Warning: *Privacy Not Included with this product
Google Nest Hub Max
Meet Google's high-end video home hub complete with microphone, Nest Cam camera, and touchscreen display. Use it for video calls, monitoring your video doorbell, watching YouTube and Netflix, sharing photos, controlling your connected thermostat, listening to music, or getting alerts whenever the camera's motion sensor picks up something moving in your home. It's a good thing Google built a physical way to turn off the camera and microphone on this gadget because otherwise it could feel a little creepy.
What could happen if something goes wrong?
“OK, Google.” That’s pretty much exactly how we think Google does when it comes to privacy. They are OK, if you consider the fact that they are a ginormous data collecting advertising company that makes billions of dollars off your personal information. It’s really unfortunate just how low the bar has gotten when it comes to privacy these days.
What sorts of data does Google collect on you? Well, there are those voice recordings when you go, “Hey Google, what are the symptoms of a panic attack?” And while Google promises that your voice recordings won’t be used to send you personalized ads, they do say the transcripts of your voice interactions with your Google smart speaker may. Google also collects things like your location, information about things near your devices like wi-fi access points and bluetooth enabled devices, people you communicate with, purchase activity, voice and audio information, your favorite songs on Spotify, what things you search for, what things you ask Google, when you turn your lights on if you have smart lights, when you use it to run your robot vacuum, and so much more.
Of course, Google uses your personal information to sell those targeted, personalized ads you see all over the place like in your Gmail, in your favorite Solitaire app, on partner websites, and on YouTube. Yup, the ads are everywhere. Google does say they won’t use things like your religious beliefs or health information to show you ads…although we just have to trust them on that. I’m sure we’ve all seen ads based on sensitive things about us that felt pretty creepy. And Google says they won’t use content from your Google Drive, Email, or Photos to personalize ads. We sure hope not.
Google also says they can collect a good bit of information on your child if they use Google services, including services managed by parents through Family Link for children under 13. The data they say they can collect on your child includes location data, voice and audio information, what apps and devices your child uses, and your child's activity within Google's services. And then they say they can use that data to "provide recommendations, personalized content, and customized search results." Yes, Google is going to push content to your kid basd on their online activities. Google does say that they, "... will not serve personalized ads to your child, which means ads will not be based on information from your child’s account or profile. Instead, ads may be based on information like the content of the website or app your child is viewing, the current search query, or general location (such as city or state). When browsing the web or using non-Google apps, your child may encounter ads served by other (non-Google) ad providers, including ads personalized by third parties." Parents, if you plan to let your kids use Google's services, it's good to do some research beforehand.
We've always struggled a bit with Google here at *Privacy Not Included. There is no doubt Google is bad for the world's privacy. They kinda set the standard for collecting huge amounts of data on us and using that to target ads. The end result of Google's years and years of data collection and targeted advertising is a huge billion dollar company with tons and tons of power around the world. And now we're all perhaps way too conditioned to having our data being scooped up to target us with ads based on our location, our interests, and inferences that can be drawn about us from all these thousands of data points. This is all really bad for privacy.
That being said. Google has always managed to avoid our *Privacy Not Included warning label because they do some good things too -- like give everyone the ability to delete their data, they do a pretty good job and keeping all the data the hoover up on us secure, and hey, we know they don't really sell that data because, why would they? They want that data for themselves to make lots of money.
This is the year that we've finally decided Google has gotten bad enough we can justify dinging them with our *Privacy Not Included warning label (yes, we don't disagree we should have done it sooner, but we do have a methodology full of criteria we work from and they always walked the line of being bad but not exactly crossing enough of our lines to ding them). Here's why we decided to ding them this year.
First, we already know Google collects a TON of personal information on us, through our Google Assistant voice requests, location tracking, searches, cookies and app tracking technologies, and more. And while Google says they don't sell that information, they do provide access to that information to many, many third parties for advertising purposes. Google goes even farther these days and says that they allow "specific partners to collect information from your browser or device for advertising and measurement purposes using their own cookies or similar technologies." That means you're not just being tracked by Google when you use devices but also by these mysterious "specific partners" in ways that you might not be aware of or been given the opportunity to consent to. This is bad.
We're in the age of AI now, so there is even more bad. We are very concerned that Google's privacy policy now says they can "use publicly available information to help train Google’s AI models." This is a concern to us and others because we don't know what Google counts as "publicly available information," and we don't know if people are ever given any idea, warning, or opportunity to consent to have this data used to train Google's AI, including their Bard chatbot. And Google is bringing Bard into their Google Assistant, apps, and services. That could mean even more personal information shared, collected, processed, and inferred about you by Google.
The second big concern we have about Google is their track record at being honest and respecting all this personal information they collect on us. Google has racked up quite a long list of fines for privacy violations. In 2023, they settled a lawsuit with the state of California for $93 million for continuing to collect and store location data even after users turned off location tracking, according to the lawsuit. In 2022, they settled a similar lawsuit for continuing to track users locations after they opted with 40 states for $392 million. Also in 2023, a $5 billion lawsuit was allowed to continue against Google for secretly tracking users internet use when the judge ruled "she could not find that users consented to letting Google collect information about what they viewed online because the Alphabet (GOOGL.O) unit never explicitly told them it would." And in December of 2022, the French data protection authority fined Google $57 million for "failing to acknowledge how its users' data is processed." Those are just the fines and lawsuits that have happend since we last reviewed Google in 2022. Over the past few years, there have been even more. South Korea fined Google (and Meta) millions of dollars recently for privacy violations. So did France and Spain. And in the US, Google has faced a host of lawsuits and settlements from Texas, California, DC, Illinois, Arizona, the Federal Trade Commission, and more. All this makes it pretty hard to trust what a company says they do with that massive amount of personal information they collect on you.
One thing about Google we do like: They have a decent way to communicate with users about how they collect and use data in their Safety Center. Google does collect a ton of data on you and your children, especially if you don't take the time to adjust your privacy settings to lock down just how much info they can gather. You should absolutely take the time to adjust these privacy settings. Just beware, you will get notifications that some things might not work right if you change settings. That’s annoying, and probably worth it for a little more privacy.
What’s the worst that could happen? Well, it's possible Google can get to know you really well, maybe too well. Maybe they recognize you from all the times you ordered plain cheese pizza. They know you are single because who orders plain cheese pizza? Just kidding, they know you're single because of all those pedicure appointments you've booked for one. Maybe it's OK Google knows you so well? Maybe it's creepy. (OK, we think it’s pretty creepy). What’s even creepier these days is the possibility that your Google searches and location information and more could potentially be used to harass, arrest, and even prosecute people in the United States seeking reproductive health care. That’s not just creepy, that’s downright harmful. Oh, and we don't even know how creepy it could get as Google gobbles up more and more of our data to train their AIs. This isn't just a problem with Google though, this is a concern we have will AI's like ChatGPT and OpenAI as well.
Tips to protect yourself
- Visit privacy controls to adjust the amount of data collected
- Customize your ads experience.
- Delete your historical data from time to time. You can do this by saying, “Hey Google, delete this week’s activity.” or "Hey Google, that wasn't for you" to delete the last thing you said
- Turn off personalized advertisement
- Delete your historical data from time to time
- Review Nest privacy tips: https://support.google.com/googlenest/answer/9247517
- When starting a sign-up, do not agree to tracking of your data.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
Can it snoop on me?
Camera
Device: Yes
App: Yes
Microphone
Device: Yes
App: Yes
Tracks location
Device: Yes
App: Yes
What can be used to sign up?
No
Phone
No
Third-party account
Yes
A Google Account is required.
What data does the company collect?
Personal
Name, email address, or billing information, or other data that can be reasonably linked to such information by Google, such as information we associate with your Google Account; Data on your activity, such as terms you search for, videos you watch, views and interactions with content and ads, voice and audio information, purchase activity, people with whom you communicate or share content, activity on third-party sites and apps that use our services, Chrome browsing history you’ve synced with your Google Account; Location information including your address, ZIP code, and where the device is placed; Sensor data such as detected motion, ambient light measurements, temperature, humidity, carbon monoxide, and smoke levels as well as information derived from this data, such as sleep information; (If you use calls) Phone number, calling-party number, receiving-party number, forwarding numbers, sender and recipient email address, time and date of calls and messages, duration of calls, routing information, and types and volumes of calls and messages; GPS location and other sensor data from your device
Body related
Voice recordings; Audio and video data from devices with cameras and microphones, and information derived from this data, such as coughing and snoring event information (if you've set up this feature), facial recognition information (if you've set up this feature), and person, object, sound, motion or activity detection information, all subject to your permissions and settings.
Social
Contacts
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In September 2023, the US Department of Justice launched a trial against Google arguing "that Google abused its power as a monopoly to dominate the search engine business." Full disclosure, Mozilla testified in this trial.
In September 2023, Google was set to pay $93M in settlement over deceptive location tracking.
In August 2023, a US District Court judge allowed a $5 Billion lawsuit to continue against Google for alleged privacy violations of users for secretly tracking them without their consent.
In January 2023, Google confirmed data breach in its cell network provider Google Fi. The breach is linked to the recent T-Mobile hack. Google announced the breach immediately. Google says the hackers accessed limited customer information, including phone numbers, account status, SIM card serial numbers and information related to details about customers’ mobile service plans, such as whether they have selected unlimited SMS or international roaming.
In December 2022, Google was fined by EU watchdog over GDPR violations.
In September 2022, Google lost anti-trust ruling of EU which put a fine of over $4.34B on Google because of its Android monopoly.
Google received plenty of fines from European, American, and Korean authorities in the last few years. The biggest was the $170M fine from New York Attorney General for mishandling the children consent. The other cases include the fine of $100M for violating the Biometric Information Privacy Act in Illinois, $71.8M fine for mishandling consent in South Korea, $57M fine for violating GDPR in France, as well as other fines from local Data Protection Authorities in Ireland, Italy, Spain.
In 2022 Google agreed to a nearly $392 million dollar legal settlement with 40 US states "for charges that it misled users into thinking they had turned off location tracking in their account settings even as the company continued collecting that information".
In August 2019, the company admitted that partners who work to analyze voice snippets from the Assistant leaked the voice snippets of some Dutch users. More than 1,000 private conversations were sent to a Belgian news outlet, some of the messages reportedly revealed sensitive information such as medical conditions and customer addresses.
In December 2018, a bug exposed exposed the data of 52.5 million Google+ users.
Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest's devices.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
We'll give Google this, they don't lack for privacy documentation. There is a LOT of it. And we've plowed through worse privacy policies. All that being said, there are so many documents and privacy notices and on and on that it is a lot to take in and digest. So is it user-friendly? Well, kind of. Is it easy to read and understand? Not exactly. Is it OK to expect people to spend 5 hours of their day trying to sort though all of this documentation on a regular basis? Absolutely not.
Links to privacy information
- Google Privacy Policy
- Google Nest Privacy and Security
- Privacy Notice for Audio Collection from Children’s Features on Google Assistant
- How does Google use location information?
- Google's Advertising Explainer Page
- FAQs on Privacy: Google Nest
- Family Link privacy guide for children & teens
- Privacy Notice for Google Accounts and Profiles Managed with Family Link, for Children under 13 (or applicable age in your country) (“Privacy Notice”)
Does this product meet our Minimum Security Standards?
Encryption
Uses encryption in transit and at rest.
Strong password
Security updates
Manages vulnerabilities
Google has a Security Rewards program. Link: https://www.google.com/about/appsecurity/programs-home/
Privacy policy
Google is planning to add generative AI product Bard to its Home products. Google also uses natural language processing to understand you and to generate answers to your requests.
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Dive Deeper
-
Scoop: Google Assistant to get an AI makeoverAxios
-
Google loses appeal against record $4 billion EU fineCNN Business
-
Google Assistant is about to get supercharged by generative AI, says new reportZDNET
-
Google Fi says hackers accessed customers’ informationTechCrunch
-
Google fails to end $5 billion consumer privacy lawsuitReuters
-
7 Google Assistant settings you should disable or adjustDigital Trends
-
Google Finally Lets You Turn off Targeted Ads Without Breaking Its AppsGizmodo
-
All the Ways Google Is Coming Under Fire Over Privacy: QuickTakeBloomberg
-
Google settles lawsuit with Illinois residents for $100M after photo app privacy concernsUSA Today
-
Google, Meta fined $71.8M for violating privacy law in South KoreaTechCrunch
-
France fines Google $57 million for European privacy rule breachReuters
-
Google Is Fined $170 Million for Violating Children’s Privacy on YouTubeThe New York Times
-
Google and YouTube Will Pay Record $170 Million for Alleged Violations of Children’s Privacy LawFederal Trade Commission
-
Data privacy alert: Spanish DPA fines Google €10 millionSC Media
-
Texas Sues Google for Collecting Biometric Data Without ConsentThe New York Times
-
Google Agrees to $392 Million Privacy Settlement With 40 StatesThe New York Times
-
Google Data Breaches: Full Timeline Through 2022Firewall Times
-
Alexa records you more often than you thinkVox
-
Lawsuit claims Google knew its ‘Incognito mode’ doesn't protect users’ privacyThe Washington Post
-
How to Use Google Privacy SettingsConsumer Reports
-
Google is sending a complicated privacy email to everyone — here’s what it meansThe Verge
-
Is your Google Home or Nest secure? How to find and delete your private dataCNET
-
Thousands of Mobile Apps Leak Data from Firebase DatabasesIonut Arghire
-
With a Laser, Researchers Say They Can Hack Alexa, Google Home or SiriNY Times
-
How to keep the smart speaker you got for the holidays and still keep some of your privacy, tooVox
Comments
Got a comment? Let us hear it.