A recently leaked internal Google database offers yet more insight into the giant’s questionable security practices and policies around collecting and storing users’ personal data.
The database consists of thousands of reports filed by Google’s own employees covering a variety of incidents, writes 404 Media, which said it has had access to the documents.
Despite the claims that each of these individual events would have likely impacted a relatively small number of people, the sheer range of the incidents paints a grim big picture, affecting the trustworthiness of one of the most impactful, regarding online privacy and security, companies in the world.
The database that is now public covers the period between 2013 and 2018 and the instances described in reports are qualified as unintentional or a result of either human or technology error, both by Google, its employees and tech, and contractors, third parties, etc.
These include exposing more than a million email addresses (and likely at the same time, users’ IP addresses and geolocation) – with this particular incident being anything but short-lived – this went on for over a year. The emails were available via the source code of the site of Google acquisition Socratic.org.
In a case from 2016, an employee filed a report revealing that Google’s algorithm transcribing text from Street View images captures license plates as text, the result of which is that its database “now inadvertently contains a database of geolocated license plate numbers and license plate number fragments,” the employee wrote, insisting this was a glitch in the technology.
Although Google has a filter to prevent its speech service from recording children, this failed in at least one documented instance, when about 1,000 data files containing children’s voices were recorded over a period of an hour. The relevant report from the leaked database claimed that all the logged data had been deleted.
Yet more incidents include a Waze carpool feature leaking home addresses and trips taken by users, a Google employee accessing videos listed as private on Nintendo’s YouTube channel, and then “leaking information ahead of Ninendo’s planned announcements.”
This was qualified by Google as “non-intentional.”
There was more trouble at YouTube; “YouTube made recommendations based on videos users had deleted from their watch history,” the report said, noting this violated the platform’s own policy.
In another case, YouTube’s blurring feature was actually “exposing uncensored versions of pictures.”
