Google Leak Reveals Thousands of Privacy Incidents (www.404media.co)
from misk@sopuli.xyz to technology@lemmy.world on 03 Jun 2024 17:25
https://sopuli.xyz/post/13396718

#technology

threaded - newest

misk@sopuli.xyz on 03 Jun 2024 17:25 next collapse

In case of paywall: archive.is/…/google-leak-reveals-thousands-of-pri…

brbposting@sh.itjust.works on 03 Jun 2024 23:23 collapse

Thanks.

I will say, it’s a softwall / email or content gate / whatever this is called…

<img alt="" src="https://sh.itjust.works/pictrs/image/146c978f-7e89-443c-b404-55bf3f2d3363.jpeg">

and I did happily give them an anonymous email address that forwards to my own. 404 killing it! Independent and breaks great tech stories.

demonsword@lemmy.world on 03 Jun 2024 18:09 next collapse

testing out stuff in production can be dangerous

unconfirmedsourcesDOTgov@lemmy.sdf.org on 03 Jun 2024 19:58 next collapse

It sounds like someone got ahold of a 6 year old copy of Google’s risk register. Based on my reading of the article it sounds like Google has a robust process for identifying, prioritizing, and resolving risks that are identified internally. This is not only necessary for an organization their size, but is also indicative of a risk culture that incentivizes self reporting risks.

In contrast, I’d point to an organization like Boeing, which has recently been shown to have provided incentives to the opposite effect - prioritizing throughput over safety.

If the author had found a number of issues that were identified 6+ years ago and were still shown to be persistent within the environment, that might be some cause for alarm. But, per the reporting, it seems that when a bug, misconfiguration, or other type of risk is identified internally, Google takes steps to resolve the issue, and does so at a pace commensurate with the level of risk that the issue creates for the business.

Bottom line, while I have no doubt that the author of this article was well-intentioned, their lack of experience in information security / risk management seems obvious, and ultimately this article poses a number of questions that are shown to have innocuous answers.

ItsComplicated@sh.itjust.works on 03 Jun 2024 20:00 collapse

In my unpopular opinion, most of the information collected is unnecessary and should not be allowed. Then there would not be anything to leak. Of course this will not make big tech more profit so, who cares…