Is Google evil?
An important part of correcting a mistake is to understand where, how and what went wrong.
There’s no denying the fact that Google sustains itself by collecting massive amounts of user data. The company spends millions of pounds engineering tracking features into its online services, apps and operating system.
The industry term for Google’s tracking method is aggregation. Google’s useful tools are engineered to gather data about users to build effective profiles that the company then monetises. One of its most notorious privacy-intruding services is Gmail.
Privacy advocates allege that while the transport to and from the Google servers is encrypted, the company gleans data from the contents and even the attachments. Then there’s the Google Accelerated Mobile Pages (AMP) service that caches data on Google’s servers, effectively enabling the company to document your movement across the web, even when you fetch a resource over encrypted HTTPS channels.
Google’s use of cookies is well-known, and another distasteful service that uses it to track your movements is Google Analytics. Advocates allege that cookies are assigned unique IDS, which enables the company to record and link all activity to a profiled user. They go on to allege that even the Google Maps API feeds data to the Google Analytics profile.
Google can only pin the online activity to a profile if you sign into the service. But that’s no longer a valid escape route, with the company’s move to force Gmail users to sign in to the browser session as well. Thanks to this policy change, Google can now track all online activities of the signed-in user. Of course, getting users to sign in has never been an issue with Android. So if you use Maps on your smartphone, Google can track your movements in the real world in addition to the online one.
In case you’re sceptical, don’t forget that Google doesn’t deny recording, and making private contractors listen to, users’ conversations with Google Assistant. Even more troubling is that several of these recordings
accessed by a Belgian public broadcaster were recorded when the Assistant activated incorrectly after mishearing its wake keyword.
With Google vehemently defending its use of data capture under the garb of improved user experience, the situation is not going to get any better. If you want to prevent the company from stitching together your profile based on your use of its online properties, you have no option but to stop using its apps and services.
However, escaping Google is only a good solution as long as you can avoid falling into the next one. But this requires a re-engineering of the cogs of the wheels that move the technology industry. To understand the fundamentals of the ecosystem responsible for the growth of monopolies like Google, we spoke to Ben Wermuller, who has worked up and down the entrepreneurial food-chain – from developer to venture capitalist. He co-founded the open source publishing platforms Known and Elgg, and is a positive voice in a community which is working to redefine the ethos of the tech industry. linux Format: We’re personally not a fan of Google’s business model which is the basis of what’s now known as ‘surveillance capitalism’. What, in your opinion, is Google doing wrong? Is there more to Google acting “evil” than just privacy intrusion? Ben Werdmuller: Let’s be clear: Google is participating in the prevailing business model for internet businesses in Silicon Valley. So in that sense, they’re no more ‘evil’ than any other business that seeks to make money through personal data.
However, the impact of Google’s business is exponentially greater because of its size. From widespread location collection in Google Maps, to the fact that the majority of sites on the internet host Google tracking code, it’s very hard to not be tracked and profiled by them in some way. That information has the potential to be cross-referenced, together with offline information like credit card purchases, which it adds together to create a highly targeted profile.
The irony is that targeted advertising – where advertising is highly tuned to the profile that has been created for you through invasive tracking – is not really more effective or lucrative than simple contextual advertising! So Google’s real harm may have been to incentivise the creation of a sophisticated worldwide surveillance network, for the sake of surveillance itself.
Surveillance has chilling effects on free speech: people who know they’re being watched behave and express themselves differently. And that has a real effect on democracy. Not to mention the potential for harm should a government with ill intent seek to harness that surveillance network for its own ends. Should tech companies have built systems that enable the current US administration to track immigrants and deport them? I think the answer is a clear no – and the only way to prevent this is for the surveillance apparatus not to exist in the first place.
LXF: How do you escape from the clutches of Google? Is self-hosting the only real option?
BW: Privacy is a group inoculation. Even if you self-host, there’s nothing to prevent your information from being inadvertently gathered by your friend who hasn’t taken the same steps. Not to mention that self-hosting is really hard! At its simplest, you need to know how to
use command line tools – or, if you’re using shared hosting, be comfortable with FTP. At its hardest, you need to have some server administration skills. For those reasons, I don’t think self-hosting is a real solution to the problem in itself. There are lots of other great reasons to self-host: having full control of your web presence and data, if you have the means and the skills, allows you to better represent yourself online.
You can also make ethical technology choices. Use a web browser like Firefox that protects you. Choose an email provider, like Protonmail, that has built-in privacy protections. If you’re building a website – or particularly running a web business – make careful choices about the data you really need to gather, and through which provider. Consider using an open solution like Matomo for your website stats instead of Google Analytics. Support small businesses that are transparently making ethical choices over giant companies that may not be. But because it’s a group inoculation, we need a better vaccine for all of us.
LXF: Do you think going ‘back to formula’ and adopting open web standards is the way forward? BW: Google is pretty good at using open web standards! While we should definitely be using open web standards and continuing to build a robust, open, decentralised web, I think the way forward is a human problem more than a technical problem.
First, there needs to be a clear alternative to the Silicon Valley venture-capital funding model. People who build software need to be able to put food on the table; it’s not a question of not being able to make a profit. But venture capital incentivises companies to grow exponentially. Actually stopping to take money from consumers is a limit on that growth, so those companies tend to use advertising and data brokerage as revenue models instead.
Movements like Zebras Unite see the harm in this and are trying to establish alternative funding models. Teams, including open source projects, need to take concrete steps to become more diverse; because the negative effects of surveillance are disproportionately felt by vulnerable groups, affluent, white teams often didn’t understand the issues. We also need to do much more work to make sure open source developers can make a real living from their work, and move away from the ‘free as in beer’ perception of open software.
People should choose free and open source software because of the freedoms and reassurances inherent in open development processes and licences. If they just see it as a cheaper alternative, fewer start-ups will choose open models, because they can’t make money that way, and the traditional VC model will continue. We’re seeing more successful open source infrastructure companies, but I’d like to see more end-user open source software find its way to real profitability too. For that to happen, we need much stronger support for those companies. I’d love to see more funding opportunities, as well as open source accelerators and advisory programs.
Finally, there has to be regulatory reform in two main areas. First, we need to reform antitrust rules and prevent these data monopolies from existing in the first place: no company should ever be big enough to establish a global surveillance network. It’s absurd. Technology monopolies are harmful, and in a world where software is a part of our lives, we can’t afford to hide behind techno-libertarian ideologies where government is always bad. Government can help us establish sensible rules that protect citizens; it’s what it exists to do.
Secondly, we need strong privacy legislation. The industry clearly cannot self-police on this front. GDPR is flawed but has had positive effects – particularly in the ways that organisations have changed how they think about privacy. Every jurisdiction should enact sensible protections that encourage good behaviour and punish violations.
LXF: But does technology have a role to play in correcting this wrong?
BW: Sure, innovation has a strong part to play. I helped to build the Unlock Protocol, which is a decentralised way for creators to independently make money for their work. This stands in contrast to advertising models: selling paid memberships becomes a decentralised layer of the web, just like HTML, CSS or Javascript. You don’t need to go through a middleman, and Unlock doesn’t levy any fees. Other providers can roll it into their products. We can change the ecosystem by lowering barriers to entry to other business models.