Privacy Advocates Slam Google Drive's Privacy Policies

DJRumpy writes "Privacy advocates voiced strong concerns this week over how data stored on Google Drive may be used during and after customers are actively engaged in using the cloud service. While the TOS for Dropbox and Microsoft both state they will use your data only as far as is necessary to provide the service you have requested, Google goes a bit farther: 'Google's terms of use say: "You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content."'

Google's motivation

[bonch]

Google's motivation, in all that it does, is to index your data an sell you to advertisers. Advertisers are the customers, and you are the product. Android, Gmail, the search engine, Google Drive, Google+, and so on--they all exist solely to index people's data and serve them ads. 96% of Google's revenue comes from advertising. It is their core business.

In fact, that's not actually bad in and of itself, up to the point where it crosses into creepy territory, like in this case. Just by uploading your personal files, you are licensing them to Google to do whatever they want with them. And not just Google--note the parenthetical "(and those we work with)". So you don't even know who is going to be using your personal data. I mean, these policies actually give Google and other strangers the right to publicly display and distribute your files. One wonders if that absolves them from any consequences from security intrusions too, since a hacker getting hold of your files that would count as publicly distributing them, even if accidentally.

I've never bought into the image of benevolence Google always presents to the public, and that's cost me Slashdot karma over the years, but I don't care. It will be very interesting to see who defends this. It would be difficult not to see them as sellouts of themselves, all too happy to trash their own privacy rights, eager to please the advertising megacorp and defend them from attack. Wake up!

Re:Google's motivation

[MetalliQaZ]

They don't sell your data to customers, that would be illegal. They look at your data and use it to build a description of your personality and then they sell the fact that they know your personality to advertisers.

Doesn't explain why they need rights to distribute and create derivative works.

Re:Google's motivation

Who ever is modding you troll needs to get their heads checked. modded you +1 insightful

Re:Google's motivation

Not sure why this was modded down as a troll. But then i have noticed that people are oddly afraid to be given the truth.

Re:Google's motivation

[Bobakitoo]

Doesn't explain why they need rights to distribute and create derivative works.

Creating a thumbnail or a document preview would constitute a derivative work. Displaying it on your browser would be distribution.

Re:Google's motivation

Maybe it's your tagline that's costing you karma.

Re:Google's motivation

Because you have the option to share your documents publicly. Creating and sharing a really popular document might warrant automatic translation by Google into other languages so that other regions, too, can read your public document. That translation is an example of Google creating and distributing a derivative work.

Re:Google's motivation

[lister+king+of+smeg]

only on slashdot can you get modded -1 insightful.

Re:Google's motivation

[chrb]

Doesn't explain why they need rights to distribute and create derivative works.

Content sharing is distribution. Content preview is a derivative work. Skydrive and Dropbox both require exactly the same rights.

Re:Google's motivation

[AngryDeuce]

To be honest, I think anyone that thinks "The Cloud" is secure in any way, shape, or form is an idiot.

Doesn't much matter who's fucking 'cloud' it is, it's just common sense. If you put data on the internet, you're taking a risk in that data being seen by someone else. This is not a new concept.

That's why the privacy hysteria concerning these cloud storage providers cracks me up. Of course there's a risk in doing so. There's a risk in connecting a computer to the internet at all. If that risk isn't a factor in the decision making process of the end user, that's their own fault.

If you want to lock your data in a vault, go rent a fucking vault...but let's not pretend that a person should have any reasonable expectation of a risk-free cloud storage solution. Not gonna happen, not in our lifetimes. We still can't seem to not use passwords like '123456' or 'abcdefg' for fuck's sake. You think there isn't some moron at Google or Dropbox or Skydrive or whoever the fuck that's not doing the exact same shit? Come on, now, people.

Re:Google's motivation

[NeutronCowboy]

That's exactly right. Not sure what the privacy advocates are complaining about. Pretty much everything listed in there is required to have a functioning and useful cloud service. As others have pointed out, the policies for MS and Dropbox are almost identical in the relevant parts - they are the equivalent of legal boilerplate. Now, there is some wiggle room here indeed for things to show up in ads, but I can guarantee you that that would result in a huge outcry - kinda like what Facebook experienced when people's profile pictures started showing up in ads. Google might do something that stupid, but in the meantime, even something as weird as "publicly display" might be necessary to run their service. For example, what if I want to set permissions in my google drive to public, or even to something my friends can access? You know, like some real cloud storage? Bam, public display.

So again, privacy advocates are barking up the wrong tree. They shouldn't be talking about Google's privacy policies, but about what it means to live in a world where everyone is potentially connected to everyone else - and this time, literally? There are some huge implications here that we're not used to dealing with.

Personally, I'm approaching this sharing business cautiously. Everything is filtered to friends I actually know in meat space. And if I don't know them, hello pseudonymous handle.

Re:Google's motivation

[TheCarp]

Your right it doesn't, the only reason for that is so they can sell their derivitve of your data to their customers.

Re:Google's motivation

[flappinbooger]

Not sure I'm going to use gdrive yet. or at all, not sure about those terms and conditions.

After all, I have 10+ GB free on dropbox, 6+ gb free on sugarsync, 50 gb free on box.net (when they had a special promo a few months back) and 25 gb free on skydrive (not really using). I think it's neat-o that gdrive exists we've been waiting for it for years.

Seems like it's a little late in the game for one thing and, as has been said, a little "creepy" T+C.

Re:Google's motivation

[Caratted]

Well it has been mentioned a fair number of times, but Dropbox and alternatives require you to agree to essentially identical TOS.

The thumbnail preview of your publicly hosted image is a derivitive. They're not selling your files to customers, the outcry would be massive from these same advocates. Since there is nothing new to cry about, they're rehashing old arguments that have been thoroughly explained and justified, with regards to a hosted cloud service.

Re:Google's motivation

[gl4ss]

..well.. for starters, they're asking for more rights than you usually as a content buyer have.

got an mp3? pretty certain even if you bought it legally that you don't have the right to publicly "perform" it(thanks artist associations and your monopolies!).

they're wording it as a worldwide license for them and their partners to publicly display your data and you're asking why the privacy orgs are barking at them?? wth?? note that they could word the whole service so that it's you who are serving the things to whoever you want by using their service instead of this way of them doing everything.

also I would think this to be a bad choice that opens them to lawsuits, since it's now _google_ doing the re-publishing of the file worldwide if you distribute an illegal mp3 through them.

Re:Google's motivation

[msauve]

They need to explain it better/more fully. As it reads, you give them those rights independent of any particular service-related need. Per the terms, they could publish your content even it that weren't your intent. If they said something like "If you use the service to share content with others, you give Google the rights necessary to provide that service. You give Google the right to copy your content for reasonable and customary purposes (such as making backups, or moving content between servers)." (IANAL, there's undoubtedly a better way to phrase it, but that's the concept)

Re:Google's motivation

[elashish14]

Well it would probably help if they would be more specific about it. I haven't read the TOS myself, but if they said something like 'creating a derivative work for the purpose of displaying thumbnails,' or something more general, but not quite 'we can do whatever we want with it,' that would ease my mind a lot.

Re:Google's motivation

[archont]

Joke's on them. I'm a deadbeat. What kind of product or service would you want to market to someone who doesn't have the money to buy anything?

Re:Google's motivation

[NeutronCowboy]

(IANAL, there's undoubtedly a better way to phrase it, but that's the concept)

And because you're not a lawyer, you haven't come across these types of agreements. Welcome to the world of contracts and legal terms of service. You specify everything under the sun, because if you don't mention it in a contract, it doesn't exist. And legalese is legalese because lawyers are assholes and will nail you for any omission, inconsistency or inaccuracy.

Re:Google's motivation

[Anonymous+Brave+Guy]

They need to explain it better/more fully.

Unfortunately, their explanation seems to be perfectly clear. As you say, it includes no restrictions on use nor any guarantee of any sort security whatsoever. I expect that the objecting privacy advocates are thinking much the same thing as me: it is implausible that an organisation like Google, which has an army of lawyers and just pushed through a fairly controversial change to its privacy policies elsewhere a few weeks ago, claimed these extra powers anything other than deliberately.

Re:Google's motivation

[triceice]

Google does this because the average user does not care. I think this is problem and lots of technology smart people also view it as a problem. But Google is not implementing those privacy polices without an understanding of the needs of business and consumers. Their privacy polices are not that much different than the other file storage and sharing sites. (http://venturebeat.com/2012/04/26/google-drive-privacy/)

So the fervor is mostly about the fact that it is Google. And Google has a lot of access to our information via their very inclusive systems.

What we need to be more concerned about is an overall set of standards that reflect a way for people to get the best experience without providing too much personal information that will be used outside our control.

Re:Google's motivation

[NeutronCowboy]

..well.. for starters, they're asking for more rights than you usually as a content buyer have.

Congratulations. You just discovered that corporations have different rights from you, because they have an army of lawyers that can write, argue and rewrite any contract the corporation comes in touch with. You don't.

Since you clearly didn't catch the example I provided for why they need a worldwide license to publicly display your data, let me ask you this: assume you're building a company that stores user content, and allows users to provide access to said content to anyone they wish, including anonymous access. Think maybe flickr. How would you write it? And by the way, when you do come up with an answer, run it by your corporate counsel. If they don't laugh you out of the office, post it here. I suspect it will be remarkably similar to what Google has.

Re:Google's motivation

[TheGratefulNet]

if that's true, then let them ennumerate *exactly* the things they are going to do to your data. wildcard words are good for google but probably pretty bad for the users.

given how creepy this all is becoming, they should start off saying they won't use your data in any way other than X and Y and so on. spell it out and only the things ON the list are allowed. all else, by default would not be. you'd have to state this default disposition first, too.

I won't ever see that from google and so I refuse to use their services as much as I possibly can. (I can't fully not use their services since, when I try to block google domains, many of my other websites that have nothing to do with google stop working. order parts from mouser or digikey and disable google in adblock or noscript? you can't! the vendor goes out to googleapis for this and that. I can't stop that, sadly.)

if you understand what google is about and continue to feed it your data, hey, its your life and if you want to throw your privacy away for cheap isp or network use, that's your decision. I choose to avoid google as much as possible. I see what they are and I choose not to participate with such companies.

Re:Google's motivation

[ColdWetDog]

And legalese is legalese because lawyers are assholes and will nail you for any omission, inconsistency or inaccuracy.

Or erroneousness, mistakenness, fallaciousness, faultiness, inexactness, mistake, fallacy, slip, slip-up, oversight, fault, blunder, gaffe; erratum, solecism; informal howler, typo, blooper, goof,exception; deletion, cut, excision, elimination, erasure; gap, blank, or absence.

You didn't even really get started.

Re:Google's motivation

Exactly. The privacy policy needs to make it explicitly clear that you maintain ownership of ALL derivative works (not just the original) and that they may only distribute those all works (including derivatives) to you, through your account. I would also like a restriction on the kind of ways they can analyze the data, but those restrictions are kind of more difficult to nail down.

Re:Google's motivation

Hosting a video in YouTube would requires the right to publicly perform it. The copyright army has spent a LOT of money trying to educate people about what you are NOT allowed to put on YouTube because of this.

If you illegally share content, it's YOUR fault. Don't do it. Trying to blame it on the hosting service is disingenuous.

Re:Google's motivation

[dadorg]

The license says When you upload or otherwise submit content to our Services, you give Google (and those we work with).... This is not limiting them to documents designated, by the owner, to be public. Offering features to me and persons I decide to share with (thumbnails, etc.) is part of the service and not required to be allowed in the licensing agreement. They are giving themselves the right to publicly display and distribute everything. Translating, thumbnails, etc. are not modifying. Why would they need that right, in any of the services that they offer?

Re:Google's motivation

To be honest, I think anyone that thinks "The Cloud" is secure in any way, shape, or form is an idiot.

Doesn't much matter who's fucking 'cloud' it is, it's just common sense. If you put data on the internet, you're taking a risk in that data being seen by someone else. This is not a new concept...

Yes, you're right, that is not a new concept. Servers get hacked all the time. Stolen data is in the headlines every day.

The new concept that everyone is bitching about is the legal "theft" of your data, which is outlined on page 3,742 in the hardcopy version of the EULA. I found a copy once, in one of Google's old abandoned data centers. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.'

That's the issue. Trusting a cloud provider. Hell, I wouldn't be surprised if I uploaded a truecrypt volume that was absolutely unreadable to anyone but me if I started getting targeted ads for TrueCrypt...

Re:Google's motivation

Doesn't explain why they need rights to distribute and create derivative works.

You are the reason law in the USA is so fucked up.

Basically the only possible complaint against that is if you specifically plan to upload your documents to their service, click the "Make this file public" option and confirm, take the URL they provide you to share it with, and then when you give it to all your friends, you sue Google for distributing your work to those friends after you demanded they share your work.

Do you also plan to sue Google for presenting a thumbnail image of a picture you uploaded and also specifically made public??

If you don't plan to frivolously sue Google for doing what you ask them to do, then why are you even complaining that they must have your permission to share works you flag as public, when you go out of your way to tell them to share your works you flag as public?

Re:Google's motivation

[geminidomino]

Mouth-share.

Not sure what the real marketroid word is, but it's kind of like mindshare except you tell other people.

Re:Google's motivation

[Score+Whore]

Can you explain why they have exactly one license for all users and uses of their service? One person may well want to make a document public but another may not. Why does the person who has no desire or intent to to make whatever they store on Google Drive public have to agree to a perpetual, unrestricted, republishing license of their content to Google? Don't you think it would make a lot more sense to have a "we'll keep your shit private" agreement and then if you choose to use them as a publishing service have a completely different agreement that provides for that use of the service?

Seems trivial and obvious to me.

Re:Google's motivation

It allows them to use third-party services for translating. Perhaps if their automated system identifies that something is too difficult to translate, a human does it? (which also serves to better their automated translation)

Seriously, everyone needs to stop playing devils advocate here. The terms of service are those required for a functional system. Of course they aren't going to spell out exactly what they are going to do with the data -- that would prevent them from implementing new features in the future. Does it mean that they can use the terms of service to be evil? Yes.

So, it boils down to this. If you don't trust Google, don't use the service. If you trust Google, realize that the terms of service are required for a functional system. Personally, I trust them. Once Google gets caught selling your personal information for profit, stealing your ideas and using them as their own, or whatever evil thing you can think up, there will be a reckoning -- a mass exodus that will cost Google dearly on all fronts.

I don't trust Google because they're infallible or even because they have my best interests in mind. I trust them because I don't think they're stupid. The terms of service let Google provide the service they're offering, and it lets them enhance the service with new features in the future. Nothing more to see here. Move along.

Re:Google's motivation

That's completely missing the point. If you upload your book manuscript to Google drive, they can then print your book and publish it against your wishes and without paying you anything and claim that they are using it to promote their service (there might be a "visit google.com" sticker on the front). If you upload home porn, they can display that on the front page of google.com forever if they wish and without consulting you to promote their service. Google does need some permissions, as you point out, but they are going far beyond what they need. If they do not plan on doing these heinous things I just listed, then they should change their TOS to disallow it - if they don't, then you know exactly what kind of thing they really are planning to do.

Re:Google's motivation

[PTBarnum]

So all you want is for Google to list every possible service that they may offer in the future, and how it will affect your data?

Re:Google's motivation

[AngryDeuce]

Yes, you're right, that is not a new concept. Servers get hacked all the time. Stolen data is in the headlines every day.

The new concept that everyone is bitching about is the legal "theft" of your data, which is outlined on page 3,742 in the hardcopy version of the EULA. I found a copy once, in one of Google's old abandoned data centers. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.'

That's the issue. Trusting a cloud provider. Hell, I wouldn't be surprised if I uploaded a truecrypt volume that was absolutely unreadable to anyone but me if I started getting targeted ads for TrueCrypt...

I'm just trying to figure out how people rationalized the first problem, the fact that no online solution is 100% secure, if they're taking offense to the new one, the "lack of trust".

What Google does with the data is immaterial if the data is sensitive enough to have a privacy concern in the first place. If you don't want people seeing it, you should not put it on the internet. Period. If you're willing to take the risk of putting your super duper secret formula on the internet in the first place, why would Google scraping it to target ads be what concerns you? I would think that the possibility of it being seen by anyone (which is always a possibility, as long as human beings are involved any step of the way) would have been enough of a motivating factor to not put the super duper secret formula on the internet in the first place.

I don't know, maybe it's just easier for me to be objective because I have no real need for a cloud storage solution and use them simply as a convenience, but I would think that any enterprise that had information sensitive enough to warrant these privacy concerns wouldn't be going to a third party to host their data in the first place. Coca-Cola isn't going to ask Google to store a copy of their secret recipe, and if they did, the last thing they should be worried about is a bot scraping it to target ads. That's why all this privacy hysteria cracks me up as concerns cloud storage, because it requires the user to have already decided that the base insecurity inherent in any network attached computer (any computer at all, really) wasn't enough of a concern to make them stay away in the first place. If you care about your data's privacy, for fuck's sake, keep it off the internet, and damn sure don't trust a third party like Google, Facebook, Microsoft, Apple, etc, to keep an eye on it. That's just retarded.

Re:Google's motivation

[cayenne8]

They don't sell your data to customers, that would be illegal.

You must be in Europe.....

In the US, it is perfectly legal to sell all your data to customers, in fact, there are MANY companies that do just thing....Acxiom is one such example, they have information on likely 98% of the US, and decades ago, they were just then starting to branch out to other countries, I'm pretty sure they have succeeded by now on that front too.

Re:Google's motivation

[cayenne8]

There's a pretty simple way to avoid this....

Simply encrypt everything you keep on Google Drive...I'll bet a company that came out with a cheap, easy to use tool to automate encrypting all data to/from these cloud storage setups, could make some money off said tool....

Re:Google's motivation

[Ihmhi]

No, but if they invent something so revolutionary that it doesn't fall under translating for other users, indexing, thumbnails, and a few other limited but sensible features, then they can renegotiate the ToS with us.

Re:Google's motivation

[Caratted]

Not sure what the real marketroid word is...

Word of mouth.

Re:Google's motivation

There's a pretty simple way to avoid this....

Simply encrypt everything you keep on Google Drive...I'll bet a company that came out with a cheap, easy to use tool to automate encrypting all data to/from these cloud storage setups, could make some money off said tool....

http://spiderbackupsolutions.com/

Re:Google's motivation

[quacking+duck]

I've never bought into the image of benevolence Google always presents to the public, and that's cost me Slashdot karma over the years, but I don't care. It will be very interesting to see who defends this. It would be difficult not to see them as sellouts of themselves, all too happy to trash their own privacy rights, eager to please the advertising megacorp and defend them from attack. Wake up!

(emphasis mine)

Irony: Samsung, biggest seller of Google Android-based phones, staged an astroturfing/advertising stunt by bringing in a couple busloads of people to the front of the Apple Store in Sydney, Australia, who then yelled at customers inside to "Wake up!".

Re:Google's motivation

[shentino]

Actually considering Mega Upload, the copyright juggernaut will happily blame anyone and everyone they can get away with.

As far as they are concerned, anyone not dumping money into their pockets is at fault just for being alive.

Re:Google's motivation

[StillNeedMoreCoffee]

What privacy advocates (and me) are complaining about is the legal language used. The problem with a bad law is that even though it may be written to handle a specific case, if the language is overly broad it may allow other things legally that were not intended and clearly are bad things. I great example is the Florida Stand your Ground law that has resulted in deaths that were preventable, and in the most recent case, someone that was pursuing and packing and killed an un-armed 19 year old kid carrying a soda and a bag of Skittles.

There are people that look at a EULA like this (say within Google) and say, well does that mean we can do this with the data and make more money? And the answer might be yes. Lets say for instance you have a some sensitive information, they find it, they send it to someone else, the sensitive information is used for insider trading, your companies stock fails and you go bankrupt. I don't think there is anything in the language of the agreement that would say that Google could not pass information on or that it was liable for any impact that might have.

Legal language is not for the everyday use, or intended use, it is to establish boundaries that define what you can do without violating the agreement. In this case it is like a very bad pre-nuptual agreement that gives away your house and your children with nothing in return. (except you still own them, just don't have exclusive use of them)

Re:Google's motivation

[shentino]

Google is being honest here, and I respect that enough to keep them as a company I'm happy to do business with.

At least they're not pulling a facebook and changing the rules later after they already have your data held hostage.

Re:Google's motivation

[shadowrat]

I don't think google's tos is the end of the world or anything, but it is pretty vague. out of curiosity i checked out apple's TOS applying to it's iCloud service.

by submitting or posting such Content on areas of the Service that are accessible by the public or other users with whom you consent to share such Content, you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available, without any compensation or obligation to you.

Notice how this wording specifically states that apple's right to display your content applies to content you are uploading as publicly accessible or accessible to authorized users.

Re:Google's motivation

You left out forgot and you forgot left out.

Re:Google's motivation

That is exactly what I do on DropBox, and I urge more to do the same.

TrueCrypt isn't 100% cross platform, but it covers enough to do the job most of the way. When combined with a keyfile stored on devices, it makes for both availability of files, as well as security. Only downside is that one has to remember to unmount the volume before leaving, so the chance of race conditions happening is minimized.

I use a keyfile so even with the large computing power available, there is no brute forcing a password.

I would say this is the only way to use Google Drive, although it definitely locks out access from devices.

Re:Google's motivation

Do you have ANY legal backup, in ANY country for this completely out of your-piehole statement? Because it flies in the face of every decision I know about.

Oh, wait, this is Slashdot. Forget it.

Re:Google's motivation

[sl149q]

Strictly speaking its the courts that will nail you for omissions, inconsistencies and inaccuracies. The lawyers just keep reacting to which way the courts rule on previous cases to hopefully eliminate the same issues coming up again (and again.)

Re:Google's motivation

[DarthVain]

The only problem with this is you need a local client to still track your files, otherwise you can encrypt all your files and upload them, but if you have 5GB of files you will be using 5GB every single upload, which will kill your bandwidth. Typically these backup things to a compare, and would only upload the 2% of files you changed that month.

Anyway that is the biggest problem, is that when you encrypt your files, the storage device cannot scrutinize your files for changes (which is the whole point of encryption more less in the first place).

I'm sure there must be a technical way around this, but I think either way it would involve an amount of trust in the provider.

For total personal protection you can do it, it would just be expensive as it would be a bandwidth hog.

Re:Google's motivation

[cayenne8]

For total personal protection you can do it, it would just be expensive as it would be a bandwidth hog.

Honestly, unless you are on dial up these days...bandwidth, at least in my case, isn't even a consideration anymore.

I mean, you might have caps on your phones and mobile devices, but not on home (wired) connections...?

Re:Google's motivation

[geminidomino]

I really should have known that...

Memo to self: Plan to reduce caffeine intake is to be aborted immediately.

Re:Google's motivation

I think the way to get modded "Insightful" on Slashdot is to make strong statements that are distrustful of any large business, ascribing the most inflammatory motives possible to ambiguous actions.

I think this is going to be a sort of Google foot/gun incident over TOS wording. The problem (I think) is that Google has tried to unify the terms of service for services that are too disparate. These terms are perfectly fine for something like YouTube, but aren't appropriate for cloud storage of private files.

Expect a very public announcement from Google that changes these terms so as to make clear that the horror-story scenarios being tossed around the net aren't what we should actually expect from Google Drive

Re:Google's motivation

[js_sebastian]

The only problem with this is you need a local client to still track your files, otherwise you can encrypt all your files and upload them, but if you have 5GB of files you will be using 5GB every single upload, which will kill your bandwidth. Typically these backup things to a compare, and would only upload the 2% of files you changed that month.

Anyway that is the biggest problem, is that when you encrypt your files, the storage device cannot scrutinize your files for changes (which is the whole point of encryption more less in the first place).

I'm sure there must be a technical way around this, but I think either way it would involve an amount of trust in the provider.

For total personal protection you can do it, it would just be expensive as it would be a bandwidth hog.

I use encfs as an encryption layer for the stuff I host on dropbox. Completely transparent to the user, and each file is encrypted separately so that updates are pushed separately. File names are encrypted as well. The only downside is that I can't use the dropbox web interface to download a file if I'm on someone else's PC, on my phone, etc. Likewise integrartion of google drive with all sorts of google services will likely not work in an encrypted form unless google themselves start to offer client-side encryption.

Re:Google's motivation

[cdrguru]

I suspect their policy is quite intentional. If they meant that derivative works would only be used for searching and indexing and display of information based on searching and indexing they might have said so. Since they didn't and didn't in quite a volumnous manner, it shouldn't take much effort to see that it is intentional.

This means if you put a picture up there that they like, they can use it in whatever way strikes their fancy. A document describing some novel concept can show up the next week as a Google patent application. A manuscript can show up being offered through Google Books.

After all, isn't the cloud all about sharing and openness?

Re:Google's motivation

[AmiMoJo]

The policy seems to date back to Picasa. If you upload a photo to Picasa and make it publicly viewable and indexable then Google has the right to use the image themselves. They do a constantly updating showcase of interesting photos that people have uploaded in that way. In theory they can use the images in their own advertising as well, although unless you count the aforementioned showcase as advertising I don't think they ever have done.

The same thing presumably applies to Drive. If you make a file publicly available and findable Google may optionally use it themselves. Pretty much standard practice for web services. If you don't want it to happen then don't make your files public and findable (you can still share with friends only or via unlisted link).

For evidence of what they get from scanning your docs take a look at Gmail. It reads every email you receive and uses the data to target text ads, unless you opt out of personalized advertising. Google has gone to great lengths to make sure you don't get embarrassing or inappropriate ads, and the advertisers never get access to Google's data on you. Google just picks ads it thinks will be relevant to you, rather than allowing advertisers to target you directly like they can with Facebook.

I wish they didn't even do that, of course, but it isn't nearly as bad as some people seem to assume.

Re:Google's motivation

They don't sell your data to customers, that would be illegal.

It would be illegal if you didn't agree to allow it in the terms of service.

Re:Google's motivation

[Anonymous+Brave+Guy]

Personally I find GMail to be particularly shady, because it's not only scanning the user's personal mail, it's also inherently scanning someone else's personal mail, and the other party/parties might not even realise that Google is involved in any way. Rather like Facebook's shadow profiles and getting friends to volunteer information about each other than the individuals chose not to provide themselves, there's something very dubious about Google using a database of e-mail correspondance without all of the parties agreeing to it.

As for Drive, I don't see anything in the terms that actually restricts Google to the kind of behaviour you described, for example requiring them to respect any privacy settings you might have chosen, and I suspect that's why some people are concerned about the privacy implications.

Re:Google's motivation

[Monchanger]

then they can renegotiate the ToS with us.

Because that worked so well for them recently? Truth is this is a no-win situation for them. No matter what they do, a small number of anti-Google fanatics will cry bloody murder, and low-quality editors will help them spread their nonsense.

Now before you go crying about that "fanatics" I used, let's take a look at three points:
1) EPIC's "report" glosses over the fact that the supposed "overbroad" terms are global to the entire collection of Google services, and was not specifically designed for Google Drive. So attributing a bunch of general terms which apply to a comment you post on a public Google+ photo, to your private Google Drive files is naive at best, and intentionally misleading at worst.
2) That was "reported" by MacWorld. Not exactly a clutch of Google fans who are trustworthy in checking the facts.
3) Who are the other so-called "privacy advocates" in the MacWorld story? DropBox users.

On Dropbox’s online forum a user by name of Chen S. wrote...
Another user, Christopher H., said this in the Dropbox forum:...
Still another Dropbox user, Mark Mc.,

Next thing you know, we'll have Linux users coming here and ripping on Microsoft.

Until a decent reporter tells us something substantial, this should be seen as a non-story to all but the tin-foil folks.

Re:Google's motivation

[allo]

http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/

Re:Google's motivation

Actually it was reported by PC Magazine. Macworld pulled the relevant info from the PC Mag article.

It is also no small thing to write a privacy policy specific to the service your are offering. Google claims they use a 'blanket' policy to simplify things, but in reality all it does is overgeneralize and give them far too much benefit for doubt by overstepping privacy boundaries because they 'might' someday need those rights. Seriously, who wants an agreement like that? It's as bad as a cell phone provider contract.

Why would they need to own derivative works created from your own? Who would grant them that kind of license?

How far are you willing to go to defend this?

Re:Google's motivation

[DarthVain]

In Canada you do... :(

Though recently mine has gone up from 60 to 80GB. Though I know many on plans less than 30GB.

If you only use the small 5GB Google Drive, if it only hits once a month to update, that still could be a chunk of your bandwidth. If it hits several times a month to update, your cap could be gone.

Anyway, that really wasn't what I was talking about. Usually these services charge by the GB transfer fees on top of your actual storage. So 50GB is 10$ a month, plus 1$/GB transfer, or something like that.

Google Drive seems to have simplified pricing, but they likely have total control over the whole process... Or their prices may just change? who knows. However generally speaking, that is how most of the rest of those cloud based storage works.

Re:Google's motivation

[DarthVain]

Hmmm, neat. Never heard of it before. I'll have to look into it.

Cryptographically the software should be irrelevant, there must be a way around the technical issues. So long as you are able to transfer your key, you should be able to access your stuff elsewhere (though unless Dropbox, etc... supports that sort of thing, they likely will never work natively).

I think what we need is a service like this, which is crypto first, everything else second.

I can't see why someone cannot create a server cloud based crypto system based on TrueCrypt, or encfs, or whatever, that using web based software, encrypts your files locally, then uploads them to a stored source using the same crypto. All you would need to access it on another computer would be a Key, be that manual entry, or secondary with a passphrase, or some other scheme using a secondary independent system.

I think the problem is that for anyone to have any trust in it, it has to be open source, like a TrueCrypt, where as when a Company has some private secret software, that may be encrypting your stuff, maybe not, maybe their is a back door, maybe a duplicate key, who knows... Though Google has done open source with its OS I think, perhaps they should with this as well.

I mean I could care less about their Privacy Statement, if I am satisfied that I can encrypt my files sufficiently.

Re:Google's motivation

[kenboldt]

I love how the summary, and all the google haters are completely ignoring this little tidbit of the TOS "Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services"

You know, that part where they tell you that if you don't make it public then they can't use it however the fuck they see fit.

Re:Google's motivation

[MaskedSlacker]

I mean, you might have caps on your phones and mobile devices, but not on home (wired) connections...?

Been living under a rock these days? Nearly all wired broadband connections are capped (though some are just soft caps).

Re:Google's motivation

[TheCarp]

The thumbnail thing is a good point, hadn't considered that. Though, if they are generating that to service a request that you made, then, do they need that right granted? I would think its a derivative work created by the request of the copyright holder. I would say a limited license is clearly implied there. Though, I can't blame them for being explicit to CYA.

That said...I don't use dropbox either. I did use ubuntu one, but I never stored anything on it that wasn't encrypted. They are welcome to make derive as many works as they like from my data after I have transformed it via AES256 :)

That said, I have, overall never felt like I could trust this sort of service unless I ran the server. Being able to do my own encryption on top mitigates many issues but... I never found enough encfs solutions... like one for android. Then ubuntuOne doesn't have easy packages for the linux distro I am kinda stuck with at work.... blah blah. Bottom line, I am still on the lookout for a solution in this space that doesn't require me to trust people I don't know more than I should.

Re:Google's motivation

You think many of the billions of users will want to "scroll to the bottom and click accept" to a new TOS adding a section for consent of translation, for example?

They aren't in a position to negotiate: Their terms are "Cloud"-standard, upfront and you're free to do without and pay for private hosting.

Re:Google's motivation

[ewok85]

even something as weird as "publicly display" might be necessary to run their service. For example, what if I want to set permissions in my google drive to public, or even to something my friends can access? You know, like some real cloud storage? Bam, public display.

This is exactly it - when you set a file to public, not only is Google making it available, but if is something like a Google Doc or something else that their interface can open, they are also displaying it - a big difference to Dropbox who just make the file available for download removing the need to put that kind of specific wording into their TOS.

Article fail

[Troed]

"a close and careful reading reveals that Google's terms are pretty much the same as anyone else's, and slightly better in some cases"

http://www.theverge.com/2012/4/25/2973849/google-drive-terms-privacy-data-skydrive-dropbox-icloud

Re:Article fail

The key element in Microsoft's ToS is this.

"You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service SOLELY TO THE EXTENT NECESSARY TO USE THE SERVICE."

Google's ToS - or at least the section quoted there, I haven't memorized the whole thing - doesn't include the same sort of limitation to limiting one service's rights to one service's information. In fact, I remember info-sharing being a big thing they started doing recently!

So as written, could they take my videos from Drive - one of their services - and move it onto YouTube - another service? There's no threat like this from DropBox, Microsoft says "We won't do it", Apple follows MS's example with a limitation "solely for the purpose for which such Content was submitted or made available" - so I'd want to see an equal protection from Google on cross-service usage of my Drive data before I even think about it.

of course, if it's already there, this article is fail.

Re:Article fail

I would not say that difference actually means anything; I'm sure a lawyer would say the "service" is whatever the provider says it is. If MS decides Skydrive will publicly host video (a la YouTube) then it can and you've granted rights to it. If Google decides to merge the YouTube storage into the space shown in Drive and combine the 'services' they can. In these phrases "Service" vs "Services" part isn't providing any concrete restrictions or limitations since they can arbitrarily define what the service they provide is.

Re:Article fail

[icebike]

So as written, could they take my videos from Drive - one of their services - and move it onto YouTube - another service?

If you mark them as PUBLIC, yes, they probably could do that.

But again this only applies to things you mark as public in your Drive, just like it was in Picasa, Docs, and any other portion of Google services where the option to PUBLICLY share content exists.

However, they probably would not do this, because its a tracking nightmare. You have the right to cease sharing any item in your drive. If they had copied it out, they would have to track that down and withdraw it. Chances are they would just link it to YouTube if they even bothered to do that on something you shared. That way, when you un-share, the content would disappear from YouTube without them having to take any more action.

But again, READ THE PRIVACY POLICY, and realize this is a tempest in a teapot because it only applies to stuff you EXPLICITLY share.

So, yeah, Article Fail.

Re:Article fail

[ThatsNotPudding]

"a close and careful reading reveals that Google's terms are pretty much the same as anyone else's, and slightly better in some cases"

A hurdle so low, paramecium can get through to the medal round.

Re:Article fail

[DragonWriter]

Google's ToS - or at least the section quoted there, I haven't memorized the whole thing - doesn't include the same sort of limitation to limiting one service's rights to one service's information.

The section that references service-specific settings that narrow the scope of Google's use of content does something similar in privacy terms.

as written, could they take my videos from Drive - one of their services - and move it onto YouTube - another service?

Sure, as long as the content submitted through Drive as private-to-you (the default setting for Drive content) was also private-to-you through YouTube unless you did something to change it.

Where's the problem?

They need to be allowed to do all those things to provide all the features they do.

Re:Where's the problem?

[Overly+Critical+Guy]

Is a content license really required to store files? I think you mean that they need to be allowed to do all those things to provide context-sensitive advertising.

I'm Shocked! Shocked!!!

[CanHasDIY]

OK, well, not all that shocked.

Whoever doesn't realize by now that Google is a marketing agency who makes their money off selling their users' data, deserves to get screwed.

Re:I'm Shocked! Shocked!!!

Whoever doesn't realize... deserves to get screwed.

Speak for yourself. Not *everyone* has the background, the experience or the jaded attitude you possess, and it's attitudes like yours (and the entire caveat emptor set) that leave the upcoming (younger) individuals hanging out to dry.

Re:I'm Shocked! Shocked!!!

I have 2 words for you "QQ NUB"

Re:I'm Shocked! Shocked!!!

[cpu6502]

I'm no longer allowed to criticize Microsoft or Google, else I will get modded -1 by their loyal fanboys. (Otherwise I'd agree with you... can't trust either of these companies with your uploaded data... especially after CISPA passes.)

Re:I'm Shocked! Shocked!!!

[LateArthurDent]

OK, well, not all that shocked.

Whoever doesn't realize by now that Google is a marketing agency who makes their money off selling their users' data, deserves to get screwed.

Google makes zero money off selling their users' data. Selling their users data would, in fact, hurt Google's business strategy.

Google makes money off having access to users' data nobody else does. They can tell an advertiser, "we know the people for whom your ad will be most relevant, and no other advertising company has that information." If they were to actually give a list of said users to their client, they'd no longer be able to charge for advertising to those users, because their clients would do it directly.

Re:I'm Shocked! Shocked!!!

[ShieldW0lf]

OK, well, not all that shocked.

Whoever doesn't realize by now that Google is a marketing agency who makes their money off selling their users' data, deserves to get screwed.

Liberating yourself doesn't do you a lot of good if the folks you liberated yourself from have an army of billions and an agenda.

Re:I'm Shocked! Shocked!!!

[Local+ID10T]

Google is a marketing agency who makes their money off selling their users' data

Almost...

Google is an advertising company that makes money selling data about their users.

A subtle, but important, distinction.

Re:I'm Shocked! Shocked!!!

[CanHasDIY]

Google is a marketing agency who makes their money off selling their users' data

Almost...

Google is an advertising company that makes money selling data about their users.

A subtle, but important, distinction.

Indeed, thanks for the clarification.

Re:I'm Shocked! Shocked!!!

[interval1066]

and it's attitudes like yours (and the entire caveat emptor set) that leave the upcoming (younger) individuals hanging out to dry.

Thus we have slashdot, and other outlets where people are free to express their opinions. no matter how jaded.

Re:I'm Shocked! Shocked!!!

[msailors]

Mod parent up. There continues to be a broad misconception that Google is just passing out your information to any company with a few bucks to spend, which is patently false.

Re:I'm Shocked! Shocked!!!

[Anonymous+Brave+Guy]

A subtle, but important, distinction.

Indeed, and one that Google conveniently no longer needs to make in light of this privacy policy, since it looks like they can now sell their users' data too.

Re:I'm Shocked! Shocked!!!

[TheRaven64]

You know, when I was a small child I was taught that there's no such thing as a free lunch: if a service is 'free' then you should work out why you're not being charged for it, who is really paying, and why. I was also taught the aphorism that few things are more expensive than a free service. Neither of these things were particularly insightful observations: they were things my parents had been taught by their parents. Somehow, when the Internet is involved, this basic common sense seems to be lost on a lot of people.

Re:I'm Shocked! Shocked!!!

[shentino]

At least google is being up front and honest about it.

Some companies *cough*facebook*cough* will happily lure you in with promises of a good experience, only to take your data hostage by springing a revised TOS on you later that you can't opt out of.

Re:I'm Shocked! Shocked!!!

[CanHasDIY]

Sounds a lot like the argument made regarding political parties: Both are going to rob and bugger you, so would you prefer they be forward about it, or try and make it seem like they're doing you a favor?

Regardless of which you choose, you still end up with an empty wallet and sore asshole - the definition of 'lose-lose'

Re:I'm Shocked! Shocked!!!

[shentino]

I'd rather they tell the truth.

But of course, prisoner's dilemma, they're both wolves, so if one of them forgets to wear his sheepskin suit and the other doesn't, the one who lies is the one who gets in.

Re:I'm Shocked! Shocked!!!

[fafaforza]

All you have to do realize what Google does with your data is to exchange an email with someone about an Audi, then see nothing but Audi banners for the next 3 weeks on every site you visit. This isn't cynicism.

Creative control

"That short film you're editing? We know you weren't technically done with it, but we honestly thought it was fantastic. Don't change another thing. We went ahead and put it on YouTube for you."

Surprise

[SJHillman]

Not a surprise considering Google's history. I don't see it much different than what they do with what you do with any other Google services. When I still used Gmail, I found it humorous that it would display ads for Viagra whenever the odd male enhancement spam slipped through.

Re:Surprise

[icebike]

So a computer program slips a topical advertisement onto your screen. Big deal.

Did you find any example of other people reading your gmail, or your gmail contents showing up in searches?
No? Thought not. So what PRECISELY did you mean with that "considering Google's history" remark?

Have they ever broadcast your email, or your pictures that you marked as private, or your google docs that you marked private?
Or is this just another example of a full-out google hate without letting the facts get in your way?

Re:Surprise

[wjousts]

Have they ever broadcast your email, or your pictures that you marked as private, or your google docs that you marked private? Or is this just another example of a full-out google hate without letting the facts get in your way?

Did you miss Google Buzz then? You know, the one that would publish all your e-mail contacts for the whole world to see?

Re:Surprise

[icebike]

So you were the one guy that subscribed to Buzz?

And you DO know that it was USER error/carelessness that allowed Buzz to leak, don't you?

Re:Surprise

[wjousts]

No, I didn't. You do know Google subscribed everybody with a Google profile don't you? And you do know that sharing your contacts was opt-out, not opt-in. But feel free to keep blaming the user for not immediately disabling this thing they never signed up for in the first place and didn't know Google had even introduced. Stupid users.

Didn't effect me because I wasn't stupid enough to have a Google profile in the first place.

I would be amazed...

[gaelfx]

...if anyone anywhere actually thought that anything I have would help them advertise and/or sell something.

Publishing HALF the facts = more fun.

[icebike]

Conveniently left out of the summary and TFA is that this only applies to DATA YOU EXPLICITLY MAKE PUBLIC in your Google Drive.
Which is the same policy as Google Docs had, same as Picasa had, etc.
If you mark a document public then it can be searched for and found. (But in my tests, its rarely searchable - probably my stuff is too boring even for Google's spiders).

Foremost in Google's policy it states:

Information we share
We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances apply:
With your consent
We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

So if you mark it private, it means its almost as private as it can be while still being in the cloud. Of course Google has to honor subpoenas, but your next great novel will not appear in someone's search results if mark it private.

If you want better privacy for your commercial cloud storage your best bet is SpiderOak which stores everything encrypted with an encryption key that even SpiderOak doesn't know. They use client-side decryption, and therefore couldn't hand over your stuff even at gunpoint.

Re:Publishing HALF the facts = more fun.

[wildtech]

I would also recommend Wuala. Client side encryption as well.

Re:Publishing HALF the facts = more fun.

[allo]

still a proprietary client.

Google: All for one and none for all...

[madhatter256]

What's yours is mine and what's mine is not yours....

Re:Google: All for one and none for all...

[ScentCone]

Except for the fact that they don't charge you anything, you don't have to use it, and the only stuff that's at issue here is stuff that you explicitly put on their systems to share publicly with other people, not your private stuff.

So, I see your point, other than the whole "it has no bearing on reality" part.

Re:Google: All for one and none for all...

[VortexCortex]

As for what's yours: I don't care about it in the least. I don't even want it cluttering up my drive space unless it's a FLOSS program that I use. As for what's mine: You can have what's mine and duplicate it upon every surface across all of existence. Please do, I'd love the redundancy.

All of my data falls into these three categories:
0. Creative Commons Artwork
1. Open Source Software
2. Encrypted Personal Data

If it's a matter of "privacy" and it's not already encrypted, then you're doing it wrong...

TrueCrypt?

Is it possible to layer TrueCrypt on it, either with current software or with easy mods from the TC community?

Re:TrueCrypt?

[SuricouRaven]

I imagine you'd want something less block-devicey. It'd be horribly inefficient otherwise.

Re:TrueCrypt?

[Electricity+Likes+Me]

A keyboard-smash 128 character password on an AES-encrypted zip file would be enough I'd think.

Though this also sounds like a good opportunity for someone to write a Dokan filesystem for it (maybe something which just does the above?). I already use OTR encryption with Gtalk - it's kind of funny going through my Gmail account and seeing all the encrypted conversations. Sad that pretty much no one can be convinced to use GPG for regular email though.

Fluff piece

[bonch]

What a fluff piece from the Verge. It doesn't compare the exact wording of the policies. Instead, it justifies Google's policy by saying abuse is "unlikely" (which isn't the point) and explains that rival services need certain delivery permissions to run the service, but it doesn't cite any examples from the policies of those rivals that are equivalent to the content license that Google Drive grants.

The article also claims that "public" refers to the user and their actions regarding their own data. But that is NOT what Google Drive's policy states--it explicitly states that the content is licensed to Google as well as anyone Google works with.

Re:Fluff piece

[dgatwood]

And anyone claiming that it is unlikely is a fool. Had Yahoo had such a term of service fifteen years ago, everyone would have called it unlikely to be abused at the time. And now, fifteen years later, the company is in such bad financial shape that I wouldn't put such a desperate move past them if it could keep them afloat. There's no reason that Google couldn't eventually end up in dire straits financially someday, and when they do, they'll have your data and the right to exploit it.

Re:Fluff piece

So what you're saying is:

- anyone who thinks they won't do what they damn well like when they are in difficulty is a fool
- after all, look at Yahoo. They are in financial difficulty and they, er... they, er... haven't done anything abusive

Idiot.

Re:Fluff piece

[dgatwood]

Yahoo was the company that caused an uproar just a couple of years ago when someone posted a copy of their price list for what amounts to espionage services available to world governments. I'd call that abusive, personally.

Re:Fluff piece

It may be abusive but it's not really supportive of your argument about Google Drive data, now is it?

Re:Fluff piece

[dgatwood]

Yes, it is. Yahoo, in financial trouble, makes information available to governments for a price. Google, in a couple of decades, could easily run out of money and resort to the same rather than requiring those pesky warrants.

Re:Fluff piece

mod parent up

so?

This is a non story.

Common Sense

If you don't want somebody to read it, you need to encrypt it.

If Google wants to make derivative works from my encrypted data that can't be distinguished from noise ... be my guest.
They don't need me for that, as /dev/urandom is much more convenient, but maybe they've got an "noise that could mean something to somebody" fetish.

Indeed.

[chrb]

Dropbox:

We may need your permission to do things you ask us to do with your stuff, for example, hosting your files, or sharing them at your direction. This includes product features visible to you, for example, image thumbnails or document previews. It also includes design choices we make to technically administer our Services, for example, how we redundantly backup data to keep it safe. You give us the permissions we need to do those things solely to provide the Services. This permission also extends to trusted third parties we work with to provide the Services, for example Amazon, which provides our storage space (again, only to provide the Services).

Skydrive:

If you share content in public areas of the service or in shared areas available to others you've chosen, then you agree that anyone you've shared content with may use that content. When you give others access to your content on the service, you grant them free, nonexclusive permission to use, reproduce, distribute, display, transmit, and communicate to the public the content solely in connection with the service and other products and services made available by Microsoft. If you don't want others to have those rights, don't use the service to share your content. You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service solely to the extent necessary to provide the service.

Google Drive

You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.

I have bolded the relevant bit that the biased summary failed to include. It is exactly the same as the Microsoft term above.

Re:Indeed.

[Overly+Critical+Guy]

This is why I don't use any cloud services for file storage. Though one could reasonably argue that giving Google, the biggest internet company in the world, a license to your content has larger ramifications than giving one to Dropbox or even Microsoft.

Re:Indeed.

[drachenfyre]

Dropbox:

I have bolded the relevant bit that the biased summary failed to include. It is exactly the same as the Microsoft term above.

No, not it is not. There is a huge difference between Microsoft's (The Service) and Google (Our Services). If Google decided to come out with a new service where they allowed you to search anyones documents on their site, you've already agreed to it. With Microsoft, you have not. Is it a glaring omission in the biased summary? Yes. But does it mean that your stuff will only be used for operating,promoting and improving Google Drive? No. No it does not. When Google collects it and starts distributing your family photos as part of GIS, you've already agreed to it.

Re:Indeed.

If you think the two terms from MS and Google are identical then I have a bridge to sell you. You could drive a bus through the hole left in the Google license.

Re:Indeed.

[chrb]

And for completeness, Apple's terms:

Except for material we may license to you, Apple does not claim ownership of the materials and/or Content you submit or make available on the Service. However, by submitting or posting such Content on areas of the Service that are accessible by the public or other users with whom you consent to share such Content, you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available, without any compensation or obligation to you.

Re:Indeed.

[icebike]

You forgot this portion:

Information you share

Many of our services let you share information with others. Remember that when you share information publicly, it may be indexable by search engines, including Google. Our services provide you with different options on sharing and removing your content.

IF you mark a document as public, Google will let anyone else see it. (e.g. Publicly display).
But if you mark it private, nobody else sees it, without a warrant.

The other permissions you grant them exist solely to let them provide the service to any machine from which you log in.

Re:Indeed.

[icebike]

You need to take a course in reading comprehension.

Re:Indeed.

[AngryDeuce]

I use them to store files I don't give a shit about. If they want to scrape my cannabutter recipes and pirated MP3's looking for something to 'monetize', they can be my guest.

The only data they can steal is the data you give them. People aren't powerless victims, here, they're making a deliberate choice to put their files in someone else's control. I don't much give a shit who that someone else is, if you don't want them to see it, don't give it to them to hold.

This is just simple common sense, but it seems like people would rather keep stamping their feet and bitching about how insecure it all is rather than just making the simple decision to not fucking upload sensitive shit to these services in the first place and moving on with their lives. Anyone looking for an impenetrable bank vault for their data via an internet connection is an idiot. The weak point in any security system is the user, and as we all know, users come up with novel ways to compromise their shit every single day. According to a recent study, the most common password in business is Password1. If that doesn't make you think twice about trusting any of these services with your data I don't know what will...

Re:Indeed.

[phorm]

What it also does is allow them to do such things between their services for you. When services are integrated that's useful to the customer.

However, it also seems a bit "blanket" and allows them to do a whole lot more, much of which may be against what the customer (in this case, I'll refer to the person using the service as "customer") wants.

Perhaps they need an addendum like:
    For the purposes of presenting you or those your have specifically authorized to use and view the content through our services.

Of course, the actual addendum would be more legalese... but it should be restricted to basically "we're allowed to do X in order to provide YOU and those YOU CHOOSE services"

Re:Indeed.

[a90Tj2P7]

Did you miss "publicly perform", "publicly display" and "publish", in addition to "for the limited purpose of... promoting... our Services..."?

Re:Indeed.

Well, Google is pretty clear. about what they can and will do with your data. Reading Google's Privacy policy explains very clearly what you should know or be concerned about.

A lot of people seem to enjoy jumping on the bandwagon saying "see! Google IS doing evil!" But if you actually look at what they are doing, it's much easier to make informed decisions about whether or not to use their services.

Microsoft's terms allow them to change or extend their service however they need to. (Microsoft does, and will, and this is beneficial for their users.) This is not different from if Google were to "come out with a new service".

Ultimately, Google (and Microsoft, Amazon, Dropbox, etc.) all are subject to the laws where they operate, and CAN'T legally do the kind of bad stuff you're suggesting they could. Again, there are things to be concerned about (or at least aware of), such as the privacy policy and what the actual Google service does.

Re:Indeed.

[Tanktalus]

/me considers getting a skydrive account to help distribute linux ISO's, and wonders what kind of advertising he'd be subjected to for that.

Re:Indeed.

[wjousts]

The promoting part gets me too. I don't see that in Dropbox or MS' TOS. I can imagine the situation where your are on Google+ (and probably you're the only one) and an add pops-up with "look what files your friends are storing on Google Drive!".

Re:Indeed.

[rannmann]

I have to comment because of all these people saying "This is why I don't use cloud storage."

Here's BackBlaze's version (which, by the way, is unlimited storage for slightly more than Google Drive)

By using the online backup service, the system automatically encrypts and transfers your files to Backblaze servers. Certain information will be available to Backblaze such as type of operating system, file types, or sizes to enable Backblaze to provide the service or help support you. Backblaze will never look at your actual files.

Re:Indeed.

[chrb]

If Google decided to come out with a new service where they allowed you to search anyones documents on their site, you've already agreed to it.

I don't think so - this would be a violation of their privacy policy, which forms part of the terms of service: "We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances apply: With your consent..." In your example, a court would almost certainly rule that sharing your private documents without your consent is a violation of the contract.

With Microsoft, you have not.

Actually, the Microsoft terms explicitly state that they can disclose your personal information, including private emails etc.: "As part of the service, we may also automatically upload information about your computer, your use of the service, and service performance... In particular, we may access or disclose information about you, including the content of your communications"

Re:Indeed.

[DragonWriter]

No, not it is not. There is a huge difference between Microsoft's (The Service) and Google (Our Services). If Google decided to come out with a new service where they allowed you to search anyones documents on their site, you've already agreed to it.

No, you haven't if the specific service has privacy controls that purport to restrict visibility of your data, because the ToS specifically calls out the availability of the ability to control the use of content through settings in particular services.

All of the hyperventilating relies on two things: selective reading of part of the agreement while ignoring other parts and assuming that, contrary to the way the controlling law actually works, that any ambiguities in the language of the agreement would be viewed by a court in the light most favorable to the drafter of the agreement rather than the other party.

When Google collects it and starts distributing your family photos as part of GIS, you've already agreed to it.

Only if they did so in a way which respected the settings (which default to private-to-you-only in Drive) set in the service through which you contributed the content. So, if Google add your images stored in your Drive to GIS but only included them in your own search results if you hadn't changed the default settings on the images, you have agreed to that. And if you've expressly shared the pictures with someone else, and GIS showed it in their search results, you've agreed to that. But you haven't agreed to Google making public what is set as private through the settings of the particular service.

Re:Indeed.

[DragonWriter]

The promoting part gets me too. I don't see that in Dropbox or MS' TOS.

Given the explicit reference to "terms or settings" in particular services narrowing the scope of Google's use of content, this seems to do no more than:
1: Allow your existing content (private or public) to be used in the promotion of new Google services to you;
2: To use your shared (publicly or to specific individuals, according to the settings applied to particular content) to promote Google services to people to whom that content would otherwise be accessible per the settings applied to the content in the service through which it is controlled.

Re:Indeed.

[RandomUsername99]

::golfclap::

This is simply a much less immediately invasive (though, invasive) version of those spyware smiley face emoticon getups that started to pop up in the late 90s/early 2ks, only with much better products. Don't want the popups and stuff? Uninstall (or, try to). If you simply keep using them and just complain that they're invading your privacy, I'm just gonna stop listening.

It's really easy to do completely anonymous searches with an install of the TOR browser... if you just don't want something on your tracked history, it's just as easy to open up a private/incognito browsing sessions which breaks most tracking. It's really easy to transfer, store and share files through your own server with a public IP address or a cheap shared hosting account. It's really easy to not have someone reading your mail and serving you adverts by not using a free email... Most hosting services, even on plans that cost less than $10/mo, have an email server setup that requires very little technical know-how to set up, and pre-installed webmail clients of your choice. Hostgator does this. These are not difficult problems for people with even the slightest amount of technical know-how to solve. Help out your less technically savvy friends by giving them an alternate email address.

You have options.

Of course, it's not going to be the same smooth user experience as using Google products... Google offers extremely *high quality* services at the cost of you being their precisely targeted, profiled, prospected, inspected, infected and unrespected advertising receptacle, and they have a LOT of customers that are perfectly willing to be that receptacle. Are they somehow ethically obligated to offer their premium products for a smaller exchange? If you really want them, but want to maintain more privacy, they even offer paid business accounts with different privacy policies and terms of service.

Re:Indeed.

[tgd]

I have bolded the relevant bit that the biased summary failed to include. It is exactly the same as the Microsoft term above.

Wait, so you're saying that "solely to the extent necessary to provide the service" is exactly the same as "limited purpose of operating, promoting, and improving our Services, and to develop new ones"?

I'm not sure "exactly" means what you think it means.

Personally, I don't want anyone using my private files to promote their service or as sample data to improve or develop new ones.

Re:Indeed.

[pz]

There is indeed a huge difference between the Google TOS and the others. A few important words in the Google TOS are pretty ominous -- "publicly perform", "publicly display", and "promoting".

You give a document to Google, say one that contains sensitive information like your passwords, tax returns, or bank account numbers, and they can take a full-page advertisement in the New York Times showing the content of your document. They might not, but they can under these terms.

Or, you store an MP3 your band recorded with them, say one that's destined to be a barn-burner of a single, and they can use it in their television ads, for free. They might not, but again, "publicly perform" and "promoting" are dangerously broad terms.

No thank you.

Re:Indeed.

Google Drive

You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.

I have bolded the relevant bit that the biased summary failed to include. It is exactly the same as the Microsoft term above.

To be precise, the biased summary did include half of what you bolded. They left out

The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.

Which, IMO, is not exactly the same -- it's a slightly looser limit than the others, specifically "to develop new ones" -- as someone posted already in this tree, that could conceivably include a "read everybody's private content" service. But the fact that the limitation clause was omitted entirely from the summary is the difference between legitimate journalism and a hit-piece.

Re:Indeed.

No actually they are NOT 'exactly the same', if they were the wording would be 'exactly the same' and there would be no particular need to do a 'comparison' to figure out if Google's terms are different than MS's terms...specifically for instance I can immediately take umbrage with 'promoting' and 'and to develop new ones'...I could potentially reasonably argue that the rest is 'legally the same', but there is no way that 'promoting' and 'to develop new ones' could be remotely taken to legally 'be the same' as the MS term 'solely to the extent necessary to provide the service' UNLESS you somehow magically conflate the word 'provide' to include 'promotion' and 'to develop new ones'...which since I don't read it that way immediately implies that at least a population of 1 does not read the two terms as being 'the same'

You can argue all you want that 'the intent is the same', but you can explicitly NOT argue that they 'are the same' since the wording is explicitly not the same, it is for the jurisdiction of a court to decide if/when a lawsuit should occur.

Note, I have never been an MS supporter, and I kind of like Google, so I'm just arguing that you can not say the terms are 'exactly the same', they aren't...but also there is no reason in Google's terms for 'promoting' and 'to develop new ones'...either of those could be interpreted to use your data in ways that to a 'normal person' wasn't what they intended.

Re:Indeed.

[quacking+duck]

And for completeness, Apple's terms:

Except for material we may license to you, Apple does not claim ownership of the materials and/or Content you submit or make available on the Service. However, by submitting or posting such Content on areas of the Service that are accessible by the public or other users with whom you consent to share such Content, you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available, without any compensation or obligation to you.

Skydrive has similar wording, but the Google TOS does not. In Apple's case, the clause only applies to Content uploaded to areas of the service that aren't set as 100% restricted to just yourself. Clause applies to content you share with friends or the public.

But, AFAICT the current iCloud service is a sync service to all devices under the same account, and has no sharing functionality at all, so this "grant Apple..." clause doesn't seem to apply to content stored in iCloud.

Re:Indeed.

[KitFox]

There is indeed a huge difference between the Google TOS and the others. A few important words in the Google TOS are pretty ominous -- "publicly perform", "publicly display", and "promoting".

You give a document to Google, say one that contains sensitive information like your passwords, tax returns, or bank account numbers, and they can take a full-page advertisement in the New York Times showing the content of your document. They might not, but they can under these terms.

Or, you store an MP3 your band recorded with them, say one that's destined to be a barn-burner of a single, and they can use it in their television ads, for free. They might not, but again, "publicly perform" and "promoting" are dangerously broad terms.

No thank you.

Still subject to Privacy Policy. So yes, if you put a document of your passwords or tax return on the internet and click "Share with Anybody who has the URL", they will show it to anybody who has the URL, whether you gave that URL to them or not. However if you say "Viewable by me only", showing your MP3 on their commercial would be a violation of their Privacy Policy, which would quite properly fall back on them.

Re:Indeed.

Really? Have you never even heard of thumbnail images, translation services, or heck - YouTube?!

Re:Indeed.

[allo]

i think it sounds more like "we pick random photos from your photo-folder to put them onto the start page to show new users 'hey, look what people are using our service for, they can upload their photos and stuff'". Which might be rather bad, depending on the stuff on the photos. of course they will filter nudes and such stuff, but other photos might be private, too!

Re:Indeed.

[ewok85]

They have one policy for all services, and then generally a more specific set of policies which outline what they mean.

For example if you post a video to Youtube and have the sharing/privacy options to let anyone view it, they will exercise the "publicly perform", "publicly display" parts of the policy. If it becomes popular and makes it to the front page, that is "promoting". By agreeing to the policy, and having the appropriate sharing settings, they are only doing as they have laid out in the policy.

To think otherwise is just stupid. Go ahead and give me even one example of Google abuse of customer content in-line with their own policy.

Re:Indeed.

[ewok85]

Dropbox doesn't have anything to promote, so there is no need for it in their TOS.

Youtube, Picasa and Plus (off the top of my head) all have ways of taking user generated content like videos, photos and posts - which, when the sharing permissions are set to "Public" - can be "promoted" by being put into various lists or displayed on pages.

Go to http://www.youtube.com/ - every video on that page is user content which has been "promoted". BUT, none of this has been done without the express permission of the content owner (via sharing settings).

Same here: https://picasaweb.google.com/lh/featured?feat=featured_all

Same with Google Docs templates. Same with Blogger. Same with Apps on Play.

Google saves time and effort by having a single, broad policy, which covers them for pretty much all of their services.

Bet you anything they create a Drive specific policy by the end of the week outlining the specific details for Drive which will lose many of the useless words listed in Drive.

In any case "publicly perform", "publicly display" and "publish" are all essential to Drive (and Docs) - I have a large number of things in my Google Docs which are files listed in Google Docs as "Public" - mainly manuals but also a few spreadsheets with interesting information updated by a select few and viewed by thousands:
Examples:
https://docs.google.com/spreadsheet/ccc?key=0Ann1Le6EQCbEdFN2NXRoY3hKRi1ENEdPWldCU0tZVmc#gid=0
https://docs.google.com/document/d/1yx5-l2JKOw18isYGhke81JMAYN7pvx6sjEk6FA3-rYk
https://docs.google.com/document/d/1nRS0nOoVsYUuiOYg_OCkpx38s69hQgvetpMpWkGuElg
https://docs.google.com/spreadsheet/ccc?key=0Apu8Kw8hp4JadGpWMVJFakNTZG1wa3ZmeHZ2TFUzdHc#gid=0

No problem...

[kbob88]

They can take my encrypted files and index, reproduce, modify, publish, etc them to their heart's content! I really look forward to seeing derivative works created from my gpg-encrypted files! Similarly, I can't wait to browse to web pages publicly displaying the contents of someone else's 700MB encrypted file; reading that will be a great cure for insomnia!

But more seriously, I can see Google wanting to have some capabilities for their ad/marketing businesses, but some of these (create derivative works, modify, publish, publicly display?) are really unnecessary. Looks like the product manager forgot to review the ToS after the lawyers were done with it. Oops.

Re:No problem...

[allo]

okay ... you know, publishing the result of a brute-force to your files is a derivative work as well? And do not worry, they have all the computing power, so no problem to brute-force your key.

What the hell, Google?

[bistromath007]

I don't feel like they're going to do anything bad, but how did nobody working there notice that the first and last sentences of that statement are mutually exclusive? They claim you keep your IP rights, then specifically enumerate every IP right there is as belonging to them! Are machines generating their boilerplate now, too?

Re:What the hell, Google?

[whereverjustice]

There's a difference between signing over your IP rights and giving someone a license. If I write a book and then bring it to the print shop to have it printed, I'm giving them a license, not handing over the copyright. The difference is that I'm free to (1) make further copies myself, and (2) grant licenses to others without limit.

Re:What the hell, Google?

Read the sentences again. You still own the IP and can do with it as you see fit, but you are granting Google a license to use that IP for the enumerated purposes. As the owner, you can still sell or license the IP in any way with any or no restrictions to any other entity. Google's limited license to the IP doesn't give them the ability to do the same.

In short, what belongs to you stays yours.

Re:What the hell, Google?

[allo]

in most countries you even cannot hand over your copyright.

I swear...

[JustAnotherIdiot]

It doesn't seem that hard to start up something like this, I'm half tempted to buy a few servers and start my own small scale hosting site.
The only thing in the privacy policy will just be "This shit is yours. I'm not going to use it in any way"

Re:I swear...

[Sunshinerat]

Other than being a money pit... it is a great idea.

Re:I swear...

[flappinbooger]

It doesn't seem that hard to start up something like this, I'm half tempted to buy a few servers and start my own small scale hosting site. The only thing in the privacy policy will just be "This shit is yours. I'm not going to use it in any way"

Here's google's revenue plan: https://www.google.com/settings/storage/?hl=en

Can you do better? No really, I'm wondering what it would really cost to DIY.

There are nearly turnkey plans out there where you can resell Amazon S3 storage as a dropbox or carbonite type service. You basically have to do zero except sign up and then market/administer it, no hardware admin necessary.

If someone has a knack for marketing and graphical design and a sliver of tech knowledge, not a bad idea. Of course, at this point you would have to be VERY good to take away marketshare.

The more reasonable avenue I saw was marketing it to your own customers as a value-add to IT or graphical services, etc.

'Marked' private

[rickb928]

Suppose it would be considered private if I set it as such, paid attention, and set up my stuff that way?

Oh, and encrypted it reasonably well?

Encryption is the best 'marked private' method I can readily think of.

Google wants your data

[Sydin]

In other news, the sky is indeed still blue today.

I sell "free home automation services!"

[erroneus]

So here's my business idea:

I want to develop a home automation and integration service. There will be a wide variety of devices designed and built to make people's lives easier. It will vacuum your floors, track/inventory your pantry, refrigerator and freezer, order out of stock foods and supplies based on your rate of consumption and the discards in your waste collection units, organize your closets, manage your TV viewing, secure your home from invaders with our monitoring services. And it's ALL FREE!

All you have to do is allow us to use the information we collect in ways we don't care to detail or disclose.

How does that sound?

Re:I sell "free home automation services!"

So here's my business idea:

I want to develop a home automation and integration service. There will be a wide variety of devices designed and built to make people's lives easier. It will vacuum your floors, track/inventory your pantry, refrigerator and freezer, order out of stock foods and supplies based on your rate of consumption and the discards in your waste collection units, organize your closets, manage your TV viewing, secure your home from invaders with our monitoring services. And it's ALL FREE!

All you have to do is allow us to use the information we collect in ways we don't care to detail or disclose.

How does that sound?

throw in some happy endings now and then and you might have a deal.

Re:I sell "free home automation services!"

Sounds fine to me. If you can make money off of video of me laying on the couch watching reruns, more power to you. And that's about the most interesting thing I do at home.

If there were a way to make money off of video of me jerking off, I can guarantee you I'd already be doing it myself.

Re:I sell "free home automation services!"

[erroneus]

I control your TV and all the ads you see. When the products you use need to be replentished, my systems will recommend the best replacements and even order them for you.

Am I beginning to sound even a little like Google yet? You're not seeing the big picture. Advertising and marketing are huge, huge money businesses. Just getting you to buy Cheerios instead of whatever a competitor offers is worth millions.

But, Who in the World...

...would agree to those terms, which give Google the right to use private data in any way they see fit, to earn a buck?

Oh, right, Facebook users.

Slashdot, please quote the whole paragraph

[Baloroth]

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.

It is incredibly intellectually dishonest to quote only part of a paragraph, without noting the limitation that immediately follows. You can still have problems with the terms (the note on "promoting [and] developing new [services]", especially) Materially, Google's terms seem to be in the same vein as Dropbox's: they need to be able to actually, you know, host your data to be able to actually host your data. But if you want to actually discuss their policies, don't quote them partially out of context. That doesn't help.

I particularly love how people in that article subtly imply that Google is going to sell your data, without actually coming out and saying it (“You have to ask yourself, what’s the business model. If the business model is to make money from a service or money from advertising, that’s one thing. If it’s trying to make money off the sale of data, that’s another thing.” Implying evil behavior is much easier than coming out with an actual accusation: the former requires zero proof.) Google's terms make it pretty clear they can't do that ("You retain ownership of any intellectual property rights that you hold in that content"), and even if they change the terms later, they can still be sued for selling the data since it was uploaded under the existing terms. IANAL, of course, but Google is in enough hot water already that it would be practically suicidal (and extremely stupid) to do that.

Oh, and BTW the relevant quote is from their "Terms of Service". Their privacy policies are an entirely different page, so the headline is incorrect: this isn't about their privacy policies, it's about their terms of service. The privacy policies themselves aren't actually discussed in TFA, although they are referenced.

Re:Slashdot, please quote the whole paragraph

[NeutronCowboy]

bonch most likely posted the article, and is back to his Anti-google crusade. This seems to be par for the course for him. I expect more Anti-Google stories in the near future, along with brand new accounts posting immediately after the story goes live.

Re:Slashdot, please quote the whole paragraph

[dgatwood]

In context, I'm even more uncomfortable with the wording. Why should I give them any rights to use my content while developing new services? What kind of new services? Does that mean, for example, that without me taking any explicit steps to share them, my private files containing proprietary information could end up on some new Google+ private image search service for my friends to search?

No, proper terms of service and privacy policies should state exactly how you intend to use a customer's data, which does not include the right to expand that usage in whatever way you see fit except at the user's direction. A proper policy makes it explicitly clear that the user's private data will not be shared with anyone unless the user explicitly authorizes that sharing. A proper policy does not grant the company any rights except as required in order to perform the actions that the user initiated. This is not a well-written policy.

Re:Slashdot, please quote the whole paragraph

[ChatHuant]

Well, see the difference pointed here. I like SkyDrive's statement: Microsoft is granted rights

solely to the extent necessary to provide the service.

This is nice, clear and limited, and exactly matches my understanding of the relationship with the company. In contrast, Google's ToS is more vague and completely unlimited, in that that it applies not only to the services I signed for but to any new ones Google may want to develop. I have no control or knowledge what those new services may be or whether I want my data used that way. Moreover, by agreeing to Google's ToS I also have to give access to my data to any company Google decides to work with, again without my control or knowledge.

You note some people "imply" that Google may sell your data without your consent. I'd say it's a pretty reasonable suspicion, given Google's business model. You rightly point that the IP remains yours, but I think you're missing an important point: "selling your data" isn't limited to the data itself, but also to all facts that can be inferred from your files. Google can analyse your data and extract a lot of things, and that information can be valuable to all kinds of third parties you know nothing about and maybe wouldn't want to know facts about you. For example, Google may check your list of e-books and find out you're interested in science fiction, or maybe dieting, or have a penchant for fetish erotica. This is very much the type of data Google's advertising arm is interested in, and their ToS allows them to extract and sell it, while Microsoft's doesn't.

Re:Slashdot, please quote the whole paragraph

[metrometro]

Retaining "ownership" of intellectual property is not a solution if the same agreement also gives a perpetual, royalty free license to use that content to Google and unnamed future partners for the wide open purpose of "operating, promoting, and improving our Services, and to develop new ones".

Simple test: Can you put my kid's face in an advertisement without notifying me? Answer looks like yes to me.

Re:Slashdot, please quote the whole paragraph

[williamhb]

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.

Materially, Google's terms seem to be in the same vein as Dropbox's: they need to be able to actually, you know, host your data to be able to actually host your data.

No, it's quite different. Chalk and cheese. Right now, AdSense (the indexing of your data in order to sell advertising against it) is one of Google's "Services". Market analytics (selling aggregated data) might in future become another of Google's Services. Google Buzz was a Service ("Whoops, we thought broadcasting the identity of all your email contacts publicly over the Web without asking you first was a feature!") and a similar snafu could become a Service any time they choose. DropBox and the others appear (IANAL) only to ask for rights to offer the service (singular) -- the one you signed up for -- not an open invitation to use your data for anything they see fit afterwards.

Duh!

[kurt555gs]

Put your Pr0n on Google drive. Let them share that. Seriously, would you put anything that really is secret or sensitive in the cloud? Common sense should be enough.

Re:Duh!

Seriously, would you put anything that really is secret or sensitive in the cloud?

Yes.

Encrypted.

Not lawful

ToS is not a binding contract. Any service based upon copyrighted material is a derivative work and such rights cannot be transferred without a binding contract. Clicking 'I agree" is not the same as attaching a 'digital signature'.

Google's terms are worthless.

Re:Not lawful

[DragonWriter]

ToS is not a binding contract.

Usually has the required elements of mutual consideration, offer, and acceptance, so it probably is.

You may be confusing "binding" with "written", which is a mistake.

Any service based upon copyrighted material is a derivative work and such rights cannot be transferred without a binding contract.

Under US Copyright law, a signed agreement is necessary for some copyright transactions, but not for most copyright licenses, including those to create derivative works.

Clicking 'I agree" is not the same as attaching a 'digital signature'.

Which would be relevant iff this were a situation where a written contract was generally required and the theory under which the agreement was binding was statutes making documents with attached "digital signatures" meeting certain requirements legally equivalent to written documents.

Re:Not lawful

isn't it called a wrappaper-contract, which is NOT binding? You cannot sign up without clicking the checkbox "i agree to the TOS", but you see the content of the servic only after signing up. because of this, the checkbox is no binding contract.

Re:Not lawful

Google and its subsidiaries may also, if necessary, sew yet another person's mouth onto your butthole, making you a being that shares one gastral tract." Hmmm, I'm gonna click onnn... "Decline."

More explicit descriptions than others

[sillivalley]

My take on it -- Google is being more explicit about what they are going to do with data that you mark public.

Example: you post a document. A friend in Germany wants to look at it, and asks Google to display the document (which you wrote in English) in her native German. This requires Google to make at least one intermediate copy, leading to a German translation, which would be considered a derivative work, which is then displayed.

Sounds like they've done an admirable job of covering the bases, to me, rather than the shorthand that others use.

Oh, it goes without saying that when you use/visit a website, if you can't find the product being sold, then you are the product being sold.

Re:More explicit descriptions than others

[wildtech]

If they are being more explicit about it, then it should not involve a 'take' on it. It should be stated clearly.

We will only use your data if you mark it public. We will only use it in these explicit ways. ie., We will aggregate types and number of files, we will target ads to you in other Google services based upon content within your drive... Only when marked public. We will not scan your personal naughty documents and serve ads based on those unless they are marked public.

If it is explicitly well stated, then I shouldn't need to ask for clarification.

Re:More explicit descriptions than others

[DragonWriter]

If they are being more explicit about it, then it should not involve a 'take' on it. It should be stated clearly.

Whether data is public-by-default, private-by-default, or shared-within-some-limited-scope-by-default varies from service to service. The ToS explicitly recognizes that service-specific "terms and settings" further narrow the scope of Google's use of data.

If it is explicitly well stated, then I shouldn't need to ask for clarification.

If you actually read the whole thing, I don't think you would.

Damn

that just made it unusable to me... i want to store creative works, not host commercial media.

Really, something free has terms

[future+assassin]

attached to it? What is this world coming too. WE need 100% privacy when companies give us free products to play with, how dare they want something for nothing. What's even more amazing is how people are readily uploading their personal stuff to some server for storage. Nothing could go wrong with their data....

Re:Really, something free has terms

[gl4ss]

it's hardly free when it's a selling point service aimed at competing identical services from other companies providing a competing product(a mobile os)... it's a product they must have to match the other products on bulletin points.

Two Quotes From the Policy

[eternaldoctorwho]

You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to [...] modify, [...] such content.

FAIL

Incredible if True

[skywire]

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content."'

If Google are actually saying this about your virtual hard drive content, it beggars belief. 'Evil' would not be a strong enough description. 'Insane' might come close. No-one in their right mind would agree to it.

Re:Incredible if True

[ScentCone]

If Google are actually saying this about your virtual hard drive content, it beggars belief.

They're not saying that. The summary is being incredibly disingenuous and cherry-picking things to quote, missing important context, on purpose. FUD.

Sounds like Julian Assange...

[ibsteve2u]

...should store "interesting stuff" he wants everybody in the world to know about on Google Drive rather than run the risk that a media source he offers it to will just "turn" him to a corporation or "the authorities".

Encryption

[charnov]

It's called encryption... use it!

Re:Encryption

A technical solution only lasts as long as the next order of hardware capability, or the next mathematical insight. It may work in the short term, but it will ultimately fail. The only real solution to "protecting" your data, is to not allow them to have access to it. As long as you're giving them access to it (even encrypted), it's all fair game. And really, if you use "cloud computing" to encrypt the file, they'll just record the key while your doing it, pat you on the head, and pretend that your a real smart guy.
Why anyone would use the cloud for anything, but the most trivial of things, is beyond me. It's great for sharing LOLcat pix, uber-funny amateur jackass vids, torrents, etc. But really, if you don't want the world to see it, don't put it on the front sidewalk.

Re:Encryption

you could use fullbit encryption, this one will last forever, because its made by cryptochef.

Google evil.

Hulk sad.

"promote" their service is a unique term

Of the cloud storage providers, only Google's tos include the right to use your data to "promote" their service. All of the others ask only for the rights necessary to provide service *to* you.

Of COURSE they require that license

[brunes69]

If Google does not require that license to your content, then how in gods name will they do simple things like display thumbnail previews of documents, which by NECESSITY is a derrivitive work?

If anything, the fact that Microsoft and Dropbox *does not* have this in their agreement basically means they are violating their agreement constantly, just no one is calling them on it.

Re:Of COURSE they require that license

[Animats]

If Google does not require that license to your content, then how in gods name will they do simple things like display thumbnail previews of documents, which by NECESSITY is a derrivitive work? If anything, the fact that Microsoft and Dropbox *does not* have this in their agreement basically means they are violating their agreement constantly, just no one is calling them on it.

No. Thumbnails are not copyright infringement. That's been litigated and won. By Google. So they know better.

The new Google

[93+Escort+Wagon]

"Don't" be evil.

The real problem...

[Shoten]

The real problem is not that we have a fundamental concern about creating derivative works or in distribution, but in the intended purpose of such actions. Legal language is typically devoid of intent, since intent is a difficult thing to quantify effectively. As a result, legal documents focus on actions, regardless of whether they are good or bad. A derivative work could be, as stated above, creating a thumbnail of a picture (harmless and necessary for many functions, including showing you thumbnails in PicasaWeb, for example). It could also be something else, like taking your codebase in Google Code and just freely incorporating it into a product of their own (not harmless, and intellectual property theft). What I see is that as far as I can tell, Google has yet to commit any gross abuse of such things, nor have they seemed inclined to do so.

Google's next challenge is to find a way to delineate between the types of intent they have and the ones they do not have, in a way which is legally binding and thus will hold credibility with groups like EPIC. I do think EPIC is going a little overboard on their language. For example, Rotenberg says "After the unilateral changes on March 1, I don’t understand why users would trust Google to stand by its terms of service," which seems a bit odd to me. He's using the phrase "unilateral changes" as if there was any other way to change terms of service, or like it is a bad thing. What is he implying...that Google should have crowdsourced the ToS that protects their business, and given up control over what the ToS would end up as? That doesn't seem very realistic, and I'd think someone like Rotenberg would already understand how infeasible that is.

So one part of this is the fact that Google could abuse their users while remaining within the Terms of Service because legal verbiage is bad at distinguishing good intent from bad, and another part is that EPIC is fearmongering a bit. I don't see the real problem, myself, especially since it's possible for their Privacy Policy (which is also in effect) to constrain the actions in the ToS, reducing the amount they could do that's actually "bad".

Re:The real problem...

making thumbnails so you can see them has nothing to do with derived works!!

If your actions result in thumbnails being generated and such thumbnails are only used by you, then it is not Google creating derived works, it is you doing so with the aid of software and hardware supplied by Google.

If this was not true, then any software you have on your computer would be illegal - it always creates "derivative works", like thumbnails.

Derived means taking your stuff, modifying it and using it as your own value added work. Creation of derived work and saying that google owns the items uploaded (ie. copyright) is beyond ridicules and hence I would not use Google Drive for anything remotely useful. Heck, their terms are not even compatible with GPL - you cannot upload GPL software code to Google Drive without breaking copyright laws.

My solution.

[P-niiice]

The solution to this is to only use it for pirated apk's. Seriously.

"Settings that narrow the scope of our use"

[DragonWriter]

The really important part, in the context of Drive, is: "in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services."

The default setting in Drive is private-to-you-only.

The recognition of settings narrowing the scope of use in the ToS means that it is part of the offer of service that you can use settings that purport to limit the use of content to, in fact, limit the scope of Google's use of that content, and, in the context of Drive, that material you put in it with the default, private-to-you setting, will be used only to create copies (e.g., replicas on various servers, etc.), derivative works (e.g., transformation in different formats, which Drive has hooks to support), and distribution (e.g., over the "series of tubes" connecting your devices to Google's servers), etc., to support delivering that content and its derivative products to you.

Or to third-parties (e.g., apps) that you've explicitly approved for access to your private Drive content (as that's, again, within the scope of how the settings in Drive purport to restrict the use of your content.)

ala Facebook

[ThatsNotPudding]

You ain't the Customer, son: you're the Product. Wanna keep complaining? Here's your zero dollars back*.

* For-pay data storage *should* be free from data harvest, regardless of vendor.

not much of a privacy advocate.

[Bigsquid.1776]

True privacy advocates will suggest the following: Do not put data you wish to keep private on a storage system accessible by someone else.

and this is why one should use cyphertite

Man, this is another one of those: "stop using google stuff" go with small time guys who do protect your privacy. I use this stuff: https://www.cyphertite.com/ secure and private, by design and verifiable. 3

Synology self-hosted cloud

[Galestar]

I'm considering buying a Synology server and using this
http://www.synology.com/support/video_your_cloud.php?lang=us
Combine with a DDNS and you have your own self-hosted Dropbox/GDrive.

Anyone have any experience with this?

Rules of Engagement for Cloud Storage

[dskoll]

Anyone who stores anything on cloud storage without first encrypting it with AES or stronger encryption and a key generated with a secure random number generator is pretty naive.

"The cloud" = "The Internet"

[Paracelcus]

Dumbass marketing buzzwords irritate the hell out of me!

Big news, DON'T SEND UNENCRYPTED DATA OVER THE INTERNET!

Not an issue

[koan]

I use Truecrypt and toss everything into a container before storing it on Gdrive or anywhere else for that matter.

Standard License for User Submitted Content

[demeteloaf]

Yeah, not really getting the whole uproar here...

The terms quoted are pretty much necessary for any site that allows user submitted content. That's the way copyright law works. If they want to display something on a webpage, they need a license to do it. If they want to convert a word document into a .pdf, that's a derivitave work. Same with showing you a thumbnail of the image you uploaded. I guarantee that 95% of the sites out there have a similar clause in their terms of service. For instance: just take a look at slashdot's own terms of service. Click that terms button down at the bottom of the page and what do you get:

submitting user retains ownership of such Geeknet Public Content; with respect to publicly-available statistical content which is generated by the site to monitor and display content activity, such content is owned by Geeknet. In each such case, the submitting user grants Geeknet the royalty-free, perpetual, irrevocable, non-exclusive, transferable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable license

Looks very similar, doesn't it...

One other thing

[koan]

Stop worrying about corporate privacy policies, take control of your own privacy through intelligent use of encryption and obfuscation.

You know, "personal responsibility".

uhuh

[holophrastic]

oh look, a reason to avoid it. I was looking for one.

Boy they're not going to like me...

[Mysticalfruit]

It's my personal policy that anything that gets stored up on the "cloud" is both obfuscated (in terms of file names) and encrypted.

My public dropbox account looks something like: ...
078bdeb9-3938-4ae6-992c-56dd7352e814
3b4fdf86-99e3-479f-a09a-34d3d5a1db68 ...
I doubt advertisers will learn much.

Slippery slope

[peppepz]

Just wait until Google (Apple, Microsoft) start releasing PCs (tablet, phones) which only allow these services as storage medium, and there you go, Stalin's dream in your hands. And once more RMS is proven to be less insane than he looks.

Only a couple of weeks ago everyone here was outraged because Sony wanted to share it players' high scores, but now that Google wants to take ownership of everything that passes from your PC it's OK. Bah.

#1 Problem with these services

[DarthVain]

The only thing I would use these services for would be to back up critical personal files, and without encryption, I would never do that with my critical personal files.

I suppose you could use it as a doc sharing platform, which is what it sounds like they are going for, but there are already a lot of ways to do that. I know that for example past a certain size, files are not very reasonable for email, and if you have to go outside your own network that can be a pain in the ass. Some IT for security reasons don't want everyone and their dog to set up FTP servers, and some clients either don't have, or are not technically aware enough for that method. This might fit that niche. However again, there exists a ton of other things that do this sort of thing also, but this might be a cheaper alternative to some (I know of several we have access to, but the license fees are a bit much). Really it depends on on ubiquitous it becomes, which I guess is a Google (YouTube, Gmail, Etc...) specialty...

Illgeal?

[js_sebastian]

They don't sell your data to customers, that would be illegal..

Your mileage may vary. It is certainly illegal in Europe, but it is very much legal in the US where privacy protection is not enshrined into law. Everyone sells your data to the highest bidder. Your credit card company, the departments stores you shop at, the websites you visit, etc...

mod up

[chrb]

Yes, exactly. MS service terms allow them to update the service with new features like video streaming, content sharing. If you mark a file as public they can do what they want with it.

I can understand what they're trying to do

I can understand what they're trying to do. So, rather than just whining "You can't do that", why not help them do it RIGHT?

What they want is to be able to host the content YOU post to their service without being sued because it auto-translates to hebrew if read on a server in Israel. Or sued for creating a copy when they back up their service machines. Or sued for doing what you asked them to, but not what you wanted them to do when you asked it without having to have everyone enter the eighteen billion ways in which copyright can be broken and whether they can do it.

They want a license agreement the same as a publisher wants, and for mostly the same reason.

I don't, however, hear anyone whining to google for doing it and doing the same to the publishers.

The thumbnails are a derived work of the original

The thumbnails are a derived work of the original.

If they weren't, then they'd either be a straight copy (and therefore not a thumbnail: it's as big as the original at least in transmission size), or an icon.

MP3s and music phrases are thumbnails

MP3s and music phrases are thumbnails of music. However, they are copyright infringement.

Meanwhile, by merely being told "You have infringed my copyright", you have to defend yourself in court and this costs.

Yes. Ask MyMP3.

Ask TBP. Just storing files is claimable as copyright infringement.