[MichaelGG]

What's the mindset that ends up with Chrome going out of its way to swap OK/Cancel when you enable DNT? (I don't think DNT is a real solution, but I'd guess Google wants to be able to point to data showing users don't enable it.)

What's the mindset behind the broken permissions on Android? Where any app that wants to change behavior when you get a call must request permission to your IMEI and calling/called number? Or why the broken, upfront, all or nothing model is still even used?

What's the mindset behind G+'s incessant nagging, and forcing it as a requirement to even rate apps on Play? Or the same for YouTube, etc.? Not to mention the "real names" debacle.

At what point are we allowed to say Google's mindset is not "don't be evil" as far as external observers are concerned? Or will everyone that brings this up always be labeled as unable to understand?

[DannyBee]

"What's the mindset behind the broken permissions on Android?

Where any app that wants to change behavior when you get a call must request permission to your IMEI and calling/called number? Or why the broken, upfront, all or nothing model is still even used?"

At the time android created its permissions model, most of these issues were not obvious, or it would have been done differently.

Remember, of course, that prior to things like android (the first version of the iphone only had webapps), permission models of any sort were pretty much unheard of. Flip phones running java apps, or blackberries, had apps that got to do whatever they wanted.

Permissions changes are being slowly made in android. The same way you'd slowly change most serious things about something with billions of users.

It's not like C++ or Java just release new features every day (even if we may want them to :P).

This is of course, the same as any large system in engineering.

I don't know enough to comment on the rest.

" At what point are we allowed to say Google's mindset is not "don't be evil" as far as external observers are concerned? Or will everyone that brings this up always be labeled as unable to understand?"

Truthfully? It doesn't matter. At some point, every company large enough will lose its sheen, and people will worry about it, and eventually question its motives. Nobody can be perfect at doing the right thing all the time, even if they wanted to. Eventually, even with the best of intentions, mistakes add up, and people stop believing. In fact, i'd wager it happens slower if you don't even try to have good intentions, and and just stay under the limelight, rather than try and occasionally mess up.

In any case, I guarantee the same will happen to Mozilla (or whoever we want to peg as the current defender of the world) over time, the same as it has happened in the past to every other company. Non-profitness won't save them.

[JetSpiegel]

This is a lie, I have a Nokia with the S40 OS and Java apps can't just do anything they want, particularly sensitive thing like accessing contacts and making internet connections.

In fact, if your app isn't signed by Nokia, you can't let an app make a request without nagging you for permission. This totally kills homebrew.

[DannyBee]

This was the "pretty much" part. But even that permission model is really really simple.

MIDP 2.0 had permission domains. In practice, the permission domains were basically "want this app to let you do anything on your phone Y/N?" for a lot of phones.

In the specific case of S40, Nokia's security policy came into play in 6th edition feature pack 1, or so Nokia claims.

For fun, look at the deviations different carriers (and editions) have at http://developer.nokia.com/community/wiki/Java_Security_Doma...

[ptx]

The permission domains govern what the defaults are and what permissions you are able to request, but the permissions themselves are more finegrained. And none of them defaulted to "allow" – see table linked from the page you linked to: http://developer.nokia.com/community/wiki/MIDP_2.0_API_acces...

"Trusted 3rd party domain" is everyone who gave heaps of money to Verisign. They get no permissions by default, but they can request, for example, network access and the user can then grant it once, per-session or always.

"Untrusted 3rd party domain" is the rest of us, and basically any app I ever installed, in which case the user is prevented from selecting "always allow" for network access and is prompted once per session, which was highly annoying.

So if anything, it was too secure! Sun sank their own standard by requiring expensive certificates for normal functionality. If they had used self-signed certificates they way Android does (checking on upgrade that it's the same certificate) it would have been great.

"Operator protection domain" and "Manufacturer protection domain" mighty work differently, but that's no different from the stuff that comes pre-installed on Android phones having access to everything without asking.

[zetafunction]

> What's the mindset that ends up with Chrome going out of its way to swap OK/Cancel when you enable DNT?

Chrome dev here. The way the Chrome settings web UI is written does not lend itself to strong consistency, just eventual, as devs notice it and fix it. Your DNT example was fixed last week in https://codereview.chromium.org/665113003.

Another example of inconsistent button ordering: the overlay for disconnecting a managed profile has its buttons reversed from the usual order, while the overlay for disconnecting an unmanaged profile does not.

[MichaelGG]

Damn. I guess this just goes to show how hard it is for an external observer to judge intent. I mean, you gotta admit that between the long, scary warning and flipping the buttons around compared to other privacy related settings, it certainly seems like a dark pattern. But I've been on the receiving end of this, so I understand how frustrating this must be. "No, really, it was late and one line got pasted in front of another and no one noticed."

I guess that just leaves the fundamental incompatibility with Google's current business model and personal privacy.

[munificent]

> I mean, you gotta admit that between the long, scary warning and flipping the buttons around compared to other privacy related settings, it certainly seems like a dark pattern.

Hanlon's Razor is a good rule to apply here.

[lucian1900]

DNT is a bad idea that does nothing useful. Discouraging people from using it is good, just like IE always sending DNT is absurd.

Android permissions aren't great. When Android was being designed (before Google bought it), the permissions were a huge step forward from desktop apps, which can still do anything at all. Arguably the very concept of upfront permissions is inferior to asking when needed, but attributing malice to the choice is silly. It'd also be really hard (or even impossible) to change without breaking all the apps out there.

G+ is annoying, indeed. They were aping Facebook with the real names thing and they should've known better.

[DannyBee]

"What's the mindset behind the broken permissions on Android?

Where any app that wants to change behavior when you get a call must request permission to your IMEI and calling/called number? Or why the broken, upfront, all or nothing model is still even used?"

At the time android created its permissions model, most of these issues were not obvious, or it would have been done differently.

Remember, of course, that prior to things like android (the first version of the iphone only had webapps), permission models of any sort were pretty much unheard of. Flip phones running java apps, or blackberries, had apps that got to do whatever they wanted.

Permissions changes are being slowly made in android. The same way you'd slowly change most serious things about something with billions of users.

It's not like C++ or Java just release new features every day (even if we may want them to :P).

This is of course, the same as any large system in engineering.

I don't know enough to comment on the rest.

" At what point are we allowed to say Google's mindset is not "don't be evil" as far as external observers are concerned? Or will everyone that brings this up always be labeled as unable to understand?"

Truthfully? It doesn't matter. At some point, every company large enough will lose its sheen, and people will worry about it, and eventually question its motives. Nobody can be perfect at doing the right thing all the time, even if they wanted to. Eventually, even with the best of intentions, mistakes add up, and people stop believing.

I guarantee the same will happen to Mozilla (or whoever we want to peg as the current defender of the world) over time.

[skj]

All of these things are designers trying for one user-centric goal and having it backfire in ways that were not predicted.

None of these things say "evil" to me even remotely.