Google tracks your location even if you switch off

location tracking
TECHNOLOGY 14 August 2018

By New Scientist and Press Association

Think Google doesn’t know where you are? Think again

Seth Wenig/AP

Google records your movements even when you explicitly tell it not to, an investigation has found.

The Associated Press reported that many Google services on Android devices and iPhones store your location data,
even if you have used a privacy setting which states it will prevent Google from doing so.

Computer science researchers at Princeton University in the US confirmed the report’s findings.

For the most part, Google is up-front about asking permission to use your location information.

An app like Google Maps will remind you to allow access to location if you use it for navigating. If you agree to let
it record your location over time, Google Maps will display that history for you in a “timeline” that maps out your
daily movements.

Storing your minute-by-minute travels carries privacy risks and has been used by police to determine the location
of suspects. However, the company will let you “pause” a setting called Location History.

Google said this will prevent the company from remembering where you have been. This is not true, the AP report
found. Even with Location History paused, some Google apps automatically store time-stamped location data
without asking.

Ways of tracking you

For example, Google stores a snapshot of where you are when you simply open its Maps app. Automatic daily
weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do
with location pinpoint your precise latitude and longitude – and save it to your Google account.

The privacy issue affects some two billion users of devices that run Google’s Android operating software and
hundreds of millions of worldwide iPhone users who rely on Google for maps or searches.

Storing location data in violation of a user’s preferences is wrong, said Jonathan Mayer, a Princeton computer
scientist and former chief technologist for the US Federal Communications Commission’s enforcement bureau.

Google insisted it has been perfectly clear.

The company said: “There are a number of different ways that Google may use location to improve people’s
experience, including: Location History, Web and App Activity, and through device-level Location Services.

“We provide clear descriptions of these tools, and robust controls so people can turn them on or off, and delete
their histories at any time.”
How to really switch it off
To stop Google from saving these location markers, the company says, users can turn off another setting, one that
does not specifically reference location information. This setting, called “Web and App Activity” and enabled by
default, stores a variety of information from Google apps and websites to your Google account.

When paused, it will prevent activity on any device from being saved to your account. But leaving “Web & App
Activity” on and turning “Location History” off only prevents Google from adding your movements to the
“timeline” – its visualisation of your daily travels. It does not stop Google’s collection of other location markers.

You can delete these location markers by hand, but it is a painstaking process since you have to select them
individually, unless you want to delete all of your stored activity.

Read more: Fed up with Facebook? Here’s how to fix your online privacy

You can see the stored location markers on a page in your Google account at myactivity.google.com, although
these are typically scattered under several different headers, many of which are unrelated to location.

To demonstrate how powerful these other markers can be, AP created a visual map of the movements of Princeton
post-doctoral researcher Gunes Acar, who carried an Android phone with Location history switched off, and shared
a record of his Google account.

The map includes Mr Acar’s train commute on two trips to New York and visits to The High Line park, Chelsea
Market, Hell’s Kitchen, Central Park and Harlem. To protect his privacy, AP did not plot the most telling and
frequent marker – his home address.

Huge tech companies are under increasing scrutiny over their data practices, following a series of privacy scandals
at Facebook and new data-privacy rules recently adopted by the European Union.

Security agencies collected data unlawfully, UK court

rules
TECHNOLOGY 18 October 2016

By Timothy Revell

Listening in
Ben Birchall PA Archive/Press Association Images

British spy agencies collected data illegally for more than a decade, a court has ruled.

The Investigatory Powers Tribunal, which investigates complaints against intelligence services, ruled on
Monday that the agencies’ secretive collection and use of bulk communications data (BCD) failed to comply with
human rights laws until 2015.

The ruling is the result of a case brought by privacy campaigners Privacy International that challenged the
collection and use of bulk data by security agencies GCHQ, MI5 and MI6.
Since 1998, telecoms companies have been forced to provide the security services with regular access to BCD –
the who, what, where and when of personal communications data, including information such as the location and
time of a communication made by phone or over the internet, but not the content of the message.

“This information reveals a lot about you,” says Camilla Graham Wood from Privacy International. “If someone
knows who you’ve been speaking to and when you’ve been speaking to them, they can make some strong
conclusions.”

The right to privacy is enshrined in Article 8 of the European Convention on Human Rights (ECHR).

For security agencies to legally collect data about the public, they need to disclose information about their activities
and have adequate oversight and safeguards in place. “That wasn’t done,” says Wood. “In fact, nobody was told.
Not parliament and not the public.”

The tribunal concluded that BCD was collected unlawfully from March 1998 until November 2015, when the data
collection programme was made public and “a more adequate system of supervision” was introduced.

Personal data
The agencies also breached privacy laws when they collected another type of data called bulk personal data (BPD),
the exact details of which are still unknown but which Privacy International says could include tax records and
medical records. We know that this personal information has been collected and stored by intellligence agencies
since around 2006.

“The BPD regime failed to comply with the ECHR principles… throughout the period prior to its avowal in March
2015,” the tribunal concluded.

However, the tribunal found that the agencies’ collection of BCD and BPD both now comply with Article 8.

“We are pleased the tribunal has confirmed the current lawfulness of the existing bulk communications data and
bulk personal dataset regimes,” the government said in a statement. The statement didn’t address any of the aspects
of previous illegality mentioned in the judgement.

One issue that still remains unclear is proportionality – the question of whether the risks associated with such vast
data collection programmes are outweighed by the benefits, says Paul Bernal, at University of East Anglia Law
School, UK. “Every time this issue comes up, the agencies say ‘if we told you we would compromise people in the
field’, making it impossible to establish the evidence for each side,” he says. The tribunal has not yet come to a
conclusion on this issue.

In the meantime, the government has made its intentions on surveillance clear with the new Investigatory Powers
Bill – also known as the snooper’s charter – which is due to become law in the next few weeks. The bill was
overwhelmingly passed during its second reading and strengthens current surveillance legislation, making it easier
for government agencies to access data, including requiring content service providers to keep a record of the
websites internet users visit.

Ever since the Snowden revelations, state surveillance programmes have increasingly come under the spotlight,
despite government denials. “The obvious question is,” says Bernal, “what else are they doing that we haven’t yet
found out?”
Read more: https://www.newscientist.com/article/2109494-security-agencies-collected-data-unlawfully-uk-court-
rules/#ixzz70dqw7Tf3