[geofft]

It protects the user's privacy against attackers other than Google.

To be fair, this is an entirely reasonable threat model for a lot of people. For instance, if you're a reporter in an authoritarian country, Google is almost certainly not colluding with the attackers who are literally trying to kill you, and using a Chromebook and Gmail is probably the best option out there. Your threat model is "Don't die," not "Don't be subject to surveillance capitalism."

But it's also something we should collectively be pushing back on. The motivating example for these products is "intelligent ambient systems," i.e., things like Nest hubs and doorbells that capture audio/video all the time. These products probably shouldn't exist at all, and to the extent they do, they should process data locally and discard it as soon as they can.

[londons_explore]

Google sucks up a lot of data, and is in a position to do a lot of bad stuff with it, but historically they have never told my spouse about my affair, my government about my accounts in the caymans, or leaked my nude pictures to my grandma. (I don't actually have any of these!)

I really don't care how much data of mine they have while they limit their evil they use it for to deciding if they should show an ad for baseball or football shirts...

And I trust them not to accidentally leak it far more than I trust my government or any smaller/less techy company.

[Mikeb85]

This 100x. Of all the companies/entities that have had some sort of data of mine over the years Google feels by far the most trustworthy.

My country's agencies (Canada) have leaked more data than Google, and MS can claim they're secure all they want, I've had accounts on MS services hacked but never Gmail or Google services...

[tomrod]

There is a tradeoff between hackability and single source of truth.

[petmon]

> historically they have never told my spouse about my affair

Have we forgotten Google Buzz? Google changed GMail to publicly list the people you email most. In one case, this de-anonymized a woman's blog and enabled her abusive ex-husband to stalk her. https://fugitivus.wordpress.com/2010/02/11/fuck-you-google/

This is IMO the most likely way that "bad stuff" will happen: not maliciously, but through privacy-invading misfeatures connected to pushing people to share more.

[londons_explore]

Thats 12 years old... I think it's a real testament to Googles privacy behaviour that amongst their 2 Billon+ users over 11 years, there are no fresher news stories that come to mind.

Compare with facebook/instagram, where it seems every other week someone messes up the privacy settings and posts something to an audience they didn't intend because the product is deliberately designed to encourage accidental oversharing.

[asoberbeck]

> Google sucks up a lot of data, and is in a position to do a lot of bad stuff with it, but historically they have never told my spouse about my affair, my government about my accounts in the caymans, or leaked my nude pictures to my grandma. (I don't actually have any of these!)

You've been lucky, then: https://www.gawker.com/5637234/gcreep-google-engineer-stalke...

"""It's unclear how widespread Barksdale's abuses were, but in at least four cases, Barksdale spied on minors' Google accounts without their consent, according to a source close to the incidents. In an incident this[2010] spring involving a 15-year-old boy who he'd befriended, Barksdale tapped into call logs from Google Voice, Google's Internet phone service, after the boy refused to tell him the name of his new girlfriend, according to our source. After accessing the kid's account to retrieve her name and phone number, Barksdale then taunted the boy and threatened to call her. [...]"""

[esprehn]

Fwiw that was 12 years ago, and a lot of the Google infra has changed quite a bit since then to make looking at user data much harder and track access more explicitly.

[londons_explore]

I really want Google to advertise this...

Ie. I want them to commit to "No human who works at Google will ever see your email or photos without you knowing about it". And then splash that statement all over TV ads.

Set up some system so every time an engineer sees user data, the owner of that data is sent a notification (and there are legit reasons for that, like investigating a bug a user has reported). It doesn't need to be for every kind of user data, just the super sensitive ones like the text of emails.

[joshuamorton]

While it doesn't work for consumer accounts, https://support.google.com/a/answer/9230474?hl=en already exists, and https://cloud.google.com/cloud-provider-access-management/ac... goes further, requiring your consent before access. Although it doesn't work for certain legally mandated things

[pkulak]

But it's still better to not have to trust a giant, multi-national corporation at all.

[geofft]

Absolutely agree, but how do you do that in practice?

Do you self-host your services on some Linux distro? How many FAANG employees have upload access to that distro or maintain its infrastructure?

(Or maybe you audited everything yourself and you're 100% confident in your audit, somehow, and you've turned off automatic updates. How many FAANG employees are working on fuzzers to automatically find new exploitable security vulnerabilities and scale out those fuzzers on their employers' infrastructure?)

[GTP]

This is true now, but once they have those data you can't know what they will use them for in the future. Maybe they will keep using them in the same way as now, maybe not. Also don't forget the recent case of users that got reported to the police by Google because they took pictures of their children for medical reasons.

[amf12]

> This is true now, but once they have those data you can't know what they will use them for in the future.

You can set up auto-deletion of data every 3 months.

[arcanemachiner]

It's actually spelled '"Auto-Deletion" of data' since you can't prove it's been deleted.

Google and other US tech companies have no right to be trusted after PRISM. Not to mention the US government's complete abdication of public oversight under the guise of national security, with secret courts, secret rulings, and national security letters compelling silence from these same organizations while complying with whatever demands they make.

[spankalee]

You realize many tech companies responded to PRISM by making their data centers and private fiber more secure against domestic state sponsored hacking, right?

[londons_explore]

Unfortunately, I believe that there were 2 possible outcomes in a post-PRISM world:

1) Tech companies increased their security, but it wasn't enough, and security services still have a feed of nearly all data, through a combination of software/hardware/algorithmic flaws.

2) Tech companies did manage to mostly stem the flow of information into security services. However, security services simply sent secret letters to all the big players demanding an API/backdoor and requiring them not to talk about it.

(or some mix of the two)

[GTP]

But a FISA court order has nothing to do with hacking.

[water-your-self]

Until governments approach them and demand that data or force Google to leave.

[Mikeb85]

Google has refused to cooperate with authoritarian governments and even left China over it. Unlike Apple and MS...

[steelframe]

Apple's "cooperation" with authoritarian governments tends to only go so far as it needs to in order for the next iPhone to come out on time and in sufficient supply. Otherwise Apple bends heaven and earth to engineer their devices to be as secure as they can make them, even against state authorities.

That said, if you live in China, you probably don't want to sync your stuff to iCloud. Not because Apple doesn't want to protect your data, but more because you can't trust anything in any data centers that are physically on Chinese soil.

But let's get real. If you're in mainland China and the authorities decide they need to confiscate your phone, you're already fscked.

[Mikeb85]

Digging through the link the other commentator posted, Apple complied with 88% of Russia's requests for information and 94% of China's with over 1000 requests from each of those nations...

Versus Google which has avoided giving information to or censoring search results in both countries and as a result is mostly banned.

[kgeist]

None of Google's services are banned in Russia.

[jsnell]

> Apple's "cooperation" with authoritarian governments tends to only go so far as it needs to in order for the next iPhone to come out on time and in sufficient supply

That statement is kind of information-free. If China knows they have Apple completely over the barrel, why wouldn't they demand a lot?

But for how they cooperate, Apple's own transparency report shows they give information on Apple customers to Chinese authorities thousands of times per year, and accept the vast majority of requests: https://www.apple.com/legal/transparency/cn.html

Likewise in Russia: https://www.apple.com/legal/transparency/ru.html

[trasz]

>If you're in mainland China and the authorities decide they need to confiscate your phone, you're already fscked.

Funny how you specifically mention China, as if it worked differently in USA - the country where you can get four years of jail time for talking back to police.

[Shugyousha]

AFAIK they have been back in China for a few years again though ...

[gloryjulio]

Not sure what your a talking about. Google/Fb/Twitter etc are all banned in China. The major surviving ones are Microsoft and Apple.

[Mikeb85]

Not really... https://en.wikipedia.org/wiki/Google_China

[gloryjulio]

This. Now iOS is starting to turning to ads business. Apple is officially worse than Google.

[Tagbert]

Why is Apple worse? Because they have a limited ads business?

[gloryjulio]

Because of hypocrisy? They pretend to be not in ads business with your data

So now everyone is doing the same thing so called value the 'privacy' (aka only they could collect the data for themselves to do personalized ads). So in the end you pick the one who hoard ur data and show the ads. What's the difference again?

[trasz]

Google, being US-based company, is legally obliged to provide all the data they have to three letter agencies, without any real oversight. They can’t refuse even if they wanted.

[Mikeb85]

And same goes for MS and Apple.

Regardless, I care less about the US government having my info than, say, Russia (especially being part Ukrainian, having Ukrainian friends and family, etc...).

[trasz]

Sure, but there’s a fundamental difference between Russia and China - about as big as between Burma and US.

[webmobdev]

Lol. Selling your data to the government is one of the ways they make money. BigTech and BigBrother have been in cahoots for more than 2-3 decades now. Read https://en.wikipedia.org/wiki/PRISM for more info.