Google’s handling of user data has long been a concern for data privacy enthusiasts. While the tech giant has undergone relatively few data breaches in recent history, its control over the Android platform allows them to collect an unprecedented amount of data.
Now Google is taking additional steps to ensure that user data is collected on non-mobile devices as well. A network user recently discovered that Google has changed its domain structure to include all of its services in one parent domain. This means that any permissions granted by a user for one Google service, such as Google Maps, apply to all Google services in the domain.
To understand why this is a serious privacy issue for users, we must first look at how domains work. There are two types of web directory management systems: subdomains and subdirectories .
Subdomains are treated as children of the parent domain, but they exist outside the main domain in a separate section. On the other hand, subdirectories are considered part of the main domain because they are nothing more than a page of the domain.
For example, Google previously used a subdomain for Google Maps, as evidenced by its “maps.google.com” URL.
Now they’ve switched to using a sub-domain with a URL change to “google.com/maps.”
This means that the permission pop-up that appears when a website tries to access a user’s camera, microphone, or location only needs to be accepted once in a wide range of Google services. Google can then use these permissions for all of its services without asking users again.
As shown below, a user’s microphone can be accessed from the Google search page, and camera permissions are granted by Google Meet. Location can be accessed through Google Maps, and this would likely allow the search engine to track a user’s location even if they have not specifically given permission or other applications to do so.
This goes beyond legality when it comes to important data protection rules such as GDPR and the American Privacy and Data Protection Act.
Any user wishing to use Google Maps for shortcut navigation will now be asked to grant Google permission to access their location. By granting this permission, Google can access this data at any time because of their new domain structure, which allows them to geo-track the user anytime they have a Google website open.