Advertisement

SKIP ADVERTISEMENT

Why Does Google Know Everything You’ve Bought on Amazon for the Past Six Years?

Sometimes it’s worth pausing to ask the simplest questions.

Credit...John Zeedick/Associated Press

Mr. Warzel is an Opinion writer at large.

This article is part of a limited-run newsletter. You can sign up here.

Last month, CNBC reported on a page in Google’s account settings titled “Purchases” — a month-by-month list of items you’ve bought across online services like Amazon and other apps that are collected via Google services like Gmail.

It’s not quite fair to call the reveal of the Google Purchases page a scandal; the page is publicly accessible, and it’s not as if the company is illicitly purchasing the information — instead, it’s scanning your inbox and scraping information based on confirmation and purchase emails you directed to your Gmail account.

And yet, Purchases is a jarring example of how leaky our data really is and how large companies can aggregate that information unbeknown to the consumer. I, for one, was unaware that almost every concert ticket, Domino’s pizza and Amazon purchase (including a 2014 accidental purchase of the film “Tango & Cash”) was being logged by Google. Equally troubling: The purchases can’t easily be deleted from the page without also deleting the receipt emails from your Gmail account.

When I scanned my list I was struck by the length of the trail of information — more than six years of online purchases. The depth of that digital record reminded me of other reports of individuals downloading their data from Facebook and Google after 2018’s Cambridge Analytica scandal and despairing at the granular detail of the information collected. Every movement cataloged, analyzed and leveraged. But to what end?

Google’s explanation in this instance feels lacking. The company told CNBC that the Purchases page exists simply “to help you easily view and keep track of your purchases, bookings and subscriptions in one place” and that it does not sell user data or use your Gmail information to show you ads. But the company’s privacy page also notes that “information about your orders may also be saved with your activity in other Google services.”

Scrolling through my Purchases, I couldn’t shake the most basic questions: What good reason is there for Google to store six years of detailed purchase information? Why can’t I delete it without deleting the emailed receipts? Why aren’t there default time limits on how long information is stored?

I had the same reaction reading a story in The Washington Post last week that revealed how in just one week, 5,400 hidden app trackers transmitted personal data (in some cases, violating app privacy policies) to third parties. I found it hard to get through the piece without getting tripped up on a series of “whys”: Why do our apps hoover up our personal information and funnel it out in the dead of night? Why aren’t these behaviors limited by our phones by default? Patrick Jackson, a former National Security Agency researcher who helped The Post conduct the tracker experiment, had similar questions. “This is your data,” he told The Post. “Why should it even leave your phone? Why should it be collected by someone when you don’t know what they’re going to do with it?”

[If you’re online, chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.]

Of course there are technical answers to many of these questions. In Google’s case, perhaps your information is fed to train machine systems to help boost artificial intelligence or to improve intelligence in products like maps and search. In the case of the iPhone apps, data is transmitted in the night so as not to interfere with your daytime usage.

And yet these answers are rarely satisfying. They’re logistical answers to bigger, structural questions: Why does the internet have to work this way? Why is the currency of the commercial web our increasingly granular information? Why is it collected, sorted and traded in ways that are nearly impossible to see in the aggregate? And why should we trust the sophistication of ad-targeting technology in an industry where advertisers will lose more than $23 billion globally to ad fraud just this year?

As the privacy discussion accelerates, grows more sophisticated and bleeds into headlines and the halls of Congress, it’s worth asking these fundamental questions of tech companies, data brokers and lawmakers. It may seem overly simplistic, but our current privacy reckoning is about just that: finding satisfactory answers to the most basic questions about the future of our digital lives.

Image
Credit...The New York Times archives

This week’s dive into the archive is a fun 1998 column from Sabra Chartrand that chronicles the earliest days of online tracking through the development of one cookie-tracking patent.

As usual, there’s some excellent musing about the future of the World Wide Web:

That does not daunt those who believe that with customized information delivery and targeted advertising, someday the Internet will become the most lucrative way to sell goods and services. They picture a world in which customers will leave traces of information about their habits, preferences, spending patterns, economic needs and personal status every time they use a computer. The information will be sorted into data bases and used to fashion Web sites, promotional campaigns, advertisements and even junk mail that is tailored specifically to each user.

They pictured correctly!

Then there’s this, which hits like a ton of bricks in 2019:

Certainly such visions raise concerns about privacy. Without tackling those issues, however, many companies are at work on the software and hardware needed to make culling the information and setting up the data bases a reality. One company, the Thinking Media Corporation of New York, has a new patent for a method of tracking how people respond to internet advertisements and commercial Web sites.

You really ought to read the whole thing for a look at the beginning of the modern web and some much simpler times:

“What we’ve done is insert a very small homing beacon that goes along with an ad or a Web page,” Mr. Davis explained. “It’s a piece of Java, a Java applet.”

There’s an easy way to make sure apps aren’t siphoning your data in the night (as mentioned above) and that’s to delete sketchy or unused apps. My colleagues at the Wirecutter have a handy guide to decluttering your phone here.

You should read the whole post as well as their 7 Simple Ways to Protect Your Digital Privacy, but in case you’re in a hurry, here’s a snippet on how to audit your privacy settings on iPhone and Android:

If you have an iPhone, open Settings and tap the Privacy option. On Android, head to Settings > Apps, and then tap the gear icon and select App Permissions. Here, you can see which apps have access to your location, contacts, microphone, and other data. Disable permissions where they don’t make sense — for example, Google Maps needs your location to function, but your notes app doesn’t. In the future, think about app permissions as you install new software; if an app is free, it’s possibly collecting and selling your data.

Are targeted ads worth the privacy invasion for publishers? A new study suggests maybe not as much as originally expected.

I loved this smart essay on why digital privacy is a class issue.

A sentiment I’ve been thinking about a lot lately: “There may be such a thing as too much data.”

This wild look at how “rushed encryption legislation allows police to compel Wi-Fi providers to turn over information about users.”

Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram.

glossary replacer

Advertisement

SKIP ADVERTISEMENT