> This change means that Google will no longer respond to geofence warrants from law enforcement that request information on all devices near a particular incident.

https://news.ycombinator.com/item?id=40869536

(edit to fix my mistake, thank you Centigonal!)

They do still offer a way to keep an encrypted backup of the database on Google servers (so you don’t lose it if you lose your phone) but its disabled by default and it doesn’t even have a modal popup making it easy to enable backups, you have to specifically click the UI button to see the modal with the info sheet and a button to enable backing it up.

Instead of ranting about privacy maybe you should work on privacy enabling tech solutions to user-needs that clearly some people have.

Still, you can do two things to maximize your privacy:

1. In https://myactivity.google.com/activitycontrols, disable all activity history – everything should show "off".

2. In iOS, turn off background permission to all Google apps. (You can do this for most apps without loss in functionality). Then, turn off location permission all apps. For maps, give it location permission to "allow while using" only.

This is the least intrusive you can get to. Beyond this, you can also use different google account for different google apps to minimize data mingling. Further beyond that, you can just stop using google apps.

There’s a balance between individuals rights to privacy and what makes law enforcement easier.

One argument against broad surveillance measures like this one is that surveillance infrastructure is easy to implement and hard to get rid of again. You might be fine with the laws that are enforced with it today, but you might not be with what it’s used for in the future.

A cost to catch a criminal should be a manual and expensive work from an agent and thus provide no ability to mass abuse human rights on scale. Only on actual criminals when needed.

The problem is that we're expending huge amounts of engineering power to avoid the issue when we could instead be using it to provide a privacy-first option that still safely enables law enforcement efforts to track down violent people whilst not enabling this hypothetical power-inbalance of government over individuals.

Let's be honest though, it's a hypothetical boogeyman. The real problem is that we all secretly know that we don't live in a rainbow world where we all agree on what is "right". We can't even agree on supposedly simple concepts like protecting children's bodily autonomy and safety, so who's to say we will ever be able to agree on any other political issue which arguably pales in comparison.

But I don’t think it’s an inherent tradeoff? In theory, anyway, the police work for us. They’re spending taxpayer money. It’s expensive. If there’s a way of making them more efficient then we should want them to use it. Maybe there are ways?

This doesn’t mean skimping on necessary safeguards, but that doesn’t mean we need to put up unnecessary obstacles about knowing where to look. We should still want them to win at finding criminals and we don’t want “game balance” because it’s not a game.

Catching the bad guys and not prosecuting the wrong people both involve having more accurate information. Bad information means more mistakes.

It doesn’t mean just trusting them. Defense attorneys, judges, and juries benefit from better information, too.

Are you there yet? OK. Now, the manifesto of the candidacies in the upcoming elections is proposing that the location history data of every citizen in your country should be stored in a database, just in case law enforcement needs to know the exact location of any individual at any time to be able to do their investigations. Suppose that their plan to implement it is technologically feasible and requires no additional effort from the citizens.

Would this make you more or less likely to vote for them?

My bank knows everywhere I go (if I spend money). The main mobile phone companies know everywhere I go (in real time, and who with [if they have a phone]). Shops and supermarkets track you around the building by Bluetooth, et cetera.

So, what's the problem if the police get access to this data to solve heinous crimes. I'm not talking the RIP Act (UK, regulatory investigation powers) - which lets a ridiculously broad swathe of people see, eg your internet history - but major crimes ... why not?

To answer your question, as long as the parties had a sound moral basis, supported individual rights, then it wouldn't alter my voting intention. I guess I'm happy to limit the liberty to commit serious crimes.

Elect trustworthy people first.

If you don't start there we're all screwed... but a large number seem to elect 'people who'd sell their grandma to make a nickel'.

No, it just shows that you can repress even with less ability to track people (a fact nobody doubted. The Romans could repress people too and they didn't have mass surveillance).

It, however, absolutely doesn't refute the point that with more ability to track people you can repress more, more effectively, and in novel ways.

>Elect trustworthy people first.

Popular pressure (and even ocassional popular revolt), separation of powers, and various established checks and balances are there precisely so you don't have to depend on electing trustworthy people.

Of course if we could somehow magically only be electing trustworthy people, we wouldn't need to have this discussion (or have these problems).

Why is there a 49% of people with widely different ideas about what's to be done and what's good than the rest 51% of them? What kind of fucked up society would that be?

Democracy pressuposses a shared base consensus about reality and what's good, and then arguing about the specifics and the approaches.

If you don't want fascists then vote/act against that. You can't avoid fascists by making it harder to catch criminals for non-fascists. Then you get "well at least the fascists keep crime rates down".

Maybe it's easier to just not give them the power in the first place?

This seems an entirely different argument - the whole point of using movement data is to increase accountability. Why, excepting being immoral, wouldn't those supporting it agree to higher levels of accountability?

No, plain old respect of privacy against state surveillance.

The "official law infrastructure" also doesn't have other powers that Gestapo, GPU and Stazi used to have. Perhaps they should get them too?

""And there are lots of ways of doing the legal process (including Google's warrant policy, although that's just one way) that are a lot more privacy protective than ordinary warrants. But I can see why this might be in Google's business interest. If there isn't a lot of economic value to Google in keeping the data, and having it means you need to get embroiled in privacy debates over what you do with it, better for Google to drop it.""

The public has the government to thank for this change because if they had not inundated Google with warrants, Google would have continued to collect and keep this data. The data collection and storage caused the warrants. The warrants caused the decision to purge.

These so-called "tech" companies will collect and store data to the detriment of the public's privacy even when it is unclear if doing so has any economic value.

I definitely never actively opted in, and Google never disabled the tracking to force previous tacit consenters to opt in to account for the cultural shift from opt-out to opt-in, which probably happened in the early 2010s?

All of your location data from the E911 system through to Google Play Services and on to maps, etc is constantly being collected then sold and collated among all these companies.

It is impossible on a modern cellphone to fully disable reporting of your location to any provider in the stack.

I'm all for privacy, but people being able to call me is hugely conveninent, and I really don't want to give it up. We need a better solution.

i was worried also that airplane mode may not actually disable the radio but at least one random google result (from reddit, not graphene themselves) says it does.

Sure, the neighbors' cloud-connected doorcams reveal that too. Although I do enable airplane mode here and there while I'm still at my house whenever I don't want to be disturbed for a couple of hours, and I don't always remember to disable airplane mode the instant I walk through my front door, so that's not terribly clean signal for "he left the house at this time and returned at that."

  > shame as a weapon against Big Tech

For what it's worth, mentioning Telegram is even worse because that application is associated with drugs in our country.

What's changed in the meantime, aside from the richness and granularity of location data, is awareness of the potential for the abuse of it all, supported by well-publicized incidents. Which is a good thing; the public is quite tolerant of invisible machinations, as long as they remain distant and abstract.

Keep in mind, these are Mb, not Gb!

Nowadays with a raspberry pi and a 128gb SD card you can go to town on "all location data for the last year for all American cell phones".

Back in 1994, even coordinating reliable central writes of all that location data would have been extraordinarily complicated, and there was not yet a panopticon appetite that would attempt the endeavor without a heavily funded psychopath behind it.

As "we the industry" have gotten more capable (and comfortable) processing huge quantities of data (eg: post map-reduce), and the hardware requirements have fallen to "my cell phone could compute it in an hour", the risk has increased tremendously.

Same story with muskets, cannons and tanks vs AK-47's. "Gun Control" in the musket era is materially different than an era of AK-47's and drones. Same with data processing.

Your location can be used for ad targeting in other contexts. For example if you granted location permission to google.com in your browser, Google gets your location at the time you do a query and uses it both to provide relevant results and to target ads. And if you have search history on, I assume that location snapshot would be saved along with the query in search history, which Google can see. But the comprehensive and much more detailed "Location History" that is collected constantly in the background (when enabled) can't be seen by Google anymore.

From the second paragraph in the linked article:

>Location History is turned off by default, so a user must take several affirmative steps before Google begins tracking and storing his Location History data. [...] Roughly one-third of active Google users have enabled Location History.

This is specifically about the opt-in location history service, not some sort of opt-out/mandatory location reporting that's on android phones.

You do not have to share your location to store search history.

Maps should not store addresses you search for without you signing in.

I didn't say that you had share location history to get search history, only to sign in. Maybe there was some point in the past where sharing location history was tied to having search history, but I don't remember it, and it's certainly not the case today. If you think that's the case you'll have to provide some third party corroboration.

it's not that they don't care - they didnt think they need to care. There's a big difference. Implicit trust in the data usage is the key here.

On the one hand, this implicit trust means the customer is a really good one. But abuses of this trust is inevitable imho, and eventually, it will be made public if it happened. Only then, will those average person actually reveal their real preference - that they do care!

I have. I considered it in depth and did a good deal of psychological research on it. Then I went out onto the street and asked people; dozens and dozens of ordinary people, old, young, rich, poor...

Result: People really care about privacy.

You can read all about it in the podcast and blog I am not allowed to mention here.

What you're alluding to I think is the idea that people do not fully understand the link between technology and privacy violation.

Our view here is also biased. The idea that "people don't care that much about privacy" naturally gets bandied around amongst developers for whom profitable software designs do violate people's privacy.

What happened to Google on privacy could easily happen to any company- people complained about the total amount of data Google had, the gut response of the devs was

“oh, you can trust us, we’re not using it for anything nefarious, just features/debugging”

And then Apple took that and used it as a marketing opportunity.

And now, once you get to a certain size, you start having to develop without metrics/logs, or go through a bunch of red tape to get them.

We don't have to accept this though, everyone in the modern world makes a choice to accept the implied requirements of being part of the system. We accept the assumption that we are all online, that we all have a mobile phone, and that we all keep up with news and pop culture to an extent that we all seem to zero in on the same transient topic like a solar eclipse or an interest in atching movies about both Barbie and Oppenheimer.

Anyone can choose to avoid any one of these parts of the modern world. We're parts of that world, we aren't victims of it.

But if disabling third party storage breaks the apps, you can nominally stop using the apps, but that's often not a viable option and even if it isn't completely infeasible the user will be under significant pressure to indicate consent even if they would prefer not to. That's not where we want to be.

Well my apartment building is about to replace the doorbells with a cell phone app (or phone calls as an alternative). No cell phone -> no door bell. I'm just a renter; I get no say in the matter.

(I.e. this is an entry phone that permits you to remotely unlock the street level door which is being replaced with a mobile app / phone call)

They're not forced into anything.

I completely agree, but I think we need to push society away from requiring for profit products into our life, or at least recognize that they have an association cost to the user. What is the reasonable expectation of a business to profit off a product that we’ve deemed “required”? Who would make or support a product they can’t profit on?

In the EU, they required Facebook to offer a no-tracking version of the product, which meta replied by making a paid tier. Then they required Facebook to not charge for their no-tracking version. So why should facebook stay in the EU if it can’t profit from providing a service? While no one will shed a tear over Meta’s business, it is a massive way for people to connect with each other. Google Maps could theoretically suffer the same fate - and free access to maps seems like a public good. YouTube is another example that can be for the public good due to its educational content. The list of products that are “free” and probably good for society is huge now thanks to effective online advertising.

I don’t want us to shed a tear for billionaire-corporations profit margins, but instead address that we’ve come to rely on them and they probably won’t be altruistic about watching their profits legislated away.

We kind of urgently need new models for certain things that start as for-profit and then fade towards more publicly owned utilities. This is the essence of the idea behind things like patents and copyright, and when we're talking about a service where the creators have been wildly successful the basic issues are mostly the same. Fair compensation, but not ownership in perpetuity. The thing about maps and similar is, it's not an idea to be protected because the idea is the easy part but the data is hard. Since google did some part of the actual mapping, they certainly deserve credit, but of course the whole thing could not exist if GPS wasn't essentially available as a public utility. Maybe if they want to be stingy with the map data forever, they should pay license fees for the GPS technology, since that's a piece of infrastructure they outsource to the public? Or for our individual data, since it's required to build their models?

Regardless of your stance on political/economic ideology, surely individuals can agree that it's not sustainable for society to be beholden to for-profit corporations forever for things like maps, the ability to use a flashlight or a toaster, the ability to open doors on houses or cars you own, or access to water/air. Maintenance is a real issue for most technology even after it's figured out, so probably the corporations should be forced towards spinning off actually separated co-ops/nonprofits/utilities in the fullness of time.

So basically wild profits and all the awful antisocial and anti-competitive behaviour you can get away with, but having some explicit expiration date for service-monopoly as well as idea-monopoly. And as for the question of motivation.. does it really disincentivize creative crooks to know that the next generation of crooks will need a new scam? I think not because the whole point is that this type of person is out for themselves.

The problem with this is that it doesn’t really make sense in the context of the world we live in.

Google built the maps and the servers to host them. Google is entitled to monetize their property (in today’s world). Sure GPS is free to them, but that was a gift to society decades ago and it has spawned countless life-improving enterprises.

They already do pay for access to our data - by giving us maps which are not free to them to create and maintain. We all assume that these companies owe us money for the data but if you didn’t want to give Google data you should be paying a fee to access their maps. Companies used to charge - a lot- for maps and that’s why Google maps was amazing. Just look at how much they and others charge for map APIs.

But then the price-gouging comes, and it's not exactly simple for anyone to "compete", because if another corporation has deep enough pockets to drill a well in the first place then a) they aren't likely to have gotten that way from generosity, and b) in terms of profit it's much easier to go dig another well elsewhere and just start squeezing a different community.

Exactly how much and for how long do we want to let the company squeeze people since they are "entitled to monetize their property"? What if they give the water away for free, but the "price" to the community is that they are subject to medical experiments without their knowledge or their informed consent, or just without any real ability to opt out? What if every well in every town looks like this, so that people can't vote with their feet?

This is clearly a problem in the limit.. anyone who thinks this general scenario is fine, or that it automatically works itself out somehow is not being serious. Water just makes this a simple story to understand. There's more nuance and less urgency in a different setting, but most of the basic issues remain the same.

The following sites use google services and google analytics:

irs.gov

ftb.ca.gov (california state tax authority)

dmv.ca.gov (california department of motor vehicles)

how can you avoid these things?

if money is involved, recaptcha is generally a non-blockable requirement.

Secondly there's nothing special about these services except their moat. Even when serving video was a novel problem, there was dozens of competitors. Nowadays it's a solved problem. If they leave, they'll be replaced overnight, just like many other social networks, messengers, video platforms, etc. before them. They'll go far not to give up a position they will likely never claw back.

  > a big difference between me enabling an app to use my data for the service I believe it provides and them using it for everything else.

Other people’s records concerning you plainly aren’t “[your] … papers.”

Do people really think Google isn't tracking location data without this setting enabled? How would anyone (save for a whistleblower) know? Location history seems like the data Google lets you collect/see for yourself, and not the totality of location data (which includes data collected from nearby wifi networks, nearby cellphones, and other bluetooth devices) that google collects.

> Even after a user opts in, he maintains some control over his location data. He can review, edit, or delete any information that Google has already obtained.

This is pretty misleading. You can see the location information your device sent to google, but you can't see or delete the assumptions that google has made about you based on that data. A list of GPS coordinates showing where you frequently go on Saturday nights isn't what people are concerned about Google having. The fact that those GPS coordinates show that you spend hours at, for example, a gay bar is more of an issue. It doesn't matter if you delete the list of GPS coordinates from your google account because what you can't delete is the "This user is gay and often goes to gay bars on Saturdays" flag that google put there the instant they got that data. No matter what you delete that data stays with Google along with the "here's how long this user stays at the gay bar, when they usually leave, where they go afterwards, and who they are with when they do" flags.

I think what happened to this guy (https://www.nbcnews.com/news/us-news/google-tracked-his-bike...) is a good indication that the entire system and the way it's being used by police is flawed and dangerous.

Even worse, the situation with google is just the tip of the iceberg because it's not just our phones that are tracking us. It's also our cell phone companies, the random cameras and license plate/toll transponder readers we pass by, our "smart" cars, etc. There's so much tracking going on that the typically American has zero control over at all, but which police (and others) could tap into. We really need more protections against this.

You can't, in the same way you wouldn't know whether Carl Sagan really has an invisible dragon in his garage or not. It's impossible to prove a negative.

>It doesn't matter if you delete the list of GPS coordinates from your google account because what you can't delete is the "This user is gay and often goes to gay bars on Saturdays" flag that google put there the instant they got that data.

Is there any evidence this actually happens? The bike thief example you linked is more straightforwardly explained with police using a geofence warrant, rather than some ML system that recorded "this guy bikes at 4pm to 6pm".

Sounds like a good reason not to trust them. That said, it's not impossible to be reasonably assured that our data isn't being stored or used inappropriately, but that would require strong regulations which protected that data and a proven record of companies being caught and facing meaningful consequences for violating those regulations. It'd be nice if we had strong whistleblower protections as well. Maybe a massive bounty to anyone who can prove to regulators that their company is violating customer's privacy would help.

> Is there any evidence this actually happens?

Well, yeah. That's literally Google's entire business model. They collect as much data as they can about you, so that advertisers can request their ads to be show to certain segments of the population. That's what targeted advertising is. Nobody is sending Google updates on their lives, google just makes a bunch of guesses and inferences using the massive amounts of data they collect about you, and as long as they are correct most of the time it pays off for advertisers.

Google isn't alone in that either. Many many companies do it, as well as data brokers. You can be extremely specific in who you target. See for example: https://www.cbsnews.com/news/the-data-brokers-selling-your-p...

Among the worst are lists of people with mental illness, dementia, poor education/literacy, low intelligence, etc. I doubt Google lets you target people based on predatory lists like that, but they might keep them for their own uses. They have collected the test scores and grades of a lot of children through schools that force students to create google accounts and use chromebooks. It'd be pretty easy for them to sort people into buckets like "smart" or "dumb".

Lots of companies privacy polices state specifically that they collect this kind of data. For example, here a company that collects "Personal Information used to create a profile about you, which may include your preferences, reading or writing levels, abilities, aptitudes, and other data or analytics provided about you or your account by our third-party partners or data aggregators. " (https://www.captivoice.com/capti-site/public/entry/privacy_p...)

But I do not believe they have any other identity-linked location data. The way you would know is that there would be an article about the police requesting it.

I think police just send requests to google for location info without specifying how that data was obtained. It's either, "Tell us everything you know about the location of this user between timestamp one and timestamp two", or "Tell us everything you know about all persons within however many miles of this location between timestamp one and timestamp two" and they don't bother sending requests like "Give us the data from your Location Reporting feature" or "Give us all the data from your Find My Phone feature" or "Give us all the data from your Nearby Connections API"

Is This the End of Geofence Warrants? https://www.eff.org/deeplinks/2023/12/end-geofence-warrants

It might not be completely over. There might be other other location stored somewhere. But, it's important to celebrate the win when something like this happens.

“You're receiving this email because you turned on Location History, a Google Account-level setting that creates Timeline, a personal map of your visited places, routes, and trips. You can view, edit, and delete this data anytime in Timeline.

Timeline is changing. To avoid losing visits and routes, update your settings by December 8, 2024.“ ……

Frankly I think that Google wont track me if I flip the bit (bugs not withstanding). Maybe I’m a fool. Do I trust mega corps? No, but I trust them enough to not blatantly lie when there’d be huge legal repercussions.

They’re a massive corporation with tons of lawyers. They have an huge reputational risk, and they are already known to track a lot of data. Ignoring the user would be a massive violation. I’m sure there is massive legal penalty to this, enough to make the company care about being honest. You can find the most useless crap they stored it you do a data takeout request, so what’re the odds that entire teams of people have been secretly working on something violating laws and agreements and everyone including legal has just turned a blind eye?

Everywhere I’ve worked required privacy and legal reviews just to touch data that could be a location, nevermind store or use it associated with a user. Frankly the lack of whistleblowers or leaks should be a massive sign that it’s not happening. Google has been terrible at avoiding leaks, and everyone working there seems to be jaded after the layoffs rocked the company.

Regarding the “gay bar” anecdotes - I think there are some weak protections around “derivative data” in some jurisdictions but this is likely a gap in laws. There is a chance that it could be considered derived location and be purged too.

Ps totally agree on the point about police abuse though.

Except you don't need to whistleblow by testifying in front of congress or whatever. You can anonymously post on HN (or similar tech-oriented forums) with proof and it would be enough to get the ball rolling. Android and google play services is archived everywhere it'll be easy for others to check your work.

I'd bet that very few people would have the kind of access to see what violations of people's privacy are taking place and that proof someone posted to social media (besides a massive leak of innocent people's personal data) may not be verifiable by anyone other than google employees or regulators/government who could get into Google's internal systems.

I suppose that they could if there was a lie_to_public_about_data_collection() function in Android's source code or a massive store of location data that shouldn't exist just sitting unencrypted on our devices and being transmitted to google unencrypted, but other situations would be much less clear.

For example, when you open Google maps, you'd fully expect that your location would be sent to google. You'd also expect that google wouldn't keep that information tied to your account if you'd opted out of that tracking in your account settings. If google were keeping a copy of that location data on an internal server somewhere, associated with your dossier, but not made visible to users (or even most google employees) what proof would you expect to see posted to HN that we could verify for ourselves? Screenshots of the database/internal tool/documentation might be good, but screenshots can be faked and since we don't have access to the database, or the server deep inside google that hosts it, or their internal documentation we'd be unable to say for sure if it the screenshots were real.

Companies are using all kinds of tricks these days to catch whistleblowers like logging anyone who accesses sensitive information and adding hidden watermarks to documents and images. Just going to social media or the press could be very risky.

Could do speech analysis on the text and compare against company slack / email.

only a few people have the access to the leaked info and trivial to work out

We get the new pixels leaked every year for a decade. We get all sorts of leaks from Google very regularly in the news.

If you work for a tech company and you have juicy new stories you can quite literally call a journalist and get something in the news that week.

Is this satire? There are countless discussions about how GDPR for example is not being enforced properly, how fines are not small enough to move the needle for corporations and are just a cost of doing business. Apple and Google and Microsoft and Facebook are continuously fighting the EU Comission about privacy and market domination on multiple fronts, and recently the US DOJ has started fighting them too. I have never seen any clue that they are afraid.

I have no idea what you are talking about.

>Before he can activate the setting, however, Google always presents him language that explains the basics of the service.

Moreover, most people did not blindly click through all the prompts:

>Roughly one-third of active Google users have enabled Location History.