14 August 2018

Google keeps a history of your locations even when Location History is off


In a wonderfully clear example of “dark patterns” designed to mislead users and retain control over their data, Google continues tracking your location even when you turn off Location History and are told that “the places you go are no longer stored.” Google says it tells users, but its disclosure is the bare minimum and users are discouraged from further interference with data collection.

A report from the AP lays out the details, but the information will come as no surprise to anyone who has tried to fully expunge their location data, or who read the “dark patterns” report from June.

The problem is quite simple. When you turn off (technically “pause,” a choice of words in itself troubling) “Location History,” a major Google account-level setting, you are told: “With Location History off, the places you go are no longer stored.”

Yet many apps and services Google provides when Location History has been turned off, in fact, do record and store your location.

To be fair, this is explained, after a fashion, when you turn off location history (here): “This setting does not affect other location services on your device, like Google Location Services and Find My Device. Some location data may be saved as part of your activity on other Google services, like Search and Maps.”

Although it makes sense that checking the weather would require location data, it makes less sense that the data would be collected systematically, in direct contradiction with what the user has been told. It’s not exactly a deception on Google’s part, but rather what appears to be a deliberate understatement of the company’s other location tracking practices.

Not listed: that a precise location is recorded every time you interact with some apps and services.

That “some location data” as part of your search history is precise and organized, good enough to reconstitute a person’s movements over a few days, as indeed the AP reporters did; with Location History off, there was in fact a detailed history of locations stored with Google.

Google protests that you can turn off this location data collection as well — it’s just under a separate setting called “Web and App Activity.” Why is it there? Why are there multiple places? Why is the user not told that in order to truly turn off location history, there is a second setting that must be adjusted as well? Why is it assumed that the user will understand that location is also stored under separate headings of search and other services? It hardly need be said that this is completely inadequate as far as informing the user of how their data is being handled.

Further, it falls squarely under the concept of dark patterns. The user is duped into thinking that their locations are no longer being recorded by Google, down to a warning from the company that some services might not work correctly if Location History is disabled. Meanwhile location is still recorded silently and without notifying the user, for example, that such and such an action will produce a location record that will be saved, and giving them a chance to delete it or recall the action.

The deletion of these points, by the way, is one of Google’s other defenses: you can go delete them at any time. But deleting location history points was one of the main points of criticism for Google in the dark patterns paper, which found that hardly any of their testers could figure out how to do it. There are separate controls for different types of location collection, isolated from each other and each unaffected by the other’s deletion or restriction, but it is not explained why, or why for example some can be deleted in bulk but others must be done one by one.

This kind of confusing and underhanded, not to say malicious, practice is far from uncommon among tech companies, but this is a particularly indefensible one. Continuing to maintain a history of locations when a user has deliberately indicated their preference to have no such history recorded is simply ridiculous.

In a statement to TechCrunch, Google explained:

Location History is a Google product that is entirely opt in, and users have the controls to edit, delete, or turn it off at any time. As the story notes, we make sure Location History users know that when they disable the product, we continue to use location to improve the Google experience when they do things like perform a Google search or use Google for driving directions.

It’s easy to imagine a handful of minor UI or alert changes that would fully inform users of what is being recorded and when. A notification when a location is generated, for instance, or a link to the separate location tracking setting would be sufficient. But it is telling that not only is the interface the way it is, but the system has been designed the way it is: silently recording location in spite of user preference, with no way to opt out without compromising the service. These are both deliberate choices and the more such choices are exposed and questioned, the better off users will be.


Read Full Article

No comments:

Post a Comment