Google responds to location-stalking outcry by… tweaking words on its BS support page
Hi, is that the FTC? Yep, they're at it again
Google has responded to an outcry over how it continues to keep a record on people's whereabouts – even when they specifically opt-out – by changing the word of its misleading help page.
Earlier this week, researchers revealed that even if you went to Google's "location history" setting and turned it off, its most common iOS, Android and desktop apps and services – including Maps and Search – would continue to keep a log of your locations.
Google claimed that despite the misleading title of the setting, this approach was above board because its help page connected to the setting gave a "clear description" of how it worked.
"You control what’s saved in your Location History, and you can delete your history at any time," the page read. "You can turn off Location History at any time. With Location History off, the places you go are no longer stored. When you turn off Location History for your Google Account, it's off for all devices associated with that Google Account."
But this week the advertising goliath inserted an extra paragraph so it now reads: "You can turn off Location History at the account level at any time. This setting does not affect other location services on your device, like Google Location Services and Find My Device. Some location data may be saved as part of your activity on other services, like Search and Maps."
This is the same wording that appeared in the mobile phone version of the help page the same day as the story broke. Thanks to cached versions of the website version, it is possible to see that the online version online changed on Thursday.
Google acknowledged it has been rewriting its own pages, saying in a statement: "We have been updating the explanatory language about Location History to make it more consistent and clear across our platforms and help centers."
These changes to language are irrelevant to the main argument. Google says that all users can change their privacy settings, it provides an option named "Location History," and then specifically does not tie location data from its two largest apps to that option.
Why does it do that? Because it is worth a lot of money to Google. Tracking location provides valuable data to sell to advertisers who can specify that they want ads to be targeted to people who live in or have visited highly specific locations.
There is clearly a difference between allowing an app to use your location when you are using it – like searching for coffee shops in a part of town you rarely visit – and storing that location information so it can be attached to your profile and sold to advertisers.
It is worth noting that despite the language update, Google still fails to tell users where they can actually turn off location tracking and storing for Maps and Search.
Google risks mega-fine in EU over location 'stalking'READ MORE
That option is included – for now at least – in the "Web and App Activity" option. But there is no actual mention of the word "location" in the help page for that option. And, it's also worth noting that Google pulls the same stunt with this option as it does with Location History: turning off web and app activity doesn't actually turn off all web and app activity.
From that help page: "If your Android usage & diagnostics setting is turned on, your device will still share information with Google, like battery level, how often you use your device and apps, and system errors. View Google settings on your Android device to change this setting."
Faced with an outcry that indicated clearly users had been confident that turning off "location history" would actually turn off location history, Google has responded by changing some wording rather than adjusting its actual approach.
As to why it made those changes at all, it has nothing to do with user frustration and everything to do with an inevitable investigation by the US government's Federal Trade Commission (FTC) and possibly huge fines under European data protection legislation.
Google is still operating under an agreement reached with the FTC back in 2011 after it was found to be revealing users' personal details without their consent in its now defunct Buzz service. It agreed to regular privacy audits for no less than 20 years as a result.
A year later – August 2012 – it was fined $22.5m for breaking that agreement through tracking cookies in Safari. At the time consumer groups complained the fine was too small and wouldn't cause Google to change its ways – a claim that a judge rejected.
But as The Reg has persistently pointed out, Google has not learned its lesson, and has been obsessively stalking users every since. Last year, it was revealed that even if you didn't have a SIM card in your Android phone and had turned off tracking, it was still sending location data back home.
The FTC won't confirm that it is looking into Google clearly misleading wording around tracking and storing location data, but there is no real doubt it is happening. Unfortunately, even if the FTC does ultimately find Google guilty of misleading people, the resulting fine is unlikely to be greater than the money the company continues to make from tracking users.
However, this time around there is another, much larger weapon in place: Europe's General Data Protection Regulation (GDPR) which can fine a company as much as four per cent of annual turnover if it is found to have knowingly misused or gathered users' private data.
GDPR was created specifically to force large companies to take privacy legislation seriously by hitting them where it really hurts – their wallet. And it's easy to see how Google's determined tracking of users could fit squarely into the GDPR's remit and could provide European regulators with a big win that would serve as a huge warning for everybody else. Privacy campaigners are already pushing the case.
"Burying its stalking settings, while distracting users with a deliberately crippled 'Location history' button, isn't just deceitful – it's unlawful," argues one, Phil Booth. "Without proper consent or legitimate purpose, Google is breaching the GDPR rights of every EU citizen it has been tracking."
It seems that in 2018 there may still be repercussions for people that insisting on pushing their flawed version of reality. ®
Sponsored: Becoming a Pragmatic Security Leader