Hacker News new | comments | ask | show | jobs | submit login

The facts as Arrington presents them don't justify being "nearly certain that Google accessed my Gmail account".

Even assuming his drunken source was accurate and truthful, there are other explanations for how Google could access the source's email.

This event happened "a few years ago", when Yahoo, Hotmail and AOL weren't protecting their email with SSL. Google could easily watch unencrypted traffic crossing its internal network and flag sensitive communications.

If they're not doing this, they should be. They don't have to read Arrington's Gmail to get his source's unencrypted communications with a non-Gmail provider, as long as his source was using a Google computer or a Google network.

So, let's pull out Occam's Razor:

- choice A: Google is logging all unencrypted communications from their staff (a rather vast amount of information altogether, I suspect, given how Google employees throw data around), in order to be able to go back retrospectively and wade through it to find leakers

- choice B: Google grepped through Gmail to find the leaker, which they have a complete legal right to do and has a marginal cost of zero.

Do you really think the communications of googlers is "vast" by google standards? Do you think their internal websites are as big as the internet?

Indeed. If the razor has to be applied I'd go with A because it's simple and feasible enough solution for a company like Google and because B would imply virtually zero levels of corporate worries about the eventual PR downfall. The fact that It's Arrington we're talking about here and not your next-door blogger, reinforces the probability of A being the simpler choice.

No way. It would require poring through so much more raw data to take raw tcp traffic, structure it somehow and pull out email messages (option a). Compare that against going through structured data in the gmail storage system (option b). Option B is much, much simpler.

... they should be?

I think there are differing expectations of privacy. I don't think there's anything strange or even untoward about employers tracking internet activity on their machines and their networks. It would not surprise me to be sacked for eg. browsing porn while at work, even if I did it from my phone or laptop instead of a company computer.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact