Pixel Envy

Written by Nick Heer.

Unpacking Google’s Apparent Turnaround on Privacy

It looks like something spooked Facebook and Google. Instead of ignoring the privacy implications inherent to their business models, they both decided to reposition themselves as privacy-forward companies. Facebook did so by having an op-ed from its CEO published in a national newspaper, and by trying to redefine privacy itself. Google’s strategy has, so far, been similar.

Google CEO Sundar Pichai in an op-ed for the New York Times:

“For everyone” is a core philosophy for Google; it’s built into our mission to create products that are universally accessible and useful. That’s why Search works the same for everyone, whether you’re a professor at Harvard or a student in rural Indonesia. And it’s why we care just as much about the experience on low-cost phones in countries starting to come online as we do about the experience on high-end phones.

Our mission compels us to take the same approach to privacy. For us, that means privacy cannot be a luxury good offered only to people who can afford to buy premium products and services. Privacy must be equally available to everyone in the world.

That is a terrific point. I would very much like to live in a world where Apple cannot compete on privacy because every company must follow a strict set of rules governing the collection and use of private data.

But we do not live in that world, and Google has little intention of actually changing that. For example, they announced that Chrome will soon restrict third-party cookies and cross-site tracking, but John Wilander of Apple’s WebKit team says that their plan will be ineffective for privacy protection:

For a cookie policy to have meaningful effect on cross-site tracking, you also need to partition storage available to third-parties, such as LocalStorage, IndexedDB, ServiceWorkers, and cache. Safari is the only major browser to have such partitioning and we shipped it in 2013.


Safari’s default cookie policy since 10+ years is to deny third-parties to use cookies unless they have been first party at some point. This used to be “Allow cookies for sites I visit” in Safari settings. No other major browser has shipped cookie restrictions on by default yet.

For what it’s worth, it was this very setting that Google circumvented in 2012 so that they could track Safari users, a decision which resulted in a $22 million penalty.

Google also says that they’re giving users more privacy-centric options, but they couldn’t commit to not using facial recognition in their Nest products for ad personalization.

The overall picture of Google’s approach to privacy is perhaps best summarized by Ben Thompson:

At the same time, from a purely strategic perspective, the positive message makes sense. Presuming that everything about technology is bad is just as mistaken as the opposite perspective, and the fact of the matter is that lots of people like Google products, and reminding them of that fact is to Google’s long-term benefit.

Moreover, a world of assistants and machine-learning based products is very much to Google’s advantage: the argument to not simply tolerate Google’s collection of data, but to actually give them more, is less about some lame case about better-targeted ads but about making actually useful products better. The better-targeted ads are a Strategy Credit!

In short, Google’s argument is that they’re able to protect you from other companies’ privacy-rejecting technologies, but you can and should give them more of your private data. You can trust them. But, as far as I’m concerned, they haven’t yet earned that trust.