Google Tracks Its Users Even If They Opt Out of Tracking

Google is tracking you, even if you turn off tracking:

Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored."

That isn't true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like "chocolate chip cookies," or "kids science kits," pinpoint your precise latitude and longitude ­- accurate to the square foot -­ and save it to your Google account.

On the one hand, this isn't surprising to technologists. Lots of applications use location data. On the other hand, it's very surprising -- and counterintuitive -- to everyone else. And that's why this is a problem.

I don't think we should pick on Google too much, though. Google is a symptom of the bigger problem: surveillance capitalism in general. As long as surveillance is the business model of the Internet, things like this are inevitable.

BoingBoing story.

Good commentary.

Posted on August 14, 2018 at 6:22 AM • 55 Comments

Comments

RussellAugust 14, 2018 7:22 AM

"surveillance capitalism" seems a novel, ideologically-oriented term. How does that new term help people understand Google-top-management specific business philosophy... and market economies in general?

wiredogAugust 14, 2018 7:49 AM

I heard the story and my reaction was "This is news? You just go into all the various settings and turn off location tracking in all the apps." Then I learned that most people don't realize that. I don't know how I knew that, except that I've been reading this blog since it was just an e-mailed newsletter, so I know to look in the nooks and crannies for those settings. I also know that to be truly safe from this sort of thing I need to turn the phone off.

echoAugust 14, 2018 8:26 AM

Oh, joy...

I have also noticed post GDPR a lot of websites (mostly via Flipboard on Android) are asking cookies permission. There is a big fat Ok to everything button and if you disagree you are often repsented with a multi option selection in some cases needing to untick every permission which are usually marketing orientated. I have discovered at least one site via Flipboard which has a blanket ban on EU based readers.

A lot of these companies actually need to take a step back and read the legislation because it doesn't mean what they believe it does and is very definately actionable.

I'm not sure who these managers or lawyers are ceatign this mess but am going back to "too much testosterone in the room" as a reason.

TimHAugust 14, 2018 8:33 AM

The issue is when companies have tracking data, subpoenable or otherwise exportable, that the users think that they have EXPLICITLY disabled. The case here.

It's a red herring that cell triangulation provides location data. There's no dishonesty about that. A sliminess that it is kept for longer than necessary for billing, but no pretense that it's not there for ever.

Sed Contra August 14, 2018 8:47 AM

Just as there is no programming problem that cannot be solved with one more layer of indirection, so there is no surveillance capitalism problem that cannot be solved with one more level in the deeply nested end user agreement.

PeteAugust 14, 2018 8:59 AM

Seems we need laws with teeth to prevent unwanted tracking and data collection without explicit approval.

Periodic, mandatory, re-validation of that tracking approval is needed too. I might be willing to be tracked for a month at the beginning of using an app, but that doesn't mean I desire to be tracked for the next 3 yrs until a new device is purchased. Monthly, quarterly or at least annual re-approval is needed.

LAugust 14, 2018 12:13 PM

@Bruce

"Surveillance is the business model of the Internet" because of the fact that the majority of consumers "don't think we should pick on" the companies that actively adopt this business model "too much".

If people really cared about their privacy, things like this would still be inevitable, but perhaps much less common.

WoAugust 14, 2018 2:09 PM

@L

Everyone cares about their privacy as they display in their every day habits. People still wear clothes as they go outside. Still close curtains at their house. Don't tell colleagues about genital warts. Don't tell their children that they may not have a home next week if temp work dries up.

It's absurd to claim people don't care about their privacy when their privacy is largely violated with constant beacons of invisible light sending data to servers who, in turn, often sell the data to unknown third parties.

What we have in tech is an industry that manufactures consent with lack of transparency and deception and frequent redefinition of colloquialisms.

uh, MikeAugust 14, 2018 3:02 PM

Keeping a minimized internet footprint is the best revenge.
I closed most of the accounts that sent me privacy messages,
and I eschew discretionary services that want my identity,
like weather and stock reporting sites.
I also delete old emails. Breaking into my email will not reveal much of my history.
Be a rodent among dinosaurs.

