Google Voice Search and Privacy

Tired of typing?

android-voice-search

Google Maps voice search on Android 4.4 KitKat

It sure sounds convenient to simply speak a search term and have Google send back or even read you your search results.

Yet have you ever noticed how Google is pushing voice search on recent versions of Android such as KitKat? Every time you open up Google Maps and tap on the search field, it reminds you that voice search is available.

Besides the aforementioned convenience, there is a whole other aspect of why Google would be interested in you using your voice to search: to find out your gender and agemood and probably a lot more information that can be derived from the sound of your voice. Such information is extremely valuable when deciding which ads are relevant to you. In turn, the more relevant an ad is, the higher the chance of you reacting to it which in turn lets Google charge advertisers higher rates and therefore make more money.

In other words, Google stores millions of voice recordings […] Google creates an electronic key that links your speech samples with your Google Account. […] people within Google can access these keys […]

Excerpt from Google’s support page about Personalized Voice Recognition on Dec 30, 2013.

What this means for your privacy is that by using any form of voice search on Google services, the company will be able to silently deduct information about you from the sound of your voice that you might not be willing to disclose to them. For example, you might have entered an incorrect year of birth or gender on purpose when signing up for your Google account. By using voice search, Google will be able to determine that the information you entered does not match the voice pattern of the person actually using the account and make an internal database entry with your real profile data. In a post-Snowden world it is also very plausible that this information is then accessible by government spy agencies, even without the knowledge of Google.

Android Voice Search Settings in Android 4.4. KitKat

Android Voice Search Settings in Android 4.4. KitKat

In this context, you might be inclined to turn personalized search off. Unfortunately, even though previous versions of Android apparently let you disable personalization, the information on Google’s help pages appears outdated, as I could not find this setting anywhere in Android 4.4 KitKat. Therefore, with Google’s stance of trying to collect as much information about people as possible, I think it is safe to assume that personalized voice search is now always on and can no longer be turned off.

Thus, if you’re not happy to disclose your gender, age, mood and other personal information to Google on a regular basis, you should stay away from voice search.

Note: While I talk about Google specifically, any other voice recognition service such as Apple’s Siri can equally be suspected of gathering personal information about you from your voice patterns.

Advertisements

Facebook, the Skinner Box

Found a great talk by Cory Doctorow today via Netzpolitik, where he discusses a psychological mechanism Facebook uses to get users to frequently return to the site and to disclose more and more personal information.

The psychological reward or kick apparently created when receiving attention from peers as a result of posting something personal ties right in with observations made by game design expert Jesse Schell, who researched the game mechanics of popular games that use psychological tricks to keep players to return again and again as well as to spend money. If you have a few more minutes to spare, you should definitely watch his very insightful talk about what makes the success of some these games as well as how game mechanics could be used to make people exhibit certain behavior in non-gaming contexts: Continue reading

In Facebook we trust?

Consider this alleged conversation between Facebook’s founder Mark Zuckerberg and a friend which supposedly took place shortly after Facebook was launched:

Zuck: Yeah so if you ever need info about anyone at Harvard

Zuck: Just ask.

Zuck: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend’s Name]: What? How’d you manage that one?

Zuck: People just submitted it.

Zuck: I don’t know why.

Zuck: They “trust me”

Zuck: Dumb fucks.

Source: http://www.businessinsider.com/

Leaving aside if this conversation actually happened or not, the second last statement highlights what I think has been the key reason for Facebook’s growth: Continue reading

Re: Security and the Cloud

Today I came across a rather thought-provoking blog post by Ryan Bitanga on Planet KDE called Security and the Cloud. He argues that moving personal and corporate data into the Cloud – a form of on-demand on-line computing infrastructure where “Users need not have knowledge of, expertise in, or control over the technology infrastructure” as Wikipedia states – is inherently unsafe. He continues,

Without the need to physically access a target device, your data is no longer secure once your credentials are compromised. […] Granted, this is an issue shared with most, if not all, networks connected to the internet. However, cloud computing amplifies this problem by having all your data readily accessible from the internet.

I could not agree more.

However, what is needed are strategies to mitigate those risks. To prevent unauthorized access to data in the cloud, it should become common practice to use two-factor authentication such as the combination of a password known by the user and a hardware-generated token (e.g. SecurID). Only if an attacker has access to the password as well as the physical token generator, access can be (rightfully) obtained.

Although the above procedure would reduce the risk of unauthorized access through password theft, another plausible attack scenario that I see is the storage service being either compromised or being the intruder itself. One particular example that comes to my mind is the Google Mail service which analyzes its users’ emails in order to provide contextual advertising. While such analysis might not worry personal email users too much, the fact that a foreign enterprise even has the theoretical ability to poke around in other corporate data hosted on its servers should ring all alarm bells of any company deriving its business value from its data. Therefore, an additional layer of encryption hiding the content from the storage service should be the default procedure for companies looking to moving their data into the Cloud.

Overall, it however appears to me that awareness for such security and trust issues does not adequately exist yet and current discussions about Cloud computing are mainly one-sided and benefits driven. I wonder what kind of major data theft incident will be necessary before the discussion approaches a more balanced level.

Update: The New York times ran an article yesterday, sharing many of these views. Read it here.

Owned? Legal terms of video hosting services compared

For the Air Canada article I was researching a video hosting service that would match my requirements of:

  1. Which rights of my work I would have to give away,
  2. what usage rights I could assign to my viewers,
  3. what level of privacy I could expect in terms of disclosure of my data,
  4. and where a service had its legal residence in case of a dispute.

I’ve decided to collect and extend my findings in this post in the hope that it can help others in choosing their preferred video hosting service.

A summary is provided at the end of this post, based on my understanding of the legal terms as a non-lawyer. All excerpts were made on April 25, 2009 unless otherwise stated. Emphasis and comments mine.

Continue reading

Net neutrality discussions in Europe and Canada

At work it’s been very busy the last weeks, with a particular customer changing requirements more often than the word has letters, therefore it’s unfortunately been a bit quiet in here…

Nevertheless, I wanted to quickly point out that in both, the European Union and Canada, there are currently hearings about “net neutrality“. This term refers to the notion, that Internet Service Providers (ISPs) are generally expected not to interfere with or discriminate against any of the applications their customers use on the Internet. The discussion arose, when some ISPs started to throttle Peer-to-peer filesharing traffic to relieve their network load, as such applications create up to 70% of overall Internet traffic in some parts of the world.

Peer-to-peer Internet traffic

Relative amount of peer-to-peer filesharing traffic compared to overall Internet traffic by geographic region. Source: torrentfreak.com

The general consensus of Internet users seems to be that discriminating certain content is a bad practice as it prevents users from utilizing whatever applications they want to use, at a level of quality they expect from their Internet connection. Therefore, the current discussion is, whether ISPs should be forced to abstain from discriminating against certain traffic by the force of law, or if the market forces will sufficiently punish ISPs and therefore discourage the practice.

In the current edition of ACM’s Communications magazine, there is a lengthy and well-written point-counterpoint article about the topic. In terms of arguments, I must say the force-of-law arguments appear to hold up much better than the market-based approach. On the German blog netzpolitik.org, there is also a video interview with Rossoglau Kostas of the European Consumers’ Organization about the topic:

I thus invite readers to voice their opinions about the topics so they are considered in the hearings. The platform for Canada is SaveOurNet.ca which allows for directly sending an e-mail to the Canadian Radio-television and Telecommunications Commission (CRTC) commissioner charged with the hearings. Law professor Michael Geist points out that the deadline for submissions has been extended to February 23. For the European union, La Quadrature du Net is a very active citizen group participating in the discussions, although their website is less clear as to how individuals can support them.

Remix culture

If you’ve followed recent discussions about the growing necessity of copyright reforms, you’ve most likely heard of Lawrence Lessig, the founding board member of Creative Commons. In a nutshell, Creative Commons – or just CC – is a set of permissive licences which any creator of creative content can assign to her own work to explicitly permit other people to build upon and reuse or remix the works according to the simple rules outlined in the license. While Creative Commons licenses have been in existence for more than six years, they are only now starting to be adopted by major content producers such as the Arabic TV network Al Jazeera or the band Nine Inch Nails, who released their on-line best-selling album Ghosts I-IV under a CC licence at the day of release for free downloading and non-commercial remixing.

When Lawrence Lessig was invited as a guest of the popular satire TV show The Colbert Report to present his newest book, this promised to provide some entertainment. See for yourself:

(Unfortunately, the TV show does not use a CC license yet, so the video might be removed at some point.)

The above interview is obviously a clear invitation for remix artists to get creative and I think that is exactly what Eclectic Method have been:

Make sure to visit their website and watch their video mix-tape Lock Up Your Videos for some great combinations of a wide style of music genres. I think that artists such as these really show what kind of creative new works are possible by remixing existing content with today’s digital tools. In other words, it is now primarily the legal system which holds back these artists and no longer the technical limitations of computer systems as was the case only a few years ago.

Future priorities in the field of Justice and Home Affairs policy

The European Civil Liberties Network is conducting an “alternative survey” about “future priorities in the field of Justice and Home Affairs policy” in the European Union. “Alternative”, because the original questionnaire published by the European Commission is littered with highly suggestive questions, apparently designed to lead to results supporting positions already favored by the Commission. The ECLN survey takes those questions and poses them from a civil liberties perspective.

I have not heard of the ECLN before but a look at the list of supporters and founders suggests that it is a serious organization, therefore I would like to encourage readers to take part in the survey. (I have already notified them that the responses should be sent using an encrypted connection by default, so hopefully this is fixed soon.)

New country, new job, more CCTV

The last weeks have been quiet here as I was preparing my move to Canada. I will now be working at a software company in Montreal, largest city of Canada’s “belle province”.

What surprised me here from a privacy standpoint is the large number of video surveillance cameras in use. As the significant majority of the cameras does not bear any information on who is receiving or recording the footage, there is no way of finding out how long the footage is stored or what else is done with it. This seems to confirm the observation of Privacy International that the guidelines by federal and provincial Privacy Commissioners have had little effect so far.