Menu
EN

Google’s history of privacy failures revealed in new leak

Over the past few years, Google has been trying to rebrand itself as a privacy champion — at the center of this quest lies Google’s Privacy Sandbox, pitched as a privacy-preserving alternative to cross-site tracking (however, it falls short of this goal, as explained here).

As awareness of privacy issues continues to grow — with a recent study suggesting that nearly 90% Americans are more concerned about their privacy and data security than the state of the US economy, Big Tech finds itself under mounting pressure (both from consumers and regulators) to take action. However, talking about privacy is one thing, but walking the talk is another. The latest leak, revealing six years of previously unknown privacy incidents at Google reported internally by its own employees from 2013 to 2018, throws shade on these efforts.

Addresses, license plates and speech data

The leak was reported by 404 media, which obtained a dataset revealing dozens of privacy-related incidents linked to either Google itself or its third-party vendors, from an anonymous tipster. According to the report, the database contains “thousands of reports” that had been filed by Google employees, and, according to Google, were all acted upon and resolved.

So, here are some of the incidents that Google employees reported and that we found especially disconcerting.

In one instance, Google speech service had mistakenly logged speech data for an hour, which resulted in “estimated 1K child speech utterances” being collected.

In another case, Google’s Street View photographed and transcribed car license plates (when they should have been automatically censored) and then stored this sensitive information. It’s important to note that many of us never gave Google the green light to photograph our homes and vehicles in the first place. In fact, there are numerous complaints on Google community forums where people have raised concerns about StreetView vehicles entering private property without permission and taking 360-degree photos of businesses and residences.

Customers investing in Google’s premium products, sold on the promise of enhanced privacy and security, may want to have second thoughts about entrusting their data to the Big G after hearing the following story. According to the report, a Google Cloud customer using the government-focused product designed to safeguard sensitive data was mistakenly moved to a consumer-level service. This transition resulted in the loss of guaranteed US data location for the affected customer. While this may not be a big deal for a regular user, the assurance that their data will stay in the US and not be moved across the pond is usually pretty critical for government stuff.

In another incident in which Google was also a damaged party, the email addresses of over a million users of Socratic.org, an education technology company acquired by Google in March 2018, were leaked. This information was found right in the code of the website. In addition, there were concerns that the geolocation and IP address data of these users, including children, may also have been compromised. Google addressed the leak after acquiring the company, but the data had been exposed for a year prior to the acquisition, raising suspicions that it may have already been harvested.

Unremovable YouTube history and Google Doc links for all to see

The last trio of incidents we want to highlight involves services that just about everyone uses on a daily basis.

In, perhaps, the most troubling of them all, videos uploaded to YouTube with privacy settings designated as “unlisted” or “private” were made visible to the public for a “short” period of time, creating a potential nightmare for individuals and organizations sharing sensitive information or corporate content on YouTube (which we would not advise doing in the first place).

In another incident that could have potentially affected a lot of people, Google reportedly mishandled Google Drive and Google Docs access controls, inadvertently granting public access to files intended only for those with the shared link. According to the report, Google treated “Anyone with the link” access controls as “Public,” meaning that the files could have been found without a direct link, for instance through a web search. While the likelihood of someone randomly searching for a Google Doc leak is slim, it nonetheless created a vulnerability for potential leaks of sensitive information.

In the third incident that is not directly related to privacy, but nonetheless illustrative of Google’s lax enforcement of its own rules, Google-owned YouTube apparently ignored its own policy when it continued to recommend videos based on those that had been deleted from the watch history. YouTube’s current policy states, “If you notice recommendations on a subject you’re not interested in, try removing a video you previously watched on that topic. It may reduce the chance of similar recommendations in the future.” “May reduce” does not sound like an ironclad guarantee, but it does create some expectations.

Taking control of your data

Google’s history of privacy failures, as revealed in this latest leak, is just one example of the ongoing challenges in safeguarding personal information online. Also, this is by far not the first, nor likely the last, testament to Google’s poor privacy record.

A lot has been written about de-Googling yourself, and some of you may have even attempted this feat, recognizing the risks associated with entrusting so much data to a single entity. If you’re among those users who went for more private options, we applaud your effort and determination. However, for most of us, completely divorcing from Google’s ecosystem may be a daunting task and not necessarily what we need or want.

Instead, we stand for a pragmatic approach which involves scaling back on what you share and get advantage of the tools provided by Google to manage your online footprint. Checking for your personal information online through such tools as “Results about you” and taking steps to remove it, and minimize exposure can help mitigate risks to your personally identifiable information being leaked and potentially mishandled in our increasingly data-driven world.

Liked this post?

AdGuard for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
User Reviews: 13079
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
User Reviews: 13079
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
User Reviews: 13079
4.7 out of 5
By downloading the program you accept the terms of the License agreement

AdGuard for iOS

The most advanced ad blocker for Safari: it makes you forget about pop-up ads, speeds up page loading, and protects your personal data. A manual element-blocking tool and highly customizable settings help you tailor the filtering to your exact needs.
User Reviews: 13079
4.7 out of 5
By downloading the program you accept the terms of the License agreement

AdGuard Browser Extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
User Reviews: 13079
4.7 out of 5

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
User Reviews: 13079
4.7 out of 5
App Store
Download
By downloading the program you accept the terms of the License agreement

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
User Reviews: 13079
4.7 out of 5

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
User Reviews: 13079
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
User Reviews: 13079
4.7 out of 5
Assistant for Chrome Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Firefox Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Edge Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Opera Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Yandex Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Safari Is it your current browser?
If you can't find your browser, try the old legacy Assistant version, which you can find in AdGuard extension settings.

AdGuard Temp Mail β

A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
User Reviews: 13079
4.7 out of 5

AdGuard for Android TV

AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
User Reviews: 13079
4.7 out of 5
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device