Data protection at Google: simple incognito, more differential privacy

Anyone who uses Android or other Google services such as search, maps or YouTube will be able to switch to incognito mode more easily in the future. No more data then flows into your own Google account as a regular store. Measured values ​​are processed solely for a specific purpose, e.g. for route calculation, but not identified with a person.

So far, users who have been concerned about their privacy have usually had to click through a few switch menus in order to surf invisible through Google services. In the future, it will only be necessary to press the profile picture displayed after logging in at the top right of the window a little longer – the user is already automatically “private” on the go.

The new mechanism is one of several improved privacy settings that Google chief Sundar Pichai announced on Wednesday. The password check introduced a year ago was also refined. For example, if the user saves Chrome login credentials in the browser, the service will in future compare user names and password combinations with databases to find compromised information on the Internet. The procedure is integrated directly into the security check; the test procedure no longer has to be actively initiated.

The activity settings, for example for the search history, location history or audio services, receive an update: Google wants to make it easier to delete this sensitive data and to manage its own account. Previously, users could subsequently determine whether this information would be automatically deleted after three or 18 months. Otherwise, longer storage periods apply.

Don’t miss any news! With our daily newsletter you will receive all heise online news from the past 24 hours every morning.

  • Subscribe to the newsletter now

For new users, the default setting is that movement profiles and web activities are kept for 18 months. However, users can also determine whether the data can be used longer or shorter. The new option will also apply to YouTube, where the time window for the automatic deletion of the data is initially set to 36 months.

There is also provision for easier access to important account settings directly from Google search. The user should be shown a map here that is only visible to them. He is directed to the security check.

Google also releases an open source library to Differential Privacy extended. With this method, which was announced by Apple, among other things, aggregated data can be published after the addition of background noise in such a way that the individual user is no longer easily identifiable. Google is already using this technology in maps, for example, to indicate peak times for shops or authorities and for mobility data that would be provided in the fight against the corona pandemic, explains Stephan Micklitz, head of the Google Safety Engineering Center (GSEC), which opened in Munich in May 2019 ). His company now supports this process with the programming languages ​​Java and Go so that more developers could use it.

Applying protection correctly is “quite complex,” said Micklitz. This is similar to cryptography, for which it is better not to write solutions yourself, but to safely implement existing methods. Data protection experts point out that it should always be noted where differential privacy starts and “noise” is added. If this happens only when the database is called up, the person responsible has access to all measured values ​​and can therefore also use them for purposes not intended. The technology must therefore already be on the user’s device. Micklitz underlined that the Munich data protection center had significantly advanced the functions outlined. Many of them are immediately available, some will be launched soon.


To home page