21 comments

[ 2.4 ms ] story [ 35.1 ms ] thread
What I find interesting about this article is that the author is the founder of Cloudera. Cloudera was one of the pioneers of the Hadoop ecosystem (and de facto data lake movements).

For the uninitiated, data lakes are used to centralize vast quantities of data - often consumer data - usually by large organizations and governments to provide insights and inform decisions within the organization. Some call this surveillance capitalism.

Cloudera IPO'd somewhere around $2B and was taken private in a deal led by KKR for around $5B.

my neighbor said he recently plugged in his iPhone to a PC while logged in to his Google account in the browser, and all his iPhone contacts were imported into GMail contacts.. is this possible? the contacts are now in Google GMail, and he did not affirmatively consent at any stage, is the story.
Sure are a lot of leaps of logic in here.
I believe the location tracking is necessary for apps that are trying to detect the default/config access point that many devices spawn for setup. As I understand it, because wifi AP name awareness is approximately equal to location knowledge, wifi control requires a location information grant. It doesn't forgive the crummy design that implies (what about providing an allowlist of AP masks that can be scanned for?), but there is another side to the coin of "please give us location access so we can spy on you" in that uses that AREN'T for spying still require the same prompt for permission.

I wouldn't say /never/ attribute to malice anywhere we're in the vicinity of an an enormous data actor with a not-great track record, but probably at least /even/ are the number of cases of privacy violation attributable to maliciousness vs. terrible design that is either excessively encumbered or insufficiently granular.

I'm perfectly happy for Acme Random App to scan for `pps-setup-wifi-**` at one time, but not all wifi networks forever.

Google requested access to all the friends pictures? Or is that just the limits of Android permission?

GrapheneOS has storage scopes that get between app and OS to be able to do what the author wants: only let the app know of the existence of specific files, not entire libraries.

Curious to get HN's take on this. I was pretty surprised at Google a few days ago. A family member had recently passed away, and so I Googled ("funeral homes <location>") in incognito on Google Chrome (I suppose it felt a bit sensitive and I didn't want my Google account associated with it). A few minutes later I opened up Google Maps on my phone (different device, but logged into my Google account) and there were a few ads for funeral homes (they looked like squares and were highlighted).

Obviously, this is technically feasible: I was on my home internet (both computer & phone), and presumably there are <5 accounts that share this IP address. So when I search, they ~know who I am, and so therefore could serve me ads when I'm logged in. But I was still surprised that Google would do it — I guess I would've thought that Google would drop incognito mode requests and not use them for ad targeting. (Since, well... it is quite trust destructive.)

Does anybody know if Google is doing this intentionally? It seems like this is pretty value destructive for them long-term? Or... am I just being paranoid and this is just a frequency illusion?

(comment deleted)
The good thing is that they are largely a consumer company, which means they are sensitive to consumer sentiment. No users, no ad revenue.
I've always wondered why we can't just re-create a product in its original form. The original Dropcams from 2014, along with their app, had a far superior user experience to anything available today.
Full disclosure: I'm a Google employee, but not in the areas mentioned in the article. This is my personal opinion.

Regarding the Nest thing: I don't think those devices stop working completely if you don't enable location sharing for the "home and away" feature. It might be bad UI that made the user think that this is the case?

Regarding photo sharing: I think that permission is necessary to show a "photo picker" inside the app that allows the user to pick and choose which photos to upload. I'm not quite sure what the alternative would look like: "he can identify specific pictures in his library and grant access to just those" --> How exactly would that work without the app having access to the pictures? Also, does the author believe the app would then secretly analyze all pictures and send content back to the mothership without the user's consent? Again, this might be a communication/UX issue...

Instead of writing a blog post or throwing away a working device, I would have just removed the location permission after updating the wifi...
It seems I’m not the only one who feels that Google’s ad tracking has improved a lot — to the point where it makes me a bit nervous. A few days ago, I searched for a medicine just once using Firefox’s private mode, and now both Google search ads and YouTube ads are filled with related topics. Maybe I need to reset all my Google ad tracking IDs and stop using Google for anything sensitive.
> I acknowledge, by the way, that I use Google services to run my vanity domain, including my web site and mail server. It's a hassle to move all that, but one I am ever nearer to taking on.

> And a final response is for the engineers who work for these big tech companies simply to refuse to build systems that work this way. If you're at Google, you have agency – you decide what code you write. Yeah, I know: "No" might get you fired. But there are other jobs.

Am I to understand that it’s too much of a hassle to move domains but not to change jobs (after being fired, no less)?

Just to un-spin this a bit...

> As part of [a Nest update], Google demanded that I allow the app to track her location at all times, whether the app was active or not. The stated rationale was that it would allow Google to manage devices in her home

The app requests the permission via the normal mechanisms any app uses; it doesn't "demand" it. And you don't have to allow it (and of course can turn it off at any time by going to the app's permissions settings). If you don't, it will indeed pop up a warning that it can't enable the home-occupancy-detection feature, and direct you where you need to go to disable that in settings.

Contra the confused language in the article, Nest hardware works just fine if you disable that feature, though obviously it's a pretty useful feature to enable.

(And yes, I work there, but nowhere near Nest stuff. I do own one though.)

Expecting engineers to refuse and get themselves fired or even finding another job is not good advice at all. It would be far better advice for people with like minds remain in a company like Google and collect data, share knowledge or information, and maybe even just not make certain improvements, etc. it is always far better to have someone on the inside than not. This self-righteousness of refusing to do something in a system that will hardly notice your protest for more than a day, is utterly foolish. These organizations need to be infiltrated and smartly, using intelligent methods report what is going on. This monster cannot be slayed from the outside and time is running out before tech companies totally remove the human threat vector from the system.
> Larry and Sergey said the company's motto was "Don't be evil." I believed them!

Yes I believed it too back then, and I reckon Larry and Sergey did too.

Whenever I am reminded of this failed motto I can't help but wonder if Larry and Sergey are disturbed by nightmares.

> What do we do to fight it?

Switch to Apple, a.k.a Not an Ad Company.

I had the same train of thought when I moved from Android to iOS, back when Google killed off App Ops. It was incredibly suspicious of Google to remove a tool that lets you take away a permission that an app autogranted itself upon install.
Get in touch with a professional hacker ( tech ) to help hack your cell phone. Trusted and verified with quick responds and legit services. They offer services like (Cell phone hack , GPS tracker, Delete criminal records, Retrieve wallet, Retrieve Gm ail, face book, whatsApp, photos and many more...), All these services are done remotely, distance is not a barrier. You can reach out with them on ( Techspymax @ gm ail c om ).