GPS precision immediately. There could be other ways of how this happens, it was noted in another post of mine, but that had still had me a bit suspicious. I replaced Google Play Services with microG recently (https://lineage.microg.org/). I then saw that it was MicroG, NOT the OS, that had control over my location, and MicroG still tracks my location when Location is off(https://github.com/microg/android_packages_apps_GmsCore/wiki...).

While none of this conclusively points to Google Play Services tracking me when it is off, the way that Android is set up makes me very strongly suspect that's what they did.

[lallysingh]

By tracking, do you mean the phone keeping track of its own location, or it sending location data back to Google?

Google maintains a database of wifi networks and their locations (I don't know the ways this data is acquired) to help triangulate the position: https://www.quora.com/How-does-android-use-WiFi-to-get-your-...

[lucideer]

> I don't know the ways this data is acquired

It's been acquired from a range of sources. Most notably, Google Streetview cars collected a very large initial data set. Once you have that, it's quite easy to maintain an up-to-date dataset by verifying new routers picked up against nearby known routers (as well as verifying against GPS sensor data obviously).

This tech is not only in Android phones, but also every Chrome browser, so that's a lot of incoming data. The API used to be used by iOS and Safari (before Apple Maps) and Mozilla Firefox (before they launched their own WiFi and cell network database; theirs is released under CC0 though so I'm sure Google use their data too).

There are also other competitors to Google, Apple, Mozilla here with their own databases, like Skyhook, Navizon, AlterGeo.

[kop316]

By tracking, I mean MicroG/Google Play Services controls location services, not Android OS.

[lallysingh]

.. but does the location leave the device?

[greenhouse_gas]

Wait, microG does this stuff too? Or did you mean OpenGApps?

[kop316]

OpenGApps is Google Play Services, the only thing open about it is the script to get Google's Apps.

I meant MicroG, it is documented on their site (see the link).

[lazybreather]

You can just go to active services and check for yourself. Of course it is possible to end the google location service. It will be back in a few seconds. In case you try too hard random pop ups start on your home screen effectively making the phone unusable. Google's biggest trick is that it made people feel like everything is in their hands (including and especially developers which is really sad).

[distant_hat]

To get around this, ad networks can often buy location data directly from cell carriers themselves. While Google may not sell this, Sprint and others will for the right price and conditions.

[Froyoh]

They do track it and will prevent logins from unusual locations. Happened to me when using a VPN.

[pgeorgi]

Yes, but not through GPS, or the location information compiled about my logins would be way more accurate than it is (often off by 100-200 km in any direction). Probably IP based geo location (that would naturally trigger with VPNs that give you an IP in $whereever).

That has nothing to do with the GPS setting of your phone.

[cryptonector]

That's picking a nit. GP or whatever said "GPS", but does it matter which technology is used to track your location? Clearly not. And many users say "GPS" to mean all location technologies too, so this doesn't seem like a useful nit to pick, honestly.

[cbr]

Every time you load a web page they can see your IP address, and IP addresses can be mapped back to rough locations. Sometimes people use "GPS" to also include things like your phone figuring out where it is based on what WiFi names it can see, but I don't think I've ever seen it for IP-based geolocation.

(Disclaimer: I'm an engineer at Google)

[lucideer]

I don't think anyone mentioned anything about GPS until now. We're talking about Google recording your location, which can be inferred from a number of sources, including GPS, WiPS/WFPS, IP, and others. WiPS/WFPS is the most commonly used by Google.

[pgeorgi]

The great-grand-poster:

"Android even lets you turn off AGPS, which collects anonymous location data to update itself. As far as I know, this is not even possible on iOS."

AGPS is GPS, assisted but still GPS.

[lmkg]

I assume OP is talking about geo information inferred from IP Address.

[Infernal]

Or cell tower... or WiFi SSIDs... or NFC payments...

[crankylinuxuser]

> Example: Location history. It is turned off by default.

Do you want to turn Location History on?

Are you suuuuure you don't want to turn location history on?

To use maps effectively you need location history on. Turn on?

Location history may affect ____ you wanna turn it on?

How about now, location history is a great thing to turn on....

EDIT: for those of you who downmodded this, the point was that if you have location history off, Google spams you constantly with requests to turn it on. You'll get this request for opening up maps, using Google Now, or a dozen other things generated from many apps. There is also no option to temporarily turn on for app.

Not so nice uses of LocHis: https://www.androidauthority.com/google-android-location-his...

Explains how LocHis tendrils are everywhere: https://qz.com/1183559/if-youre-using-an-android-phone-googl...

[majormajor]

I couldn't set a fucking timer with the Assistant on my Pixel without being told I need location history.

Seemed like a low enough bar.

[abawany]

This. The repeated prompts almost seem intent on ensuring that one will click yes inadvertently at some point.

[mda]

This is not true.

[lucideer]

It is true.

Firstly, I was pointing out one small example of Google's privacy settings being non-obvious, which the GP mentioned in their post. There are many, many others one could go into, but we'll stick with just user location privacy for now.

Also, minor disclaimer: What Google does or doesn't collect varies over time (as their policies and regulation changes, and in response to various court-cases). What they might have done according to one source a certain number of weeks/months ago they might have since stopped doing. But my point is that they cannot be trusted to follow the implied behaviour of high-level settings.

However, since you've refuted my statement, some examples:

1. Google's own terms at [0]

> some information (such as the association of your Google Account to your Google Wifi network) is stored by Google even if all privacy controls are turned off.

This is bundled with Google's tracking of the geographic location of each Wifi network to feed their WiPS/WFPS services.

2. As @lern_to_spell has alluded to, "Location Reporting" and "Location History" are separate settings; the former does allow you to turn off some (though not quite all) location recording for your Android device at least, but the latter setting is still very misleading, and the former setting comes with a sacrifice (some apps become unusable). See [1]

3. Even with all of the above granular settings and admissions in terms, Google still have demonstrated in the past that they cannot be trusted to follow even their own loose promises w.r.t. respecting user privacy. e.g. [2] [3] [4] - note these articles are spread over 3 years, and are about events from 6 years previous; not exactly a promising sign of Google's policies being corrected by the court actions.

- [0] https://support.google.com/wifi/answer/6246642?hl=en

- [1] https://www.howtogeek.com/195647/googles-location-history-is...

- [2] https://www.theguardian.com/technology/2010/may/15/google-ad...

- [3] https://www.wired.com/2012/05/google-wifi-fcc-investigation/

- [4] http://www.bbc.com/news/technology-24047235

[mda]

0 is about Google wifi it is not any wifi. What you claimed is still untrue, you are conflating irrelevant things.

[4684499]

Why doesn't such logic apply to Facebook?

   It’s like a journal that writes itself.

Yes it's good, ONLY IF the data is solely used for this purpose. Same thing goes to Facebook. How could you possibly know what they did with your data?

Google is actually creepier to me than Facebook just by comparing their market share in online advertising (Google is twice as much as Facebook), and how actively their officials engaged in political issues.

[sharcerer]

Yeah. Basically there are 2 issues : security,privacy. With any data vased company privacy eill always be a concern so they should try to assure users by giving them top notch security. Google does that. Their security is great. Facebook: a big NO. Just a question. Does google listen through the microphone? Some people show demos on youtube that they talk on phone about something or even say something out loud and then see ads about it.

[ocdtrekkie]

Google's security is as good as they cover their own rear on it. For instance, Google Chrome is hailed as being incredible at security, but they allow extensions which can read and modify the contents of every website you visit with little to no scrutiny. Malware is rampant and distributed directly from Google's extension market, but Chrome is "secure", because by definition, Chrome permits the extensions to be malicious, so it isn't a break in Chrome's definition of security.

In this case, they just blame you for installing an extension that behaves badly.

[cromwellian]

Firefox extensions can be malicious too, but this has nothing at all to do with backend data security, a red herring.

If you create an open system that allows users to do anything to their systems, you create footguns. I don’t see you whining that this is universally true for desktop computers as well.

[ocdtrekkie]

The issue is that Google fails to vet those extensions. At all. Google has decided it is better to serve malware and blame the user than invest a modicum of expense on scrutinizing code that has the capability to capture all of a user's personal data.

It's reckless and it's irresponsible. And it's unique to Google.

EDIT: Also, re: desktop computers, if you check out my Reddit comments, you'll find I've been actively advocating for developers to support UWP sandboxing on Windows, and mostly telling off their excuses why their apps need full system access.

[icebraining]

I agree with you, though it should be noted that Mozilla does review the addons submitted to AMO, including - if this hasn't changed in the past few years - reviewing the code. I don't know how effective those are in preventing malware, though.

[UncleMeat]

Human reviewers are not fabulous at detecting make are sight unseen. This is also wildly unscalable.

[ocdtrekkie]

Extensions do not come in at the volume of YouTube videos. Not only is the scale orders of magnitude smaller: But there's little to gain from an endless supply of browser extensions.

Unreviewed browser extensions should not be permitted, full stop. Microsoft has (finally) figured this out: There's a few dozen Edge extensions which Microsoft has vetted, and that's it.

Additionally, scrutiny for extensions can be filtered by their capabilities. In my given example, the issue is the ability to read and modify content on all websites you view: This permission should only be granted after extreme scrutiny, whereas an extension which can only access a single domain and does a simple thing needs only a cursory glance.

[throw2016]

That is misplaced. Android for instance is intentionally designed to leak like a sieve. The permission system is convoluted and designed to confuse lay users.

Google search itself creepily insists on telling you your location on every search when it has nothing to do with it and is completely irrelevant.

In this way it constantly seeks to legitimize creepy behavior and has gone all out to make stalking and hoovering up data look as if it is ok and harmless.

Combine Google's massive access to data across properties and their creepy behavior and the results are far more sinister.

[laythea]

Who says Google and Facebook don't share data?

[knuththetruth]

Google is helping the Pentagon kill people with drones. How could they be “less creepy” than Facebook(who I otherwise agree is awful)?