What Is Google’s Sensorvault and How to Protect Yourself Against It

Remember when you first started going out with your friends, and your mom would call or text you every few minutes to check your whereabouts? It turns out Google is doing the same thing, except without your permission or your mom’s genuine concerns over your safety.

The tech company knows your exact location at all times, even if location tracking or GPS is disabled. And that information isn’t only for Google’s eyes. Google stores hundreds of millions of location records on a database named Sensorvault, and it shares them with law enforcement agencies upon request.

That means your data could be monitored as part of an investigation simply because you were at the wrong place at the wrong time. Now, that’s taking privacy intrusion to a whole new level, and Google has no choice but to comply with government demands.

However, there are several steps you can take to minimize location tracing and protect your online privacy.

Content Overview

• Google’s “Secret” Sensorvault Database
  • How Sensorvault Aids the Authorities
  • The Jorge Molina Case
• Why Google Needs This Data
  • How to Check Your Data and Delete It From Location History
• Are There More Databases Like Sensorvault?
• Can VPNs Protect You From Sensorvault?
  • ExpressVPN
  • BulletVPN
  • Unlocator
  • NordVPN
• Conclusion

Google’s “Secret” Sensorvault Database

It’s no secret that Google tracks you no matter where you go, even without your permission. It does so using several ways, like through location history, web and app activity, and device-level location services. You may find such a feat useful when you open Google Maps as it’s the only way it can navigate you to your destination.

But other than that, why should the tech giant record your whereabouts? Well, that’s not even half the problem. The company stores your location history on Sensorvault, a massive database with hundreds of millions of records. And the authorities can access that information thanks to “geofence” warrants.

The whole thing was kept secret until The New York Times blew the lid on it. You see, tech companies in the US are obliged to hand in user information when they receive warrants and court orders. The country is part of the Five-Eyes alliance, a cooperation between several nations in data and intelligence exchange.

Google and other similar companies have been providing the authorities with data for years. Geofence warrants, however, allow government agencies to use Sensorvault as a suspect and witness suggester.

How Sensorvault Aids the Authorities

Sensorvault features detailed location records of hundreds of millions of devices worldwide, dating back nearly a decade. During an investigation, authorities send Google a warrant in which they specify a geographic area and a period of time and ask for any relevant information.

The company resorts to its massive database, Sensorvault. It collects the data about the devices that were present during that time and place. But before handing it over to law enforcement agencies, Google labels the devices with anonymous ID numbers. Then, detectives search for movements and patterns that are connected to the crime. Once they narrow it down to the most relevant devices, Google reveals their identities and other info.

Richard Salgado, Google’s director of law enforcement and information security, said that the company tries its best to protect user privacy, while also supporting the law. He added that Google only submits identifying information when it’s “legally required.”

Government agencies who used geofence warrants said that Sensorvault showed promise in finding suspects and witnesses. Detectives added that it is most useful in cold cases that are still open and without valid leads. In 2018, authorities sought information from Google on a murder that occurred in 2016. And while the evidence did not exactly bust the case open, it led to other useful leads and clues.

Another example is the Eden Prairie home invasion that happened in October 2018. Even though the perpetrators wore masks and used gloves to cover their tracks, the police were able to apprehend four suspects. That was partly thanks to Google’s data-tracking, which showed a phone taking the path of the likely intruder.

The Jorge Molina Case

Jorge Molina is a perfect example of how using Sensorvault can lead to false accusations. The police arrested Molina in December 2018 for the murder of Joe Knight. Investigators had a surveillance video that showed the shooter was in a white Honda Civic, the same model that Molina drove.

But since the footage was blurry, which meant that the police couldn’t identify the suspect nor the license plate number, detectives had to resort to other methods. They used Sensorvault and Google’s data-tracking. Location data from Molina’s phone revealed that he was near the scene where Knight was shot.

However, after a week in jail, the police released him after witnesses confirmed that he was two miles away at the time of the murder. Moreover, new evidence later showed that his mom’s ex-boyfriend, who had access to Molina’s car and one of his old cellphones, was probably responsible.

“I just kept thinking, You’re innocent, so you’re going to get out.”

Jorge Molina

And now, Molina is suing Arizona police for his false arrest, claiming that he lost his job and got suspended from his college program because of the incident. “This entirely preventable ordeal has not only cost Jorge his reputation, his mental health, and his career,” the claim said. “But, at a mere 22 years old, it might have strangled any chance Jorge had at a normal life.”

Why Google Needs This Data?

Google introduced Sensorvault in 2009 and connected it to the Location History service. The latter is not on by default. Instead, the company asks you to enable it when you use certain features, like traffic alerts on Google Maps. And the tech firm will keep collecting your data as long as this feature is activated, even if you’re not using the app.

Google says it uses such information to target ads and test their efficiency. For example, location tracking helps the company determine if you visited an advertiser’s store. Your data can also be useful to find out when stores and shops are busiest, as well as provide traffic estimations.

Furthermore, You can benefit from recommendations based on the places you visited should you choose to activate Location History. Google claims that it does not sell nor share your data with any third parties.

How to Check Your Data and Delete It From Location History

You can check your location history by going to Google Maps, then clicking on the Menu button, followed by “Your Timeline.” However, the information on display does not feature all your data on Sensorvault. Furthermore, you won’t see the raw location data because they are often messy and inaccurate. Instead, you’ll get computer estimations of your most likely destinations.

To check all your Location History data, you’ll have to download it from Google. Head over to Takeout.Google.com and select “Location History.” Click on it and choose the “JSON” format to view the file in text mode. Then, scroll down to “Next Step,” followed “Create Export.”

Now, if you want to delete or disable Location History, you have to visit Google’s Help Center and read the instructions. You’ll also find guides on how to deactivate and erase Web & App Activity information. Alternatively, you can follow these steps:

• On Android or iPhone: Go to “Settings,” then “Accounts,” followed by “Google.” Now hit “Manage Your Google Account” > Data & Personalization > toggle “Web & App Activity” off. Location History should be on “Pause” as well.

• On Desktop: Open a new tab in Google Chrome and sign in to your account. Then, click on your profile picture (top right of the screen), followed by “Manage Your Google Account.” Now, choose “Data & Personalization” and toggle “Web & App Activity” to disable it. You might want to check if “Location History” is on pause as well.

Are There More Databases Like Sensorvault?

The purpose behind Sensorvault is not to provide authorities with a spying tool and help them with investigations. Google designed this database to offer users a more personalized experience, as well as recommendations based on their preferences. And of course, the most crucial reason behind it is for advertising and marketing purposes.

In other words, just because you were near a crime scene doesn’t mean that the police will drag you to interrogations and whatnot. Yet, a lot of people prefer not to share their location. So far, only Google uses this kind of database and dragnet.

According to The New York Times, investigators did not send warrants to other companies. Meanwhile, Apple said that it could not perform such searches because it doesn’t have a similar feat to Google’s Sensorvault. Furthermore, Aaron Edens, an intelligence analyst, said the data he examined on hundreds of Android and iPhone devices was from Google.

Can VPNs Protect You From Sensorvault?

You can disable, delete, and turn off everything related to location history. But with Google, it may not be enough. The company collects data for a living. Otherwise, it cannot deliver accurate and relevant search results, recommendations, or ads. In fact, Google is the number one search engine, and Chrome is the most popular browser because of data-tracking.

Privacy-oriented Internet users try their best to avoid Google’s products as they know it will gather whatever it can about them. Therefore, they resort to services that care more about your anonymity, like private browsers and VPNs. The latter is the ultimate cybersecurity tool as it allows you to hide your geographic location.

Virtual private networks redirect your Internet traffic through one of their servers and give you another IP address that matches the server’s location. IP addresses give away your whereabouts to the web, and yet, without one, you can’t go online. By rerouting your connection and switching to a different IP, your web destination will believe that you are in a different place.

As a result, if you connect to a French server, for example, the websites you visit or apps you use will think that you are in France. In other words, Google will mark down the wrong location and store it in its Sensorvault. That will keep you safe from the authorities, who won’t be able to track your actual location.

Moreover, VPNs use the most robust encryption to prevent anyone from viewing your online activities. The Advanced Encryption Standard (AES) with 256-bit keys is a military-grade protocol. Government agencies use it to protect classified files.

Top providers also follow a no-logs policy that prevents them from storing sensitive data on their servers. Additionally, they don’t share or sell your information to third parties.

ExpressVPN

Tech-savvy Internet users are definitely familiar with ExpressVPN. It is a very well-known brand in the industry that provides premium features. But it’s not just for advanced users. Its apps are user-friendly with a neat and tidy design, so VPN beginners will have no problem using them.

The company uses AES-256 encryption so that ISPs and law enforcement authorities cannot monitor your activities. Also, ExpressVPN is based in the British Virgin Islands, a country outside the jurisdictions of five, nine, and 14-Eyes. That means it does not have to comply with warrants or court orders concerning user data.

Furthermore, the zero-logs policy on offer is transparent and trustworthy. The company does not collect any information about your activity or connection. The servers categorically erase such data and only store minimal details like for proper functionality.

ExpressVPN is an excellent choice for streamers, gamers, and torrenting fans. You can use their servers to bypass geo-blocks and access streaming platforms like US Netflix, Hulu, and BBC iPlayer. And you won’t encounter any buffering problems because the servers provide high, stable speeds.

For more information about the VPN, read the ExpressVPN review.

BulletVPN

Although VPN providers are not identical when it comes to services, the elite brands share some similar features. BulletVPN uses the same encryption as ExpressVPN, the AES 256-bit. Users can hide their online activities from the authorities as no one can breach this cipher.

The provider also follows a strict no-logs policy so that no third parties can get their hands on your sensitive data. And BulletVPN headquarters are in Estonia, another country that is outside privacy-intrusive jurisdictions. The company features a kill switch that cuts the Internet off your device in case there’s any malfunction. As a result, your traffic won’t travel back to your ISP’s servers.

And with BulletShield, a feature that you can enable alongside the kill switch, you’ll have no Internet connection unless you’re connected to a BulletVPN server.

The only problem with this VPN is that it has a smaller server network than most elite brands. Nonetheless, the servers are spread across key cities and regions, which gives you access to plenty of geo-restricted content. Besides, BulletVPN is continually expanding its network, so expect that number to rise. As for the speed rates, they are fast, with special “high-speed” servers available.

You can check out the BulletVPN review for the full list of features.

Unlocator

You might know Unlocator as a Smart DNS service, but the company recently expanded and introduced a VPN product as well. It features all the necessary options in terms of privacy, including a no-logging policy and military-grade AES-256 encryption.

Moreover, users can activate the kill switch during sessions, along with Unlocator Shield. Therefore, don’t worry if your VPN connection breaks. The only issue with this provider is its small server network, which only features 41+ servers in over 36+ countries. But Unlocator is expected to add more.

The company is based in Denmark, part of the 14-Eyes alliance. However, since Unlocator has a strict zero-logs policy, the authorities cannot acquire your sensitive data, even with a warrant.

You can sign up for both the VPN + Smart DNS plan and benefit from the best of both worlds. Unlocator also offers a 7-day free trial period, in addition to the customary 30-day refund policy. In other words, you’ll have plenty of time to test it before you make a purchase.

Read all the pros and cons in the Unlocator review.

NordVPN

NordVPN prides itself as one of the best VPNs in terms of privacy and security. It is one of many choices you can consider to protect your data from Sensorvault. First of all, it features a double VPN, which does everything a regular VPN does twice. That means double AES-256 encryption and double rerouting of your traffic.

The company also blocks annoying ads and malicious websites with CyberSec. And since it’s located in Panama, no warrants or court order can make NordVPN hand in your information. Not that you should worry about that because the VPN has a strict and clear no-logs policy.

Furthermore, its server network features more than 5,000 servers in 59 countries. Unfortunately, some may be a bit slow due to all the security benefits on hand.

You can find additional information about this VPN in the NordVPN review.

Sensorvault and How to Protect Yourself From It – Final Thoughts

We all know how much of a nosy neighbor Google can be. But the news about Sensorvault was really spine-tingling to a lot of people. Just think that you can go under police surveillance for merely being near a crime scene. Things could get even worse for you if someone with access to your phone uses it for illegal purposes. Just ask Jorge Molina.

However, we must keep in mind that Google did not design Sensorvault as a crime-fighting, police tool. The database helps the company provide relevant search results, recommendations, ads, and much more, which improves your browsing experience. Besides, it’s not like you’ll get convicted of a crime you didn’t do because of Sensorvault.

Still, if you feel uncomfortable with Google tracking all your whereabouts, you can delete your Location History, as well as Web & App Activity. And for extra privacy, you can use a premium VPN service.

What do you think of Sensorvault? Should Google scrap it for being too invasive? Or is it a necessary tool that improves the user experience? Tell us what you think below.