Reflections on the frustratingly user-hostile motivations behind Google’s unified user accounts

“If it’s free, you’re not the customer, you’re the product.”

–Everyone on the Internet

As I’ve written about several times on this blog, my 11-year-old son did an informal internship with us at Room 34 this summer. Part of the process of getting him set up as a part of the business was giving him his own email address.

We use Gmail (as part of Google Apps for Business) for our email. As such, creating an account for him on our email domain essentially created a Google user account for him, because Google has, of course, bundled all of their services together under a single login: Gmail, YouTube, Google+ (which no one uses), etc. Sounds convenient, right? Sure, but…

A couple of weeks ago, unbeknownst to me (go ahead and judge my parenting now), my son discovered that with his mail login he was able to log into YouTube as well. We have made it clear to him in the past that (legally) you have to be 13 to get a YouTube account, and that we had no intention of helping him circumvent that. But, kids being kids, he tried to take advantage of this back door he had discovered.

Problem is, YouTube asked for his birthdate. And he gave it. His real birthdate.

Nope! said YouTube, and his account was suspended. But not just his YouTube account. His entire Google account. Suddenly we found he couldn’t log into his email. I went into our Google Apps for Business account to manage the domain, and I discovered, to my supreme annoyance and frustration, that when a user account is “suspended” it really is suspended — it’s in a strange state of semi-existence. It can’t be used, but it also can’t be deleted, even by a domain administrator. So now his email address — his email address on my business domain name, not “gmail.com” — is entirely untouchable.

It’s no surprise that we are Google’s product. A customer is a person or company who pays for products or services rendered. Google’s advertisers are their customers, and our attention is the product they are selling.

As a result, Google collects enormous amounts of data about its users. It tracks as much of our activity across all realms of the Internet as possible. That’s why we are a valuable product to their customers — the advertisers. The more information Google collects about us, the more valuable we become as targets for advertising. And all of that data collection is why Google is required to comply with the federal law regarding collection of information about people under the age of 13 on the Internet. Therefore, my 11-year-old son not only can’t have a YouTube account, but he can’t have an email address that is connected to Gmail, because a Google account is a Google account, period.

On a basic level this is a major inconvenience to me and to my son for our purposes of getting him experience working on the Internet. But on a much deeper level, it is more profoundly disturbing for its privacy implications.

As a web developer, I work often with Google Analytics. I help our clients set it up on their websites. I even use it on my own sites (including this one). It’s great to see where your traffic is coming from, which parts of your site are or aren’t getting traffic, which devices and browsers your visitors are using, etc.

But remember, Google isn’t just collecting that data for your benefit. They’re collecting all of that and much more for their own purposes, far beyond what they even make available to site owners on Google Analytics.

Google has created a scenario through Gmail and YouTube (and, I suppose, Google+) where a large percentage of Internet users are logged into Google at all times, with cookies stored in their browsers. Combine that with Google Analytics being installed on a large percentage of websites around the world, and Google knows that you are visiting all of those sites. You may not be providing the sites you’re visiting with any of your information, and they can’t read Google’s cookies themselves, but they’re pulling in a little piece of Google on every page load, and that piece of Google can read the Google cookies on your computer, identifying not just a computer with your same OS and web browser, connecting from your specific IP address, but you, the logged-in Google user.

What are they doing with that information? And what might someone else do with that information?

I do not like this, not one bit. And yet I still happily use these Google services. And you probably do too.

Oversharing and paranoia

Oversharing is an inherent part of social media. Just ask anyone who’s made the mistake of clicking a Socialcam link on Facebook.

But oversharing takes different forms, and the most potentially dangerous type is one many people don’t even realize exists: the copious logging of your online activities by the social networking sites you’re logged into. Thanks to their “deep integration” with other websites, you may be “sharing” your browsing habits with Facebook, Twitter and Google even when you’re not on their sites.

Have you ever been on a site and noticed a little corner of the site looks like it’s been invaded by Facebook? That sickly blue, the font, the little profile pictures of your friends who’ve liked or commented on the page you’re currently viewing?

How did that get there? It’s because the site is integrating with Facebook, and through the magic of cookies, Facebook’s servers can tell that it’s you looking at the page and deliver content customized to your profile. Maybe you like that, but I find it a little creepy. Twitter and Google do it too, even if it’s not as obvious.

Google may be the most insidious, with so many of its tools now consolidated under a single login. If you use Gmail, and you keep your account logged in, every Google search you do is logged. Ostensibly this is to help deliver “personalized” results. More crassly, it is used to put “targeted” ads in front of your eyeballs. But that data is being collected, and regardless of what Google says their privacy policy is now, the data is there, and could stay there for a long time. Someday Google might change their policies or sell that data or the government might subpoena it or just come in and take it.

What’s worse, Google Analytics is everywhere. Heck, even paranoid old me uses it. Google says Analytics isn’t tied in with your Google account, and maybe it’s not… yet. But why assume it will always be that way?

Fortunately, there’s something very simple you can do to combat all of this data collection. It’s the online equivalent of a tinfoil hat, except it actually works. Log out. And just to be safe, clear your cookies.

I’m trying something out right now that takes all of this even a step further. It all hinges on the fact that in all three of these cases — Facebook, Twitter and Gmail — the web interface is probably the least usable, least satisfying way to experience these services. I’ve never really been a user of Gmail’s web interface; I’ve always preferred using the Mac’s built in Mail application. But now I’m also strictly using the Twitter app on my Mac. (I already use Tweetbot on my iPhone.) And I have made the decision not to use Facebook on my computer at all. I already hated the Facebook web experience anyway, so why bother with it? Now I am only going to check it using the Facebook iPhone app.