I was in charge of data security and privacy at Pebble among other things. I fought hard against data science teams having access to PII. It made me few friends but considering the data could reveal health issues I regarded it as health data even if it technically legally is not at the moment.
We were bought by Fitbit which operated with almost complete disdain for any attempt at security or privacy that could slow down operations. Anybody who wanted paintext access to user data seemed to get it without delay. Security and privacy were not among the things that created shareholder value so every issue I discovered was permanently backlogged.
It was depressing seeing all the data I fought to hard to protect be absorbed into a machine that would sell it off to the highest bidder, or shrug when it got stolen by a blackhat. I quit 3 months before my golden handcuffs would have kicked in because it felt too unethical to keep working there.
Then of course all the data was sold again, this time to Google. No Pebble user ever consented to their health data being sold to Google, but all of this is legal.
You're a step too far with your assumptions. I'm a Googler. I've noped away when Pebble sold to Fitbit. But seeing from the inside how Google treats user data, I'd be 100% ok with the data going to Google instead.
I just can't imagine how you would think that others will just ignore Google's history of violating it's privacy promises.
>In today's Big Tech antitrust hearing in front of a Congressional subcommittee, representative Val Demings questioned Google CEO Sundar Pichai about the company's merger with DoubleClick.
Specifically, the way Google combined data from the advertising company -- bought in 2007 -- with Google's own data. Founder Sergey Brin had told Congress it would not combine the personal information, but the company quietly did so in 2016 anyway.
>Google’s privacy policies as of March 1, 2012 established that no combination between DoubleClick’s advertising data and Google’s personally-identifiable information would take place without the prior consent of its users, but an updated version of those policies subtly allowed the integration of both databases regardless of prior consent of its users
I think the parent is implying Google is better than Fitbit, rather than Google doing everything correctly. If the grandparent’s comment is correct, then I have no trouble believing Google will be an improvement.
Google is a large company. You know how your team treats user data, but it would be difficult to have visibility into what all teams are doing. It only takes one or two to ruin user trust for years.
Sort of? Unusually for a company of this size there's a ton of standardization and cross-company consistency. In this case, I believe the whole company (aside from very recent acquisitions still being migrated) used the same logs access framework.
I think this is part of why Google has earned itself a reputation for killing things: if you require everything to use the same set of internal systems, and can't just leave old projects limping along on a fork of a deprecated system, the cost of keeping old things around is higher.
I cannot speak for my employer, but I can speak in general terms that I agree that companies of this size have processes to try to avoid this kind of thing from happening. This is true at Google scale but also true once your company passes a certain size+age, although of course it can continue to mature.
The thing is that these processes don't actually work, because in the end someone is going to do something dumb anyways and you really can't stop them. The same way your processes aren't going to stop an outage, someone is going to correlate data they shouldn't and somehow lack the tact to go "hey maybe I should not be doing this". Often various pressures will make it seem like something they should do. And when they do it they will cost the company an incalculable amount of user trust, to say nothing of the irreversibility of a privacy incident. Someone will do a writeup of it after it is discovered by the press but at that point the damage is done.
(FWIW, I'm not even including the stuff that goes on with executive approval, where they make decisions on how likely they think they are going to be discovered and sued for large amounts of money. Of course this would bypass any policy…but it's usually kept under wraps for obvious reasons.)
Paradoxically, trust-ruining incidents is what makes Google trustworthy. There's a strong postmortem culture. "We messed up, what systems and processes are now needed to never mess up like this again?" I hear that's also reinforced by how legal achieves settlements. And usually it's one team messing up, but all of Google being in scope of the remediation.
This has the downside that the number of organisations that need to approve any launch ends up being borderline overwhelming. This is a big part of why it takes so long, if at all, to get Google products outside the US. Another implication is needing the expensive security org and culture.
Are we talking about the same Google who empowered blanket keyword search warrants?
You could argue they had no choice, but I could argue that they had the choice to allow search history to be end to end encrypted and/or anonymous. That is if their business model did not rely on selling plaintext PII.
Yes, because Google’s advertising based revenue model provides the right incentive scheme to discourage use of personal data to increase revenue and profits?
But will Google respect this agreement? If the expected fines are lower the the value extracted from the data or if they can drag the eventual lawsuits for a long time, I'm pretty sure they will just exploit that information anyway.
A whole lot of the world uses google but isn't under EU law (I'm in the USA and EU laws don't mean anything here) so how would that protect the rest of us?
Can you expand a bit on the quality of Google's internal practices with user data? eg what would an engineer on Google Photos need to do to be able to access my photos, if possible at all
In general, SWE/SRE do not have access to user data. SWEs just have no prod access at all, and SREs generally only have the ability to run signed binaries with code that has been code reviewed and submitted, though there are obviously break glass features with auditing. Though I am not super familiar with them.
ML is where things tend to be a little bit more grey overall since being able to look at data is very useful for development, so some things are scrubbed for PII, but then accessible in some form. But for things like GMail or Photos, I would assume nobody (including ML engineers) can read your data as these are basically impossible to sanitize.
Some products have systems train ML models without engineers seeing the data, e.g. spam filtering, even when the underlying data is considered sensitive.
Basically all the data is available with no oversight if you ask permission and have some allusion to a relevant $JOB reason to need it.
The fairly recent case of people's private conversations being shipped out to basically unvetted contractors for labeling and analysis (and subsequently leaked) should serve as sufficient evidence that "shit happens," and if private conversations without having even initiated an interaction with your Google devices are being tossed around and leaked, forgive me if I don't believe that when producing the tagging, timeline, and album features in Google Photos there wasn't some underpaid, unwatched contractor snooping through my photos without my permission.
I believe I can share an anecdote: a while ago I have uploaded a bunch of photos of a work event to the corporate account. This being corporate, it runs pre-release of everything. The gallery managed to hit some bug in the jillions of lines of Javascript, which I never cared to understand.
I reported the bug. Knowing how security works technically, I added to the bug the words "I'm happy with whoever works on this to take a look at the gallery, here's a world-readable sharing link". A couple rounds of bug comments later, I have been asked to sign a legally binding consent form allowing an engineer to look at the gallery. Then somehow they decided I need to sign a different form to satisfy whatever other legal spirit needed appeasing. Only then someone finally looked at the bundle of photos. They figured out whatever was triggering the bug. They generated a gallery reproducing the bug with generic sample images. Whoever worked on the bug and adding a regression test worked off that synthetic gallery instead.
My concern—and I think what everyone's concern should be—is not that Google employees have access to my data. Or even that it's used to train ML models. It's that my data is sold to advertisers via a shady behind-the-scenes marketplace, and later used to profile me in order to show me content that manipulates me into spending money.
And that, moreover, I get none of the profits from these transactions, and have no control over whom it's sold to and under what terms.
Data is divided into many different logs, with engineers having access only if it's needed for their role. Access can be at the per-log level or the per-column level: working on Ads JS I had access to raw frontend logs, but I didn't have access to the identities of the users sending those queries (if I'd needed that for a project I could have applied and had my need reviewed). Every few months you need your access renewed, so if you've switched roles you stop having access. What queries you run are logged, and I believe there was some sort of random auditing of those logs to make sure people were running queries that made sense, though I never interacted with that part.
So basically very primitive security compared to say how banks are handling client data in jurisdictions like Switzerland (one of my daily tasks). The fact that dev can have access to PROD logs just by himself unsupervised (even if for obviously good reasons from his/company point of view) is a big fat red flag.
That all mentioned here clearly means google doesn't have data privacy at the core of their priorities and this won't change unless forced by fines/regulation, just like banks. Slightly disappointed when reading this, but I guess I shouldn't have expected more.
> The fact that dev can have access to PROD logs just by himself unsupervised (even if for obviously good reasons from his/company point of view) is a big fat red flag
What's wrong with granting engineers access to PII-less logs[1] by default? How does that compromise privacy?
I'm willing to bet your bank differed on the following ways from Google in absolute numbers and per-engineer:
* handled significantly less requests per second - at least 2 orders of magnitude - therefore lower log volumes
* shipped less changes to prod per unit time, so fewer problems to investigate
1. No IP client address, raw session id or username
It doesn’t matter. When we talk about “having access to user data,” we’re talking about a humans being able to look at, I.e, the user logs of a former lover and doing something bad with it.
