Google and Our Security and Privacy – Blue Pill

Welcome! Happy, you took the blue pill! This is going to be so much easier, for both of us. In this post, we are looking into how Google treats our privacy and security.

Before we dive in, a heads-up:

The good news: Google is very transparent what data it collects from us and how they use and secure it. Every bit seems well documented.

The bad news: Google is collecting a lot of data. So this overview will take some time to digest.

The new news: Last night, right before I wanted to click the “publish” button for this post, I received an email from Google with the subject “Improvements to our Privacy Policy and Privacy Controls”. I will cover this in the “Whats coming” section.

Let’s get moving …

Note, below table of contents will help you to quickly orient yourself and navigate through this post.

[toc]

Why this topic, here and now?

Smartenlight is about smart home and smart assistants. This intimate area at home is where we long for security and privacy. But are we also cautious, which companies we invite to our homes?

The topic “privacy” is nowadays all over the media. Companies collecting our data, sometimes even without our consent, companies making money with our data. But also companies, who supposedly do not care about our data, because they simply have a different business model. After checking Apple’s approach to security and privacy, we are looking now into Google’s. Amazon’s will follow.

Hopefully, this awareness will inspire us, to also check the privacy policies of all the smart home devices at our homes.

How do we get there?

We will look into Google’s “light privacy version”, an overview Google gives us. This expands into a quite lengthy overview, which goes deeper and deeper since Google is very transparent about the “what” and “why” they collect our data, and also thorough in giving us tips to protect our privacy.

We will highlight the services required to have our Google Homes working and what Google has planned for the 25th of May 2018, when the new General Data Protection Regulation (GDPR) kicks in.

Finally, we will wrap up our findings in a conclusion.

Sounds long? It is. But since it’s such an important part of being online and using our Google Homes, I will try my best to keep you awake.

Google privacy overview

“Every day, data makes our services work better for you. That’s why it’s important that we keep it private and safe – and put you in control.”

Most of the Google services are free. The data Google collects is used to improve the Google services for us.

Overview: “Every day, data makes our services work better for you.”

The cute, animated introduction is there to remind us of the benefits we get from giving Google our data:

  • Data gives you answers to your questions — just when you need them.” We will always know, whether we should take our umbrellas with us. Good to know!
  • It helps you find the right words to say, in any language.” – Google Translate helps us to communicate in languages we don’t speak. It’s an amazing technology, which can connect people, who otherwise would not be able to communicate with each other.
  • “And gets you from A to B…to C, right on time.” Google maps give us transport information taking real-time traffic into account. A perfectly helpful feature, we would not like to miss.
  • It helps you discover that video that makes you laugh out loud — or your new favorite song.” Youtube Search and Google Play Music! No other platform can offer us this depth of personalization. Remember, our Google Music post? Google knows when we get to the gym and will play workout music automagically! Google is even so smart, that we can merely describe an album cover and it will find and play it.
  • And helps find everyone you care about in every photo you take.” Google has amazing AI technologies, which help us to organize our memories. The photos of us, our kids, or pets, well sorted!
  • It’s personal. That’s why we protect your data.” Google uses the most advanced technologies to protect our data.

Your Data: “Our commitments to your privacy and security:”

“We want you to understand what data we collect and use.”

Google understands it as their responsibility to make clear what data they collect from us, and how they use it to improve their services.

  • Things you do“: What we search for, the websites we visit, the videos we watch, the Ads we tap, our location, our device information and our IP address and cookie data are being collected.
  • Things you create“: The data we create and store in the cloud, like emails we send and receive on Gmail, the contacts we add, calendar events, photos and videos we upload, docs, sheets, and slides on Drive, are being stored and protected by Google.
  • Things that make you “you”: Our personal data associated with our Google account: name, email address and password, birthday, gender, phone number, and country.

“How data improves Google services”

Google lists some examples, how they use our data.

  • How Google Maps gets you places faster“: Google tracks our phones location data and combines it with people around us to give us real-time traffic information. They do this anonymously for Google maps.
  • How Google autocompletes your searches“: Google is smart enough to correct our typos and suggest autocompletes that take our search history and interests into account. So we get better results, faster!
  • How YouTube finds videos you want to watch“: Google knows whats trending, they know our preferences, so they show us the best suggestions.
  • How Chrome completes forms for you“: Google saves us time when we fill out forms, by storing our data.
  • How Google Search helps you find your own information“: Photos, appointments, hotel reservations, what you have, Google connects all services to make it easier to find our own information, even in Google Search!
  • How your Google Assistant can help you get things done“: Now this one’s interesting, since we are into Google Home. Each of our interactions with Google Assistant is transparently stored in an activity log, which we can view from here.

Take Control: “You have the controls to manage your privacy.”

We are in the driver’s seat when it comes to our data. Here are the links which enable us to control our information stored at Google.

  • Control your privacy settings at My Account“: Here is where we can control, protect and secure the personal information in our Google account and decide, which type of data we give Google to improve their services for us.
  • See what data is in your account at My Activity“: our activity log shows us additionally to Google Assistant interactions, what we have searched, viewed and watched using their services.
  • Browse the web in private with incognito mode“: A cool feature where we can privately surf the web, without having Chrome remember our search history. There were cases, where media reported, that they found their Incognito history in the takeout (your takeout is coming in a bit), I cannot confirm this, my account is quite slim, though.
  • Manage your privacy settings with the Privacy Checkup“: This is a helpful link, where Google provides us a step by step walkthrough for all our settings.
    • Personalize your Google experience“: Here’s where we will review our activity controls, mentioned before:
      1. “Web & App Activity”: Our Searches and other Google activity. Required to be turned on for Google Home!

      2. “Location History”: Want to see on Google Maps where on this planet you have been? Check it out! Brings memories back to life …

      3. “Device Information”: Our device information, that is stored at Google. Required to be turned on for Google Home! 

      4. “Voice & Audio Activity”: Google collects the audio when we use Google Assistant on a device or Google Home to improve the speech recognition for us. Here’s the link to review what Google has heard.  Required to be turned on for Google Home!

      5. “YouTube Search History”: This improves the recommendations in Youtube and other Google services.

      6. “YouTube Watch History”: This is a setting for us to find the recently watched YouTube videos easier.

    • Help people connect with you“: We can decide here, whether we want to help people who have our number in their contacts to contact us across Google Services. There’s a separate setting where we can let them find our name, photo and other information. Much easier to keep in touch!
    • Choose what Google+ profile information you share with others“: If we are using Google+, we can specify here in detail which profile tabs are displayed to visitors and edit what others see about us.
    • Make ads more relevant to you“: You remember, Google finances the free service they offer us, with useful ads. Here we can fine-tune which ads we are interested in.
  • “Secure your account with the Security Checkup”: Now that we have configured our privacy settings, it’s time to check our security. Google’s security checkup displays us:
    • Our devices: If we see a device we don’t recognize, we can change our password from here and sign out from all devices, other from the one we are looking at this page.
    • Recent security activity: If there’s a sign in from a new device or change of some sensitive settings, we will get notifications from Google.
    • Sign-in & recovery: We see the different verification methods: usually our phone number, recovery email, and security question.
    • Third-party access: These are the apps which have access to our data. Google can categorize apps into different risk levels, according to the data they access.
  • “Decide what data is associated with your account”: This is another detailed view, which scrolls here to our activities.
  • “Control ads based on your preferences”: This scrolls down on above page to Ads Settings and leads from there to the actual Ads settings page, we’ve already reviewed before.
  • “See what data is in your account at My Activity”: this time jumping directly to our activity overview, which we have seen before.
  • “Review your basic account information”: jumping to the personal information section.
  • “Take your content anywhere with Download Your Data”: Here we can even download our data. I’ve done it, it takes depending on size hours or days. As mentioned earlier this is a copy of our data found in our activities, which we have already reviewed.

Your Security: “Your security comes first in everything we do.”

Google secures its services with the world’s most advanced security infrastructures.

