The whole is "Don't be Evil" history thing is asked too often, frequently around things which probably aren't even borderline but this feels a valid case of calling them on it.
Deliberately exploiting a loophole to circumvent privacy controls is scummy behaviour, the sort of thing you expect from the industry's bottom feeders, not from one of the biggest companies in the game and certainly on that professes some sort of conscience.
You can argue its not really evil but it's hard to say its not another step towards that, and this time it seems hard to suggest that it's contractors or some peripheral part of the company.
I don't see any reason to think that upper management is any less committed to "Don't Be Evil" than they've ever been, and as long as Larry and Sergey are in charge it'll probably remain that way. But the larger a company gets the harder it is to impose that sort of thing on everybody, and the more stupid and random stuff a company will do, and some of that will end up being intentionally or effectively evil. Growing by acquisition rather than organically is probably making it worse than it has to be, too.
Company culture and values always come from the top. If you have an arsehole CEO he or she tend to recruit those with similar characteristics and create a culture where that behaviour thrives. That's repeated at he next level, the level below that and so on.
It may be as little as a shifting set if priorities so don't be evil is less important and other things a little more and with that the cracks appear.
I'm not suggesting that they're now spending their days plotting how to enslave us all but I similarly can't believe that there hasn't been some shift, conscious or unconscious.
There is a type of person like this, and I've seen them as the majority of upper management everywhere I've worked. But at Google, upper management is not like this at all. The CEO is the guy who co-invented PageRank. He holds weekly meetings where employees can get a beer and ask him questions. Google makes a lot of money, but it's not run like your average "big company". (When I worked at Bank of America, the yearly "town hall" meetings were invite-only. And if you were invited, the CEO stood outside the doors, spot checking employees to make sure they had Bank of America credit and debit cards. What the fuck!?)
Everyone is waiting for Google to become evil, but the infrastructure is just not in place for that.
None of these things preclude a shift though. It can be as simple as being a nice guy who pushes the team to focus on profitability a little more which causes them to compromise in ways they might not have done previously, or who defines evil a little differently.
As I think I said, I don't think anyone is suggesting that Google senior management are actively plotting how to enslave us all, but there does seem to be a pattern of things which suggest a shifting of priorities.
Given that much of Google's growth was shepherded by Eric Schmidt, who seems to think privacy is orthogonal to evilness, I think you've hit the nail on the head.
You mean the guy saying in a television interview that Google is subject to the patriot act and if you really don't want anyone to know about something, you shouldn't be telling google?
In the same way reporters are always on the lookout for political gaffes instead of substance from our candidates because that's what viewers watch, statements like this are really just calls for more marketing and fewer frank answers.
Eric Schmidt is the kind of guy that says exactly what he's thinking, because he doesn't think you want to be lied to. This results in a lot of quotable quotes that people overreact to, but you have to moderate the quotes with actions.
A good example is the Target profiling that was on HN yesterday. Google collects your personal information to target ads to you, but they don't hide that fact. They run ads on TV and in the subway to tell you what they do, why, and how it affects you. They let you opt out of targeting. They rewrite their privacy policy to be as readable as possible. They change their privacy policy and notify you, logged in or not, on all their sites. Basically, Google wants you to use information to make an informed decision about whether or not you want to give Google your data. Compare this to Target, where they deliberately hide their targeted ads so you don't realize you're being targeted.
In the end, both Google and Target do the same thing: profile you to make advertising dollars more effective. Google tells you what they do and why. Target lies to you so you don't know you're being profiled. And then people get outraged at Google for becoming evil, even though they're the only ones that don't lie to you!
He didn't say you shouldn't tell Google, he said you shouldn't do it. He doesn't support behavior which relies on privacy—i.e., anything controversial which lacks near-universal support from society.
That's the part that's usually quoted. You'll have to be more specific by what you mean by "He doesn't support behavior which relies on privacy", because that sounds more like a cartoon villain.
The full quote is
Q: People are treating Google like their most trusted friend. Should they be?
A: I think judgement matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. But if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.
"He didn't say you shouldn't tell Google, he said you shouldn't do it."
Like, you should quit being gay, or a woman in a tech forum, or a person of color, or a jew, or having leftist opinions while working for a conservative boss, or vice-versa after you changed jobs, and quit having an address your abusive ex can discover, and quit secretly liking Lady Gaga.
It's very unlikely that a court would want any of that information and sign a warrant for it, so you don't have to worry about how Google protects your information from court orders. If you boss writes Google and asks whether or not you're gay, that request is most likely going to be routed to /dev/null. If your boss gets a warrant and a judge signs it, then that's another story. Google has to comply with the law, after all. So does Apple, Microsoft, and every other company in the world.
As for protecting your information from your friends, I think Google does a pretty good job in the situations you mention. Google doesn't share your search history with anyone. You don't have to pick a gender to use Google+. You don't have to list your race, ethnicity, or religion. And, Google+ provides a number of privacy controls so you don't inadvertently share your leftist feelings with your conservative boss.
The absolute safest way to protect information is to not disclose it to anyone. That's all Schmidt is saying. If you're planning to overthrow the government, don't post your plans to Google Docs. If you're just worried that your boss won't like you, though, then you can be a little more relaxed, and share things via Google+ with close and trusted friends. Then, the main attack vector is no longer through Google; the risk is that your friends will re-share something (offline or otherwise) that you didn't want them to. And that's just life as usual.
The fact that this comment has been downvoted is as hilarious as it is depressing. Are we not even going to pretend any more that on HN downvotes are for bad comments, not comments we don't entirely agree with?
I think it's reasonable that people could see this as a bad comment.
The whole point is that no-one should be able to say "this is important that it stays private, this isn't important".
For one thing it's none of their business, for another historically the most unusual things have been used for discrimination or oppression. What may be seen as acceptable today may not be so tomorrow. What may be the folly of youth now may be seen as a clear lack of judgement tomorrow.
Just a helpful reality check (since it's easy to lose perspective when you're outraged): Every site that uses JSONP is deliberately exploiting a loophole to circumvent privacy controls.
Last time I checked, JSONP is a workaround for Single-Origin-Policy. If a site A uses JSONP to consume service from B, then A bets its money on B's good will. I don't see B can steal anything other than A's in-browser data.
What is the answer? Regulations? At some point will the government step in to protect people and their rights?
I know I know.. the services are laid out and people know that their information is being sold. But does that mean it's right? Sub-prime mortgages were legal and led to a disaster. My fear is that not having a set of guiding principals in regard to privacy will result in over-regulation or some other bad scenario.
>"Deliberately exploiting a loophole to circumvent privacy controls is scummy behaviour"
If (scummy < creepy){console.log("film@11")};
else google = evil;
Tracking users is Google's core business. I'd be surprised if they were the only people who have figured out how to do this sort of thing.
Holding Google to some higher standard than other companies is naive at best. Its management has the same duties to the stockholders as any other company.
I'd like to thank Jonathan Mayer and others like him that go through code and find these secrets and then release them for the public good. You make a great difference.
I use Chromium. That way, I can read the code and still get a really good browser. My analysis is: they only send information back to Google when you explicitly request it.
(But what if Debian ships me a version of gcc that embeds secret tracking code into any version of Chromium I compile? Oh the fear, uncertainty, and doubt!)
I'm not sure how that (random) post shows it connects "just as frequently", but I just tried it with a new install of chromium. I picked bing as my default search engine and got no connections to a google server on startup.
In normal use, I think you will have to disable "use a web service to help resolve navigation errors" and "enable phishing and malware protection" to prevent all connections, but I'm personally ok with those (and find them sufficiently well documented)
Sure, but you can easily delete the code that does that. The point of Chromium is not that it doesn't talk to Google. The point is that you can read the source code to determine exactly when it does, and you can edit the source code to ensure that it doesn't do anything you don't want it to.
Yes, that's hard, but that's the price of freedom. I appreciate that Google at least lets me choose how I want to use their code, where Apple and Microsoft make the decisions for me and never let me double-check them. (As it stands, I trust Google with my personal information and I think the places where Chrome/Chromium communicate with Google are appropriate and make my browsing experience better. But it's 100% fine if you don't feel the same way.)
Yes. I had originally mentioned, "I don't care because Google pays for my Internet connection and could spy on me anyway," but I edited it out because Google does not spy. :)
I think, rationally, I should be more afraid of what Google knows about me than a random person. I've used Google to search for things I wouldn't exactly want to bring up in a meeting with my coworkers. But I know what the procedures are for accessing personal information, and I trust my employer with my most private searches. (It takes a leap of faith to trust me on this, so I don't expect you to. But really, Google cares about privacy.)
When I worked at Bank of America, I always felt weird buying stuff with my Bank of America credit card because I knew someone at the company would have access to that information. But I don't feel that way when using Google Checkout / Google Wallet at all. I don't know why it is, but that's how I feel.
> My analysis is: they only send information back to Google when you explicitly request it.
your very shallow analysis.
they update the browser hourly. you do not have access to the build environment they use. and there's no authority linking the source you can read and the binary you allow google to install. so unless you build it yourself, not a valid argument.
and even if there's no evil doing in all that (i too believe there isn't. but again, only believe) there's still the issue of new features being added, and the bad defaults being to agree with all data sharing. So even if its all good, after each update you will be inadvertently sharing your information until you take time to review all settings.
And, there's also the cases when google simply decide agains some feature that may hurt them. They removed the options to not send referrer. it was added back several times. and removed again several times. first in command line argument, then hidden setting. when i stopped caring it was completely gone if not from compile time.
This makes me think that Google had ulterior motives when bundling flash with Chrome. Having the latest, most-secure version of flash is a win for Google, its users, and the web in general, but having flash installed allows for usage of flash cookies which can read your info across browser sessions -- info that they'd probably want.
To Chrome's credit, I believe it is the only browser that allows users to delete flash cookies.
Knowing that a large percent of the user base won't use it/know about it, maybe they include the ability to delete flash cookies so that later they can say, "you can opt out at any time!"
I've said this before, but for others who missed it, here's one of my crontab entries:
# Remove Flash cookies and everything to do with Flash,
# including left-over Flash files in /tmp
15 13 * * Wed /usr/bin/rm -rf /home/nick/.macromedia/Flash_Player/*
16 13 * * Wed /usr/bin/rm -rf /tmp/Flash*
You can delete Flash cookies and in fact all data that a site could use to track you in Safari, including plugin-related data, cache, etc.
Just go to the Privacy pref pane and click on Details under Cookies and other Web Site Data. For example, for kongregate.com, I see that I have Cache, Cookies, Plug-ins and Local Storage holding potential tracking data, and I can delete it all with one click.
"This tracking, discovered by Stanford researcher Jonathan Mayer, was a technical side-effect — probably an unintended side-effect — of a system that Google built to pass social personalization information (like, “your friend Suzy +1'ed this ad about candy”) from the google.com domain to the doubleclick.net domain."
edit: to be clear, whether or not is was an intended side effect, it is a side effect of a (potentially) legitimate use case (setting the value of +1-ing an ad aside).
Deliberately exploiting a loophole to circumvent privacy controls is scummy behaviour, the sort of thing you expect from the industry's bottom feeders, not from one of the biggest companies in the game and certainly on that professes some sort of conscience.
You can argue its not really evil but it's hard to say its not another step towards that, and this time it seems hard to suggest that it's contractors or some peripheral part of the company.