Hacker News new | comments | ask | show | jobs | submit login

Is the EFF's problem that this information is stored on Google servers?

Syncing settings to an account seems like one of the prime selling points for a school using chromebooks. A child loses their chromebook, or gets issued a different one the next September all their favorites, apps, etc are there ready to go when they sign in.

https://support.google.com/chromebook/answer/2914794?hl=en




Let's try this exercise. Replace "Google" with "Lenovo".

Lenovo sells computers to schools. The computers upload everything entered onto the computer to Lenovo by minors without consent. Everything uploaded is data-mined. You can switch it off in some obscure setting.

You would have people carrying pitchforks here instead of saying "really?". Google doesn't get a pass. This is shady. Should be off by default.


The entire premise of the Chromebook is that nothing is stored locally and you're almost exclusively using web services. That's how they're expected to work. You can't use one without knowing that your data isn't stored on that specific machine because in many cases you can't even access your data without an internet connection.

I've seen no evidence of data mining - I can't even think of a use for this data, much less a use that would be worth the risk considering their growing popularity and how well Office in schools worked out for Microsoft. I imagine just them using Gmail and Google apps is far more valuable than any fruitless advertising to people that can't spend money.


> The entire premise of the Chromebook is that nothing is stored locally

A piece of hardware doesn't have a premise. I installed Linux on my Chromebook. Is that wrong?

At what point did we stop decoupling software and hardware?

I'll pass on that notion.

> I've seen no evidence of data mining

You're kidding, right? I promise you, Google is keeping tabs on every byte passing their servers. So is everyone else. Hell, so am I with my servers.

> I imagine just them using Gmail and Google apps is far more valuable than any fruitless advertising to people that can't spend money.

What? Google makes money through advertising. They can't advertise if they don't know what you like. They only get paid when you click. So yeah, they data mine GMail and all the other Google Apps to know what ads to show you. And they show them on all of their properties.

That's why there's a switch there to stop sharing with other services, etc. and that's why they're now promising to have that off by default.


> Everything uploaded is data-mined

From the article: "Google does not use student data for targeted advertising"

So... what's the problem?

The data is uploaded for a clear and legitimate need, the ability for school's to loan out chromebooks on demand. The data is not used for advertising.

Near as I can tell the complaint is this nebulous "it's being data mined" with no elaboration or evidence.


Also from the article:

"EFF’s filing with the FTC also reveals that the administrative settings Google provides to schools allow student personal information to be shared with third-party websites in violation of the Student Privacy Pledge."

"Google told EFF that it will soon disable a setting on school Chromebooks that allows Chrome Sync data, such as browsing history, to be shared with other Google services."


The data still exists in aggregate form. Even if Google went against their business model of using as much data as possible for targeted advertising, as recent data breaches have demonstrat4ed, it is foolish to think the data will stay with Google forever.

Data that is sitting around unused is tempting to use the next time they hit a financial hardship, and it's a very tempting target for various types of thieves and governments with national security letters.

The proper way to handle this problem would be for Google (or whomever) to be liable for mishandling the data they hold. If google wants to have this data, they would then have a strong incentive for keeping it secret. Even better, it would encourage Google to only keep data for as long as it was needed ("leftover" data becomes a potential liability risk with no benefit).


> The data still exists in aggregate form.

Yes, because it has to, to serve the sync purpose. And the EFF is not challenging the sync purpose. The sync purpose is the entire reason schools are using chromebooks in the first place.

So no, the problem is not that the data exists on Google's servers.

> it's a very tempting target for various types of thieves and governments with national security letters.

OK now you must be trolling. Government NSL requests for 2nd graders chromebook data? Seriously?


> Yes, because it has to, to serve the sync purpose.

If you bothered to read my post, I never said that couldn't be done. They simply need to be liable (both civil and criminal) for any problems that arrive.

The idea that Google gets to collect all the data on people they want without any responsibility for how they handle that data is insane.

> OK now you must be trolling.

The fact that you think my post could be trolling suggests you aren't taking the risks from data aggregation anywhere near as seriously as you should be.

I'm not - those are examples, not an exhaustive list. That said, data stays around forever, while 2nd graders eventually grow up. If you want a more likely example, try insurance companies.


> They simply need to be liable (both civil and criminal) for any problems that arrive.

OK, but why bother saying that when they already are? Like, yes, Google is liable for data Google holds. Water is also wet.

> The idea that Google gets to collect all the data on people they want without any responsibility for how they handle that data is insane.

That idea appears to be something you made up, though?

> I'm not - those are examples, not an exhaustive list. That said, data stays around forever, while 2nd graders eventually grow up. If you want a more likely example, try insurance companies.

Since you're sticking by this please name a single thing a 2nd grader could do that literally anybody but their parents would give a shit about a week later, much less 10 years later?


> Since you're sticking by this please name a single thing a 2nd grader could do that literally anybody but their parents would give a shit about a week later, much less 10 years later?

< 2 minutes of searching:

http://abcnews.go.com/GMA/AsSeenOnGMA/story?id=4585388

http://fox8.com/2015/11/10/8-year-old-ohio-girl-caught-with-...

http://www.cbs46.com/story/17621353/six-year-old-arrested-at...


Try government NSL requests for your high school data. Things you searched for, or wrote, or did otherwise. Don't think they wouldn't reach for it if they know its there and can be used against you in any kind of way. Maybe that data is gone when you grow up; or maybe data storage is cheap and they just collect everything.


The context here is primarily about under-13 year olds, which is what COPPA is concerned with (Children's Online Privacy Protection Act).

And I'm still gonna go with nobody is issuing NSL requests for your high school drama.


> context here is primarily about under-13 year olds

My mistake, I didn't see that that. It's certainly more of a stretch that they would go after pre-high school data; but it might not matter, if in fullfillment of the NSL google has to provide said archived data anyway.

> And I'm still gonna go with nobody is issuing NSL requests for your high school drama.

That's not how counter intelligence works. You gather everything you can about a subject because it tells you more of who they are and what makes them tick, or break.

My problem is you're trying to exercise "reason" here. it's unreasonable to suspect that they would issue an NSL for school data. I agree. but that doesn't mean they can't, or won't. Or that such data wouldn't be exposed or used in another way. And that's the problem. It's not a non-issue because they're kids. It's less interesting because they're kids, but not easily ignored because of it.


It might not be for ad targeting, but it's for Google's monetization as stated in the article. It's mined.

Google should not be allowed near an educational environment. It's business is built on data collection and monetization of it.


> Google's monetization as stated in the article. It's mined.

Yes that's the claim but where is the evidence?

Unsubstantiated claims are also called conspiracy theories.


Its rather obvious why people are worried. It would be like having a lion in a cage with a deer. Sure maybe the lion isn't interested in eating because its full, or maybe it never intends to eat the deer because it gotten used to other kind of meat. Or maybe it gave its word that it wont. All that is possible. But instead of having to spend every second of your life watching if the lion eats the deer, we should structure the system so that its impossible for the lion to ever be next to the deer.

Google is an advertising company, and slowly they have been adding spyware-like capabilities to their product (address bar - keystroke logging in chrome, injecting every single search result with javascript, "accidentally" listening to users microphones for hotwords without their express permission, etc) It is perfectly natural to be very weary of such companies. I suspect people would be fine with Google providing the chromebooks as long as the contract legally binds them to never collect the data.

>Unsubstantiated claims are also called conspiracy theories.

No, they are not. Conspiracy theories have a connotation of being ridiculous and outlandish. That is how the general public understands the term. A company like Google whose bread and butter is datamining, being accused of mining additional data is not a conspiracy theory.


Where is the evidence for Google's claims of not using the data? Why would you take their word for it.

People who following unsubstantiated claims are also called apparatchik.


That argument doesn't work. It's like saying "well, prove the boogieman doesn't exist".

If you're going to claim malice, it's your responsibility to provide evidence.


Wrong - Replace Google with Canonical/Apple. Doesn't seem so bad now, does it?

Lenovo does not make the OS on the machine and DEFINITELY does not provide cloud services like Google.


It's not okay regardless who is doing it.


Or - it is okay depending on who does it.


You overlooked that small detail where for services where the cloud does not require plaintext, Apple encrypts everything with a key that never leaves the client.


Cool. Challenge to you; get some plain text from another google user account that's private.

If you do, don't reply in this thread. Just go straight here: https://www.google.com/about/appsecurity/reward-program/


I don't think he's worried about other users getting access to data, but what Google is actually doing with it themselves.


Yep.


Now you overlooked that small detail where it's Google that is exploiting the data, not me. And doing so on behalf of itself, its partners, its future partners and assignees in perpetuity, and your ex-wife's lawyer.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: