Title is difficult to decipher, here’s what it’s about:
> A new report on old privacy incidents [2017] suggests that at least one Nintendo leak came from a Google employee showing off private YouTube videos to a friend.
"Nintendo leak: Google employee accessing private YouTube videos" would be clearer. Showing those videos "only" to a friend isn't really that relevant.
The friend is quite relevant. There is no expectation of a video stored on a Google system being private to Google employees, but there is an expectation that they will not take that information outside of Google.
> There is no expectation of a video stored on a Google system being private to Google employees
"No expectation" of it not being available to "some" employees maybe, but there is certainly ways to restrict access to only a need-to-know employees. Ideally no employees at all unless some sort of automated monitoring system flags it or there is an outside report.
Just like some social networks, I would "expect" only security and moderation people would have access to profiles but there are always stories of entire companies having unrestricted access.
It's unclear from the article where the access boundaries are in this case.
There should be auditing of such access as well. Companies need to post videos early in order to be sure they are available as soon as they launch a product. I wonder what kind of insider trading opportunities this has created for Google employees.
The private information is shared with Youtube/Google, so the assumption is that anyone who is an agent of Google is in on the secret. If it must only be in the hands of one or a small group of people at Google, you'd best go to those individuals directly, not through the overarching entity of Google as a proxy.
> so the assumption is that anyone who is an agent of Google is in on the secret
I think there is a difference here between "expectation" and "assumption".
Without the ability to do a third-party audit I agree the only reasonable assumption to make is that everyone is in on the secret and when dealing with sensitive information it should always be the assumption you go with.
However, as an expectation, I expect SaaS and social network providers (and by extension most of the HN crowd) to be better.
There may be a difference, but it seems you have them flipped. It is a reasonable assumption to think that they have controls to limit who is able to see information[1], but one must go in with the expectation that every acting agent has access.
[1] Of course, since you don't know who the individuals are, you still have to place your trust in every single agent that works for the entity you chose to entrust. As such, nothing is gained by restricting access. It remains that if it is important that it be private with only one or a few, you must go to those individuals you trust directly. Granting them private information by proxy will always be subject to man-in-the-middle-ing.
I think you have it backwards: an expectation is a standard (the term is used loosely here) that someone should be meeting. We expect people to do the right thing, but sometimes must, as in this case, assume they are doing the wrong thing.
Applied here, the expected and right thing to do is follow the principles of least access. However, we must assume google is not doing this, because there is insufficient evidence that they are, and there is actual evidence that they don't have sufficient controls to limit who is able to see information.
Right, expectation is the standard. The standard is that anyone who is an agent of the entity you have entrusted is also considered trustworthy. After all, giving full trust to an entity you only trust partially is nonsensical.
However, you make a fair point that it is reasonable to assume that entities you trust are willing to go above and beyond, for various reasons.
> Right, expectation is the standard. The standard is that anyone who is an agent of the entity you have entrusted is also considered trustworthy.
To clarify, I am the second person here telling you that that is not the expectation. The expectation, and/or the right thing to do, and/or "the standard we expect them to meet", is that Google follows the standard security principle of least privileged access, meaning each employee can only access data they need to see, with proper permission acquired beforehand, auditing during, and abuse-detection & alerting afterwards.
Unfortunately, they don't meet this expectation that we have of them. Your own expectations and/or standards might be lower, like you described.
The expectation is placed on the entity the trust is given to. Unless you go to individuals directly, there can be so such expectation on individuals. There may be an assumption that the entity you have given trust to do will "do the right thing" with individual agents, but it there is no such expectation as you have already trusted the entity, meaning that you have already trusted its agents. What have you gained by keeping information away from people you have already entrusted with the information? If you cannot find the trust to give them, why are you giving it?
Your own expectation is covered in the second paragraph of my previous post, I am describing the expectation, which is what I and the other poster have described. You speak of this as an assumption, but you have it backwards: given google's history of failing to meet our expectations, we assume they will continue to fail to do so.
Your question of "why" boils down to asking, What is to be gained by employing the principles of least privileged access, as well as proper authorization, auditing, and alerting? The answer to that question is beyond the scope of this post, but I trust that you understand or can understand the benefits of these principles.
Yes, the expectation is that Google, and therefore its agents, are trustworthy. You would not give them your information otherwise. Who happens to working at Google at some moment in time is irrelevant. You have chosen to entrust an entity with a revolving door of individuals. Absolutely no expectation of who will access the information is defined, fundamentally. If that is important, you must go to the individuals directly.
You might assume that Google will "do the right thing" by working to keep the information away from those who don't need it, but that is entirely up to them. Hell, they might even do that, but then cycle all of their agents through positions where access is needed... In the end, if they choose not to, nothing about the trust expectation has changed.
> Yes, the expectation is that Google can be trusted.
That is your expectation, not the expectation. 2 people have told you what the expectation is. You, 1 person, have shared that you have a different expectation. This is okay, but you aren't speaking for us, or for the majority here, only yourself.*
The expectation is the one that we have cited, nothing less. It's great if they meet your expectations, but that's not good enough for us.*
Speaking only for myself here, I believe there's a reason that the principles I cited exist, rather than 'the company lets any employee access anything with no permission or record of it'.
* – paragraphs void and I am wrong when majority changes: I've gotta listen to the people, too! ;)
No witnessing of a a person telling anything of the sort has occurred. Software has made a suggestion of that nature. Let me ask, software, how has this confusing software as a person managed to occur?
Furthermore, getting back to the topic at hand, expectations in an exchange cannot be defined by an individual. They must be defined and agreed upon by all acting entities. Google has made its end of the exchange clear with no evidence of wavering just for Nintendo, implying that Nintendo shared in the standard list of expectations.
> No witnessing of a a person telling anything of the sort has occurred. Software has made a suggestion of that nature. Let me ask, software, how has this confusing software as a person managed to occur?
It's unclear, but you appear to be accusing myself and at least 1 other poster of being "software", presumably some sort of insult about how our posts are somehow similar to chatgpt output?
its from one of the content moderators. they are all hired and managed through recruiting agency. there was over 10k of us while I was there. and most people are just kids with one week of on boarding doing short term contract. whoever did it is blackballed by biggest recruiting agency in the world. way to get your life crazy difficult over reddit points
A lot of these tank "leaks" are just PDF's of manuals you can buy on ebay. They're restricted but legal to own. It only becomes illegal when you export them to other countries.
I believe what GP is referring to is the Air Force National Guardsman who's going to jail for leaking classified intelligence on a discord server to prove he was right. I don't think it was actually about tanks, just that it happened in a WarFrame discord (or something like that).
Great, "it was only a friend" is the same thing anyone says when caught revealing a secret that was meant to "remain between us". That's a load of horseshit for an excuse.
No, it's not. Typically moderators can view content that needs moderation, i.e. is visible to other users. There is no reason to give them access to all private videos, which are different from unlisted.
Yes it is. You can keep saying "no it's not" until the cows come home, but every single bit of unencrypted content (and possibly well known hashes of encrypted content) is subject to moderation on any large corporate property.
In many states its legal for people 16-18 to work, usually with limitations on hours worked per shift/week an what kind of jobs they can do.
Even then, many older people in the US will call someone 18-20 "kids", even though they're technically adults.
As a US English speaker I took it to mean "a bunch of young and immature people, probably on their first job" when I heard "most people are just kids", not that they're literally hiring 12 year olds or something.
I can't say I know the law in every state so I typically don't say absolutes like that. If that's true, thanks for clarifying/correcting.
Also, it looks like you're right for at least the states I normally deal with. Looking back the first job I had started when I was still 15, I must have just blended those shift schedule restrictions during the rest of my time working as 16-17 as well. So yeah, I guess that's probably true.
Violating labor laws with children is actually really common, and plenty of places DO abuse young labor. It is NOT avoided
Do you think all the workers in your company's call center in some random country are all truthfully 18? Hell, do you think none of them are working against their will?
Some places hiring child labor != all places hiring child labor.
I do agree there's too much illegal child labor going on in the US and around the world, but its a stretch to assume everyone hires child labor.
Otherwise, why won't you stop hiring child labor? You've probably hired someone to do some kind of work around your home at least once, I take it you most definitely hired children then. After all, apparently everyone does it.
Why WOULDN'T mrguyorama hire child labor to do the plumbing around his home or to do his lawn work?!
>Why WOULDN'T mrguyorama hire child labor to do the plumbing around his home or to do his lawn work?!
If I had a lawn and a neighborhood with young children who were bored during the summer, I WOULD hire a child to mow it, and in fact I am hiring a child (girlfriend's younger brother) to watch our cat during a vacation!
Before child labor was significantly stamped out through aggressive labor laws, average people hired child labor all the time. Little timmy was out selling papers, little stephanie selling flowers, Paul was cleaning the chimney, and every other kid was working in the coal mine or textile mill, for absurdly low wages (even for the time!), with absurdly high injury rates, for 12 hour days.
Child labor was HUGE, and if we don't aggressively stamp it out, it WILL creep back into what we largely consider normal. Southern US states are already trying to push laws onto the books that weaken the laws against child labor.
I don't know how to make this more clear: If Youtube could get away with hiring 10k literal children and pay them peanuts to do all the moderation work, they would, conscience and honor and ethics be damned, like they always are.
When companies can get away with it (read: they abide by all laws) why would they not? It is cheaper and money is prime directive number one. Do you actually think companies make money and have a finely tuned moral compass at the same time?
I made the parent comment exactly for this discussion. Do not assume corporations have a moral compass. They do not care and will outsource each and everything if that is cheaper than handling stuff themselves.Why is it chaeaper to pay some people to get the law on your side than actually start doing normal human moral behaviour? Why can they actually outsource responsibility at all? Strange planet we live on.
Related side note: I've always had a suspicion that one of the ideas I was working on using Google Colab was viewed by an employee and leaked, because someone wrote a blog post with the exact same idea (very niche) before I got round to releasing mine (I ended up not bothering due to being gazumped), and a Google Colab employee tweeted that blog post. (Puts on tin foil hat.. I stopped using Colab after that.)
While it says that your personal data may be seen by human reviewers to troubleshoot, address abused or make improvement based on your feedback, it does not mention that your data will be used to generate ideas for blog posts.
They seem to be making a big deal out of nothing. These are all cases where someone did something, it was reported/discovered, and it was investigated and handled by security/global investigations.
This sort of thing is extremely bad news for Google.
One of the open secrets about how advertising works in the modern era is that brand synergy demands planning years in advance. Google employees, back in the day, could see the marvel cinematic universe release plan out to several years if they knew where to look, as well as console launch dates, major product releases, and other things of that nature. This is because the advertising sector has high-touch, high-value customers, and those customers expect their marketing plan to go off without a hitch. So Googlers have to make time and schedule things like DiRT testing and new feature validation sensitive to those schedules; Warner Bros isn't going to want to hear it if their Superman ad dropped 2 days early because a feature flag was misconfigured.
When Google was smaller, this was fine. But as a 100,000 person company, I believe it is completely infeasible to expect every Googler to keep those secrets. At those scales, you can't really even use the threat of firing to maintain secrecy because you can't really guarantee that the person who's going to replace the fired one is going to be more loyal. So inevitably, either Google locks down its internal infrastructure (turning it into a company other than the kind of company it was in the past), they cap their employee growth (which implies capping their growth in general), or they start losing high value customers who can't trust them to keep a secret.
In practice, they are definitely doing the first two to some extent and that is changing the flavor of the company internally. Part of the secret sauce of old Google is it didn't keep secrets from itself.
Well that's what happens when you put a McKinsey shrill at the helm and let them go on a mass hiring then mass layoff spree while bending a knee to activist investors to lower wages. You end up with employees who dgaf.
From my experience with any kind of work that concerns interesting, private (multimedia) data, all of it will be used and abused by employees. I once worked on the backend for the tax return calculations and people there were just looking up anyones private (financial) data left and right, e.g. to see how much their dates were making, where they were living, when exactly they were born, etc...
Pretty much all these sites can view every bit of content you submit to them for moderation purposes. Many of them state your data can teach learning models.
If you really want it private, you don't want it on the cloud/social media sites.
People know what "private" means. If a company calls something private, but it isn't, then they're the ones who need to reconsider what it means, and call their service something else.
A general rule is people don't know shit when it comes to legal definitions. When you have a video it's private to you. When you give that video to a friend it's 'private' between both of you. And when you put a private video on youtube it's 'private' between you and the conglomerate entity of hundreds of thousands of people and all their contractors called Google.
Now the contractor did break the rule and shared it, but your idea of private as no one will see it is the broken expectation.
Yes, indeed, people do know that when I say "I have some private information to share with you", it means I am going to let another party in on the secret.
Articles like this and the endless stream of hacks & leaks are important reminders that there is no such thing as computer security. If your data is on a networked computer, you should consider it semi-public.
There absolutely is for anyone who cares to use it. That sort of defeatist mindset is super counterproductive, and ends up putting more people in harm's way.
We're talking about people choosing to upload unencrypted content to a cloud service that is obviously publicly available. The security/privacy properties of this action I think should be obvious even to less technical users.
Sysadmins are also people. Also I've been pushing for informative security scoring for publicly used services for over a decade. If you're in the field, it's pretty obvious which services are at high risk of being breached, but that really should be something more accessible to the general public, like FDA letter grading for restaurants.
> There absolutely is for anyone who cares to use it
> Sysadmins are also people.
is it your contention that the sysadmins at those organizations don't care about computer security? Or that users are responsible for knowing whether their organizations' sysadmins care about computer security?
I mean how many times have we seen people leak military information on world of tanks (or whatever). These people know they'll get court martialed and still do it anyway. These people doing moderating are getting paid near minimum wage to look at the worst things on the internet, you can blame the individual, but the entire moderation system is setup with cheap contractors they burn out and replace at high rates. Systemic failure is guaranteed.
> A new report on old privacy incidents [2017] suggests that at least one Nintendo leak came from a Google employee showing off private YouTube videos to a friend.