| ▲ | sixhobbits 4 hours ago |
| It's a sad story and a fun-looking project but I think Google 100% did the right thing here. Most people have no idea how much information is included in photo metadata, and stripping it as much as possible lines up to how people expect the world to work. |
|
| ▲ | WhyNotHugo 2 hours ago | parent | next [-] |
| It's not that hard to add a little checkmark "include location" under it, rather than unconditionally remove it. As per op, it seems they've shut down _any_ means for you to get the data out of the phone other than using a USB cable. |
|
| ▲ | maccard 4 hours ago | parent | prev | next [-] |
| If google really cared about privacy, they wouldn't have moved maps away from a subdomain. now if I want maps to have my location (logical), I need to grant google _search_ my location too. |
| |
| ▲ | edgineer 3 hours ago | parent | next [-] | | It's not all-or-nothing; sometimes some people at Google push for some things to improve privacy. Rarely happens when revenue is at stake. Android used to ask you "do you want to alllow internet access?" as an app permission. Google removed that, as it would stop ads from showing up. Devastating change for privacy and security, great for revenue. | | |
| ▲ | WarmWash 2 hours ago | parent | next [-] | | It's not great for revenue, it is their revenue. People act like Google products are a charity that had been free forever, and then this mega-corp called Google came along and started harvesting the data of innocent people who just want to get directions to Starbucks. | |
| ▲ | sathackr 3 hours ago | parent | prev [-] | | GrapheneOS still does this -- allows controlling internet access on a per-app basis. | | |
| ▲ | lukan 3 hours ago | parent | next [-] | | For those of us stuck on normal android, is there a way to achieve that? I know it used to work with some firewall apps but nowdays they all require root access. | | | |
| ▲ | lxgr 2 hours ago | parent | prev [-] | | iOS allows this, but only on mobile data, which is pretty infuriating. Why should I not be able to also restrict apps from dialing home/anywhere just because I'm on a Wi-Fi network (which isn't even necessarily unmetered)? | | |
| ▲ | joosters 2 hours ago | parent [-] | | It's really annoying. I have a sudoku game on my phone, works great but give it internet access and it's suddenly full of sketchy adverts. If I'm playing it on my commute, it's usable with mobile data disabled for the app. But when the train stops in a station long enough to auto-connect to wifi, immediate full screen adverts :( | | |
| ▲ | raw_anon_1111 22 minutes ago | parent | next [-] | | Then don’t use an ad supported app? I have one as supported app on my phone - Overcast. The developer created their own ad platform and serves topic based ads based on the podcast you are listening to right now. Ironically enough I started to pay for a subscription even though it didn’t give me any real benefit just to support him until he started having ads. I’ve found a lot of useful podcasts from the ads. | |
| ▲ | xp84 34 minutes ago | parent | prev [-] | | I’m gonna be That Guy for a minute: if you enjoy using a Sudoku app, isn’t there one available on more acceptable terms, e.g. a single purchase or a IAP that removes the ads from this one? I’m not saying you have to pay like $3.99/week for a scam one, but more like pointing out that if you don’t like ads (as I also don’t) why not support the developers who believe in selling software to you for a few bucks rather than selling your annoyance to Google via Adsense? |
|
|
|
| |
| ▲ | amazingamazing 3 hours ago | parent | prev | next [-] | | Google has your location either way. What difference does it make? | | |
| ▲ | kevin_thibedeau 3 hours ago | parent [-] | | You can lock down their usage. Limit it to three months storage and minimize sharing. They still report an old address for home and work for me since I dialed up the restrictions years ago. They have the data but it is less exposed. | | |
| ▲ | amazingamazing 3 hours ago | parent [-] | | I honestly don’t understand the scenario you’re defending against. Google still knows where you actually live and work trivially. If you don’t trust Google you should just de-Google completely. | | |
| ▲ | lukan 3 hours ago | parent | next [-] | | I also don't trust my government. So should I just degovernment completely? Sounds just as practical or realistic for most people. | | |
| ▲ | shibapuppie 2 hours ago | parent | next [-] | | "Just move" seems to be a pretty popular sentiment, in that scenario. | |
| ▲ | amazingamazing 2 hours ago | parent | prev [-] | | You’re saying moving on from Google is similar to switching government? | | |
| ▲ | bornfreddy 9 minutes ago | parent | next [-] | | Have you tried moving on from Google, and preferably not to Apple? | |
| ▲ | Jtarii 2 hours ago | parent | prev | next [-] | | Switching government and deleting google are probably on the same order of magnitude of difficulty for most people. | |
| ▲ | lukan 2 hours ago | parent | prev [-] | | In a way, yes, as google de facto governs and controls much of the internet. |
|
| |
| ▲ | lxgr 2 hours ago | parent | prev [-] | | Not GGP, but I suppose the general idea is: Granting permanent location permission to maps.google.com seems a bit more privacy preserving than granting it to *.google.com, assuming one opens maps significantly less often than e.g. GMail, search etc. |
|
|
| |
| ▲ | butlike 3 hours ago | parent | prev | next [-] | | I'm not sure I follow. maps.google.com still resolves? | | |
| ▲ | maccard 3 hours ago | parent [-] | | maps.google.com now redirects to google.com/maps and has done for the past few years. | | |
| |
| ▲ | flipped 3 hours ago | parent | prev [-] | | [flagged] |
|
|
| ▲ | andybak 3 hours ago | parent | prev | next [-] |
| But surely there's a way to do this without totally killing valuable functionality? It's like the Android Sideloading debate all over again. Something that is very useful to 1% of users is stripped away. And we end up with dumb appliances (and ironically - most likely still no privacy ) |
| |
| ▲ | jeroenhd 3 hours ago | parent | next [-] | | You can probably get around this problem by compressing the file and uploading it in a .zip. Google Files allows for making zip files at least, so I don't think it's a rare feature. I think the linked spec suggestion makes the most sense: make the feature opt-in in the file picker, probably require the user to grant location permissions when uploading files with EXIF location information. | |
| ▲ | sixhobbits 3 hours ago | parent | prev [-] | | yeah it does sound kind of dodge that there's no option even for advanced users to bypass this, I would guess mainly a moat to protect Google Photos. I wonder if online photo competitors are finding a workaround or not as searching your photos by location seems like a big feature there | | |
| ▲ | jeroenhd 3 hours ago | parent | next [-] | | I don't know when Google's EXIF protections are supposed to kick in, but so far my photos auto-synced to Nextcloud still contain location information as expected. I don't think this has anything to do with Google Photos. People fall victim to doxxing or stalking or even location history tracking by third party apps all the time because they don't realize their pictures contain location information. It's extra confusion to laypeople now that many apps (such as Discord) will strip EXIF data but others (websites, some chat apps) don't. | | |
| ▲ | Barbing 39 minutes ago | parent [-] | | Important point: > It's extra confusion to laypeople now that many apps (such as Discord) will strip EXIF data but others (websites, some chat apps) don't. You've given me a lot of sympathy for the young'uns whose first experiences on the web might have been with EXIF-safe apps. Then one day they use a web browser to send a photo, and there's an entirely new behavior they've never learned. |
| |
| ▲ | raw_anon_1111 21 minutes ago | parent | prev [-] | | This is honestly a horrible argument. Any app on Android can still get EXIF data |
|
|
|
| ▲ | morissette 3 hours ago | parent | prev | next [-] |
| Seems like such a shitty thing to victimize the potential victim. But… if you didn’t know that images you took had metadata… maybe you shouldn’t be allowed to use a computer. I mean. I’m going on decades of knowing this. Feel like there is a mid 90s X-Files episode that even like breaks this down. If not NCIS or some shit. |
| |
| ▲ | roywiggins 2 hours ago | parent | next [-] | | Even people who know it, don't think about it and don't connect it with the potential consequences of uploading a picture to a website. And why would they? It's not visible, there's no warning, it's just not something that's going to be top of mind. | | |
| ▲ | SirMaster 2 hours ago | parent [-] | | So we should educate people about it. Don't you think that constantly coddling people about tech just breeds tech-illiterate people? Wouldn't it be better if people were more tech-literate? Coddling only works when those who are in charge of the tech play nice. But then breeds people who will more easily fall victim to the bad actors. | | |
| ▲ | roywiggins 2 hours ago | parent [-] | | I said that people who already know don't think about it. That's not something you can solve by educating them more. When I'm sharing a photo, I am going to think about what I can see in the photo as a data risk, not the invisible stuff that I might intellectually have heard about. It's just not going to come to mind. People who know about phishing get got by phishing attacks, too. How well has however many years of "cyber awareness training" gone? |
|
| |
| ▲ | madeofpalk an hour ago | parent | prev | next [-] | | You're right - this is a shitty view on this. It's incredibly opaque that images secretly contain the GPS coordinates of where they were taken. There's no way that's obvious or intuitive. I think the 'ideal' thing to do would be an opt-in toggle for sharing "location and other extended info" for photos when selecting them, but I'm sure you can understand why a dev team took a shortcut to solve the immediate pain for most users most of the time. | | |
| ▲ | Barbing 33 minutes ago | parent [-] | | When you upload the photo, at risk of great confusion they could essentially watermark the photo or add a banner showing the location and perhaps some of the other key details, like camera model, right on the photo so it would at least get across to the user that there is an association between these two things that needs to be disabled. To dismiss the banner you'd have to click a dismiss button which would ask you to confirm that you want to get rid of the location data completely. Then there would be a tiny little button that says “hide this location inside the photo, where I can't see it easily, but everyone totally could”. (But less stupid.) It would be terrible because there would be huge support threads on why it's trying to share an image with an overlay, but it would get it across. Would be a different failure mode for user privacy than what you would have with a text prompt or an interstitial or whatever. |
| |
| ▲ | pjmlp 3 hours ago | parent | prev [-] | | 100% of the people that don't know that HN exists, most likely don't know images have metadata. |
|
|
| ▲ | bspammer an hour ago | parent | prev | next [-] |
| This kills an entire class of useful crowdsourcing web apps though. Just off the top of my head, contributing to OSM is much easier when you can just take a bunch of photos and see them displayed on a map. |
|
| ▲ | lxgr 2 hours ago | parent | prev | next [-] |
| 100% agreed; people generally don't realize how deanonymizing EXIF data can be. I remember one of my cameras or phones including a "seconds since device startup" counter; together with the exact time the photo was taken, this yields a precise timestamp of when a phone was last restarted. This by itself can be highly deanonymizing out of a small to medium sized set of candidate phones/photographers. |
| |
| ▲ | buildbot 2 hours ago | parent [-] | | I mean the serial number of the camera and possibly lens are included too… | | |
|
|
| ▲ | sylario 3 hours ago | parent | prev | next [-] |
| On reddit half of "the is it AI?" question are answered by "Yes, it say so in the metadata". |
|
| ▲ | jorvi 3 hours ago | parent | prev | next [-] |
| AFAIK a lot of the bigger sites / services already hide or outright strip EXIF. Its better to do it from the source, obviously. |
|
| ▲ | master-lincoln 3 hours ago | parent | prev | next [-] |
| Because most people have no idea how the tools they chose to buy and operate work, the few rational people who educate themselves have to suffer... This sounds like a downward spiral concerning freedom. |
| |
| ▲ | roywiggins 2 hours ago | parent [-] | | You don't have to be irrational to not know things. | | |
| ▲ | master-lincoln 2 hours ago | parent [-] | | True, but isn't it irrational to continue operating something you know could cause harm to you when used wrongly, despite not knowing how to use it correctly? | | |
| ▲ | Barbing 30 minutes ago | parent [-] | | The hypothetical person we're considering does have an entire life, too. Their rationale may have emerged from careful risk analysis and weighing of opportunity costs. |
|
|
|
|
| ▲ | darkhorn 4 hours ago | parent | prev [-] |
| I agree with you. The next steps should be to disable the internet nationwide like North Korea. People have no idea how much bad things are there. Also I don't like fun things. |
