Slashdot Mirror
Privacy Advocates Slam Google Drive's Privacy Policies
DJRumpy writes "Privacy advocates voiced strong concerns this week over how data stored on Google Drive may be used during and after customers are actively engaged in using the cloud service. While the TOS for Dropbox and Microsoft both state they will use your data only as far as is necessary to provide the service you have requested, Google goes a bit farther: 'Google's terms of use say: "You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content."'
Google's motivation, in all that it does, is to index your data an sell you to advertisers. Advertisers are the customers, and you are the product. Android, Gmail, the search engine, Google Drive, Google+, and so on--they all exist solely to index people's data and serve them ads. 96% of Google's revenue comes from advertising. It is their core business.
In fact, that's not actually bad in and of itself, up to the point where it crosses into creepy territory, like in this case. Just by uploading your personal files, you are licensing them to Google to do whatever they want with them. And not just Google--note the parenthetical "(and those we work with)". So you don't even know who is going to be using your personal data. I mean, these policies actually give Google and other strangers the right to publicly display and distribute your files. One wonders if that absolves them from any consequences from security intrusions too, since a hacker getting hold of your files that would count as publicly distributing them, even if accidentally.
I've never bought into the image of benevolence Google always presents to the public, and that's cost me Slashdot karma over the years, but I don't care. It will be very interesting to see who defends this. It would be difficult not to see them as sellouts of themselves, all too happy to trash their own privacy rights, eager to please the advertising megacorp and defend them from attack. Wake up!
Whoever doesn't realize... deserves to get screwed.
Speak for yourself. Not *everyone* has the background, the experience or the jaded attitude you possess, and it's attitudes like yours (and the entire caveat emptor set) that leave the upcoming (younger) individuals hanging out to dry.
So here's my business idea:
I want to develop a home automation and integration service. There will be a wide variety of devices designed and built to make people's lives easier. It will vacuum your floors, track/inventory your pantry, refrigerator and freezer, order out of stock foods and supplies based on your rate of consumption and the discards in your waste collection units, organize your closets, manage your TV viewing, secure your home from invaders with our monitoring services. And it's ALL FREE!
All you have to do is allow us to use the information we collect in ways we don't care to detail or disclose.
How does that sound?
OK, well, not all that shocked.
Whoever doesn't realize by now that Google is a marketing agency who makes their money off selling their users' data, deserves to get screwed.
Google makes zero money off selling their users' data. Selling their users data would, in fact, hurt Google's business strategy.
Google makes money off having access to users' data nobody else does. They can tell an advertiser, "we know the people for whom your ad will be most relevant, and no other advertising company has that information." If they were to actually give a list of said users to their client, they'd no longer be able to charge for advertising to those users, because their clients would do it directly.
When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.
It is incredibly intellectually dishonest to quote only part of a paragraph, without noting the limitation that immediately follows. You can still have problems with the terms (the note on "promoting [and] developing new [services]", especially) Materially, Google's terms seem to be in the same vein as Dropbox's: they need to be able to actually, you know, host your data to be able to actually host your data. But if you want to actually discuss their policies, don't quote them partially out of context. That doesn't help.
I particularly love how people in that article subtly imply that Google is going to sell your data, without actually coming out and saying it (“You have to ask yourself, what’s the business model. If the business model is to make money from a service or money from advertising, that’s one thing. If it’s trying to make money off the sale of data, that’s another thing.” Implying evil behavior is much easier than coming out with an actual accusation: the former requires zero proof.) Google's terms make it pretty clear they can't do that ("You retain ownership of any intellectual property rights that you hold in that content"), and even if they change the terms later, they can still be sued for selling the data since it was uploaded under the existing terms. IANAL, of course, but Google is in enough hot water already that it would be practically suicidal (and extremely stupid) to do that.
Oh, and BTW the relevant quote is from their "Terms of Service". Their privacy policies are an entirely different page, so the headline is incorrect: this isn't about their privacy policies, it's about their terms of service. The privacy policies themselves aren't actually discussed in TFA, although they are referenced.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
The key element in Microsoft's ToS is this.
"You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service SOLELY TO THE EXTENT NECESSARY TO USE THE SERVICE."
Google's ToS - or at least the section quoted there, I haven't memorized the whole thing - doesn't include the same sort of limitation to limiting one service's rights to one service's information. In fact, I remember info-sharing being a big thing they started doing recently!
So as written, could they take my videos from Drive - one of their services - and move it onto YouTube - another service? There's no threat like this from DropBox, Microsoft says "We won't do it", Apple follows MS's example with a limitation "solely for the purpose for which such Content was submitted or made available" - so I'd want to see an equal protection from Google on cross-service usage of my Drive data before I even think about it.
of course, if it's already there, this article is fail.
Dropbox:
I have bolded the relevant bit that the biased summary failed to include. It is exactly the same as the Microsoft term above.
No, not it is not. There is a huge difference between Microsoft's (The Service) and Google (Our Services). If Google decided to come out with a new service where they allowed you to search anyones documents on their site, you've already agreed to it. With Microsoft, you have not. Is it a glaring omission in the biased summary? Yes. But does it mean that your stuff will only be used for operating,promoting and improving Google Drive? No. No it does not. When Google collects it and starts distributing your family photos as part of GIS, you've already agreed to it.
My take on it -- Google is being more explicit about what they are going to do with data that you mark public.
Example: you post a document. A friend in Germany wants to look at it, and asks Google to display the document (which you wrote in English) in her native German. This requires Google to make at least one intermediate copy, leading to a German translation, which would be considered a derivative work, which is then displayed.
Sounds like they've done an admirable job of covering the bases, to me, rather than the shorthand that others use.
Oh, it goes without saying that when you use/visit a website, if you can't find the product being sold, then you are the product being sold.
You need to take a course in reading comprehension.
Sig Battery depleted. Reverting to safe mode.
And anyone claiming that it is unlikely is a fool. Had Yahoo had such a term of service fifteen years ago, everyone would have called it unlikely to be abused at the time. And now, fifteen years later, the company is in such bad financial shape that I wouldn't put such a desperate move past them if it could keep them afloat. There's no reason that Google couldn't eventually end up in dire straits financially someday, and when they do, they'll have your data and the right to exploit it.
Check out my sci-fi/humor trilogy at PatriotsBooks.
I use them to store files I don't give a shit about. If they want to scrape my cannabutter recipes and pirated MP3's looking for something to 'monetize', they can be my guest.
The only data they can steal is the data you give them. People aren't powerless victims, here, they're making a deliberate choice to put their files in someone else's control. I don't much give a shit who that someone else is, if you don't want them to see it, don't give it to them to hold.
This is just simple common sense, but it seems like people would rather keep stamping their feet and bitching about how insecure it all is rather than just making the simple decision to not fucking upload sensitive shit to these services in the first place and moving on with their lives. Anyone looking for an impenetrable bank vault for their data via an internet connection is an idiot. The weak point in any security system is the user, and as we all know, users come up with novel ways to compromise their shit every single day. According to a recent study, the most common password in business is Password1. If that doesn't make you think twice about trusting any of these services with your data I don't know what will...
True privacy advocates will suggest the following: Do not put data you wish to keep private on a storage system accessible by someone else.