It's a rather unique perversion of a "Privacy Policy", as it has been pointed out: normal companies have a Privacy Policy for data you give to them in the course of using their app or site.
Google is now applying their "Privacy Policy" to everything they can possibly get to, anywhere on the Web; in other words, it applies to all the data they intend to take from us, whether we choose to give it up or not.
This is wholly unsurprising, given their track record of privacy before, as well as their cavalier attitude to copyright, scanning, and republication of every book in existence.
Do people expect that their publically posted data (like hackernews posts for example) are not scooped up by a multitude of bots whether or not it’s mentioned in the bots’ privacy policies?
I think there’s a big expectations gap between what people think should happen and what does actually happen.
Just because I post on publicly accessible websites does not mean I’m okay with random companies slurping up the information to use for their own purposes.
I've begun to realize that there is less and less value in the internet in recent months. Our participation, effort or value we're adding to the internet just trains AI and enriches companies through ads, and companies claim they own it or it is their moat (Reddit is a recent notable example of a company claiming that, but it applies to many, even if they don't claim it and just act it).
There is also less and less value in the information online. I was looking for technical info for a PC component and found articles on many fake AI generated tech "blogs", each stating the tech specs were wildly different. I mostly cannot use Google or Bing anymore when searching for technical facts - too much noise for how much signal they have. DuckDuckGo is a bit better because it crawls specific reputable sites rather than everything or worse - everything that is profitable.
There are massive expectation gaps like you mention. I think many internet users still expect that we are dealing with 2013 internet, but the reality is that the internet is perverted for profit very significantly in 2023. I'm not sure how usable it is for communication anymore. Probably still a little bit usable, but it's no 2013.
Yeah, truthfully, you guys are right. In the end, anything on the public Internet will get slurped up by a lot of shady, janky players. I've seen whole forums get mirrored onto some place in China for God-knows-what reason.
Google is, thankfully, operating in these USA and regulated by US law. And they're being somewhat up-front about their intentions. That's more I can say for 95% of the web crawlers active today.
> LLMs have more potential for weaponising personal information against us.
Doesn't follow from
> They will comply with anything requested in the prompt.
LLMs are impressive in how they are able to produce plausible sentences, but they don't actually bring any new data correlating or collecting capabilities to the table.
I wonder if Gmail data is considered publicly available, given that Google has argued in court that “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.”
If so, how long before we can put something like “Jack Smith lives at:” or “Jane Smith has a health condition:” into Bard and it will democratize doxxing for us?
It’s very important to know where the creepy line Google doesn’t cross is these days. Is publicly available everything that the user communicates to someone else (shared files, photos, sent emails)? Is it what’s on the hypertext internet (in that case, the EULA is useless because you don’t sign Google’s EULA when you host websites unless you use Google Analytics)? Is all advertising data Google has on us considered public because it is already indirectly revealed to third parties through ad tools, or even all data Google has about us, period, because they said the expectation of privacy for that is unreasonable in court already.
I doubt that Gmail data is considered as publicly available. Access to it is probably restricted even to most Google employees. Or else we would have heard about such gaps, just like we heard of Amazon and Tesla employees access customer's audio/video data.
Ads data is fundamentally different, as it's derivative from user data.
But it doesn't necessarily have to be considered 'public data' for Google to be able to exploit it. Google uses opt-in by default for privacy settings and has a long track record of being misleading when it comes to privacy. I'm sure there's plenty of people out there who have unknowingly opted in to 'volunteering' their Gmail data or will soon be.
Google sucks, but that is mostly because their products suck.
The war for privacy is lost. If you want to be private online, you don't just log onto your computer, connect to a VPN, and install a new web browser... You need to buy an entire new computer, go to a public wifi spot with a full facemask and... oh you gave away your location.
Online privacy is a farce that pretending exists only puts people at risk.
Companies have billion dollar reasons for finding out who you are, and its not just for ads. Some want to prevent bad actors. Some want to prevent scraping. There are entire companies whos job it is to identify you. Are you, 1 person, able to beat a multi-million dollar company who's job it is to identify you? Oh and once you are identified once, you are added to some list which makes it easy to ID you in the future.
