Hacker News new | ask | show | jobs
by GTP 1342 days ago
This is true now, but once they have those data you can't know what they will use them for in the future. Maybe they will keep using them in the same way as now, maybe not. Also don't forget the recent case of users that got reported to the police by Google because they took pictures of their children for medical reasons.
1 comments
amf12 1342 days ago
> This is true now, but once they have those data you can't know what they will use them for in the future.

You can set up auto-deletion of data every 3 months.

link
arcanemachiner 1342 days ago
It's actually spelled '"Auto-Deletion" of data' since you can't prove it's been deleted.

Google and other US tech companies have no right to be trusted after PRISM. Not to mention the US government's complete abdication of public oversight under the guise of national security, with secret courts, secret rulings, and national security letters compelling silence from these same organizations while complying with whatever demands they make.

link
spankalee 1342 days ago
You realize many tech companies responded to PRISM by making their data centers and private fiber more secure against domestic state sponsored hacking, right?
link
londons_explore 1342 days ago
Unfortunately, I believe that there were 2 possible outcomes in a post-PRISM world:

1) Tech companies increased their security, but it wasn't enough, and security services still have a feed of nearly all data, through a combination of software/hardware/algorithmic flaws.

2) Tech companies did manage to mostly stem the flow of information into security services. However, security services simply sent secret letters to all the big players demanding an API/backdoor and requiring them not to talk about it.

(or some mix of the two)

link
joshuamorton 1342 days ago
My lukewarm take is that it is possible to construct your company/infra in such a way that functionally, any employee can audit that (2) is not the case, and that Google comes very close to doing this.

If you take security and specifically insider threats seriously, you can't privilege or hide any subsystem, or it becomes a threat of its own, so the same processes that prevent an attacker from creating a shadow-system in your infrastructure also prevent you from doing the same thing.

link
GTP 1341 days ago
But a FISA court order has nothing to do with hacking.
link