Comment by thu2111
6 years ago
Well, I'm an ex employee. Actually nothing has changed inside the company. "Tracking" as you put it isn't perceived as evil, it never has been, and for good reasons. The only thing that's changed is people's perception of the company and - very recent post 2016 political issues aside - that was mostly driven by a sustained campaign by an angry media industry that wanted money (see: link taxes).
Firstly, if tracking usage statistics or activity was actually evil then everyone would hate it, desperately try to stop it and have tons of stories about the horrors of it.
In fact what Google sees is:
1. Web apps are extremely popular although they all keep server side logs that reveal every button click, every message you type, every email you send, every search you do. Users routinely migrate from thick client apps that give great privacy to web apps that give none whatsoever without batting an eye.
Hacker News readers in particular should understand this. It's overrun with Silicon Valley types who build their entire livelihoods around "let me run this program for you as a service". There's nothing special about Google in this regard. The entire software industry has moved away from privacy in the last 20 years because ...
2. Users rarely if ever use privacy features when they're provided, even when they're heavily promoted. In fact, despite all the noise, hardly anyone cares. For the vast majority convenience wins over privacy every time. But not just convenience, also ...
3. Security trumps privacy. People say they like privacy, but they hate getting hacked and tend to blame the service provider if it happens. They have very little patience for explanations of the form "yes this attacker was obviously not you and yes we had enough data to know that, but we didn't use any of it ... for your own good!"
4. Users can't and won't give accurate feedback about what they value or what their actual experience of using an app is like. This means A/B testing is critical to avoid making bad business decisions. The heavy reliance on experiments and data driven decision making is one reason tech firms tend to steamroller their legacy competitors.
Google hasn't become evil over time. It's been doing A/B tests, keeping server logs and writing unused privacy features since the company first began. All that's changed is it got big and rich, so people - rightly - started to think about its power more. But the hypocrisy is strong. The world is full of companies collecting and using data for the benefit of their customers. It's really only Google and Facebook that get the vitriol.
Most people use default settings and have no idea about the software they are using at all. "everyone would hate it" assumes people know about these things, but they do not. Don't use this as a point.
ad 3), you make it sound as if it was one xor the other. This is sometimes the case to some degree (like checking urls for phishing sites), but far from always.
ad 4), it is not my problem as a user that you have trouble doing tests. If you need information for your business, then spend the money and effort to acquire it. Do not abuse your users without care. Your business case is not more important than people's privacy. And if others do this to gain an advantage over your business, don't whine, sue them.
When I was involved in user tests we had a lot of trouble due to our ethical concerns, but we did not consider dropping these concerns.
edit: I may add that I'm German. We were taught about the value of privacy in our history. "boring statistics about religion" led to the murder of hundreds of thousands of Jews. Disregard for privacy led to the atrocious human rights violations in Eastern Germany. I cannot understand why Americans, who explained this to us Germans after WW2, apparently forgot all about the _reason_ for privacy.
>hundreds of thousands
Millions.
"everyone would hate it" assumes people know about these things
It's based on direct experience of these tradeoffs.
Firstly, yes, people accept the defaults most of the time. They expect those defaults to be convenient and secure. But even when forced to click through screens that literally won't let them proceed until they consider their privacy settings, they don't care and routinely opt in to data sharing because it's more convenient.
Believe me, Google has tried everything in this space. Every combination of popup, click through, interstitial, notification, endless usability studies. Everything. New products that use user data in clever ways get instant uptake on the order of hundreds of millions of users with virtually no promotion at all. Privacy-oriented features get nearly none despite heavier promotion. To the extent people don't know about privacy settings it's because they do not care.
I know this goes against the tech industry zeitgeist or groupthink. It's unpopular to spell this out, but that's why it's important to do so. Way too many companies and engineers are working on dead-end privacy projects that address an imaginary market demand.
you make it sound as if it was one xor the other. This is sometimes the case to some degree (like checking urls for phishing sites), but far from always.
It's not 100% always, but it's hard to come up with cases where privacy and security aren't in tension.
For instance, one of the reasons you can't build truly end to end encrypted consumer services is people don't want to swap public keys. It's more hassle and nobody has it, so every end-to-end encrypted service has a big central key directory ... which makes the encryption pointless, as the service can still decrypt conversations on demand. That's not the only problem but it's a big one.
Another problem is people expect password reset. You can't build a service without password reset or else you'll have an angry mob at your door demanding their accounts back. If you say, sorry, there's no password reset because the data is all encrypted and we can't get it back then you'll lose your market position. Hence why iPhone backups are unencrypted.
It's not hopeless. Google get the most pressure on these topics so they've been coming up with some of the best solutions. Their Titan architecture is quite innovative in this space, although we'll see what happens when people realise "I forgot my PIN, please verify my identity some other way" doesn't work anymore.
And if others do this to gain an advantage over your business, don't whine, sue them.
I'm afraid this is extremely naive. There is nothing illegal about running user tests, server logging and gathering metrics. And don't talk about GDPR to me. It's a meaningless law that is so badly drafted it affects nothing. You can do basically anything if it's justified by a genuine business need, and understanding customers is an absolute need of any business.
But if the EU under German direction decides to interpret the GDPR such that it bans making convenient and secure software, then so what? America crushes the EU in the software business already. It will simply extend its lead. American startups will learn "don't open offices in Europe and you're OK" and so the EU will continue to degrade its own economy, continue to have no tech startups of note and the USA's more sensible approach to privacy will continue to be the only one that matters.
"boring statistics about religion" led to the murder of hundreds of thousands of Jews.
At the risk of going full Godwin on this thread, that's a severe mis-understanding of your own history. No wonder Germans have such strange approaches to internet privacy if that's what you're being taught. Americans haven't "forgotten" the reasons for wanting privacy, they just don't think spreadsheets were relevant to what happened. And BTW I'm not American.
So: Nazi-ism wasn't enabled by the collection of statistics. They would have hunted down and eradicated groups of people all the same. We know this because communists hunted down threw huge numbers of anti-communists into concentration camps, although being anti-communist isn't a birth trait and that fact existed in no statistical databases. They didn't need Big Data because they had a large network of ideologically motivated informers and collaborators instead: just like Hitler did.
Finally, I'll say that going from "Google runs A/B tests to learn if a new feature is popular" straight to "sue anyone who does this because they're directly leading to Jew murder" is really quite offensive and shows no sense of proportion. Google is not enabling the Third Reich. It's just doing what any boring old city shop does when they experiment with putting different items on sale, or experiment with different layouts of the stores. The fact that it's online changes nothing.
I think it's key that I never see any kind of comparative behavior. Does Amazon do this, does Facebook do this, do private platforms do this? How does this compare to tracking done by apps? Based on my experience and knowledge, Google falls on the ethical side of the spectrum among its peers.
I get ads from Microsoft now (in app in some cases, other free services). I know this is a Mac/Linux heavy forum, but I would also love to see how this tracks with Windows telemetry (to the point made about security). I am sure that every Windows 10 install has higher fidelity fingerprinting sent with telemetry.
What has changed is how easily people can be manipulated on social media and how they can be programmatically orchestrated with much less effort than before 2000-2005.
Your points are sound, but I'm puzzled by your last line:
>It's really only Google and Facebook that get the vitriol.
The way I read it, it seems as though it's unfair that they get away with doing questionable stuff when "others do worse". Why yes, if you have nefarious intentions but no power to act them out, people are going to throw less "vitriol" at you than if you do act them out.
Thats right. Is google the most evil? Well, no, I really don't think so. But they exert a lot of evil to the world because of their size, power and ubiquity more than others. Same with Facebook and Amazon.
I always keep in mind the motto Google carried when they stepped in: "Do no evil". I used to love Google back then, but they were something else.
They killed good products that people loved, they abused their trust, they are what they are not because they keep on innovating but because of their current size. They killed a lot of small fries who in aggregate could have given us a lot more value.
What I mean is that offline businesses have been running experiments to see what works forever. They run a billboard campaign in city X and run a slightly different one in city T to compare the results. They count customers as they come through the door. They issue loyalty cards that people sign up for in their millions, making a special effort to share data with giant supermarkets because they're (effectively) given a share of the resulting revenue increase.
Nobody cares or talks about any of these things. But when Google does the online equivalents, it's suddenly the next coming of Hitler (literally, look at the comment I replied to above!).
This isn't really proportionate, it doesn't make sense, and it's quite offensive to people who work or used to work at these firms.
> 1. Web apps are extremely popular although they all keep server side logs that reveal every button click, every message you type, every email you send, every search you do. Users routinely migrate from thick client apps that give great privacy to web apps that give none whatsoever without batting an eye.
I think people here might be shocked at the amount of surveillance going on in the most basic web apps. Lots of telemetry like you describe and other ambient data is being captured all as part of the terms and agreements you probably clicked through with the website. Google is not alone in this.
So, Google (And others) are evil, but because customers don't value privacy until it's too late, it's okay to abuse them for profit?
You aren't ethical if you only act ethically when you are forced to.
You have good points.
You have to be diligent in your efforts to show that Google is actually doing wrong before accusing them.
If you don't -- you're playing into the hands of their rivals, especially "old" media companies.