Original title: Google docs- are they secure?
I’m falling into the grove of using google docs because I feel I have no choice.
Fir example- my daughter’s school is using google docs for her independent study school plan.
This is a perfect example of how parents are “forced” to expose their kids privacy without being informed.
So… Any suggestions? In the healthcare field we use initials or pick an alias.
Am I being unreasonable?
You’re totally reasonable and I agree. As a software engineer, I can tell you that no phone, no computer, and almost no online service as we know today is private or completely secure. Google Docs is no exception.
According to the research I’ve done into the topic, the reason why our devices and services are insecure is because of the way the capitalist tech industry works. Tech companies that maximise rapid growth do so by:
As someone who studied and practised tech companies, the reason is extreme (global) capitalism accelerated and empowered by technology. In the capitalist race, the “winners” must achieve rapid growth at all costs and give us flawed and insecure products, yet trick us “don’t do evil” that they are actually good, safe, impartial, not taking advantage of us. In reality, it is all the opposite, they save time and money for themselves by offering insecure and dangerous products, violate our privacy intentionally for their own gain, and purposefully take advantage of us by manipulating us without barely considering that we are human.
I fully agree with @Free’s take on things, but have edited the title nonetheless to add ‘privacy-respecting’ to it.
Are Google services secure? Yes, to the extent that you can get ‘good’ security, Google is probably better than most other companies in how they secure their services. Note: No software is 100% secure and Google’s stuff is neither.
Are they privacy-respecting? Absolutely not. Well… they are to the extent they detail in their privacy policies and terms of services documents. And this is a legal morass. Google is the inventor of Surveillance Capitalism, and it is the advertising moloch that is the biggest collector of personal data that exists on the internet. It is unknowable what they do with the data they obtain from you, and which AI services and 3rd-parties consume and process it.
Of course they are trying to build a USP on the fact that they are privacy-respecting, and they are indeed trying to gain your trust (which most people already bestow them without a proper thought).
When you work in Google Docs everything you do and how you do it is tracked and recorded and may be used in any way positive or negative to you now or in the future. Period.
I am a big proponent of avoiding these surveillance capitalism services if you can. Even if they were an entirely trustworthy company with highest ethics in place, they are still dominating the market (like in a data monopoly or oligopoly), which is unhealthy.
BTW. One alternative to Google Docs I recently came upon is (there may be more):
CryptPad
CryptPad is a private-by-design alternative to popular office tools and cloud services. All the content stored on CryptPad is encrypted before being sent, which means nobody can access your data unless you give them the keys (not even us).
The employee-owned company behind this software is also the creator of privacytools.io
@aschrijver @sidnya you think I should just ask for them to use her initials? Is there documentation in simple layman’s terms to e plain the harms so I don’t look like a crazy protective parent?
There should be some resources that were posted in the past to the forum you could search for. And there is a lot to be found online. A quick search gave me this:
https://www.commonsense.org/education/teaching-strategies/protect-your-students-data-and-privacy
It depends on your kids digital literacy level and age, what information is best suited for them. Then also you should determine what you can actually do to protect the privacy. Can they use an alternative to this Google Docs? How sensitive is the data being collected (is it for a small assignment, or used throughout the year)? I gave some advice to @sidnya here that may apply too, and there is more elsewhere on the forum: School Does Not Allow Alternate Web Browsers on our Chromebooks - #26 by aschrijver
Thanks @aschrijver it’s sensitive information- a education record created by teachers- so my daughter will not even be using it- long story… I just don’t want her name connected to her schoolwork. I know it’s convenient but isn’t there something else the school should be using. They don’t even realize it’s not secure!
I’m suspect this is free though- there is no such thing as free lunch. We should start a campaign called “believe it” believe your child’s future is in the hands of many many people, don’t hand it over.
Some things I notice is that their main page contains 12 trackers on it, and I cannot find a link to their privacy policy on this page. I had to search for it (you have to go to Legal Terms and there they are different product versions, but I didn’t find one for the website itself).
Then - while it is nice that they are ‘dogfooding’ their own product - I’d rather see their privacy policies and terms of service as regular HTML pages and not their Docs. After all, now to read the PP you have to already use the product, so you are already liable the PP/ToS terms, possibly.
The PP looks well thought-out and complete. They do not have ‘advertising’ cookies, so the trackers are related to the other categories (they do use Google Analytics for instance). The PP is compliant to the GDPR EU privacy regulations, which is good. However, while this gives you better protection that, say, anything you have in the US, there are many legal loopholes in privacy policies in general that still make it very hard to know how your data can be used.
I am not a lawyer or expert in this, but to me texts like “We do not link IP addresses to anything personally identifiable. This means, for instance, that a user’s session will be tracked, but the user will remain anonymous.” means not much. For the law, probably, now your data is anonymous and can be shared with others. But anyone could know your identity from the IP address and your browser fingerprint and de-anonymize it. Google being in their services means that vast amounts of your data are probably being collected. This is subject to Google’s privacy policies.
GDPR compliance means you can request to see the data that they (OnlineOffice) collect, and be assured of good retention policies (e.g. deletion 60 days after you close your account) and “Right to be forgotten”, etc. You’ll have to find out though what each of their 3rd parties are doing with your data, by going through their PP’s too.
They mention they may share data ‘with partners or other third parties’, but do not explicitly mention who they are. In the PP they only mention Google and Amazon AWS and refer to their PP’s. Maybe these are the only 3rd-parties.
All in all, as PP’s come, this is a good one. But PP regulatory guidelines in general still have much to be desired.
Yes, for sure! Even though it is not optimal, using many alternative products from different vendors creates healthy competition. And in this case I also suspect that the whole product is based on Microsoft technology (at least their website is, as URL’s end with .aspx indicating MS ASP.NET).
And there is no advertising mentioned in the PP, so that is very good too.
You could also contact Only Office support and formulate your privacy concerns regarding Google & data collection. Ask how this works, provide some valuable feedback on their product along the way (always good, creates goodwill, and more elaborate responses + a relationship if you keep doing it).
See… this is why this isn’t getting fixed in schools. I’m an exhausted parent now at the end of the weekend and can’t research or think about anything.
It’s a monopoly google has on a group with continuous exhausted resources to pay attention to what is happening with privacy. When the kids grow up, then it’s not their problem- it’s the next set of exhausted parents problem.
How about demand this- you are graduating soon right? You can fiercely document and study everything they recorded. I would demand to know everything which was recorded and and strategize the way to tell the public.
Schools will not stop this until someone sues then. I learned the only way a school moved on anything is if they get sued or public exposed to the point of shaming. It’s too bad but they need to sharpen up.
When I was a student, teachers/professors used to just ask us to email the document with exactly same subject line per assignment, so that they can add filter rules in their inboxes for every assignment and refer later for review.
Why don’t people consider using emails anymore ! 
I mean… since assignments or “homeworks” are individual per student activity, why do we need “Cloud collaboration for live editing” - I dont understand their logic, are they(schools/colleges) using it because it’s cool ? 
Google assures users that unless they publish a file, search engines won’t be able to find the information contained within those files. Google doesn’t allow search engine spiders – the applications that crawl through the Internet looking for keywords as a way of building search results – to access the data within Google Docs.
Because Google Docs allows multiple editors to work from the same master document, there are special synchronization issues Google must deal with. Google Docs handles online edits in real time, and editors can see changes as other collaborators make them. But with offline editing capabilities, this gets a little trickier.
So are they the best alternative for google docs/sheets
I don’t have it anymore but used to host my own cloud based alternative from my home. All you need is dynamic ip and the software I used was called hubzilla. It’s free and open source.
Also an attractive solution is to use nextcloud.com and they integrate with: