Published on
by

Google Screenwise: An Unwise Trade of All Your Privacy for Cash

With each passing day, it’s increasingly clear that we can’t rely on the “ethics” and “value systems” of corporations to judge their own messaging around consent

A new study detailed how Google tricks regular users into “opting in” to constant tracking with deceptive UX flows and default settings. (Photo: Screenshot)

A new study detailed how Google tricks regular users into “opting in” to constant tracking with deceptive UX flows and default settings. (Photo: Screenshot)

Imagine this: an enormous tech company is tracking what you do on your phone, even when you’re not using any of its services, down to the specific images that you see. It’s also tracking all of your network traffic, because you’re installing one of its specially-designed routers. And even though some of that traffic is encrypted, it can still know what websites you visit, due to how DNS resolution works. Oh, it’s also recording audio from a custom-microphone that’s placed near your TV, and analyzing what it hears.

It’s an always-on panopticon. In exchange for your privacy (and the privacy of any guests who may be using your Internet connection, or talking near your television), you receive a gift card for a whopping $20.

No, we’re not talking about Facebook—we’ve already detailed the frightening consequences of Facebook’s sneaky, privacy-invading and security-breaking “user research” program. This is Google’s “ScreenWise Meter,” another “research program” that, much like Facebook’s, caused an upheaval this week when it was exposed.

In order to spy on iOS users, Facebook took advantage of Apple’s enterprise application program to get around Apple’s strict app distribution rules. When news of this Facebook program hit earlier this week, Google scrambled to pull the plug on its own “user research” application, which was taking advantage of the same Apple program. Apple quickly revoked both organizations’ Enterprise Certificates, shutting down all of Facebook’s and Google’s internal iOS applications and tooling, leaving the two giants in disarray.

We’re not a fan of Apple’s walled-garden approach to application distribution and its strict control over who gets to play on its platform and who doesn’t. However, this drama shined a valuable spotlight on deceptive messages to users and data harvesting practices  surrounding two so-called “opt-in” “research” panopticons.

Although Google pulled its iOS application, all the other parts of its Screenwise Meter surveillance program are still in operation—and in some cases, they collect even more data about their “research users” than the Facebook counterpart did.

“Metering” is a funny word for surveillance

In some ways, Google’s “research” is not as bad as Facebook’s, and in other ways, it’s much worse. The “less worse” parts: it’s not directly targeting teens, it didn’t surreptitiously hide Google’s involvement, it didn’t ask users to install a custom root certificate, and its dystopian marketing makes it more clear what the company is up to.

The “more worse” part: it’s asking you to opt into a panopticon. Although Google is heavily involved in much of the general public’s online and offline lives, Screenwise takes it a big leap ahead.

The Screenwise Meter mobile app and web extension basically allow Google to see what you see on your phone screen and web browser window. The application could monitor all your app usage and network traffic via side-loading a “custom” app on your smartphone. Since Google doesn’t ask you to install a root certificate like Facebook did, they can’t decrypt HTTPS traffic, but the app can see anything on your screen, as detailed by the “Content on Screen” section of its privacy policy.

Let's say you open the Snapchat app. Google could see that. Let's say you need to type in your password. Google could see that, too. Let's say you send a Snapchat to a friend. Yes, Google could see that as well.

The web extension even goes beyond the level of tracking that Facebook was willing to do. Like Facebook, apparently being able to track 80% of all Internet traffic wasn’t enough: the web extension reports all of your web browsing back to Google, even if it’s over HTTPS. It can also collect every single action you make on any website (from composing private messages to browsing a shopping site), and any information stored or saved in your browser. Google even admits to collecting Social Security Numbers and credit card numbers through this program, though it claims that these are “not the focus” of the surveillance.

In addition, Screenwise invades your private living spaces through a custom router. It can’t intercept HTTPS traffic. But because DNS lookups are currently unencrypted, Google can record every single site that anyone visits while connected to your WiFi. And, of course, it can see any unencrypted app and web traffic on your home WiFi, too.

To top it all off, there’s the “TV Meter,” which is an always-on microphone in your house that collects and sends Google audio from your TV as well as any nearby chatter it picks up—a wiretap for your living room.

“But They Consented!”

Although Google’s explanation of its program is somewhat more clear than Facebook’s, it will not be obvious to many people how thoroughly Google is spying on them if they don’t read all of the lengthy privacy policy.

Google has even less consent from the family members of people who installed Google’s snooping tools. These devices aren’t just spying on a person—they’re spying on a household, which can involve guests, who aren’t likely to know about the surveillance at all, and children under 13. Yes, Google “prohibits” children under 13 from taking part in this invasive digital tracking, gives options for pausing the tracking when kids are involved or guests are over, and asks users to inform any house guests about the surveillance. In reality, this provides the company cover rather than protecting your children or guests. By offering temporary “opt-out” options to “protect your privacy,” Screenwise simply shifts the responsibility onto the surveilled user—exactly the sort of behavior that’s been allowed under lax privacy laws, and needs to change under new ones.

Finally, none of Google’s messaging is clear about who it’s sharing all this data with. At the end of its privacy policy, Google mentions it can share all of this collected information with “trusted businesses,” without giving a hint as to who those could be or what they might do with our data.

Screenwise is not the only problem. Just this morning, a new study detailed how Google tricks regular users into “opting in” to constant tracking with deceptive UX flows and default settings.

With each passing day, it’s increasingly clear that we can’t rely on the “ethics” and “value systems” of corporations to judge their own messaging around consent. Jargon-filled dialog boxes, pages of fine print, and hidden privacy policies aren’t enough. When profits are driven by collecting and selling our data, companies are incentivized to manipulate as many people to “opt in” as possible.

Facebook’s and Google’s extensive “research” into user behavior, in exchange for a few gift cards, is more evidence of the dire need for new carefully-tailored rules to protect user privacy, and an end to the era of companies dictating users’ legal rights.

This is the world we live in. This is the world we cover.

Because of people like you, another world is possible. There are many battles to be won, but we will battle them together—all of us. Common Dreams is not your normal news site. We don't survive on clicks. We don't want advertising dollars. We want the world to be a better place. But we can't do it alone. It doesn't work that way. We need you. If you can help today—because every gift of every size matters—please do. Without Your Support We Won't Exist.

Please select a donation method:



Sydney Li

Sydney mostly works on securing your email delivery through STARTTLS Everywhere, but sometimes she does Certbot-y things and writes angsty blog posts. She also likes doing and writing puzzles, distributing databases for no good reason, and hand-pulling noodles. She has a deep love for security and noodles.

Jason Kelley

Jason Kelley is a Digital Strategist on EFF’s Activism Team. Before joining EFF, Jason managed marketing strategy and content for a software company that helps non-programmers learn to code, and advertising and marketing analytics for a student loan startup. Jason received his BA in English and Philosophy from Kent State University and an M.F.A. in creative writing from The University of the South. He tries daily to apply advice from his professor Sam Pickering, the inspiration for Robin Williams’ character in Dead Poets Society: “Take out the extra words. Make it go quicker.”

Share This Article