
Lea Kissner's job is making sure Google products protect the privacy of users - einszwei
https://gizmodo.com/meet-the-woman-who-leads-nightwatch-google-s-internal-1825227132
======
jacquesm
Google could easily protect the privacy of their users but it would need to be
a directive from the top down and they would have to actually mean it.

All this is is an attempt to show themselves as the good guys relative to
Facebook whereas Google is in many ways just as bad, just along different
axis. At heart both Facebook and Google are advertising scum of the very worst
kind that hold the world hostage with some free functionality.

The problem with Google is that that functionality is of a grade that it is
hard to get around them, Facebook you can do without just fine.

~~~
z3t4
I couple of years ago I went to bed with the computer on. I woke up in the
middle of the night with hard drives in full rage. My first thought was that
Vista is probably doing a defrag, but I was pretty sure I had turned that
feature off. So I ran perfmon to see what was going on: googleupdate.exe was
scanning all drives, not only the system drive, but all of them. I purged all
Google software from the computer (Google Chrome, Earth).

~~~
rainbowmverse
I don't know if it's related or even on the right place in the timeline, but
at some point Chrome started doing virus scans on Windows.

------
grimskin
Well, they definitely do fail at the very core. For the non-enterprise Gmail
accounts, there is basically no way for account owners to reattain control
over an account if it was hijacked. Google product forums full of people
blocked from the recovery of their account by sudo-AI recovery form and all
the support they get is repeated "use recovery form" from some kind of "google
community volunteers" (or something like that).

E-mail account is basically a concentration of personal data and doing so
little to protect that negates everything else.

~~~
Buge
Whenever you make the recovery process easier, you make it easier for
attackers to "recover" victims' accounts.

Switching from pseudo-AI to humans isn't necessarily better. I had an attacker
successfully social engineer a support person into changing the email
associated with one of my videogame accounts which had some valuable items.

Preventing attackers from getting my password is something I can do myself.
Preventing attackers from "recovering" my account is not something I can do
myself. So I prefer services to have difficult recovery.

~~~
ksk
>Whenever you make the recovery process easier, you make it easier for
attackers to "recover" victims' accounts.

Only if you define easier as 'badly designed process'.

> I had an attacker successfully social engineer a support person into
> changing the email associated with one of my videogame accounts which had
> some valuable items.

That is unfortunate, but why do you believe this will always be the case?

>So I prefer services to have difficult recovery.

Maybe this can be an opt-in for the more 'security-minded' minority. There is
no reason to have the same process for every user. Both of the positions
"Preventing attackers from getting my password is something I can do myself."
and ". Preventing attackers from "recovering" my account is not something I
can do myself." rely on humans not making mistakes. We can improve on both
(service & user) sides to reduce mistakes.

~~~
Buge
>Only if you define easier as 'badly designed process'.

I'd be interested to know what a good process is.

>That is unfortunate, but why do you believe this will always be the case?

I don't believe most (if any) online accounts that I have provide enough
profit to the service owner to hire and train employees with enough expertise,
time, and resources to properly determine a valid recovery attempt from a fake
one.

Social engineering employees just seems so easy from what I've seen. It's so
reliable it can be done on stage:

[https://www.youtube.com/watch?v=SstZAIxl8wk](https://www.youtube.com/watch?v=SstZAIxl8wk)

[https://www.youtube.com/watch?v=lc7scxvKQOo](https://www.youtube.com/watch?v=lc7scxvKQOo)

It just takes a single slip up and you lose. Whereas attackers can just keep
trying.

>Maybe this can be an opt-in for the more 'security-minded' minority.

Yeah I agree it's a good idea. In fact that's what I've done on my primary
google account

[https://landing.google.com/advancedprotection/](https://landing.google.com/advancedprotection/)

But that implementation isn't perfect, it requires giving up some features and
buying U2F keys. Preferably you could opt into exactly the protection you
want, so you could get the recovery security without having to buy security
keys for example.

I agree there could be better implementations, but they would cost more. I
think it's a three way tradeoff between cost, easy recover, and security. When
I hear someone advocating for easier recovery without advocating for higher
cost, then I immediately think there will be a lowering of security.

~~~
ksk
>I'd be interested to know what a good process is.

IMHO, A good process would have several tiers, each being more manual, less
automated, and more time consuming. The basic tier would be security
questions, alternate email, SMS, 2FA, etc. The next tier could be establishing
identity and would mean communicating with a real person. You can send a
signed affidavit along with a government issued ID and the person would verify
it. Then they would have to establish that the account itself belongs a
specific person, and that that person is you. This can be done in various ways
- billing address, CC info (if applicable to that service), etc, etc. A more
real answer would be dependent on the actual service and what information the
service captures at signup, etc.

>I don't believe most (if any) online accounts that I have provide enough
profit to the service owner to hire and train employees with enough expertise,
time, and resources to properly determine a valid recovery attempt from a fake
one.

Well, then that is a different argument and I'd agree that it takes time and
money to get a good process in place.

But if you think about it your logic can be applied to anything right?? I
don't believe most (if any) software companies have enough profit motive to
test their software for security bugs or hire people who have expertise in
security.

>Social engineering employees just seems so easy from what I've seen. It's so
reliable it can be done on stage:

Yeah, that is an example of a bad process.

~~~
Buge
The cost of hiring security engineers and testing for security bugs is
constant with regard to number of users. Whether you have 1000 users or 1
billion users, your service has the same security if you spend the same amount
on testing an engineers.

But the cost of human intervention in recovery increases linearly with the
number of users.

I agree with your ideas for automation. But human intervention has problems.

One solution for human intervention is to charge a non-refundable fee for
recovery. This has the advantage of discouraging attackers from trying to
recover. The problem is I think this would cause bad PR for the companies. Now
instead of blog posts saying "Google locked me out of my account" there would
be blog posts saying "Google is charging me $20 to access my own account" or
"Google is holding my account hostage for cash".

------
confounded
> _The fundamental challenge... is making computing systems that people feel
> comfortable using. “They don’t feel safe, they don’t feel trust... Does this
> company have my best interests at heart at all?..”_

Making users feel good about surrendering data, defined as “protecting
privacy”.

Google’s positioning on the current furor is pretty interesting.

Specifically the preferred corporate definition of ‘privacy’ to mean...

> _Being respectful of a user can be as simple as giving her a way to respond
> to a product that bothers her, whether its an ad for a chicken recipe that’s
> not relevant for her because she’s a vegetarian or an abusive message that
> she wants to report._

... Funnel-optimization (“user trust”), and enhanced personal data collection.

Very Googley.

#changetheworld

~~~
nielsbot
I find the [x] button on Google's ads annoying. I click the [x] to mean
"remove this ad" but that is not one of the options presented. Wouldn't it be
better for users and Google if clicking [x] actually removed the ad from the
page?

------
open-source-ux
This article is entirely about security and Google's attempts to make sure
user data never leaks outside the company.

While you can't have privacy without security, security by itself does not
equal privacy. Not once does this article talk about how Google tracks and
records user behaviour on an industrial scale.

When you create a Google account, you're asked to provide your name, your
gender, your date of birth, your location and your mobile phone number. Some
of your most personal and private details, all of which will now be tied to
your online behaviour.

That data capture starts right from school, where millions of students use a
cloud-based OS called ChromeOS that records everything they do. It's quite
horrible that this is happening - the kids don't even get a say, it's the
adults who've decided this.

The G Suite for Education Privacy Notice [1] clearly states that Google
collects device information, unique device identifiers, mobile network
information (including phone number of the user). Also logged are IP
addresses, location information, and app usage using unique application
numbers.

Even if this information is detached from individual accounts and aggregated,
it equals a phenomenal amount of data captured by Google on millions of
students in the US.

And we've seen from Spotify and Netflix how even aggregated data can reveal
very private and personal user behaviour.

It's baffling how little scrutiny the company faces, least of all from the
tech community who, more often than not, rush to it's defence.

[1]
[https://gsuite.google.com/terms/education_privacy.html](https://gsuite.google.com/terms/education_privacy.html)

------
cm2187
Sounds like the job of protecting the health of consumers at a cigarette
factory.

------
sametmax
So no PRISM ? And analytics and google font don't collect my data when I'm not
on a google site ? And no scanning of my gmail messages ? And I can install
updates for my Android apps easily without linking my personal email to my
phone ( and risking cloud contact/photo sync if I didn't do this right) ? And
ads don't get personalized to my profile according to all those data ?

~~~
collyw
I logged into "my activity" on Google recently for the first time. I was
pretty annoyed to see they have tracked all my Duck Duck Go searches made
through chrome.

~~~
fooker
What's so annoying about this?

DDG does use Google search for a lot of things.

~~~
detaro
> _DDG does use Google search for a lot of things._

Source? They use Yahoo/Bing in the backend, but Google?

------
AceJohnny2
It's interesting to me that the article mentions Yonatan Zunger, since he left
Google in July 2017. Before working in the Privacy team (as a Distinguished
Engineer), he was Chief Architect for G+.

His short stint in Privacy (8 months) before quitting Google for a startup
makes me nervous. But maybe I'm reading too much and he just needed to move on
from Google after 14 years.

[https://plus.google.com/+YonatanZunger](https://plus.google.com/+YonatanZunger)

[https://www.linkedin.com/in/yonatanzunger/](https://www.linkedin.com/in/yonatanzunger/)

[https://twitter.com/yonatanzunger](https://twitter.com/yonatanzunger)

~~~
theDoug
You can always ask him directly, rather than work in imagination. He is a
friendly person.

~~~
smt88
> _You can always ask him directly, rather than work in imagination_

He has a lot of professional incentive not to disclose privacy problems at
Google...

~~~
AceJohnny2
Exactly.

He is approachable on G+ and Twitter, but plain game theory means I'd doubt
any reassuring answer.

------
adamnemecek
Reads very propagandy esp considering the timing. The fb drama is justcooling
off, what better way to promote an fb competitor than talking about this.

~~~
benatkin
Reminds me of this pg essay:
[http://www.paulgraham.com/submarine.html](http://www.paulgraham.com/submarine.html)

------
ForHackernews
Reads like a press release from Google's PR department trying to differentiate
themselves from Facebook.

If you care about user privacy, you don't deliberately build a panopticon.

------
ThatHNGuy
I must say, she's doing a bad job then.

Where is the opt-out for reading GMail content? Or better written: why is the
scanning of emails activated by default and not as opt-in? What about the
preinstalled Android Google Services, which upload data continuously on
Googles' Servers?

~~~
lathiat
Google stopped personalising ads based on your e-mail (e.g. 'reading your
email') last year: [https://blog.google/products/gmail/g-suite-gains-traction-
in...](https://blog.google/products/gmail/g-suite-gains-traction-in-the-
enterprise-g-suites-gmail-and-consumer-gmail-to-more-closely-align/)

~~~
ThatHNGuy
what about Google Assistant / Google Now?

------
woolvalley
I think it's fairly standard that larger tech companies have privacy teams.
Apple has one, facebook has one, google has one. If I bothered to search for
more, you probably can find a news article about that company's privacy team.

------
ksk
Isn't this just about who 'other than google' can access your data? Its sort
of like creating an API and allowing only one person to use that API. The API
itself is the problem, not the fact that only one person can access it. But I
don't get the pressure on Google here. What do people expect them to do if
their entire business model is based on data harvesting. The only way to fix
this would be to have a legally mandated opt-in policy on data collection.
This will let Google charge money from end users, and maybe make them feel
much better about it too.

------
pjmlp
If they actually care, then force OEMs to provide Android security patches,
instead of hand waving with Treble and still leaving the process to OEMs.

------
collyw
She ain't doing a very good job.

------
tanu057
Is there someone at Facebook that does the same as Lea Kissner?

------
andridk
Good luck Lea

------
gaius
This is satire right?

~~~
908087
More like Google PR team planted "you can trust us" propaganda.

------
dogecoinbase
This will probably go about as well as Alex Stamos protecting the private data
of Facebook users (and, I suppose, Yahoo users before that).

~~~
kerng
Interesting, I noticed as well that Alex Stamos has a record of data breaches
that he leaves behind. What's his next gig? Does anyone know? Will be curious
to follow.

