Surprise! Even Google's engineers don't understand its privacy controls

From their very inception, tech companies haven't been keen on privacy. They've also not been keen on making privacy controls easy. As court documents just revealed.
Written by Chris Matyszczyk, Contributing Writer

Even they don't get it.

It's an empty feeling.

You discover that something you've always suspected to be true -- even when denied by a tech company -- turns out to be, oh, true.

In some way, you almost feel guilty. You want to beat yourself about the head muttering "I knew it. I just knew it."

So here we are finally seeing that Google's own engineers don't even understand the company's privacy controls.

In court documents unsealed last week in Arizona, a (sadly unnamed) Google engineer offers this 2018 email about the company's location tracking controls: "Location off should mean location off, not 'except for this case or that case.' The current UI feels like it is designed to make things possible, yet difficult enough that people won't figure it out."

Who would ever believe a company that flouted privacy more enthusiastically and more often than a flasher could make privacy controls so impenetrable that even the company's own large brains couldn't figure them out?

Those tech companies were run by such wily young people in days of yore. Ever since Facebook CEO Mark Zuckerberg insisted in 2010 that people didn't want privacy, you had a feeling that you were never going to get any.

You suspected that the likes of Facebook and Google would make untold billions from dealing your private information to the highest bidder on an hourly basis.

Indeed, it was only when their transgressions became laughably obvious that such tech companies even introduced any privacy controls worth the name. Well, the name privacy something-or-other, not necessarily the name privacy control.

In that same 2010, Facebook made its privacy controls simpler. Or, should I say, "simpler." Real people, though, didn't find them so simple. I fear they still don't.

As for Google, well, who felt unable to laugh when, during 2018 congressional hearings, CEO Sundar Pichai declared: "Our mission is to protect your privacy."

How odd, then, that during that very same year, another Google engineer offered bracing words, as revealed by the court documents.

Wondering about location data and how Google kept it private, the engineer wrote: "I'd want to know which of these options (some? All? none?) enter me into the wrongful-arrest lottery. And I'd want that to be very clear to even the least technical people."

Clarity and tech companies go together like fish and trees. For too long, one of the secret joys of running a tech company lay in the sure knowledge that your users had no real idea what you were doing or how. And you didn't feel compelled to enlighten them.

Those least technical people had no hope of knowing what was going on. Of course, they contributed greatly by not caring enough or even at all. It was too exciting to post pictures of the cake you just baked, the bike you just bought, or the spouse you just married.

Somewhere, though, there was the expectation of trust. Yes, oh tech company, you're doing wizard work and making my life so much better and easier, but please try not to take (too much) advantage.

How it must have felt for these Google engineers to see just how much advantage was taken.

Of course, Google's attitude is to say it's working so very hard to improve privacy controls.

Indeed, last year Google introduced an option by which users could ensure that location history data and even search history data could be auto-deleted.

This may have been only because some in government are working so hard to enact stern legislation which may make tech companies' lives a little harder.

It may also have been because the likes of Google and Facebook have discovered all sorts of new ways to follow people around and monetize their every move and thought. Indeed, the Arizona lawsuit mentions that switching off location tracking won't mean Google can't target you. It merely means the company can't target you quite as precisely as the fourth pavement slab outside number 83, Outofharms Way.

And then there's DoubleClick. If you want to address this ad service's penchant for offering location-based ads, it seems you have to go to another little interface. (Disclosure: Google owns DoubleClick.)

Should users have to work so hard to gain a little privacy? How many people do you know who consciously and regularly update their privacy settings on their devices and apps?

Perhaps there'll come an uplifting day when we can easily set all our social media and other online activities in far more precise ways. Perhaps we'll be able to dictate, in some astoundingly easy way, precisely who gets to learn anything about us at all.

Perhaps I'm dreaming and kidding at the same time.

Google Maps turns 15: A look back on where it all began

Editorial standards