back to article Android data slurping measured and monitored

Google's passive collection of personal data from Android and iOS has been monitored and measured in a significant academic study. The report confirms that Google is no respecter of the Chrome browser's "incognito mode" aka "porn mode", collecting Chrome data to add to your personal profile, as we pointed out earlier this year …

  1. tiggity Silver badge

    "The nature of some data may also surprise. App developers receive your age and gender whenever an app is launched, the study found."

    And the accuracy of that age value is not high (I assume age would be from someone having a google account .. but nobody with any sense should use their real DOB when registering with gmail, fb, twitter etc. as DOB is one of the key identity theft targets*)

    I assume "gender" found in same way? (presumably with lots of different options these days for covering gender fluidity)

    ..* and yes, that means you (& friends & relatives) not plastering birthday photos across social media - no point hiding DOB if there's photos of you celebrating 21st birthday (or whatever that also gives year as well as day / month)

    Being "camera shy" is handy in these days of social media overshare

    1. big_D Silver badge

      I just don't post on social media. Well, I do have a Twitter account somewhere gathering dust.

      1. Alan W. Rateliff, II

        Yes, but have a birthday and friend, sister, cousin, nephew, or your Mum will. "Happy Birthday, Son! Why don't you ever call like your brother does?"

        Having friends over for a birthday party? Guaran-damn-tee pictures will be taken and posted by one of your guests.

        Srsly.

    2. Tigra 07
      Trollface

      RE: tiggity

      2020 here. What's a gender?

      1. big_D Silver badge
        Paris Hilton

        Re: RE: tiggity

        Isn't that the first slide on a PowerPoint presentation?

      2. Elmer Phud

        Re: RE: tiggity

        "What's a gender?"

        A list of stuff you're supposed to get through at a meeting before heading to the pub

        1. Doctor Syntax Silver badge
          Pint

          Re: RE: tiggity

          "A list of stuff you're supposed to get through at a meeting before heading to the pub"

          You're holding your meetings in the wrong venue.

      3. dbgi

        Re: RE: tiggity

        Did Google just assume my gender?

        1. AMBxx Silver badge
          Thumb Up

          Re: RE: tiggity

          Identifies it from your preferred porn sites.

      4. bombastic bob Silver badge
        Headmaster

        Re: RE: tiggity

        'gender' refers to the masculinity or femininity (or lack thereof) of nouns and other parts of speech, in languages that have such things (like Spanish, French, etc.).

        For human chromosomal arrangements and the associated secondary characteristics, see 'sex'.

        (any other usage of 'gender' to mean 'sex' simply smacks of political correctness and deserves ridicule and contempt)

        1. Woodnag

          Gender ID

          It's the combined field values "cnt=1" and "cust_gender=2" in the snapshot.

          The 4 combinations give birth gender and current gender, set by primary sexual characteristic currently fitted. Fails to cover neuters and those rare occurrences with both kit.

      5. Teiwaz

        Re: RE: tiggity

        2020 here. What's a gender?

        We just have more of them than we did in 1920.

    3. tekHedd

      Fake DOB?

      I used to put in bogus DOB etc...and then I lost access to an old email account, which then meant I couldn't recover my ebay password, which means I lost 5 years of eBay seller history... etc etc.

      You can't put in fake information that later might be used for account recovery unless you are planning to then write that all down somewhere. At some point you'd have to memorize an entire fake identity or two or three... sure some people do this but come one who has time?

      1. Anonymous Coward
        Anonymous Coward

        Re: Fake DOB?

        FWIW, that's what the Notes field in my passwork keeper (PasswordSafe) is useful for. It even keeps it hidden until you need it visible. Lastly, if there's one damn file I'm guaranteed to be able to recover from somewhere, it's that one as well as the software installer. Tucked away all over the place.

      2. td97402

        Re: Fake DOB?

        Birth date is always 1/1/70.

  2. RyokuMas
    FAIL

    "Google Analytics is used by more than three quarters of the top 100,000 most visited websites (including the one you're reading)"

    ... which is why my blockers are all running hot for el Reg and subsequently you're not getting any advertising revenue from me.

    Okay, the huge "full background" ad in the area that I would normally click to de-focus things I had previously clicked on, and the side-ad that slides with the scrolling also play their part. Strip it down to just the top banner and bottom-right square, take off all the tracking and you'll get whitelisted...

    1. Mark 110

      I use Google analytics on a couple of internal websites. AFAIK (please correct me if I am wrong) it doesn't collect any PII.

      I just use it for page load time stats and user journeys (simple - can't afford more).

      1. JohnFen

        "it doesn't collect any PII."

        Whether or not it collects PII depends on how you define PII. It collects far more information than I'm willing to share, which is why I always block GA. If your data collection needs are limited to load time stats and "journey", then why not do this with your own scripts? Just keep it between you and your users. There's no need to let Google's spy systems in.

    2. Michael Wojcik Silver badge

      Strip it down to just the top banner and bottom-right square, take off all the tracking and you'll get whitelisted...

      I wish the Reg would split the pointless-UI-candy scripts out to a different site, so I could bock just those. As far as I'm concerned, the post / vote / etc buttons are much more palatable as normal HTML than in their scripted versions. They bug me more than the ads, to be honest.

  3. Anonymous Coward
    Anonymous Coward

    'The nature of some data may also surprise. App developers receive your age and gender'

    As tech-heads we have a duty to help anyone we know sanitize their Android phone. The warning above primarily applies to the dystopian nightmare that is 'Google Play Store' / 'Google Play Services' / 'Google App'

    So leverage F-Droid / Fossdroid / Yalp instead. 'Location Services' can't be disabled 100% in all cases, but we don't have to make it easy for BrinPage algos. For those without root, Netguard / Blokada is your friend!

    1. Anonymous Coward
      Anonymous Coward

      Re: 'The nature of some data may also surprise. App developers receive your age and gender'

      Also never ever use the built-in 'Android Keyboard' or built-in browser usually 'Chrome'. Again open-source is your friend:

      https://www.wired.com/story/android-users-to-avoid-malware-ditch-googles-app-store/

      1. RyokuMas
        Coat

        Re: 'The nature of some data may also surprise. App developers receive your age and gender'

        "Again open-source is your friend"

        The fact that so many of the anti-Microsoft brigade trumpetted about the virtues of Android being open source only makes this statement so much more ironic...

        1. Doctor Syntax Silver badge

          Re: 'The nature of some data may also surprise. App developers receive your age and gender'

          "the anti-Microsoft brigade trumpetted about the virtues of Android being open source"

          The problem with Android isn't the open source core, it's the large closed source lump that Google runs on top of it before allowing Play store apps to be used. Yes, we know about that one. It's been mentioned here many times. It's why the OP gave those recommendations and why we don't trust Google. Also partly the reason why my. mobile is an ancient Symbian Nokia (the other reason is it does all I need so I don't see any reason to spend on a replacement).

          1. MacroRodent

            Re: 'The nature of some data may also surprise. App developers receive your age and gender'

            > an ancient Symbian Nokia

            Indeed, this article gives me an itch to rummage my drawer and see if any of the ancient Symbian Nokia's contained therein there still work...

            1. Anonymous Coward
              Anonymous Coward

              Ancient Symbian Nokia

              Sadly my antiquated Nokia N95 died a year or two back.

              A trip to cash converters and £40 poorer, a slightly less antiquated blackberry replaced it. Yes, it doesn't do all the slick things android and iphone do, but I feel like I have some control over using it.

              Sadly though, as I also found out 15 years earlier, BB's are a pile of tosh compared to Nokia.

              please, Mr Blackberry, or Mr Noka, do us all a favour and invent a phone that doesn't spy..... I think the world may just abut be ready for it.

              1. Anonymous Coward
                Anonymous Coward

                Re: Ancient Symbian Nokia

                > please, Mr Blackberry, or Mr Noka, do us all a favour and invent a phone that doesn't spy.....

                The iPhone SE is £250.

            2. Alan W. Rateliff, II
              Black Helicopters

              Re: 'The nature of some data may also surprise. App developers receive your age and gender'

              "Indeed, this article gives me an itch to rummage my drawer and see if any of the ancient Symbian Nokia's contained therein there still work..."

              I am still quite happily using my Sony Ericsson C905a. So long as AT&T's network does not go full LTE it will be with me. I also picked up a bunch of extras from a phone shop so I always have spare parts.

            3. Jamie Jones Silver badge

              Re: 'The nature of some data may also surprise. App developers receive your age and gender'

              > an ancient Symbian Nokia

              Me too! I actually bought a "new" one after i'd learnt for myself all the shite that is slurped from android (and it'd not just google - most of the third party app suppliers are bad too)

              Bonus? The battery last a week, the phone can be easily dialed in the dark and the rain, it's not as hard to hold as a "slate", and I don't have to worry about things slowing down because youtube decides to launch in the background.

              Yep, I'll keep my android hacking to the comfort of my armchair.

              Whilst I'm ranting about the horrible shape of all mobiles these days, I wonder, what happened to HCI? Why has user interface gone from practical to fashionable?

              A few months ago, I splashed out a few hundred on a high specced android tablet... it's so thin that after a while it digs into your hands a bit, and the edgeless screen means my fingers keep drifting into pressing something I don't want to press... For non-intensive use, I literally use my old £40 tablet more often, because, well, borders, and more rounded sides.

              pffft.

    2. Chronos
      Flame

      Re: 'The nature of some data may also surprise. App developers receive your age and gender'

      I was with you until the second word of the second paragraph. "Leverage" is not a bleedin' verb.

      The truth is that Android is a system to turn a smartphone owner into a product. The only way to successfully avoid that is to strip out Google services framework completely which, in essence, means running a custom build of AOSP/LineageOS/AOKP/Omni without the final flash of gapps. Then add F-Droid, YALP¹ et al.

      Even then, you have to be bloody careful. aGPS will quite happily talk to Google's SUPL server and quite literally hand them your coarse location along with device specific information. If you have a Mediatek device², their proprietary GPS core will also talk to their server. All of this is before the networks get involved.

      As for Android being open source, the first time you build your own derivative you'll realise just how much of it isn't. Even Qualcomm based devices, the vendor most likely to play nicely with your *droid freedom project, is chock-full of binary blobs from the obvious RIL/modem (pretty much expected as raw access to this can be used for all manner of nefarious things) down to simple peripheral access.

      It's a shame the Replicant project was such an epic fail but that was to be expected. The smartphone environment deliberately doesn't support full freedom as most devices are simply loss-leaders which enable access to the real product: You.

      ¹ Take no notice of apps that declare they're GSF dependent. Parts of them may be, yet they're usually deep down betrayal bits that don't affect core functionality. Of course, if you're installing even one closed-source app from GP through YALP, all your hard work deGoogling your device has gone out of the window anyway.

      ² Avoid at all costs. They almost always turn out to be landfill devices.

      1. Teiwaz

        Re: 'The nature of some data may also surprise. App developers receive your age and gender'

        The only way to successfully avoid that is to strip out Google services framework completely

        Correction : The only way to successfully avoid that is not to have bought a phone with Googles Android on it in the first place.

        Andoid devices have been a Trojan for Google to get inside your walls almost since they first came out.

        1. Chronos

          Re: 'The nature of some data may also surprise. App developers receive your age and gender'

          Correction : The only way to successfully avoid that is not to have bought a phone with Googles Android on it in the first place.

          In an ideal world, yes. However, you try getting something with the screen, processing power, ancillaries and connectivity of an Android device without the Trojan horse OS for reasonable money. Far better to take advantage of their "kindness" and gut it of its traitorware.

          This isn't blind trust. I run multiple utilities on the device itself via root adb shell to ensure I haven't missed anything any time there's a major change. I even strip out bits of Lineage that I don't trust such as the Jelly browser, e-mail, messaging and their update and feedback apps. In their place is Firefox Mobile, K9Mail, Silence and sod all because I'll track changelogs myself. Gone is anything Googly-syncable and in its place is DAVDroid and a self-hosted Nextcloud backend.

          Not for everyone, I admit, yet for those of us for whom messing with builds is more fun than chore, it works. We're not going to change the world for Joe Public this way, though.

          Andoid devices have been a Trojan for Google to get inside your walls almost since they first came out.

          Agreed. My first 'droid device was an Orange SanFran simply because that was the first reasonably priced handset that was a doddle to unlock, CMify and disinfect right out of the box. Its stock OS lasted just long enough to remove the SIMlock.

      2. Glen 1

        Re: 'The nature of some data may also surprise. App developers receive your age and gender'

        >"Leverage" is not a bleedin' verb.

        THIS ^^^^^^^^^^^^^^

        A HUNDRED TIMES THIS

        It on my Bullshit Bingo card. As a rule, if you use the word 'leverage' when you mean 'use', then your credibility drops like a stone.

        1. Anonymous Coward
          Anonymous Coward

          Re: 'The nature of some data may also surprise. App developers receive your age and gender'

          As a rule, if you use the word 'leverage' when you mean 'use', then your credibility drops like a stone.

          Ditto for using "utilise" where "use" will do just fine.

          1. Doctor Syntax Silver badge

            Re: 'The nature of some data may also surprise. App developers receive your age and gender'

            Ditto for using "utilise" where "use" will do just fine.

            And throw in "envision" instead of "envisage".

        2. Charles 9

          Re: 'The nature of some data may also surprise. App developers receive your age and gender'

          >"Leverage" is not a bleedin' verb.

          https://www.dictionary.com/browse/leverage?s=t

          verb (used with object), lev·er·aged, lev·er·ag·ing.

          to use (a quality or advantage) to obtain a desired effect or result:

          She was able to leverage her travel experience and her gift for languages to get a job as a translator.

          So leverage IS a verb (a transitive verb, to be specific), and if I have to, I'll look up OED, too.

          1. Chronos

            Re: 'The nature of some data may also surprise. App developers receive your age and gender'

            >"Leverage" is not a bleedin' verb.

            https://www.dictionary.com/browse/leverage?s=t

            verb (used with object), lev·er·aged, lev·er·ag·ing.

            to use (a quality or advantage) to obtain a desired effect or result:

            She was able to leverage her travel experience and her gift for languages to get a job as a translator.

            So leverage IS a verb (a transitive verb, to be specific), and if I have to, I'll look up OED, too.

            The defence would like to place on record this,, which describes the act as being "very sensual" when, in fact, it's nothing of the bloody sort - it actually reminds me of the time one of my dogs accidentally ate some elastic from a piece of meat. Citing this source as authoritative is probably not a good idea.

            Also this.

            The defence rests its case, m'lud.

          2. Michael Wojcik Silver badge

            Re: 'The nature of some data may also surprise. App developers receive your age and gender'

            So leverage IS a verb

            Of course it is. There are English speakers and writers who use it as one. In English, that's all that's required; English grammar is very flexible.

            You'll never convince the prescriptivists of that, though. They live in a fantasy world where the gods hand down immutable rules of English usage that none may question.

            1. Chronos

              Re: 'The nature of some data may also surprise. App developers receive your age and gender'

              You'll never convince the prescriptivists of that, though. They live in a fantasy world where the gods hand down immutable rules of English usage that none may question.

              Oh, I'm fine with evolution. My aversion to LaaV (leverage as a verb) is simple. Let me say the same thing twice:

              "We're going to use our experience in this field to produce something decent that people will want to buy. Keep me and the rest of the team informed of progress and problems, please."

              "We must leverage core competencies and utilise our core IP to produce an innovative product that will obsolete the current paradigm, incentivise our clients and increase our market share. The core team will touch base often and will ensure that hurdles become opportunities."

              Guess which of these is spoken by someone who knows what she's doing and will result in something that isn't a complete and utter dog's breakfast, shoddy to the point of worthless and impossible to support...

      3. Anonymous Coward
        Anonymous Coward

        Re: 'The nature of some data may also surprise. App developers receive your age and gender'

        ² Avoid at all costs. They almost always turn out to be landfill devices.

        I'm messing around with one now.

        It wasn't just the apps that have been modified, the whole system seems to be corrupt.

        For starters, there are system apps which install apps without user intervention.

        What's even worse is that even the developer options have been crippled or modified.

        Enabling the "show CPU usage" in Developer options didn't show anything on-screen at first until turning it off and back on again but even then only one or two processes show on-screen.

        Looking at logs shows dozens of errors of: "ProcessCpuTracker: Skipping unknown process pid ****"

        that accounts for this oddity.

        Bugreport is completely greyed out in Developer options.

        uploading the Over the air update apk sha256sum to VirusTotal gets flagged as a trojan dropper by 28 different AV scanners as does the Gallery app and an odd TCP connection over port 444.

        1. Chronos

          Re: 'The nature of some data may also surprise. App developers receive your age and gender'

          I had one whose answer to people getting root and stripping out system traitorware was to deliberately corrupt the ext4 filesystem on /system so that mount -o rw,remount /system failed back to read only. I did manage to reset the onerror flag to continue and disinfect but they're not worth the time, effort or rage to get them working properly - usually because they never will.

          Stick with Qualcomm. How much longer that would have been my advice had they been Borged by bloody Broadcom is left to the imagination.

      4. JohnFen

        Re: 'The nature of some data may also surprise. App developers receive your age and gender'

        "Even then, you have to be bloody careful."

        Indeed -- properly securing an Android device requires a fair bit of effort, not only in configuration but in terms of how you use the device. The level of effort required is increasing over time, too, which is why I'm working to get rid of Android from my devices entirely.

