In brief: Google has made privacy mistakes in the past that were made public, but what about those we don't know about? A leaked internal database from the company has revealed thousands of privacy and security failings that Google flagged between 2013 and 2018, some of which are quite damning.
The leaked information, sent by an anonymous source to 404 Media, covers incidents that were reported by employees between six and nine years ago, a Google spokesperson confirmed.
The publication writes that, taken individually, most of the cases only impacted a relatively small number of people or were fixed quickly, but "taken as a whole, though, the internal database shows how one of the most powerful and important companies in the world manages, and often mismanages, a staggering amount of personal, sensitive data on people's lives."
A case from 2016 saw a Google employee report that Google Street View's systems were accidentally transcribing and storing license plate numbers from photos, unintentionally creating a database of geolocated plate numbers. The report says the data has since been purged.
Another incident involved the exposure of more than one million email addresses belonging to users of Socratic.org, a company Google acquired. Geolocation and IP addresses of users were also suspected to be available, impacting children. The data was exposed for over a year.
Children were also affected when a Google speech service logged all audio for an hour, including speech data from an estimated 1,000 minors.
There was also the case where a "quirk" in Android's keyboard meant children were unintentionally pressing the microphone button, resulting in Google logging audio from youths as part of the launch of the YouTube Kids app.
One of the most damaging incidents from Google's point of view came when a government customer of its cloud service was inadvertently transferred to a consumer-level product, taking the organization's sensitive data with it. Google's internal reports stated that as a result, a US-based location for the data was "no longer guaranteed for this customer."
Some other notable incidents include Waze's carpool feature leaking the trips and home addresses of users, YouTube making recommendations based on videos users had deleted from their watch history, and the video platform's blurring feature exposing uncensored versions of pictures.
A new Yoshi game (probably Woolly World 2) is going to be announced for Switch
by innintendo
Another case that sticks out is a Google contractor accessing private videos in Nintendo's YouTube account and leaking information ahead of the gaming giant's planned announcements. It's believed this led to the 2017 Nintendo leak that showed an early look at Yoshi's Crafted World ahead of its E3 reveal. Google's database entry reads: "Former TVC [temporary vendor contractor] download video with admin account, and shared unreleased Nintendo feature with friend." It was found that the incident was "non-intentional."
Google says some of the reports were issues found in third-party services or didn't end up being cause for concern, adding that every one of the cases highlighted in the report was reviewed and resolved at the time.