As long as they're careful to never lose video that may become the subject of media attention, I suppose it's possible. That seems like a game that's guaranteed to end badly, though, because it's not possible to know what will and will not become big news. Some things are obviously big (e.g. deaths) but lesser issues may not blow up until some subsequent sequence of events.
It seems like a really risky business strategy for Taser... and if any journalist ever caught wind of the "soft points", or any whistleblower decided to out them, it'd generate a firestorm.
What you describe is very feasible in heavily manual processes, but automated systems operate in the way they're designed, without variation, and deliberate holes leave traces. With manual processes, the worst case is that the agency has to find a scapegoat, some low-level employee who was responsible for doing something and didn't. With automated systems, it's much harder to argue that the problem wasn't deliberate. It's easy enough the first time "It's a bug!", but it doesn't take long before people want to know why the bug hasn't been fixed.
Note the complete lack of any discussion of artificial lighting. Heat is important for winter greenhouses in England, but with regard to light the only discussion is about shading during the summer. Moreover, I have a colleague who lives in a small town just north of Sheffield who gardens year-round in an un-lit greenhouse. He says the shorter days in the winter result in slower growth, and some plants like it more than others so he changes the mix of what he's growing seasonally. But he grows herbs and vegetables year-round.
If you go far enough north, lighting does become an issue for winter growing. For example, in Alaska: http://www.uaf.edu/files/ces/p.... But that's pretty extreme. In Fairbanks the shortest day of the year is barely three hours long. London days don't get much less than 8 hours.
I'm not saying that LEDs couldn't help in northerly climes, but the article seems to say that using LEDs in a cave is more efficient somehow than using the sun. Which is ridiculous.
The default gain may be poor, but it might be adjustable; it wouldn't surprise me at all if developers who were lax enough to not bother encrypting the feed also provided a low-level control interface over the same channel. It would be really convenient for debugging.
Even that doesn't really matter that much... do you really want a microphone in your house broadcasting what it hears? Exactly how much it hears may depend on where you are, what doors are open or closed, etc., but are you really sure it's never hearing anything you don't want broadcast?
And, more importantly, how many people who buy a baby monitor even think about the issue? Product designers should not build a product that requires their user to do that sort of security analysis. Especially since it's quite easy to make it a non-issue.
The other side of this argument is that while individual police agencies don't have to retrieve video very often (except perhaps for very large ones, like NYPD), Taser will be getting requests on a daily basis. If they fail to "find" a substantial portion of those videos, it's going to become obvious -- and public -- very quickly. And the story will be that they're failing to do the primary job for which the taxpayers are paying them tens or hundreds of millions of dollars annually. That in turn will generate tremendous pressure on police departments to dump them. If agencies do their own storage they have a certain degree of plausible deniability around their own technical failures. Taser won't have that, and agencies won't have plausible deniability around their decision to use Taser once it's been headline news that Taser routinely fails.
From Taser's perspective, I think that narrative is a pretty compelling argument for being very careful not to ever "lose" video. Some headlines could destroy their business very quickly. They could survive one or two rounds of such headlines, but once it's clear that they've had plenty of time to fix their operations and still fail, they'd be dead.
I don't think the concern was that we don't have LED technology which can produce good grow lights. The question is whether this can actually be more efficient than letting the sun do the job.
You're missing the point. Credit card numbers were just one example. Unless you're comfortable broadcasting everything that goes on in your house, this is an issue.
Also, there's no need to actually have a person sit in full view of anyone. Just hide a repeater in the shrubbery.
So, you're home in the evening and your wife calls "Hey, honey, can you give me the credit card number for something I'm buying online?" and you tell her the number. The baby monitor hears.
That's just one example, and not a particularly scary one. Use your imagination. It's not just about whether or not you're home, it's about what information is available inside your house that you don't want shared with random listeners.
Bingo. So someone can hack the monitor and listen to my baby sleep or not sleep. Or even watch him sleeping. What exactly is the threat? What information can they really gain that is of use? That the sheets are green instead of blue?
They can see and hear a lot of details of activity inside the house, not just the baby. Whatever is in range of the camera and microphone.
Makes sense, actually. If your idle visual cortex starts doing other things (whether useful or not), it stands to reason that the result would be interpreted as a visual hallucination.
It's not a no-win situation. It just means that self-driving cars have to know when to break the rules. They can and should behave like the best of human drivers.
If you program the car to just account for assholes but still drive safely, then it will basically choke in situations like a four way stop in southern California where every other asshole will just muscle or roll their way through the stop.
The current programming of the car handles that situation. Less aggressively than a human would, but aggressively enough to assert its intention to go, and go.
Program to take account of these things, or don't plan on driving on the road.
Duh.
Technology in development is imperfect. Big surprise. These issues are why Google hasn't yet started selling them to the public. None of them are insurmountable, but it takes a lot of time and effort to build sophisticated systems.
What if that was a cardboard box and it swerved heavily in case that box "pulled out"?
The cars can easily distinguish between a cardboard box and a vehicle. Determining whether or not the vehicle has a driver in the seat and might move... that's often impossible. Likely the reason that the car swerved sharply rather than braking earlier is because the badly-parked car was obscured by other obstacles.
If it can't make it's way through a junction where the drivers are following the rules, that's bad programming.
Six year-old programming, note. The article mentions that the current version of the software inches forward to establish intent to move.
and potentially weighs up collision with non-hazard vs collision with small child and gets it wrong
Google cars recognize pedestrians (of all sizes) and regularly notice them even when no human could. I'm sure the car would choose to hit another vehicle over a pedestrian or cyclist.
Really, your whole comment is a mixture of outdated information buttressed by invalid assumptions and layered over with a veneer of blindingly obvious conclusions.
Apple.
Desktop is one thing mobile is another. Without Apple it is DOA.
Without Apple, this will only be on 90% of mobile devices. Maybe higher than that, given that we're talking about 2018 or so. Doesn't seem like a showstopper.
Both Mormons and Muslims claim that their Scripture are merely copies of documents which came from heaven.
Actually, I don't think either claims that. I know Mormons don't. Mormons claim that the Book of Mormon was written by a series of prophets. The prophets were inspired, but wrote in their own words. Same as the Bible. The difference is in the method of collection and translation, not the method of authorship.
I think it's the same for Islam. Muslims believe Mohammed was a prophet, so his writings were inspired by Allah, but the Koran contains his own words.
That Shaun Bridges was even charged at all is amazing. He's a government employee, and in most of the world it's very rare for government employees to be charged with a crimes because fellow government employees refuse to prosecute them. Thank your lucky stars, America, you are not like Australia where the press reports alleged corruption, the police ignore it, and it piles up and up and up: https://archive.is/KUTAy#cases
Nah, it's pretty much the same in America.
The difference in this case is the nature of the crime and the victim chosen. No, not Ulbricht. The victim was the federal government, because they were going to seize that money anyway. You steal from the government, or attack the government in any way, they're going to drop the hammer on you. If your victim is an individual, well, it depends in large part on the socioeconomic status of that individual. A government employee can get prosecuted for killing a poor black man, for example, but it's rare. If you're a government agency and your victim is the entire nation, you're almost certainly going to get away with it. At most you'll be told to stop, but no one will be going to jail... well, except the guy who ratted the agency out. There's a good chance he'll go to jail, if he can be caught.
The technical term for jailbroken, insecure versions of iOS is "Android."
That's a common belief. In practice, I don't think it's true. In particular, although the Android world sees lots of announcements of vulnerabilities that affect X hundred million devices, the actual exploitation doesn't seem to follow. One reason is that many of the vulnerabilities aren't actually as widespread or are harder to exploit in practice than the researchers describe. Another is that the diversity of the Android ecosystem often means that an exploit has to be customized for each different manufacturer and model, making broad exploitation harder. A third is that Google is often able to successfully mitigate vulnerabilities with the Play store, Verify Apps and updates to the Play services app. There are other reasons as well.
Whatever the reasons, it's interesting to note that we don't see reports of large numbers of Google accounts being compromised via Android vulnerabilities. I'm not claiming that's impossible, and it wouldn't shock me if it happened tomorrow, but the fact that we don't indicates to me that there is actually more right with the Android security situation than is commonly believed. The low real-world malware numbers disclosed in Google's Android security "State of the Union" report further buttress that view.
(Disclaimer: I'm a member of Google's Android security team. I'm speaking only for myself, not for Google.)
I expect to be able to go in and out of my door. That's what doors are for. Apple doesn't even give you a door. You have to break your way through the wall. Then there's a hole there. That's why Apple products are only sufficient for sheep. They don't break down walls, they just wander through holes.
It's worth pointing out that if you root your Android device you're doing the same thing, breaking through a wall. That's fine if it's what you want to do, but you are giving something up in terms of security.
As a member of the Android security team, I'm involved in lots of discussions about lots of different threat models and attack vectors, and while we do think about trying to maintain security on rooted devices, I'd say that 90% of the time we end up deciding that we just can't, so "device is running an official image[*] and is not rooted" becomes a foundational assumption of the analysis.
This isn't because rooting is inherently bad, or because we're trying to control user's devices, but because it's impossible to reason about security in a vacuum. You have to know what you can depend on. For example, we might argue that apps can't break out of their sandbox in a particular way because the information they need to do it is managed by a particular system daemon which validates access in a particular way... but in a rooted device that daemon may be modified, or simply bypassed. We just can't know that stuff is still working the way it's intended to. Some members of the modding community do an outstanding job of adding flexibility without breaking the security model, but many others don't.
Ideally, devices should provide enough native flexibility to allow users to achieve what they want while staying entirely within the normal mode of operation. In the case of Android that means staying within Google's "walled garden": install apps only from the play store, keep Verify Apps enabled (and follow its recommendations), don't root, definitely don't disable SELinux, etc. Where that ideal fails, and users want to do stuff that can't be done in the garden, they should have the option of stepping out of it, and they should be able to do so in a progressive way, not all-or-none... but each step they take increases the probability that they'll change something that violates a security assumption and thereby increases their risk of compromise.
I suspect that Apple security engineers even more strongly assume that devices are not jailbroken. That's just a guess, but it's consistent with the general philosophy of iOS and, if correct, it means that jailbreakers have even less expectation of security. iOS users also live in a software monoculture, which exacerbates the risk. (Android users get security benefits from ecosystem diversity, though there are obvious costs to that diversity as well. Including the update problem.)
[*] Note that given the state of updates in the Android ecosystem, we often don't assume that the device is running an up to date system image. From our perspective that's often easier to work with than a rooted device because at least we know how it behaves and can look at trying to mitigate risks at other layers. We're also working on the update situation, but that's hard given the nature of the ecosystem.
Google knows my location due to my use of Google Maps
Google receives the map tile requests, etc., but if location history is turned off nothing about it is stored. I have no idea what your cell provider may store, though.
Again, I actually like the location history. I find it convenient to be able to look back and see where I was at a particular date and time. But it's under your control.
I really have no concern about sharing it with Google, because no one is ever going to see it.
Well, an individual person doesn't need to see it. If they're willing to use searches to send people job offers and ads, what else can they automate?
They can also remind you when it's time to leave for an appointment, and that you have a coupon you can use at the store you just entered, and that your wife's birthday is coming up, and much, much more... but only with your permission. If you don't want it, turn it off and delete the data. Google provides the tools.
And what happens when Google has a breech or a bad setting. Remember when Google signed people up for G+,. and a lot of private data got exposed.
I think you're thinking about Buzz, not Google+. That was bad; Buzz auto-friended contacts, exposing relationships. The fact that that's the worst thing that's happened, and that happened before all of the internal privacy review policies were put in place is pretty indicative, IMO.
As for a breach... nothing is impossible, but I spent 15 years as a security consultant to US corporations, mostly banks, and Google has dramatically better security systems than anyone I ever saw. I'm not worried about my data at Google.
However, if you are I highly recommend going to your Google account dashboard and deleting whatever information there you're concerned about.
I'd expect a self motivated worker to already be looking for a new one.
Bah. There are different kinds of people. Some will search out a better job, but many of the more introverted sorts won't. It doesn't mean they're not motivated, just that they're not comfortable with interviewing. A lot of top-performing software engineers are very introverted.
easier to teach brilliant problem solvers some time management skills
That's an optinion that not many employers share. Companys that take it upon themselves to teach basic skills tend to hire people without them. And then everyone suffers, because everyone is expected to help out the special snowflakes.
There are no "special snowflakes" at Google. Google gives people time and resources to address their shortcomings, and it's expected that everyone be helpful, but if you can't pull your weight for whatever reason, it'll come out. Your peers will tell you that you need to manage your time better, and your manager will expect you to make use of the internal resources available to improve. It's even fine if you take time away from your job to do what's needed to improve... but if you don't, you'll eventually be gone. It's not like learning to manage your time is hard. If you're capable of solving hard computer science problems, you can learn that, too.
In practice, it's really not a problem. If you find smart people and keep them challenged (or enable them to keep themselves challenged), and give them feedback on how they can do better, it works.
I buy the "potential" issue. I have enough confidence in the leadership and the culture that I don't worry about it being abused in the near term, but eventually that could change. I actually do have a greater degree of trust in Google than I do other corporations or government agencies, though. I expect that's mostly because of the visibility I have as an employee.
The less they know about me, the better.
In the abstract I see that. But Google Now is useful... and I expect it to become vastly more useful. It's going to be interesting to see how this evolves over the next decade or so, whether most everyone decides that having an excellent personal digital assistant is worth allowing someone to know so much about them. At least it's shaping up that there will be competition... Now, Siri, Cortana, Echo...
And obviously Google is already using information it knows about users to make recruiting decisions so clearly they are using the data for more than just advertising.
Recruiting is advertising.
Suppose that I use an Android phone and I have all my web browsers signed in to a Google account. Google now has access to all my phone data, my contact data, calendar data, search history, and even info about websites that I go to directly w/o the help of google (thanks to Google ads)
Chrome can also tell Google everywhere you go even without the help of ads. It only does that if you turn on web history, though. Same with location. If you turn on location history, Google stores it. If not, Google doesn't get it. As for phone, contacts, calendar, photos, etc., that's true if you turn on backup for everything. If you turn off backup, the data doesn't go to Google. Of course, then you don't get the cross-platform always-updated calendar and contacts list, and if your phone gets run over by a bus it's all gone. Whether or not to use backup isn't a one-time decision, though; if you use it and then later decide not to you can use the privacy dashboard to delete stuff.
And Google does forget the data you ask it to delete. It's a good idea to check the dashboard periodically and wipe out anything you don't want to be there. You should probably do that if you haven't.
As I understand it, when you flip the state of one of an entangled pair, you break the entanglement. So site B can do what they like with the second pair, but site A won't know what they did. But IANAP and it's been over two decades since I took physics. Oh, and although my old textbook is on the shelf behind me, I'm too lazy to turn around and look at it:)
Person is researching python lambda function list comprehension for a programming project. Gets sidetracked for a couple of hours by popup puzzles.
Yep. This is the employee we want.
You mean the sort of person who is an avid problem solver but bored in their current job? Yes, that's exactly who you want to hire if you're going to put them in an environment rich in productive puzzles to solve. Yes, you do also need them to be able to maintain focus when it really matters, but it's far easier to teach brilliant problem solvers some time management skills than it is to teach plodding, methodical thinkers to be brilliant problem solvers.
As long as they're careful to never lose video that may become the subject of media attention, I suppose it's possible. That seems like a game that's guaranteed to end badly, though, because it's not possible to know what will and will not become big news. Some things are obviously big (e.g. deaths) but lesser issues may not blow up until some subsequent sequence of events.
It seems like a really risky business strategy for Taser... and if any journalist ever caught wind of the "soft points", or any whistleblower decided to out them, it'd generate a firestorm.
What you describe is very feasible in heavily manual processes, but automated systems operate in the way they're designed, without variation, and deliberate holes leave traces. With manual processes, the worst case is that the agency has to find a scapegoat, some low-level employee who was responsible for doing something and didn't. With automated systems, it's much harder to argue that the problem wasn't deliberate. It's easy enough the first time "It's a bug!", but it doesn't take long before people want to know why the bug hasn't been fixed.
Really? https://www.rhs.org.uk/advice/...
Note the complete lack of any discussion of artificial lighting. Heat is important for winter greenhouses in England, but with regard to light the only discussion is about shading during the summer. Moreover, I have a colleague who lives in a small town just north of Sheffield who gardens year-round in an un-lit greenhouse. He says the shorter days in the winter result in slower growth, and some plants like it more than others so he changes the mix of what he's growing seasonally. But he grows herbs and vegetables year-round.
If you go far enough north, lighting does become an issue for winter growing. For example, in Alaska: http://www.uaf.edu/files/ces/p.... But that's pretty extreme. In Fairbanks the shortest day of the year is barely three hours long. London days don't get much less than 8 hours.
I'm not saying that LEDs couldn't help in northerly climes, but the article seems to say that using LEDs in a cave is more efficient somehow than using the sun. Which is ridiculous.
The default gain may be poor, but it might be adjustable; it wouldn't surprise me at all if developers who were lax enough to not bother encrypting the feed also provided a low-level control interface over the same channel. It would be really convenient for debugging.
Even that doesn't really matter that much... do you really want a microphone in your house broadcasting what it hears? Exactly how much it hears may depend on where you are, what doors are open or closed, etc., but are you really sure it's never hearing anything you don't want broadcast?
And, more importantly, how many people who buy a baby monitor even think about the issue? Product designers should not build a product that requires their user to do that sort of security analysis. Especially since it's quite easy to make it a non-issue.
The other side of this argument is that while individual police agencies don't have to retrieve video very often (except perhaps for very large ones, like NYPD), Taser will be getting requests on a daily basis. If they fail to "find" a substantial portion of those videos, it's going to become obvious -- and public -- very quickly. And the story will be that they're failing to do the primary job for which the taxpayers are paying them tens or hundreds of millions of dollars annually. That in turn will generate tremendous pressure on police departments to dump them. If agencies do their own storage they have a certain degree of plausible deniability around their own technical failures. Taser won't have that, and agencies won't have plausible deniability around their decision to use Taser once it's been headline news that Taser routinely fails.
From Taser's perspective, I think that narrative is a pretty compelling argument for being very careful not to ever "lose" video. Some headlines could destroy their business very quickly. They could survive one or two rounds of such headlines, but once it's clear that they've had plenty of time to fix their operations and still fail, they'd be dead.
OK, pick your damned whining ... either it's not as efficient as the sun, or it's more efficient than the greenhouse.
Umm, where do you think greenhouses get their light?
And you don't need to ship it half way around the world in the winter.
You can put greenhouses in the city, too.
The summary claims that the underground solution uses less energy than a greenhouse. Maybe the summary is bad (I know that'd be a first on slashdot).
I don't think the concern was that we don't have LED technology which can produce good grow lights. The question is whether this can actually be more efficient than letting the sun do the job.
So... there is nothing that a microphone could pick up in your house that you wouldn't want overheard?
You're missing the point. Credit card numbers were just one example. Unless you're comfortable broadcasting everything that goes on in your house, this is an issue.
Also, there's no need to actually have a person sit in full view of anyone. Just hide a repeater in the shrubbery.
So, you're home in the evening and your wife calls "Hey, honey, can you give me the credit card number for something I'm buying online?" and you tell her the number. The baby monitor hears.
That's just one example, and not a particularly scary one. Use your imagination. It's not just about whether or not you're home, it's about what information is available inside your house that you don't want shared with random listeners.
Bingo. So someone can hack the monitor and listen to my baby sleep or not sleep. Or even watch him sleeping. What exactly is the threat? What information can they really gain that is of use? That the sheets are green instead of blue?
They can see and hear a lot of details of activity inside the house, not just the baby. Whatever is in range of the camera and microphone.
Makes sense, actually. If your idle visual cortex starts doing other things (whether useful or not), it stands to reason that the result would be interpreted as a visual hallucination.
It's not a no-win situation. It just means that self-driving cars have to know when to break the rules. They can and should behave like the best of human drivers.
If you program the car to just account for assholes but still drive safely, then it will basically choke in situations like a four way stop in southern California where every other asshole will just muscle or roll their way through the stop.
The current programming of the car handles that situation. Less aggressively than a human would, but aggressively enough to assert its intention to go, and go.
Program to take account of these things, or don't plan on driving on the road.
Duh.
Technology in development is imperfect. Big surprise. These issues are why Google hasn't yet started selling them to the public. None of them are insurmountable, but it takes a lot of time and effort to build sophisticated systems.
What if that was a cardboard box and it swerved heavily in case that box "pulled out"?
The cars can easily distinguish between a cardboard box and a vehicle. Determining whether or not the vehicle has a driver in the seat and might move... that's often impossible. Likely the reason that the car swerved sharply rather than braking earlier is because the badly-parked car was obscured by other obstacles.
If it can't make it's way through a junction where the drivers are following the rules, that's bad programming.
Six year-old programming, note. The article mentions that the current version of the software inches forward to establish intent to move.
and potentially weighs up collision with non-hazard vs collision with small child and gets it wrong
Google cars recognize pedestrians (of all sizes) and regularly notice them even when no human could. I'm sure the car would choose to hit another vehicle over a pedestrian or cyclist.
Really, your whole comment is a mixture of outdated information buttressed by invalid assumptions and layered over with a veneer of blindingly obvious conclusions.
Apple. Desktop is one thing mobile is another. Without Apple it is DOA.
Without Apple, this will only be on 90% of mobile devices. Maybe higher than that, given that we're talking about 2018 or so. Doesn't seem like a showstopper.
Both Mormons and Muslims claim that their Scripture are merely copies of documents which came from heaven.
Actually, I don't think either claims that. I know Mormons don't. Mormons claim that the Book of Mormon was written by a series of prophets. The prophets were inspired, but wrote in their own words. Same as the Bible. The difference is in the method of collection and translation, not the method of authorship.
I think it's the same for Islam. Muslims believe Mohammed was a prophet, so his writings were inspired by Allah, but the Koran contains his own words.
That Shaun Bridges was even charged at all is amazing. He's a government employee, and in most of the world it's very rare for government employees to be charged with a crimes because fellow government employees refuse to prosecute them. Thank your lucky stars, America, you are not like Australia where the press reports alleged corruption, the police ignore it, and it piles up and up and up: https://archive.is/KUTAy#cases
Nah, it's pretty much the same in America.
The difference in this case is the nature of the crime and the victim chosen. No, not Ulbricht. The victim was the federal government, because they were going to seize that money anyway. You steal from the government, or attack the government in any way, they're going to drop the hammer on you. If your victim is an individual, well, it depends in large part on the socioeconomic status of that individual. A government employee can get prosecuted for killing a poor black man, for example, but it's rare. If you're a government agency and your victim is the entire nation, you're almost certainly going to get away with it. At most you'll be told to stop, but no one will be going to jail... well, except the guy who ratted the agency out. There's a good chance he'll go to jail, if he can be caught.
The technical term for jailbroken, insecure versions of iOS is "Android."
That's a common belief. In practice, I don't think it's true. In particular, although the Android world sees lots of announcements of vulnerabilities that affect X hundred million devices, the actual exploitation doesn't seem to follow. One reason is that many of the vulnerabilities aren't actually as widespread or are harder to exploit in practice than the researchers describe. Another is that the diversity of the Android ecosystem often means that an exploit has to be customized for each different manufacturer and model, making broad exploitation harder. A third is that Google is often able to successfully mitigate vulnerabilities with the Play store, Verify Apps and updates to the Play services app. There are other reasons as well.
Whatever the reasons, it's interesting to note that we don't see reports of large numbers of Google accounts being compromised via Android vulnerabilities. I'm not claiming that's impossible, and it wouldn't shock me if it happened tomorrow, but the fact that we don't indicates to me that there is actually more right with the Android security situation than is commonly believed. The low real-world malware numbers disclosed in Google's Android security "State of the Union" report further buttress that view.
(Disclaimer: I'm a member of Google's Android security team. I'm speaking only for myself, not for Google.)
I expect to be able to go in and out of my door. That's what doors are for. Apple doesn't even give you a door. You have to break your way through the wall. Then there's a hole there. That's why Apple products are only sufficient for sheep. They don't break down walls, they just wander through holes.
It's worth pointing out that if you root your Android device you're doing the same thing, breaking through a wall. That's fine if it's what you want to do, but you are giving something up in terms of security.
As a member of the Android security team, I'm involved in lots of discussions about lots of different threat models and attack vectors, and while we do think about trying to maintain security on rooted devices, I'd say that 90% of the time we end up deciding that we just can't, so "device is running an official image[*] and is not rooted" becomes a foundational assumption of the analysis.
This isn't because rooting is inherently bad, or because we're trying to control user's devices, but because it's impossible to reason about security in a vacuum. You have to know what you can depend on. For example, we might argue that apps can't break out of their sandbox in a particular way because the information they need to do it is managed by a particular system daemon which validates access in a particular way... but in a rooted device that daemon may be modified, or simply bypassed. We just can't know that stuff is still working the way it's intended to. Some members of the modding community do an outstanding job of adding flexibility without breaking the security model, but many others don't.
Ideally, devices should provide enough native flexibility to allow users to achieve what they want while staying entirely within the normal mode of operation. In the case of Android that means staying within Google's "walled garden": install apps only from the play store, keep Verify Apps enabled (and follow its recommendations), don't root, definitely don't disable SELinux, etc. Where that ideal fails, and users want to do stuff that can't be done in the garden, they should have the option of stepping out of it, and they should be able to do so in a progressive way, not all-or-none... but each step they take increases the probability that they'll change something that violates a security assumption and thereby increases their risk of compromise.
I suspect that Apple security engineers even more strongly assume that devices are not jailbroken. That's just a guess, but it's consistent with the general philosophy of iOS and, if correct, it means that jailbreakers have even less expectation of security. iOS users also live in a software monoculture, which exacerbates the risk. (Android users get security benefits from ecosystem diversity, though there are obvious costs to that diversity as well. Including the update problem.)
[*] Note that given the state of updates in the Android ecosystem, we often don't assume that the device is running an up to date system image. From our perspective that's often easier to work with than a rooted device because at least we know how it behaves and can look at trying to mitigate risks at other layers. We're also working on the update situation, but that's hard given the nature of the ecosystem.
Google knows my location due to my use of Google Maps
Google receives the map tile requests, etc., but if location history is turned off nothing about it is stored. I have no idea what your cell provider may store, though.
Again, I actually like the location history. I find it convenient to be able to look back and see where I was at a particular date and time. But it's under your control.
Well, an individual person doesn't need to see it. If they're willing to use searches to send people job offers and ads, what else can they automate?
They can also remind you when it's time to leave for an appointment, and that you have a coupon you can use at the store you just entered, and that your wife's birthday is coming up, and much, much more... but only with your permission. If you don't want it, turn it off and delete the data. Google provides the tools.
And what happens when Google has a breech or a bad setting. Remember when Google signed people up for G+,. and a lot of private data got exposed.
I think you're thinking about Buzz, not Google+. That was bad; Buzz auto-friended contacts, exposing relationships. The fact that that's the worst thing that's happened, and that happened before all of the internal privacy review policies were put in place is pretty indicative, IMO.
As for a breach... nothing is impossible, but I spent 15 years as a security consultant to US corporations, mostly banks, and Google has dramatically better security systems than anyone I ever saw. I'm not worried about my data at Google.
However, if you are I highly recommend going to your Google account dashboard and deleting whatever information there you're concerned about.
but bored in their current job?
I'd expect a self motivated worker to already be looking for a new one.
Bah. There are different kinds of people. Some will search out a better job, but many of the more introverted sorts won't. It doesn't mean they're not motivated, just that they're not comfortable with interviewing. A lot of top-performing software engineers are very introverted.
easier to teach brilliant problem solvers some time management skills
That's an optinion that not many employers share. Companys that take it upon themselves to teach basic skills tend to hire people without them. And then everyone suffers, because everyone is expected to help out the special snowflakes.
There are no "special snowflakes" at Google. Google gives people time and resources to address their shortcomings, and it's expected that everyone be helpful, but if you can't pull your weight for whatever reason, it'll come out. Your peers will tell you that you need to manage your time better, and your manager will expect you to make use of the internal resources available to improve. It's even fine if you take time away from your job to do what's needed to improve... but if you don't, you'll eventually be gone. It's not like learning to manage your time is hard. If you're capable of solving hard computer science problems, you can learn that, too.
In practice, it's really not a problem. If you find smart people and keep them challenged (or enable them to keep themselves challenged), and give them feedback on how they can do better, it works.
I buy the "potential" issue. I have enough confidence in the leadership and the culture that I don't worry about it being abused in the near term, but eventually that could change. I actually do have a greater degree of trust in Google than I do other corporations or government agencies, though. I expect that's mostly because of the visibility I have as an employee.
The less they know about me, the better.
In the abstract I see that. But Google Now is useful... and I expect it to become vastly more useful. It's going to be interesting to see how this evolves over the next decade or so, whether most everyone decides that having an excellent personal digital assistant is worth allowing someone to know so much about them. At least it's shaping up that there will be competition... Now, Siri, Cortana, Echo...
And obviously Google is already using information it knows about users to make recruiting decisions so clearly they are using the data for more than just advertising.
Recruiting is advertising.
Suppose that I use an Android phone and I have all my web browsers signed in to a Google account. Google now has access to all my phone data, my contact data, calendar data, search history, and even info about websites that I go to directly w/o the help of google (thanks to Google ads)
Chrome can also tell Google everywhere you go even without the help of ads. It only does that if you turn on web history, though. Same with location. If you turn on location history, Google stores it. If not, Google doesn't get it. As for phone, contacts, calendar, photos, etc., that's true if you turn on backup for everything. If you turn off backup, the data doesn't go to Google. Of course, then you don't get the cross-platform always-updated calendar and contacts list, and if your phone gets run over by a bus it's all gone. Whether or not to use backup isn't a one-time decision, though; if you use it and then later decide not to you can use the privacy dashboard to delete stuff.
And Google does forget the data you ask it to delete. It's a good idea to check the dashboard periodically and wipe out anything you don't want to be there. You should probably do that if you haven't.
As I understand it, when you flip the state of one of an entangled pair, you break the entanglement. So site B can do what they like with the second pair, but site A won't know what they did. But IANAP and it's been over two decades since I took physics. Oh, and although my old textbook is on the shelf behind me, I'm too lazy to turn around and look at it :)
Person is researching python lambda function list comprehension for a programming project. Gets sidetracked for a couple of hours by popup puzzles.
Yep. This is the employee we want.
You mean the sort of person who is an avid problem solver but bored in their current job? Yes, that's exactly who you want to hire if you're going to put them in an environment rich in productive puzzles to solve. Yes, you do also need them to be able to maintain focus when it really matters, but it's far easier to teach brilliant problem solvers some time management skills than it is to teach plodding, methodical thinkers to be brilliant problem solvers.