Why is this so hard?
There’s a lot of data in your photos. Location data reveals where you were. Facial recognition reveals links between users, friends, family members. Image recognition helps Google create a profile on you, to better advertise to your interests. Those photos can be used to train image recognition for better image search online. Google really wants your photos and videos. If you can easily remove them, they don’t have that precious data.
So why are they handling them in an insecure way?
If you’ve used Google Takeout, Google’s service that allows you to download and backup anything Google has stored for you, Google may have leaked your private videos to strangers. Random users on Google Takeout may have downloaded not only their own videos, but your private videos as well.
Google just gave away something it was supposed to be keeping secure. How did this happen?
The Leak
Google Takeout allows you to back up your information off of your Google account. It’s a tool useful mostly for people who decide they don’t want all their cherished memories in one place or are leaving Google behind. The key theme here is that these are Google users or people leaving Google who already don’t completely trust the service. If they are staying on as customers, leaking their personal videos could be the final straw.
Google says users who used Takeout not only may have gotten strangers’ videos, but they may have also have had their own videos replaced by strangers’ videos. Google is telling users to delete the exported backups containing other people’s videos, and to re-download the backup. This time they’ll only get their own videos.
Hear that everyone? Don’t go looking at those videos that may be extremely private, just go ahead and delete them, okay?
Google says the bug affected less than 0.01% of Takeout users, just users who downloaded their Google information between November 21st and the 25th, 2019. They’ve reached out to potentially affected users.
Google doesn’t say how many people have used Takeout. However, Google has over 1.5 billion active Gmail users. If every one of them used Takeout, it would be 15 million people affected. That’s a high end estimate. All we know is the number of affected users is between two and 15 million people. That’s a reasonable range, right? It’s likely only in the thousands, but Google won’t say.
It’s All Our Data, Not Yours
Your photos are not safe from this. Nothing you use Google for is safe. From your browser (Chrome), to your Android device tracking your every move. Google is watching everything you do to build out a profile on you. This can lead to useful predictions, like telling you about a new Thai restaurant in your area you might love, but it also is incredibly invasive. Looking through your photos and videos for information could lead to those photos and videos being associated with other users. That might be how you end up with someone else’s kid blowing out their candles at their fourth birthday party instead of your kid. To Google, your profile ID is only really there to associate your information with you. It doesn’t matter if they’re a little off, usually.
The services that Google provides should cost a lot of money. They don’t. That’s because they aren’t the products Google sells. You are. This glitch was just another reminder of that.
Sources:
- Thomas Brewster, Forbes
- Abner Li, 9to5Google