I am genuinely horrified to see how much data google collected from me
I created a google takeout and in that zip file I found some files containing a ton of data about me. It has logged every single page I visited while using the google search engine and chrome browser. It even logged every single time I opened an app on my old android phone. It even has VOICE RECORDINGS of me and a log of every time I used google assistant. This is just some of the data and I'm very sure there is even more data they have.
519
Comments163
How do you think they are able to pay the bills of those expensive af services for free?
Fortunately you can degoogle many Android phones. And stop using big tech products in general. They have a lot of issues, not only a complete lack of privacy
I might be looking into a new phone soon, what do you suggest?
A pixel, if you buy into GrapheneOS being the pinnacle of security. Otherwise, anything with an unlockable bootloader and LineagOS support.
Graphene gang representing
Gang gang
It's actually quite ironic that the best phone to degoogle your life is sold by google.
Dont forget CalyxOS. IMHO better than Graphene
CalyxOS has pretty bad security. They install F-Droid and microG with root privileges, don't release updates regularly and lack many security features of GrapheneOS.
Different strokes, but I personally dont think yge Graphene devs are trustworthy, and much prefer Calyx.
I'm also not afraid of root. Its how I harden my device (eg firewall)
GrapheneOS has a built in Firewall that doesn't require root privileges. Also, you don't trust the GrapheneOS devs who arguably create one of the most secure operating systems on the planet, which is open source and can be verified by everyone, but you trust Calyx devs who regularly go months without releasing any Android security patches and include highly privileged third party apps in their operating system. Makes a lot of sense.
Of course it requires root.
Much
Ironically enough, Google Pixels are great phones if you need to de-google with GrapheneOS.
I just can't buy it and support them
Buy used on Swappa/ebay
Shameless plug for backmarket. They're pretty solid
Twice the price of ebay
Depending on the state of the thing you're looking at, maybe? A pixel 6 pro goes for ~220 on backmarket and ~210 on eBay. Does eBay guarantee free 30 day returns and have a great 1 year warranty? Depends on the seller. Backmarket offers it sitewide. Id rather pay a few extra bucks to not have to fight with someone over getting my money back or my shit fixed
Or CalyxOS
GrapheneOS is amazing
Can you use banking apps on it?
Yes. Check out this list: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos
Will this still be true after safetynet is deprecated? Not trying to be difficult, just don't want to get my hopes up.
Edit: ah its adressed in the link lol
Why would you want to use a banking app on something as insecure as a phone??!?
When your bank tells you that the code booklet will be phased out and mobile app will be the only way in the future.
Change banks that take security seriously
Bingo
As long as you don't use some shady, unofficial ROM on a phone, most phones are actually vastly more secure than your typical Linux/Windows OS.
How long is your passphrase on your phone compared to your Linux/windows OS?
A phone is designed for quick usability, which is the enemy of security.
Sure, if you have a 20 char password on your phone and never install any sketchy apps, then it might be ok. But the whole phone ecosystem is just less secure because its designed for convince, not security.
A phone is more secure than most desktop computers. https://youtu.be/Wd4Pa03LvLk
GrapheneOS even significantly improves Android's already pretty good security model.
Here is an alternative Piped link(s):
https://piped.video/Wd4Pa03LvLk
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Riiight, someone's phone with a 4 digit pin that they tap out 100x per day in public in plain view of others (that I can easily pick out of your pocket) is more secure than a laptop with a 20 character passphrase that never leaves my house.
Do you even think about what you're saying?
I'm talking about the security model of the platform, not the way you use your devices. If you do your online banking in a browser on your computer and your system gets infected with malware, that malware can access all the files on your computer. Including application data of your browser. It can access your cookies, which your bank's website uses to store your login information. Such an attack is impossible on a mobile device, since apps can only access their own data, and inter-process communication is heavily restricted. Additionally, mobile operating systems like Android have complex permission systems, as well as kernel-based mandatory access control like SELinux/SE for Android. Your typical desktop OS has none of that. Android also has a strong implementation of Verified Boot, which makes sure that malware can't persist on your system partition, even after your device gets infected. I recommend this video if you want to learn more about mobile device security: https://youtu.be/yTeAFoQnQPo
If you want a normie phone that you can install a privacy-focused OS on, Google Pixel is a surprisingly good option. Just take a look at the LineageOS's and GrapheneOS's officially supported devices lists before purchasing a specific model. You can also choose Xiaomi or Motorola but you won't be able to lock the bootloader with a custom OS installed on that phones which can create some vulnerabilities. If you want to run Linux on your phone though, you either need a PinePhone or a OnePlus 6 series
Look for DivestOS supported devices. What I cannot recommend is Fairphone. Several Hardware issues, support refuses to accept them. The support in general is horrible.
Kind regards
A Fairphone 4 user with /e/OS
Look at which devices are supported my grapheneos, calyxos, /e/os and ubuntu touch/droidian and get the newest one of those that you can afford. Usually a google pixel (ironically) but also fairphone are well supported and are better IMO.
Ubunto Touch is still a thing? Does it get updated forever like normal Linux distros do?
Yeah buddy. It's still getting updates; for how long though depends on the developers of course. Use it and bung them a donation! You can even install full Linux apps on it via Libertine, although it's slightly easier on Droidian IIRC. Very, very cool stuff.
Get a Pixel and install a custom ROM. Any ROM is fine, just dont install gapps. You actually have to go out of your way to install google crap. By default a new install is google-free
Toss Linux Mint on a bootable USB, fire up a live version and play around a bit. I was in the same boat and am working on fully transitioning over. The only minor hurdles are Office 365 and other Windows-only programs, but there are ways to get those to work, or just run a Windows VM.
I bought a fairphone 4 awhile ago from Murena, the only US distributor. Other phones have more bells and whistles but I feel better knowing I can repair it if something goes wrong. If you're in Europe the FP5 is a good bet but I don't think anyone is selling them in North America. I don't know about distribution elsewhere.
They may even save every Google meet meeting for all we know. They may train their AI on how our faces look in meetings.
Nothing is too creepy for Google.
Why would they need that? There is plenty of your face on Google photos.
For you, maybe. Mine is filled with black screen pocket photos, furry porn, and 714 copies of a video of a horrifying mecha furby that's stepping on its own removed face.
Another copy shows up every time I have a nightmare about it, which is pretty odd, now that I think about it.
The faces training was all of the filters. Every single time someone took a video or picture and used filters to add cute moe eyes, or make themselves look like a crab, it was being used to make whichever company was doing it have a better bottom line or to accelerate their facial recognition.
don't forget if you have location enabled in your phone it tracks every single place you've been to
It does that even if you turn it off. The setting just controls location access by third party apps.
Lineage os and F-droid is the better solution. It has the advantage of being bloat free as well
You can also use GPS location without any google services running, it just takes a bit longer to find your position when you first connect. OsmAnd or Organic maps from f-droid, which are actually superior apps to google maps in a lot of ways, particularly OsmAnd.
I had to use Satstat to reset the AGPS data as Lineage os just won't refresh agps on its own.
Yeah Google Maps isn't actually a map app. Its for navigation.
And it can be very wrong about those locations, too. For better or worse, idk. My old phone showed me going to completely different cities on the other side of my state when I went to the corner store.
What's even scarier is that takeout is probably only the data they want you to see, or are legally obliged to share.
I would be willing to wager they have lots more on you that you're not even aware of.
including everything they see through our front camera and rear cameras 😱
Idk about that. What data could they get with that, that they can't already get through other (cheaper) means, that would justify all the network traffic and storage space?
That's why you use hide-my-email aliases when you sign up to sites, so they can't tie "your" email to you anymore.
Create a few junk accounts, send recovery to a hide-my-email alias
If you use password managers it really is no bother to have multiple accounts, and Proton Pass integrates hide-my-email, it's pretty neat.
Thanks for the hint with hide-my-email! I will ask my mail provider, if they offer something like this as a service.
dont panic. you can protect yourself. dont depend on others. you can use random email aliases for everything. always take the mindset that anything you say outside your home is public information. use throwaway phone numbers like jmp.chat if you have to use phone numbers at all. etc etc.
take the approach of compartmentalizing your identities and contact info, and take the approach of protecting your SELF first, dont depend on others. sorta like a shady arms dealer or something, but you're not dealing arms :P!
You do realize that Google is far worse than Apple and Microsoft combined right?
Not really although its hard to objectively prove anything
I see it as good reason to distance myself from all of these mega data harvesting corporations to the best of my ability. Same goes for meta and tiktok. Why bicker about which is worst when they all are varying degrees of terrible?
Yup. It's a slow process for me, but honestly the fediverse is proving a great resource for that.
You know they can suck up Activity Pub and sell that too, right?
The only difference on the fediverse is that all of them can mine the data, instead of just one of them.
It takes some effort, but this is untrue. You can easily degoogle many phones with a privacy oriented OS. If you want to avoid Apple, make sure you're not buying an iphone. Install Linux on your computer and use libre open source programs, a privacy oriented email and messaging app. If you need to watch youtube, at least use a proper front end for it. I don't think anyone needs facebook or tiktok, I've been able to just walk away from those without alternatives.
There are manageable approaches to distance yourself almost entirely from these spy companies if you really want to. You can do it slowly, or pick one company at a time to get away from. It doesn't have to be all or nothing, and even small steps in the right direction are beneficial to your privacy.
"ghengis Khan killed more people than Hitler ya know, right?"
As a percentage of population, so did Julius Caesar.
The reality is that Google is entirely dependent on ads and selling your data.
Apple and Microsoft, it's just a happy side gig they can do.
Apple makes its money selling mediocre hardware and software for a premium markup.
Microsoft makes money selling Windows, Office(+Teams) and Azure to business users then from video games, then ad revenue.
Missed the point
Oh I got your point, but I also reject it. Google is objectively making the internet worse.
There isn't any reasonable comparison to Apple or MS outside of they're all too big and too unregulated.
Well, that's wrong. They all collect data and telemetry on you.
Hitler also tortured people
Ok
Fucking whataboutism. Apple and Microsoft aren’t ad companies. They’re hardware and software companies. They don’t have to collect data on you to literally make any money, Google does. If Google doesn’t track everything you do they’re incapable of making money. The same is absolutely not true for ms and Apple.
Microsoft is a ad company and Apple locks you in so you only buy there proprietary products. I don't see how they are better
I don't use Google, Apple or Microsoft products. My statement wasn't intended to be a justification. I'm just saying Apple and Microsoft are no worse that Google
especially now that they give out Windows upgrades for free
Feel free to go request the same fucking data from
Apple: https://support.apple.com/en-us/102208
And Microsoft: https://www.cnbc.com/2018/04/18/how-to-download-a-copy-of-everything-microsoft-knows-about-me.html
Then go ahead and tell me they’re in the same ballpark as what Google’s collected on you.
It is literally not the tip of the iceberg. I work in the industry, so lecturing me about data management platforms is asinine. Microsoft and Apple’s collection practices are minuscule compared to Google’s and DMPs are terrible at their jobs.
The point of calling ou twhataboutism is that we should condemn both of them
Of all three, Google has the most skin in that game, for what it’s worth, IMHO. They’re an advertising company first and foremost, and it shows in all of their products’ feature sets and privacy policies.
But we also can’t trust either of them lol
Data has become even more valuable with AI. All big tech outfits are incentivised to collect it now. Combine that with them being able to and you're left just having to trust them. If you plan to use their stuff that is.
Friends don't let friends use Google and meta. show those you care about what you have discovered. don't lecture them just make them aware, share your findings.
Also for a good read on Google and Meta, check out Jedi Blue. It's a plan that FB and Google got sued for, for manipulating ad auction timings in favor of FB on Google in exchange for FB to promise to not open a competing ad service plans. They also gave FB access to every google device with Facebook (preinstalled esp) on it. The name Jedi Blue is a reference to the Jedi mind trick, assholes.
while, yes, regardless of your privacy settings google still collects a sickening amount of data on you, much of these things (like voice recordings and location history) can be managed and disabled in the settings. if you wish to go further, grapheneos removes A LOT of tracking potential.
these should be opt in features, but one can opt out of much of them.
How is it not zero on Graphene??
well if you have play services installed then google is gonna get some data on you.
So does CalyxOS
This shouldn't be a surprise to anyone. It's the same with all the big data companies. Everything you type, say or do gets logged and never deleted.
It could be they are collecting and hiding the data, but what they publicly disclose they have certainly varies. My de-google-fication really started when I used google takeout (like the OP here). Excluding things I wanted backed up (e.g. photos), Google still had more than a GB of textual data (this was 7 years ago or so—my memory may be wrong). I use Apple a lot so I went to their “takeout” page. They had a few MB of data pretty much all of which I considered innocuous. I don’t think they are equivalent.
I do agree Facebook probably collects as much data as Google, but I gave that up long ago.
That's why I'm still in doubt wether to use my fingerprint to unlock my phone. Would be convenient, but where is it stored, who can access it?
Stored locally
are you sure about that?
I don't see how your fingerprint could be used for advertising
Anybody with access to your finger, which means they don't need you to be conscious or even alive to access your phone.
If they have me dead or unconscious my phone is the least of my concerns.
Needing a password/pattern instead makes them want to keep you alive tho. Good opsec.
Totally. I'm not saying it's better security just that in a situation like that I'm not really worried about what's going on with my phone.
Thats kinda fucked up. So you dont mind if all the conversations with your friends get published publicly?
You're not a good friend.
My friends don't want to use end to end encrypted platforms so it's one data leak from being public anyway.
Depends if you wanna be remembered as John Smith instead of "Ah Yeah, John Smith the furry midget lover"
Maybe that's my kink
Smart for many reasons as people listed here. Your fourth amendment rights to your phone also go out the window when you use biometrics like fingerprint. PIN/password is protected, fingerprint/face scan is not. Backwards world we're in, huh?
Its not everything. Thats hyperbolic. Metadata is usually more profitable then the data itself.
Not literally everything. But if you're sending unencrypted data via internet, even data you may not be aware of. It's likely being stored by some company.
Today you learned a valuable lesson:
When an online service is free it generally means you're the product.
Today companies will snoop your info even if you pay 1000s for a device.
Why wouldn't they, obviously no one cares
It's [current year], nobody is learning that lesson today. We've all known it for well over a decade now.
It's not even online only anymore. You can't do the setup process of Android OR Windows without connecting to the Internet, and I doubt Apple's products are any better in that regard.
What's a Google takeout?
takeout.google.com
Everything they have on you.
Everything they're willing to tell you they have on you.
It’s Google’s name for a service that lets you download all the data Google has on your account. If you google google takeout it should get you to the page.
Have you been under a rock?
I'm really not a fan of such gatekeeping rhetoric.
Congrats on already knowing stuff, I guess. The vast majority of people don't have the ability, will or exposure to engage with most technical stuff, especially since the concept of (digital) privacy still is surprisingly controversial.
We all benefit from more people caring about privacy. Comments like yours achieve the exact opposite and don't provide any value at all to the conversation.
Yeah, anyone who's never done this really should. It's eye-opening to see it go from a theoretical discussion to "HOLY SHIT THEY HAVE ALL MY DATA" in real-time.
I really don't understand why you find this surprising. We're you expecting like...42% of all that to be saved?
To be fair, it wasn't something most of us were thinking about in the early 2000's
Then Google became ubiquitous, to the point where we didn't question it. Like cell service
That's very true. But not really by the time Android started.
Yeah they can really destroy my life with all my data of asking assistant how many cups are in a quart and how do giraffes swallow. Oh and they know I open Instagram 50 times a day, hope they don't blackmail me.
All they want to do is sell ads bro.
It's not specifically gonna destroy your life but they could do things like: see what political sites/pages you visit, what you interact with on said site/page, what appeals to you. They do this for you and every other person using the service in x country. Use that data to package nefarious bills/politicians in ways you and many others find tolerable. This is just one way I could see them using you and everyone else's data against you.
I hear this sentiment from many people I know "it's just tik Tok bro, who cares if China knows every little thing about? They can't do anything directly to me so they can have every shred of data they want". Yeah, your data alone isn't worth much, if anything. But when millions are all doing the same, there could be real consequence.
Don't be so harsh we all gotta learn eventually. His moment is now brethren!
Google has a data privacy setting that lets you delete your data history at some intervals. The lowest is 3 months last I checked. Make sure to use it.
Ideally you should, but a lot people use Android or want to use Google services. An as example, if you use Google Maps, then you have to opt in to giving Google location access and Google will collect your data. In that case, the least you can do is limit the amount of time Google keeps your data and change from the default setting which I think is forever.
So that would delete all the information that OP listed above?
Yes. You can select what to delete and what to retain if I recall correctly. It’s grouped by “activities”, by app if you will.
How do you do this?
I have a few dozen google accounts, but most of them I'm locked out of. Even if I enter the correct username and password on the first try, google says I can't login because I never associated a phone number to the account.
How can I get this data?
takeout.google.com
That tells me to login
Have the same issue on one of my accounts. I can login but when I try to do anything, I need to verify by getting a code over SMS. The thing is, the phone number on that account is an old one I don't have access to anymore. There is no other verification option, I can't delete it from my account without verification and I'm definitely not adding my actual number.
Probably a GDPR data request
Hmm, wouldn't that make it worse? Because then you have to give your real name, no?
No, most sites have a button stashed in some submenu of the account page that allows you to request your data. It’s either a legal requirement of the GDPR or they just don’t want to deals with individual email requests, I’m not exactly sure.
It usually does take a lot of time for the request to be “processed”, you usually get an email with a zip archive after about a week. I’m not sure if that’s malicious compliance.
You can also send a GDPR request to have them delete all your data, but they do have 1 month to comply and in my experience most services do take that long to “process” your request.
Keep in mind that many services hide these options for non-EU citizens.
As if Google doesn't already know.
I rarely interact in any meaningful way with anything in Google's ecosystem these days. I'm still tied by a couple little whispy threads, but nothing serious. I'm running GrapheneOS with no Google apps, switched my email to Proton, switched to Firefox, search with Brave, use a NAS for cloud storage, and browse YouTube anonymously with NewPipe. Occasionally I'll get an email on one of my old Gmail addresses, but other than that I feel like I've sufficiently deGoogled enough to feel safe.
This! I genuinely love my phone now that's never happened before.
What do you do for maps/navigation?
OsmAnd and Organic Maps. They're both not as good as Google Maps. But at least when I use them Google doesn't get to know that I traveled 15km across town to fuck a Tinder thot and buy bread.
Username checks out
I gave up caring years ago when I realized it was way too late to undo it all. If Google really cares that I'm a gamer then oh well, at least my ad blockers work just fine and I use Firefox so that's good enough.
It is never too late. Free yourself from this abusive relationship, it feels fantastic.
Free yourself from what exactly? I think you’d be surprised at how much everything else is tracking you still.
All for what, avoiding ads you’ll get anyway?
Legitimate question. Targeted ads feel obvious to many, but it is more about control.
You are absolutely right, I am surprised again and again. But I do my best to avoid it, if I find something that tracks me. And I am surprised that so many people let themselves being exploited, and even defend this exploitation.
Free yourself! It is work. But it is worth it. And it is not too late.
I just deleted my google account. Bye YouTube comments.
I wish I could just delete it. I'm still figuring out things with nextcloud and I run a youtube channel so I can't do that yet.
If the only reason you’re keeping it is to make and post YouTube videos, it doesn’t sound like you wish you could delete it.
@sidgames5 @trippingonthewire Is there a more privacy-friendly option (non-data siphoning) for video hosting?
Peer Tube
You could create an Odysee channel perhaps, and try to migrate there. Then you're supporting competition.
Wish I could do that too but my email is still tied to some accounts where I can't change it
You can't change the email you use? Are you open to deleting those accounts, and maybe making new ones? Or saying goodbye to those platform's for good? Customer service could help you change emails, perhaps.
Google knows where I've been for the last 10 years. If you use their service they are going to keep all the data and interactions from using it.
How do you know all this? Did you request your data from Google?
Thank you. I will trawl through 18 years of my Google account.
Omg I shoul do that too
this is such a good post. everyone who wants to learn about privacy should do a google takeout FIRST. to get hit with a huge epiphany
I've started using Kagi search. $5/mo for a great search without selling my sh1t.