
Sundar Pichai: Privacy Should Not Be a Luxury Good - johnny313
https://www.nytimes.com/2019/05/07/opinion/google-sundar-pichai-privacy.html
======
olliej
Says ceo of a company who’s business model is predicated in tracking people.

Much like facebook’s idea of privacy, they are conflating your actual privacy
with themselves not selling your raw data. Eg. Just because they track you,
and have access to all your data, doesn’t mean they’re violating your privacy
- the line only occurs if they sell that information directly.

~~~
nashashmi
There business model is not predicated on tracking people. That's Facebook and
Google tried to copy them. Their model is based on data mining. They belive
lots of insights are available then. And a better product can be made
available then.

~~~
olliej
What data do you think is being mined exactly?

~~~
netwanderer3
I think what he meant was that Google's methodology prioritizes in anonymizing
their data in the pipeline as to not to link it with any specific individuals,
as opposed to Facebook's data which is often directly tied to a person. This
makes sense because Google is all about Search so it really depends on
keywords popularity where Facebook Ads can target very specific individual
groups down to their interests.

If we believed in Eric Schmidt's prediction that future internet is going to
be split into two halfs where one is controlled by China and the other by the
US, and since China is restricting privacy and increase surveillance then the
only sensible direction the U.S should adapt is by embracing the opposite
values and promoting digital privacy. Those who place importance on these
values will naturally follow their path.

~~~
vlthr
There is definitely some distinction to be made between Google's and
Facebook's approaches to privacy, but data anonymization is a more of a PR
technique than a privacy one. It can be done if you accept that you may lose
nearly all of the valuable structure in the data, but that is always going to
be a hard sell.

Recently there has been a lot of discussion in Sweden (maybe elsewhere too)
about anonymized mobile phone location data that is sold online. In that case
"data anonymization" usually meant swapping out personal identifiers for some
token. If that was the only information you had you'd be more or less fine,
but what if you have access to some correlated side-channel information that
IS personally linked? In the location data example, just combining with
publicly available home address data is enough to de-anonymize nearly every
person in the dataset (i.e. where does anonymous token X go every night and
leave every morning?).

This problem emerges very quickly as soon as you start linking together
multiple pieces of anonymized data (or just sampling the data with high enough
resolution). The only real virtue of data anonymization is that it prevents
casual snooping by the people that work with the data.

~~~
AstralStorm
Essentially it is not anonymized but pseudonymous. No identifier and no timing
data would be much closer to anonymous.

True bounded anonymous data is done by aggregation and/or mixing.

------
mark_l_watson
Way back when, I had two Android phones and really liked them. I switched to
Apple phone, tablet, and watch because of privacy.

The title is a little strange, almost like saying you don’t need those luxury
Apple devices to get privacy, but that is wrong. For the mass market, I think
Apple is the company that is least bad on privacy. I use some Google services
like GSuite, Play Books, and Play Movies heavily but I cringe a little.

Not counting GCP, just consumer offerings: if Apple provided a good email
service that supported custom domains, I would just use them for everything
except deployment platforms like GCP and AWS.

~~~
ramraj07
I made the Android - Apple jump for the same reason four years back. Indeed I
was so happy with Apple's privacy features and their business model in
general. I did miss the tight integration of Google Maps and mail but felt
justified for the privacy gains.

Then their growth started to slow so they jacked their prices to ten
Benjamins, when really good Android phones cost half that. I really had to
evaluate how much I valued my privacy from Google in particular, and it didn't
feel like worth 500 every two years. Important point being compromising with
my data with just Google and blocking all the other companies (Facebook, etc).
Google while it's collecting a metric fuckton of data about me, seems to be a
lot more transparent about it and gives clear ways to clean my slate. Also
doesn't look like it shares it with any other partners. So I just figured I'll
stop paying the apple tax for now, and reevaluate later if the situation
changes.

~~~
blub
Looks like you figured out by yourself that privacy is indeed a luxury good,
in spite of what Pichai claims.

------
olivermarks
This NYT 'opinion' piece is a textbook piece of public relations writing,
perfectly pitched and complete with interesting illustration of 'the author'
looking earnest...

------
fyoving
Yes it's lip service but this whole narrative about online/digital privacy was
seize on by traditional media to bash tech companies while driving traffic to
their properties. It also gives some academics and "experts" an outlet to
promote their books.

You have the right to choose not be watched while you're going to the bathroom
but the whole online privacy "controversy" is a means by which foreign
countries and other interested parties try to justify stifling US tech
companies it's also more nonsense for the self appointed "elites" to
philosophise over and pretend to know what's best for society, regular people
don't care about it nor should they.

~~~
jasonhansel
Never listen to experts! They think they can advise us on what to do, just
because they happen to have deep knowledge and relevant experience with the
issues at hand. How arrogant of them! </sarcasm>

~~~
fyoving
There is a difference between actual experts and academic title profiteers.

~~~
blub
Just like there's a difference between a month old account defending the tech
behemoths with dubious claims and a real argument. We can figure the
difference by ourselves no worries.

Zuboff, Solove, Schneier, etc.

------
boh
This is pretty much the same tactic finance companies are using to stem the
growing political fallout. First get in front of it by acknowledging the
problem, then explain how you're not part of the problem, and most
importantly, outsource the solution to "legislation".

~~~
SpicyLemonZest
Don't we want companies to outsource the solution to legislation? I'd rather
have Congress than Google be in charge of deciding how much privacy everyone
deserves.

~~~
AnthonyMouse
> Don't we want companies to outsource the solution to legislation? I'd rather
> have Congress than Google be in charge of deciding how much privacy everyone
> deserves.

Until the legislation is written by the industry and doesn't rein them in one
bit but imposes large compliance burdens on smaller competitors and further
entrenches the incumbents.

The actual solution isn't corporations _or_ governments, it's people being in
control of their own stuff. Google and Facebook can't invade your privacy if
your data is on your own device and not their servers.

~~~
orcthwy012
What does "people being in control of their own stuff" even mean? Right now,
people are in control and they choose to use software that is convenient for
them, which happens to upload their data to the cloud. How do you force people
to use software that doesn't do this?

It's also unclear whether in practice people being in control over their
devices better protects the users - back when that was the case, malware was a
bigger problem than it is now.

~~~
AnthonyMouse
> What does "people being in control of their own stuff" even mean?

It means that Facebook et al don't have it to begin with.

> How do you force people to use software that doesn't do this?

Why do you have to force people to do anything? That conclusion requires some
major cognitive dissonance.

There are two options here. One is that people are rational in not caring, and
in that case there is no problem and nothing needs to be changed, so what are
you complaining about? But let's suppose that's not it.

Then it's that privacy is important and people should care about it but they
don't understand, in which case you don't have to force them to do anything,
all you need is for them to learn what is happening and why they should care
about it. It requires information, not regulations.

You can't regulate a fox in a henhouse, you can only teach the farmers why
fences are important before they learn it for themselves.

> It's also unclear whether in practice people being in control over their
> devices better protects the users - back when that was the case, malware was
> a bigger problem than it is now.

We need to give all our data to Facebook because malware? How does that
prevent malware at all? What is Facebook's server going to do that your phone
couldn't do for itself?

"But malware" it seems is the new "but terrorism" or "think of the children"
as a generic excuse for every authoritarian policy in the book.

~~~
orcthwy012
So what do you mean by "people being in control of their own stuff" \- why
even bother talking about something that will never happen? I mean other than
maybe Richard Stallman, who even does anything remotely close to this?

Wrt: malware, what's definitely helped here is that people spend more time on
centralized platforms that are able to tackle problems at the source, as
opposed to visiting random unsafe websites and downloading random software.
Likewise, telemetry in OS almost certainly helps greatly in fighting malware.
Centralization in terms of both data and usage helps greatly.

------
charlesism
I scanned this essay for the inevitable "there is more work to be done" line.
This time it's "we know our work here is never done, and we want to do more to
stay ahead of user expectations."

~~~
dlivingston
Every controversial company seems to have one. For Twitter, it's "we're so
sorry, we know we've let the community down, and we promise to do better in
the future"

~~~
snaky
The "sorry" part was presented best by BP in South Park I think.

~~~
simongr3dal
Video with the referenced South Park clip:
[https://www.youtube.com/watch?v=15HTd4Um1m4](https://www.youtube.com/watch?v=15HTd4Um1m4)

------
ehsankia
This I/O was all about On-Device ML. As ML chips get more powerful, a lot of
these cool features that were only possible on the cloud will be moving to the
device, lowering latency and working in poor network conditions. Google's use
of Federated Learning is interesting too.

~~~
AstralStorm
Yet they will all call home tracking your every action in an aggregate. So
Google and co. can plausibly deny having direct data - except they wrote the
ML algorithm to be useful for the purposes they want so who knows how
recoverable real data is.

------
Mikeb85
I'm not sure why everyone here is so concerned about the fact Google collects
data, but doesn't actually sell it? Google might connect ads and your data
anonymously, or use algorithms applied to your data for their services, but
they've never been shown to actually give your data to anyone, nor to abuse it
in any way.

Compare this to how lazy other companies have been with data breaches (Apple,
Sony, Equifax, a ton of others), or companies that will actually sell your
data (phone providers, credit card providers, various discount cards, etc..),
I don't see why Google is always targeted.

When I had a Hotmail account back in the day, it got hacked (and I've always
had strong passwords). Gmail has never been hacked. Windows has ads and
spyware throughout Windows 10, Google shows you ads when you search for
something. Yet MS gets a pass these days, people forget about Apple's weak
account security in the past not to mention apps abusing permissions, but
Google is constantly demonised.

I don't get it. Of all the tech products I've had over the years, the Google
ones have been the best, the most secure, the most useful. They collect more
data, but as far as I've seen, they also protect it the most.

~~~
username223
> I don't get it. Of all the tech products I've had over the years, the Google
> ones have been the best, the most secure, the most useful. They collect more
> data, but as far as I've seen, they also protect it the most.

They're _way_ less sketchy than Facebook and data brokers, and better at not
letting people's data leak out ("sorry"), but the sheer volume they collect is
frightening. For the average Android user, they collect every search query,
complete browsing history, complete location history, and more, all
"anonymized" but easily correlated to a real person, and store it more or less
forever.

They've avoided Yahoo- or Equifax-scale breaches, as far as we know, but it's
just a matter of time until someone hacks the world's biggest store of
personal data. Even if that happens years from now, I wonder how they will
monetize all of that data when merely slinging ads no longer satisfies
investors.

------
scotchio
If use Google while not logged in, sometimes you see the “Privacy Checkup
Time” alert.

Feels like a trick: Login, give us your info, and then privacy checkup.

Just thought it’s funny. Either way, can’t complain the for the efforts being
done

~~~
skybrian
If you have a Google account, it might not be such a bad idea to check on it
occasionally and make sure there's nothing turned on that you want to be
turned off or deleted? (In particular, connections to other apps that you
might have forgotten about.)

And then log out.

------
prh8
This is just a response to the ScreenTime piece that ABC and Dianne Sawyer
just put out. Really great watch but it did make Google look bad (and Apple
pretty good).

------
cinquemb
Yes, it should be bottled made available as cheaply as possible branded in two
different flavors Google Privacy In A Can™[0] and Google Privacy On The
Go™[0]:

"So right away, let us cast aside the technological protocols, that are
usually referred to as “the internet”, that of which was built upon that make
accessing or publishing information public between two or more machines…

Because talking about such things would require most internet users to cast
aside social constructs they willingly suspend on a daily basis upon engaging
with such technology/services (without any care to understand for oneself, one
might add) and then demand collectively in retrospect to have their cries
pacified while continuing to use such services (of which, most for free).

Yup, let us look past all that and believe (because that’s all we can do for
ourselves) that institutions/organizations/companies/governments, that all
consist of our fellow human beings in all of our qualities and flaws, can
provide for the individual that which he chooses not to do for himself, to a
satisfactory level in which his desires are forever coddled and placated."

[0] We will give access to our preferred government bulk data buyers on the
grounds of National Security.

------
natch
That’s rich coming from him.

------
sonnyblarney
I suggest that Google's dependency on knowing everything about you puts them
in a completely existential crisis with respect to privacy - your data is in
their DNA, there's just too much at stake.

MS and Apple can be far more aggressive in this regard because they simply
don't really need your data in the same way to make money.

~~~
charlesism
And why is it that we all trust Google is unhackable? I won't be shocked if
someday a torrent turns up with billions of private Gmail messages and user
search history records.

~~~
debatem1
Perhaps because such a torrent has not shown up in the last 20 years?

~~~
charlesism
"Equifax was founded by Cator and Guy Woolford in Atlanta, Georgia, as Retail
Credit Company in 1899"

And the thing is that most people would never _knowingly_ make the privacy vs
utility trade-off. The risk (that the entire world gain access to one's search
history) is not in the best interest of most users. Personalized search does
not provide _that_ much added value.

~~~
debatem1
Ironic that you should bring Equifax up since they would literally sell
everything they had on you to anyone who could pay until Congress stomped on
them with the FCRA. If you thought they were ever a good steward of your data
you weren't paying attention.

~~~
charlesism
Equifax is in the business of selling data. I will grant you that's a good
point. I suppose the issue now boils down to whether 20 years is a long time
or not. I don't think it is, but I don't see a conclusive way to argue either
side of that. I'm not sure how to continue at this point :)

~~~
debatem1
I guess all I can do is say that 20 years of good behavior is enough to
convince the state to release you for first degree murder, and most people
seem to feel ok about that. I'd suggest that most people probably don't know
their spouses or best friends for 20 years before trusting them, either. And
you could declare bankruptcy twice in that time and still have pretty good
credit. So as a society we seem to have accepted that 20 years is actually a
pretty long track record. Not sure why our standards for infosec should be
higher than any of those things.

