The Last Straw Of Creepiness

Eric Schmidt has previously mentioned that  Google’s company policy was “to get right up to the creepy line and not cross it”. And despite occasions where it has got itself real trouble by sniffing in on data from personal WiFi routers as Google Maps cars roamed the streets, the general public has not made a huge fuss over privacy.

However, it is not as if the general public is totally oblivious to the privacy issues. There have been reports, for example, that young adults (being more tech savvy) take more security/privacy measures than their elders. Interestingly, the young adults are more concerned with hiding information from their parents than from Google and Facebook, which is obvious when you think about it. A Pew Research survey also show “Some 86% of internet users have taken steps online to remove or mask their digital footprints, but many say they would like to do more or are unaware of tools they could use.” I have also seen similar surveys in Japan.

If this is the case, then it seems like there is a delicate balance in place which reflects Eric Schmidt’s quote, where online privacy is a serious issue for many, but not quite enough for a public backlash. The Internet trackers are a whole have been successful in coming close to the creepy line, but also in not having crossed it.

The next question is then, how will the Internet trackers including Google, Facebook, and a slew of other online ad brokers, cross the line? When will they do something that is so creepy that the public will revolt?

The key to understanding this is, I think, by recalling why the US does not appreciate Edward Snowden. Snowden uncovered rampant privacy intrusions on a massive scale by the NSA. However, the US citizens do not seem to care so much. They seem happy to let the NSA collect data, as long as the information spied upon is not used against themselves, but against terrorists. Of course, I’m sure that US citizens who come from the middle east are not so reassured, but for the majority of Americans, they simply don’t consider themselves as the victims.

Looking at it this way, the creepy line will be crossed when and only when the massive data collected is used against the majority of citizens, and not against terrorists, in a way that is easily noticeable and potentially harmful. For example, re-targeting ads are getting very close to the line because they demonstrate in an unambiguous way, that Google is carefully watching which 3rd party websites you visit. This is completely unlike the previous generation of search or display ads. Re-targeting ads have reminded the public that Google is watching your every move. The only thing that has to happen now is for something to demonstrate that this information can be used to harm you, and then the creepy line will most likely be crossed.

Thus we should next focus on when the public will consider the information gathered by Google and Facebook to be dangerous and harmful. If the information that they have is used in crime in a way that the majority of citizens can identify with, then I would most certainly expect a backlash. This will be when the creepy line will be crossed. However, Google and Facebook themselves have no intention of harming their users, so it won’t be them that cross the line. It will be someone else.

There is no doubt that the information in Google’s servers is potentially damaging. Google probably has the most harmful data if revealed. Unlike Facebook or Apple where you typically send the information yourself, and are unlikely to send stuff that will harm you down the road, Google collects everything. They collect all your searches, all the places that you’ve been to, and all your emails. You do not select which information to share with Google, so the good and the bad get sent there.

I think we a just one major security breach or one major malware attack away from a crisis of confidence. Google itself will not cross the line, but malware can make this happen. Current malware does not collect the privacy/location information from Android devices or Google accounts, but this is because the business model is not there yet. If somebody decides that this is indeed something that they can make money from, then this will happen, and I expect it will bring down Google’s data collection practices down along with it.

Security breaches are becoming more sophisticated and more targeted. Large leaks of accounts are reported quite frequently, although not all of them can be entirely trusted. Indeed, one could imagine hackers announcing the leak of a large number of bogus accounts, just to scare the public into responding to phishing emails. As long as this trend continues, I believe that the largest threat to Google’s data collection practices will be a security breach and not a sudden awakening to privacy by the public.

  • obarthelemy

    Is there list somewhere of which data Google, FB, Apple and MS collect ? I don’t think Google is that much of an outlier. Also, there’s a flip side: If I’m going to see ads and get AI, I’d rather see relevant ads and get useful AI suggestions. Most “neutral” people find Google Assistant more helpful than Siri, for example.

    • You are correct that Google is not necessarily an outlier, and that all other companies cannot truly block intruders who have the password. Also even for NSA requests for example, even Apple is yet to implement a solution that will fully block requests (it is reported that they are trying).

      Google does store more creepy data, but others store enough to be damaging if leaked.

      So the real issue here is not whether Google will be hacked, but rather if any of the major cloud services will be hacked in a really nasty way (and not just emails of credit cards). In this sense, the future of private data collection practices is dependent on none of these companies being hacked, and Google itself cannot prevent that.

      I’ll try to give an example later.

      • obarthelemy

        “Google does store more creepy data”: source ? I’ve never seen a comprehensive, objective recap of who stores what. I think intelligent discourse starts (and often ends) with facts.

        Edit: for example, Privacy Badger tells me it has stopped 13 potential trackers on this very page (yes, yours ^^). I’m guessing Google only needs one ?

        • Yes, please use the ad blockers/tracker blockers. These days, I find it hard work to eliminate trackers from the WordPress sites that I create, and I’m not even sure how many of them there are. I might dig into this if I have time, but I do recommend the use of blockers.

  • Pingback: Imagining An Attack That Could Wipe Out Trust In The Cloud – Naofumi Kagami()