Hacker News new | comments | ask | show | jobs | submit login

I wonder how much engagement Google/Facebook/et. al. lose from people who are about to make a comment/post a status/etc., and then thing 'Hm, no - this is private now, but what about in a year when they automatically change my privacy settings without asking me?'

Put another way, imagine I am a teenager or college student who uses Facebook.

1. Start to upload a photo from my phone of me and my friends doing shots

2. Try to figure out how (on my phone!) to set privacy settings so that my younger brother (who is my Facebook friend) and my parents (who aren't, but use the Internet and sometimes Google my name) can't see it.

3. Remember that Facebook has a history of "expanding" privacy settings retroactively

4. Think "Ah, fuck it", and send a Snapchat to my friends instead.

In reality it's probably not that common right now, but hopefully that may increase in the future. You can only pull the rug out from under your users so many times before learn to walk along another path.

I don't really want to dive into this conversation in any real depth, but I do want to point out that Google+, with old features or new, has never violated the ACLs that users set. If you set something to private, it remains private forever.

To do otherwise would be corporate suicide.

Disclaimer: I work for Google, but not on G+.

No, but Buzz was a horrible metadata leak. It's not like there's a guarantee no data will ever leak.

> I do want to point out that Google+, with old features or new, has never violated the ACLs that users set. If you set something to private, it remains private forever.

I know that, which is why I used the example of Facebook.

However, Google+ does make it incredibly easy to leak information that I would otherwise consider private accidentally.

For example, I can't use Google+ with my primary email address, as it's a Google+ account. However, because it's linked with my Gmail account (which does have a Google+ account), some people who have added me on Google+ have been able to figure out my Gmail address (which I haven't used for email purposes in years[0]).

I can imagine all the technical reasons for this, but that doesn't change the fact that it feels a bit wrong for a service to hand out my old email address (which I never give out anymore) to people I've met recently and who have added me on Google+ using my current email address.

Imagine your Google+ email address is something that you can't change, but don't really want people to see anymore - this isn't uncommon; it appeared in a New York Times piece just yesterday, in the context of college admissions[1]. Thankfully, my personal email address is much more tame than that student's, but that still doesn't mean I want anybody to know or use it nowadays.

Furthermore, it's incredibly easy to sign up "accidentally" to use Youtube with Google+ and your "real name" instead of continuing to use your pseudonym.

As for the distinction you point out - I know the difference, and you know the difference. But most users don't.

> To do otherwise would be corporate suicide.

Apparently not completely - Facebook's gotten away with it for years![2]

[0] This may have been fixed, since it was a while ago that I last noticed, but it was still the case for quite a while.

I would have to go through my inbox to remember the details of why this happened - I remember debugging and tracking it down. But the fact that it took that much effort to discover why my new acquaintances suddenly knew my old (personal) email address, and that I can't remember anymore, speaks volumes as to how easy it would be for a less savvy user to accidentally leak information that they wanted to keep private.


[2] http://mattmckeon.com/facebook-privacy/ - this graph doesn't distinguish clearly between those which were automatically retroactive and those which weren't, but that's a topic that's been well-reported and is easy to search for.

I'm honestly not sure how your email address would be leaked, vanity URLs are name-based and at least one of the reasons Plus uses ID strings was in order to prevent leaking any account details through the URL. I'm sorry that other people are figuring it out, that sucks. If you remember what happened and think that G+ has had a hand in the leakage, please feel free to ping me (my URL is in my profile) and I'll try to follow it up.

Personally I do feel that G+ has done a good job at communicating to users the privacy they do and don't have, as the ACLs were baked in at the beginning. I think users have had the possibility to be confused when data is being used outside the http://plus.google.com domain, like Shared Endorsements and the YouTube comments, as this opens up the worry ACLs are being violated. I think there's more work that can be done to communicate that this hasn't happened, such as putting the "Shared (publicly|privately)" on YouTube comments so you can see why those are there.

> If you remember what happened and think that G+ has had a hand in the leakage, please feel free to ping me (my URL is in my profile) and I'll try to follow it up

Thanks for the offer - I really appreciate it. I think it had something to do with group contacts in Gmail, but I can't remember. If I have some time today I might take a look.

To clarify: I'm not exactly mad at Google in this case, because I'm a developer and I know how tricky it can be to get these things right even in small, standalone products[0]. And unlike some people on HackerNews, I don't think this is a result of bad intentions. It's just that, every time I see something like this happen (beagle3 points out the example of Buzz below), I can't help but notice that users' trust is both fragile (easily broken) and unforgiving (no benefit of the doubt).

These things are tough to get right, but they're very critical for the long-term success of a product.

[0] Also, the consequences for me happened to be pretty mild, thankfully.

It sounds like it was a failure of design.

Then perhaps they shouldn't have taken the design into use until it was... usable. And it's really more than merely design in any case, it's at least a pretty core piece of underlying philosophy - connect everything to G+.

It's one thing to do this if you're a new service, with users that don't have all kinds of baggage with you - if your UI isn't great they can choose to accept it for the value you offer or reject it. But existing users it's almost a kind of fraud - you convince em to join under a false pretense but then change the rules half way.

I am a 22 year old kid and I can't tell you how many times this has happened to me. It even happens with snap chats actually, because of the apps that allow you to save a snap. I am noticing however that there seems to be a strong correlation between household income and internet behavior. My wealthier friends all have pristine online images, while the poorer ones tend to share more.

I'm pretty sure Snapchat notifies you if the other party takes a screenshot of your photo, though.

There are actual apps you can download that allow you to save a photo or video, not just the screenshot. I'm actually pretty baffled that people still don't know about them. Renders snapchat useless.

The concept of Snapchat is useless - it's literally DRM. It will work well enough for some folks, but fundamentally it simply isn't technically possible. At least not without a "trusted computing" model with remote attestation and so on.

No, its fundamentally impossible: http://en.wikipedia.org/wiki/Analog_hole

You can prevent the actual bitstream from being copied with "secure" hardware, and most such hardware includes systems that verify output devices. Of course nothing stops you from taking a picture or video of the screen, but that's not making a digital copy. (Although, with a high resolution scanner, you could read every pixel and reverse the encoding and possibly end up with the same bit-by-bit value.)

They notify you but that other person still has the photo. It's better than nothing but it's not that helpful.

Unless you have a jailbroken phone...

See my post above, its an actual app.

The scenario you describe is precisely why I like G+'s circles; every post and every photo shared is shared with a specific subset of my contacts. The vast majority of my posts on G+ are targeted at only a fraction of my friends.

Facebook had this functionality for years before G+ launched and is built into the status update box.

I'm well aware of that, but the UI is nowhere near as convenient and targeted sharing doesn't play as central a role. "Circles" was the major differentiating feature when G+ launched.

Plus you can have closed user groups on Facebook. They work well....

> 1. Start to upload a photo from my phone of me and my friends doing shots

Just don't do this. Seriously. Don't do it. I don't know why people keep putting self-damaging things on the Internet. If it's on the Internet, you should consider it as public. Full stop. There's so many avenues for things to get out into the public (leaked passwords, website glitches, human error in general), that unless you're extremely careful about the dissemination of that information (hint: don't be /in/ the picture in the first place, or you've already lost), the data is as good as public.

Really, what did you gain by putting that picture on the Internet, anyway?

what's wrong with doing shots? you're acting as if it's universally unethical or something

what about this: someone is being odiously racist, so I write a brutal reply to shut em down. Should I also hesitate on doing this, thinking that some employer may infer my radical left politics from it and stop me from getting a job in the future?

All you need to know about common sense about what to upload online is that it changes, not only in time but from social scene to social scene.

[Really, what did you gain by putting that picture on the Internet, anyway?]

It is a memory. Doing shots isn't wrong or bad. Maybe doing 20 of them and then driving home from the bar is bad. Posting pictures is a way to relive a precious moment in time with others.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact