Feb 03, 2019
Imagine this: an enormous tech company is tracking what you do on your phone, even when you're not using any of its services, down to the specific images that you see. It's also tracking all of your network traffic, because you're installing one of its specially-designed routers. And even though some of that traffic is encrypted, it can still know what websites you visit, due to how DNS resolution works. Oh, it's also recording audio from a custom-microphone that's placed near your TV, and analyzing what it hears.
It's an always-on panopticon. In exchange for your privacy (and the privacy of any guests who may be using your Internet connection, or talking near your television), you receive a gift card for a whopping $20.
No, we're not talking about Facebook--we've already detailed the frightening consequences of Facebook's sneaky, privacy-invading and security-breaking "user research" program. This is Google's "ScreenWise Meter," another "research program" that, much like Facebook's, caused an upheaval this week when it was exposed.
In order to spy on iOS users, Facebook took advantage of Apple's enterprise application program to get around Apple's strict app distribution rules. When news of this Facebook program hit earlier this week, Google scrambled to pull the plug on its own "user research" application, which was taking advantage of the same Apple program. Apple quickly revoked both organizations' Enterprise Certificates, shutting down all of Facebook's and Google's internal iOS applications and tooling, leaving the two giants in disarray.
We're not a fan of Apple's walled-garden approach to application distribution and its strict control over who gets to play on its platform and who doesn't. However, this drama shined a valuable spotlight on deceptive messages to users and data harvesting practices surrounding two so-called "opt-in" "research" panopticons.
Although Google pulled its iOS application, all the other parts of its Screenwise Meter surveillance program are still in operation--and in some cases, they collect even more data about their "research users" than the Facebook counterpart did.
"Metering" is a funny word for surveillance
In some ways, Google's "research" is not as bad as Facebook's, and in other ways, it's much worse. The "less worse" parts: it's not directly targeting teens, it didn't surreptitiously hide Google's involvement, it didn't ask users to install a custom root certificate, and its dystopian marketing makes it more clear what the company is up to.
The "more worse" part: it's asking you to opt into a panopticon. Although Google is heavily involved in much of the general public's online and offline lives, Screenwise takes it a big leap ahead.
The Screenwise Meter mobile app and web extension basically allow Google to see what you see on your phone screen and web browser window. The application could monitor all your app usage and network traffic via side-loading a "custom" app on your smartphone. Since Google doesn't ask you to install a root certificate like Facebook did, they can't decrypt HTTPS traffic, but the app can see anything on your screen, as detailed by the "Content on Screen" section of its privacy policy.
Let's say you open the Snapchat app. Google could see that. Let's say you need to type in your password. Google could see that, too. Let's say you send a Snapchat to a friend. Yes, Google could see that as well.
The web extension even goes beyond the level of tracking that Facebook was willing to do. Like Facebook, apparently being able to track 80% of all Internet traffic wasn't enough: the web extension reports all of your web browsing back to Google, even if it's over HTTPS. It can also collect every single action you make on any website (from composing private messages to browsing a shopping site), and any information stored or saved in your browser. Google even admits to collecting Social Security Numbers and credit card numbers through this program, though it claims that these are "not the focus" of the surveillance.
In addition, Screenwise invades your private living spaces through a custom router. It can't intercept HTTPS traffic. But because DNS lookups are currently unencrypted, Google can record every single site that anyone visits while connected to your WiFi. And, of course, it can see any unencrypted app and web traffic on your home WiFi, too.
To top it all off, there's the "TV Meter," which is an always-on microphone in your house that collects and sends Google audio from your TV as well as any nearby chatter it picks up--a wiretap for your living room.
"But They Consented!"
Although Google's explanation of its program is somewhat more clear than Facebook's, it will not be obvious to many people how thoroughly Google is spying on them if they don't read all of the lengthy privacy policy.
Google has even less consent from the family members of people who installed Google's snooping tools. These devices aren't just spying on a person--they're spying on a household, which can involve guests, who aren't likely to know about the surveillance at all, and children under 13. Yes, Google "prohibits" children under 13 from taking part in this invasive digital tracking, gives options for pausing the tracking when kids are involved or guests are over, and asks users to inform any house guests about the surveillance. In reality, this provides the company cover rather than protecting your children or guests. By offering temporary "opt-out" options to "protect your privacy," Screenwise simply shifts the responsibility onto the surveilled user--exactly the sort of behavior that's been allowed under lax privacy laws, and needs to change under new ones.
Finally, none of Google's messaging is clear about who it's sharing all this data with. At the end of its privacy policy, Google mentions it can share all of this collected information with "trusted businesses," without giving a hint as to who those could be or what they might do with our data.
Screenwise is not the only problem. Just this morning, a new study detailed how Google tricks regular users into "opting in" to constant tracking with deceptive UX flows and default settings.
With each passing day, it's increasingly clear that we can't rely on the "ethics" and "value systems" of corporations to judge their own messaging around consent. Jargon-filled dialog boxes, pages of fine print, and hidden privacy policies aren't enough. When profits are driven by collecting and selling our data, companies are incentivized to manipulate as many people to "opt in" as possible.
Facebook's and Google's extensive "research" into user behavior, in exchange for a few gift cards, is more evidence of the dire need for new carefully-tailored rules to protect user privacy, and an end to the era of companies dictating users' legal rights.
Join Us: News for people demanding a better world
Common Dreams is powered by optimists who believe in the power of informed and engaged citizens to ignite and enact change to make the world a better place. We're hundreds of thousands strong, but every single supporter makes the difference. Your contribution supports this bold media model—free, independent, and dedicated to reporting the facts every day. Stand with us in the fight for economic equality, social justice, human rights, and a more sustainable future. As a people-powered nonprofit news outlet, we cover the issues the corporate media never will. |
Sydney Li
Sydney Li is a technologist at the Electronic Frontier Foundation.
Jason Kelley
Jason Kelley is a Digital Strategist on EFF's Activism Team. Before joining EFF, Jason managed marketing strategy and content for a software company that helps non-programmers learn to code, and advertising and marketing analytics for a student loan startup. Jason received his BA in English and Philosophy from Kent State University and an M.F.A. in creative writing from The University of the South. He tries daily to apply advice from his professor Sam Pickering, the inspiration for Robin Williams' character in Dead Poets Society: "Take out the extra words. Make it go quicker."
Imagine this: an enormous tech company is tracking what you do on your phone, even when you're not using any of its services, down to the specific images that you see. It's also tracking all of your network traffic, because you're installing one of its specially-designed routers. And even though some of that traffic is encrypted, it can still know what websites you visit, due to how DNS resolution works. Oh, it's also recording audio from a custom-microphone that's placed near your TV, and analyzing what it hears.
It's an always-on panopticon. In exchange for your privacy (and the privacy of any guests who may be using your Internet connection, or talking near your television), you receive a gift card for a whopping $20.
No, we're not talking about Facebook--we've already detailed the frightening consequences of Facebook's sneaky, privacy-invading and security-breaking "user research" program. This is Google's "ScreenWise Meter," another "research program" that, much like Facebook's, caused an upheaval this week when it was exposed.
In order to spy on iOS users, Facebook took advantage of Apple's enterprise application program to get around Apple's strict app distribution rules. When news of this Facebook program hit earlier this week, Google scrambled to pull the plug on its own "user research" application, which was taking advantage of the same Apple program. Apple quickly revoked both organizations' Enterprise Certificates, shutting down all of Facebook's and Google's internal iOS applications and tooling, leaving the two giants in disarray.
We're not a fan of Apple's walled-garden approach to application distribution and its strict control over who gets to play on its platform and who doesn't. However, this drama shined a valuable spotlight on deceptive messages to users and data harvesting practices surrounding two so-called "opt-in" "research" panopticons.
Although Google pulled its iOS application, all the other parts of its Screenwise Meter surveillance program are still in operation--and in some cases, they collect even more data about their "research users" than the Facebook counterpart did.
"Metering" is a funny word for surveillance
In some ways, Google's "research" is not as bad as Facebook's, and in other ways, it's much worse. The "less worse" parts: it's not directly targeting teens, it didn't surreptitiously hide Google's involvement, it didn't ask users to install a custom root certificate, and its dystopian marketing makes it more clear what the company is up to.
The "more worse" part: it's asking you to opt into a panopticon. Although Google is heavily involved in much of the general public's online and offline lives, Screenwise takes it a big leap ahead.
The Screenwise Meter mobile app and web extension basically allow Google to see what you see on your phone screen and web browser window. The application could monitor all your app usage and network traffic via side-loading a "custom" app on your smartphone. Since Google doesn't ask you to install a root certificate like Facebook did, they can't decrypt HTTPS traffic, but the app can see anything on your screen, as detailed by the "Content on Screen" section of its privacy policy.
Let's say you open the Snapchat app. Google could see that. Let's say you need to type in your password. Google could see that, too. Let's say you send a Snapchat to a friend. Yes, Google could see that as well.
The web extension even goes beyond the level of tracking that Facebook was willing to do. Like Facebook, apparently being able to track 80% of all Internet traffic wasn't enough: the web extension reports all of your web browsing back to Google, even if it's over HTTPS. It can also collect every single action you make on any website (from composing private messages to browsing a shopping site), and any information stored or saved in your browser. Google even admits to collecting Social Security Numbers and credit card numbers through this program, though it claims that these are "not the focus" of the surveillance.
In addition, Screenwise invades your private living spaces through a custom router. It can't intercept HTTPS traffic. But because DNS lookups are currently unencrypted, Google can record every single site that anyone visits while connected to your WiFi. And, of course, it can see any unencrypted app and web traffic on your home WiFi, too.
To top it all off, there's the "TV Meter," which is an always-on microphone in your house that collects and sends Google audio from your TV as well as any nearby chatter it picks up--a wiretap for your living room.
"But They Consented!"
Although Google's explanation of its program is somewhat more clear than Facebook's, it will not be obvious to many people how thoroughly Google is spying on them if they don't read all of the lengthy privacy policy.
Google has even less consent from the family members of people who installed Google's snooping tools. These devices aren't just spying on a person--they're spying on a household, which can involve guests, who aren't likely to know about the surveillance at all, and children under 13. Yes, Google "prohibits" children under 13 from taking part in this invasive digital tracking, gives options for pausing the tracking when kids are involved or guests are over, and asks users to inform any house guests about the surveillance. In reality, this provides the company cover rather than protecting your children or guests. By offering temporary "opt-out" options to "protect your privacy," Screenwise simply shifts the responsibility onto the surveilled user--exactly the sort of behavior that's been allowed under lax privacy laws, and needs to change under new ones.
Finally, none of Google's messaging is clear about who it's sharing all this data with. At the end of its privacy policy, Google mentions it can share all of this collected information with "trusted businesses," without giving a hint as to who those could be or what they might do with our data.
Screenwise is not the only problem. Just this morning, a new study detailed how Google tricks regular users into "opting in" to constant tracking with deceptive UX flows and default settings.
With each passing day, it's increasingly clear that we can't rely on the "ethics" and "value systems" of corporations to judge their own messaging around consent. Jargon-filled dialog boxes, pages of fine print, and hidden privacy policies aren't enough. When profits are driven by collecting and selling our data, companies are incentivized to manipulate as many people to "opt in" as possible.
Facebook's and Google's extensive "research" into user behavior, in exchange for a few gift cards, is more evidence of the dire need for new carefully-tailored rules to protect user privacy, and an end to the era of companies dictating users' legal rights.
Sydney Li
Sydney Li is a technologist at the Electronic Frontier Foundation.
Jason Kelley
Jason Kelley is a Digital Strategist on EFF's Activism Team. Before joining EFF, Jason managed marketing strategy and content for a software company that helps non-programmers learn to code, and advertising and marketing analytics for a student loan startup. Jason received his BA in English and Philosophy from Kent State University and an M.F.A. in creative writing from The University of the South. He tries daily to apply advice from his professor Sam Pickering, the inspiration for Robin Williams' character in Dead Poets Society: "Take out the extra words. Make it go quicker."
Imagine this: an enormous tech company is tracking what you do on your phone, even when you're not using any of its services, down to the specific images that you see. It's also tracking all of your network traffic, because you're installing one of its specially-designed routers. And even though some of that traffic is encrypted, it can still know what websites you visit, due to how DNS resolution works. Oh, it's also recording audio from a custom-microphone that's placed near your TV, and analyzing what it hears.
It's an always-on panopticon. In exchange for your privacy (and the privacy of any guests who may be using your Internet connection, or talking near your television), you receive a gift card for a whopping $20.
No, we're not talking about Facebook--we've already detailed the frightening consequences of Facebook's sneaky, privacy-invading and security-breaking "user research" program. This is Google's "ScreenWise Meter," another "research program" that, much like Facebook's, caused an upheaval this week when it was exposed.
In order to spy on iOS users, Facebook took advantage of Apple's enterprise application program to get around Apple's strict app distribution rules. When news of this Facebook program hit earlier this week, Google scrambled to pull the plug on its own "user research" application, which was taking advantage of the same Apple program. Apple quickly revoked both organizations' Enterprise Certificates, shutting down all of Facebook's and Google's internal iOS applications and tooling, leaving the two giants in disarray.
We're not a fan of Apple's walled-garden approach to application distribution and its strict control over who gets to play on its platform and who doesn't. However, this drama shined a valuable spotlight on deceptive messages to users and data harvesting practices surrounding two so-called "opt-in" "research" panopticons.
Although Google pulled its iOS application, all the other parts of its Screenwise Meter surveillance program are still in operation--and in some cases, they collect even more data about their "research users" than the Facebook counterpart did.
"Metering" is a funny word for surveillance
In some ways, Google's "research" is not as bad as Facebook's, and in other ways, it's much worse. The "less worse" parts: it's not directly targeting teens, it didn't surreptitiously hide Google's involvement, it didn't ask users to install a custom root certificate, and its dystopian marketing makes it more clear what the company is up to.
The "more worse" part: it's asking you to opt into a panopticon. Although Google is heavily involved in much of the general public's online and offline lives, Screenwise takes it a big leap ahead.
The Screenwise Meter mobile app and web extension basically allow Google to see what you see on your phone screen and web browser window. The application could monitor all your app usage and network traffic via side-loading a "custom" app on your smartphone. Since Google doesn't ask you to install a root certificate like Facebook did, they can't decrypt HTTPS traffic, but the app can see anything on your screen, as detailed by the "Content on Screen" section of its privacy policy.
Let's say you open the Snapchat app. Google could see that. Let's say you need to type in your password. Google could see that, too. Let's say you send a Snapchat to a friend. Yes, Google could see that as well.
The web extension even goes beyond the level of tracking that Facebook was willing to do. Like Facebook, apparently being able to track 80% of all Internet traffic wasn't enough: the web extension reports all of your web browsing back to Google, even if it's over HTTPS. It can also collect every single action you make on any website (from composing private messages to browsing a shopping site), and any information stored or saved in your browser. Google even admits to collecting Social Security Numbers and credit card numbers through this program, though it claims that these are "not the focus" of the surveillance.
In addition, Screenwise invades your private living spaces through a custom router. It can't intercept HTTPS traffic. But because DNS lookups are currently unencrypted, Google can record every single site that anyone visits while connected to your WiFi. And, of course, it can see any unencrypted app and web traffic on your home WiFi, too.
To top it all off, there's the "TV Meter," which is an always-on microphone in your house that collects and sends Google audio from your TV as well as any nearby chatter it picks up--a wiretap for your living room.
"But They Consented!"
Although Google's explanation of its program is somewhat more clear than Facebook's, it will not be obvious to many people how thoroughly Google is spying on them if they don't read all of the lengthy privacy policy.
Google has even less consent from the family members of people who installed Google's snooping tools. These devices aren't just spying on a person--they're spying on a household, which can involve guests, who aren't likely to know about the surveillance at all, and children under 13. Yes, Google "prohibits" children under 13 from taking part in this invasive digital tracking, gives options for pausing the tracking when kids are involved or guests are over, and asks users to inform any house guests about the surveillance. In reality, this provides the company cover rather than protecting your children or guests. By offering temporary "opt-out" options to "protect your privacy," Screenwise simply shifts the responsibility onto the surveilled user--exactly the sort of behavior that's been allowed under lax privacy laws, and needs to change under new ones.
Finally, none of Google's messaging is clear about who it's sharing all this data with. At the end of its privacy policy, Google mentions it can share all of this collected information with "trusted businesses," without giving a hint as to who those could be or what they might do with our data.
Screenwise is not the only problem. Just this morning, a new study detailed how Google tricks regular users into "opting in" to constant tracking with deceptive UX flows and default settings.
With each passing day, it's increasingly clear that we can't rely on the "ethics" and "value systems" of corporations to judge their own messaging around consent. Jargon-filled dialog boxes, pages of fine print, and hidden privacy policies aren't enough. When profits are driven by collecting and selling our data, companies are incentivized to manipulate as many people to "opt in" as possible.
Facebook's and Google's extensive "research" into user behavior, in exchange for a few gift cards, is more evidence of the dire need for new carefully-tailored rules to protect user privacy, and an end to the era of companies dictating users' legal rights.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.