John Tuyen

Adventures of Functional Mediocrity

11 Jun 24

Google Leak Reveals Thousands of Privacy Incidents

Google Leak Reveals Thousands of Privacy Incidents

Google has accidentally collected childrens’ voice data, leaked the trips and home addresses of car pool users, and made YouTube recommendations based on users’ deleted watch history, among thousands of other employee-reported privacy incidents

Individually the incidents, most of which have not been previously publicly reported, may only each impact a relatively small number of people, or were fixed quickly

The data obtained by 404 Media includes privacy and security issues that Google’s own employees reported internally. These include issues with Google’s own products or data collection practices; vulnerabilities in third party vendors that Google uses; or mistakes made by Google staff, contractors, or other people that have impacted Google systems or data. The incidents include everything from a single errant email containing some PII, through to substantial leaks of data, right up to impending raids on Google offices. When reporting an incident, employees give the incident a priority rating, P0 being the highest, P1 being a step below that. The database contains thousands of reports over the course of six years, from 2013 to 2018.

The reports obtained by 404 are from over six years ago and are examples of these flags—every one was reviewed and resolved at that time. In some cases, these employee flags turned out not to be issues at all or were issues that employees found in third party services.”

A quick glance of the collected issues appear to be grouped in the following: UX/UI design issues, misconfiguration, faulty application logic, mergers and acquisitions gone wrong. Although across the board, some are quite bad and unsure if it was intentional or not such as:

YouTube made recommendations based on videos users had deleted from their watch history, which was against YouTube’s own policy.

Or..

A Google employee accessed private videos in Nintendo’s YouTube account, and leaked information ahead of Nintendo’s planned announcements. An internal interview concluded the activity was “non-intentional,” the report says.

And that is the reason why I need to DeGoogle from their services.