Jon (fD)August 14, 2018 3:30 PM

@Wo

Wait, people still wear clothes as they go outside??

Oh damn, I've been doing it wrong. Never mind! ;-)

J.

lurkerAugust 14, 2018 3:42 PM

@ wiredog, @ John
Android phone? Turn off location features in system "Settings", and for each app. Put the phone down for a few minutes, then go to Settings> Manage Apps> Running Apps. See Google [Play] Services, or Google Services Framework, or some-such? Click on it to examine what services are running: Google Location Service is chugging' away there in the background. You can try to kill it, it just bounces back. Caveat, I've got a nasty Chinese brand device. Disabling Google Services Framework, or Uninstalling Updates causes a whole slew of other apps to moan about needing to update it, for reasons other than Location.

Penny-pinching causes me to switch off Data Service until the times I actually need it. When I switch it on, I sometimes wonder what is really in those several hundred bytes of data that flow immediately. DNS? The telco has my location from the cell-tower...

Bob Dylan's Tummy GrumbleAugust 14, 2018 4:24 PM

@Bruce is criticizing surveillance capitalism and appropriately so. Yet over the years I have come to be bothered by the response to the problem which I have come to call "Privacy Capitalism". All I mean by privacy capitalism is the idea that if companies like Google and Facebook are making a profit from openness then privacy capitalists are making profits from selling privacy. The company that prompted this view is Proton Mail. Proton Mail is privacy capitalism's poster boy. Proton Mail's entire business model (along with all VPNs ) is that it is some kind of "good capitalist" while Google is a "bad capitalist" and Proton Mail plays the role the white knight.

IBM Resilient also fits under the rubric of privacy capitalism.

WeatherAugust 14, 2018 4:45 PM

True,but what coconuty or system you live in,a VPN needs more data,cost the people that need it can't afford the data,but there is twice the info or more if you can process it than is display, but the war hawks at American is not the issues, I gave a example of 100tb down to 200 bytes approx, but it was serial and it traded space for i NFO,if you had a file it might shrink it down to bytes,but it would take serial coding to brink it forwards, if 95% of the chance got squeshed down to 300bytes from a 1tbye file,you would have to trade that for processing power,in serial,it still ppm but you have to trade,enought of this post,the other can shred a light

justinacolmenaAugust 14, 2018 5:14 PM

And some searches that have nothing to do with location, like "chocolate chip cookies," or "kids science kits," pinpoint your precise latitude and longitude ­- accurate to the square foot -­ and save it to your Google account.

That's right. The excuse, once again, is that it's "for the children." It's a total red-light district, and they really push the "adult" products and services, and keep the "target" away from children under threat of arrest for criminal trespass, loitering, etc.

It's like some pimp in a back room somewhere has you registered as a sex offender while he somehow bails himself out of all those charges of drug dealing, stalking, rape, sexual assault, promoting or compelling prostitution, and what not.

RGAugust 14, 2018 6:35 PM


Please understand that those within the industry need to tread lightly.

Lets look Google ulterior motives from their perspective. They are getting desperate as Amazon chips away at their advertising cash cow. Inexpensive quality Chinese Android phones are for sale in The West sans Google spying[1]. Europe’s and CA GDPR laws. Won’t you please please help me?

Probably 98% of the public thought they had disabled location tracking.
The highlighting of Google’s clever multi-step/page/account deception offers perfect timing as the big-data corporations quietly meet at the White House to ‘protect privacy’. 80% of California citizens supported their new privacy law. I’d expect then same figure at the national level.

Now its seems EVERYONE in the USA is on to them. There is a remarkable MSM coherence in reporting the deception and solution. Everyone can see the bs design.

Simplify the Issues
Why do I need to create a Google account and agree to their invasive all-or-nothing privacy policy?
Because Google has locked the carriers into forcing their surveillance upon everyone.

Why aren’t ALL the privacy controls for the device local to the device?
Snicker...to monetize the clueless fools

Why can’t the consumer choose what software to include and exclude through a simple whitelist (local to the device)?
Fair level transparent playing fields are not allowed by our secret contracts Every step of the octopus is designed to further lock everyone in forever (starting at kindergarten with Google Classroom).

Has anyone ever viewed the explicit data Google has on them?

There really are no issues except the will and determination to battle the smartest, richest crafty engineers on the planet.
Widespread knowledge of deliberate obstacle course methods enabling limitless mass surveillance may be coming to a close[2]. Europe’s GDPR leads the way.[3][4]

[1] For the best media streamer try Zidoo
[2] That is once the old men in Congress learn how to use a computer. /s

[3] GDPR commerce regulations are of zero defense against nation state data-mining. From a national security perspective The West needs tough criminal laws to protect against transfer of Silicon Valley sensitive personal data to China. The fear is it will not come back as tailored advertising but rather individualized Cyber ‘Bombs’ meant to wreck careers, families and institutions.

[4] Eternal Cyber Blackmail
Imagine if EVERYONE had their own Steel like dossier published with unverifiable half-truths (you were with a prostitute in this city on this date in this room). Impossible to defend against. However we will not publish (to your contacts, employer) IF you submit to our terms...
#MeTooCyberBomb

Michael August 14, 2018 10:40 PM

“On the one hand, this isn't surprising to technologists. Lots of applications use location data. On the other hand, it's very surprising -- and counterintuitive -- to everyone else. And that's why this is a problem.”

No. That “this isn't surprising to technologists“ is the problem, because it implies that the people who are most capable of fighting this have already given up.

Clive RobinsonAugust 14, 2018 10:53 PM

@ Wo, et al,

Everyone cares about their privacy as they display in their every day habits.

Actually they do not. What they care about is,

    The privacy life has made them aware of.

That is the privacy caused by social convention and of hurt/embarrassment at the time or shortly after their risky behaviour.

From a very early age humans learn from "hurt" be it physical or emotional, as we get older we have the empathy to learn from others pain[1]. That is we are in some respects "the sum of our scars".

What people DO NOT CARE about, is all the other privacy they have lost because they "DO NOT SEE" it and "DO NOT FEEL IT" at the time or yet. So they continue in risky behaviours, and even justify them with the "nothings ever happened to me so it must be safe" etc view point... You see it with those who have any one of hundreds of addictive habits or careless behaviours.

But it gets worse, in general people who go the "extra mile" to protect their privacy are encoraged to be seen as "nut jobs" or "conspiracy theorists" and others less cautious tend to shun them because they think they are not trustworthy or "buzz-kills" or similar negative emotional view points...

To get people to act in their own best interests they have to SEE and FEEL in a TIMELY manner the hurt/embarrassment. In a way that not only gets home to them that there are significant risks they don't see, but more importantly gets them to act.

As we know people have a habit of taking the "least resistance" path. Thus they will often fail to act if there are "little barriers" put in their way. Which is why these data hovering mass surveilance companies "opt you in" then put lots of complex forms in the way to stop you "opting out".

It's a well known problem and why you get to hear a lot about "auto enrolment" for "organ harvesting" if you suffer a serious --but not necessarily fatal[2]-- accident...

There should never be "auto-enrolment" in systems that could cause you harm, but we have them because of the myth of "the greater good". That is others decide you should become a victim because somebody you do not know judges you unfit / unworthy / unprivileged in some way, or just cannon fodder or cattle to be harvested...

The one thing you can be sure of with any "auto-enrolment" system is that those running it will at the very least try to prevent you from finding out in stark reality the potential or actual "down sides", especially if it's in their interest you remain "unknowing". But as the old saying has it,

    It's next to impossible to persuade people that their view point is invalid, when their income depends on it being treated as valid

It's why we need preventative legislation as a society, and why those with invalid view points spend so much on lobbying the legislators to get their way.

[1] Unfortunately shortly after starting to feal empathy we also start in on much riskier behaviours of the "teen years". We start in on the "blaim the victim" behaviours of, "They got hurt because they were XXX, that won't happen to me because I'm YYY". Where XXX is something like daft / stupid / etc and YYY is the opposit such as smart / clever / etc. In short self delusion, that can persist after the hurt with "This should not have happened to me I'm YYY" shortly followed by other equally as silly thoughts such as "This happened because of ZZZ" where ZZZ is another person or entity assumed to be capable of independent action.

[2] Nobody realy knows when you are alive in body but not in mind, thus ripe for organ harvesting. The judiciary quite rightly back as far away from it as they can. Whilst some in the medical proffession talk of "permanently vegitive states" they actually have no way to say what state you are in and if you will remain in it or not.

CassandraAugust 15, 2018 4:45 AM

@Clive Robinson

The old saying is actually Upton Sinclair in his book "I, Candidate for Governor: And How I Got Licked (1935)"

The actual quotation is: "It is difficult to get a man to understand something, when his salary depends upon his not understanding it!"

Details sourced from from Wikiquote.

Cassie, hoping you are well.


CassandraAugust 15, 2018 7:31 AM

@Givon Zirkind

The more interesting questions are: who is working to stop surveillance capitalism, how likely are they to succeed, and if one wishes to, how one could help.

Obviously, knowing the origins of, or the roots of, the problem can potentially help in illuminating a path to solving the problem, but it isn't always necessary, and can, at times, be a positive hindrance if one becomes enmeshed in arguing the minutiae of history.

For example, it isn't necessary to know the precise origins of slavery to be against it.

Cassandra

PeaceHeadAugust 15, 2018 9:01 AM

In any Mozilla and/or FireFox (or perhaps Gecko) browser,

type about:config into the URL field (address box) and hit .
Then in the search field, type "geo" (or any other word part you are looking for, such as "http" or "udp" or"mmtp" or "privacy" or "mibbit" etcetera.

You will find a lot of results for geolocation stuff when searching for "geo". You can edit those and change them to different boolean values or different string contents.

The more you search for character strings, the more you will see that Mozilla/Gecko/FireFox style browsers have been stabbing us all in the back regardless of whatever extensions are installed.

You will also find tons of interactions with "google" websites of a great many varieties.

To make matters worse, most other browsers aren't any better. FireFox happens to be one of the best of the worst.

Online privacy is an effing joke.

Tablet and smartphone apps are even worse because you can't typically even configure them as much as on a computer and they are already highly targeted by hackers and malwares.

(yeah I said I wouldn't post for a month, but hey, i thought you guys would want to know this stuff)

May Peace Prevail Within All Realms of Existence

Sed Contra August 15, 2018 9:48 AM

I’ll be down with it, provided a law is passed that all surveillance data they acquire is posted in real time on a globally accessible bulletin board.

Gerard van VoorenAugust 15, 2018 10:26 AM

The real question, now that this is all "in the open", is what is Google doing with this? My guess is "playing" the waiting game, but of course they could be "all good guys" and just fix it for once and for all. Because they *are* responsible, aren't they?

JackAugust 15, 2018 3:21 PM

Google.. Who really pwons that company? What they are doing is any SIGINTE-services wet dream.

Clive RobinsonAugust 15, 2018 4:19 PM

@ Cassie,

hoping you are well.

I'm hopping along as usual when the big toe reminds me it's there :-o

Thanks for the original quote, it seems the older I get the more I have to remember[1].

I was once given a book of quotes, but they were way to "high brow" and some were in French and German. To be honest the only people quoted in there that I knew were the obvious Churchill, P.T. Barnum and Ben Franklin. But... none of their fun / risque ones, just the dull ones :-(

So saying one P.T. Barnum quote I know did make it,

    The noblest art is that of making others happy.

Which is a nice thought B-)

[1] At least the one I've had attributed to me here is easy to remember "Paper, Paper Never Data". Though the way paper is going out of fashion with the young it might be more short lived than me :-S

lurkerAugust 15, 2018 7:45 PM

Mozilla/Gecko/Firefox style browsers…
All part of the plot: your SecretSquirrel non-caching browser is frowned-on|banned by your bank|utility-co. Tinfoil hats are now an item for collectors of antiques.

EstebanAugust 15, 2018 8:27 PM

It should be security marketplace. They sell your information. Capitalism is an economic system. Your security and privacy can be bought and sold in any marketplace. It doesn't require capital. Just government employees willing to look the other way. So why muddy the waters by implicating capitalism? Because that is political and expedient. Only the ignorant attempt to impose the alternative. Or the power hungry.

BillikinAugust 16, 2018 10:39 AM

Don't like "surveillance capitalism"? How about Big Brother?

Remember, Big Brother loves you. ;)

Bong-Smoking Primitive Monkey-Brained SpookAugust 16, 2018 12:35 PM

@Billikin:

Remember, Big Brother loves you. ;)

That kind of love can be given only by a big mother ;-)

I wonder what it'd be like if Big Brother® disliked us! Show me some love!

Does He Have a PhDAugust 16, 2018 6:18 PM

Is anyone surprised by this?

How many here actually think Google will not track you if you do all the things mentioned in the blog?

WoAugust 16, 2018 11:14 PM

@Clive Robinson

> What people DO NOT CARE about, is all the other privacy they have lost because they "DO NOT SEE" it and "DO NOT FEEL IT" at the time or yet. So they continue in risky behaviours, and even justify them with the "nothings ever happened to me so it must be safe" etc view point... You see it with those who have any one of hundreds of addictive habits or careless behaviours.

If someone doesn't observe a sacrifice in privacy, it's absurd to claim they don't care about it. If they, in full knowledge of the risks, still made the same choices, then that'd be another matter entirely.

Ignorance is not the same as uncaring.

As it stands, even the experts have trouble keeping track of what big companies do with your data and how they redefine colloquialisms every few years to allow them to collect your, say, location data while claiming you permitted it (despite explicitly denying collection of location data).

> As we know people have a habit of taking the "least resistance" path. Thus they will often fail to act if there are "little barriers" put in their way. Which is why these data hovering mass surveilance companies "opt you in" then put lots of complex forms in the way to stop you "opting out".

And don't forget lack of transparency with what they do with your information in the back end and WHOOPS the most trustworthy surveillance tech company Google pulled a Microsoft and started drawing a distinction between GPS data and cell tower triangulation data in terms of user opt outs.

You know, there's a category of privacy violations Bruce rarely touches on that I've found at the Freedom To Tinker blog a while back - academics getting ISP DNS logs for their research and providing the results to commercial vendors. While the research was on how to identify phishing domains, it was also a gross privacy violation without any meaningful way to get consent from those impacted.

Seems to me that when gaining consent is too difficult for academia, they just do their research without consent when the data is still available.

(required)August 17, 2018 12:47 AM

If the data is available it's available whether it's academia crunching it or someone less noble.
Any academic product worth its printed sand would sanitize their data for privacy purposes.

"it was also a gross privacy violation without any meaningful way to get consent from those impacted."
- But security and privacy are not rights. They should be, but they are not. They are FIATS.

NoOne ReallyAugust 17, 2018 1:22 AM

Maybe Bruce is referring to the notion of market imperfections? That is not a criticism of market economy (I prefer the term since the term "capitalism" is a Marxist term and Adam Smith occurred before Marx so to speak. Enough of that, though).

The problem at hand is that known and usually regulated market shortcomings have remained unregulated. Google is to a large degree a monopolist (95% of searches on the www is done thru Google). That’s a market failure. Usually such market failure are corrected with legal means i.e. anti-trust laws. For some reason those laws have not been brought to bear on Google et al. Why, I do not know. But that’s a big root cause.

Another market imperfection in the context is the uneven distribution of knowledge; consumers do not know what usage of these often "free" services really cost in terms of consequences.

Read more about the economic background of market imperfections here

https://en.wikipedia.org/wiki/Market_failure

Only a very fast search...using Google by the way...

Cheers

WoAugust 17, 2018 2:15 AM

> (required)

Not meaningfully, no. In order to maximize the usefulness of the data, their version of privacy was changing the first two octets of each querying IP to two junk octets (but consistent and linkable across disparate data sets).

Please don't fall down the same trap that countless people who put us all in this privacy mess did - by trusting the people who say "oh we have a privacy policy! It means we care about your privacy! You can trust us".

The existence of bureaucracy doesn't say a goddamn thing about its efficacy and academia review boards are too filled with octogenarians who don't know enough to know when to tell their less-than-ethical students "no".

(required)August 17, 2018 2:29 AM


@wo

"Please don't fall down the same trap that countless people who put us all in this privacy mess did - by trusting the people who say "oh we have a privacy policy! It means we care about your privacy! You can trust us".

Well I don't. You're right, the implementation is as good as it actually is, period.
I don't astroturf for "them" nor am I vouching for "their" trustworthiness to do so.
I'm saying if they can access that data, others probably can also.

Where there is a profit model to do so rather than an academic model, I'd expect it.
Having a privacy policy is leaps and bounds ahead of that threshold.

Yes people can be impacted by work products of academia, it must be mitigated.
Implementations vary. In practice is that the real threat most people should worry about?

WoAugust 17, 2018 1:19 PM

@(required)

"I'm saying if they can access that data, others probably can also."

They solicited the info from a system admin who worked for an ISP that served a major city.

Their barrier to getting the info was convincing that one person to give up a copy.

"Having a privacy policy is leaps and bounds ahead of that threshold."

Most of the time when I see a privacy policy, I see it as a heads up that I'm about to be stolen from. Privacy policies keep popping up in places that have no business being in a position to need a privacy policy to begin with.

"In practice is that the real threat most people should worry about?"

Since when is it a competition?

If the expected outcome of the research was all that was necessarily to justify collecting the data, we'd be mandating DNA collection and contribution from the entire populace. And it's not a far cry to make a very similar National Security oriented argument to justify a whole host of other privacy violations.

Ends don't always justify the means.

PeaceHeadAugust 17, 2018 9:40 PM

'Tis ironic that just to submit this comment, it seems browsers are required to utilise a Google internet software. When I block google content, I can't post to this site. I assume it's that way for most of the rest of us. 'Tis very very ironic.

I don't use Google for any searches anymore, but Google sure has a heavy footprint upon the entirety of the non-dark web.

Peaceful coexistence is an unalienable entitlement of all sentient beings. And it is also an unalienable human right of all people everywhere. Those who prefer otherwise guarantee themselves to be threats to all civilisations worldwide at all times.

David, OregonAugust 22, 2018 5:18 PM

@Nancy

I have to chuckle a bit at your comment "read paper maps again" as I am one of those folks that really enjoys real maps and think them much better than maps via a browser, at least in some situations. Now, tying the map to satellite images really is the thing that makes browser based maps worth it. I was using ExpertGPS for that purpose (over dial-up!) well before Google and others provided the satellite images.


TRXAugust 23, 2018 4:03 PM

> Short of chucking your phone into the river, shunning the internet, and learning to read paper maps again, there's not much you can do to keep Google from collecting data about you.
---
Nobody's making you use Google or its apps. Or Apple and theirs.

My current provider (Verizon) is definitely evil, but other than call logs and tower triangulation data, they have nothing on me they can sell. They can't turn my phone's microphone on, get GPS data, monitor my internet traffic, or redirect my DNS lookups.

There's a loss of convenience, but hey, a man needs a hobby. I don't have anything to hide, but that doesn't mean I'm okay with being spied on.

[why yes, I do have and use paper maps... and a proper map blows Google Maps or MapQuest away, at least if you know how to read a map instead of following "Simon Says"...]

JimAugust 24, 2018 12:47 PM

"I don't think we should pick on Google too much, though. Google is a symptom of the bigger problem: surveillance capitalism in general. As long as surveillance is the business model of the Internet, things like this are inevitable."

Yes, but Google is the very worst, by far. Just one example: Browse with Firefox, with a script blocker installed, such as NoScript. As you go to any website, click the NoScript button to see what is being blocked. You will find that just about every web site you visit has Google scripts running in the background, collecting data on you. Even banks are running Google scripts in the background. No one else comes anywhere near Google's reach when it comes to spying on people wherever they go on the web.

People complain about Microsoft's telemetry. But you would be hard pressed to find ANY non-Microsoft site running Microsoft scripts in the background.

NameOctober 4, 2018 4:21 PM

"Usually such market failure are corrected with legal means i.e. anti-trust laws. For some reason those laws have not been brought to bear on Google et al. Why, I do not know."
https://en.wikipedia.org/wiki/Positive_feedback
Positive feedback is a process that occurs in a feedback loop in which the effects of a small disturbance on a system include an increase in the magnitude of the perturbation.

"uneven distribution of knowledge"
asymmetric warfare

"Peaceful coexistence is an unalienable entitlement of all sentient beings. And it is also an unalienable human right of all people everywhere. Those who prefer otherwise guarantee themselves to be threats to all civilisations worldwide at all times."
Home sapiens suffers from an overabundance of unneutralized psychopaths.

NameOctober 4, 2018 4:27 PM

Obviously, China's government implements 'capitalism'.

"surveillance capitalism" is still "identity theft"

NameOctober 4, 2018 4:30 PM

"who started surveillance capitalism"
Not bbs, compuserve, or aol.
Telespammers prefer phone numbers that "pick up".

Was Referer header the earliest spying built into browsers?

"you would be hard pressed to find ANY non-Microsoft site running Microsoft scripts in the background."
Microsoft Telemetry doesn't require "internet software" running.

NameOctober 4, 2018 4:33 PM

Facebook
Many websites inject facebook bugs. 1990s web bugs relied on referer to track page url. Facebook bug of course induces referer, but also is an url that incorporates the page url. A faked example:
hxxps://feceb00k.com/spy.php?url=www.schneier.com/blog/archives/2018/08/google_tracks_i.html

Google
"Has anyone ever viewed the explicit data Google has on them?"
I assume javascript collects, then browser encrypts and sends to google.

"When I block google content, I can't post to this site"
I see regular href links to domains other than schneier.com Turn off prefetch in browser prefs.
Quickly scanning viewsource, my eye doesn't see google or any domain besides schneier.com inside head /head or in the script /script of this page.
It's nonetheless possible for the page to collect data to the site, then the site server to send that data "independently" of the web page.

NameOctober 4, 2018 4:35 PM

Phones and apps
i disable my phone's location feature.
keep the device in aluminum or steel case? saucepan with lid? foil-lined fannypack - or aluminized paint on interior fabric?

"enjoys real maps and think them much better than maps via a browser"
There might be an app that reads stored (updated) map database files. I asssume older GPS devices used stored data.
Openmaps?

Nobody's making you use Google or its apps. Or Apple and theirs.
From my accumulated reading, thus unreliably accurate:
Smartphones:
a. I think you could isolate your android or ios device by forcing it through a local proxy (a router distro with filters?)
b. Install an open-source alt OS, but ARM devices tend to need firmare/flash OS built specifically for the hardware. (See xda-developers, dd-wrt, etc. However, chrubuntu.)
Perhaps non-smartphones cannot connect via the internet, but I suspect cellular transmissions have been 'hacked' to carry data.

NameOctober 4, 2018 4:39 PM

Browser Preferences
Geo prefs: You can edit those and change them to different boolean values or different string contents.
Firefox saves about:config and Options changes into a prefs.js text file, in profile. (Help > Troubleshooting Information. Eighth row/line. Profile Folder shows location on computer)

Optionally, create an empty user.js text file, then copy the pertinent prefs from prefs.js See kb.mozillazine.org
However, thruogh the years of versions, mozilla creates new prefs, and extinguishes prefs.

Seamonkey, palemoon, k-meleon, thunderbird...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.