A Defensive Computing Checklist
by Michael Horowitz
Defending against Google tracking involves changing options in your Google account, which can be done on a website, as well as configuring options on your mobile device(s), when doing Google searches, in Google Assistant and in Nest devices. There is a lot to it.
- This May 2019 article in Wired: All the Ways Google Tracks You - And How to Stop It, touches most of the bases, configuring: a Google account, Android, iOS and searching. A must read. Similar: Are you ready? Here is all the data Facebook and Google have on you by Dylan Curran for The Register (March 2018)
- Google Account: Most tracking is configured at Activity Controls
- Google Account Data and Privacy has settings for Search Customization, YouTube Search and
Watch History, Ad settings and Opting out of Google Analytics.
- Google Account: Web & App Activity is a major privacy setting. More from Google in this undated writeup: Find & control your Web & App Activity. Quoting: "If Web & App Activity is turned on, your searches and activity from other Google services are saved in your Google Account, so you may get more personalized experiences ..." It is on by default, turn it off for more privacy.
Google has faced multiple lawsuits over location tracking. When a Google account is configured to not save Location History, the location is still being tracked if Web & App Activity is enabled. This was seen as false advertising and first came to light in this August 2018 report from the AP, AP Exclusive: Google tracks your movements, like it or not by Ryan Nakashima. Part of the fallout from that article was a Nov. 2022 fine paid by Google. See Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location. In response to this fine/settlement Google issued this statement: Managing your location data (Nov. 2022).
- Google Account: Account settings -> People & sharing -> About me (under Choose what others see). Good is "Only you". Bad is "Anyone"
- Google Account: Do a Google Privacy Checkup
- Google Account: See what Google knows about your travels using their Maps Timeline. Sometime in Oct or Nov 2019, Google will introduce a new Incognito mode in the Google Maps app. To turn it on: tap on the account icon in the upper-right corner, then click Turn on Incognito mode.
- Google Account: See what Google is tracking of your activity at myactivity.google.com/myactivity. As of May 2021, we can password protect this page so a borrowed device does not leak this data. On the page: click "Manage My Activity verification" -> "Require extra verification". From How to password-protect your Google activity history (May 2021)
- Google Account: check on the websites and apps that have access to your account at myaccount.google.com/permissions. The best result is no result. You should check this periodically.
- Google privacy settings to change now by Heather Kelly for the
Washington Post. (September 2021)
- Automatic Deleting: start at myaccount.google.com /activitycontrols. Note that if something is in a Paused status, it is still keeping a history. To set it to auto-delete, you will have to enable it first. Several Google products, including YouTube, can be set to auto-delete here. As of Oct. 2019 the only choices are auto-delete after 3 or 18 months. To auto-delete search history, use Web & App Activity. More: Google's auto-delete tools are practically worthless for privacy by Jared Newman (Oct 2019), You Should (Probably) Delete Your Google Data - Here’s How by Brendan Hesse (Aug 2020)
- See what, if any, apps are connected to your Google Account: Account settings -> Security -> Third-party apps with account access -> Manage third-party access.
- Turn off ad personalization at adssettings.google.com
- Google Maps: is full of fake business listings. Big June 2019 story in the Wall Street Journal. More here and here. Hundreds of thousands of fake listings are created each month. Total scam businesses estimated at 11 million. In 2018, Google removed more than 3 million fake businesses. Google's PR response included this: "it's important that we make it easy for legitimate businesses to get their business profiles on Google". Translation: nothing will change. Here is where to report a fake.
- Google Maps: How to blur your house on Google Street View (and why you should) by Jack Morse (Sept 2020). Enter your home address into Google maps, look at your home in street view, click "Report a problem". And, do the same thing on Bing Maps. No mention of Apple maps.
- Browsing: Here is another reason not to be logged on to Google all the time - the latest version of their reCaptcha might be logging every web page you visit.
- SEE ALSO
- The Voice Assistants section has a sub-section with Google Assistant defenses
- The Location Tracking topic has a lot of defenses for Android and Google users
- For Google Search, see the Search Engines page
- See the Gmail topic
- If you have Nest Cam or Nest thermostat be aware that according to this April 2019 article in the Washington post, Nest security is sub-optimal. The article suggests using a unique password (always a good idea) and two factor authentication with the device.
Taking a step back ... Google? Really? In a camera in your home? Really?
- Speaking of Nest: the Nest camera, Nest Hello doorbell and Dropcam cameras no longer (as of Aug 2019) let owners disable the status light that indicates the camera is on. Google did this for privacy reasons but some people don't like advertising the camera's existence to intruders in a dark room. Just cover the light with tape. And, be sure to apply bug fixes to the Nest Cam IQ (Aug 2019).
- Google Calendar: A new type of SPAM. Bad guys can email invites to scam events and Google will add them to your calendar without your confirmation. To stop this, go to calendar.google.com, login, click the gear icon, go to Settings, then Event settings, then "Automatically add invitations" and select "No, only show invitations to which I have responded". Maybe also disable automatically adding events from Gmail to your calendar.
- Google avoidance: The complete list of alternatives to all Google products by Sven Taylor of Restore Privacy (last updated October 2019). How to replace each Google service with a more privacy-friendly alternative by Ed Bott of ZDNet (October 2019). French software company Framasoft created the De-google-ify Internet website.
- If bad guys have taken control of your Google account, start here: Tips to complete account recovery steps
- You can download all your photos from Google with: go to takeout.google.com -> Sign in if prompted -> Deslect All -> Find Google Photos in the list and click the checkbox -> Blue Next step button ->
Default of send download link via email is fine -> default of Export Once is fine -> chose zip or tgz file type -> Default maximum file size of 2GB is fine -> Blue Create Export button. Google warns that it might take hours or days before its ready. When I tested this, the download required multiple files and the file names were in this format: takeout-yyyymmddT999999Z-001,
where the date was the date of the request, I don't know what the time format was and 001 was the sequence number for the first file. The generated download(s) are available for about a week.
| This page: 6 views per day (over 127 days) Total views: 700 Created: November 15, 2022|
Copyright 2019 - 2023