> It sounds like you're hoping for this as evidence that you were right to be concerned; have you considered that you might be wrong?

An alternate interpretation is that if a massive breach of trust is intentional then it would be better if it happened sooner rather than later.

> What if your coworkers are right...? How would you determine that?

That is a pretty classic appeal to popularity; what most co-workers believe is not evidence of anything in this case. If they are right, they are right. If they are wrong, they might be a self-selected group of the people who don't see a risk for what it is.

At any rate 'the risk' is a bit vague, but moral panics and witch hunts are things that happen. When the tech companies get involved in one, which will happen, it could be very nasty. There is clearly some sort of new risk here making it easier to quickly and accurately identify minorities. Even ignoring rogue employees finding creative ways to use data to enrich themselves.

>It sounds like you're hoping for this as evidence that you were right to be concerned

Not at all, if the constant security breaches and lack of response from consumers, regulators, companies, etc. isn't enough evidence for you that there is a serious problem then you fall into the group I'm describing

What constant security breaches? There are two major examples of security breaches I can think of that happened recently at amagoofaceoft: mis-stored passwords (fb/insta, and google for a short period earlier this year), and variants of the Cambridge analytics attacks, which steal public information but at scale. While those certainly aren't good, I wouldn't classify either as a security breach. The first was a loss of defense in depth, and the second, like I said, just got public info, but lots of it.

Are you saying that breaches at other companies mean we shouldn't trust the big ones to be secure? Like because Equifax has terrible security practice, google by definition must also have bad security? Or...what?

(I work at Google).

Breaches was probably the wrong term to use in my example, as it brings attention to the wrong issue. The point I am trying to make is not that we shouldn't trust large companies to be secure as you say (although based on my experience with enterprise infosec I wouldn't be surprised if a majority of companies handling/storing personal data don't have appropriate security controls enforced).

The point I am making is that many large organizations such as Google and Facebook are performing worldwide, largely unchecked mass surveillance with data collection and analytical capabilities far beyond what is available to the majority of the world, and people simply don't care despite how knowledgeable they are about technology. There's also little to now way to escape it as Google and Facebook technology is so ingrained in the existing internet. While Google may not have poor security practices and may never experience a breach where data is stolen (although again I highly doubt that), as far as I'm concerned Google itself, as well as Facebook, are malicious actors in my own life and personal opsec as a huge portion of their business model is based on collecting and monetizing user data by any means possible with little to no concern for the negative impact on users such as mental health problems.

Frankly, I don't like companies that make money spying on people, particularly those that abuse psychological techniques that make it more difficult for people to make informed decisions or choices about the technology they're using.

Beyond that, these technologies are sold/rented or otherwise provided to governments, law enforcement and intelligence agencies, dictators, authoritarian regimes, and others that can and are being for personal gain.

So no, I don't believe we should trust Google, but not because other companies have experienced data breaches. That is just one of the many reasons I believe people should value their data and personal privacy far more than most do

I find it funny that I often get defensive questions from Google and Facebook engineers about their technologies/organizations when I post initial pro-privacy comments on HN, but after being called out and explaining in more detail I never get a response. I guess there's no point for them to argue it further as they're aware of the negative impact, but have made a conscious decision to choose money over morals

You said they have constant breaches, then immediately recanted when asked for details. Your argument which got no reply was an idealogical argument which appears to be constructed to shut down debate (they shouldn't be trusted because you don't like them) as opposed to lead to a meaningful discussion. You even threw out the casual line about them not having poor security and breaches, invalidating your argument in the post they replied to.

In other words, they seemingly care about whether the technical argument has merits. Once it's clear that there's no technical substance and it moves on to your personal crusade against modern companies, people lose interest.

Disclaimer: I don't work anywhere near the companies in question

>You said they have constant breaches, then immediately recanted when asked for details

No, I didn't, go back and read again

>Your argument which got no reply was an idealogical argument which appears to be constructed to shut down debate

It wasn't meant to shut down debate. If he wants to argue the ethics of spying on people and using psychological tactics for financial gain I'd be more than happy to discuss

>You even threw out the casual line about them not having poor security and breaches, invalidating your argument in the post they replied to

Again, no I didn't. I never said google had poor security or breaches, and I clearly stated that was just a generic example I used which brings attention to the wrong things, as demonstrated by you focusing on "breaches" rather than the point I was really trying to make and elucidated in my reply.

>In other words, they seemingly care about whether the technical argument has merits. Once it's clear that there's no technical substance and it moves on to your personal crusade against modern companies, people lose interest.

That's the entire point, and why I regretted saying "breaches". You are focusing 100% on the wrong thing. The problem that I have is not a technical argument about whether or not breaches could occur

As the original person, this almost exactly. I can totally understand why someone might hold those opinions. I don't share them, and argument won't be productive. Litigating values doesn't get anywhere.