Google wants to track you in real life – privacy group says, ‘No way!’

There’s a long-term marketing bugaboo that Google has plans to fix: how to convince its clients that their ad dollars are turning into sweet payola.

As Google announced at its annual Marketing Next conference in May, it will go beyond just serving ads to consumers. Using an artificial intelligence (AI) tool called Attribution, it said it would follow us around to see where we go, tracking us across devices and channels – mobile, desktop, and in physical stores – to see what we’re buying, to match purchases up with what ads we’ve seen, and to then automatically tell marketers what we’re up to and what ads have paid off.

Google said at the time that it was planning to anonymize the data and then hash it over, as in, “User 08a862b091c379fe9767615d10873 saw these 10 ads in the morning, and spent $27.73 at a certain grocery store that afternoon.”

Well, that is not reassuring whatsoever from a privacy standpoint, the Electronic Privacy Information Center (EPIC) says. On Monday, EPIC announced that it’s filed a complaint (PDF) with the Federal Trade Commission (FTC) to stop Google from tracking in-store purchases.

As Google is happy to boast, it’s captured data on over 5 billion debit and credit card purchases in stores in just under three years using AdWords. Google then matches individuals’ buying histories with what they do online.

In fact, Google’s using “third-party partnerships” to gain access to what it says are “approximately 70% of credit and debit card transactions in the US.” But Google hasn’t identified who those partners are, or how they’ve captured all that information.

Likewise, Google says it’s protecting online privacy, but it’s refused to say how, EPIC says. Nor will Google allow independent testing of whatever technique it’s using to preserve consumer privacy.

From the complaint:

Google claims that it protects online privacy but refuses to reveal details of the algorithm that “deidentifies” consumers while tracking their purchases.

The privacy of millions of consumers thus depends on a secret, proprietary algorithm.

Google has said that it can’t give details on its mathematical formulas because of a pending patent.

But it has also revealed that the algorithm was based on CryptDB, a database that works by executing SQL queries over encrypted data (PDF of an MIT paper on CryptDB). CryptDB, however, has known security flaws: Microsoft researchers in 2015 hacked into a CryptDB protected database of healthcare records and accessed over 50% (sometimes 100%) of sensitive patient data at an individual level.

Beyond Google’s lack of transparency about exactly how it’s protecting consumer privacy, EPIC also says that its tracking opt-out process is “burdensome, opaque, and misleading.”

According to Google, turning off Web & App Activity stops Google from saving information about the ads a user clicks. However, serve and click data may still be stored in a manner that allows for personal identification of the user even when Web & App Activity is turned off. Whenever an ad is served to a user’s browser, Google’s servers create a log that includes the user’s IP address and a unique identifier attached to the relevant Google advertising cookie.

Nor does opting out of Google cookies stop ads from being served. Those ads continue to be logged on Google’s servers, as do users’ IP addresses. The only way to get away from the tracking is by using a third-party product, such as a virtual private network (VPN), EPIC says.

Information about all this is buried several pages into Google’s Privacy Controls, and even if you get that far, Google doesn’t disclose the extent to which opting out of Web & App Activity stops it from tracking your interactions with Google ads.

EPIC’s asking the FTC to stop Google’s tracking of in-store purchases and to determine whether Google adequately protects consumer privacy.

It notes that Google’s looking to slather its dominance of online advertising onto the physical world. Absolutely. But who isn’t?

Amazon, for one, has also been stretching the boundaries of its online existence. In June, it was granted a patent to stop shoppers from checking online prices from competitors when we’re in one of its physical shops.

To do so, as it described in the patent, it would watch any online activity conducted over its Wi-Fi network, detect any relevant product information being searched on, and respond by either sending the shopper to a completely different web page, blocking internet use altogether, and/or sending a store clerk scurrying over to our exact location in a store.

But at least you’ve got the option of not using Amazon Wi-Fi. Going further back still, marketers have been using technology to follow us around, no need to sign on to a store’s Wi-Fi, as our mobile phones broadcast our movements as we shop.

We’ve also seen both spying billboards and space-age garbage cans that advertisers have used to monitor peoples’ movements by tracking the unique IDs of their mobile phones.

Just how much fuel do we want to add to what Google already knows about us? Depending on which of its tools we use, Google knows what we think, what we need, what we desire, our political and spiritual beliefs, our age, our gender, what music we listen to, what we watch, what we read, where we’ve been, where we plan to go, where we work, where we hang out, where we live, who we meet, where we shop, when we shop, what we buy, how much money we’re worth, how much we spend, and how much energy we consume.

If you want to know what the truly privacy concerned experts think of Google adding data about what we buy in real-world stores to that already sky-high pile, what better place to turn to than The Tor Project?

In a nutshell, the answer is “Go, EPIC, go!!!”

Google says it’s dismayed by EPIC’s complaint. A spokeswoman sent this statement to Ars Technica on Tuesday:

We take privacy very seriously so it’s disappointing to see a number of inaccuracies in this complaint. We invested in building industry-leading privacy protections before launching this solution. All data is encrypted and aggregated – we don’t share or receive any identifiable credit card data whatsoever.

Ars Technica’s Sean Gallagher, who reported on the CryptDB security vulnerabilities back in 2015, says that Google also claimed that it only learns the “aggregate value” of several purchases, not individual ones, and that neither it nor the ad buyer knows where the individual clicks came from.