Hacker News new | past | comments | ask | show | jobs | submit login

> let's agree for the sake of argument that it's still evil, and both the NYT and Google do it.

I don't think I'm willing to agree to that. What bit in the Google Privacy Policy makes you think they do it (it doesn't seem to fit in under any of the four categories of sharing)? And do you have an example of them actually doing it?

Re: location, I don't understand the distinction you're trying to make here. Under section 4 NYT says they collect "IP addresses, geolocation information, unique device identifiers". They "use and disclose this information for any purpose", which seems rather broad and "store it in log files". The retention is specified as "as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law".

(NYT then have a section on a specific app whose location information you can turn on/off, just like Google has a section on the Android location and Location History that can be turned on/off.)

Re: what does the article criticize Google for:

- Having a "sprawling 4000 word policy". NYT is the same.

- Treating the users as individuals rather than as aggregates. NYT is the same.

- Sharing data (which the article sneakily puts as the heading of a section that's not actually about sharing data). NYT is slightly worse.

- Personalized ads / ad targeting. Google basically just say they use data to personalize ads shown to you, and link to the controls for it. The NYT policy says they target ads by ZIP code or IP address, but on a re-read I agree that they don't say anything about personalization (I misread the last paragraph of 4.B, it seems to actually be about targeting ads for the NYT, not ads on NYT).

- License for uploaded content. The authors are pulling a fast one here, since that's the TOS rather than the privacy policy. The NYT TOS, of course, has almost exactly the same language.

> And that being the case, claiming that the NYT's privacy problems are "basically everything" of Google's, seems so facile as to trivialize the debate

But I didn't claim that. I said that everything the authors criticized Google's policy for was also in the NYT policy. And fair enough, maybe it wasn't everything but more like 4.5/5.

I think there would have been a much better article here somewhere, where they'd e.g. first done a critique on the NYT policy using a similar tone as here. Shredding NYT like that would have certainly gotten the reader's attention. And once you've established a baseline and gotten the reader worked up, show how the Google/Facebook/etc policies are even worse.

First, thank you for correcting me that Google does not sell personal user info to third-parties, at least in the way that the NYT sells subscriber info to other mailers. And thank you for pointing out the clause in 4A, regarding "We collect information about the computer [such as] geolocation information", and how a reasonable interpretation of that means the NYT reserves the right to store and analyze location info.

On the topic of location information, my justification for seeing the difference is based on a couple of factors:

1. What ability does the NYT have to collect GPS info from users other than through mobile and explicit permission? I can't remember when I was last prompted by my browser to allow NYT access to the browser geolocation API (some interactive apps may use it), but it's still an explicit prompt. And it's still limited by me having to actively use their services.

2. I do know that Google allows for users to opt-out of and delete Location History. I'm happy to assume (and don't know any counterexamples) that when Google says it deletes the history upon user request, that it's an actual deletion, not just a database flag. But in all that I've read, I've never been clear on how opting out of Location History affects or relates to any other location data collected by Google's services. For example, from the Manage Your Location History page:


> When Location History is off: Some location data may continue to be saved in other settings, like Web & App Activity, as part of your use of other services, like Search and Maps, even after you turn off Location History.

So as an engineer, this seems reasonable to me (even if I think it's not obvious to laypeople). But is there a section where Google describes the nature of that other location data, including how it's managed and stored? In other words, if I turn off Location History, and later I'm part of a police request for geolocated devices, what potential info of mine is there for Google to share?

For the sake of argument, I'll concede a couple of points: that the NYT reserves the right to collect, store, and use GPS-level data. And that the NYT is no less compliant than Google when it comes to legal requests (and to be clear, I do not believe that Google is particularly subservient to law enforcement, and is not opposed to fighting on behalf of its users when it can). So the main difference is what each company collects as part of its normal operations, and how important/sensitive that information is for each user.

What is the worst-case scenario for the NYT user whose complete information the NYT, through malice and/or incompetence, divulges to a third-party? Billing info, of course. All my devices and everything that shows up in an IP log. Every article I've clicked on in the past 5+ years, and related page analytics. My comments/interactions on the comment sections. And I'll assume every search query I've ever made on its site. Those are all things I would never willingly put out for display, and of course I don't know the unknown unknowns (all the potential risks I can't even imagine), but the NYT-exclusive data seems mostly limited to content I've consumed and when/where I was when reading NYT-operated sites.

With Google, I don't have to imagine hypotheticals. Here's a pretty bad situation -- but by far not the worst-case scenario I can think of -- in which a man was wrongly arrested based on information provided to police by Google's SensorVault:


By all accounts, this kind of geofenced dragnet is very new, and at the time of this man's arrest, used only a handful of times. And yet despite the best intentions of Google's legal and engineering team, and what I'm assuming is good faith work by experienced homicide detectives, we already have a known and publicized incident that turned into a classic and rare nightmare law enforcement scenario (an innocent person being imprisoned for a murder).

I don't think the above situation is an extreme one, other than it happened to involve a murder, which is a situation in which law enforcement generally acts with the most discretion. But in any case, Google search results are routinely used as evidence in criminal cases, and while they often correlate with the prosecutor's case (e.g. the suspect John Doe searched for "how to hide a body" just days before the victim James Doe went missing), search data is just as prone to wild and broad misinterpretation, and anyone who googles random questions/topics regularly is at risk of cherry-picked evidence -- A well-known case is Casey Anthony's misinterpreted search for "chloroform":


Again, I reiterate, these issues don't arise from malice on Google's part. But that's irrelevant -- Google has no choice on how well others use the data they give. But knowing the actual consequences, they do have a choice in data retention policies, even if it means making it clear to the user, "Sorry, we couldn't run our systems unless we kept data in perpetuity, and that's just how it is". Until I can even imagine a situation in which NYT-exclusive data can (justifiably or not) wreck my life, I simply don't expect the same level of scrutiny for their privacy policies.

And just to be clear, this cuts both ways. The NYT, like many news organizations, have public (and internal) policies regarding conflicts-of-interest and employee public behavior: https://www.nytco.com/company/standards-ethics/

For example, I do think Google, given an indisputable document trail, would punish or fire the shit out of an engineer who was found to have manually tweaked/censored search results as a favor to their politically-connected lover. And that would/should happen at any news outlet. But AFAIK, Google (and most non-media industries) does not require or suggest that an employee tell their managers about possible conflicts of interest (romantic or not). Whereas the NYT does [0], which gives the NYT the right to fire an employee for failing to inform their editor, regardless of whether the relationship results in unethical actions.


And to me, this is fine, because it's not just about the ethics, but the potential for harm given the realities and the nature the work. It is patently obvious to me (and most journalists, I would hope) that a reporter has unilateral power to dictate what does (and does not) get covered on their beat, such that a reporter could intentionally hijack their work for a long while before suspicions arose. Is this the same at Google? Can the average employee have the unilateral ability to maliciously change the search index, without it being caught in a pre-production review, or it being explicitly recorded in an audit log? It doesn't seem so.

And because of the stark difference in the expected work and responsibilities, if the NYT were to not have its current ethics policy, and a Google exec were to call them out (e.g. "don't trust the NYT, they don't have a policy preventing their tech reporters from dating, and thus being influenced by Microsoft or Amazon employees"), I would disagree very strongly with an NYT apologist who says, "Well neither does Google!"

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact