Tuesday, July 16, 2024
- Advertisement -

    Latest Posts

    Report: Google leak reveals multiple privacy and security errors

    A major leak from Google’s internal database has revealed various security and privacy incidents at Google. The database, tipped off to 404 Media by an ex-employee, contains 6 years’ worth of reports on various privacy and security concerns spotted in Google’s products, services, and acquired companies.

    The leak revealed employee reports about Google’s products collecting children’s data, leaking carpool users’ trips and home addresses, and making YouTube recommendations based on deleted watch history.

    When 404 Media shared a few of the instances they spotted with Google, they stated, “At Google, employees can quickly flag potential product issues for review by the relevant teams. When an employee submits the flag they suggest the priority level to the reviewer. The reports obtained by 404 are from over six years ago and are examples of these flags—everyone was reviewed and resolved at that time. In some cases, these employee flags were not an issue or were issues that employees found in third-party services.”

    Here are some of the major instances of privacy breaches spotted by 404 Media:

    Google Street View storing license plate numbers:

    A report from a Google employee informed that Google Street View’s systems were transcribing and storing license plate numbers from photos. The employee’s report to Google read, “Unfortunately, the contents of license plates are also text and have been transcribed in many cases. As a result, our database of objects detected from Street View now inadvertently contains a database of geolocated license plate numbers and license plate number fragments….I want to emphasize that this was an accident. The system which transcribes these text should be avoiding imagery identified by our license plate detectors.” The report stated that the transcribed license plate data had been purged.

    A third-party service exposed email addresses:

    Another incident involved the public exposure of over one million users’ email addresses by Socratic.org, a Google-acquired company. The data was viewable in the page source of the company’s website, as per the report. Geolocation information and IP addresses of users, some suspected to be children, were also suspected to be available. “This exposure has been addressed as part of the closing conditions for this acquisition. However, the data was exposed for less than a year and could already have been harvested,” the report stated.

    Storing children’s voices:

    Another report stated that Google speech logged all audio, including an estimated 1,000 children’s speech data, for around an hour.“Estimated 1K child speech utterances were collected. Team deleted all logged speech data from the affected period,” the report said.

    Government products made available to the public:

    404 media also spotted a report informing Google that a Google cloud product, meant for government clients who need to protect sensitive data, was inadvertently transitioned to a consumer-level product ie a product with no specialized provisions.

    Key details about the complaints in the report:

    • A filter to stop children’s voices from being collected was not correctly applied to certain products
    • A quirk in Android’s keyboard meant that children were pressing the microphone button, resulting in Google logging audio from children as part of the launch of the YouTube Kids app.
    • Customer accounts were modified by a person on Google’s ad platform to manipulate tracking on ads.
    • The carpooling feature of Waze, a mapping service acquired by Google, leaked other users’ trips and home addresses.
    • A Google employee accessed private videos in a Nintendo’s YouTube account and leaked information ahead of Ninendo’s planned announcements. An internal interview concluded this was “non-intentional,” the report said.
    • YouTube made recommendations based on videos users had deleted from their watch history, which was against YouTube’s policy.
    • A YouTube blurring feature was exposing uncensored versions of pictures.
    • When iOS users of Google Drive or Docs set access controls on a file as “Anyone with the link” Google treated it as a “Public” link.
    • YouTube videos uploaded as unlisted or private could appear publicly available for a short duration.

    Why it matters?

    While Google has stated that these issues have been resolved, the sheer amount of reports and complaints, when compounded are a source of concern. In particular, the defects in privacy provisions for products made specifically for children should be a matter of distress, with regulators like the Federal Trade Commission of the US proposing that the onus of child data protection must be on providers.

    Also Read:

    The post Report: Google leak reveals multiple privacy and security errors appeared first on MEDIANAMA.

    Latest Posts

    - Advertisement -

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.