When your company stores very private info on billions of people, and is actively attacked (sometimes successfully) by the top intelligence agencies of the world[1][2], you have to be extremely careful, and monitor everything.
Economist Joseph Stiglitz wrote in 2009 "...banks that are too big to fail are too big to exist..."
My theory is that the too big to exist theory is now true for basically all the tech giants. Generally, everyone who knows the kind of tracking these companies do (internal and external) agree this is true, except those who benefit from the companies' continued existence e.g. employees, investors, shareholders.
On the other hand, imagine if the data collection never stops and one of the big companies gets hacked, or faces a serious competitive threat making it more likely to sell its data, starts going out of business, or needs to cooperate by sharing its data in return for government favors, or needs to share data to get access to foreign markets etc. I have a feeling this venerable "consumer" is going to learn a painful lesson one of these days.
I think it's reasonable to be suspicious but what they described sounds mostly feasible without extra steps of tracking.
What evidence did they present and how could it be tracked?
- downloaded 9.7 GB of waymo data -> server logs of what files where accessed and downloaded by what user
- searched for special software -> he used google while logged into a work account, so they just looked up that work accounts search history
- Connected external hard drive and wiped data -> Short of automatic backups or something this seems like there is software explicitly for tracking when data is copied, where, and how much
Most of this besides the external hard drive part can be done by any employer who owns your work your gmail account. What really should be alarming is how easy it is for your employer to get lots of data on you even if they aren't some tech giant.
> Most of this besides the external hard drive part can be done by any employer who owns your work your gmail account.
Actually, I think that would be the easiest as I would assume any external USB devices connected to a computer would automatically send an alert to the security team due to how easily they can infect your computer with malware. I'm not sure my company has something like that but we have posters everywhere telling people to never plug external USB devices into our computers so I would not be suprised.
>What really should be alarming is how easy it is for your employer to get lots of data on you even if they aren't some tech giant.
Right? So much for the Principle of least privilege.
Not only is it very well known internally, Google has even open sourced some of the tools that are used for that purpose: https://github.com/google/grr
Still, how can they work in a basically zero trust environment? They can't hope anyone reasonable will come up with some great idea and willingly share it with them.
- went nuclear on Uber/Otto
- revealed what they track internally to all their employees