Greg Beadle/World Economic Forum; Photo illustration by John Lyman

Tech

/

Who’s Protecting Us from Google?

According to the market research firm Market.us, in 2022, there were over 3 billion Android phone users worldwide. By 2024, this number has increased to 3.4 billion. For Google, this represents 3.4 billion inexhaustible sources of information. These sources are so rich and diverse that Google sees everything.

Just as a naked person cannot hide anything from an observer, humans cannot hide anything from Google. Thoughts, intentions, and actions—virtually nothing remains hidden.

The foundation of Google’s data mass is the data the user enters when opening a Google account, such as name, address, phone number, and gender. This tells Google who you are.

Google data center
Cooling system for a Google data center. (Google)

Users don’t just input their personal information. Using Google Contacts as an address book, they also manage the personal details of hundreds of other users. As a result, Google has access to approximately 3.4 billion address books that reference Android users and individuals outside the Android ecosystem.

Users interact with their contacts by emailing them via Gmail, sending SMS messages, or making calls. In all three cases, Google records everything.
If you use Google Calendar, Google knows your schedule. If you don’t use the app, Google can often deduce your whereabouts.

Thanks to your phone’s built-in GPS receiver, Wi-Fi connections, and mobile networks, Google can pinpoint your location with astonishing precision. But it doesn’t stop there—Google often knows more than just where you are; it knows why you’re there. For instance, a visit to 3424 John F. Kennedy Blvd in Jersey City at 3 p.m. isn’t just a blip on a map. To Google, it signifies your destination: the Al-Hoda Islamic Center. Every stop—whether to visit a neighbor, see your pedicurist, attend a doctor’s appointment, or shop at Walmart—becomes another piece of data woven into a detailed portrait of your life that remains anything but private.

Using Google Chrome as your browser is more than just a choice of convenience—it’s an invitation for Google to document every website you visit. This browsing history, coupled with the data from Google Search, offers the company an increasingly intimate understanding of who you are and how you think. Each search query adds a new layer to your profile, inching closer to the inner workings of your mind.

Google Photos takes this further, cataloging hundreds or thousands of images stored on your device. Every snapshot is analyzed, feeding into a system that learns more about your life with each upload.

The same meticulous recording applies to Google Books, YouTube, and YouTube Music. What you read, watch, or listen to—and the precise timing of your engagement—paints a detailed portrait of your habits and interests.

And yet, this is merely the beginning. Google’s reach extends into nearly every aspect of digital life. Google Meet captures video conferences, Google Drive holds your documents, and Google Pay records your transactions. Google News curates the stories that capture your attention, while Google Assistant fields commands and queries. Through Google Play, even the apps on your phone become part of the puzzle.

Computer hardware
(Unsplash)

However, surveillance doesn’t end with these applications. Your smartphone itself acts as an extension of Google’s data collection network. Built-in sensors like accelerometers and gyroscopes reveal whether you’re lying on the couch, cycling through the city, or jogging in the park. Each movement, click, and decision contributes to the ever-expanding mosaic of your digital self.

Google Gemini, the company’s answer to ChatGPT, has the uncanny ability to answer virtually any question. But these aren’t just casual queries—many delve deeply into the personal. From questions about workplace struggles and relationship challenges to inquiries on depression or sexual preferences, users turn to Gemini for insight and advice. What many may not realize, however, is that every conversation with Gemini is stored. These records serve not only to refine Gemini’s algorithms but also to expand Google’s understanding of its users.

This trove of deeply personal data doesn’t exist in isolation. Nearly everything collected—whether from Gemini, Chrome, Photos, or any other service—is meticulously analyzed to construct precise user profiles. These profiles become valuable commodities, monetized through the sale of highly targeted advertising.

If Google determines that you’re expecting a child, your online experience might soon be flooded with ads for strollers and diapers. If you align with a particular political or ideological group, the system adjusts accordingly—perhaps even offering ads for an AK-47.

Ultimately, the ads you see aren’t just random; they reflect the algorithm’s understanding of you—a digital mirror built from data points you may not even remember sharing.

On the surface, everyone seems to benefit: advertisers gain the ability to target audiences with sniper-like precision, users enjoy free access to Google’s suite of powerful apps, and Google reaps staggering profits—$74 billion in 2023, drawn from a total revenue of $300 billion, with 80% of that stemming from advertising. It’s a trifecta of success that appears to be the ultimate win-win-win scenario.

But appearances can be deceiving. What seems like a perfect balance masks significant disadvantages for the user—disadvantages that cast a long shadow over this seemingly ideal arrangement.

Google data center
(Google)

The sheer volume of data Google records about its users is staggering—not just in size but in diversity. Among this trove is a vast amount of deeply sensitive, privacy-laden information. A closer examination of Google’s terms and conditions reveals troubling loopholes. The data isn’t always handled with the care users might expect. Worse yet, the potential for misuse looms large: a future Google CEO could decide to operate above the law. Likewise, a powerful political figure armed with access to this data could do the same.

Google’s data collection scope becomes even clearer when you request a copy of your data through Google Takeout. The platform offers access to a staggering 71 different categories of information. This data, collected and stored for billions of users, forms an enormous and intricate mass. Protecting such a vast repository from hackers and rogue employees is a monumental challenge, leaving users’ privacy perpetually vulnerable.

The types of data collected often veer into the deeply personal. For example, if you ask Google Gemini for the location of a nearby sex worker, that query is logged, analyzed, and stored to improve the AI’s functionality. If you later visit the suggested location, that information is also recorded. And should you pay for the service with Google Pay, yet another layer is added to your profile.

While Google provides some tools to limit data collection, their effectiveness is often superficial. Within your Google account settings, you can disable the storage of certain types of data, such as your location history or travel routes. Yet even these measures are undermined by the company’s terms and conditions, which often override user preferences. For instance, the fine print reveals that certain apps, like Google Gemini, continue to collect location data regardless of user settings, claiming it is necessary to provide accurate responses.

The result is a system where the illusion of control masks the reality of comprehensive surveillance—a system that collects more data than most users can comprehend, with safeguards that frequently amount to little more than empty promises.

Google’s terms and conditions offer a glimpse into how the company manages its vast data empire—but the picture they paint is far from reassuring. While users are theoretically allowed to limit the types of data Google stores, these safeguards often unravel upon closer inspection.

Take location tracking, for example: while it’s possible to indicate that your movements and travel routes should not be saved, this option proves illusory if Google’s Gemini app is pre-installed on your device. According to the terms, “Location data is always collected if you use Gemini Apps so that they can provide you with a response relevant to your query.” The fine print goes further, revealing that Gemini may “share your precise location data with another Google service, like Google Maps, to fulfill your request.”

The company’s data collection practices extend beyond what users knowingly share. Google openly states that it may link your personal information to data from external sources: “In some circumstances, Google also collects information about you from publicly accessible sources.” The statement is followed by another troubling admission: “We may also collect information about you from trusted partners.” Yet the identity of these “trusted partners” is left deliberately vague, raising more questions than answers about the true scope of Google’s data integration.

Even if you are not logged into Google, you are still tracked: “When you’re not signed in to a Google Account, we store the information we collect with unique identifiers tied to the browser, application, or device you’re using.”

Google states that it does not give third parties access to your information. Still, there are some exceptions, such as: “We provide personal information to our affiliates and other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.” But who are these “trusted businesses or persons”? That question remains unanswered.

Back in June, 404 Media reported, “Google has accidentally collected childrens’ voice data, leaked the trips and home addresses of carpool users, and made YouTube recommendations based on users’ deleted watch history, among thousands of other employee-reported privacy incidents, according to a copy of an internal Google database which tracks six years’ worth of potential privacy and security issues obtained by 404 Media.” Internally, Google does not always have things in order.

Does Google provide complete security of all systems so that a data breach is impossible? Firewall Times dedicated an article to the many times a data breach was possible. In January of 2023, “In early January, a hacker stole customer data on over 37 million T-Mobile customers, including phone numbers, addresses, and more. Later that month, Google notified Google Fi customers that some of their data was implicated in the breach. In this case, Google itself was not hacked.”

And in December of 2018, “Google+ faced its second big breach of 2018 when a November update created an API bug that exposed data from 52.5 million Google+ accounts. Google fixed the bug within six days, and moved up Google+’s burial date from August to April 2019.”

Suppose Google were to get a CEO who placed themselves above the law, a CEO who used the data stored by Google at every opportunity to, for example, cut down competitors and enemies. This is not likely now, but history shows that there are enough CEOs who have placed themselves above the law. Well-known examples include FTX’s Sam Bankman-Fried, ‘Pharma Bro’ Martin Shkreli, Theranos’ Elizabeth Holmes, Enron’s Kenneth Lay and Jeffrey Skilling, WorldCom’s Bernard Ebbers, and Tyco’s Dennis Kozlowski.

The incoming Trump administration, which has already shown authoritarian leanings, could use the USA PATRIOT Act or the Foreign Intelligence Surveillance Act to summon Google to hand over users’ personal information. This happens 1,000 to 2,000 times annually. A president who considers himself above the law can fully exploit this legal authority to obtain personal information about anyone who is against them. A vengeful president will go further.

“I am your warrior, I am your justice,” Donald Trump said in a nearly 90-minute speech in March 2023. “For those who have been wronged and betrayed…I am your retribution.”