But that’s not the real danger of Google having this data. The danger is in ML. Google’s entire business model is predicated upon using information about you to change your behavior, and to sell on the market predictions of your future behavior.
> It doesn’t matter. When we talk about “having access to user data,” we’re talking about a humans being able to look at, i.e, the user logs of a former lover and doing something bad with it.
Google is one of the few companies known to have caught, fired, and officially publicly named an employee who did something like this:
Most tech companies about which people don't routinely raise this type of concern have far weaker security controls against (and detection systems for) this threat model than Google does.
That said:
> But that’s not the real danger of Google having this data. The danger is in ML. Google’s entire business model is predicated upon using information about you to change your behavior, and to sell on the market predictions of your future behavior.
I'm of two minds of this. I'm not thrilled about how much data Google combines and unnecessarily insists on collecting in order to allow things like the Google Assistant and Google Maps to provide full functionality. At the same time, many of Google's assistance and search services are better than their competitors exactly for this reason. I primarily wish they were more transparent in this area with fewer dark patterns and more user control, with forcing users to pick between excessive data sharing and inadequate access to Google services.
Disclosure: I have worked for Google in the past, but not since early 2015. I certainly am not speaking for them here.
> Google is one of the few companies known to have caught, fired, and officially publicly named an employee who did something like this
Not disagreeing with your broader point, but that specific employee was not caught by Google but was reported externally by parents of the minors after abusing access for months. I suspect the incident you linked predates
- and was the impetus for - many controls that were subsequently added
Speaking speculatively: I've never worked for Google
Vacuum everything constantly and then horde it like Smaug, if Smaug was an unscrupulous salesman in a polyester suit?
But somehow this is ok because within Google the common employee doesn’t have access, but is rather incentivized to make the vacuum or selling more efficient?
Are you under the impression that the rest of FAANG doesn't do this? If so, I've got some big news for you...
When people talk about 'security' at Amazon/Microsoft/Google/Apple, they're describing audit performance and ISO compliance. From a business perspective, that's really the only thing that matters. Everything else is played pretty fast-and-loose. Both Apple and Microsoft have been caught backdooring their infrastructure for foreign governments, if anyone out there still has faith in these companies then I hope they stop taking life advice from VC heads.
> Are you under the impression that the rest of FAANG doesn't do this?
All data collection practices are not equal.
>Google Tracks 39 Types of Private Data, the Highest Among Big Tech Companies
Google takes the cake when it comes to tracking most of your data. This should not surprise, given that their entire business model relies on data.
Twitter and Facebook both save more information than they need to. However, with Facebook, most of the data they store is information users enter.
Apple is in a league above Amazon in protecting user privacy. It is the most privacy-conscious firm out there. Apple only stores the information that is necessary to maintain users’ accounts.
You are giving Apple too much credit here. Apple can plaintext any iMessage if they wish with their signing keys for the servers that exchange user encryption keys. Why do you think the CCP demanded control of those servers for chinese residents? Just because Apple has a profit model other than adtech does not mean they are making choices that prioritize immutable privacy.
Apple could have folded, like even (old) Google did, and refused to comply with the CCP but shareholders would have been too upset seeing the price go down.
Successful publicly traded companies will almost always do the most profitable thing legally possible, no matter how evil.
I agree with your second paragraph, but I don't understand the point of the first? Are you saying that Google can be forgiven, since its competitors do the same?
Since you have the inside scoop does this mean that as a result your health data is hooked into your regular gmail/docs account and the info sold to whomever wants to buy it as well as used for advertising? Say I'm 40lbs overweight and 55 so I'm quite possibly have diabetes and would be a mark for diabetes medicine?
For using it internally: health data is widely considered toxic. As in "I'm not touching that thing with a barge pole" toxic. I would personally be pretty surprised if Google ever started monetising it.
Is there a workout tracking, watch form factor, device that does not require "cloud" in any way?
I want the convenience of a watch to track my workouts without a single thought that GOOG et al can collect. I want to download it to a local device and analyze it there.
And I don't care if GOOG is "99.999999999%" better at protecting my data. The point is I donot want them to have my data.
You mean the company that bought Navionics, blatantly ignored lifetime licenses that had been granted, force pushed broken app versions, and staffed multiple people to police the app stores and try to spin mandatory internet access and ongoing subscriptions in lieu of the aforementioned lifetime licenses as being for the users' benefit?
E-paper, actually, which is a fairly broad umbrella for a lot of reflective LCD displays. E-ink is specifically from E Ink and uses a different display technology (it's what's used in Kindles, etc.).
This is probably a lost word-use game, as everybody just says e-ink, but it seems important given the major differences between reflective LCDs and the electrophoretic technology used in ereaders.
I had a MetaWatch watch with an e-paper display with silver reflective screen backing and it was, by far, the most comment-generating thing I've ever worn. Still miss it.
Once a week? I easily got a month of battery out of my Pebble (whatever the base model was). It was awesome, and I'm still bitter about the sellout to Fitbit. Now I have the Amazfit Bip which gives me around 35 days of battery between charges. I can't see myself buying one of these smart watches that requires a recharge every day or two, it's already annoying enough to recharge my phone and bluetooth headphones every day.
Point of the internet from the start? I don't think so. Surveillance Capitalism didn't start with the internet, it was invented later. With that said it does seem like every single new product is built for this extractive purpose.
Turns out time and time again that the most sustainable way to store your personal data (health, financial, notes,...) is in flat files on your harddisk, not some startup's cloud service. Not that that will stop them from collecting, but at least from putting your access behind some walls or disappearing all of a sudden.
Except, for the vast majority of people, that is definitely not true. It's actually extremely rare for your average person to get locked out of their Google account (though, of course, it does happen, as chronicled so frequently on HN). It's extremely common for people to lose their hard drive, or have it otherwise damaged by a fall or fire, or just have it crash due to age without a sufficient backup.
It order to fix the problems with modern corporate surveillance, we can't keep pretending that storing things in the cloud and using cloud services doesn't have huge benefits. Just telling everyone to only store things in flat files on their local disk just brings up the "old man yells at cloud" meme in my head.
What we need are stronger laws. For example, if one company is acquired by another, and that company demands a new login scheme that can link additional data, I think they should need to give you the option of a full refund.
> It's actually extremely rare for your average person to get locked out of their Google account
It’s also extremely rare for an average person’s house to burn down. Or extremely rare for a 500 year flood. Or an asteroid hitting the earth. Should we not prepare for, avoid, and mitigate these risks?
It’s not telling people to store flat files in the cloud. It’s encouraging sustainable protocols that decompose to strong flat files in the cloud.
Story time is when ynab originally just write their files to a file structure and used Dropbox to sync. Then they switched to saas, charged people a monthly fee and store customer data in their proprietary cloud. One day ynab will go away and so will their data. Their earlier method will last forever because of the portability of flat files.
People are also not really expected to be individually responsible for mitigating flood or fire risk; they buy insurance. People can’t buy insurance for getting locked out of their Google account. We’re currently in a “well it’s your own fault for not owning and furnishing a second house in case the first one burns down” situation for digital property.
That might actually be interesting, because then there'd be actors who could give Google and the other BigTechs a lot more heat than any individual user can over unjustified account deletions (to avoid having to pay out the insurance premium).
No this is not how data is lost. Data is lost because people buy new laptops or other devices and let the old ones rust, thinking, hey if I ever needed it, I can just boot up the old one. Far more chance of losing your data that way.
I agree, but that's one hell of an uphill battle considering the amount of money that would be behind those opposing such laws. Until said laws pass, storing things locally is a valid option for a stopgap despite how cumbersome it might be.
Edit: I also have little faith in any legal remedy going far enough. The cat's out of the proverbial bag, too many businesses "depend" on data, and the government certainly enjoys being able to more easily access your data via cloud businesses than having to deal with a different enduser's setup every single time. Not saying we can't make progress, but I'm pessimistic.
And how long should that obligation exist? Google bought Fitbit in 2019. The article says the Fitbit account system will be supported until 2025. That seems pretty decent compared to the expected lifetime of the hardware? (My 2017 Alta was basically useless in 2020, completely dead in 2021).
The thing is, a lot of people own more than one device.
Even more people know a couple of people who have devices with some spare space.
Wouldn't it be great if we had a way that people could "join" trusted devices to create mutual background backups. So I could pair my laptop with my phone, and each would back up "essential" data for the other. But I could also pair my phone with my significant other, and our phones would also work as backups of each other. Syncing could be done on some kind of schedule, maybe when they're in bluetooth range, or maybe if they find each other on the same LAN. Or maybe they could use cloud storage to transfer E2E encrypted blobs.
(i.e. my phone would backup my laptop and my parter's phone, my partner's phone would back up my phone, and my laptop would also back up my phone. If my partner wanted/was willing to also back up my laptop, that would be a separate step, and they would back up each other.)
Deciding which data should be considered "essential" is left as an exercise for the implementor :-)
In principle you can do most of that with IPFS. The user experience isn't great though, especially when trying to use it as a backup solution for multiple people across multiple platforms. Someone might be able to build a startup around fixing this.
Err, world is not black and white, one can come up with various strategies how to do backups and end up very very fine in 99,99% of the situations, which is perfectly fine for vast majority of use cases. And even giants like Google and Amazon dont guarantee that much above this.
You mention laws and thats the core problem and its naive to just rely on them. Corporations are profit-first, bonus-first, and employ progressively more sociopaths as you move up the management hierarchy. This is simple sad fact regardless of industry or country.
Those folks see laws as obstacles, and unfortunately often try to game them. The results are basically all the fines big banks face from regulators, financial crises, endless internet privacy issues and so on. People just gaming well intended rules for their own profit.
plus re laws - we don't have judiciary hegemony over whole Earth. Corporations move their activities to weakest jurisdictions immediately, ie Ireland for taxes from Europe. Or they do pay minimal taxes in US. DOn't expect privacy to be handled better by default.
You're right about the backup situation, but I would still say that even just having your personal data in a flat file backed up with OneDrive - which a lot of users probably have set up without even fully realizing - still beats the app-specific cloud for most purposes (both access- and privacy-wise). Just consider the difference that it makes in the mental model of vendor lock-in.
And yes, it may not be that common for people to lose their Google account, but that's really just one failure mode of relying on in-app storage. The provider may decide to suddenly put parts of your data behind a paywall (like Slack just did), or may straight up cease to exist. Even if Microsoft were to do something similar to your OneDrive account, you'd still have your local copy and could change your cloud backup provider with very reasonable effort.
That's not quite what happened. Pebble was virtually dead and shopping around for an exit. Fitbit bought Pebble for its IP (i.e. patents) / soft acquihire. No one was going to be making the Pebble 3.
As i recollect it, they had been launching product after product and were in the middle of launching pebble time 2 when they got bought. That's a far cry from "virtually dead"
Again, that's not quite true. They had barely managed to eke out the Pebble 2 the month prior but had been in distress for quite some time. They had a huge layoff earlier that year as well and were forced to raise a debt funding round sometime that year as well. The market was doing well but the CEO commented about how hard it was for hardware companies to raise funds, especially as hardware companies were getting crushed in the market.
The truth is Apple came in and ate everyone lunch. Pebble was effectively dead the moment Apple announced their plans for a smartwatch.
It's exactly what happened. Fitbit bought (true) then destroyed the Pebble IP (true). Whether Pebble was a strong business or not makes no difference. Their tech was incredible and still better than most smart watches on the market today.
Pebble's IP was done for. No one wanted to make any more Pebbles including Pebble themself. They were acquihired by Fitbit. It wasn't a case of "we'll continue allowing team X to operate independently bait and switch."
At the end of the day there wasn't a robust market for hacker-focused e-ink Android watches.
Still wearing my Pebble Time Steel daily, and recently bought a backup/replacement on eBay because the battery on mine is dying (down to barely 1-day of battery, from the original 10 days battery life).
I really wish Rebble were putting more effort into keeping it alive. I understand the firmware is now open source, but it seems the efforts to make new hardware (or even replacement hardware) never really went anywhere. I'm grateful that they're keeping the app store & weather & voice recognition servers active, but it feels like they could do more. I guess I'm maybe looking for the Framework of smartwatches, with the aesthetics of the Time / Time Steel team.
Ditto on the Time Steel. If they had told the V2 backers that they had to 2x the price to stay afloat, I would have paid it. My battery is around 4 days (assuming I remember to put it in airplane mode when I sleep), and I'm considering trying the ifixit battery replacement.
I'm also hoping that the Apple Watch Ultra will turn out to have 5-ish days of battery life in low power mode after this fall's software update. I could consider an Apple Watch at that point, though I don't love the stylings of the AWU itself. Mostly I like the battery and the fact that the screen is flat and protected by a lip. Hopefully they can produce another variant that isn't quite so extreme sports-focused.
I really hope Garmin doesn't get bullied by Apple, and continues to exist. Between Google and Apple, Garmin is a notable competitor, I'd argue Garmin products are superior too.
It's worth noting that not all GPS receivers honor all of the finer points of the GPS protocol/spec. Longer running companies such as Garmin may have a more rigorous implementation and be able to save their customers some headache in the future.
I want to switch to Garmin because my Fitbit Charge 5 died after 4 months and the replacement they sent me dead after 2 days! I heard Garmin is superior in almost every way, but the only problem is there's countless reports of Garmin having poor sleep tracking; which is a feature I really need with my fitness tracker.
Garmin smart watches are very accurate for tracking total sleep time. But as for details on sleep phases, who knows? No wrist device including Fitbit can be totally accurate for sleep phases. Regardless of how good the sensors and algorithms are, there just isn't enough clinical information available at that body site.
The smart watches with blood oxygen saturation sensors can be useful for detecting sleep apnea. But that only applies to people with the condition.
Why do you think you need sleep tracking? Is the data actionable?
If we want to improve sleep quality then it's no big mystery what to do. Consume less alcohol and caffeine. Exercise more. Don't be obese. Don't eat a large, protein-rich meal late in the day. Go to sleep earlier. Keep the bedroom cool, dark, and quiet. We all know what we ought to do, we just don't reliably do those things. Better sleep tracking won't fix a lack of discipline or give us more hours in the day.
Poor sleep tracking in what way? I have a Garmin (<$300 one) I mainly got for sleep tracking and haven't noticed any problems with it. It tracks when I go to bed/wake up correctly, and seems me notice nights I sleep less (after drinking alcohol for example) well vs nights I sleep better (done lots of exercise in the day) properly.
Get the withings under mattress sleep tracker. You have to wear nothing, it just works, and the quantified scientist on youtube verified it's very accurate.
No, need can be used in various contexts. You could say 'I need to do X in order to meet my personal goal Y.' Or you could say 'I need a product to support Z before I'd consider purchasing it.'
GP didn't make it explicit but you can probably assume they were implying one of these contexts, rather than that they would die without that feature.
Are their products usable without web-accounts? I'm thinking about buying a watch.
Also, recently I bought Polar HR10 heartrate monitor and was unpleasantly surprised by the fact their Android app is also "signup required", for practical purposes. I mean, it does let you use it offline, but I never found a way to actually export my data (I suppose it should be doable in their web-app, though). And I didn't find any alternative HR-logging app for Android that would allow me to do that, so that I could use the product I bought the way I want. Well, nobody promised me I will be able to, but I still feel kinda robbed.
has apple ever engaged in price wars? the 'premium' image of their products is pretty important to their position in the market, and their ability to maintain their high price margins.
iOS app limitations though, I agree. Fits their pattern of behavior.
When you artificially limit what competitors can do on your device it means you can keep your prices high. You don't really have to compete on price when you've already crippled the competition to the point of being much less useful. The other user mentioned specific examples such as the Apple Watch and how it's able to do a lot more compared to competitors like Garmin. I'd even argue products like Tile are another example. Spotify is still fighting with Apple to get some more "fair" competition. Considering how tight margins are in the music world, Apple being able to dodge the 30% Apple tax is a huge bump in their ability to compete.
Overall the list could go on for days, I think you nailed it on the head that it would fit their pattern of behaviour. And they already seem to be following that pattern with their current line of watches and what they can do versus what a non-apple watch can do interaction wise with their phones.