  • “Encryption keeps your data private while in transit”: Our data is protected with multiple layers of security.
  • “Our cloud infrastructure protects your data 24/7”: Multiple, custom designed data centers who distribute our data in a way, that even in the case of fire or disaster, it will safely shift to secure locations.
  • “Threat detection helps protect our services”: Google continuously monitors its services to protect them from spam, malware, and viruses.
  • “We do not give governments direct access to your data”: Google never gives “Backdoor” access to our data. Period. No government agencies, worldwide, has direct access to our personal data. A team reviews all data requests and Google documents everything in their transparency reports.

“Security is built into all of our services

  • “Gmail encryption keeps emails private”: Google mail has supported encrypted connections since day one. Bad guys have a tough time to read our e-mails.
  • “Gmail spam protection filters out suspicious emails”: Sophisticated AI keeps 99,9% of spam out of our inboxes!
  • “Chrome automatically updates your browser security”: Chrome keeps it’s security technology automatically up to date, so in case some new threat occurs we are automatically safe.
  • “Google Play keeps potentially harmful apps off your phone”: Sophisticated AI detects malicious apps before they even reach the Play Store. If the AI is not sure about the safety of an app, member of the Android Security Team step in and check it.
  • “Google blocks malicious and misleading ads”: Every year a team of smart AI algorithms and live reviewers filters nearly a billion of bad ads, which would spoil our online experience.

“Top tips to help you stay secure online”

Here we get helpful quick tips to secure our personal data!

  • “Strengthen your sign-in”
    • “Create strong passwords”: We can make our passwords stronger by making them at least 8 characters long. When we create answers for security questions, we can use fake answers, which are harder to guess.
    • “Use unique passwords for every account”: We should not use the same password for different online services!
    • “Keep track of multiple passwords”: A password manager is a helpful tool. Google provides “Smart Lock” for free.
    • “Defend against hackers with 2‑Step Verification: 2FA is, as we’ve already seen in the Apple privacy post, a very helpful technology to keep others out of our account.
  • Protect your devices
    • “Keep your software up-to-date”: We need to make sure, that all our software is up to date. Vulnerabilities can be quickly exploited, the latest versions usually have a fix.
    • “Use a screen lock”: We should Auto-Lock our screens on all our devices!
    • “Lock down your phone if you lose it”: In case we lose our phones, we can remotely find and lock it from here: “Find your Phone”.
    • “Keep potentially harmful apps off your phone”: We have seen that Google scans apps before they reach the Play Store. Additionally, we should be careful with other app sources and give access to sensitive data only to apps we trust.
  • Avoid phishing attempts
    • “Always validate suspicious URLs or links”: We should never click on suspicious links and double check URLs so that we do not enter our sensitive data on a fake site!
    • “Beware of email scams, fake prizes, and gifts”: If it is too good to be true, there’s a high probability that it’s fake. Don’t believe those messages and never click on links or enter personal data!
    • “Be wary of requests for personal information”: Legit sites would never send us messages and ask us our passwords or financial information. We should always log in at the original sites with our original accounts rather than replying to same potentially fake messages or clicking those links.
    • “Watch out for impersonators”: If we get e-mails from people we know, and the content looks weird, eg they urgently request money, their account might be hacked. We should only reply or click on links once we verify that e-mail is legit.
    • “Double check files before downloading”: Even documents and PDFs can contain malware. We should open them through Chrome or Google Drive, which check the content and display a warning if something is wrong.
  • Browse the internet securely
    • “Use secure networks”: We need to be careful with public and free WiFi since our activity could be monitored. Chrome indicates in the address bar, whether a site is secure (e.g. https).
    • “Look for secure connections before entering sensitive information”: We need to make sure that Chrome displays a green, fully locked icon in the address bar before we enter any sensitive information in the web.

How Ads Work: “We do not sell your personal information to anyone.”

We have already seen, that much of Google’s business is based on ads. These ads help to keep the Google services free. Google does not sell our personal information (name, email, payment information)!

  • “We use data to make ads relevant”: Google tries to show us useful ads, based on the data we have reviewed. If we are signed in, this feature works across our devices.
  • “Advertisers pay only for ads that people see or tap”: When advertisers run their ad campaigns, they pay Google based on how the ads perform, never our personal info.
  • “We show advertisers how well their campaigns worked”: The performance reports, which advertisers receive, never contain any personal information. Our personal information is always kept protected and private.

“How ads work on Google services and partner sites”

Google uses data to show us useful ads.

  • “How Search ads work”: Google takes our current and past searches into account when displaying useful ads.
  • “How YouTube ads work”: Google uses our watch history and our current and past YouTube searches as a basis to define useful YouTube ads. These Youtube ads help to support the YouTube creators. We can skip many ads if we do not want to watch them.
  • “How Gmail ads work”: The ads we see in Gmail are based on the usual data, not the content of our emails. Nobody reads our e-mails to show us ads.
  • “How ads work on Google partner sites”: Many sites partner with Google to display ads. These advertisers show ads to certain “types” based on our information and data collected from our online activities, e.g. “25 – 34 year old males who are interested in travel.” Google might also show us ads, based on sites we have visited, e.g. we left red shoes in a shopping cart but decided not to buy them yet. No personal information, like name, e-mail or billing information is shared!

“Take control of your Google ads experience”

Again, we are in the driver’s seat when it comes to controlling the ads we see.

  • “Control ads based on your preferences”: In our ad settings we can fine-tune our interests to improve which ads are useful for us.
  • “Remove ads you do not want to see”: We can mute many ads, which are no longer relevant for us, closing them with an (X) on partner websites and apps. This is helpful in case we have already bought the car we were interested in.
  • “Learn what data we use to show you ads”: “Why this Ad” is a feature, which displays the reason, why you see an ad. This data is never shared with advertisers.

“Safer Internet: We help make the Internet safer for everyone.”

Google develops security technologies, which they share with other companies to improve the whole online world.

  • “Safe Browsing protects more than just Chrome users”: Google shares it’s Safe Browsing technology also with Apple Safari and Mozilla Firefox. Website owners are notified if their sites have security flaws.
  • “We use HTTPS to keep you safer while you browse the Internet”: Google ranks sites which use HTTPS – like smartenlight – higher, in their search results. HTTPS keeps your communication to a website encrypted.
  • “We create security rewards to uncover vulnerabilities”: Google invites independent researchers to find vulnerabilities in Google products.
  • “We make our security tools available to developers”: Google shares their security tools with other developers.
  • “We share data about our practices to foster a safer Internet”: Google publishes its transparency report which contains not only government requests for user data, but also copyright removals and statistics on security initiatives listed above.

What’s coming (to some of us?)

Finally the new news! Google just updated their privacy policy which goes into effect on May 25th, 2018. That’s the date when the new General Data Protection Regulation kicks in for EU residents. According to Google, the new version is much clearer, though nothing really changes in the way how Google services process our data. You will also find a couple of cute YouTube videos, which explain how Google services use our data. Here’s the original blog post from Google’s EMEA Director for Privacy Legal.

Conclusion

If you ended up here without reading the entire post, congratulations! You took the light blue pill, like the majority of us internet citizens do. The internet could not exist without us.

If you seriously skimmed through the whole post, thanks for valuing my write-up. I gave my best to summarize the overview and structure of Google’s current privacy information. This would take 3-4 times your time, if you do it directly on Google’s site and I still recommend to check it out – especially the updated version – and to run the Security and Privacy Checkups.

If you feel there’s something strange with Google’s current privacy structure, like for instance, the interesting parts come somewhere towards the end rather than in the beginning, you might be a “red pill” candidate. Re-consider, whether you picked the right pill. The updated privacy policy highlights some “features” which were not mentioned before. I will address this in the red pill post.

Google is an advertising company. Ads finance the free services we can use. Google collects a lot of our data and transparently informs us, what they collect and how they use it. We are in control, what data we give to Google. Our data is safe at Google.

You took the blue pill, there’s nothing more I can tell you here.

Everything is cool and life goes on as usual. Have fun!

Yours,

M.

Leave a Reply

Your email address will not be published. Required fields are marked *