It seems like the person you're responding to has a problem with them selling their data in real-time to 3rd parties, rather than just any Google employee knowing where they are heading.
Yes that’s the specific issue. We didn’t fear specifically they could read our data; the key management systems available appeared sufficient at some level (although the gcp audit system had some issues, particularly access audit is available as a IAM decision log rather than point of use, so any access bypassing IAM or that failed in the service but succeeded in an IAM call would appear a positive access, etc - aws does the right thing here). More of concern is they appeared more than happy to harvest utilization information for the profit of others, and in our business that was a potentially serious side channel.
Surely they can. Who would be locking them out? Another google employee. So the useful questions are which google employees can look up people's locations, and through what process?
From what I've heard that type of information is only held on a special higher-security "logs" cluster and the code accessing that data is subject to additional review by Google's privacy division before it is allowed access to the data. I think there may be special ways to manually access some of that data, but even requesting that capability would automatically trigger an audit after the fact.
fnordpiglet|2 years ago
gardenhedge|2 years ago
pessimizer|2 years ago
IX-103|2 years ago