Even Google Employees Found Google’s Privacy Settings Confusing

Image: Graeme Jennings, Getty Images
Image: Graeme Jennings, Getty Images

By 2018, Google mastered the art of obscuring privacy settings to the degree that even some Google employees didn’t know how location privacy settings worked, according to an Arizona consumer fraud lawsuit (now with fewer redactions) shows. As the Arizona Mirror first noticed, the complaint contains messages between Googlers venting that the company’s privacy settings are — even for the exact people most likely to understand them — a “mess.”

The suit, filed in May, alleges that Google had violated Arizona’s Consumer Fraud Act on numerous counts, using “deceptive and unfair business practices” to gather users’ information and location data. A 2018 Associated Press report prompted the state-level inquiry after it found that some Google apps still collected location data after users had turned Location History off. That was news to certain Googlers, whose reactions have now become part of the public record thanks to testimonies and internal documents:

“Add me to the list of Googlers who didn’t understand how this worked an [sic] was surprised when I read the article”

“Although I know it works and what the difference between ‘Location’ and ‘Location History’ is, I did not know that Web and App activity had anything to do with location.”

“Definitely confusing from a user point of view if we need googlers [to] explain it to us.”

“I agree with the article. Location off should mean location off, not except for this case or that case.”

While we don’t know the precise response from Google’s c-suite at the time, it probably could be summarized as “oh shit!” We can offer this bit of informed speculation because internal emails appended as evidence reference a “Monday morning ‘Oh Shit’ meeting” the same day the AP published their investigation.

The investigation also adds that Google’s Wi-Fi settings mislead users to believe that they’re toggling off Wi-Fi scanning; that Google still targets ads using location data even when users have turned off ad personalisation; and that Google apps with location permissions turned off can clandestinely gather location information from other Google apps.

The Arizona Attorney General’s investigation claims to have discovered “overwhelming” evidence from presentations, memos, and internal emails proving that Google had known its practices were misleading “for years.” It quotes more Googlers (timeframe unknown) as saying:

“The current UI feels like it is designed to make things possible, yet difficult enough that people won’t figure it out.”

“Some people (including even Googlers) don’t know that there is a global switch and a per-device switch.”

“So our messaging around [location tracking] is enough to confuse a privacy focused Google-SWE. That’s not good.”

Responding to the now-circulating employee comments above, Google maintained in an email to Gizmodo that the company values diversity of views and robust debate. (Although these days, it seems that debate comes with a lot of terms and conditions.) “In fact, even these cherry picked published extracts state clearly that the team’s goal was to ‘Reduce confusion around Location History Settings,’” Google spokesperson Jose Castaneda told Gizmodo. Google cited incognito mode, auto-delete controls, and accessible privacy controls in search, maps, and Google Assistant as some of the measures the company has taken toward transparency.

While Google has fought to keep much of the complaint redacted and evidence under seal, Google tells Gizmodo that they’re protecting proprietary information, per standard practice. (A hearing at the end of the month will determine whether the rest of the complaint will remain unredacted.)

And then Google floated two wild assertions undermining the validity of the investigation: it repeated the company’s previously alleged discovery that Google’s competitor, Oracle, encouraged the investigation. The company also claimed that the Attorney General’s investigation is being led by contingency fee lawyers, something the AG’s office denied.

“[Arizona] Attorney General Brnovich wants all companies, including Google, to play by the rules,” a spokesperson told Gizmodo. “It doesn’t matter if you’re a major tech company or small car mechanic; if you violate consumer fraud law, the Arizona Attorney General’s office will aggressively go after you.”

Damage control and potential corporate sabotage aside, the point of the AP report which triggered the investigation is that public-facing “transparency” features and mealy-mouthed promises about respecting users often misrepresent the scope of data collection. As my colleague and privacy guru Shoshana Wodinsky has pointed out, Google gets to say that it’s GDPR-compliant by allowing Android users to opt in to sharing data, whilst smokescreening critical information about what they’re opting into. (Google was first on the list of major companies targeted by the European privacy law, with a $US57 ($79) million fine.) Google also gets to say that it doesn’t snoop on the contents your Gmail messages, though it does track ad links you click on from within your inbox. Google might set your mind at ease with a Chrome update that blocks third parties from tracking your browsing history, which does shield your data from interlopers, but it won’t necessarily shield you from Google itself.

The potential for what could be fined is extraordinarily broad. The Arizona Attorney General’s office has cited a laundry list of violations of the Arizona Consumer Fraud Act in Google’s advertising practices, primarily around location data, and they ask that the company “disgorge all profits, gains, gross receipts, and other benefits obtained by means of any unlawful practice.” It’s unclear how a court might draw the line from deceptive location practices (each unwanted location ping?) and profit (all ad revenue?), and Google might drag them through the hair-splitting argument that it doesn’t sell data, though their profits gained from having it would explain why they want it so badly.

Like Apple and Facebook, Google has lately taken an aggressive pro-privacy stance in public. But privately, Google has little incentive to codify its professed ideals into its business model. The vast majority Google’s revenue (last year, that represented $US134 ($185) billion) comes from advertising, which has become, thanks largely to Google, the business of collecting data in order to fine-tune targeting. It’s in Google’s best interest to give increasingly concerned users (and even vocal Googlers) an imaginary shield against the monster of its own making.