Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Advocates Slam Google Drive's Privacy Policies

Posted by timothy on from the rain-down-upon-thee dept.

DJRumpy writes "Privacy advocates voiced strong concerns this week over how data stored on Google Drive may be used during and after customers are actively engaged in using the cloud service. While the TOS for Dropbox and Microsoft both state they will use your data only as far as is necessary to provide the service you have requested, Google goes a bit farther: 'Google's terms of use say: "You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content."'

55 of 219 comments (clear)

  1. Google's motivation by bonch · · Score: 3, Insightful

    Google's motivation, in all that it does, is to index your data an sell you to advertisers. Advertisers are the customers, and you are the product. Android, Gmail, the search engine, Google Drive, Google+, and so on--they all exist solely to index people's data and serve them ads. 96% of Google's revenue comes from advertising. It is their core business.

    In fact, that's not actually bad in and of itself, up to the point where it crosses into creepy territory, like in this case. Just by uploading your personal files, you are licensing them to Google to do whatever they want with them. And not just Google--note the parenthetical "(and those we work with)". So you don't even know who is going to be using your personal data. I mean, these policies actually give Google and other strangers the right to publicly display and distribute your files. One wonders if that absolves them from any consequences from security intrusions too, since a hacker getting hold of your files that would count as publicly distributing them, even if accidentally.

    I've never bought into the image of benevolence Google always presents to the public, and that's cost me Slashdot karma over the years, but I don't care. It will be very interesting to see who defends this. It would be difficult not to see them as sellouts of themselves, all too happy to trash their own privacy rights, eager to please the advertising megacorp and defend them from attack. Wake up!

    1. Re:Google's motivation by MetalliQaZ · · Score: 5, Insightful

      They don't sell your data to customers, that would be illegal. They look at your data and use it to build a description of your personality and then they sell the fact that they know your personality to advertisers.

      Doesn't explain why they need rights to distribute and create derivative works.

      --
      "Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
    2. Re:Google's motivation by Bobakitoo · · Score: 5, Insightful

      Doesn't explain why they need rights to distribute and create derivative works.

      Creating a thumbnail or a document preview would constitute a derivative work. Displaying it on your browser would be distribution.

    3. Re:Google's motivation by Anonymous Coward · · Score: 5, Insightful

      Because you have the option to share your documents publicly. Creating and sharing a really popular document might warrant automatic translation by Google into other languages so that other regions, too, can read your public document. That translation is an example of Google creating and distributing a derivative work.

    4. Re:Google's motivation by chrb · · Score: 4, Informative

      Doesn't explain why they need rights to distribute and create derivative works.

      Content sharing is distribution. Content preview is a derivative work. Skydrive and Dropbox both require exactly the same rights.

    5. Re:Google's motivation by AngryDeuce · · Score: 4, Insightful

      To be honest, I think anyone that thinks "The Cloud" is secure in any way, shape, or form is an idiot.

      Doesn't much matter who's fucking 'cloud' it is, it's just common sense. If you put data on the internet, you're taking a risk in that data being seen by someone else. This is not a new concept.

      That's why the privacy hysteria concerning these cloud storage providers cracks me up. Of course there's a risk in doing so. There's a risk in connecting a computer to the internet at all. If that risk isn't a factor in the decision making process of the end user, that's their own fault.

      If you want to lock your data in a vault, go rent a fucking vault...but let's not pretend that a person should have any reasonable expectation of a risk-free cloud storage solution. Not gonna happen, not in our lifetimes. We still can't seem to not use passwords like '123456' or 'abcdefg' for fuck's sake. You think there isn't some moron at Google or Dropbox or Skydrive or whoever the fuck that's not doing the exact same shit? Come on, now, people.

    6. Re:Google's motivation by NeutronCowboy · · Score: 2, Insightful

      That's exactly right. Not sure what the privacy advocates are complaining about. Pretty much everything listed in there is required to have a functioning and useful cloud service. As others have pointed out, the policies for MS and Dropbox are almost identical in the relevant parts - they are the equivalent of legal boilerplate. Now, there is some wiggle room here indeed for things to show up in ads, but I can guarantee you that that would result in a huge outcry - kinda like what Facebook experienced when people's profile pictures started showing up in ads. Google might do something that stupid, but in the meantime, even something as weird as "publicly display" might be necessary to run their service. For example, what if I want to set permissions in my google drive to public, or even to something my friends can access? You know, like some real cloud storage? Bam, public display.

      So again, privacy advocates are barking up the wrong tree. They shouldn't be talking about Google's privacy policies, but about what it means to live in a world where everyone is potentially connected to everyone else - and this time, literally? There are some huge implications here that we're not used to dealing with.

      Personally, I'm approaching this sharing business cautiously. Everything is filtered to friends I actually know in meat space. And if I don't know them, hello pseudonymous handle.

      --
      Those who can, do. Those who can't, sue.
    7. Re:Google's motivation by gl4ss · · Score: 5, Insightful

      ..well.. for starters, they're asking for more rights than you usually as a content buyer have.

      got an mp3? pretty certain even if you bought it legally that you don't have the right to publicly "perform" it(thanks artist associations and your monopolies!).

      they're wording it as a worldwide license for them and their partners to publicly display your data and you're asking why the privacy orgs are barking at them?? wth?? note that they could word the whole service so that it's you who are serving the things to whoever you want by using their service instead of this way of them doing everything.

      also I would think this to be a bad choice that opens them to lawsuits, since it's now _google_ doing the re-publishing of the file worldwide if you distribute an illegal mp3 through them.

      --
      world was created 5 seconds before this post as it is.
    8. Re:Google's motivation by msauve · · Score: 2

      They need to explain it better/more fully. As it reads, you give them those rights independent of any particular service-related need. Per the terms, they could publish your content even it that weren't your intent. If they said something like "If you use the service to share content with others, you give Google the rights necessary to provide that service. You give Google the right to copy your content for reasonable and customary purposes (such as making backups, or moving content between servers)." (IANAL, there's undoubtedly a better way to phrase it, but that's the concept)

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    9. Re:Google's motivation by elashish14 · · Score: 2

      Well it would probably help if they would be more specific about it. I haven't read the TOS myself, but if they said something like 'creating a derivative work for the purpose of displaying thumbnails,' or something more general, but not quite 'we can do whatever we want with it,' that would ease my mind a lot.

      --
      I have left slashdot and am now on Soylent News. FUCK YOU DICE.
    10. Re:Google's motivation by archont · · Score: 2

      Joke's on them. I'm a deadbeat. What kind of product or service would you want to market to someone who doesn't have the money to buy anything?

    11. Re:Google's motivation by Anonymous+Brave+Guy · · Score: 4, Insightful

      They need to explain it better/more fully.

      Unfortunately, their explanation seems to be perfectly clear. As you say, it includes no restrictions on use nor any guarantee of any sort security whatsoever. I expect that the objecting privacy advocates are thinking much the same thing as me: it is implausible that an organisation like Google, which has an army of lawyers and just pushed through a fairly controversial change to its privacy policies elsewhere a few weeks ago, claimed these extra powers anything other than deliberately.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    12. Re:Google's motivation by NeutronCowboy · · Score: 2, Insightful

      ..well.. for starters, they're asking for more rights than you usually as a content buyer have.

      Congratulations. You just discovered that corporations have different rights from you, because they have an army of lawyers that can write, argue and rewrite any contract the corporation comes in touch with. You don't.

      Since you clearly didn't catch the example I provided for why they need a worldwide license to publicly display your data, let me ask you this: assume you're building a company that stores user content, and allows users to provide access to said content to anyone they wish, including anonymous access. Think maybe flickr. How would you write it? And by the way, when you do come up with an answer, run it by your corporate counsel. If they don't laugh you out of the office, post it here. I suspect it will be remarkably similar to what Google has.

      --
      Those who can, do. Those who can't, sue.
    13. Re:Google's motivation by TheGratefulNet · · Score: 4, Insightful

      if that's true, then let them ennumerate *exactly* the things they are going to do to your data. wildcard words are good for google but probably pretty bad for the users.

      given how creepy this all is becoming, they should start off saying they won't use your data in any way other than X and Y and so on. spell it out and only the things ON the list are allowed. all else, by default would not be. you'd have to state this default disposition first, too.

      I won't ever see that from google and so I refuse to use their services as much as I possibly can. (I can't fully not use their services since, when I try to block google domains, many of my other websites that have nothing to do with google stop working. order parts from mouser or digikey and disable google in adblock or noscript? you can't! the vendor goes out to googleapis for this and that. I can't stop that, sadly.)

      if you understand what google is about and continue to feed it your data, hey, its your life and if you want to throw your privacy away for cheap isp or network use, that's your decision. I choose to avoid google as much as possible. I see what they are and I choose not to participate with such companies.

      --

      --
      "It is now safe to switch off your computer."
    14. Re:Google's motivation by ColdWetDog · · Score: 5, Funny

      And legalese is legalese because lawyers are assholes and will nail you for any omission, inconsistency or inaccuracy.

      Or erroneousness, mistakenness, fallaciousness, faultiness, inexactness, mistake, fallacy, slip, slip-up, oversight, fault, blunder, gaffe; erratum, solecism; informal howler, typo, blooper, goof,exception; deletion, cut, excision, elimination, erasure; gap, blank, or absence.

      You didn't even really get started.

      --
      Faster! Faster! Faster would be better!
    15. Re:Google's motivation by PTBarnum · · Score: 2

      So all you want is for Google to list every possible service that they may offer in the future, and how it will affect your data?

    16. Re:Google's motivation by AngryDeuce · · Score: 3, Interesting

      Yes, you're right, that is not a new concept. Servers get hacked all the time. Stolen data is in the headlines every day.

      The new concept that everyone is bitching about is the legal "theft" of your data, which is outlined on page 3,742 in the hardcopy version of the EULA. I found a copy once, in one of Google's old abandoned data centers. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.'

      That's the issue. Trusting a cloud provider. Hell, I wouldn't be surprised if I uploaded a truecrypt volume that was absolutely unreadable to anyone but me if I started getting targeted ads for TrueCrypt...

      I'm just trying to figure out how people rationalized the first problem, the fact that no online solution is 100% secure, if they're taking offense to the new one, the "lack of trust".

      What Google does with the data is immaterial if the data is sensitive enough to have a privacy concern in the first place. If you don't want people seeing it, you should not put it on the internet. Period. If you're willing to take the risk of putting your super duper secret formula on the internet in the first place, why would Google scraping it to target ads be what concerns you? I would think that the possibility of it being seen by anyone (which is always a possibility, as long as human beings are involved any step of the way) would have been enough of a motivating factor to not put the super duper secret formula on the internet in the first place.

      I don't know, maybe it's just easier for me to be objective because I have no real need for a cloud storage solution and use them simply as a convenience, but I would think that any enterprise that had information sensitive enough to warrant these privacy concerns wouldn't be going to a third party to host their data in the first place. Coca-Cola isn't going to ask Google to store a copy of their secret recipe, and if they did, the last thing they should be worried about is a bot scraping it to target ads. That's why all this privacy hysteria cracks me up as concerns cloud storage, because it requires the user to have already decided that the base insecurity inherent in any network attached computer (any computer at all, really) wasn't enough of a concern to make them stay away in the first place. If you care about your data's privacy, for fuck's sake, keep it off the internet, and damn sure don't trust a third party like Google, Facebook, Microsoft, Apple, etc, to keep an eye on it. That's just retarded.

    17. Re:Google's motivation by cayenne8 · · Score: 4, Informative

      They don't sell your data to customers, that would be illegal.

      You must be in Europe.....

      In the US, it is perfectly legal to sell all your data to customers, in fact, there are MANY companies that do just thing....Acxiom is one such example, they have information on likely 98% of the US, and decades ago, they were just then starting to branch out to other countries, I'm pretty sure they have succeeded by now on that front too.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    18. Re:Google's motivation by cayenne8 · · Score: 5, Insightful
      There's a pretty simple way to avoid this....

      Simply encrypt everything you keep on Google Drive...I'll bet a company that came out with a cheap, easy to use tool to automate encrypting all data to/from these cloud storage setups, could make some money off said tool....

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    19. Re:Google's motivation by Ihmhi · · Score: 2

      No, but if they invent something so revolutionary that it doesn't fall under translating for other users, indexing, thumbnails, and a few other limited but sensible features, then they can renegotiate the ToS with us.

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    20. Re:Google's motivation by shentino · · Score: 2

      Actually considering Mega Upload, the copyright juggernaut will happily blame anyone and everyone they can get away with.

      As far as they are concerned, anyone not dumping money into their pockets is at fault just for being alive.

    21. Re:Google's motivation by DarthVain · · Score: 2

      The only problem with this is you need a local client to still track your files, otherwise you can encrypt all your files and upload them, but if you have 5GB of files you will be using 5GB every single upload, which will kill your bandwidth. Typically these backup things to a compare, and would only upload the 2% of files you changed that month.

      Anyway that is the biggest problem, is that when you encrypt your files, the storage device cannot scrutinize your files for changes (which is the whole point of encryption more less in the first place).

      I'm sure there must be a technical way around this, but I think either way it would involve an amount of trust in the provider.

      For total personal protection you can do it, it would just be expensive as it would be a bandwidth hog.

  2. Article fail by Troed · · Score: 5, Informative

    "a close and careful reading reveals that Google's terms are pretty much the same as anyone else's, and slightly better in some cases"

    http://www.theverge.com/2012/4/25/2973849/google-drive-terms-privacy-data-skydrive-dropbox-icloud

    --
    it's in my head
    1. Re:Article fail by Anonymous Coward · · Score: 5, Insightful

      The key element in Microsoft's ToS is this.

      "You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service SOLELY TO THE EXTENT NECESSARY TO USE THE SERVICE."

      Google's ToS - or at least the section quoted there, I haven't memorized the whole thing - doesn't include the same sort of limitation to limiting one service's rights to one service's information. In fact, I remember info-sharing being a big thing they started doing recently!

      So as written, could they take my videos from Drive - one of their services - and move it onto YouTube - another service? There's no threat like this from DropBox, Microsoft says "We won't do it", Apple follows MS's example with a limitation "solely for the purpose for which such Content was submitted or made available" - so I'd want to see an equal protection from Google on cross-service usage of my Drive data before I even think about it.

      of course, if it's already there, this article is fail.

    2. Re:Article fail by icebike · · Score: 2

      So as written, could they take my videos from Drive - one of their services - and move it onto YouTube - another service?

      If you mark them as PUBLIC, yes, they probably could do that.

      But again this only applies to things you mark as public in your Drive, just like it was in Picasa, Docs, and any other portion of Google services where the option to PUBLICLY share content exists.

      However, they probably would not do this, because its a tracking nightmare. You have the right to cease sharing any item in your drive. If they had copied it out, they would have to track that down and withdraw it. Chances are they would just link it to YouTube if they even bothered to do that on something you shared. That way, when you un-share, the content would disappear from YouTube without them having to take any more action.

      But again, READ THE PRIVACY POLICY, and realize this is a tempest in a teapot because it only applies to stuff you EXPLICITLY share.

      So, yeah, Article Fail.

      --
      Sig Battery depleted. Reverting to safe mode.
  3. I'm Shocked! Shocked!!! by CanHasDIY · · Score: 2

    OK, well, not all that shocked.

    Whoever doesn't realize by now that Google is a marketing agency who makes their money off selling their users' data, deserves to get screwed.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
    1. Re:I'm Shocked! Shocked!!! by Anonymous Coward · · Score: 2, Insightful

      Whoever doesn't realize... deserves to get screwed.

      Speak for yourself. Not *everyone* has the background, the experience or the jaded attitude you possess, and it's attitudes like yours (and the entire caveat emptor set) that leave the upcoming (younger) individuals hanging out to dry.

    2. Re:I'm Shocked! Shocked!!! by LateArthurDent · · Score: 5, Insightful

      OK, well, not all that shocked.

      Whoever doesn't realize by now that Google is a marketing agency who makes their money off selling their users' data, deserves to get screwed.

      Google makes zero money off selling their users' data. Selling their users data would, in fact, hurt Google's business strategy.

      Google makes money off having access to users' data nobody else does. They can tell an advertiser, "we know the people for whom your ad will be most relevant, and no other advertising company has that information." If they were to actually give a list of said users to their client, they'd no longer be able to charge for advertising to those users, because their clients would do it directly.

    3. Re:I'm Shocked! Shocked!!! by Local+ID10T · · Score: 2

      Google is a marketing agency who makes their money off selling their users' data

      Almost...

      Google is an advertising company that makes money selling data about their users.

      A subtle, but important, distinction.

      --
      "You want to know how to help your kids? Leave them the fuck alone." -George Carlin
    4. Re:I'm Shocked! Shocked!!! by Anonymous+Brave+Guy · · Score: 2

      A subtle, but important, distinction.

      Indeed, and one that Google conveniently no longer needs to make in light of this privacy policy, since it looks like they can now sell their users' data too.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  4. Publishing HALF the facts = more fun. by icebike · · Score: 5, Informative

    Conveniently left out of the summary and TFA is that this only applies to DATA YOU EXPLICITLY MAKE PUBLIC in your Google Drive.
    Which is the same policy as Google Docs had, same as Picasa had, etc.
    If you mark a document public then it can be searched for and found. (But in my tests, its rarely searchable - probably my stuff is too boring even for Google's spiders).

    Foremost in Google's policy it states:

    Information we share
    We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances apply:
    With your consent
    We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.

    So if you mark it private, it means its almost as private as it can be while still being in the cloud. Of course Google has to honor subpoenas, but your next great novel will not appear in someone's search results if mark it private.

    If you want better privacy for your commercial cloud storage your best bet is SpiderOak which stores everything encrypted with an encryption key that even SpiderOak doesn't know. They use client-side decryption, and therefore couldn't hand over your stuff even at gunpoint.

    --
    Sig Battery depleted. Reverting to safe mode.
  5. Fluff piece by bonch · · Score: 4, Interesting

    What a fluff piece from the Verge. It doesn't compare the exact wording of the policies. Instead, it justifies Google's policy by saying abuse is "unlikely" (which isn't the point) and explains that rival services need certain delivery permissions to run the service, but it doesn't cite any examples from the policies of those rivals that are equivalent to the content license that Google Drive grants.

    The article also claims that "public" refers to the user and their actions regarding their own data. But that is NOT what Google Drive's policy states--it explicitly states that the content is licensed to Google as well as anyone Google works with.

    1. Re:Fluff piece by dgatwood · · Score: 3, Insightful

      And anyone claiming that it is unlikely is a fool. Had Yahoo had such a term of service fifteen years ago, everyone would have called it unlikely to be abused at the time. And now, fifteen years later, the company is in such bad financial shape that I wouldn't put such a desperate move past them if it could keep them afloat. There's no reason that Google couldn't eventually end up in dire straits financially someday, and when they do, they'll have your data and the right to exploit it.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  6. Indeed. by chrb · · Score: 4, Informative

    Dropbox:

    We may need your permission to do things you ask us to do with your stuff, for example, hosting your files, or sharing them at your direction. This includes product features visible to you, for example, image thumbnails or document previews. It also includes design choices we make to technically administer our Services, for example, how we redundantly backup data to keep it safe. You give us the permissions we need to do those things solely to provide the Services. This permission also extends to trusted third parties we work with to provide the Services, for example Amazon, which provides our storage space (again, only to provide the Services).

    Skydrive:

    If you share content in public areas of the service or in shared areas available to others you've chosen, then you agree that anyone you've shared content with may use that content. When you give others access to your content on the service, you grant them free, nonexclusive permission to use, reproduce, distribute, display, transmit, and communicate to the public the content solely in connection with the service and other products and services made available by Microsoft. If you don't want others to have those rights, don't use the service to share your content. You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service solely to the extent necessary to provide the service.

    Google Drive

    You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.

    I have bolded the relevant bit that the biased summary failed to include. It is exactly the same as the Microsoft term above.

    1. Re:Indeed. by drachenfyre · · Score: 5, Insightful

      Dropbox:

      I have bolded the relevant bit that the biased summary failed to include. It is exactly the same as the Microsoft term above.

      No, not it is not. There is a huge difference between Microsoft's (The Service) and Google (Our Services). If Google decided to come out with a new service where they allowed you to search anyones documents on their site, you've already agreed to it. With Microsoft, you have not. Is it a glaring omission in the biased summary? Yes. But does it mean that your stuff will only be used for operating,promoting and improving Google Drive? No. No it does not. When Google collects it and starts distributing your family photos as part of GIS, you've already agreed to it.

    2. Re:Indeed. by chrb · · Score: 4, Informative
      And for completeness, Apple's terms:

      Except for material we may license to you, Apple does not claim ownership of the materials and/or Content you submit or make available on the Service. However, by submitting or posting such Content on areas of the Service that are accessible by the public or other users with whom you consent to share such Content, you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available, without any compensation or obligation to you.

    3. Re:Indeed. by icebike · · Score: 3, Insightful

      You need to take a course in reading comprehension.

      --
      Sig Battery depleted. Reverting to safe mode.
    4. Re:Indeed. by AngryDeuce · · Score: 3, Insightful

      I use them to store files I don't give a shit about. If they want to scrape my cannabutter recipes and pirated MP3's looking for something to 'monetize', they can be my guest.

      The only data they can steal is the data you give them. People aren't powerless victims, here, they're making a deliberate choice to put their files in someone else's control. I don't much give a shit who that someone else is, if you don't want them to see it, don't give it to them to hold.

      This is just simple common sense, but it seems like people would rather keep stamping their feet and bitching about how insecure it all is rather than just making the simple decision to not fucking upload sensitive shit to these services in the first place and moving on with their lives. Anyone looking for an impenetrable bank vault for their data via an internet connection is an idiot. The weak point in any security system is the user, and as we all know, users come up with novel ways to compromise their shit every single day. According to a recent study, the most common password in business is Password1. If that doesn't make you think twice about trusting any of these services with your data I don't know what will...

    5. Re:Indeed. by a90Tj2P7 · · Score: 2

      Did you miss "publicly perform", "publicly display" and "publish", in addition to "for the limited purpose of... promoting... our Services..."?

    6. Re:Indeed. by Tanktalus · · Score: 2

      /me considers getting a skydrive account to help distribute linux ISO's, and wonders what kind of advertising he'd be subjected to for that.

    7. Re:Indeed. by pz · · Score: 2

      There is indeed a huge difference between the Google TOS and the others. A few important words in the Google TOS are pretty ominous -- "publicly perform", "publicly display", and "promoting".

      You give a document to Google, say one that contains sensitive information like your passwords, tax returns, or bank account numbers, and they can take a full-page advertisement in the New York Times showing the content of your document. They might not, but they can under these terms.

      Or, you store an MP3 your band recorded with them, say one that's destined to be a barn-burner of a single, and they can use it in their television ads, for free. They might not, but again, "publicly perform" and "promoting" are dangerously broad terms.

      No thank you.

      --

      Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
  7. I sell "free home automation services!" by erroneus · · Score: 3, Insightful

    So here's my business idea:

    I want to develop a home automation and integration service. There will be a wide variety of devices designed and built to make people's lives easier. It will vacuum your floors, track/inventory your pantry, refrigerator and freezer, order out of stock foods and supplies based on your rate of consumption and the discards in your waste collection units, organize your closets, manage your TV viewing, secure your home from invaders with our monitoring services. And it's ALL FREE!

    All you have to do is allow us to use the information we collect in ways we don't care to detail or disclose.

    How does that sound?

  8. Slashdot, please quote the whole paragraph by Baloroth · · Score: 5, Insightful

    When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.

    It is incredibly intellectually dishonest to quote only part of a paragraph, without noting the limitation that immediately follows. You can still have problems with the terms (the note on "promoting [and] developing new [services]", especially) Materially, Google's terms seem to be in the same vein as Dropbox's: they need to be able to actually, you know, host your data to be able to actually host your data. But if you want to actually discuss their policies, don't quote them partially out of context. That doesn't help.

    I particularly love how people in that article subtly imply that Google is going to sell your data, without actually coming out and saying it (“You have to ask yourself, what’s the business model. If the business model is to make money from a service or money from advertising, that’s one thing. If it’s trying to make money off the sale of data, that’s another thing.” Implying evil behavior is much easier than coming out with an actual accusation: the former requires zero proof.) Google's terms make it pretty clear they can't do that ("You retain ownership of any intellectual property rights that you hold in that content"), and even if they change the terms later, they can still be sued for selling the data since it was uploaded under the existing terms. IANAL, of course, but Google is in enough hot water already that it would be practically suicidal (and extremely stupid) to do that.

    Oh, and BTW the relevant quote is from their "Terms of Service". Their privacy policies are an entirely different page, so the headline is incorrect: this isn't about their privacy policies, it's about their terms of service. The privacy policies themselves aren't actually discussed in TFA, although they are referenced.

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    1. Re:Slashdot, please quote the whole paragraph by dgatwood · · Score: 2

      In context, I'm even more uncomfortable with the wording. Why should I give them any rights to use my content while developing new services? What kind of new services? Does that mean, for example, that without me taking any explicit steps to share them, my private files containing proprietary information could end up on some new Google+ private image search service for my friends to search?

      No, proper terms of service and privacy policies should state exactly how you intend to use a customer's data, which does not include the right to expand that usage in whatever way you see fit except at the user's direction. A proper policy makes it explicitly clear that the user's private data will not be shared with anyone unless the user explicitly authorizes that sharing. A proper policy does not grant the company any rights except as required in order to perform the actions that the user initiated. This is not a well-written policy.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    2. Re:Slashdot, please quote the whole paragraph by metrometro · · Score: 2

      Retaining "ownership" of intellectual property is not a solution if the same agreement also gives a perpetual, royalty free license to use that content to Google and unnamed future partners for the wide open purpose of "operating, promoting, and improving our Services, and to develop new ones".

      Simple test: Can you put my kid's face in an advertisement without notifying me? Answer looks like yes to me.

  9. Re:TrueCrypt? by Electricity+Likes+Me · · Score: 2

    A keyboard-smash 128 character password on an AES-encrypted zip file would be enough I'd think.

    Though this also sounds like a good opportunity for someone to write a Dokan filesystem for it (maybe something which just does the above?). I already use OTR encryption with Gtalk - it's kind of funny going through my Gmail account and seeing all the encrypted conversations. Sad that pretty much no one can be convinced to use GPG for regular email though.

  10. More explicit descriptions than others by sillivalley · · Score: 4, Insightful

    My take on it -- Google is being more explicit about what they are going to do with data that you mark public.

    Example: you post a document. A friend in Germany wants to look at it, and asks Google to display the document (which you wrote in English) in her native German. This requires Google to make at least one intermediate copy, leading to a German translation, which would be considered a derivative work, which is then displayed.

    Sounds like they've done an admirable job of covering the bases, to me, rather than the shorthand that others use.

    Oh, it goes without saying that when you use/visit a website, if you can't find the product being sold, then you are the product being sold.

  11. Re:What the hell, Google? by whereverjustice · · Score: 2

    There's a difference between signing over your IP rights and giving someone a license. If I write a book and then bring it to the print shop to have it printed, I'm giving them a license, not handing over the copyright. The difference is that I'm free to (1) make further copies myself, and (2) grant licenses to others without limit.

  12. Re:Incredible if True by ScentCone · · Score: 3, Informative

    If Google are actually saying this about your virtual hard drive content, it beggars belief.

    They're not saying that. The summary is being incredibly disingenuous and cherry-picking things to quote, missing important context, on purpose. FUD.

    --
    Don't disappoint your bird dog. Go to the range.
  13. The real problem... by Shoten · · Score: 4, Informative

    The real problem is not that we have a fundamental concern about creating derivative works or in distribution, but in the intended purpose of such actions. Legal language is typically devoid of intent, since intent is a difficult thing to quantify effectively. As a result, legal documents focus on actions, regardless of whether they are good or bad. A derivative work could be, as stated above, creating a thumbnail of a picture (harmless and necessary for many functions, including showing you thumbnails in PicasaWeb, for example). It could also be something else, like taking your codebase in Google Code and just freely incorporating it into a product of their own (not harmless, and intellectual property theft). What I see is that as far as I can tell, Google has yet to commit any gross abuse of such things, nor have they seemed inclined to do so.

    Google's next challenge is to find a way to delineate between the types of intent they have and the ones they do not have, in a way which is legally binding and thus will hold credibility with groups like EPIC. I do think EPIC is going a little overboard on their language. For example, Rotenberg says "After the unilateral changes on March 1, I don’t understand why users would trust Google to stand by its terms of service," which seems a bit odd to me. He's using the phrase "unilateral changes" as if there was any other way to change terms of service, or like it is a bad thing. What is he implying...that Google should have crowdsourced the ToS that protects their business, and given up control over what the ToS would end up as? That doesn't seem very realistic, and I'd think someone like Rotenberg would already understand how infeasible that is.

    So one part of this is the fact that Google could abuse their users while remaining within the Terms of Service because legal verbiage is bad at distinguishing good intent from bad, and another part is that EPIC is fearmongering a bit. I don't see the real problem, myself, especially since it's possible for their Privacy Policy (which is also in effect) to constrain the actions in the ToS, reducing the amount they could do that's actually "bad".

    --

    For your security, this post has been encrypted with ROT-13, twice.
  14. "Settings that narrow the scope of our use" by DragonWriter · · Score: 2

    The really important part, in the context of Drive, is: "in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services."

    The default setting in Drive is private-to-you-only.

    The recognition of settings narrowing the scope of use in the ToS means that it is part of the offer of service that you can use settings that purport to limit the use of content to, in fact, limit the scope of Google's use of that content, and, in the context of Drive, that material you put in it with the default, private-to-you setting, will be used only to create copies (e.g., replicas on various servers, etc.), derivative works (e.g., transformation in different formats, which Drive has hooks to support), and distribution (e.g., over the "series of tubes" connecting your devices to Google's servers), etc., to support delivering that content and its derivative products to you.

    Or to third-parties (e.g., apps) that you've explicitly approved for access to your private Drive content (as that's, again, within the scope of how the settings in Drive purport to restrict the use of your content.)

  15. Re:Not lawful by DragonWriter · · Score: 2

    ToS is not a binding contract.

    Usually has the required elements of mutual consideration, offer, and acceptance, so it probably is.

    You may be confusing "binding" with "written", which is a mistake.

    Any service based upon copyrighted material is a derivative work and such rights cannot be transferred without a binding contract.

    Under US Copyright law, a signed agreement is necessary for some copyright transactions, but not for most copyright licenses, including those to create derivative works.

    Clicking 'I agree" is not the same as attaching a 'digital signature'.

    Which would be relevant iff this were a situation where a written contract was generally required and the theory under which the agreement was binding was statutes making documents with attached "digital signatures" meeting certain requirements legally equivalent to written documents.

  16. Re:Of COURSE they require that license by Animats · · Score: 3, Interesting

    If Google does not require that license to your content, then how in gods name will they do simple things like display thumbnail previews of documents, which by NECESSITY is a derrivitive work? If anything, the fact that Microsoft and Dropbox *does not* have this in their agreement basically means they are violating their agreement constantly, just no one is calling them on it.

    No. Thumbnails are not copyright infringement. That's been litigated and won. By Google. So they know better.

  17. not much of a privacy advocate. by Bigsquid.1776 · · Score: 3, Insightful

    True privacy advocates will suggest the following: Do not put data you wish to keep private on a storage system accessible by someone else.

  18. Standard License for User Submitted Content by demeteloaf · · Score: 2

    Yeah, not really getting the whole uproar here...

    The terms quoted are pretty much necessary for any site that allows user submitted content. That's the way copyright law works. If they want to display something on a webpage, they need a license to do it. If they want to convert a word document into a .pdf, that's a derivitave work. Same with showing you a thumbnail of the image you uploaded. I guarantee that 95% of the sites out there have a similar clause in their terms of service. For instance: just take a look at slashdot's own terms of service. Click that terms button down at the bottom of the page and what do you get:

    submitting user retains ownership of such Geeknet Public Content; with respect to publicly-available statistical content which is generated by the site to monitor and display content activity, such content is owned by Geeknet. In each such case, the submitting user grants Geeknet the royalty-free, perpetual, irrevocable, non-exclusive, transferable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable license

    Looks very similar, doesn't it...

    --
    If there's anything more important than my ego around, i want it caught and shot now.