I absolutely believe that engineers and product teams do care about their users.
That said, I also completely believe that Executives at Google are driven by what drives the majority of Google's revenue, i.e. the people that pay them the most money, their customers, advertisers.
Engineers can have the best of intentions but what Google or any company, especially a publicly listed company beholden to their shareholders, ultimately ends up doing is what ultimately benefits their shareholders as decreed by their leadership.
I'm not saying you should trust any corporation to ultimately have your best interests at heart. I'm saying you should trust what is on their balance sheets to determine what values they will hold and protect when they decide their lobbying budgets in Washington, Brussels, etc. for the year. After that, you can vote with your wallet, time, attention, or whatever asset it is you hold that a given corporation covets.
So can you say with certainty that if I pay for GSuite that Google won't mine my hosted data/metadata or other information any more or less than someone that doesn't? Does Google only track my purchases in the Play Store to keep track of what I have in fact purchased as a good storefront would, and not to store it in a larger profile they've constructed of me or just sell the info on to a broker? I pay for YouTube Red, so does Google not use any information from my YouTube profile for advertising purposes on its other properties?
I can say with certainty that Google does not treat paying G Suite customer data the same as consumers'. It is not mined, it is not targeted, and it is not used in any way for advertising purposes.
I can say this as a former G Suite buyer who signed the contract & ToS, a current googler working with G Suite and Cloud resellers, and as someone who has been a part of Google's internal GDPR readiness programs.
I cannot address the rest of your questions authoritatively, but I don't particularly care about those, either, comparatively.
you’ll note that in their statement at https://gsuite.google.com/learn-more/security/security-white... they explicitly refer to no advertising in the G Suite Core Services. those are defined here http://gsuite.google.com/terms/user_features.html. not listed in the G Suite Core Services is regular Google Search. so what they’re saying is is that none of the data you put in any G Suite Core Service like Gmail, Drive, Groups, Keep, Sites etc will ever be used to target you with ads.
however, anything they can get from your browsing habits via google.com search and other ways of tracking you via data you may expose from non-G Suite Core Services, are fair game.
i have been a personal and corporate admin of G Suite nee Google Apps for 5 years. i believe the policy is adhered to by Google through my own anecdotal use as user and engineer over many domains and companies. and i believe who claim they can prove Google is scanning paid G Suite account data and using it to target are not realising that non-cloudsearch ie regular google.com searches and everything connected to your G Suite profile based on those searches is what is getting you targeted.
This was a relatively recent (last couple yars) change, I’m guessing in part driven by pressure from their new enterprise sales push, due to the more vigilant regulated enterprises in US and enterprises in EU simply unable to purchase services due to Google’s data access and use being so pervasive it violated regulations.
It is not clear to me from papers up through, say, 2016, whether you’ve achieved a guaranteed (compliant by technical architecture rather than by policy) level of access and data separation. Direct conversations had also made it clear it was not yet achieved.
You mentioned GDPR which indeed should require you to have to do the right thing soon, but it allows policy vs. technical controls. Bad actors don’t care about your policy, and good actors make inadvertent errors.
I’d like to know if/how the tech under the hood has changed o support the last couple years’ contract changes and upcoming EU compliance.
If anyone can point me to more recent papers or talks that evidence how it’s now impossible for, say, even a motivated bad actor in support or bad actor in SRE teams to violate data policy, I’d appreciate it.
Even if you can only talk to me off he record, I’d appreciate it.
Clarification on G Suite received and acknowledged! I am not someone who has signed the contract & ToS, and was prior to now, wary of doing so because it was attached to the Google name. I do thank you for taking the time to acknowledge and explain how Google treats G Suite internally.
Pretty sure GSuite data is basically separate from everything else, you'd have to look at the ToS for the details, but it's kept separate to keep corporate customers happy.
This leads to issues for anyone who has tried to use a Google account setup through GSuite for consumer apps where they basically don't work at all.
> ... [Corporate data is] kept separate to keep corporate customers happy.
Can you imagine the stupid amounts of lawsuits that could be generated if Google were in the habit of scanning business documents and reselling information about them to third parties? I know they have a ToS, but the aggregate legal departments of all their GSuite customers are preeeetty big.
The problem is, I've talked to the engineers who are proud of building this ad blocker despite it's obvious antitrust problems, and engineers who are proud of building AMP for email. Where is their moral compass when these are things they think are okay?
I want to believe the software engineers are good people, but how do I square that with the things they are not just making, but enthusiastically supporting?
When and where do you start ascribing morality to software engineering and deciding who are "good people" within that domain? Like any business, there are those of us that agree with their choices, and those of us that disagree with their choices. I can't fault them for taking pride in their work, even if I vehemently disagree with the result of it.
I can't fault them for taking pride in their work, even if I vehemently disagree with the result of it.
Then yes, you can. Your argument, applied broadly, has you applauding the pride of IBM engineers who developed systems to assist the Nazis in identifying people to slaughter. The idea that engineering exists apart from moral principle is absurd.
That said, I also completely believe that Executives at Google are driven by what drives the majority of Google's revenue, i.e. the people that pay them the most money, their customers, advertisers.
Engineers can have the best of intentions but what Google or any company, especially a publicly listed company beholden to their shareholders, ultimately ends up doing is what ultimately benefits their shareholders as decreed by their leadership.
I'm not saying you should trust any corporation to ultimately have your best interests at heart. I'm saying you should trust what is on their balance sheets to determine what values they will hold and protect when they decide their lobbying budgets in Washington, Brussels, etc. for the year. After that, you can vote with your wallet, time, attention, or whatever asset it is you hold that a given corporation covets.
So can you say with certainty that if I pay for GSuite that Google won't mine my hosted data/metadata or other information any more or less than someone that doesn't? Does Google only track my purchases in the Play Store to keep track of what I have in fact purchased as a good storefront would, and not to store it in a larger profile they've constructed of me or just sell the info on to a broker? I pay for YouTube Red, so does Google not use any information from my YouTube profile for advertising purposes on its other properties?