Skip to content

Internal Google docs expose years of mishandled user data across various platforms

  • by
  • 4 min read

A trove of leaked internal documents spanning six years from 2013 to 2018 exposes a litany of privacy failings at Google. These include children’s voice data, leaks of carpool users’ trips and home addresses, and YouTube recommendations based on users’ deleted watch history, raising serious concerns about how the tech giant safeguards our personal information.

While individual incidents may seem insignificant on the surface, the cumulative effect is a cause for alarm. The leaks showcase a systemic lack of control over sensitive user information.

First reported by 404 Media, the data also includes privacy issues internally reported by Google’s employees. These include problems with the company’s data collection practices or products, multiple flaws in third-party vendors, or mistakes made by company employees or contractors that may have impacted Google’s systems.

Google has an in-house incident reporting mechanism, with P0 being the highest priority rating and P1 being the second. Some incidents that should have been accorded a high priority rating weren’t properly escalated.

In 2016, a Google Street View algorithm bug allowed the company to transcribe and store license plate numbers from photos. Although this was an accident with no malicious intent involved, it showcases that even an honest mistake at such a level can impact user privacy.

“Unfortunately, the contents of license plates are also text and, apparently, have been transcribed in many cases,” wrote one Google employee. “As a result, our database of objects detected from Street View now inadvertently contains a database of geolocated license plate numbers and license plate number fragments.”

This incident serves as a reminder that big tech manages a large trove of data, and even a few potential leaks here and there can have a massive impact.

Another major incident involved the public exposure of the emails, geolocation, and IP addresses of more than one million users, including children, from Socratic.org, which was available to view on the website’s page source. The exposure was patched when, but it was a year too late.

The documents further reveal troubling security lapses within Google’s ecosystem. A critical filter designed to prevent the collection of children’s voices reportedly malfunctioned, raising concerns about how effectively Google safeguards minors’ privacy.

Additionally, a rogue employee manipulated advertising codes, exposing potential security holes within Google’s ad platform.

The data breach extended beyond Google’s walls. A Google employee with administrative access peered into Nintendo’s private YouTube channel, potentially compromising details about an unannounced Yoshi game. This information reportedly leaked online to Reddit, raising concerns about Google’s internal controls and the potential impact on its partners.

Perhaps most alarming is the sheer variety of incidents documented. Leaked employee payment information, mistaken app downgrades for government clients, and accidental video leaks from partnered companies all point to a pervasive culture of data mismanagement.

While Google maintains that all flagged issues were addressed then, the leak raises serious questions about transparency. Many of these incidents were never reported to the public, leaving users in the dark about the potential exposure of their personal information.

“At Google employees can quickly flag potential product issues for review by the relevant teams. When an employee submits the flag they suggest the priority level to the reviewer. The reports obtained by 404 are from over six years ago and are examples of these flags—every one was reviewed and resolved at that time,” a Google spokesperson told 404 Media.

These incidents serve as a reminder that data is not secure, and even an honest mistake at such a level can potentially impact thousands of users. Companies must take responsibility for their actions instead of sweeping the incident under the rug.

In the News: 3 Games coming to Xbox Game Pass in June 2024

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>