this post was submitted on 03 Jun 2024
172 points (96.2% liked)

Privacy

32159 readers
438 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Not a surprise but man

top 18 comments
sorted by: hot top controversial new old
[–] [email protected] 48 points 5 months ago (1 children)

It sounds like someone got ahold of a 6 year old copy of Google's risk register. Based on my reading of the article it sounds like Google has a robust process for identifying, prioritizing, and resolving risks that are identified internally. This is not only necessary for an organization their size, but is also indicative of a risk culture that incentivizes self reporting risks.

In contrast, I'd point to an organization like Boeing, which has recently been shown to have provided incentives to the opposite effect - prioritizing throughput over safety.

If the author had found a number of issues that were identified 6+ years ago and were still shown to be persistent within the environment, that might be some cause for alarm. But, per the reporting, it seems that when a bug, misconfiguration, or other type of risk is identified internally, Google takes steps to resolve the issue, and does so at a pace commensurate with the level of risk that the issue creates for the business.

Bottom line, while I have no doubt that the author of this article was well-intentioned, their lack of experience in information security / risk management seems obvious, and ultimately this article poses a number of questions that are shown to have innocuous answers.

[–] [email protected] -3 points 5 months ago (2 children)

commensurate - adjective - corresponding in size or degree or extent

[–] [email protected] 8 points 5 months ago
[–] [email protected] 4 points 5 months ago (1 children)
[–] [email protected] 4 points 5 months ago
[–] [email protected] 20 points 5 months ago* (last edited 5 months ago) (5 children)

I hate google as much as the next guy but this seems like just a bunch of minor incidents not worth reporting instead of a major coverup (like imo the title of the article implies).

[–] [email protected] 9 points 5 months ago

That sounds like a bug tracker where stuff reports things that shouldn't have happened.

[–] [email protected] 7 points 5 months ago (1 children)

Mmmm…. I think the title may be a bit strongly worded, but the concept that a big data company like Google isn’t doing what you expect them to be doing with your data…. Despite clear efforts to do so… that’s kind of concerning.

Like it’s cool that they have this DB and that things like this are getting fixed, it might be nice if they were more transparent about this… but it seems like they’re trying. And yet, so many privacy issues crop up due to the shear quantity and variety of data they process.

[–] [email protected] 5 points 5 months ago

It’s a fine line. If they’re working on them reporting the issue before it’s resolved increases the risk somebody can use this as a kind of todo list of social and technical engineering weakpoints to get at other user data.

[–] [email protected] 6 points 5 months ago (2 children)

I don't fully agree with you. It's certainly no major coverup but it's a heap of evidence that goes against this shiny veneer google maintains with the public

Google pretends they are champions of user privacy and protection to maintain trust and enable data collection on an unprecedented scale

When this article shows they are actually leaking private info left right and center, have the most nonchalant attitude towards respecting and maintaining our privacy and evidently 'keeping private info safe' (or should I say 'not being evil') is at the bottom of their priority list

[–] [email protected] 2 points 5 months ago (1 children)

I thought they got rid of that from the list altogether when they realized they couldn’t not be evil while simultaneously maximizing profits

[–] realbadat 3 points 5 months ago

Not really. It's gone from the alphabet handbook, not Google's.

Which was a hilarious bit for me recently with a guy saying "I HAVE THE HANDBOK FOR GOOGLE" and getting all upset despite my repeatedly pointing out that it was removed for alphabet, which is a different company.

It also got moved around in the Google handbook a bit. Still exists though.

[–] [email protected] 0 points 5 months ago

Yeah or basically all data is a risk, no matter how private the company claims to be

[–] [email protected] 5 points 5 months ago

bunch of minor incidents not worth reporting

That the personal data of millions of people are leaked is newsworthy, even more so if it was hidden from the victims.

[–] [email protected] 1 points 5 months ago

Or just the tip of the iceberg of a larger, more systemic problem within the organization. Wild your default position is to assume Google is doing all the right things when we have a long history of the company being shady af and lying about it.

[–] [email protected] 8 points 5 months ago

I think some of ypu are missing the broader takeaway from this release of information and the article. It's not supposed to be some slam dunk hit piece that finally exposes Google as an evil and irresponsible company, but rather a showcase of what can sometimes happen to our data behind the scenes without our knowledge.

Big tech companies like Google want us to think that we can trust them to look after anything we put online, but the reality is that you can never be 100% sure that your data will be kept private and/or secure. Mistakes, bugs and unexpected circumstances can always arise. It is a good reminder to always think about what you're doing online and whether you really need to be doing it.

[–] [email protected] 5 points 5 months ago (1 children)

Sign up for free access to this post Free members get access to posts like this one along with an email round-up of our week's stories.