True, but Google is by far the most dangerous aggregation of personal information, and the topic of this conversation. It's also a company that spends a lot of effort telling people to trust them when that is clearly unjustified.
I think he's right. There's something terrible, here. Google services let us search/share/store data with an efficiency yet unseen at this scale. It's probably not that much of an exaggeration to say google is empowering humanity.
But doing so, it handles so much data about so much people that even with good will, it's a danger. How secret services and cops could not be interested in the huge amount of data magically made available by google services ? The aggregation itself is the danger - and the feature we all love.
I'm playing Devil's Advocate here, but why would I be worried about Google?
I search through Bing. My email is through Hotmail/Outlook. My online cloud sync is through Skydrive. Why am I cowering from Google any more than MS or anyone else that I give huge amounts of my data too?
Mostly because Google is a lot better at it and had far more sources of information about each individual to draw on, for example they have your search history, the history of all your browsing (via analytics), location history for users of maps on mobile, calendar, and email, and docs.
It doesn't take much to imagine what kind of dossier could be constructed on an individual from that data. Quite likely they do know more about many people than those people know about themselves. Of course this can be used beneficially, but it's also the exact information needed to manipulate people.
That is far more than any other service is able to aggregate, and Google's business is fundamentally about mining that data in a way that is not for other corporations.
But yes, the others are a problem too - just on an orders of magnitude lower scale than Google.
I am not. Google is only doing what it is forced to. I am activly searching for google alternatives. Ghostly app on iphone, ghostly for firefox, duckduck, but a good mail client? With easy encription? Not available...
Google isn't forced to rely on stockpiling personal data as a business model. It could create the exact private service that you are looking for, but it intentionally does not.
> It could create the exact private service that you are looking for, but it intentionally does not.
Most of Google's products are "webapp" equivalents to traditional desktop software. It is not possible to create webapps which are private against the webapp's host.
What you are essentially arguing is that Google ought to shut down its current business in favor of writing security-conscious desktop apps. The result would be that users would all jump ship to another provider, and then Google would go out of business and people on HN would be complaining that $NEW_COMPANY doesn't respect user privacy.
If you want to suggest a course of action that will improve user privacy, it must be one that users will actually be willing to support.
Google was perfectly capable of creating a secure browser and propagating it through all manner of mechanisms. There is no reason they couldn't do the same with a secure mail system, for that matter they could just deliver it as a chrome update and smoothly redirect people into it if they wanted to. There is absolutely no reason why users would 'all jump ship' to another provider.
All you are really saying is that Google exposes data to the government because its business model dictates that it put privacy below behavioral profiling it its list of priorities. That is not in dispute.
You are arguing that Google is incapable of solving this problem, whereas I think that a group of people as talented and resourceful as Google could solve it if they wanted to, but they aren't trying because they think their value is tied to the amount of personal data they collect, rather than what problems they solve for society.
Right now, this privacy problem is a serious one for society, and who is better positioned than Google to solve it?
> Google was perfectly capable of creating a secure
> browser and propagating it through all manner of
> mechanisms.
Google could easily create a secure email client. There's no need to, since Thunderbird already exists, but they could if they wanted to. That wouldn't help at all with the problem of email security.
> There is no reason they couldn't do the same with a
> secure mail system, for that matter they could just
> deliver it as a chrome update and smoothly redirect
> people into it if they wanted to.
What you're asking for is for Google to create its own proprietary communication protocol, then force all Chrome users to have it, then force Gmail users to use it. Can you imagine the reaction? Apart from flagrantly violating "don't be evil", it would lock out every alternative browser and prevent Gmail users from communicating with non-Gmail users. It would be XMPP->Hangouts all over again, except even worse because people actually use email.
And consider how the implementation would have to work. First, it would be available for only a handful of browsers, possibly even only Chrome. Obviously it would need to be equivalent-ish to POP3, so that no data remains on Google's servers, which means that users would only be able to check their mail from a single device. If they bought a smartphone, they'd have to choose which device to read mail on. If they bought a new computer, they'd lose access to their previously received mail.
There is no technical reason why Google could not create a secure messaging system. There are many many many social reasons.
> All you are really saying is that Google exposes data
> to the government because its business model dictates
> that it put privacy below behavioral profiling it its
> list of priorities. That is not in dispute.
Google exposes data to the government because it is headquartered in a country where laws require compliance with search warrants. In theory Google could choose to relocate all of its employees to Somalia to avoid warrants, but that seems impractical.
If a user wants their data to be truly private, then the implementation of that requires much more stringent privacy measures than most users are willing to put up with.
Your position appears to be that companies should not provide communication products for people who don't mind giving up a bit of privacy in exchange for a lot of convenience. That's not a reasonable position.
> whereas I think that a group of people as talented and
> resourceful as Google could solve it if they wanted to
This problem is not a technical problem, so no amount of technical expertise could solve it. You could set every single programmer in the world at solving this, but if their solution involves a user having to understand encryption keys then it would never be adopted.
Google could easily create a secure email client. There's no need to, since Thunderbird already exists, but they could if they wanted to. That wouldn't help at all with the problem of email security.
False. The problem is not whether or not secure email clients exist. The problem is that people don't use them. Google has massive strength in both marketing and usability that existing secure email clients do not have.
What you're asking for is for Google to create its own proprietary communication protocol, then force all Chrome users to have it, then force Gmail users to use it. Can you imagine the reaction? Apart from flagrantly violating "don't be evil", it would lock out every alternative browser and prevent Gmail users from communicating with non-Gmail users. It would be XMPP->Hangouts all over again, except even worse because people actually use email.
False. Nobody said that the protocol had to be proprietary. Nobody said Google couldn't also release it as an open source module that anyone could incorporate to their clients. Indeed these would be prerequisites for the security of the system to be audited.
Your position appears to be that companies should not provide communication products for people who don't mind giving up a bit of privacy in exchange for a lot of convenience. That's not a reasonable position.
Why not? If it's unreasonable, you should easily be able to say why. I think it's a question of priorities. After our collective experience with cigarettes, we no longer think it's reasonable for companies to peddle addictive substances. Why shouldn't our attitudes to corporate responsibility for privacy also develop?
Google exposes data to the government because it is headquartered in a country where laws require compliance with search warrants. In theory Google could choose to relocate all of its employees to Somalia to avoid warrants, but that seems impractical.
False. Google exposes data because of the law and because it has engineered systems to collect the data for it's own business purposes. Google can't control the first but it can control the second, therefore it is responsible for the outcome (as are the lawmakers and enforcers).
This problem is not a technical problem, so no amount of technical expertise could solve it. You could set every single programmer in the world at solving this, but if their solution involves a user having to understand encryption keys then it would never be adopted.
False. Usability and marketing problems can be solved with technical solitions. This is a large part of what Google does. There is no need for users to need to understand encryption keys in order to use encryption, otherwise we wouldn't have ecommerce today.