Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I didn't get far with this because it wants access to my entire Google Drive, which I declined. Credit to Google for even offering the chance to say "no", I suppose.

Why does it need that?



Opal isn’t just peeking at Drive, it’s using it as its backend. Outputs get saved as Drive files so they persist, can be shared, and open in Docs, etc

The gotcha is the permission scope can be pretty broad (read/write or metadata across Drive), so it’s worth checking what you actually granted.


So you trust Google with the data in your google drive, but you don't trust Google (Opal Team) with the data in your drive?

They need a place to store data, Google Drive is a place for that. Have you used NotebookLM or such which do the same sort of thing?


So you trust Google with the data in your google drive, but you don't trust Google (Opal Team) with the data in your drive?

Yes.

More specifically, I trust Google not to use my files to train its AI if I haven't given permission, but I don't trust Google not to use Opal as a way to get me to give them permission without realising.


How do I even know this is a real Google product? Okay I’ll trust the domain (hopefully it’s not googIe.com). How do I know it has no vulnerabilities? Google is a massive company. There’s a big difference between trusting an established team vs. whoever this team is.

Expecting permissions to my entire Google Drive is ridiculous. Yes, I tried not granting that permission (and only granting permission to an app-specific path) and it specifically told me I have to grant full permission . I closed the tab.


>How do I even know this is a real Google product? Okay I’ll trust the domain

it is not even the expected opal.google.com it is opal.google, you need to be 100% sure beforehand that google has the sole rights to the .google tld (which an average person wouldn't know)

The behavior also seems sketchy with it asking for permission but then rejecting any usage if all of the permissions are not approved (why even ask then, you are google)

after re-finding the link through a confirmed subdomain.google.com site I tried to sign in and got this error

``` An unexpected signin error occured.Error checking geo access ```

so I gave up


I didn’t even notice the TLD, wow that makes it even worse. Funny thing is I don’t actually have anything in my Gdrive. It’s just the principle that irks me.


Select what Opal can access

- "See and download all your Google Drive files."


I tried de-selecting that, and it told me to re-login and enable that setting.


The Google drive is also hosted by Google on Google's servers. They already have access to everything in there.


I think the concern is that this might somehow enable a privacy policy they weren't aware of that permits training over the entire Drive. However, I think the primary reason for this is that these products generally would like to store data on the user's Google Drive but Google Drive doesn't have super granular permission structure to be able to set up a partitioned directory for the app alone. I actually think that might be a good thing to work on next?


That was my concern too. However, the provided links to both the ToS and privacy policy were the standard Google ones (https://policies.google.com/terms), so it seems not to be giving Opal special privileges to read/train on Drive data.


It wants to add it to the training set ... (guess)




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: