Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Google Privacy

Google Leak Reveals Thousands of Privacy Incidents (404media.co) 20

Google has accidentally collected childrens' voice data, leaked the trips and home addresses of car pool users, and made YouTube recommendations based on users' deleted watch history, among thousands of other employee-reported privacy incidents, according to a copy of an internal Google database which tracks six years worth of potential privacy and security issues obtained by 404 Media. From the report: Individually the incidents, most of which have not been previously publicly reported, may only each impact a relatively small number of people, or were fixed quickly. Taken as a whole, though, the internal database shows how one of the most powerful and important companies in the world manages, and often mismanages, a staggering amount of personal, sensitive data on people's lives.

The data obtained by 404 Media includes privacy and security issues that Google's own employees reported internally. These include issues with Google's own products or data collection practices; vulnerabilities in third party vendors that Google uses; or mistakes made by Google staff, contractors, or other people that have impacted Google systems or data. The incidents include everything from a single errant email containing some PII, through to substantial leaks of data, right up to impending raids on Google offices. When reporting an incident, employees give the incident a priority rating, P0 being the highest, P1 being a step below that. The database contains thousands of reports over the course of six years, from 2013 to 2018. In one 2016 case, a Google employee reported that Google Street View's systems were transcribing and storing license plate numbers from photos. They explained that Google uses an algorithm to detect text in Street View imagery.

This discussion has been archived. No new comments can be posted.

Google Leak Reveals Thousands of Privacy Incidents

Comments Filter:
  • by 93 Escort Wagon ( 326346 ) on Monday June 03, 2024 @12:08PM (#64520243)

    What, was law enforcement using Google Apps to coordinate their raids on Google?

    • by jhoegl ( 638955 )
      what form of governance is it when the corporations have control of the government?

      Corporatocracy

      This is the logical outcome of Reaganomics, of large monopolistic corporations, and unfettered access to citizens and their private conversations.
      • Unless that government also is right-wing authoritarian and has a strong man leader, then we call it something else. Let's see, what was it... Something like fastism? Fashionable?

        • by shanen ( 462549 )

          I think you were going for the joke, but I think the serious answer may be kleptocracy.

          Recently I've been sadly contemplating how the greedy sociopaths have taken over. Can you point at any major changes in recent years that don't have such a character at the top? It's just feels a bit sadder in the case of the google? "Don't be evil" as the punchline.

          • I was going for the HHOS (HA HA Only Serious) comment. Even the guy we're supposed to believe is a liberal leader is funding a hard right holocaust. Many of our corporate control woes al can be traced right back to the Clinton presidency as well. We haven't had a two party system presidential candidate who didn't deserve brimstone since Carter. Still not sure how he won. They won't let that happen again, though.

            • by shanen ( 462549 )

              Sounds like you're letting the perfect be the enemy of the good. When you bring brimstone into it I would start wondering if you're some sort of religious nut, but from long ago I remember that you (or "your identity" on Slashdot?) like humor and tend to use hyperbole in pursuit of the jokes. Or should I accuse you of oversimplification? Mea culpa (especially as regards "fixing" the SCOTUS with that fancy new recusal rule for nonpartisans).

              One of the main moderation flaws of Slashdot is the insufficient enc

    • by AmiMoJo ( 196126 )

      There would probably need to be evidence of it being deliberate, or grossly negligent. In one off cases the individual is on their own to sue for any damages.

      And even if it is deliberate or negligent, it's usually a civil matter so there wouldn't be raids, there would be subpoenas.

  • Does finding this out even matter anymore?
  • by Mirnotoriety ( 10462951 ) on Monday June 03, 2024 @12:58PM (#64520387)
    WHO KNEW /s
  • by Murdoch5 ( 1563847 ) on Monday June 03, 2024 @01:43PM (#64520557) Homepage
    I can respect the fact that Google is a massive company, and problems will happen, but isn't the solution to build privacy first data controls and policy? A lot of issues, worldwide, can be solved by not storing, grabbing or trying to grab data. The real problem is Google can only work if they have so much data they can profile your last dump, and tell you what you had for lunch using AI., Google will have issues, until they stop the abusive data collection.
    • by AmiMoJo ( 196126 )

      Have you looked at Google's privacy controls? The UI isn't the best, but they are certainly comprehensive.

      • Comprehensive and useful if:

        1. You can get to them.
        2. They're limited by default.
        3. They work as intended.
        4. They're audited by an independent third party.

        I won't deny they exist, but they're not handy or placed for the user to willingly interact with them.
        • by AmiMoJo ( 196126 )

          Well in GDPR countries they do have to ask you to opt in to every one, so you will definitely see them at least once. And they seem easy enough to get to, they are right there on your account web page and in your account settings on Android.

          I think some of them are audited after they had that debacle with accidentally running a WiFi traffic capture app on some of their Streeview cars.

    • Clearly, not collecting the information is the best way to avoid losing it. But Google is in the business of collecting as much as is legal, and maybe a bit more at all times. They're not going to change that aspect of themselves unless they're forced to do so.

      On the one hand, I find it reassuring that Google even has a "report a breach" facility and that people are evidently using it. We don't see a string of people getting fired or complaining about it, so I assume they have a non-retaliatory approach to

  • Based on my visits to youtube, I thought the site only had 20 videos. It's not as if they show me any more than that, and half of them are cooking channels about how to boil water. If I want my water boiled, I buy it pre-boiled like ordinary people.

  • Google has accidentally collected childrens' voice data, leaked the trips and home addresses of car pool users, and made YouTube recommendations based on users' deleted watch history, among thousands of other employee-reported privacy incidents...

    The subject of my comment wasn't to imply that Google deliberately leaked this info. Rather, they didn't give enough of a shit to prevent it. So although it wasn't done "accidentally on purpose" it was done "accidentally because we don't give a shit, because the people who use our services and products ARE our services and products and we will treat them as we wish".

    For the second time in less than an hour I find myself writing "fuck Google - they need to die".

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...