Thursday, January 25, 2018

Google's Timeline

I was reading an article on Slashdot yesterday in which the author claimed that Google had lost its innovative edge and was now focused purely on "chasing the consumer". Being Slashdot, most of the commenters agreed. One  particular comment mentioned something I had not heard of before: Google Timeline. You can access it by going to

https://www.google.com/maps/timeline?pb

To my surprise, I found 428 places that I have apparently visited in the past 5 years, all presented in a nice browsable Google map interface.


I take a nice, long motorcycle ride each summer, frequently heading up from Santa Fe, NM to British Colombia or Alaska, and it sure looked like all the places I'd been were on the map. Digging a bit deeper, I began to realize that there was a lot more fine-grained data there. For example, one day in August 2106 my riding partner and I decided to take a float plane ride from the harbor at Victoria, BC.


There was a lot of detailed data preserved and available via Google's map interface: travel time for each link, distances, restaurants stopped at, hotels, and geotagged photos taken along the way.

I suppose we all know that Google collects data from your Android phone, but I was still surprised at how much they had collected, and how cohesive it was. I decided to look around to find if anybody had done a study to determine how much data Google collects from Android phones. Someone had: the people at Quartz had just published a study on this very subject. From the article:


Quartz was able to capture transmissions of Location History information on three phones from different manufacturers, running various recent versions of Android. To accomplish this, we created a portable internet-connected wifi network that could eavesdrop and forward all of the transmissions that the devices connected to it broadcast and received. None of the devices had SIM cards inserted. We walked around urban areas; shopping centers; and into stores, restaurants, and bars. The rig recorded every relevant network request made by the Google Pixel 2, Samsung Galaxy S8, and Moto Z Droid that we were carrying.



  • According to our analysis of the phones’ transmissions, this is just some of the information that gets periodically sent to Google’s servers when Location History is enabled:
  • A list of types of movements that your phone thinks you could be doing, by likelihood. (e.g. walking: 51%, onBicycle: 4%, inRailVehicle: 3%)
  • The barometric pressure
  • Whether or not you’re connected to wifi
  • The MAC address—which is a unique identifier—of the wifi access point you’re connected to
  • The MAC address, signal strength, and frequency of every nearby wifi access point
  • The MAC address, identifier, type, and two measures of signal strength of every nearby Bluetooth beacon
  • The charge level of your phone battery and whether or not your phone is charging
  • The voltage of your battery
  • The GPS coordinates of your phone and the accuracy of those coordinates
  • The GPS elevation and the accuracy of that

That's a lot of data, and I'm guessing that Google hasn't thrown any of it away. As the Quartz article points out, whether or not to allow Google to collect location data from your phone is optional, but as the article also points out, Google makes it sound like Google services such as Maps and Assistant won't be nearly as useful to the user if you don't opt in.

So, let's pause for a moment and consider some of the implications of getting your Google account hack.

No wonder all the bad guys on NCIS use burner phones.