Google and banks are being less than truthful about customer tracking

There are good and bad reasons to track someone's movements, but the best way to scream to users that you're spying on them is to lie about or not reveal what you're doing.

Hacking stealing password data

There are good and bad reasons to track people's movements, but the best way to scream to users that you're spying on them is to lie about or not reveal what you're doing. Corporate developers, if you're not guilty of bad conduct, why are you trying to so hard to hide it?

This comes to mind after two unrelated news stories cropped up this week.

The Associated Press reported that Google kept tracking consumers after they had selected a privacy option that supposedly blocked the tracking. Only days after that AP report did Google quietly change its help page, from claiming “with Location History off, the places you go are no longer stored" to “This setting does not affect other location services on your device” and “some location data may be saved as part of your activity on other services, like Search and Maps.”

The second story, from The New York Times, is about some large banks that are using behavioral analytics to identify customers. In that case, the accusation isn't that they are misleading customers so much as opting to not tell them something that the customers likely wouldn't appreciate. The better approach would have been to state upfront that behavioral analytics is being used, but solely for authentication, and to pledge to never use it for anything other than authentication. And there's the rub: Banks don't want to restrict how they use this data, which is why they are opting to stay silent.

From the Times piece: "When you’re browsing a website and the mouse cursor disappears, it might be a computer glitch — or it might be a deliberate test to find out who you are. The way you press, scroll and type on a phone screen or keyboard can be as unique as your fingerprints or facial features. Some use the technology only to weed out automated attacks and suspicious transactions, but others are going significantly further, amassing tens of millions of profiles that can identify customers by how they touch, hold and tap their devices."

Let's start with the Google incident. The key questions are: Who approved that initial help page, and what did they know at the time? Did some Google-ite write "the places you go are no longer stored" knowing full well that it wasn't true — something known in marketing circles as "lying" — or was that page written and approved by people who didn't fully understand how Google's systems worked?

Google hasn't explained its conduct. It simply changed the help page without comment. Although both scenarios are plausible, I am more inclined to believe that anyone involved in a Google help page understands the systems well and would know that what they were saying was bogus.

There's another possibility, however. This goes under the heading of "Come on. You knew what I meant." This possibility is that Google understood the reality, but it was taking a writing shortcut. This would suggest that it's obvious and necessary for Google Maps to still track location, since that is a fundamental element of its "this is how you get from point A to point B." Fair enough. But it wasn't onlyGoogle Maps that still tracked. "Search" kept tracking as well. If turning off location in Google doesn't impact the search engine, then what the heck does it impact? That is a question that Google needs to address, if it wants the remaining 11 people in the world who still trust Google to continue to do so.

The bank situation is still less explicit. At least the banks, as far I can tell, didn't say that they weren't tracking people. They merely said nothing about either way. But bank app developers need to remember that banks are in a much more precarious position than Google and they need to at least pretend to be trustworthy in a much more public fashion.

Why? Google is still the most effective and comprehensive search engine on the planet. I'd love to be able to say that DuckDuckGo or other privacy-oriented engines are as good or better, but based on daily testing, Google still comes out far ahead. Bing, Yahoo and others long ago lost the search battle to Google.

That means that an annoyed Google user can't leave Google without losing some serious search functionality. And on an Android phone, the reliance is even deeper and better integrated. But banks? Not even close. Disgruntled customers can easily take their money and data and move to the rival bank across the street, and they will likely suffer no disruption or degradation of services.

Part of that explanation is the appalling slowness of banks — large and small — to truly embrace technology. That's why fintech is such a hot space right now. Most banks need the tech capabilities of fintech partners to remain even a little competitive.

Secondly, trust is a much greater factor for a consumer choosing a bank than that same consumer choosing a search engine or mobile map service. Consumers are literally turning over a massive portion of their money to that bank. That involves a lot of trust. Why risk all of that just so that the bank has the option of later using customer identities for various marketing schemes? If this effort is so benign, why not share it with customers and let consumers factor that into their decisions about which banks to use?

Thus far, this column has focused on being honest with site visitors for trust issues. There are other reasons, too. In the U.S., the Federal Trade Commission is known to hold companies accountable for any air between what they sell the public about their practices and what they actually do. And EU regulators enforcing GDPR are also examining privacy policies and comparing them with what companies actually do, not to mention watching how sensitive PII is handled.

For many reasons, Google and the banks are taking big chances. Developers, this is a position you would be wise to challenge, assuming you have grown fond of your regular paycheck.

Copyright © 2018 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon