Google could easily protect the privacy of their users but it would need to be a directive from the top down and they would have to actually mean it.
All this is is an attempt to show themselves as the good guys relative to Facebook whereas Google is in many ways just as bad, just along different axis. At heart both Facebook and Google are advertising scum of the very worst kind that hold the world hostage with some free functionality.
The problem with Google is that that functionality is of a grade that it is hard to get around them, Facebook you can do without just fine.
I couple of years ago I went to bed with the computer on. I woke up in the middle of the night with hard drives in full rage. My first thought was that Vista is probably doing a defrag, but I was pretty sure I had turned that feature off. So I ran perfmon to see what was going on: googleupdate.exe was scanning all drives, not only the system drive, but all of them. I purged all Google software from the computer (Google Chrome, Earth).
Well, they definitely do fail at the very core. For the non-enterprise Gmail accounts, there is basically no way for account owners to reattain control over an account if it was hijacked. Google product forums full of people blocked from the recovery of their account by sudo-AI recovery form and all the support they get is repeated "use recovery form" from some kind of "google community volunteers" (or something like that).
E-mail account is basically a concentration of personal data and doing so little to protect that negates everything else.
Whenever you make the recovery process easier, you make it easier for attackers to "recover" victims' accounts.
Switching from pseudo-AI to humans isn't necessarily better. I had an attacker successfully social engineer a support person into changing the email associated with one of my videogame accounts which had some valuable items.
Preventing attackers from getting my password is something I can do myself. Preventing attackers from "recovering" my account is not something I can do myself. So I prefer services to have difficult recovery.
You make an excellent point, but I’d say the bigger problem with Gmail from a privacy stand-point is that your contacts and email contents are surrendered to an ad-surveillance company, and deliberately stored in plain-text, for any international government that fancies a look.
Even if you accept that that’s a price worth paying for the service, you’re “snitching” on all your friends you exchange numbers/emails with. If you avoid Gmail, they still have all your email, just from the other end.
> The fundamental challenge... is making computing systems that people feel comfortable using. “They don’t feel safe, they don’t feel trust... Does this company have my best interests at heart at all?..”
Making users feel good about surrendering data, defined as “protecting privacy”.
Google’s positioning on the current furor is pretty interesting.
Specifically the preferred corporate definition of ‘privacy’ to mean...
> Being respectful of a user can be as simple as giving her a way to respond to a product that bothers her, whether its an ad for a chicken recipe that’s not relevant for her because she’s a vegetarian or an abusive message that she wants to report.
... Funnel-optimization (“user trust”), and enhanced personal data collection.
I find the [x] button on Google's ads annoying. I click the [x] to mean "remove this ad" but that is not one of the options presented. Wouldn't it be better for users and Google if clicking [x] actually removed the ad from the page?
This article is entirely about security and Google's attempts to make sure user data never leaks outside the company.
While you can't have privacy without security, security by itself does not equal privacy. Not once does this article talk about how Google tracks and records user behaviour on an industrial scale.
When you create a Google account, you're asked to provide your name, your
gender, your date of birth, your location and your mobile phone number.
Some of your most personal and private details, all of which will now be tied to your online behaviour.
That data capture starts right from school, where millions of students use
a cloud-based OS called ChromeOS that records everything they do. It's
quite horrible that this is happening - the kids don't even get a say,
it's the adults who've decided this.
The G Suite for Education Privacy Notice [1] clearly states that Google collects device information, unique device identifiers, mobile network
information (including phone number of the user). Also logged are IP
addresses, location information, and app usage using unique application numbers.
Even if this information is detached from individual accounts and
aggregated, it equals a phenomenal amount of data captured by Google on millions of students in the US.
And we've seen from Spotify and Netflix how even aggregated data can
reveal very private and personal user behaviour.
It's baffling how little scrutiny the company faces, least of all from the tech community who, more often than not, rush to it's defence.
So no PRISM ? And analytics and google font don't collect my data when I'm not on a google site ? And no scanning of my gmail messages ? And I can install updates for my Android apps easily without linking my personal email to my phone ( and risking cloud contact/photo sync if I didn't do this right) ? And ads don't get personalized to my profile according to all those data ?
I logged into "my activity" on Google recently for the first time. I was pretty annoyed to see they have tracked all my Duck Duck Go searches made through chrome.
It's interesting to me that the article mentions Yonatan Zunger, since he left Google in July 2017. Before working in the Privacy team (as a Distinguished Engineer), he was Chief Architect for G+.
His short stint in Privacy (8 months) before quitting Google for a startup makes me nervous. But maybe I'm reading too much and he just needed to move on from Google after 14 years.
Reads very propagandy esp considering the timing. The fb drama is justcooling off, what better way to promote an fb competitor than talking about this.
Where is the opt-out for reading GMail content? Or better written: why is the scanning of emails activated by default and not as opt-in? What about the preinstalled Android Google Services, which upload data continuously on Googles' Servers?
I think it's fairly standard that larger tech companies have privacy teams. Apple has one, facebook has one, google has one. If I bothered to search for more, you probably can find a news article about that company's privacy team.
Isn't this just about who 'other than google' can access your data? Its sort of like creating an API and allowing only one person to use that API. The API itself is the problem, not the fact that only one person can access it. But I don't get the pressure on Google here. What do people expect them to do if their entire business model is based on data harvesting. The only way to fix this would be to have a legally mandated opt-in policy on data collection. This will let Google charge money from end users, and maybe make them feel much better about it too.
Interesting, I noticed as well that Alex Stamos has a record of data breaches that he leaves behind. What's his next gig? Does anyone know? Will be curious to follow.
[+] [-] jacquesm|8 years ago|reply
All this is is an attempt to show themselves as the good guys relative to Facebook whereas Google is in many ways just as bad, just along different axis. At heart both Facebook and Google are advertising scum of the very worst kind that hold the world hostage with some free functionality.
The problem with Google is that that functionality is of a grade that it is hard to get around them, Facebook you can do without just fine.
[+] [-] z3t4|8 years ago|reply
[+] [-] grimskin|8 years ago|reply
E-mail account is basically a concentration of personal data and doing so little to protect that negates everything else.
[+] [-] Buge|8 years ago|reply
Switching from pseudo-AI to humans isn't necessarily better. I had an attacker successfully social engineer a support person into changing the email associated with one of my videogame accounts which had some valuable items.
Preventing attackers from getting my password is something I can do myself. Preventing attackers from "recovering" my account is not something I can do myself. So I prefer services to have difficult recovery.
[+] [-] confounded|8 years ago|reply
Even if you accept that that’s a price worth paying for the service, you’re “snitching” on all your friends you exchange numbers/emails with. If you avoid Gmail, they still have all your email, just from the other end.
[+] [-] confounded|8 years ago|reply
Making users feel good about surrendering data, defined as “protecting privacy”.
Google’s positioning on the current furor is pretty interesting.
Specifically the preferred corporate definition of ‘privacy’ to mean...
> Being respectful of a user can be as simple as giving her a way to respond to a product that bothers her, whether its an ad for a chicken recipe that’s not relevant for her because she’s a vegetarian or an abusive message that she wants to report.
... Funnel-optimization (“user trust”), and enhanced personal data collection.
Very Googley.
#changetheworld
[+] [-] nielsbot|8 years ago|reply
[+] [-] open-source-ux|8 years ago|reply
While you can't have privacy without security, security by itself does not equal privacy. Not once does this article talk about how Google tracks and records user behaviour on an industrial scale.
When you create a Google account, you're asked to provide your name, your gender, your date of birth, your location and your mobile phone number. Some of your most personal and private details, all of which will now be tied to your online behaviour.
That data capture starts right from school, where millions of students use a cloud-based OS called ChromeOS that records everything they do. It's quite horrible that this is happening - the kids don't even get a say, it's the adults who've decided this.
The G Suite for Education Privacy Notice [1] clearly states that Google collects device information, unique device identifiers, mobile network information (including phone number of the user). Also logged are IP addresses, location information, and app usage using unique application numbers.
Even if this information is detached from individual accounts and aggregated, it equals a phenomenal amount of data captured by Google on millions of students in the US.
And we've seen from Spotify and Netflix how even aggregated data can reveal very private and personal user behaviour.
It's baffling how little scrutiny the company faces, least of all from the tech community who, more often than not, rush to it's defence.
[1] https://gsuite.google.com/terms/education_privacy.html
[+] [-] cm2187|8 years ago|reply
[+] [-] sametmax|8 years ago|reply
[+] [-] collyw|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] UncleMeat|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] AceJohnny2|8 years ago|reply
His short stint in Privacy (8 months) before quitting Google for a startup makes me nervous. But maybe I'm reading too much and he just needed to move on from Google after 14 years.
https://plus.google.com/+YonatanZunger
https://www.linkedin.com/in/yonatanzunger/
https://twitter.com/yonatanzunger
[+] [-] theDoug|8 years ago|reply
[+] [-] aiiane|8 years ago|reply
[+] [-] adamnemecek|8 years ago|reply
[+] [-] benatkin|8 years ago|reply
[+] [-] AceJohnny2|8 years ago|reply
[+] [-] ForHackernews|8 years ago|reply
If you care about user privacy, you don't deliberately build a panopticon.
[+] [-] ThatHNGuy|8 years ago|reply
Where is the opt-out for reading GMail content? Or better written: why is the scanning of emails activated by default and not as opt-in? What about the preinstalled Android Google Services, which upload data continuously on Googles' Servers?
[+] [-] lathiat|8 years ago|reply
[+] [-] woolvalley|8 years ago|reply
[+] [-] ksk|8 years ago|reply
[+] [-] pjmlp|8 years ago|reply
[+] [-] collyw|8 years ago|reply
[+] [-] tanu057|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] andridk|8 years ago|reply
[+] [-] throwawaymanbot|8 years ago|reply
[deleted]
[+] [-] gaius|8 years ago|reply
[+] [-] 908087|8 years ago|reply
[+] [-] dogecoinbase|8 years ago|reply
[+] [-] kerng|8 years ago|reply
[+] [-] smt88|8 years ago|reply