This article doesn't seem to be supported by the provided facts.
In all cases except one, the feature seems to be working as intended:
> "After I sat for 15 minutes in the parking lots of two clinics south of San Francisco, Google deleted each from my location history within 24 hours. It did the same for my colleague’s two visits to clinics in Florida."
And in the one case where the author claims it hasn't been deleted, the screenshot [1] isn't showing Planned Parenthood as part of the timeline at all. It's simply showing it as a map location like other nearby locations not on the path (like "Himalayan Cuisine") -- and even labels it as "Recently viewed", which is why it might be prioritizing showing it when it might not otherwise. Not because it was in the timeline, but because it was recently viewed.
The only other criticism is:
> Often, Google kept my location on its timeline but only labeled it as the name of a neighborhood rather than a specific clinic. One time, it labeled my visit to a Planned Parenthood clinic as the coffee shop next door, and kept the record.
But what is Google supposed to do? It thinks you went to the coffee shop because location data isn't perfect. Sometimes it labels something adjacent and sometimes it doesn't label anything at all.
The feature seems to be working as intended, and if you want more privacy then just turn your timeline history off.
It's a great reminder, though, that relying on Google to be able to discern a sensitive situation isn't adequate. Even if Google was perfect, they can't read minds.
Best practice still has to remain to turn off your phone, or at least put it in airplane mode, before you leave the house if you need more privacy.
I believe even in airplane mode it’s been shown that your phone will still send general location data back to your carrier once back online but I don’t recall specifics
How would it collect any location data in airplane mode: WiFi, Bluetooth, GPS, and related, should all be turned off. NFC too I presume. I doubt readings from vibration (step counting), barometer, compass, if your device takes such readings, are going to be useful enough on their own to provide a good location fix.
Maybe if you take a photo of something recognisable they could log your location at that point if the photo is automatically tagged when you connect later. Though even if that is the case, I expect the OP wasn't taking pictures of any landmarks during a journey to/from the abortion clinic.
I believe the premise is that airplane mode disconnects the OS from the modem, but it doesn't necessarily turn the modem itself off. It's still hitting cell towers and phoning back to Qualcomm. If Qualcomm has this information, three letter agencies have this information.
Accelerometer and gyroscope are enough to do a pretty decent mapping of indoor locations without GPS and the like. Its all differential, so the longer it goes without a point of reference the lower the confidence is, but its possible.
Is it really a valid test to just drive there and sit in the parking lot? They mention sitting there for 15 minutes at two locations, but don't discuss the rest. So perhaps they actually went into the building other times. It is not clear to me.
If you are just sitting in a shared parking lot with other business around how are they supposed to label the location? If it gets labeled as probably being the coffee shop, then its not a visit to a sensitive location which needs to get deleted.
Scenario: You navigate to a sensitive location. Close out Google Maps and do whatever. Now they forget where you navigated to, because it is sensitive. Some time later, you open Google Maps and navigate home. It now has an unknown location as your starting point, and guesses somewhere close. So it picks up the coffee shop as potential. And uses that as the starting point for the new trip. How could they also remove that coffee shop? That would require retaining the fact that you were at a sensitive location there.
Also note that the lack of data around sensitive locations in your history may be an indicator for those looking for it. If you had gone to the coffee shop it would show up as the coffee shop, but instead it shows up as no data. I would much rather it have a nearby plausible location than a total gap in the data.
And I think the most important part of it is they don't have any history of anyone going to that specific location. So a subpoena asking for everyone who went to that location returns 0 results. Getting a subpoena for everyone who went to the neighborhood or the coffee shop, should be harder, and even if they get it its not likely to provide any useful info.
as someone who does not have a google account signed in to my android phone, who tries to mostly use f-droid, i find it deeply unsettling that all my actions are recorded by the overlords. why should you opt in to that?
you say turn it off but how many people know that option even exists?
Yes, but every time I’ve shown someone their location map they have not remembered turning it on.
I think this is in part to google prompting you pretty much every time you use maps or other web tools to turn on location history for improved functionality. I think lots of people don’t understand that and just turn it on to remove the prompt.
Kind of frustrating as this could be done in a privacy preserving manner by keeping all location data local on device and overlaying it on the map locally. Functionality wise, google doesn’t need these data.
> In all cases except one, the feature seems to be working as intended:
This is not supported by the article text.
>To test Google’s privacy promise, I’ve been running an experiment. Over the last few weeks, I visited a dozen abortion clinics, medical centers and fertility specialists around California, using Google Maps for directions. A colleague visited two more in Florida.
In about half of the visits, I watched Google retain a map of my activity
"Often, Google kept my location on its timeline but only labeled it as the name of a neighborhood rather than a specific clinic. One time, it labeled my visit to a Planned Parenthood clinic as the coffee shop next door, and kept the record."
IOW, Google saw the author going to places _other_ than the abortion clinics or did not identify that the author had gone to the abortion clinic, so Google did not delete those entries.
Should Google delete all entries of anyone who at anytime passes within X feet/miles of an abortion clinic?
> Should Google delete all entries of anyone who at anytime passes within X feet/miles of an abortion clinic?
Should Google tell people they will proactively delete location data when people visited "particularly personal" places including abortion clinics if they didn't intend to keep their word?
Geofence warrants are a real danger and Google told the public they would delete their location history to protect people against this threat.
These warrants are based on GPS location, not how Google labels things.
Not defending google but this guy has manually enabled one of the most privacy sensitivity features on Google, the Maps location history timeline (which is great if you like it and want to trade your privacy), and then expects google to be perfect at detecting specifically "personal" visits like clinics and deleting them automatically, proving that this new "feature" kinda works but not very well as it misses multiple cases (although who knows if developers accounted for someone visiting 20 abortion clinics one after the other the same day, and waiting in the parking..., What if developers account for GPS signal loss, wifi network identification or other location information??)
The journalist refers to the feature to delete sensitive locations as a "Privacy promise". Google never uses the word promise, but it does market this feature as something that can keep your health data secure. The user shouldn't have to understand how technology works, or have a grasp about how hard the problem is. This is Google over promising and under delivering. This tech is not applicable for the use cases Google bills it as. Users will always hate over promising and under delivering.
This puts people at personal risk, erodes their faith in tech, and provides an image of political grandstanding. (Washington should protect you, but Google will is a major message [0]). I'm defending this guy. He saw Google make a promise it couldn't keep, ran real world tests, and told the world where they fell short. I wish there was more we could do to keep tech companies accountable for failed promises, but this is the bare minimum.
> The user shouldn't have to understand how technology works, or have a grasp about how hard the problem is.
They enabled location tracking, and got mad when their location was tracked. You can really only do so much from the product side here. Personal responsibility has to come into play at some point.
We're engineers, we could implement location tracking in a way that only the user being tracked has access to it. Google could store it in the cloud but encrypted with a key Google has no access to.
It's irresponsible I think in 2023 to have any technology that is this privacy-vacuous.
> We're engineers, we could implement location tracking in a way that only the user being tracked has access to it. Google could store it in the cloud but encrypted with a key Google has no access to.
Many other features that people find useful wouldn't be possible in this world. If that's the product you want, find an alternative that's not Google maps. I suggest OsmAnd.
> Location History: Location History is a Google account setting that is off by default, and for those that turn it on, we provide simple controls like auto-delete so users can easily delete parts, or all, of their data at any time. Some of the places people visit — including medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others — can be particularly personal. Today, we’re announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit. This change will take effect in the coming weeks.
This seems to be pretty clearly what was happening, as described by the author of the article. *If* the systems detected an abortion clinic visit, it was deleted. No further guarantees were made in the blog post. The same post provides links to documentation on managing your location settings and history, so the user can adjust if they are unhappy with Google's behavior.
The blog post spends lot of effort talking about the importance of privacy, and protecting your health data. It shames other organizations for not protecting your privacy. It describes how privacy is a value at Google. Then it announces auto-delete as one of their major features. A journalist reported auto-delete works about half of the time.
Strictly speaking I'm unsure if something illegal happened. Ethically it feels like Google is overpromising and making empty political gestures. I just hope no one relies on this feature for their personal or legal safety.
You're leaving out the critical part where the VP of whatever signed off on the press release, then moved on while the feature was implemented as described in the release.
My name is Rene Wiltord. It is actually horrific that HN has violated my privacy so badly that my name is publicly visible here. I propose that the site be shut down.
Also I did not consent to your comment being the parent in this thread to mine. When will the rights of consumers like mine be respected. We can't expect a non techie to even know what comment thread parent and child relationships are.
This isn't about the journalist, it's about the millions of people they are trying to help that have no freaking clue about what location history means.
He's probably not even mad, but rather eager to seize on a flimsy pretext to write a hysterical headline. A simple report to Google would have sufficed.
It applies to corporations all the time. Really big corporations with lots of money and influence (like human beings with lots of money and influence) may avoid responsibility for their actions, but most corporations are _small_ and a best-effort but unintentional misstep of the law can wreck them.
People work for a corporation, but a corporation is not a person. It is a legal entity that exists separately and distinct from the people that work for it.
Legally, a corporation is a person. It's not a human being, but it is a person.
This was not some accident of the law: this was deliberately designed hundreds of years ago and is well understood outside of internet comment sections.
> Legally, a corporation is a person. It's not a human being, but it is a person.
A corporation is a unique legal entity that has a limited subset of the rights of a person, but is not considered the same as a person as a blanket statement.
Specifically, a corporation is considered a "person" for the purposes of being able to enter into contracts, being able to sue and be sued, and similar.
There are privacy "promises" and then there are privacy laws like CCPA in California which companies are supposed to comply with. CCPA requires data brokers and large tech companies to maintain at least two channels by which users (including users who have no account / nothing to do with the company) can submit basic privacy requests like right to know and right to delete.
I searched for a couple hours last week and couldn't find a single way to submit a CCPA request to Google.
If anyone has the links, I'd love to be proven wrong here, but the sense I came away with is that Google is somewhat hostile towards real, accessible user privacy.
The privacy policy can differ from country to country, I had to proxy into the US to get the section on US state law requirements, otherwise from the UK it's replaced with a European requirements section instead.
> CCPA requires data brokers and large tech companies to maintain at least two channels
My interpretation of the CCPA is such that a business that operates exclusively online only needs to provide an email address and the two or more designated methods does not apply.
This is 100% the right take. Thinking about it from the perspective of, "well I'm in tech and I know we're all bad at our jobs[1] so of course this will have these failure modes" for a thing that is an actual security feature is totally unacceptable. It cost them nothing to do nothing on this front. There could have been an incognito mode for location history and a "delete the last 4 hours" that, while manual, would have worked 100%.
Also, are those purely abortion clinics? Can't you get just a checkup or birth control or anything else there?
Othrwise I agree with the comment... if you want a large corporation to have your location data, don't complain if that large corporation has your location data.
I suspect that having visited one of those places could be considered proof of wrongdoing in a legal proceeding.
I’m not sure that visits are sufficient to lead to incrimination now, but it might be soon — enough that those visits should be considered “sensitive” by any commonly understood acception of the word.
> I suspect that having visited one of those places could be considered proof of wrongdoing in a legal proceeding.
No as there are other services- breast exams, birth control, consults, etc. Most people visit planned parenthood for things other than abortions.
I think the risk is to cast a net for everyone who visited and then buy deid medical data on those individuals and then subpoena specific records of individuals. So this data is just the first piece since they can’t just read everyone’s medical record.
this guy has manually enabled one of the most privacy sensitivity features on Google
You must not be bothered by being constantly nagged to turn it on. From TFA:
"many Google services — from search to maps — try to get you to hand over location data with the promise of a better experience."
Moreover, people only have to give in to Google's pleas and hollow promises once. Five years down the road when they're in a desperate situation, their last thought is going to be "I'd better turn off a trillion-dollar advertising company's invasive tracking of my every movement before I engage in this life-altering behavior."
I use at least 9 devices (four laptops, a desktop, watch, two phones, tablet) with Maps on them and very much appreciate having the location data synced serverside.
You can sync data in a privacy preserving way. For example, chrome sync passwords but google doesn’t have access to them. Apple syncs health data and have access.
Etc etc.
Sync is not a reason to have server side access to location data.
> Not defending google but this guy has manually enabled one of the most privacy sensitivity features on Google
Google told the public that it didn't need to fear that particular feature.
From TFA: Google offered a partial solution: It would proactively delete its trove of location data when people visited “particularly personal” places, including abortion clinics, hospitals and shelters.
I would be shocked if Google didn't have highly accurate location information of sensitive places like abortion clinics. It also has highly accurate location information either directly from your device or through other lookups.
It's highly unlikely they lack the capability to /dev/null this location history.
I wonder if Google allow people to run advertising campaigns targeting people in abortion clinic waiting rooms?
I wonder if Google allow people to run advertising campaigns targeting people in abortion clinic waiting rooms?
From a technical standpoint, it should be possible.
Years ago, before ad tech became nearly as out-of-control as it is today, lawyers were using either Google or Facebook (I forget which) to target ads at people waiting in hospital emergency rooms.
Users need to turn off location history, or manually delete sensitive trips.
It’s not that Google is doing anything purposely malicious, it’s just that it doesn’t differentiate between sitting in the parking lot of Planned Parenthood to get an abortion vs sitting in the parking lot of Planned Parenthood drinking the coffee you got next door at Starbucks.
Or sitting in the parking lot of Planned Parenthood getting ready for your abortion vs getting ready to protest abortions.
This author seems to think google has too much knowledge and doesn’t know that it’s just dumb. It also seems odd that they don’t call out how to fix this by turning off location history, or removing items, or not using google. These are the only ways that I would feel safe that a group wasn’t able to find my abortion info.
That being said, Id rather all this data collection be outlawed and if this confusion leads to the death of selling location data then I’m all for it. I think the harm is greater from google (and others) selling location data to sell sugar and food and other harmful things through ads than the few incidents of law enforcement prosecuting abortions. Of course the harm from the micro offense of showing an ad for McDonald’s when I search for healthy restaurants and break down is very much below prosecuting women from seeking healthcare, it’s much more common. So it would be nice to remove the harm from 1M instances of crappy targeted ads from location as well as each 1 instance of abortion data misused or gay priests outed.
But I want this data, and it's a dilemma for me. I want to look back in my past 20 years from now and see where I was at every moment, it's super cool information to have and would help me inform my history.
This is probably a good question for all you guys. Is there an open source alternative location data logger that I could use instead for something like this?
... but I think it is perhaps a bit too trip oriented. It sounds like you want something more life oriented.
It is an interesting idea. With public key cryptography you could securely log and encrypt your every movement. Even if the phone was seized later there would be no access to the data. The private key required to decrypt the data could be kept on the phone encrypted with a strong passphrase or in a completely different secure location.
This is a ridiculous argument. Google Maps is all but useless with location history turned off. Google offers the illusion of choice because the option makes it sound like they respect your privacy, while they're strongly motivated to convince you to hand over your data.
I had it turned off for many years and caved about a year ago.
Because:
-it asks me every time I open it. Every day.
-it won’t save places or favorites
-it won’t save local maps
-it won’t save my home address or common routes
Basically, they don’t do any local storage and force you to share data with google to get “basic” functionality that Apple Maps and other maps apps provide because storing local settings is dead simple (although local settings are encrypted and synced to cloud and can’t be read or used for analysis).
Like others, I've had location history off for a long time now (5 years?).
It works just fine with it off. Although on some devices, it prompts me to re-enable it every time I launch it (as well as turn on location sharing). I never get these prompts on my phones, but always on my Samsung tablet.
Google has long abandoned updating the tablet versions of their apps, only maintaining them to ensure they don't break. Even the YouTube app on tablets is years behind on features (the side effect of this is that it harms the experience when using a folding phone).
I remember there was a time when Google Maps android app refused to work when location was turned off, not location history - just location permission for the app. In those cases I would just allow location permission, look up what i needed and disable it again.
Nowadays it lets you use itself without location permission.
The primary purpose of Google Maps is navigation (including e.g. traffic detection)? You need location services on for navigation obviously but I don't see why the location history setting is a requisite functionality. I use Maps all the time but not location history.
Google operates in the US, and therefore any data that it holds (in clear) can be subpoenaed. If a judge in, say, Alabama signs a warrant, Google has very little leeway to refuse to hand over evidence that your phone was in that parking lot.
The other company uses their marketing to pretend it isn't.
If I need to have a private conversation, we leave phones in the house and go for a walk. I havent had the need to hide my location, but I'd do the same.
There is an amusingly high level of irony in going out in public for a private conversation. :D
Granted, I also don't have the same level of concern that is being expressed here. Nor the level of fear that my phone is always listening. Seems rather unlikely, all told. Unless I'm the target of an investigation or the victim of a stalker. In both cases, I'm far more likely to have active threats against my privacy than a passive phone of my own.
Are you that worried about the yellow dot (on iOS) or equivalent on Android being overriden to hide microphone use?
Edit: Apparently people disliked my phrasing. Before Apple added the yellow dot to indicate the microphone was live I was far more sensitive to leaving phones behind. Now, I've relaxed somewhat. Absent concerns about intelligence service level eavesdroppers (which is a real concern for some situations), is there really still a threat there?
Depends on how sure you want to be that nobody is listening, it's not necessary for the yellow dot to be overridden, maybe the attacker is using the accelerometer to act as an improvised microphone.
Sorry, this is absolutely not a thing. You’d have something if you said that someone could use the speaker as a mic, although of course you can’t do that on a phone without taking it apart. But the accelerometer on a phone, while in the phone, cannot be used as a microphone. I’d be very very impressed if someone managed to get usable sound out of an accelerometer floating in free space even, although that’s mildly conceivable. And while I hate to appeal to authority, I worked at Fitbit for 7 years and was directly responsible for the algorithms team that built the step counting, activity recognition and other algorithms for a chunk of that time. I’m very familiar with what the data off an accelerometer looks like and what you can train a model to extract from it.
Reading your message it hit me how trivial it is to not take the phone with me for a minute, and yet how incredibly far I was from thinking of it on my own.
Leaving your phone behind in daily life is less than trivial.
* My car insurance is currently only on my phone, and the printed cards in my glovebox are years out of date. I cannot drive.
* If your car has LTE or 5G you should not use it. Those will leak location data.
* It's almost moot if you do a transaction with a credit card. You need to use cash to not leak data. It would be a signal if you only take cash out of an ATM once in a blue moon. Many 'sensitive' transactions, such as medical care, can generate paper trails.
* In some cities it's moot due to the large number of cameras with facial recognition. In fact, to someone that has both phone data and city facial recognition data the fact that you don't have your phone could be used as a signal for closer investigation.
* If there is an emergency, such as you are arrested, or there is a medical emergency in which you need to go to the hospital, do you have a contact's phone number memorized?
> * My car insurance is currently only on my phone, and the printed cards in my glovebox are years out of date. I cannot drive.
Not sure if this is the norm elsewhere, but in Georgia police don't always ask for your insurance card anymore because they're able to lookup your insurance information when they run your tag.
I was used to this too and got pulled over in Utah and ticketed because Utah can’t do that, my insurance card is in an app not saved to my phone, and we were in a desert with no signal.
That Utah cop was a jerk. Now I have a pdf on my phone’s drive and a print out in the glovebox.
In the state I am in the police are able to lookup your insurance information, but it is still against regulation to drive without your insurance documentation.
I’m absolutely not defending misrepresentation and dubious marketing. However, if a company is not known for having that information, it’s less likely that a judge will know they can share it, and therefore compel them to hand it over. I’d be very surprised if a Google representative could get away with pretending they hadn’t heard of that Google Maps feature when a law enforcement officer mentions they’ve asked for it hundreds of times.
A bit meta (sorry): Why do Americans keep calling it abortion clinics? Isn't maternity care center or maternity clinic a bit more suitable. Abortions is just a small fraction of what they do, at least at my corner of the world.
In the North American context, "maternity care" would probably be understood as midwifery, which is not Planned Parenthood's main vocation.
That said, you're correct that Planned Parenthood offers many more services than just abortion, but the category they'd be in is "sexual and reproductive healthcare," not "maternity care."
Many advocates are pushing for "abortion forward" language to de-stigmatize the procedure, and (at least in Canada) some clinics are opting for less euphemistic names.[0]
Because that's what they provide, and that's what they deal in, exclusively. Maternity care centers generally deal with other aspects of pregnancy, though some may also provide abortion services.
I got testicular/prostate cancer screening done at a Planned Parenthood (randomly, it was the closest place offering it) so I'm pretty sure they provide services other than abortions?
Sure, but that is not their primary focus, or historic mission. But what are you going to so with an organization founded by an out and out eugenicist.
Because "abortion" is a hot political issue in the US, and a word that pushes lots of people's emotional buttons. And because anyone using less-button-pushing words to describe things is a for-sure loser in the Darwinian attention economy.
The only way to be sure your data isn't used is if it doesn't exist in the first place. Promises of filtering or safeguards or deletion after the fact aren't worth the pixels they're displayed on.
Most of us have to accept tradeoffs of convenience vs security, privacy vs durability of data, cost vs benefit.
And we have to rely on the sometimes erroneous, sometimes fraudulent claims of various companies and people when making tradeoff decisions, knowing they are generally more or less accurate but occasionally totally wrong.
I wasn't saying anything about course of action. Everyone has their own weights and values on pros and cons of everything.
All I'm saying is once the data genie leaves the bottle, anything could happen to it, regardless of promise or intent. Emails that I sent 20 years ago could still be out there on a drive or tape somewhere, and until every copy of it disappears, it could be used in the future by anyone for anything. Maybe it already has, I wouldn't know. The only way for it not to be used is if I never made it. So instead of dismissing this as naive absolutism, take it as a public service announcement to "think before you use" any service.
The "absolutism" of simply not choosing to have Google track you everywhere you go needn't be something you miss. You can have it today, if you want it.
«we will delete that entry from Location History soon after they visit» sounds to me pretty much like an override of opt-in, so users can have a reasonable expectation that location history setting should not matter in such cases.
And that's what happened in this case, right? The author seems more upset that it tracked his visit to the coffee shop, which to GP's point, they opted into.
People specifically want and are opting into "location history that excludes abortion clinics". Not opting into "location history including abortion clinics". Google is tracking them to abortion clinics anyway. This is a violation of their settings. Whether Google failed as a policy or glitch is irrelevant. If they had said "a bug in the checkbox left location history on for everyone who turns it off" that would be unacceptable.
"Google privacy setting tested and doesn't work" seems like a pretty important headline to me.
I park on the street in one of the spots in front of Antigua Coffee and Planned Parenthood. Google doesn't know if I am getting a coffee or an abortion, or maybe both. What specifically should Google software do?
This isn't a contrived example. This is one of the examples the author complained about. "One time, it labeled my visit to a Planned Parenthood clinic as the coffee shop next door, and kept the record." Google isn't a mind reader yet.
I'm not going to go through the trouble of screenshotting a website. Look at Googles statement[1] among other places. There is no "location history with abortion clinics" option.
To lay it out more clearly... Google has stated (in that linked document) that places like abortion clinics will be removed from location history
> Some of the places people visit — including medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others — can be particularly personal. Today, we’re announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit. This change will take effect in the coming weeks.
As such, if you don't opt into having that history kept (which it doesn't appear you can), you should be able to expect it will be deleted. That being said, it does seem to pretty clearly indicate that those locations _will_ be tracked; just that said information will be removed later.
"Today, we’re announcing that *IF* our systems identify that someone has visited one of these places, we will delete these entries"
Everyone citing Google's statement is ignoring that conditional clause.
If they identify the person as going to the Starbucks next door, they won't delete the entry. If they identify the person as going near an abortion clinic but not _to_ the abortion clinic, they won't delete the entry.
Read the article. It’s explicitly communicated by Google spokesperson. When company official makes such statement it must have similar legal consequences as the TOS, because it’s effectively an advertisement of how their service works.
> Pretty sure it’s one of several steps you click through when you sign up for a Google account. And so most people will probably accept it.
So google ASKS you to turn on location data during setup. It’s the consumer’s decision to turn it on and reap the _$benefits_ or keep it off and lose out on _$benefits_. Should there be a secondary and tertiary prompt warning of the exact data collected? Will users just mindlessly click through those too?
Is it that simple though? 99% of businesses do not share full context of the use of personal data in a way where user could understand all the unintended consequences of their choice. Does Google explicitly tell users when they opt-in to some feature that it may result in sensitive data eventually exposed?
No it should not ask at all during setup. You should have to manually go into settings and enable it there. That’s what real opt-in is. Not overwhelming the user with a bunch of questions during account setup.
I do not know if it is still true, but at one point if you did not enable location sharing, Google Maps would refuse to let you store previous searches/saved locations. Huge degradation in usability to get you to agree to sharing your data.
Given that knowingly visiting one of these locations exposes you to potential liability in the state of Texas, I wonder whether this exposes Google itself to any liability -- especially if there's any chance that they might log you at an abortion clinic when you in fact were next door . . .
The author offers a solution that doesn't involve Google, but honestly, the solution is far more fundamental. Technology cannot protect you when your government is trying to push intrusive and oppressive laws.
So -- do follow the author's recommendations, but also vote out those politicians and parties who are trying to push these laws at the local, state, and national level. That should be a coda to every one of these articles.
"Technology cannot protect you when your government is trying to push intrusive and oppressive laws."
Rubbish. The Onion Router (TOR) is specifically built for people trying to evade authoritarian governments with "intrusive and oppressive laws". GPG. E2EE. Technology can't _guarantee_ that an authoritarian government won't sniff you out, but it can at least partially protect you.
"also vote out those politicians and parties who are trying to push these laws at the local, state, and national level."
That's not realistic for a number of reasons.
In the US, almost all politicians want to create a surveillance state -- they just disagree on who they want to target. And lots of voters support Their Side on this.
Putting aside partisanship, voters overwhelmingly support laws targeting Sex Offenders, including mass surveillance ostensibly for hunting down the witches.
But let's say that we magically vote out all of the authoritarians tomorrow -- what about in two years? 10 years? 20 years? One of the issues with this data collection is that it is _forever_. In 20 years, the government can go to Google and ask them what you were doing today, and Google has that because the data lasts _forever_.
So, yes, we should target authoritarian politicians and vote them out. We should also persuade the populace that mass surveillance is always a bad idea. We should avoid companies that are deliberately surveilling us. And finally, we should specifically use technology to protect us from surveillance, because the first three things aren't very realistic.
I didn't notice a simple, practical piece of advice: Leave your phone at home.
It would be inconvenient but if I did something I wanted to keep very private, I would leave my phone on my desk while I did it. A change in my activity or its absence reveals something possibly happened, but at least doesn't spell it out.
I didn't see any opt-in sensitive location redaction settings, just timed deletetion. I did see this: From: Protecting people’s privacy on health topics, Jul 01, 2022, Jen Fitzpatrick SVP, Core
Location History: Location History is a Google account setting that is off by default, and for those that turn it on, we provide simple controls like auto-delete so users can easily delete parts, or all, of their data at any time. Some of the places people visit — including medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others — can be particularly personal. Today, we’re announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit. This change will take effect in the coming weeks.
Google should never have said they would implement this feature. It was a mistake because they can't and don't want to do it properly enough to be useful.
Mobile phones are no longer optional devices that citizens can do without. The noose is tightening and even in "enlightened" privacy regimes like in Europe, it slowly but surely becomes impossible to participate in normal activity without using one. Digital identity, access to banking services etc. are all routed through this device.
This central role of the mobile is simply incompatible with it being an adtech gadget. Put that in your pipe and smoke it. The geniuses behind regulation and policy making in this space must decide what sort of game they are playing, why are they procrastinating and what the endgame is.
I can think of three options going forward:
* Draconian restrictions on existing mobile phone platforms so that people really don't have to worry about privacy any more (but this may destroy certain business models)
* Funding a true open source mobile (e.g. linux based) as a public good so that people do have a real privacy friendly alternative that provides access to all these services
* Provide separate (non-phone) portable digital devices that support for all critical identity or payment functions that citizens cannot opt out from. I should be able to use a feature phone and such a device to accomplish all non-optional digital functions.
The bottom line is that the digitization of public sector / government / medical / financial services is now in full swing across the globe. The current arrangement is simply not fit for purpose.
The fact that you handled Google data in the first place and kindly begged them to detect and delete sensitive ones is slightly out or order.
The thing is regulate apps in first place.
In all cases except one, the feature seems to be working as intended:
> "After I sat for 15 minutes in the parking lots of two clinics south of San Francisco, Google deleted each from my location history within 24 hours. It did the same for my colleague’s two visits to clinics in Florida."
And in the one case where the author claims it hasn't been deleted, the screenshot [1] isn't showing Planned Parenthood as part of the timeline at all. It's simply showing it as a map location like other nearby locations not on the path (like "Himalayan Cuisine") -- and even labels it as "Recently viewed", which is why it might be prioritizing showing it when it might not otherwise. Not because it was in the timeline, but because it was recently viewed.
The only other criticism is:
> Often, Google kept my location on its timeline but only labeled it as the name of a neighborhood rather than a specific clinic. One time, it labeled my visit to a Planned Parenthood clinic as the coffee shop next door, and kept the record.
But what is Google supposed to do? It thinks you went to the coffee shop because location data isn't perfect. Sometimes it labels something adjacent and sometimes it doesn't label anything at all.
The feature seems to be working as intended, and if you want more privacy then just turn your timeline history off.
[1] https://www.washingtonpost.com/wp-apps/imrs.php?src=https://...