nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Euro consumer groups: We think Android tracking is illegal

DavCrav Silver badge

"Ironically, nudging and "dark patterns" of design were once enthusiastically endorsed by governments, legitimising the techniques of manipulation."

The government imprisons people as well, but this isn't legitimizing the idea of kidnapping.

Anonymous Coward
Anonymous Coward

And that's not even considering that every citizen has a voice in choosing its government in a democracy.

Comparing Google to Obama is weird, at best: he was elected, did two terms, then was replaced by somebody with a completely different agenda.

Google? Not so much.

Anonymous Coward
Anonymous Coward

>Comparing Google to Obama is weird

This is Andrew - he seems to have a hard-on against both.

Ian Michael Gumby Silver badge
Big Brother

>Comparing Google to Obama is weird

This is Andrew - he seems to have a hard-on against both.

And rightly so.

Both did 'evil' while claiming to 'do no evil'.

Anonymous Coward
Anonymous Coward

"And that's not even considering that every citizen has a voice in choosing its government in a democracy."

Tell that to the 52%

muhfugen

"And that's not even considering that every citizen has a voice in choosing its government in a democracy."

They actually don't. Since you're bringing up US politics, in virtually every election, the largest constituent has been those who have abstained as they thought none of the politicians were fit for office. Their voices are however routinely ignored by NPCs.

Anonymous Coward
Anonymous Coward

"And that's not even considering that every citizen has a voice in choosing its government in a democracy."

They may have a voice but seeing as Hilary Clinton got more votes than Donald Trump, it doesn't necessarily mean that every vote counts.

Anonymous Coward
Anonymous Coward

"Google invokes for personalised advertising (behavioural targeting)."

Google invokes for personalised advertising (showing ads for stuff you've already bought and places ytou already know about).

TFTFY

frank 3

And maps complains every 30s if you don't allow it access to body sensors and your phone contacts.

Google is taking the pish, so good to see this suit.

Throatwarbler Mangrove Silver badge

Do what I do

Take a screenshot of the error and then report it as a bug to the Maps team. Maybe they'll eventually get the point.

joeW

What version are you running? Maps has access to neither body sensors nor contacts on my phone and works fine.

Anonymous Coward
Anonymous Coward

Nor mine. I can see that in the manifest it may ask for Camera, Contacts, Location, Microphone, SMS and Storage. The only one it has asked me for so far is Location.

It hasn't bugged me once for any of the others yet.

IceC0ld Bronze badge

We think [Android] sry Google tracking is illegal

It hasn't bugged me once for any of the others yet.

===

YET ........................

Anonymous Coward
Anonymous Coward

Re: We think [Android] sry Google tracking is illegal

"YET ........................"

Well something that hasn't bugged me for 10years .....YET..... I can live with.

JohnFen Silver badge

Who'd have thought?

"At the heart of the complaint is that the user control of location tracking falls far short of what's required by the union's General Data Protection Regulation (GDPR)"

Who'd have thought that providing a control that claims to stop location tracking without actually stopping location tracking would have been objectionable?

Anonymous Coward
Anonymous Coward

There is no real option to turn off Location History once it has been enabled;

Utter horsecrap. It's configured on a per-device basis, and defaults to off. Whatever happened to fact checking before running with a story?

End of story.

Ken Hagan Gold badge

Re: There is no real option to turn off Location History once it has been enabled;

https://www.schneier.com/blog/archives/2018/08/google_tracks_i.html

Danny 14 Silver badge

Re: There is no real option to turn off Location History once it has been enabled;

did you even read your own title? whatever the default, switch it ON then attempt to switch it off. You cant as there is no off. It is either doesnt exist, on or paused.

Anonymous Coward
Anonymous Coward

Re: There is no real option to turn off Location History once it has been enabled;

If you are some paranoid nutter that cares about this sort of thing, then don't turn it on. If you do. You can permently pause it, and if you want to delete all the previously collected data, you can also do so. If only Apple did ANY of this. With iPhone location tracking, it's mandatory with no option to turn it off, it's part of using the iPhone agreement and used to improve apple maps, and the data may be shared with partners. Go read the apple privacy policy.

The Google settings are pretty reasonable, if you don't like them, don't use them. I find it handy for time billing. Knowing where I was when

big_D Silver badge

Re: There is no real option to turn off Location History once it has been enabled;

No, location history cannot be turned off on the device.

It is a setting of the user's account under Web and only available through the online account management through the web browser. And you can only pause it, you cannot turn it off.

If you turn off tracking on the phone, it does not affect location history.

Aristotles slow and dimwitted horse Silver badge

Re: There is no real option to turn off Location History once it has been enabled;

You are preaching to the wrong crowd brother. Seriously, if you are so utterly and personally inept at life stuff that you need Google to help you with this "I find it handy for time billing. Knowing where I was when" then you really do get what you deserve.

The rest of us... I think we'd be just as happy without all of the subliminal tracking and data slurping thanks.

katrinab Silver badge
Flame

Re: There is no real option to turn off Location History once it has been enabled;

The Anonymous Coward is talking utter horsecrap.

There are two location histories, you can only turn one of them off, and that makes no difference whatsoever to Google's ability to track your location history.

Peconet57

Re: There is no real option to turn off Location History once it has been enabled;

Sorry to say it BUT, all you are doing is just pausing the software, NOT stopping it. With Google you have no say with their software, it is in their terms and conditions. Basically there are no free lunches while Google is around.

Anonymous Coward
Anonymous Coward

Re: There is no real option to turn off Location History once it has been enabled;

To be fair paused=off in that sense. if it renamed it to off it would still do the same thing just have a different name. It doesn't automatically re-enable itself after a set period of time for instance.

Cynic_999 Silver badge

Re: There is no real option to turn off Location History once it has been enabled;

"

If you are some paranoid nutter that cares about this sort of thing, then don't turn it on

"

Paranoid? I may well want to use it for some things, but if you leave it on all the time it means that potentially anyone could get hold of your location history since you started carrying a Google device around with you. Maybe you think that's harmless - but what happens when your insurance goes up because they see that you regularly drive on statistically more dangerous roads, or visit places that are deemed a "lifestyle risk"? Or your employer can look to see where you went on that day you said you were sick (but really went to a job interview), or your nutty ex uses it to follow you around, or a burglar uses it to ensure that all household members a far away?

The correct way would be to leave it off unless I start using an application where I specifically want it to know my location.

Tomato42 Silver badge

Re: There is no real option to turn off Location History once it has been enabled;

yes, because being asked to enable it every fucking time you use an app that uses GPS is very convenient and totally not strong-arming the user to surrender their privacy /s

Warm Braw Silver badge

The user has no freedom but to consent

Possibly worth pointing out that there is a little message at the bottom of this page that says:

We use cookies to improve performance, for analytics and for advertising. You can manage your preferences at any time by visiting our cookie policy.

If you vist the cookie policy page, you'll find 7 separate places where you are told you may opt out, 3 of them belong to Google and some of the others seem merely lead to lengthy expositions of privacy policy with hard-to-find allusions to opting-out. And those opt-outs almost inevitably will involve other cookies being stored. So, kettle, pot, etc.

The real problem is that there still isn't any real alternative to advertising to fund Internet services and it's not clear people would want to use one that involved actual money. Perhaps leaning on Google over privacy might encourage them to find a way.

OhThatGuy

Re: The user has no freedom but to consent

The basic fault with all these "GDPR updated" cookie policies is that they are all still opt-out in best case and more often just some advise on how you can dive down into your browser's cookie mgmt to clean up after each visit. So it's a looong way to opt-in based on the GDPR grouping cookies. And we still have the old "By continuing [whatever actions] you consent to our cookie policy".

Some "4%" fines are really needed.

JohnFen Silver badge

Re: The user has no freedom but to consent

"The real problem is that there still isn't any real alternative to advertising to fund Internet services"

The real problem is the insistence of the ad companies to engage in ubiquitous surveillance as part of their business model. You can absolutely do advertising without spying on everybody, it's just less lucrative.

That said, if the ad companies cannot do advertising without spying, then I say let them all die. The internet got along fine before advertising, and it will get along fine (in very many ways, a whole lot better) without it now.

Also, the notion that it's "advertising or nothing" is a false choice. There is a whole spectrum of other means of raising revenue.

"Perhaps leaning on Google over privacy might encourage them to find a way."

That will not happen. Google's entire reason for being is to gather as much data as possible and use it to serve up ads. Saying that they might find another way is no different than saying that they might find a way to go out of business. Google is an advertising company, after all.

lowwall

That's not a real problem

They can still make their megabucks advertising. It's only the "personalised" advertising that would be curtailed. They get premium rates for such ads, but I'm sure they can figure out how to charge enough to keep the electrons flowing for ads based on currently deprecated data like the actual search phrase entered into google or maps.

Danny 14 Silver badge

Re: That's not a real problem

web ads? havent seen those in ages.

big_D Silver badge

Re: The user has no freedom but to consent

But it doesn't have to be targeted. To be honest, I've disabled all tracking on my devices - to the extent that I have around 45,000 tracking domains set to 0.0.0.0 (unroutable) in my hosts file and the quality of the ads hasn't suffered, in fact it has improved, I get random ads instead of ads for products I've already bought.

CrazyOldCatMan Silver badge

Re: The user has no freedom but to consent

That said, if the ad companies cannot do advertising without spying

Well - there's just been a case in France where the regulator found that how the ad industry collects and tracks information (and obtains consent to do so) is illegal under the GDPR because they bundle many services together under on banner so "informed consent" isn't obtained for each usage.

Which means that ad brokers and exchanges are, in fact, illegal[1] as currently constituted in Europe.

Which is a Good Thing(TM).

[1] Well - the data collection and retention is illegal. And without the data, the current methods of ad real-time-bidding doesn't work - so essentially, all the ad exchanges involved would go out of business. Which is a Very Very Good Thing(TM)

katrinab Silver badge

Re: The user has no freedom but to consent

"The real problem is the insistence of the ad companies to engage in ubiquitous surveillance as part of their business model. You can absolutely do advertising without spying on everybody, it's just less lucrative."

I'm not even sure about that. In the old days of dead-tree publications, there was no ad tracking, everyone saw the same ads. That was actually a lot more lucrative. People actually bought local newspapers etc to look at the ads, and if you had an advert in a newspaper, that meant you were a big trustworthy company. Now it seems to mean you are a bottom-feeding, clickbaity scammer.

Peconet57

Re: The user has no freedom but to consent

Interesting. I will have to try that out sometime.

DaLo

Re: The user has no freedom but to consent

"You can absolutely do advertising without spying on everybody, it's just less lucrative."

Need a citation for that - on a specialist site like "the register" then surely knowing its content and therefore its intended audience is enough to know what ads to run. You don't need to track/personalise/etc me to show me an ad.

Anonymous Coward
Anonymous Coward

Re: The user has no freedom but to consent

Yes, I did the same thing when I read this story. First of all I couldn't find their privacy policy anywhere - no links to it until i realised it was hidden under the "cookie policy banner". Then it incorrectly uses the stupidly titled exemption of "legitimate business interests" which absolutely does not mean "as long as we want to do it we can".

Then there is no free consent given and no single place to easily opt out (opting out is subcontracted to the providers)

The privacy policy says "As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies"

"The Register may collect, process and use your personal data (including your name, postal address, email address, telephone number, mobile number and technical data including your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website"

"We may transfer your personal data outside the European Economic Area (EEA)."

doke

Re: The user has no freedom but to consent

The problem with hosts files is they don't allow wildcards. So when they point to you a dynamically made up server name, ie a43c56.adhack.com, it won't match. There are two better ways to do it. You can do wildcard matching in a proxy.pac file. You can create your own internal dns server, and create fake zone files that point *.doubleclick.net to 0.0.0.0. I like the second one because it automatically applies to all of my devices, tablets, phones, etc on the local network.

Kevin McMurtrie Silver badge
Black Helicopters

Spyware ecosystem

I'd say that the bigger issue on Android is spyware apps and libraries that are hidden, can not be disabled by normal means, and can not be prevented from running in the background. These usually operate under the excuse of offering weather services, lockscreen themes, app usage feedback, local news, marketing feedback, cloud sync, and various feed updates. Their primary goal is to periodically make a query that reveals GPS, IP address, phone ID, and phone status. Even if GPS is off, the IP address can be correlated with other phone requests where GPS was on.

Check your cellular data usage. Notice how there are 10+ apps on Android using background data for no good reason. Apps that don't even use the Internet, like games and launchers, are using cell data in the background "for marketing feedback."

JohnFen Silver badge

Re: Spyware ecosystem

"Check your cellular data usage. Notice how there are 10+ apps on Android using background data for no good reason."

There aren't any such apps on my phone! But then, I use a firewall (as everyone should) to ensure that no apps (or the OS itself) can communicate without my permission, I'm VERY cautious about what apps I will install, and I keep the fewest number of apps installed that I can.

Danny 14 Silver badge

Re: Spyware ecosystem

same. first thing i do is root and droidwall etc.

DropBear Silver badge

Re: Spyware ecosystem

"But then, I use a firewall (as everyone should) to ensure that no apps (or the OS itself) can communicate without my permission"

You do realize that even apps fully firewalled from any network access are completely free to load a webpage in a browser window for you (and it will be the browser doing the net access, not them)...? And that in that process they are able to send whatever data they feel like to the server they load? And that you won't necessarily _see_ said page at all...?

Gonzo wizard

Re: Spyware ecosystem

You've obviously not used this kind of firewall.

What's being talked about here is an outgoing firewall where the user is typically asked to permit or block each individual network connection as it is requested (by the operating system, or an app, or JavaScript inside a web page). So loading a page in a browser could result in several prompts requesting connections to different domains - ad servers, tracking servers etc. and you can choose which succeed and which are blocked.

Now that's a bit chatty so you can usually set up permanent rules to allow or block. Really effective for removing adverts and usurping tracking attempts.

JohnFen Silver badge

Re: Spyware ecosystem

"You do realize that even apps fully firewalled from any network access are completely free to load a webpage in a browser window for you (and it will be the browser doing the net access, not them)...?"

Of course! But web access is firewalled off too, so that doesn't matter.

Snowy
Flame

Also consider Bluetooth

In order for Bluetooth to work on a an Android device you have to turn on location services, what one has to do with the other is a mystery to me

Danny 14 Silver badge

Re: Also consider Bluetooth

? i dont have location or tracking enabled and I use bluetooth. What shady build are you using?

SImon Hobson Silver badge

Re: Also consider Bluetooth

I've recently bought a bluetooth widget (NIX colorimeter) and for the app to talk to the device you have to give it permission to access location. WTF ? Why does it need location permission to talk to a bluetooth device ?

JohnFen Silver badge

Re: Also consider Bluetooth

Bluetooth works fine for me without having location services turned on...

JohnFen Silver badge

Re: Also consider Bluetooth

"Why does it need location permission to talk to a bluetooth device ?"

This is because Bluetooth can be used to determine location. From the Android developer's guide:

A location permission is required because Bluetooth scans can be used to gather information about the location of the user. This information may come from the user's own devices, as well as Bluetooth beacons in use at locations such as shops and transit facilities.

This highlights a pretty serious problem with the Android permission scheme -- it's too coarse and some of the permissions are required for unexpected reasons. I've been wishing that they'd fix this whole mess from the first time that I was exposed to it.

Requiring location permission to use Bluetooth is understandable from one point of view, but it makes little sense in the larger scheme of things -- if the permission is required for the reason they cite, then the permission would logically be required for a whole host of other things as well, none of which are more than tangentially related to location. Requiring this permission for such a wide array of things renders the permission a bit pointless, as users will rapidly learn they have to just accept it in order to do most of what they want to do.

eldakka Silver badge

Re: Also consider Bluetooth

Requiring this permission for such a wide array of things renders the permission a bit pointless, as users will rapidly learn they have to just accept it in order to do most of what they want to do.

Exactly the point of it methinks.

They are training you to press the 'accept' button on location tracking, so that you will just automatically accept it when a popup that matters prompts for it.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing