Gootube

[Blink]

Your point is hypocritical because you haven't looked at any other online site or service that you use. Particular this one. I've brought up my privacy concerns of this with Blink and he has far more relaxed standards of your privacy than Google (and Microsoft and Facebook and Yahoo and almost every other forum I've used out there). In fact, Blink pretty much told me that he didn't care about my privacy concerns and that I didn't need to be a part of this community or website. And keep in mind that you're on a website where no one respects anyone's privacy or personal property. Why are you complaining here? Who are you going to convince that your privacy is important? If you're going to stop using Google because of "privacy" concerns, you might as well stop using this forum.

Wait what?  When did I tell you I didn't care about your privacy concerns?  How did I get into this conversation.

From what I remember from over a year ago, you said something about how you wanted me to include a way to disable putting in your location when you sign up.  I told you that you could hide it from the world map and nobody would see it, or just put in a false location.  Not implementing your suggestion was more of a "i don't know how to code that" rather than a "i don't care about your privacy concerns".

[exchliore]

Wait what?  When did I tell you I didn't care about your privacy concerns?  How did I get into this conversation.

From what I remember from over a year ago, you said something about how you wanted me to include a way to disable putting in your location when you sign up.  I told you that you could hide it from the world map and nobody would see it, or just put in a false location.  Not implementing your suggestion was more of a "i don't know how to code that" rather than a "i don't care about your privacy concerns".

I can pull up the AIM Logs if you wish. But from what I recall you said that it wasn't going to change and you didn't think it was a big issue and that I shouldn't care about it. Then you offered to delete my account. Not sure if you did anything about the SQL injection though, I've never checked a second time to see if you patched it.

[Blink]

I can pull up the AIM Logs if you wish. But from what I recall you said that it wasn't going to change and you didn't think it was a big issue and that I shouldn't care about it. Then you offered to delete my account. Not sure if you did anything about the SQL injection though, I've never checked a second time to see if you patched it.

I offered to delete your account because you were concerned about your information being kept on Hard Drop.  I still don't feel it's a big issue, just put in a false location if it bothers you that much.  I think it isn't a really big issue for you either because you're still here despite nothing being changed since our conversation over a year ago.  As for SQL injection, you never told me that HD had a SQL injection problem.  You only told me that many sites are vulnerable to it and that I should watch out for things like that.  If there is though, let me know so I can hire someone to fix it.

The 3 things I remember from our conversation, I'm on AIM if you want to refresh my memory:

1) you wanted me to disable signup locations
2) you wanted me to make sure the site was not vulnerable to SQL injections
3) something about the privacy policy and how it was written, incase I got sued or something.

[exchliore]

I still don't feel it's a big issue, just put in a false location if it bothers you that much.  I think it isn't a really big issue for you either because you're still here despite nothing being changed since our conversation over a year ago.  As for SQL injection, you never told me that HD had a SQL injection problem.  You only told me that many sites are vulnerable to it and that I should watch out for things like that.  If there is though, let me know so I can hire someone to fix it.

Well, we had a pretty lengthy discussion about the privacy policies of this website in general, and you seemed to have a don't care attitude for most of the privacy issues, if any. I told you to check your website for SQL injection, and I believe you had a few vulnerable fields back then. I ended up just stuck in bogus information into my profile and went on to more important matters. It was a while ago, and the site's changed a lot. Who knows if you still have vulnerabilities. I guess the question is, if I pointed them out to you, would you be able to fix them?

[Blink]

I guess the question is, if I pointed them out to you, would you be able to fix them?

Yes, by hiring some people.  Let me know if you can SQL injection to retrieve another member's password or something, as I would agree this would be a huge security risk.  I am using a heavily modified premade script to run the website, and I haven't heard about any sql injection problems with this particular script.  I'm aware that sites can be hacked or things like that, so if you can find some holes I think it would be better to fix them now than when it's too late.

Also - let's leave this thread to get back on topic.  Talk to me in PMs or AIM.

[exchliore]

I offered to delete your account because you were concerned about your information being kept on Hard Drop.  I still don't feel it's a big issue, just put in a false location if it bothers you that much.  I think it isn't a really big issue for you either because you're still here despite nothing being changed since our conversation over a year ago.  As for SQL injection, you never told me that HD had a SQL injection problem.  You only told me that many sites are vulnerable to it and that I should watch out for things like that.  If there is though, let me know so I can hire someone to fix it.

The 3 things I remember from our conversation, I'm on AIM if you want to refresh my memory:

1) you wanted me to disable signup locations
2) you wanted me to make sure the site was not vulnerable to SQL injections
3) something about the privacy policy and how it was written, incase I got sued or something.

Really, my main point in this thread is, if you got a subpoena for data, would you fight it (costs lots of $$$), or would you just turn over your database like most other companies out there. Also, from our conversation, you barely even have a privacy policy (you still don't have one), in fact, I believe that I told you to just change it to move responsibility onto the users in your privacy policy instead of being responsible for them yourself. Which I'm pretty sure you did.

[Edit: Essentially, From what I recall, the privacy policy was changed to say that users are responsible for whatever information they submit and you cannot be held liable if anything is done with it, is the privacy policy still on here?]

[Blink]

Really, my main point in this thread is, if you got a subpoena for data, would you fight it (costs lots of $$$), or would you just turn over your database like most other companies out there. Also, from our conversation, you barely even have a privacy policy (you still don't have one), in fact, I believe that I told you to just change it to move responsibility onto the users in your privacy policy instead of being responsible for them yourself. Which I'm pretty sure you did.

[Edit: Essentially, From what I recall, the privacy policy was changed to say that users are responsible for whatever information they submit and you cannot be held liable if anything is done with it, is the privacy policy still on here?]

If I got subpoena'd for a Hard Drop member's data I'm fairly certain I wouldn't fight it out in court.  I don't have the money, and this site makes no money for court fees.  

The privacy policy is a link down below, or here: http://harddrop.com/pp .

Anyways, let's take this conversation to PMs and let the thread get back on topic.

[exchliore]

Really, my main point in this thread is, if you got a subpoena for data, would you fight it (costs lots of $$$), or would you just turn over your database like most other companies out there. Also, from our conversation, you barely even have a privacy policy (you still don't have one), in fact, I believe that I told you to just change it to move responsibility onto the users in your privacy policy instead of being responsible for them yourself. Which I'm pretty sure you did.

[Edit: Essentially, From what I recall, the privacy policy was changed to say that users are responsible for whatever information they submit and you cannot be held liable if anything is done with it, is the privacy policy still on here?]

So here it is:

http://harddrop.com/pp

It's short and unchanged from our discussion in 2009. It doesn't cover what happens to your data if anyone asks for it finds out about it. It also doesn't relinquish liability if anything happens to it (which was one of the main points of our discussion). What you do with the data, I'm never sure. There's still lots of questions that are kind of open. If you can't implement new features or fix bugs, how are you able to use IP information to fix problems? It's still a pretty shoddy privacy policy and if I ask about your security policies, like what is the procedure if your database is hacked? Would you have one? Probably not. What are your policies for retaining user data? How are you ensuring that our data is safe and secure?

Nevermind what actually gets discussed on these forums. Let's face it, few people here here have any respect for personal privacy and the such. Jujube is singling out Google's privacy issues on this forum and he's going to boycott their services. It's super hypocritical.

[Edit] We need live posting so we don't overlap conversations. But ideally, my point is, Google's pretty safe and secure and cares about privacy, in comparison, there are many other sites that aren't nearly as vested in keeping your information safe.

[Edit] I'm going to keep editing. Here's a very controversial case: http://www.techdirt.com/articles/20090924/1705386309.shtml
If you're going to boycott Youtube because of Google, you might as well move to linux and lock down your router.

[myndzi]

i had heard of things like keywords in email being used to target ads http://mail.google.com/mail/help/about_pri...#scanning_email and complaints from many countries about private data collected for StreetView http://www.bbc.co.uk/news/10278068, so i don't trust the company, and it bothered me even more when they required me to use a google account to login to youtube.

There's been a lot posted and I'm not going to read it all right now, but I'd like to respond to these specific items.

Your first link pretty explicitly contradicts your concerns. They are saying that their software does things that plenty of software does, and that it isn't done in a way that reveals the contents of your e-mail to humans, or even stores information about the contents of your mail.

As for the street view fiasco, look at this from the point of view I talked about before: a bunch of smart guys doing cool stuff without exhaustively considering repercussions. From the moment I heard about this, my point of view was that it was likely related to location awareness with regards to nearby access points. I don't know if they planned to use wifi location as an alternative to GPS or what. There is, however, a pretty good writeup of how and why such information would be collected accidentally that makes plenty of sense:

http://erratasec.blogspot.com/2010/05/tech...-view-wifi.html

[jujube]

exchliore- it's a serious headache when you take what i've said out of context. it's as if you quoted my post and replied without reading the original with what i quoted of your post. and on top of that you changed the structure of what i posted. my post was quote->response->quote->response and you mixed my responses from different quotes. i'm not going through this again. i'll respond to everything in your last post to me and i'm done. if you feel the need to reply go ahead.


you "I think youtube was the #1 online streaming site in the US when Google bought it. Also, it was all over the newspapers too. I can't help it if you don't read the news on a regular basis. I've gone to youtube several times today and I was not forced to log in to consume any content, so I'm not sure where your problem lies. In my opinion, it is more of an inconvenience to remember 2 log in credentials (I can continue into how this is more secure and protects you as well).

But if you're going to be angry at this, again, why don't you look at multiple other companies out there? This is hardly even a special case of one company owning another and it is common practice to do something like this as well (buy up small company, merge that company into your system)."


i don't think it's necessary to insinuate that i'm stupid or ignorant. i do read the paper, and while i believe youtube is 'far and away' the biggest today i also happen to 'think it was' the biggest then. i don't see a conflict or how this defeats my point. i don't think google wanted to require you to use a google account at that time because it could have scared people off. again my problem lies with google's policies as a whole. you're implying i've never had an issue with google and all of a sudden because i found out they own youtube i think they're evil. i've already explained why i have a problem with google, and why this google login on youtube was the last straw for me. i understand i can make a separate google account for youtube but i don't want to support anything google.


me "i had heard of things like keywords in email being used to target ads http://mail.google.com/mail/help/about_pri...#scanning_email and complaints from many countries about private data collected for StreetView http://www.bbc.co.uk/news/10278068, so i don't trust the company, and it bothered me even more when they required me to use a google account to login to youtube. if i had known they owned youtube i would have left already. now that i've learned even more about google i'm completely satisfied with my decision."

you "Can you explain exactly how this infringes my privacy? I don't care about technical details, just let me know how my privacy is being infringed through this link. Maybe you should look at how other companies manage their email systems (Yahoo, Microsoft, etc.). Maybe you should read about the evercookie."


well, the 2nd link i just gave which you quoted has a lot to do with my distrust. it was a serious privacy issue. the 1st link which you responded to is a much milder case but still bothered me. i read about the evercookie but i don't see how that's relevant here. i understand it's a privacy issue but i don't understand how its existence makes google look any better. obviously i wouldn't want an evercookie. i also don't want to support google.


me "you guys talk about the good they've done with providing convenient services, and that's fine, but to me it doesn't negate their shoot-first-ask-questions-later pattern of conduct. i don't believe they were unaware they had collected data illegally from 30 countries before they figured out the problem. sorry. they can apologize and cooperate with investigators as a sound business decision though."

you "I actually haven't said anything about the good they've done with providing convenient services (in fact, I wish they would fix certain bugs in their system that they refuse to recognize). I don't know why you are against having a second google account for youtube (it's kind of just like having a google account and a youtube account)."


you're right, you didn't say that.


you "My biggest gripe with your sources is that they're weak."

me "sources from the wikipedia article i linked include the new york times, LA times, bbc, cnn, and reuters. privacy international is a non-profit global privacy watchdog and trusted source of the bbc."

you "And some real strong sources that refute your sources could be:
http://googleblog.blogspot.com/2006/03/jud...ries.html"

me "no."


as in no this is not a real strong source, this is a blog. a blog by google no less. this section had an obvious continuity in my post. you criticized the sources i listed so here i denied the validity of this and fyi i didn't even click on it. then you responded with this:


you "Why? Google refuses a subpoena of their data and you think they're still turning it over to the government? Do realize that most other companies will just turn over your information when it's subpoenaed (even in mass), but Google is willing to spend money (and not a trivial amount) to protect its customer data. Do you just blindly think that Google is harvesting your data for the government?"


which i can only assume has something to do with the blog. google is willing to spend money on lots of things. i think google doesn't need to harvest anything beyond user account info and maybe search queries. i would criticize google for harvesting anything beyond that in the first place.

i did however respond to your nytimes source.


you "http://www.nytimes.com/2011/02/13/business/13search.html"

me "well looks like google needs a more robust automated system for fairly ranking pages."

you "I don't understand, they currently have the best (or the most used/proven) system, and you want better? Are you complaining that the best is not good enough? The way you state your response makes it seem like you can come up with a better way for their page rank software (which is constantly tweaked to prevent gaming the system like what happened in the article). I hear that Google is hiring this year, maybe you should apply and tell them you can do it better."


this was a fair comment that didn't deserve a hostile response. i'm sure google would also like a better system. it would be to their benefit. i can't help if you wouldn't see my comment this way. just because i don't like some things about google doesn't mean i can't be neutral on other things. i just opted to respond to the nytimes link over the google blog link, and that was all i had to say.


me "that and they need to stop worrying about moms seeking advice on raising their children.

http://www.wsgr.com/attorneys/NEWBIOS/PDFs...tart_google.pdf (page 3) it may seem trivial to you but it's offensive to me on many levels."

you "I don't get this link... First of all, the judge notes that, "[t]his disposition is not designated for publication and may not be cited" and then he goes on to, "grant the motion to dismiss..." Not only that but he goes on to say that "[t]he motion to strike will be denied as moot."

Did you read this motion at all and how the lawsuit was trivially moot and there was nothing proving that Google had infringed on anyone or anything?"


this was a mistake. while i knew google won the case, i misinterpreted "Google does not generally inform Web sites that they have been penalized nor does it explain in detail why the Web site was penalized" to mean there was an admission by google of penalizing kinderstart but under lawful pretenses, when in fact i can't find any such admission after reading more thoroughly. i felt i had a valid personal criticism regardless of the legal implications of google penalizing a site like kinderstart but i guess it's irrelevant.


you "Your point is hypocritical because you haven't looked at any other online site or service that you use. Particular this one. I've brought up my privacy concerns of this with Blink and he has far more relaxed standards of your privacy than Google (and Microsoft and Facebook and Yahoo and almost every other forum I've used out there). In fact, Blink pretty much told me that he didn't care about my privacy concerns and that I didn't need to be a part of this community or website. And keep in mind that you're on a website where no one respects anyone's privacy or personal property. Why are you complaining here? Who are you going to convince that your privacy is important? If you're going to stop using Google because of "privacy" concerns, you might as well stop using this forum."


it's not hypocritical at all to criticize google for their practices, if other companies aren't even involved in things of the same nature. as i've said before for me it's an issue of trust with google.

i just read more recent posts so i don't want to bring up harddrop privacy. as for other sites, i'm sure many are unsafe. i think you could help everyone by providing more insight on that. as for why i'm complaining about google here, it's because i can. it's certainly ok for you to oppose me, just try to be more respectful about it. i'm not asking that as a mod, just a person. again i'm done responding to you but if you have anything to add i'll read it.

myndzi- i'm not aware of other email services that use snippets of outgoing messages for purposes of generating ads. and to me the ads are a constant reminder that you are in fact being watched, whether it be by a human or machine, and it doesn't sit right with me. maybe other people aren't bothered by it. it's really the principle of it for me.

that StreetView theory is definitely plausible and i can't dispute it. my main issue is how widespread the problem became before it was officially recognized. i still find it hard to believe that it couldn't have been discovered much earlier.

[arf]

Google is awesome. Everyone wants to work for google. Google employees have awesome benefits. I give my two thumbs up to google--they can have all my information because I trust them.

[Spirale]

dailymotion is a French company