Google: “We Don’t Sell Your Data, We Just Monetize It”

· Andrew Orr · Link

One way to avoid the California Consumer Privacy Act is to claim that you don’t sell data. This is what Google has seemingly done.

Google monetizes what it observes about people in two major ways: It uses data to build individual profiles with demographics and interests, then lets advertisers target groups of people based on those traits. It shares data with advertisers directly and asks them to bid on individual ads.

As I tweeted yesterday, there is no difference between selling “access” to data and selling data “directly.” In both scenarios, people are products for advertisers. Although I’m sure lawsuits have been won and lost on lesser technicalities.

Google Search Reveals Private WhatsApp Groups

· Andrew Orr · Link

WhatsApp

Google indexes links to WhatsApp group invites that may be private, meaning people can find and join them.

Motherboard used a number of specific Google searches to find invite links to WhatsApp groups. Some of the groups appear to not be overly sensitive or for a particular audience. Many of the links on Google lead to groups for sharing porn.

But others appear to be catered to specific groups. Motherboard entered one WhatsApp group chat that described itself as being for NGOs accredited by the United Nations. After joining, Motherboard was able to see a list of all 48 participants and their phone numbers.

Gmail for iOS Integrates With Files App

· Andrew Orr · News

Google shared a blog post today in which it announced that Gmail for iOS will now support adding files from the Files app.

Not Wanting Surveillance Competition, Facebook Tells Clearview AI to Back Off

· Andrew Orr · Link

Last month, we got word that a company called Clearview AI helped law enforcement with its facial recognition technology. Now, Facebook and Google, which also use facial recognition, told Clearview AI to stop scraping images from each one’s website.

Ton-That argued that his firm’s work is protected by the First Amendment and also that Clearview doesn’t do anything Google doesn’t.

“The way we have built our system is to only take publicly available information and index it that way,” he said.

Ton-That added, “Google can pull in information from all different websites… So if it’s public and it’s out there and could be inside Google search engine, it can be inside ours as well.”

Google’s iPhone Security App Keeps You in its Ecosystem

· Andrew Orr · Link

Google updated its Smart Lock app on iOS to let iPhones be used for two-factor authentication. But it will only work inside Chrome. Now your only choices for Google two-factor authentication are this Smart Lock app, or a phone number (an insecure method). You can also use a physical security key but not an app like Authy.

After installing the update, users are asked to select a Google account to set up their phone’s built-in security key. According to a Google cryptographer, the feature makes use of Apple’s Secure Enclave hardware, which securely stores ‌Touch ID‌, Face ID, and other cryptographic data on iOS devices.

Update. So I made a mistake and you can use an app like Authy, but you first have to surrender your phone number to Google. Which I’m obviously loathe to do so I use a disposable number.

Google’s Project Understood Aims to Help People With Down Syndrome Use Voice Technology

· Andrew Orr · Link

Google started an initiative called Project Understood. It’s partnering with the Canadian Down Syndrome Society to ask people with Down syndrome help train its voice recognition algorithms to understand them better.

“Out of the box, Google’s speech recognizer would not recognize every third word for a person with Down syndrome, and that makes the technology not very usable,” Google engineer Jimmy Tobin said in a video introducing the project. Google is aiming to collect 500 “donations” of voice recordings from people with Down syndrome, and is already more than halfway toward its goal.

A worthy project.

Google Wants COPPA to Change so it can Keep Collecting Kids’ Data

· Andrew Orr · Link

The Federal Trade Commission is considering a revamp of the Children’s Online Privacy Protection Act (COPPA). Google wants to help them change the rules, and asked the agency to eliminate rules that categorizes anyone watching kids content online as actual kids.

In September, Google agreed to pay US$170 million to the FTC to resolve claims that YouTube violated COPPA by serving targeted advertisements to children under 13…After the FTC settlement, YouTube told creators that they would have to identify when videos are aimed at children under 13. When that happens, YouTube now turns off ads that rely on web browsing behavior and other targeting data, which earn more for YouTube and creators.

Why Teaching Privacy to Your Kids is Important

· Andrew Orr · Link

Kids lining up against the wall with smartphones

Siobhan O’Flynn writes about all the ways that companies like Google collect data from kids in violation of the Children’s Online Privacy Protection Act. It starts when schools increasingly turn to Google services in education.

Alphabet Inc. dominates child-directed and child-featured content online through YouTube Kids and has now colonized online educational spaces through Google Docs, G-Suite, Chromebooks and the associated Gmail accounts for children that are required for use. This means that Google’s access to children’s data spans entertainment (YouTube and YouTube Kids), search and purchase histories (via associated parental accounts), and educational sectors.

What Google Stadia Means for the Future

· Andrew Orr · Link

Alex Cranz reviewed Google Stadia, a game service where games are streamed to you instead of you loading them onto your device.

With Stadia, you can slip into a game typically found on a PC or console using almost any device. It makes you wonder why we’ve tethered ourselves to hardware for so long when the internet can give us all of that power at a considerably lower cost (and smaller energy bill). The problem is that Stadia rarely works perfectly. Instead, it offers us a glimmer of the future before crashing back down into the muddy present.

”It makes you wonder why.” Here’s why we’re still tethering ourselves: Because arguably you own physical copies of media like games, books, and movies. The “future” that Mr. Cranz’s headline alludes to is the Ideal Corporate World in which no one owns anything because it’s all a subscription.

If Your YouTube Account Isn’t ‘Commercially Viable’ Google Will Delete It

· Andrew Orr · Link

According to YouTube’s new terms of service, your YouTube account can be terminated if it isn’t commercially viable enough. The phrasing is broad enough that some people think this means Google will take action against people using adblockers.

YouTube may terminate your access, or your Google account’s access to all or part of the Service if YouTube believes, in its sole discretion, that provision of the Service to you is no longer commercially viable.

I’m personally not sure if that’s the case. You don’t need a Google account to watch YouTube, nor does Google need you to have an account for it to track you.

Google's OpenTitan aims to Create an Open Source Secure Enclave

· Andrew Orr · Link

Google wants Android phones to have a Secure Enclave chip like iPhones. Its OpenTitan project aims to help design an open source one.

OpenTitan is loosely based on a proprietary root-of-trust chip that Google uses in its Pixel 3 and 4 phones. But OpenTitan is its own chip architecture and extensive set of schematics developed by engineers at lowRISC, along with partners at ETH Zurich, G+D Mobile Security, Nuvoton Technology, Western Digital, and, of course, Google.

The consortium will use community feedback and contributions to develop and improve the industry-grade chip design, while lowRISC will manage the project and keep suggestions and proposed changes from going live haphazardly.

You can view the OpenTitan Github repo here, but it’s not fully fleshed out yet.