Privacy Advocates Slam Google Drive's Privacy Policies 219
DJRumpy writes "Privacy advocates voiced strong concerns this week over how data stored on Google Drive may be used during and after customers are actively engaged in using the cloud service. While the TOS for Dropbox and Microsoft both state they will use your data only as far as is necessary to provide the service you have requested, Google goes a bit farther: 'Google's terms of use say: "You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours. When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content."'
Google's motivation (Score:3, Insightful)
Google's motivation, in all that it does, is to index your data an sell you to advertisers. Advertisers are the customers, and you are the product. Android, Gmail, the search engine, Google Drive, Google+, and so on--they all exist solely to index people's data and serve them ads. 96% of Google's revenue comes from advertising. It is their core business.
In fact, that's not actually bad in and of itself, up to the point where it crosses into creepy territory, like in this case. Just by uploading your personal files, you are licensing them to Google to do whatever they want with them. And not just Google--note the parenthetical "(and those we work with)". So you don't even know who is going to be using your personal data. I mean, these policies actually give Google and other strangers the right to publicly display and distribute your files. One wonders if that absolves them from any consequences from security intrusions too, since a hacker getting hold of your files that would count as publicly distributing them, even if accidentally.
I've never bought into the image of benevolence Google always presents to the public, and that's cost me Slashdot karma over the years, but I don't care. It will be very interesting to see who defends this. It would be difficult not to see them as sellouts of themselves, all too happy to trash their own privacy rights, eager to please the advertising megacorp and defend them from attack. Wake up!
Re:Google's motivation (Score:5, Insightful)
They don't sell your data to customers, that would be illegal. They look at your data and use it to build a description of your personality and then they sell the fact that they know your personality to advertisers.
Doesn't explain why they need rights to distribute and create derivative works.
Re:I'm Shocked! Shocked!!! (Score:2, Insightful)
Whoever doesn't realize... deserves to get screwed.
Speak for yourself. Not *everyone* has the background, the experience or the jaded attitude you possess, and it's attitudes like yours (and the entire caveat emptor set) that leave the upcoming (younger) individuals hanging out to dry.
Re:Google's motivation (Score:5, Insightful)
Doesn't explain why they need rights to distribute and create derivative works.
Creating a thumbnail or a document preview would constitute a derivative work. Displaying it on your browser would be distribution.
Re:Google's motivation (Score:5, Insightful)
Because you have the option to share your documents publicly. Creating and sharing a really popular document might warrant automatic translation by Google into other languages so that other regions, too, can read your public document. That translation is an example of Google creating and distributing a derivative work.
I sell "free home automation services!" (Score:4, Insightful)
So here's my business idea:
I want to develop a home automation and integration service. There will be a wide variety of devices designed and built to make people's lives easier. It will vacuum your floors, track/inventory your pantry, refrigerator and freezer, order out of stock foods and supplies based on your rate of consumption and the discards in your waste collection units, organize your closets, manage your TV viewing, secure your home from invaders with our monitoring services. And it's ALL FREE!
All you have to do is allow us to use the information we collect in ways we don't care to detail or disclose.
How does that sound?
Re:I'm Shocked! Shocked!!! (Score:5, Insightful)
OK, well, not all that shocked.
Whoever doesn't realize by now that Google is a marketing agency who makes their money off selling their users' data, deserves to get screwed.
Google makes zero money off selling their users' data. Selling their users data would, in fact, hurt Google's business strategy.
Google makes money off having access to users' data nobody else does. They can tell an advertiser, "we know the people for whom your ad will be most relevant, and no other advertising company has that information." If they were to actually give a list of said users to their client, they'd no longer be able to charge for advertising to those users, because their clients would do it directly.
Re:Google's motivation (Score:5, Insightful)
To be honest, I think anyone that thinks "The Cloud" is secure in any way, shape, or form is an idiot.
Doesn't much matter who's fucking 'cloud' it is, it's just common sense. If you put data on the internet, you're taking a risk in that data being seen by someone else. This is not a new concept.
That's why the privacy hysteria concerning these cloud storage providers cracks me up. Of course there's a risk in doing so. There's a risk in connecting a computer to the internet at all. If that risk isn't a factor in the decision making process of the end user, that's their own fault.
If you want to lock your data in a vault, go rent a fucking vault...but let's not pretend that a person should have any reasonable expectation of a risk-free cloud storage solution. Not gonna happen, not in our lifetimes. We still can't seem to not use passwords like '123456' or 'abcdefg' [computerworld.com] for fuck's sake. You think there isn't some moron at Google or Dropbox or Skydrive or whoever the fuck that's not doing the exact same shit? Come on, now, people.
Slashdot, please quote the whole paragraph (Score:5, Insightful)
When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.
It is incredibly intellectually dishonest to quote only part of a paragraph, without noting the limitation that immediately follows. You can still have problems with the terms (the note on "promoting [and] developing new [services]", especially) Materially, Google's terms seem to be in the same vein as Dropbox's: they need to be able to actually, you know, host your data to be able to actually host your data. But if you want to actually discuss their policies, don't quote them partially out of context. That doesn't help.
I particularly love how people in that article subtly imply that Google is going to sell your data, without actually coming out and saying it (“You have to ask yourself, what’s the business model. If the business model is to make money from a service or money from advertising, that’s one thing. If it’s trying to make money off the sale of data, that’s another thing.” Implying evil behavior is much easier than coming out with an actual accusation: the former requires zero proof.) Google's terms make it pretty clear they can't do that ("You retain ownership of any intellectual property rights that you hold in that content"), and even if they change the terms later, they can still be sued for selling the data since it was uploaded under the existing terms. IANAL, of course, but Google is in enough hot water already that it would be practically suicidal (and extremely stupid) to do that.
Oh, and BTW the relevant quote is from their "Terms of Service". Their privacy policies are an entirely different page, so the headline is incorrect: this isn't about their privacy policies, it's about their terms of service. The privacy policies themselves aren't actually discussed in TFA, although they are referenced.
Re:Article fail (Score:5, Insightful)
The key element in Microsoft's ToS is this.
"You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service SOLELY TO THE EXTENT NECESSARY TO USE THE SERVICE."
Google's ToS - or at least the section quoted there, I haven't memorized the whole thing - doesn't include the same sort of limitation to limiting one service's rights to one service's information. In fact, I remember info-sharing being a big thing they started doing recently!
So as written, could they take my videos from Drive - one of their services - and move it onto YouTube - another service? There's no threat like this from DropBox, Microsoft says "We won't do it", Apple follows MS's example with a limitation "solely for the purpose for which such Content was submitted or made available" - so I'd want to see an equal protection from Google on cross-service usage of my Drive data before I even think about it.
of course, if it's already there, this article is fail.
Re:Indeed. (Score:5, Insightful)
Dropbox:
I have bolded the relevant bit that the biased summary failed to include. It is exactly the same as the Microsoft term above.
No, not it is not. There is a huge difference between Microsoft's (The Service) and Google (Our Services). If Google decided to come out with a new service where they allowed you to search anyones documents on their site, you've already agreed to it. With Microsoft, you have not. Is it a glaring omission in the biased summary? Yes. But does it mean that your stuff will only be used for operating,promoting and improving Google Drive? No. No it does not. When Google collects it and starts distributing your family photos as part of GIS, you've already agreed to it.
More explicit descriptions than others (Score:5, Insightful)
Example: you post a document. A friend in Germany wants to look at it, and asks Google to display the document (which you wrote in English) in her native German. This requires Google to make at least one intermediate copy, leading to a German translation, which would be considered a derivative work, which is then displayed.
Sounds like they've done an admirable job of covering the bases, to me, rather than the shorthand that others use.
Oh, it goes without saying that when you use/visit a website, if you can't find the product being sold, then you are the product being sold.
Re:Google's motivation (Score:2, Insightful)
That's exactly right. Not sure what the privacy advocates are complaining about. Pretty much everything listed in there is required to have a functioning and useful cloud service. As others have pointed out, the policies for MS and Dropbox are almost identical in the relevant parts - they are the equivalent of legal boilerplate. Now, there is some wiggle room here indeed for things to show up in ads, but I can guarantee you that that would result in a huge outcry - kinda like what Facebook experienced when people's profile pictures started showing up in ads. Google might do something that stupid, but in the meantime, even something as weird as "publicly display" might be necessary to run their service. For example, what if I want to set permissions in my google drive to public, or even to something my friends can access? You know, like some real cloud storage? Bam, public display.
So again, privacy advocates are barking up the wrong tree. They shouldn't be talking about Google's privacy policies, but about what it means to live in a world where everyone is potentially connected to everyone else - and this time, literally? There are some huge implications here that we're not used to dealing with.
Personally, I'm approaching this sharing business cautiously. Everything is filtered to friends I actually know in meat space. And if I don't know them, hello pseudonymous handle.
Re:Indeed. (Score:4, Insightful)
You need to take a course in reading comprehension.
Re:Google's motivation (Score:5, Insightful)
..well.. for starters, they're asking for more rights than you usually as a content buyer have.
got an mp3? pretty certain even if you bought it legally that you don't have the right to publicly "perform" it(thanks artist associations and your monopolies!).
they're wording it as a worldwide license for them and their partners to publicly display your data and you're asking why the privacy orgs are barking at them?? wth?? note that they could word the whole service so that it's you who are serving the things to whoever you want by using their service instead of this way of them doing everything.
also I would think this to be a bad choice that opens them to lawsuits, since it's now _google_ doing the re-publishing of the file worldwide if you distribute an illegal mp3 through them.
Re:Fluff piece (Score:4, Insightful)
And anyone claiming that it is unlikely is a fool. Had Yahoo had such a term of service fifteen years ago, everyone would have called it unlikely to be abused at the time. And now, fifteen years later, the company is in such bad financial shape that I wouldn't put such a desperate move past them if it could keep them afloat. There's no reason that Google couldn't eventually end up in dire straits financially someday, and when they do, they'll have your data and the right to exploit it.
Re:Indeed. (Score:4, Insightful)
I use them to store files I don't give a shit about. If they want to scrape my cannabutter recipes and pirated MP3's looking for something to 'monetize', they can be my guest.
The only data they can steal is the data you give them. People aren't powerless victims, here, they're making a deliberate choice to put their files in someone else's control. I don't much give a shit who that someone else is, if you don't want them to see it, don't give it to them to hold.
This is just simple common sense, but it seems like people would rather keep stamping their feet and bitching about how insecure it all is rather than just making the simple decision to not fucking upload sensitive shit to these services in the first place and moving on with their lives. Anyone looking for an impenetrable bank vault for their data via an internet connection is an idiot. The weak point in any security system is the user, and as we all know, users come up with novel ways to compromise their shit every single day. According to a recent study, the most common password in business is Password1 [webpronews.com]. If that doesn't make you think twice about trusting any of these services with your data I don't know what will...
Re:Google's motivation (Score:5, Insightful)
They need to explain it better/more fully.
Unfortunately, their explanation seems to be perfectly clear. As you say, it includes no restrictions on use nor any guarantee of any sort security whatsoever. I expect that the objecting privacy advocates are thinking much the same thing as me: it is implausible that an organisation like Google, which has an army of lawyers and just pushed through a fairly controversial change to its privacy policies elsewhere a few weeks ago, claimed these extra powers anything other than deliberately.
Re:Google's motivation (Score:3, Insightful)
..well.. for starters, they're asking for more rights than you usually as a content buyer have.
Congratulations. You just discovered that corporations have different rights from you, because they have an army of lawyers that can write, argue and rewrite any contract the corporation comes in touch with. You don't.
Since you clearly didn't catch the example I provided for why they need a worldwide license to publicly display your data, let me ask you this: assume you're building a company that stores user content, and allows users to provide access to said content to anyone they wish, including anonymous access. Think maybe flickr. How would you write it? And by the way, when you do come up with an answer, run it by your corporate counsel. If they don't laugh you out of the office, post it here. I suspect it will be remarkably similar to what Google has.
Re:Google's motivation (Score:5, Insightful)
if that's true, then let them ennumerate *exactly* the things they are going to do to your data. wildcard words are good for google but probably pretty bad for the users.
given how creepy this all is becoming, they should start off saying they won't use your data in any way other than X and Y and so on. spell it out and only the things ON the list are allowed. all else, by default would not be. you'd have to state this default disposition first, too.
I won't ever see that from google and so I refuse to use their services as much as I possibly can. (I can't fully not use their services since, when I try to block google domains, many of my other websites that have nothing to do with google stop working. order parts from mouser or digikey and disable google in adblock or noscript? you can't! the vendor goes out to googleapis for this and that. I can't stop that, sadly.)
if you understand what google is about and continue to feed it your data, hey, its your life and if you want to throw your privacy away for cheap isp or network use, that's your decision. I choose to avoid google as much as possible. I see what they are and I choose not to participate with such companies.
Re:Google's motivation (Score:5, Insightful)
Simply encrypt everything you keep on Google Drive...I'll bet a company that came out with a cheap, easy to use tool to automate encrypting all data to/from these cloud storage setups, could make some money off said tool....
not much of a privacy advocate. (Score:3, Insightful)