DayFR Euro

Child registrations, license plates… Google leak reveals (serious) confidentiality problems

It’s a discovery that stands out in Google news. The American company would have “accidentally” collected voice data of minor users, disclosed personal addresses and carpool trip routes, but also exploited the deleted history of certain users on YouTube to offer personalized recommendations. In an edifying – and rather worrying – internal report obtained by 404 Mediawe discover that the web giant would have failed several times to basic obligations of confidentiality.

Isolated incidents, but very real

Spread over six years, these incidents would never have been publicly reported, for the simple reason that they only concerned a restricted panel of people, and that they would have been quickly resolved. The fact remains that for one of the most powerful companies in the world, the leak of such sensitive data can quickly take on exponential proportions.

Initially reported by Google employees during internal feedback, the malfunctions made public by 404 Media testify in turn to several serious failings: internal problems in data collection, vulnerability of third-party suppliers, human errors on the part of Google’s internal staff or its subcontracting companies… The report contains dozens of sources of leaks, and just as many consequences, ranging from personal email to larger data leaks, having been the subject of internal security reports between 2013 and 2018.

Thus, a case dating from 2016 relates how the company’s text recognition system allegedly used Street View data to store hundreds of license plates in plain text, thus revealing the position of the vehicles concerned over a given time. In his report, a Google employee states: “I would like to point out that it was an accident. The system that transcribes these pieces of text should have avoided the images identified by our license plate detectors, but, for reasons still unknown, it did not do so.“.

Records of affected children

Even more serious, the report disclosed by 404 Media also reports several audio recordings, captured and stored without user consent. Among this data, a thousand children’s voices were recorded, estimates the internal investigation: “An estimated 1,000 child declarations were collected. The team deleted all recorded voice data from the affected period“. In the vast majority of cases, internal reports indicate that the problem was resolved immediately.

Asked by 404 MediaGoogle says: “At Google, employees can quickly flag potential product issues for review by the appropriate teams. When an employee submits the report, they suggest the priority level to the assessor. The reports obtained by 404 are more than six years old and are examples of these red flags: each was investigated and resolved at that time“.

The full report is available (in English) right here.


Related News :