Your privacy is at risk, and major companies are starting to take notice of users beginning to get paranoid. As i discussed in part one of this three part series, we are in a rather dark place and our privacy and security are at more risk than ever. Facebook F8 and Google I/O have both come and gone, leaving us with more promises of a better and more private future on their platforms. I'd like to examine these new features and how they may help or hurt us going forward. Will the end result actually leave us more private and safe?
First and foremost, and their most important announcement, Federated learning. It's something that has existed for a while, but it is very difficult to implement at scale. Unlike Apple's differential privacy, which takes data and adds a bunch of noise to it to prevent it from being traced to source, federated learning uses a machine learning model on device to study you and your on device data, it then alters the model to better serve you. Then it summarizes the changes to the model and shares it to an aggregate server. All of the summaries gathered are then analyzed for a trend and the findings are sent to update the global model. That way the model can improve, while user data remains on device. Federated learning is being tested in Gboard and will be rolled out to other services in the future. Google says these features will be processed on device in the coming updates Google pledged to work on more tools that are visible to the user. Incognito mode in chrome does not save data to the device, maps incognito mode does not send user history to their profile, and Google search incognito prevents search history from being updated. Notice the language though? We don't have clear information on what is happening to the data except that it isn't being associated with the account. There could very easily be tracking occuring in these modes, just that the tracking isn't tied directly to you. This is unsettling to me and Google needs to clarify exactly how user data is handled in every circumstance.
These announcments come a week after it was revealed Google is implementing a feature to auto delete your user history. Further investigation reveals that the data deleted is held for a 3 month period to ensure deletion was wanted, then permanently deleted. This is nice, but the data has been taken, categorized, and added to algorithms well before deletion. This feature is mostly a placebo to placate users. Again, its almost like they care, but their baby steps are not even in the right direction.
Google tracking tools are opt out sadly. New users are set up to fully be tracked by google. This is one more thing they need to change going forward. There is very little that casual users can hope for right now in terms of privacy, since most users won't even know about these settings or what they mean. In contrast Apple puts privacy settings in front of users right at set up, then at any chance during normal use. All of their data collection and diagnostics are opt in. There are tracking indicator reset tools readily available as well. In these aspects, google has a long way to go.
These promises of a private future are actually pretty bittersweet. It seems Facebook and Google have pivoted to try and redefine user privacy. We privacy advocates define privacy as our right to have data and keep it for ourselves, and use tools to make that data useful while remaining ours. The tech giants new definition is simple, they want users to believe privacy is having less data, rather than none at all. That being said, there is a bright side. You can take control of your data and privacy today, and that is what my next post will be about; Privacy 2019 Part Three: How You Can Stay Safe.