[jimmaswell]

This is ridiculous FUD, you're not compromising anybody's privacy by letting google drive do an OCR for you. The chance is extremely remote that there would somehow be a leak of the information to malicious parties or the like out of Google. Is this is all over the possibility of their advertising engine seeing keywords and giving you an ad based on it? Even if that's the case then that's not a privacy violation, no human ever can see how that's associated with a specific identity. Do you also avoid sending anything personal through gmail? Using google search at all? It's impractical tinfoil hat territory to act like there's any reason to be concerned about this OCR tool or any other instance of putting your files on Google. To my knowledge there has never been a hack of Google's data or any leak connecting any user's identity to PII.

[mikegerwitz]

It really doesn't matter.

For those who are concerned about the privacy and are mindful enough to care about the privacy of others, putting any information on anyone else's computer (like Google's servers) is a leak. You don't know what is being done with those data, intentionally or not. And that would be the case regardless of whether or not the software is free/libre---it's being sent across a network to a destination you do not control.

Of course, information is leaked all of the time. Depending on the software that you use, your (generally, not you specifically) address book on your phone might be available to numerous remote services, and that is directly parsable by third parties, and directly tied to you and your contacts. It's up to you to consider your threat model. mynewtb's threat model is different than yours.

[syntheticnature]

...and folks concerned about security were using AOL Instant Messenger?

[TheAceOfHearts]

Maybe when they were younger and less cognizant of the potential consequences of certain actions? People can change their views on things over time.

[mikegerwitz]

I'm 28 and am a free software activist focusing heavily and user privacy and security, iving talks on those issues and meeting with my local school district to discuss how it impacts students.

When I was a teenager in middle school what almost feels like another lifetime ago, I used AIM.

[pathseeker]

>Even if that's the case then that's not a privacy violation, no human ever can see how that's associated with a specific identity

How can no human see the data that Google has? Google is not a magical place where machines cannot be compromised.

>To my knowledge there has never been a hack of Google's data or any leak connecting any user's identity to PII.

The Snowden leaks say otherwise. http://www.slate.com/blogs/future_tense/2013/10/30/nsa_smile...

>This is ridiculous FUD, you're not compromising anybody's privacy by letting google drive do an OCR for you.

So it depends on your threat model. If you care about rogue Google employees or other actors with 0-day exploits, then putting information into the hands of Google is a risk.

[jimmaswell]

OK, that's the NSA, you can assume they know everything already. And in this case, the article mentions Yahoo, which is where the information was in the first place.

[syntheticnature]

Indeed! The discussion is about rogue elements getting a Buddy List that was in AOL's hands, and therefore one should assume the TLAs already had it. Google might not have, unless you, or all your contacts, used the AIM/Google talk integration that existed for a bit, in which case they had it. Leaving aside that it's quite likely these connections already leave a Google-based data trail.

[ouid]

If that algorithm is building a model of me, then yes, it's clearly an invasion of my privacy. Google itself is the entity that I do not want to have access to a model of me.

[jimmaswell]

I don't agree that an algorithm building a model of you based on information you've provided to the website is an invasion of privacy.

[ouid]

Can you characterize what you consider an invasion of your privacy? Can you bound what you would find reasonable for someone else to characterize as an invasion of privacy?

[jimmaswell]

Personally identifiable/private information about an individual being made available to another individual without consent from the subject. Gmail running an automated algorithm over your mail and suggesting an ad doesn't do this. If an actual person was reading all your mail, something you generally have an expectation of privacy in dealing with, or the advertising profiles advertisers use were leaked in such a way that they could be attached to the specific individuals they're related to, that would be an invasion of privacy.