Hacker News new | ask | show | jobs
by metadat 1212 days ago
Privacy is bundled under Trust & Security. I don't have precise numbers or estimates, but basically every Google product area has a team of Technical Privacy Engineers, TPMs, TPgMs, and VPs. They are the arbiters who can block a production release if privacy and security issues are discovered and not remedied.

No other company I can think of has invested in such a rigorous Privacy review and support structure in an attempt to reduce risk. Other BigCorps do take it seriously, but get by with much less investment. Despite this, FB et. al. are keen to poach Google Privacy employees, because there are very few Privacy Engineer in existence and Big-G pioneered modern day corporate privacy efforts. Google is a huge target for hacking and public criticism or even loss of human life due to product decisions, especially because the products are so ubiquitous and widespread (browser, mobile OS, search engine, Gmail, ad network, etc). See subjects such as Differential Privacy.

Source: I have a few friends who've worked in the G-Privacy org.
2 comments
kortilla 1212 days ago
Differential privacy didn’t come out of Google.

> They are the arbiters who can to block a production releases if privacy and security issues are discovered and not remedied.

Every company I’ve worked at outside of tiny startups has had this level of gating by the security team.

> No other company I can think of has invested in such a rigorous Privacy review and support structure in an attempt to reduce risk.

Which companies have you worked at in the last 8 or so years? It sounds like you’ve just watched the industry mature a bit in PII from the perspective of the inside of Google.

link
dmitriid 1212 days ago
> No other company I can think of has invested in such a rigorous Privacy review and support structure in an attempt to reduce risk.

In recent court cases Google employees admitted they have no idea where user data is stored (specifically location data), which systems have access to it, and how to fully turn tracking off.

80-90% of Google's revenue comes from online ads. There's a huge conflict of interest between Google's business model and whatever "arbiters" pretend they want to block.

And of course the number of privacy things that Google pioneered is minuscule to non-existent. Google has been dragged into caring about privacy against its will, kicking and screaming, by government actions like GDPR and CCPA.

Facebook poaches Google's privacy people because Facebook is the only one of mega corps who are worse than Google, and wants to continue its practices as much as Google.

link
jsnell 1212 days ago
> In recent court cases Google employees admitted they have no idea where user data is stored (specifically location data), which systems have access to it, and how to fully turn tracking off.

Really? Do you happen to have a source for that?

link
dmitriid 1212 days ago
https://www.theverge.com/2020/8/26/21403202/google-engineers...

Edit: a better article https://www.businessinsider.com/unredacted-google-lawsuit-do...

Short quote:

--- start quote ---

Jack Menzel, a former vice president overseeing Google Maps, admitted during a deposition that the only way Google wouldn't be able to figure out a user's home and work locations is if that person intentionally threw Google off the trail by setting their home and work addresses as some other random locations.

Jen Chai, a Google senior product manager in charge of location services, didn't know how the company's complex web of privacy settings interacted with each other, according to the documents.

--- end quote ---

link
jsnell 1212 days ago
Thanks. But neither of those sources matches your initial description.

The first is not anyone "admitting" anything in a "court case". Nor does it discuss "where user data is stored" or "what systems have access to it". It is quotes from an email discussion on some article, about the behavior of a UI toggle, with no indication that these are people working on that system who would be expected to know where data is stored but don't.

In the second link you've at least got a deposition, but how is either of those paraphrases relevant to your claim about "not knowing where user data is stored" or "what systems have access to it"?

link
dmitriid 1212 days ago
Unfortunately I cannot find the exact article describing this now.

There were a few over the years. If I can find one, I will update you with the link.

Meanwhile Google has settled for $85 million in this case https://eu.usatoday.com/story/money/2022/10/05/google-arizon... A whooping 0.6% of their profir for 2022

link