Google docs- are they secure and/or privacy-respecting?

children
awareness
education

#1

Original title: Google docs- are they secure?

I’m falling into the grove of using google docs because I feel I have no choice.

Fir example- my daughter’s school is using google docs for her independent study school plan.

This is a perfect example of how parents are “forced” to expose their kids privacy without being informed.

So… Any suggestions? In the healthcare field we use initials or pick an alias.

Am I being unreasonable?


#2

You’re totally reasonable and I agree. As a software engineer, I can tell you that no phone, no computer, and almost no online service as we know today is private or completely secure. Google Docs is no exception.

According to the research I’ve done into the topic, the reason why our devices and services are insecure is because of the way the capitalist tech industry works. Tech companies that maximise rapid growth do so by:

  1. Taking shortcuts, such as making insecure systems and violating our privacy, not to mention taking advantage of us in other ways. These shortcuts are almost necessary for tech companies to achieve rapid growth.
  2. Deceiving us into trusting them. No I am not a paranoid conspiracy theorist. Tech companies thrive off of tricking people into believing they are safe, good and secure, when they actually are dangerous, bad and insecure.

As someone who studied and practised tech companies, the reason is extreme (global) capitalism accelerated and empowered by technology. In the capitalist race, the “winners” must achieve rapid growth at all costs and give us flawed and insecure products, yet trick us “don’t do evil” that they are actually good, safe, impartial, not taking advantage of us. In reality, it is all the opposite, they save time and money for themselves by offering insecure and dangerous products, violate our privacy intentionally for their own gain, and purposefully take advantage of us by manipulating us without barely considering that we are human.


#3

I fully agree with @Free’s take on things, but have edited the title nonetheless to add ‘privacy-respecting’ to it.

Are Google services secure? Yes, to the extent that you can get ‘good’ security, Google is probably better than most other companies in how they secure their services. Note: No software is 100% secure and Google’s stuff is neither.

Are they privacy-respecting? Absolutely not. Well… they are to the extent they detail in their privacy policies and terms of services documents. And this is a legal morass. Google is the inventor of Surveillance Capitalism, and it is the advertising moloch that is the biggest collector of personal data that exists on the internet. It is unknowable what they do with the data they obtain from you, and which AI services and 3rd-parties consume and process it.

Of course they are trying to build a USP on the fact that they are privacy-respecting, and they are indeed trying to gain your trust (which most people already bestow them without a proper thought).

When you work in Google Docs everything you do and how you do it is tracked and recorded and may be used in any way positive or negative to you now or in the future. Period.

I am a big proponent of avoiding these surveillance capitalism services if you can. Even if they were an entirely trustworthy company with highest ethics in place, they are still dominating the market (like in a data monopoly or oligopoly), which is unhealthy.

BTW. One alternative to Google Docs I recently came upon is (there may be more):

CryptPad

CryptPad is a private-by-design alternative to popular office tools and cloud services. All the content stored on CryptPad is encrypted before being sent, which means nobody can access your data unless you give them the keys (not even us).

The employee-owned company behind this software is also the creator of privacytools.io


#4

@healthyswimmer I feel your pain. Everything I do for school is done through Google Classroom and it is very frustrating. @aschrijver Crypt Pad seems awesome and I’m going to download it right away!

Edit: Cyrpt Pad is easy to use and pretty much the same as Google Drive. I have been searching for something like this. Thanks @aschrijver. It offers less free storage though (50MB compared to 15GB)


#5

@aschrijver @Siddhi you think I should just ask for them to use her initials? Is there documentation in simple layman’s terms to e plain the harms so I don’t look like a crazy protective parent?


#6

There should be some resources that were posted in the past to the forum you could search for. And there is a lot to be found online. A quick search gave me this:

It depends on your kids digital literacy level and age, what information is best suited for them. Then also you should determine what you can actually do to protect the privacy. Can they use an alternative to this Google Docs? How sensitive is the data being collected (is it for a small assignment, or used throughout the year)? I gave some advice to @Siddhi here that may apply too, and there is more elsewhere on the forum: School Does Not Allow Alternate Web Browsers


#7

Another alternative to google drive worth checking out is Only Office. It looks pretty good.

OnlyOffice: Free For Personal Use

OnlyOffice: Free For Personal Use

It is relatively limited in what it can do (docs,presentations,spreadsheets, and that is really it).
It has more storage than cryptpad for free


#10

Thanks @aschrijver it’s sensitive information- a education record created by teachers- so my daughter will not even be using it- long story… I just don’t want her name connected to her schoolwork. I know it’s convenient but isn’t there something else the school should be using. They don’t even realize it’s not secure!


#11

I’m suspect this is free though- there is no such thing as free lunch. We should start a campaign called “believe it” believe your child’s future is in the hands of many many people, don’t hand it over.


#12

I will research only office a bit more to figure it out. I know their company based model actually costs money.

I completely agree with the idea for a campaign! Today someone told me “Your data is gonna get stolen anyway, just get a facebook!” and I realized my school allowed chrome to track my location as a default setting! Some people are not aware (yet) that they can take their privacy into there own hands!

Here is a link to the privacy policy (note: they have it available as a document, not a webpage):

I do not know what is good or bad. Maybe you all can make more sense of it than me!


#13

Some things I notice is that their main page contains 12 trackers on it, and I cannot find a link to their privacy policy on this page. I had to search for it (you have to go to Legal Terms and there they are different product versions, but I didn’t find one for the website itself).

Then - while it is nice that they are ‘dogfooding’ their own product - I’d rather see their privacy policies and terms of service as regular HTML pages and not their Docs. After all, now to read the PP you have to already use the product, so you are already liable the PP/ToS terms, possibly.

The PP looks well thought-out and complete. They do not have ‘advertising’ cookies, so the trackers are related to the other categories (they do use Google Analytics for instance). The PP is compliant to the GDPR EU privacy regulations, which is good. However, while this gives you better protection that, say, anything you have in the US, there are many legal loopholes in privacy policies in general that still make it very hard to know how your data can be used.

I am not a lawyer or expert in this, but to me texts like “We do not link IP addresses to anything personally identifiable. This means, for instance, that a user’s session will be tracked, but the user will remain anonymous.” means not much. For the law, probably, now your data is anonymous and can be shared with others. But anyone could know your identity from the IP address and your browser fingerprint and de-anonymize it. Google being in their services means that vast amounts of your data are probably being collected. This is subject to Google’s privacy policies.

GDPR compliance means you can request to see the data that they (OnlineOffice) collect, and be assured of good retention policies (e.g. deletion 60 days after you close your account) and “Right to be forgotten”, etc. You’ll have to find out though what each of their 3rd parties are doing with your data, by going through their PP’s too.

They mention they may share data ‘with partners or other third parties’, but do not explicitly mention who they are. In the PP they only mention Google and Amazon AWS and refer to their PP’s. Maybe these are the only 3rd-parties.

All in all, as PP’s come, this is a good one. But PP regulatory guidelines in general still have much to be desired.


#14

So would this be a viable alterntive to Google Docs/Slides?


#15

Yes, for sure! Even though it is not optimal, using many alternative products from different vendors creates healthy competition. And in this case I also suspect that the whole product is based on Microsoft technology (at least their website is, as URL’s end with .aspx indicating MS ASP.NET).

And there is no advertising mentioned in the PP, so that is very good too.


#16

@healthyswimmer You could ask the school to use email or ask for a paper packet in advance (unless she is already in the process). If the school doesn’t want to give the work via Only Office, she can probably use it to write up her assignments and turn in pdfs of the work/copy and paste into google docs. I think an alias is a good idea.


#17

@healthyswimmer I just figured out that OnlyOffice and Google Drive can be connected! You can edit in Only Office (I think this keeps GD from seeing what you are doing but I am unsure. Someone with more knowledge can fact check me there), then upload to GD to share ect. Maybe that will help.


#18

You could also contact Only Office support and formulate your privacy concerns regarding Google & data collection. Ask how this works, provide some valuable feedback on their product along the way (always good, creates goodwill, and more elaborate responses + a relationship if you keep doing it).


#19

See… this is why this isn’t getting fixed in schools. I’m an exhausted parent now at the end of the weekend and can’t research or think about anything.

It’s a monopoly google has on a group with continuous exhausted resources to pay attention to what is happening with privacy. When the kids grow up, then it’s not their problem- it’s the next set of exhausted parents problem.


#20

I agree! My school allowed google to track my location for FOUR years without asking first. They install browser plug ins without notifying us. They just dont have the resources or training…it is frustrating. Maybe we can create some kind of list/steps for schools to follow or look for privacy wise…


#21

How about demand this- you are graduating soon right? You can fiercely document and study everything they recorded. I would demand to know everything which was recorded and and strategize the way to tell the public.

Schools will not stop this until someone sues then. I learned the only way a school moved on anything is if they get sued or public exposed to the point of shaming. It’s too bad but they need to sharpen up.


#22

When I was a student, teachers/professors used to just ask us to email the document with exactly same subject line per assignment, so that they can add filter rules in their inboxes for every assignment and refer later for review.

Why don’t people consider using emails anymore ! :thinking: I mean… since assignments or “homeworks” are individual per student activity, why do we need “Cloud collaboration for live editing” - I dont understand their logic, are they(schools/colleges) using it because it’s cool ? :smiley: