
Google photos allowed the wrong users to download videos - msh
https://twitter.com/jonoberheide/status/1224525738268905477
======
fwn
Apart from the bug and the problems it led to:

This is probably the most degrading email I've ever read. Why didn't they try
to write something empathic?

They've sent private (potentially critical) documents to someone else and the
only feeling they admit it might provoke is "inconvenience". And they
apparently aren't even entirely sure whether it may provoke such feelings,
given that they chose to write "we apologize for any inconveniences this may
have caused".

That plus the classic not to apologize for failing to keep user data private
but to apologize for a feeling of inconvenience this may have caused. As if
the problem was caused by the user.

It's like a formal version of "Hey, looks like in the end, you made a huge
mistake by trusting us, Google, with your data. anyway. inconvenience? Sorry
that you feel this way."

I think I'd struggle to write a worse notification letter. Who usually writes
those things?

~~~
msh
yeah, these videos might contain extremely private information and have people
in them that are publicly identifiable based on the video.

------
jasonvorhe
This is tough, since this could kill careers, end families and destroy
friendships, if the wrong photos where to end up in some public dump. It just
requires one bad actor to know of this and abuse the service, trying to
exfiltrate as many photos as possible and then run some ML face detection on
the data set.

This mail is really shameful and lacks lots of information. If they have the
log data, they should disclosure how many people got access to how many photos
in which timeframe.

Google is really on a decline here.

~~~
jasonvorhe
I should have read the quoted mail with more focus, the timeframe is actually
in there and it's rather short.

------
rhabarba
See, the cloud NEVER loses your data - they even have decentral backups now!
/s

------
mindracer
Expect a large GDPR fine coming their way

