Google Is a Bigger Privacy Nightmare Than You Think
Saying that “Google is a privacy nightmare” in 2024 probably isn’t telling you anything you don’t already know. It’s no secret that one of the largest technology companies in the world is gobbling up our data, with or without our consent, and using it in a variety of different ways, some of which you may find unscrupulous.
But Google still has an opportunity to shock: 404 Media has revealed details of six years of privacy and security reports contained in Google’s internal database. These previously unreported privacy incidents number in the thousands and have been reported to the company by Google employees.
The incidents vary in severity, and it’s worth noting that some of them only affected a limited number of users or were quickly resolved by Google. Overall, however, the collection of incidents shared by 404 Media today is as fascinating as it is disturbing.
Privacy Issues Affecting Children and YouTube Users
Many of these incidents affected children. One of the allegations states that Google exposed more than a million email addresses of Socratic.org users after acquiring the company, including those belonging to minors, and it is possible that the IP addresses and geolocation data of these users were also exposed. Another statement said that Google’s speech service recorded all audio for an hour, and the recordings included speech information from approximately 1,000 children; a filter configured to block data collection when children’s voices were detected did not work. And during the launch of the YouTube Kids app, the sound of children pressing the microphone button on their Android keyboard was recorded.
Other incidents also involve YouTube. Most notably, Nintendo’s YouTube account was slightly compromised after a Google employee was able to access its private videos. The employee then broke news that Nintendo was planning to reveal in an upcoming announcement, although Google says the incident was “unintentional.” YouTube also suggested videos to users based on videos that those people had removed from their viewing history, which is against YouTube’s internal policies. It is not clear why this happened. YouTube’s blur feature also left uncensored versions of images viewable, and videos uploaded as “Private” or “Private” had a short window when they were available for public viewing.
Leaked Waze URLs and Google Docs Links Revealed
The matter doesn’t end there. Other common privacy and security concerns include issues with Waze’s car-sharing feature, which has reportedly leaked both travel information and user addresses. Someone was reportedly manipulating affiliate tracking codes through AdWords (Google’s advertising platform at the time) by changing customer accounts; information about the raid on Google’s office in Jakarta appeared thanks to a warning from Google’s security service; and for a time, Google Drive and Google Docs on iOS treated the “Everyone with the link” setting as a “Public” link.
The most egregious incident, in my opinion, affected people who were not actively using Google services at all. The report claims that Google’s Street View feature decrypts and stores license plate numbers along with geolocation information. This is a pretty big mistake, Google. Not that any of us actually consent to Google photographing nearly every street in the world, but the company must censor identifying information such as faces, license plates, and, of course, where in the world were you when this happened? The Street View photo was taken. Don’t write it down.
To Google’s credit, the company told 404 Media that all of these messages were addressed and originated more than six years ago. Google says it’s part of the company’s process for reporting product issues: If an employee finds an issue, such as a privacy or security violation, they can flag it and send it to the appropriate department for triage. The company also said that some of these flags did not cause problems at all or were due to issues affecting third-party services.
Too big to avoid
Admittedly, all products and services, especially at the scale at which Google operates, have problems from time to time. No company creates a perfect system, and when problems arise, it’s how the company responds and what it changes to ensure the problem doesn’t happen again. However, it’s hard to be so understanding when it comes to a giant company like Google. The search giant owns a piece of all of our data in one form or another, so when one of their products has a problem, whether it’s revealing censored images, recording audio from users, or storing personal data using geolocation tags, it will affect a huge number of people.
It doesn’t even matter if you vow to stop using Google products forever: you can abstain from Internet-connected devices entirely and still have your license plate removed and stored in Street View. There’s no getting around it: Google is everywhere now, and we can only hope that they’re as prompt and thorough in protecting our data as they claim.