Well looks like the house is on fire. No sense trying to put it out now. Besides fire prevention doesn't stop fires so telling people fires are preventable is just putting them at risk.
"Naturally, Google collects data from your online activity, like the stuff you search for, the videos you watch, the things you buy, and the people you talk to, and the location data accessed through your Android mobile device. But "in some circumstances," it also collects information from "publicly accessible sources": If your name appears in a local newspaper article, for instance, Google may index the article and then share it with people searching for your name."
The first swathe is why I try to practice as much online privacy hygiene as I can. The second I why I'm fine with a relatively common name.
Has anyone been able to determine the exact bounds of what "publicly available" means? The previous two comment discussions on this topic have devolved into arguments on ethics, and not really answered that question. All I was able to determine was, some people consider "public" to be outward-facing (I.e., something like Gmail would not be used for training), whereas others claim that anything that is not e2ee will be considered "public". That's no real help.
27 comments
[ 3.4 ms ] story [ 71.9 ms ] threadGoogle is now applying their "Privacy Policy" to everything they can possibly get to, anywhere on the Web; in other words, it applies to all the data they intend to take from us, whether we choose to give it up or not.
This is wholly unsurprising, given their track record of privacy before, as well as their cavalier attitude to copyright, scanning, and republication of every book in existence.
Just because I post on publicly accessible websites does not mean I’m okay with random companies slurping up the information to use for their own purposes.
There is also less and less value in the information online. I was looking for technical info for a PC component and found articles on many fake AI generated tech "blogs", each stating the tech specs were wildly different. I mostly cannot use Google or Bing anymore when searching for technical facts - too much noise for how much signal they have. DuckDuckGo is a bit better because it crawls specific reputable sites rather than everything or worse - everything that is profitable.
There are massive expectation gaps like you mention. I think many internet users still expect that we are dealing with 2013 internet, but the reality is that the internet is perverted for profit very significantly in 2023. I'm not sure how usable it is for communication anymore. Probably still a little bit usable, but it's no 2013.
Google is, thankfully, operating in these USA and regulated by US law. And they're being somewhat up-front about their intentions. That's more I can say for 95% of the web crawlers active today.
It’s really hard to make the case here that there is anything new happening here.
Just the chickens of decades of not engaging with the topic coming home to roost.
LLMs have more potential for weaponising personal information against us. They will comply with anything requested in the prompt.
Doesn't follow from
> They will comply with anything requested in the prompt.
LLMs are impressive in how they are able to produce plausible sentences, but they don't actually bring any new data correlating or collecting capabilities to the table.
If so, how long before we can put something like “Jack Smith lives at:” or “Jane Smith has a health condition:” into Bard and it will democratize doxxing for us?
It’s very important to know where the creepy line Google doesn’t cross is these days. Is publicly available everything that the user communicates to someone else (shared files, photos, sent emails)? Is it what’s on the hypertext internet (in that case, the EULA is useless because you don’t sign Google’s EULA when you host websites unless you use Google Analytics)? Is all advertising data Google has on us considered public because it is already indirectly revealed to third parties through ad tools, or even all data Google has about us, period, because they said the expectation of privacy for that is unreasonable in court already.
There needs to be more clarity in these articles.
Ads data is fundamentally different, as it's derivative from user data.
ie. "Given a world X is true, I would expect to see Y. Since I don't see Y, that's at least weak evidence that X may not be true."
There are of course plenty of other reasons why you wouldn't see Y, but it's at least some kind of signal.
https://arxiv.org/pdf/2305.17493.pdf
The war for privacy is lost. If you want to be private online, you don't just log onto your computer, connect to a VPN, and install a new web browser... You need to buy an entire new computer, go to a public wifi spot with a full facemask and... oh you gave away your location.
Online privacy is a farce that pretending exists only puts people at risk.
Companies have billion dollar reasons for finding out who you are, and its not just for ads. Some want to prevent bad actors. Some want to prevent scraping. There are entire companies whos job it is to identify you. Are you, 1 person, able to beat a multi-million dollar company who's job it is to identify you? Oh and once you are identified once, you are added to some list which makes it easy to ID you in the future.
The first swathe is why I try to practice as much online privacy hygiene as I can. The second I why I'm fine with a relatively common name.