Hacker News new | past | comments | ask | show | jobs | submit login

We definitely have systems in place so that employees can not just randomly look at customer data, and when it is necessary it is always logged.

Even if we need to debug customer issues we would need a good reason to look at data over just metadata. There are strict requirements for what can go in logs and dashboards also as you can imagine.

> Absent any evidence, I'm inclined to think that they do very little to protect my data.

Well I think the evidence is mostly that people aren't having their personal data leaked by Google employees isn't it?




Are those logs available anywhere? Can users see when Google employees have looked at their data? Have those systems been audited by a third party to ensure they're working properly?

I'm sure most Google employees are good people, but your basically telling everybody to trust you that Google's doing it right, but not providing any evidence to back it up.


I used to work at google too. End users don't get casually notified when someone looks at their data. But there are definitely audit logs inside the company. I worked on a product and you couldn't look at the data without running a special command, logging in with your account and describing what you were doing, and they audited those afterwards (didn't happen too much I guess). Here's an article about someone fired when I worked there https://www.telegraph.co.uk/technology/google/8003925/Google...


I know of cases in telecoms where a couple of BT workers got 10+ years for conspiracy - provided information to a gangland hitman to murderer someone's parents.

And anecdotally in BT you would hope if you got caught for naughty shit you would rather the Local Police, The Met or The Service caught you instead of the internal security.


This part of that article is concerning:

> After the site broke the story, Google confirmed the engineer had been sacked in July after his actions were reported to the company via email.

Sounds like he was only fired after one of the victims reported him.


> Are those logs available anywhere? Can users see when Google employees have looked at their dat

For Google Cloud, we have access transparency logs which let you see when and why your data was accessed.

https://cloud.google.com/logging/docs/audit/access-transpare...


You left out a key bit of information: It's for Google Cloud customers with Platinum or Gold support.

Most GMail and Google Drive users can't see the access transparency logs.


You're right, Access Transparency is specifically for enterprise GCP customers (at least currently).


For enterprises, yes, with the significant caveat that some types of data look ups cannot be communicated to the customer because they're at the request of the government.


Well, plenty of data gets stolen all the time. Would be tough to trace it necessarily to a Google employee.

But if you say so, anonymous internet user, it must be true. (just kidding, sort of. I appreciate the info. But absent a neutral 3rd party audit, we're all just wishing and hoping.)


These things are usually audited by third parties. E&Y or PWC or Deloitte or etc.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: