Chrome allows to let users manage the permissions they've granted in the past for each site.This is a tale of two diametrically opposing Google philosophies that currently happen to exist at the very same time.

  • On the one side, there are the remnants of the “don’t be evil” camp. Yes, it feels there are still quite a few around these days, even if the famous motto has been purged from list of values a long time ago. In terms of geolocation, let us call this resilient little village of indomitable Gauls team Chrome or team Maps.
  • On the other side, there is the “if it’s technically possible, let’s do it” camp. Well, to be fair, this camp strives hard to “think about the users”, and in order to prove their points they run millions of statistical tests to prove that whatever technical shenanigans they gave birth to, there is enough user utility to justify the means. Let’s call them team core search.

Both camps aim at the holy grail: Geolocation. Or in non-nerd speak, the actual place you are at when you are using any of Google’s products. Why is this a sweet bit of information? Well, only think of all the local advertising dollars that could be made.

Gathering data

So how does a data kraken like Google tackle the problem? Step one, get tons of data. More specifically, why don’t you just send a bunch of neat cars around with lots of cameras as well as wireless network sniffers, and some fine GPS kit to geocode all that data. The prize: The MAC addresses of every households’ wireless routers, and putting the right geo-coordinates on each. If driving around in mysterious cars and horrendously callous opt-out mechanisms causes too much backlash, how about getting tons of handsets with Android OS shipped and set the default preference to sync a devices location and any router’s MAC address to the mothership. Since there are only about a couple hundred million shipped, seems like that substitutes quite a number of cars.

All apps created equal

Firefox browser requests the users permission to automatically locate the users browser's geo-coordinates

Google maps folks ask for permission

Step two is incorporating that data in applications. Here is where our two camps diverge. Camp Chrome/Maps think geolocation data is thinking of their users as adults, which are not only allowed to vote but also afforded the freedom granted by the constitution to choose. Clearly, for sensitive data such as geolocation you should get an adults’ consent. So when you ask for directions from your home to say Hillsdale Shopping Center, team Maps is actually kind enough to ask you if you’re willing to allow Google to determine your actual location – using the so called geolocation service, which in turn is probably using your IP as well as MAC address and compares these with the data gathered in step one. And since we are treated as adults, camp Chrome and Maps actually worked hard to get other browsers fellas to also support the notion of informational self-determination. So we get to manage location settings in our Firefox and Chrome browser, and can add, edit and revoke permissions whenever we choose to do so.

Search more equal than others

Team core search considers us users to be somewhat immature and requiring informational guardianship as well as the occasional push in the ‘right’ direction. As such, core search has started to determine a user’s geolocation by default without requesting any user consent whatsoever. Regardless of if they’re logged into your Google account or not. Heck, even if you remove personalization with a browser incognito mode or use the ‘do not personalize’ URL parameter, you’re still going to get located. And that with surprising accuracy. Any option to opt out? Nada. Well, granted, you may manually select a different location, which some may consider adding insult to injury.

Core search considers geolocation to be such an important signal in their algorithms that they simply can’t live without it. And how wonderful their A/B test results are from showing a good blend of the results of [dry cleaner san mateo california] when a user was actually searching [dry cleaner]. And how other fellas such as display advertisers have been doing geolocation targeting too, sometimes for ages. And how much better the intentions of Google search are in comparison to all these ad folks.

Location leads to identity

The thing is, most users probably really don’t care. Which is a huge pity, because location data is in fact way more sensitive than most people realize: In fact it can surprisingly/scarily often be directly linked to a user’s identity. How so? In some countries, most users still have a public white pages record, which links address to name. E.g. at the house I used to live in – consider yourself lucky if you live in an apartment building, that gives you at least some privacy. Or some users are providing address information on social media profiles. Or in domain records. Some countries (e.g. Germany) even require every webmaster to display an imprint on their personal website. But is this not a mere theoretical threat, you might say? Well, consider what some of the best and brightest are able to do. No surprise then that European Regulators are feeling very twitchy about the subject.

Different camps or trend to worse

Irrespective of the privacy implication, and lacking the ranting skills of Aaron, the thing that really puzzles us is that a single company can be in both camps at the very same time. How can you on the one hand ship software and provide APIs that require explicit user permissions, and at the same time have your bread and butter service trample that very principle. Or is it just the fact that the Maps and Chrome teams released their services in 2010 and early 2011, respectively, whereas the core search team introduced the auto-geolocatlization in 2012. And the 2012 mantra just has not been reflected in the older service.

Glad to hear your thoughts in the comments.