
Google defends Gmail data sharing, gives few details on violations - nopacience
https://www.reuters.com/article/us-google-congress/google-defends-gmail-data-sharing-gives-few-details-on-violations-idUSKCN1M02OR
======
scarface74
I’m definitely no defender of Google’s most of the time, but this seems cut
and dry. The user explicitly gave an extension the capability of reading their
email. The alternative is for Google not to allow this and the extension
having to have an unencrypted copy of your username and password to read
email.

~~~
s3r3nity
But taking your logic for whether or not that's ok, then the whole Cambridge
Analytica scandal with Facebook should also be considered "cut-and-dry," since
the terms and conditions users were accepting meant that the user gives
explicit permission to read metadata (read: demographic data) of the user.

TBH I'm not sure I agree with you either way, but if that's what you're
arguing, then let's give equal treatment where it's due.

~~~
scarface74
There is a difference in intent.

If I give a third party explicit permission to access my email, I am doing it
to benefit me. It’s not behind some blob of text in a Eula. Google says
specifically, you are giving this app the right to read your email.

If Google didn’t have that functionality and the same user gave the third
party access by giving them thier username and password. The third party
extension still has access to your email and now they have an unencrypted
password that the user is probably using in other places.

I’m assuming that there is also some type of method to ensure the token is
only being used by a certain extension so that if the token is leaked it can’t
be used by another app.

------
wemdyjreichert
"Breaking: Google, the king of "you are the product", makes customers the
product." FTFY Don't like this any more than anyone else, but who honestly
expected better from Google?

~~~
gonyea
I don’t get your point. These are third party extensions that you opt into.
The alternative is giving a third party your password and letting them use
IMAP. This seems like a better compromise that Google can actually log.

~~~
jasonvorhe
He most likely didn't read the article.

~~~
squarefoot
Possibly, but the article also gives incoherent information with respect to
time. For example, earlier it writes:

"Google said in a letter to U.S. senators made public on Thursday that it
relies on automated scans and reports from security researchers to monitor
add-ons after launch, but did not respond to lawmakers’ request to say how
many have been caught violating the company’s policies. "

And then: "Google did not immediately respond to a request for comment."

Which is OK, then at the end:

"House lawmakers asked Google in a separate letter in July whether smartphones
with its voice assistant tool can or do collect so-called “non-triggered”
audio in order to recognize phrases like “Okay Google” that activate voice
controls. The lawmakers cited media reports and said there had been
suggestions that third-party applications have access to and use this non-
triggered data without disclosure to users."

So what was the response from Google about this issue which they were asked
two months earlier, although the article cites it at the very end? Does the
"did not immediately respond to a request for comment" also apply to that one?

