11 Google File Sharing Facts That Are a Risk To Your Privacy
Just about everyone knows about Google’s file sharing options. Google Drive, Google Docs, and Gmail have become mainstays of the industry with millions of users across their sharing apps, and for a good reason. Google’s offerings are simple-to-use, reliable, and make getting your files to recipients for instant collaboration a breeze.
There may be a darker side to all this Google-related cheer, though. Google’s file sharing comes with its share of privacy concerns, and despite Google’s insistence that your information is stored in their “secure data centers” there’s no shortage of articles about the company leaking information or allegedly mining and marketing data to third parties to make a buck.
Here are some facts that might make you think twice about your privacy when making use of Google’s various platforms.
1) Google Has Some Sordid History with Their File Sharing
We mentioned one lawsuit Google found itself mired in at the onset, but that isn’t the first, last, or only time Google has found themselves in hot water. Look at Matera vs. Google if you’d like. Though they dodged any serious repercussions with a settlement, the fact that instances like this keep popping up doesn’t bode well for the company’s image.
In particular, it gives the impression that providing a quality service is more of a secondary concern and gobbling up as much information about users (and non-users) that they can use to turn a profit is their primary aim. They might claim otherwise, but then, why would they only address the issue after they found themselves in court?
While some protestation might seem like conspiracy theory, there’s definitely a pattern there that would suggest Google isn’t nearly as altruistic as it paints itself to be, and anyone using their services should think long and hard about giving such a gigantic company so much access to their personal data. That warning applies to every company, of course, but Google’s history with shenanigans makes it that much more apropos.
This warning is further compounded by incidents like this one, where Google was syncing user photos through Google Photos even after they deleted the app from their phone. Though they gave the usual corporate speech about how they were committed to making things “clearer” for users of their programs, one just can’t help but wonder, which leads to another interesting point.
2)The Terms of Service Aren’t the Most Reassuring
To be clear, Google is upfront about the fact that “You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.” Good so far, but then there’s this bit:
When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps).”
Now, some rightly claim that this is just giving Google the permission to use your data for derivative uses like their Google Translate service, and that, as they state on the onset, your intellectual property remains yours. It’s not a “gotcha clause” right? True, but Google is still holding on to your data, even after you leave, and as we’ve determined, they’re none too shy about continuing to use that content to their own ends and continue to exert their dominance as global overlords of personal data.
Don’t forget about this either:
We may modify these terms or any additional terms that apply to a Service to, for example, reflect changes to the law or changes to our Services. You should look at the terms regularly. We’ll post notice of modifications to these terms on this page. We’ll post notice of modified additional terms in the applicable Service. Changes will not apply retroactively and will become effective no sooner than fourteen days after they are posted. However, changes addressing new functions for a Service or changes made for legal reasons will be effective immediately. If you do not agree to the modified terms for a Service, you should discontinue your use of that Service.”
So, they can “change the game” on you when they see fit, and conveniently claim that they’re just trying to comply with new laws. As you might have already guessed, this poses another interesting conundrum.
3) They Still Have to Comply With World Governments
Sometimes government intervention isn’t so bad. Other times, they’ll come up with any reason they like to snatch up private details for little to no reason at all. Remember the Patriot Act? PRISM? Expanding snooping on civilians that ballooned under President Obama and may well continue throughout the Presidency of Donald Trump?
At least Google is (supposedly) transparent about all those requests for user information that they receive from government entities, and, as they state they “aim to put users first” whenever they get such requests. Still, that wording is less-than-clear, and anyone planning on using Google file sharing for any reason should keep in mind that, if the government wants it, they can just ask Google for it.
4) Security Holes Do Pop Up from Time To Time
It’s the nature of just about any platform. Bugs will arise, and Google has had their share. There was the “anyone who has the link” fiasco, wherein the shareable link could enable crafty third parties to sneak a look at private data “without further authentication.” It was patched, but these sorts of issues aren’t uncommon.
More recently, Wired reported on the potential of shortened links being exploited to spy on people’s Google Maps information:
To fully illustrate the creepy potential of that publicly accessible mapping data, the researchers went so far as to identify one “young woman” who had shared directions to a Planned Parenthood facility. Starting with the Google Maps data from shortened URLs that pointed to her home, they were able to confirm her address, full name, and age—thankfully none of which they shared in the paper. “That’s a very substantial privacy leak,” Shmatikov says.”
The broader point? Yes, Google dedicates a substantial amount of time to identifying and plugging vulnerabilities, but no service is perfect. With a large network like Google that has so much information at its fingertips, the implications of even unintentional privacy violations are thoroughly chilling.
5) Your Google Account Poses A Liability
“One account. All of Google.” That little service that Google provides to make it easier to access all their various platforms is intended to help, and indeed, it does make it easier just remembering one password for all of your Google “stuff.” On the flipside, though, this poses a risk from a security and privacy standpoint.
If someone can get into one of your accounts surreptitiously, or, through negligence you forget to log out of an account and leave your device open, all your accounts then become vulnerable. What’s more, services like Google Drive don’t log you out automatically, meaning you’re particularly susceptible to less-than-scrupulous individuals with ill-intent.
6) Two-Factor Authentication Can Help…
Thankfully, to curtail this problem, Google allows you to enable two-factor authentication on your account to make it more secure. In short, 2FA requires that you provide two different means of proving yourself before you can access the account. In the case of Google, it’s “something you know (your password) and something you have (a code sent to your phone).”
You can read the steps for turning on Google’s 2FA here. It’s bolstered by the fact that you can use an email recovery option to get back into your account if you for some reason forget your password, and can also get a passcode sheet in case someone does manage to circumvent the security on your account and changes your normal password.
7) …But Mobile Access Presents A Concern
Unfortunately, not even this method is foolproof, and savvy tricksters continue to discover ways around the two-factor system, either through clever workarounds or skillful social engineering. To make matters worse, you can completely bypass 2FA on mobile devices for increased convenience and flexibility. Sounds good, until you lose a device that you forgot to lock, and someone else is rummaging around all your Google accounts with no restrictions.
8) Phishing Is Still an Issue
The above raises another issue. For all that Google does to make Drive and their other services secure, the human element is always open to manipulation. The tricks range from spoofing the Google login page (which was fixed) to taking advantage of human nature to get people to grant access to their accounts unknowingly.
To keep yourself safe, you should arm yourself with the knowledge you need to identify and avoid phishing attacks and social engineering. With some study, you can learn to spot the signs that you’re being targeted and keep your passwords and other sensitive authentication information close to the vest.
The rule of thumb is to watch out for spam emails, make good use of encryption and firewalls, don’t email passcodes or other similar data, don’t click on links from unknown senders, and avoid entering any information in random pop-up screens (among others).
9) You’ve Got To Know How To Work The Options
Within Google’s File sharing network, there are lots of options that affect who can access and edit the data you store. Unfortunately, not all of these are as intuitive as Google might hope, which can lead to confusion and the potential for you to accidentally make something accessible to all that you meant to keep private. The only way around this is to familiarize yourself with the options Google allows for deeply, and know what you’ve got your various files set to.
For example, the aforementioned link sharing. If you turn it off, only you or specific people you designate can see the file in question. If you turn it on for “anyone with the link,” then only people you’ve provided the link should be able to see it, if you turn it to “on for the public,” anyone across the web can access that file (even through search engines). Make sense?
Other things you should take the time to research are editing features, sending attachments, owner privileges, and other such options that determine what specific users can do with specific files. There’s a lot of information to take in, but knowing about it all will help you better protect your privacy when using Google file sharing platforms.
10) Google’s Got a Big Target On Its Back
As a repository of untold tons of personal data, Google has long worn a target on its back for cyber attackers. The trend shows no sign of slowing down, and there’s a hefty list of attempts taken throughout the years to cite. Like this one, where, apparently, government intelligence agencies were attempting to gain access to Gmail to snoop on individuals, or Operation Aurora, a coordinated effort to glean sensitive information from the tech giant.
One might say that it comes with the territory of being such a popular service, but it’s something to keep in mind before choosing to use Google for file sharing purposes. Convenience is great, but are you comfortable with the risks to privacy?
11) You Might Want to Look Into Encryption
Finally, you might want to take some additional steps of your own to enhance your privacy when using Google’s services, as Google doesn’t use client-side encryption for the data you upload (meaning they can access the files in your account when they choose). Pre-encryption is a popular option, for preventing this, and you can read more here about getting it done.
Like most cloud-based solutions, it all comes down to how you want to balance security and privacy. In the end, this decision falls on you, but you should make sure you’re well informed about all of Google’s practices and the ways you can further protect yourself before making your final call.
- 1 1) Google Has Some Sordid History with Their File Sharing
- 2 2)The Terms of Service Aren’t the Most Reassuring
- 3 3) They Still Have to Comply With World Governments
- 4 4) Security Holes Do Pop Up from Time To Time
- 5 5) Your Google Account Poses A Liability
- 6 6) Two-Factor Authentication Can Help…
- 7 7) …But Mobile Access Presents A Concern
- 8 8) Phishing Is Still an Issue
- 9 9) You’ve Got To Know How To Work The Options
- 10 10) Google’s Got a Big Target On Its Back
- 11 11) You Might Want to Look Into Encryption