[turtle_]

I recently left Google after spending a few years there.

Internally Google puts a huge premium on user safety and privacy. So much so that shipping anything requires getting changes through a regulatory process to safeguard users.

Google doesn’t do a good job of marketing its process. In some domains Google does explicitly use user behavior to drive revenue, so from the outside it becomes easy to spin changes like this as encroaching on user privacy, but I don’t see that here. I see something like a PM who is trying to surface some more functionality to users directly, and some engineers who spent far too long with lawyers to get sign off on this change.

It may be fashionable to sensationalize product changes like this, but the truth is often more mundane.

Edit: found a comment from the PM themselves in a previous discussion https://news.ycombinator.com/item?id=30174304

[titzer]

> Internally Google puts a huge premium on user safety and privacy.

It's Orwellian doublethink. Google will go miles out of its way to convince itself it gives a damn about user privacy, when it obviously does not give a damn about user privacy. Google always finds a way to justify studying users like lab rats. For Google, they believe that they are inherently in your circle of trust and that they are allowed to know anything they want to know about you because they are by default, up to nothing but good.

Google fundamentally does not understand that keeping things private means keeping things private from Google.

If you aren't paying Google, then they are harvesting your attention, activities, preferences, and future spending habits to eventually sell to the highest bidder.

[judge2020]

Google's entire business hinges on user privacy from everyone other than Google. If, tomorrow, either this Account Security scenario happened[0] or this South Park website happened[1] (everyone's internet history searchably by anyone), and it was done at the incompetence of Google, they would crumble overnight. They might recover within a year or two if they release a statement and fix it within a few hours or something, but it would be devastating and they would have to kiss their entire Google Cloud business (encompassing Cloud Platform and Workspace) goodbye.

Once more, even for their ad business, they don't sell that data, they target based off of it. They would lose their competitive data advantage overnight if someone could pay them $100 per-user for every user's full advertising profile since they could then go behind Google's back and out-header-bid Google with lower margins.

0: https://youtu.be/y4GB_NDU43Q

1: https://southpark.fandom.com/wiki/TrollTrace.com

[slingnow]

Are you kidding me? Crumble overnight? Have you not heard of the massive data breaches from the credit reporting industry? They got a minor slap on the wrist and everything is continuing as though it never happened.

I don't understand how people can have such naive views in this day and age. Google is FAR MORE important today than a credit reporting company. They wouldn't go anywhere.

[judge2020]

Nobody affected by those breaches willingly worked with the credit reporting industry. Everyone with a Workspace subscription willingly works with it and moving all the stuff Google Workspace offers off to Office 365 can be done relatively quickly by downloading all drive data, syncing user email, contacts, and caldav, and exporting Sheets/Gdocs as their Office file format counterparts.

[InitialBP]

There are numerous other breaches of companies that people continue to shop/work with literally weekly if not daily.

Wikipedia might not be the best source but they have a list of companies that have had data breaches, but there is a huge list of companies that have had public breaches.

Just to name a few and their sources that you people everywhere still use because the majority of people don't care about privacy or security.

Apple - https://www.theguardian.com/technology/2013/jul/22/apple-dev... AT&T - https://www.theguardian.com/technology/2010/jun/10/apple-ipa... Barnes and Noble - https://www.nytimes.com/2012/10/24/business/hackers-get-cred... Capital One - https://www.cnn.com/2019/07/29/business/capital-one-data-bre...

There's plenty of other examples on here - but I agree with the parent, Google could implode and leak everything and the average person could not be bothered to change their emails or stop using Google.

[Karunamon]

As a consumer, you can make the choice to not use Google. You can not reasonably avoid dealing with the credit reporting industry.

[hackerfromthefu]

Maybe, but you can't easily stop Google using you. Or FB, etc etc

[judge2020]

Yes you can. You can disable cookies, or use ad blockers. Specifically, this is talking about Google Workspace customers, so all their customers can easily move off using them for hosted email.

[short_sells_poo]

I agree with what you are saying. Google undoubtedly puts a lot of emphasis on security and privacy against external threats. In other words, it is unlikely that google systems would be hacked and user secrets be leaked. I can be relatively confident that script kiddies won't hack the Gmail servers and download everyone's data.

However, Google most definitely puts no value in privacy in the holistic sense of the word, because as you say they'll willfully harvest every last bit of information, sensitive or not, that users store at Google. Google cannot be given a shred of trust with private data, because they have time and time again demonstrated to have no moral compass in this respect.

They may take a lot of care about protecting this data from others, but they don't care at all about protecting the data from themselves.

[skummetmaelk]

> If you aren't paying Google, then they are harvesting your attention, activities, preferences, and future spending habits to eventually sell to the highest bidder.

Do they stop if you pay them?

[judge2020]

Google stopped scanning Gmail.com users' inboxes in 2017[0] and Workspace in general has a guarantee that they don't use any core service data[1] for their advertising business[2]:

> Google will only access or use Customer Data to provide the Services and TSS to Customer or as otherwise instructed by Customer. Without limiting the generality of the preceding sentence, Google will not process Customer Data for Advertising purposes or serve Advertising in the Services. Google has implemented and will maintain administrative, physical, and technical safeguards to protect Customer Data, as further described in the Data Processing Amendment.

0: https://www.theguardian.com/technology/2017/jun/26/google-wi...

1: https://workspace.google.com/terms/user_features.html

2: https://workspace.google.com/terms/premier_terms.html#:~:tex....

[pmoriarty]

"Google stopped scanning Gmail.com users' inboxes in 2017"

Actually, what the Guardian article says is that Google claims that:

"Consumer Gmail content will not be used or scanned for any ads personalisation after this change."

That doesn't mean they don't scan/read/use the contents of Gmail users' mailboxes completely. It just means they claim they don't do it for ads personalization.

So nothing in that announcement prevents them from doing this for other reasons.

There's also plenty of other juicy data that Google gets on you.. such as who you communicate with and know (gotten through Gmail and many other means), and things they can infer about you, which isn't affected by this announcement at all.

[judge2020]

IMO this is in the context of ad personalization so it's still valid, and it illustrates that they scan email for Workspace as well to provide useful features (like the 'designed to prevent you from threats' point on this marketing page[0])

0: https://workspace.google.com/products/gmail/#:~:text=Designe...

[Nextgrid]

That "guarantee" is of no use unless you can prove it (which you can't from the outside - so much data goes into ad targeting that it's impossible to definitely prove which bit of data was used to target a given ad).

They've also proven their bad faith with their GDPR consent flow that's not actually compliant with the regulation (there should be a big "decline" button as easy to use as the "accept" button).

[Narishma]

> If you aren't paying Google, then they are harvesting your attention, activities, preferences, and future spending habits to eventually sell to the highest bidder.

And paying them won't guarantee that they won't do those things either. Look at what Microsoft is doing with Windows.

[codeflo]

Let’s say I give you a box with two lights to show its state, one green and one red. Currently, the red light is on. The red light will also be on tomorrow. In fact, people who have observed this box for years have only ever seen it show red.

You might argue that this box is simply hard-wired to show red, but then I explain: No, your impression is wrong. I’ve built this box, and I’ve taken every possible measure to make it show green.

How credible am I?

And would you be more inclined to believe me more if I told you about my intrinsic love for the color green, and how I wired up the green light first, and how I have an entire committee of experts that has to sign off every design change to this box to ensure sufficient greenness? While it still shows, and only ever will, show the red light?

[briskapple]

The green light is on, you just can't see it.

[salawat]

Related phenomena: There are four lights! [Star Trek:TNG] 2+2=5 [1984] Gaslighting

[meepmorp]

Both the related phenomena you cite are fictional. Maybe find better supporting examples.

[addingnumbers]

They are fictional archetypes of established historical patterns, their reason to exist in pop culture is as shorthand allegories and extrapolations for common despotic behaviors that are already clear to everyone with a sense of history.

[meepmorp]

If they're archetypes of historical patterns, it should be trivial to find examples from history rather than fiction, no?

[addingnumbers]

It's so trivial that it's pointless because the intended reader is presumed to have already done it himself, excising that triviality is the purpose of any kind of shorthand.

[salawat]

See: North Korea. (I'm sure everyone there is completely up to date and accirate on the character of the world around them!)

See: Russia(Same)

See: Chinese Communist Party (Same)

See: United States and... Well, every nation really. (Same)

See: Propaganda(Literally exists to create skewed perceptions in allies/foes)

See: Filter Bubbles

See: Locality (Physics)

See: Perception Management (general category of activity)

See: Truman Show

See: Information Asymmetry (If you don't know it exists, woo boy, you might want to look into doing something about that)

See: The Great Firewall (Unrestricted access to the Internet is too dangerous to be allowed by an incumbent power structure)

See: DMCA Takedowns (unmanipulated information access is too dangerous to be allowed by am incumbent power structure)

See: Classification (Secret/Top Secret; unrestricted access to information is too dangerous to be allowed by an incumbent power structure)

See: Every Diplomat and liar ever

I mean, if you're going to play the source card, you may want to pick something that doesn't have so many real life examples that actually enumerating them, and the various contexts from which they have arisen, the timelessness in terms of what generation of humanity is in the process of manufacturing/experiencing said perceptual distortions, and level of infiltration into even the most basic levels of human interaction that requiring further requests for further explanation only serve to show one in a poorer or less flattering light. People lie. Period. The more that is at stake, the easier the act of lying becomes to stomach/justify.

You cannot have achieved adulthood without encountering some level of the type of practice being discussed. Even realizing that you have is in and of itself a formative moment in knowing oneself as a free agent.

It's cognitive dissonance. It:s coping. It's repression. It's distortion. It's for your own good, or more probably for the good of someone in a position to decide what is good for you in your stead.

If this is your first time thinking about or realizing this... I'm truly sorry. My condolences. Integrating it into a naive worldview is not a fun or enjoyable experience.

[wmeredith]

Mundane != OK

The banality of evil: https://aeon.co/ideas/what-did-hannah-arendt-really-mean-by-...

[avgcorrection]

> It may be fashionable to sensationalize product changes like this, but the truth is often more mundane.

A company which relies on user data for its revenue using user data seems like a mundane explanation to me.

[JacobThreeThree]

The comment really doesn't explain why Google had to do an automatic opt-in.

[testesttest]

You sure you were not just out of the loop? Engineers are often not included because they would object. You were only there a few years so I doubt you were privy to much of the politics.

[hackerfromthefu]

Yeah, compartmentalized design.

[seanw444]

While it may not be intentionally sinister, it's a precedent I can't agree with. Been on a journey to self-host as much of my stuff as I can to avoid this crap.

[johnklos]

See, this just doesn't pass the bullshit test. Look at Google's history and ask whether this could possibly be true. Could it? Really? Yes, but only if we posit that Google is hiding their nefarious activity from their own employees.

Look at stuff like this:

https://www.theregister.com/2022/03/28/google_data_privacy/

Is this the Google you left? If so, one really needs to ask is whether we should be even more worried about a company that hides its evil from its own employees than about a company that's just plainly shitty.

[ronnier]

google collects all your information and device info. They can also tie together all of your devices and accounts. They then share that info with the state and law enforcement.

[SSLy]

Is the GDPR-breaking consent flow also result of some bored PM?

[belter]

"The first step to data privacy is admitting you have a problem, Google" - 2022 https://www.theregister.com/2022/03/28/google_data_privacy/?...

"Android's Messages, Dialer apps quietly sent text, call info to Google" - 2022 https://www.theregister.com/2022/03/21/google_messages_gdpr/

"What Data Do The Google Dialer and Messages Apps On Android Send to Google?": https://www.scss.tcd.ie/doug.leith/privacyofdialerandsmsapps...

https://news.ycombinator.com/item?id=30751751