    3. Anonymous Coward
      Anonymous Coward

      Re: 'The nature of some data may also surprise. App developers receive your age and gender'

      Have an upvote for mentioning Blokada ... even I was surprised by the amount of utter shite it was blocking.

    4. Alan W. Rateliff, II
      Flame

      Re: 'The nature of some data may also surprise. App developers receive your age and gender'

      "As tech-heads we have a duty to help anyone we know sanitize their Android phone."

      Comment icon relevant.

  4. MrWibble

    "Overall, the study discovered that Apple retrieves much less data than Google.

    "The total number of calls to Apple servers from an iOS device was much lower, just 19 per cent the number of calls to Google servers from an Android device."

    no shit - comparing Apples to Oranges. An Android connects to Google for "Androidy" things, and for Ads (in apps / webpages, etc). An Apple connects to Apple for "Apply" things, and Google for Ads (in apps / webpages, etc). So therefore the Android connects to Google more than the iOS thingie connects to Apple.

    How many calls to Google from an Apple device were there? less than Android, for the same reason as above, but surely combining the two datasets gives a better indicator of the "badness" of Android's data slurp?

    1. Elmer Phud

      "As we repeatedly point out, Apple makes its money from selling overpriced hardware"

      It's all about the money, money, money - they don't really give a toss about YOU, just your pocket.

      1. Dave 126 Silver badge

        > It's all about the money, money, money - they don't really give a toss about YOU, just your pocket.

        Er, that's kinda the point of a company. At least their desire to make money from the people who have money to spend means Apple are motivated to differentiate themselves from Android on the privacy front.

        1. JohnFen

          "Er, that's kinda the point of a company"

          The point of a company is to provide a good or service in exchange for a reasonable profit. There's nothing about a company's goals that requires the company to treat its customers like walking wallets. A good business of any sort is one where both the business and their customers profit by the exchange.

          Companies that chase profit to the exclusion of all other considerations are terrible companies.

      2. Anonymous Coward
        Anonymous Coward

        "It's all about the money, money, money"

        At least, you know what's going to cost you mostly upfront.

      3. Mike Moyle

        "'As we repeatedly point out, Apple makes its money from selling overpriced hardware'

        It's all about the money, money, money - they don't really give a toss about YOU, just your pocket."

        Back in the '70s, an aftermarket automobile oil filter company ran a series of ads featuring a supposed auto shop mechanic extolling the virtues of their product. The tag line was "You can pay me now, or... Pay me later."

        Plus ça change...

  5. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    Android is Google's monetised trojan horse and the only reason they got away with it for so long: It was the wild west as far as Mobile platforms were concerned. This level of data slurping would not have been tolerated on a mature sector such as PCs, where users became savvy over time. Sadly, Microsoft's Windows 10 has gone the same way. NEVER 10!!!!!!!

    1. Mark 110

      I'm not sure they've ever been overly secret about their business model. But hen I've been reading the Register pretty much since its inception. The average user is much less aware.

      We really should stop whining about it and get together in our spare time to design and build an alternative to Android. Theres probably enough skills and experience on here to at least get a working proto up to go get some funding with . . .

      Hardwares a different problem.

    2. Anonymous Coward
      Anonymous Coward

      @897241.... ans so on

      It's not that Android users are not savvy, it's because the hardware is completely proprietary, choked with DRM. Closed, proprietary software means they can do to you whatever they please and how many times they feel the need. This is the demon Stallman wanted to slay and instead got covered in ridicule.

      With closed hardware software can no longer remain open. Unlike phones, PC hardware was open for a long time but this stopped when Microsoft came with SecureBoot idea so now there's no choice.

      Remember when Canonical entered in that infamous partnership with Amazon and started slurping information in Ubuntu? Open hardware and software enabled savvy users to see what was happening and soon they came up with a way to excise the offending code. On phones this is not possible.

      And all this is because a free user can not be properly monetized.

      1. Charles 9

        Re: @897241.... ans so on

        So what happens when you NEED (not want, say for employment reasons) a spyphone just to stay a member of modern society? Do you TRY to go to the cabin in the mountains where the landsats can still see you? Or just bend over and realize you're simply outnumbered (as in everyone else wants to rape your data, and they only have to be lucky ONCE to pwn you for life)?

        1. JohnFen

          Re: @897241.... ans so on

          "So what happens when you NEED (not want, say for employment reasons) a spyphone just to stay a member of modern society?"

          I don't know, since we aren't at that point (yet).

          1. Charles 9

            Re: @897241.... ans so on

            Just because YOU aren't doesn't means OTHERS are...and many really don't have a choice short of suicide...

            1. JohnFen

              Re: @897241.... ans so on

              I was replying to the idea that a smartphone is required to be a part of modern society. As a general statement, it is not. I acknowledge that there may be people who are in unusual circumstances that make a smartphone an essential link, but that isn't reflective of society as a whole. Just like the fact that there are people who are incapacitated enough to require someone else to cook their meals for them isn't an indication that this is a general requirement for everybody.

  6. Vanir

    Blessed are the poor

    for they are rich in personal data.

    1. Anonymous Coward
      Anonymous Coward

      Re: Blessed are the poor

      No, they are still poor in personal data - when they disclose you're poor.

      Advertiser need people who can spend, or at least are allowed to make enough debts to spend. It looks they also use those data to exclude poors - or other "unwanted" people - from seeing some offers...

      Now, it they could get the health data too... that's something poor people could contribute... "the nearest compatible organ donor is ...."

      1. Herring`

        Re: Blessed are the poor

        See, that's my cunning plan. Because I'm still walking around with an S4, they won't think to target me with ads for shiny stuff.

        Google do seem to be on a collision course with GDPR. It will be interesting to see how this plays out. Stuff like browsing history can easily reveal health/religion/sexuality/any of the "sensitive" classes of PII. Hmm.

      2. Chronos

        Re: Blessed are the poor

        Now, it they could get the health data too... that's something poor people could contribute... "the nearest compatible organ donor is ...."

        Ah, so that's what William Gibson meant by being rolled in Chiba for parts. All becomes clear.

        1. julian.smith
          Big Brother

          If they could get the health data too

          The Australian "government" has this covered with their MyHealth scam.

    2. Teiwaz

      Re: Blessed are the poor

      for they are rich in personal data.

      It's fools gold, looks pretty, lots of data, but worth much less than a years take from 'fingernails-for-cash.com'.

      1. Herring`

        Re: Blessed are the poor

        It's not how much the data is actually worth, it's how much the advertisers think it's worth. And you're talking about marketing people here.

        Look at (for instance) Facebook's market cap. It implies that every FB user (even the fictitious ones) is worth about $250. How does that work? Say an advertiser makes a 5% profit on every thingy they sell, every user would have to buy $5,000 worth of thingies purely as a result of a Facebook ad to make that economic. Or something. It's late and I need beer.

        1. Doctor Syntax Silver badge

          Re: Blessed are the poor

          "It's not how much the data is actually worth, it's how much the advertisers think it's worth. And you're talking about marketing people here."

          Got it in one.

          As I keep saying here, the only thing the advertising industry sells is advertising. "Targeting" data is part of that product and they keep finding mugs to buy it.

  7. Anonymous Coward
    Anonymous Coward

    Incognito mode?

    The report confirms that Google is no respecter of the Chrome browser's "incognito mode" aka "porn mode", collecting Chrome data to add to your personal profile, as we pointed out earlier this year.

    I'm surprised by this; and I cannot find any mention of it in the report. Could you give more details? I watch rather carefully for signs that what I do in Incognito mode would be bleeding to my profile, and so far I've seen nothing at all.

    1. Dan 55 Silver badge

      Re: Incognito mode?

      Presumably it's taken from your Google Account and is somehow linked to Analytics through Chrome and app developers with app launches. So they're not going to have much luck with me there either, my Google Account is bare and I use Firefox.

    2. Ogi
      Pint

      Re: Incognito mode?

      One thing I noticed is that in incognito mode, Google maps and youtube remember when I clicked "I accept" to their updated privacy policy, whereas in a browser that properly keeps me anonymous, they have to re-ask me every session (as they have no record of me agreeing before).

      Also, Google maps on incognito mode remembers the last location I looked up and auto-loads it, whereas the other browser session always loads Google maps from a guessed location based on GeoIP.

      Youtube remembers what videos I watched and recommends similar ones to me across incognito sessions, whereas that does not happen with the other browser.

      So, there are my little anecdotes to add to the topic. I have suspected for a long time that "Incognito Mode" was just a placebo really, and while it may reduce the amount of spying, it doesn't not eliminate it.

      My solution was multiple pale-moon profiles, including a "dirty" one with noscript (a must!), and which clears all history, cache and cookies on session close, and I don't really use Chrome.

      I am sure even that is not 100% spying free, what with browser fingerprinting, etc... but it is a damn sight better than the alternative.

      The best thing I found was to disable Javascript. Many many tricks used to bypass security and track you involve using JS on the client side. Alas many sites don't work at all without the crutch of JS, so noscript and a selective whitelist of the minimum JS required to get the content you want is my normal method of browsing.

      1. Dan 55 Silver badge

        Re: Incognito mode?

        I think first thing Chrome does is log you into your Google Account when you're on a Google site, incognito or otherwise, so everything you do in YouTube will get saved.

        1. Anonymous Coward
          Anonymous Coward

          @Dan 55 - Re: Incognito mode?

          Incognito mode means all OTHER websites are not allowed to track you. Each time you visit them they will see an anonymous visitor with no history.

          On the other hand, Google will track every move you make on the Internet. Facebook is a little different (not much), they're trying to bypass tracking protection.

          1. Dan 55 Silver badge

            Re: @Dan 55 - Incognito mode?

            If private (incognito) mode meant all cookies were rejected, it would break too many sites.

            Private mode means a new cookie jar is set up for the private window when it is opened and destroyed when it is closed. This is enough to maintain session info when browsing privately. If you log into any site, it tracks you normally and what you did is not forgotten by the site when you close the private window.

            Couple that with Chrome's auto-login to your Google account on Android and what you do on YouTube will be linked to your Google account, private window or otherwise.

            Happy to be proven wrong on this last point (don't have Chrome installed, not interested in installing it) but I believe that's the way it works.

            1. Anonymous Coward
              Anonymous Coward

              Re: @Dan 55 - Incognito mode?

              "Private mode means a new cookie jar is set up for the private window when it is opened and destroyed when it is closed."

              Correct. If the browser straight out decline all cookies, it would repeatedly ask for permission to store cookies or log-ins. Some website would fail to load as well.

              I have not test on Google Chrome, but I also believe if you logged into Google Chrome, tracking backed by Google will still be connected to your account even if you are in incognito mode.

  8. Azerty

    recaptcha?

    recaptcha is also owned by google. Many companies nowadays do not allow to send direct emails so you have the use their forms. The forms are protected by recaptcha as are many of the "sign up" or forgot password functions. These companies are effectively enforcing a totalitarian google surveillance.

    1. Anonymous Coward
      Big Brother

      Re: recaptcha?

      Take the time to read recaptcha T&Cs... it will send a lot of data about the page it's used in.

    2. Ogi

      Re: recaptcha?

      > These companies are effectively enforcing a totalitarian google surveillance.

      And its getting worse. More and more services online require me to enable Google recapcha and solve it. Quite apart from the fact I despise giving my time and effort for free to train up Google's AI image detection system, there are the implications for privacy, security (I mean, pulling in third party JS scripts from cross domains is bad, and should not be done) and tracking that you mentioned.

      The problem is I don't know what can be done. The masses are not aware of it, and if they are, they don't really see the problem (until it is too late). While many "modern" developers seem to be completely lazy and will just use any bloated framework they find online without even considering the security, privacy and other implications of doing so.

      I am finding out that I am getting locked out of more and more services unless I enable Google spying, because they have "upgraded" to use recaptcha. Even things to do with my bank (thankfully not for my actual online banking, yet) and other services that would be considered critical for modern living.

      A lot of sites now offer the "Log in with facebook" option, which of course means, that FB's javascript is running on the site scanning and spying on what I do, even if I don't have an account with them. This is getting out of hand, quite frankly.

      1. cd

        Re: recaptcha?

        I'm dropping Hover as a registrar because they include both Google and Facebook scripts on the admin page. I block them with Noscript, but I've told them twice it's unappreciated and they aren't getting it.

        Worse still is Craigslist if looking for work or apartment., can't see the contact info without captchas.

        They have set up themselves as somewhat essential and are now milking it. We need draconian and medieval measures.

        1. Charles 9

          Re: recaptcha?

          Well, Craigslist had no choice if they wanted to block bots. Anything homemade would likely get broken, and there's always CAPTCHA mills.

      2. hoola Silver badge

        Re: recaptcha?

        The last paragraph is interesting, I was looking for something my son wanted but was now discontinued and only a few places had it. Ignoring all the spam Amazon click-bait link and we found a couple. A few days later the page for one of the suppliers was still open when Chrome loaded and as I moved the mouse of the website's search box, it came up in faint grey with an error containing fb, facebook pixl or similar. At this point I concluded that any searches done on that site were uploading metadata even though I have nothing to do with Facebook. The entire debacle has now got me looking in detail and trying to block even more outbound calls that are not necessary. As others have mentioned, the idiots that build these site just cannot conceive of the fact that users may not even have Facebook or Twitter or some other stupid account. The equally cannot conceive of the fact that what they are doing is probably morally or socially unacceptable. But these will be the same generation that have grown up sharing the minutia of their imibicle lives with the world without the slightest thought for the consequences. And this is of course why all these types of companies want young devs, etc. they simply have no concept of right, wrong, decency and what is acceptable, reflecting the views of those at the very top.

  9. bombastic bob Silver badge
    Devil

    What's really funny...

    After seeing the photo at the top of the article...

    You know what's REALLY funny (to me) is how many Cali-Fornicate-You cities are voting to BAN PLASTIC STRAWS, complete with JAIL TIME for failing to comply with their heavy handed control of our daily lives.

    Somehow I don't think this will help much to keep Google from 'slurping' our data...

    Yeah you can file this in the 'ironically walking over dollars to pick up dimes' cabinet when it comes to Google and data slurping and what anyone 'in power' is doing about it, but I thought it was kinda funny and appropriate to point this out (considering the photo for the article).

    So Google can freely 'slurp your data', but you can NOT 'slurp your soda' with a PLASTIC STRAW!

    At least, not in Cali-Fornicate-You.

    1. Anonymous Coward
      Anonymous Coward

      Re: What's really funny...

      Yours is really a straw man argument.

      BTW, California did just approve a law about data hoarding, not as good as GDPR, but better than nothing - just Google, FB & C are working hard to neuter it before it becomes effective.

  10. iron Silver badge
    WTF?

    App developers receive your age and gender whenever an app is launched

    The above statement is false. I have several apps in the Play store and have never received any information about the users of my apps, ever. I purposely do not include any analytics libraries because I don't want to be another creepy company slurping my user's data.

    When such a simple statement is false, how much of the rest of the report is trustworthy?

  11. Someone Else Silver badge

    Google Analytics is used by more than three quarters of the top 100,000 most visited websites (including the one you're reading), [...]

    ...and has been duly blacklisted on every browser I use (including this one).

    We need a middle-finger icon to be placed right next to the Big Brother icon....

  12. Marty McFly Silver badge
    Thumb Up

    Pi-Hole

    Surprised no one has mentioned it yet. Seems to work fine for me. It is revealing how much chit-chat was happening between (what should be) benign devices and the Internet. Roku's reporting back to the mother ship beats out Google Analytics by a long shot.

  13. RobertLongshaft

    You mean Google know about my dwarf porn fetish?

    It was just a little tommy tank

    1. cd

      What we need is some ihidden porn concerning the google founders to be inserted everywhere, in the footer of every message, on every web page, in all online script code, so that it begins to rank up in their engine like kudzu.

  14. Kevin McMurtrie Silver badge

    This is nothing

    Wait until Google unleashes free self-driving cars. Observation and persuasion become physical.

  15. Anonymous Coward
    Anonymous Coward

    Lol, look at all the dumb comments

    This report talks only about the FREQUENCY of data transmission on Android, not the size or content of the data.

    This should report books down to;

    iOS sends the same data but less often (only 10 times an hour, not 40), which makes it's services that rely on that less accurate..

    1. elbisivni

      Re: Lol, look at all the dumb comments

      It does a little bit - it mentions that the communication to Apple servers doesn't include ad related information, and that the amount of data was significantly less.

  16. Anonymous Coward
    Anonymous Coward

    Apple funding

    On Android fake news bullshit stories seems to have increased by a factor of 10 over the last few months.

    Some "researchers" (that literally have no credentials whatsoever) are getting very rich writing this bullshit for churnalists everywhere to copy and paste

    1. Anonymous Coward
      Anonymous Coward

      Re: Apple funding

      Might you be able to point to a research report that is more closely aligned with your view point instead?

      Also, by 'some researcher' I assume that you mean Professor Schmidt, the one who wrote the DCN report. He's actually rather well respected, published, and widely cited.(http://www.dre.vanderbilt.edu/~schmidt/bio.html).

      While I am sure that a report that points out Apple's ghastliness will be along soon enough, the widely respected basement computer scientists at any number of android fanboy sites will be able to serve your biases in the meantime. Or youtube comments. They're practically peer reviewed!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like