It already kind of is crippled, compared to the Android app. The Garmin iOS app doesn't (can't?) support sending a quick reply to an incoming text message from the watch, for example, something you can do when connected to an Android phone.
While I don't think it's intentionally crippled, the Garmin app is better on Android than iOS. You can have fine grained app notifications on Android that you can't on iOS, and from /r/garmin it seems that iOS app is more unstable.
If you have a supported band (which the Fitbit is not) I highly recommend Gadgetbridge[1], a Free app that respects you, doesn't require online login and never will.
I once ran a trial comparing two FitBit models (one quite recent at the time) to a medical heart measurement device and manual counting. My conclusion was that FitBit's numbers were pretty much garbage: the manual and medical measurements generally agreed up to 3-4 beats, while the FitBit readings were off by 20 beats and more and fluctuating wildly in a short span of time. Their readings for step numbers might be more accurate, I don't know, but I concluded that the heart rate measurements probably contained more noise than signal.
What's the concrete concern here, specifically with regards to migrating the account system? If you're thinking that some mustache-twirling villains are totally lying to customers and regulators about how the data will be used, why do you think using a distinct account system would provide any kind of technical barrier? While if you think that separating the accounts does in fact matter for something, just make a new single-use Google account for just the Fitbit data.
"Just" make a new single use Google account. And what, do this for every new product, service and use-case we want to ensure doesn't get joined together? It's so cumbersome to work around today's data-hungry Googlesphere. Google would rather take another decade of yearly $4B fines than build systems that respect our personal information.
See, that's exactly what I mean by "concrete". You seem to be saying it's unreasonable to create an account just for the purpose of using a Fitbit. But you've always had to do that. It is literally exactly what a Fitbit account is. For ten years, nobody has thought that it's unreasonable. Like, the only distinction is that now you get to choose whether to create a separate account or reuse the existing one.
If you can't actually formulate why the migration of the account system is bad thing, maybe it's actually not?
Creating accounts for other companies is easier than creating a new Google account, though.
I tried to create a new Google account for a webservice that only allowed third-party logins:
The account was requiring a phone number immediately after creating it. After begrudgingly entering a phone number (that was, to be fair, already used with another Google account - I don't have random burner phone numbers lying around), the account was locked due to "unusual behavior".
(This was a Google account with an existing mail address from a normal mail provider, no new Gmail account, btw.)
In contrast, most "normal", non-SV companies don't even ask for a phone number as a hard requirement, yet alone decide your fate by ML algos.
It is the undisclosed consolidation of information sources that Google holds that scares me. I think most considered Fitbit account a small privacy issue. The Google ecosystem on the other hand is enormous, highly entwined in our lives, extremely intrusive, and information collection & sale is done surreptitiously.
I think most, even non technologist feel the negative in this, even if they cannot articulate it.
But again: how does the account system switch matter for any of that? Like, what is the thing that's suddenly possible for them to do when you log in using a Google account rather than a Fitbit one? If they're willing to maliciously (and at ludicrous risk for low payoff) do some kind of cross-account sharing of health data for unrelated purposes, why would it be any harder to associate a Google account with a matching Fitbit account, than to associate two Google accounts?
You seem to be making an argument, in vague generalities, for why they shouldn't have been allowed to buy Fitbit. But that deal was approved by the regulators across the world, after concessions, so there is no point in relitigating that. Is there a concrete argument for why they should require indefinite support for a legacy account system?
There is a pretty obvious reason for why people cannot article why they feel negative about this... Because they are feeling negative about something else entirely, and projecting. But this particular change is be strictly an improvement: it's going to be much better to argue against the things that actually bother you, not use this as a proxy.
We can simplify the situation quite well and avoid the projection. It's too late to do anything about the acquisition, but Google is too powerful and too shady to begin with, and should be vigorously opposed in anything it does or tries to do by default on that basis alone.
I have no doubt that Google knows who is using multiple accounts/devices and they'll stuff your dossier with data from all sources.
If you're wearing a device that knows when you're asleep, awake, fucking, or sick and you're sending that data to a third party whose entire business is built on collecting your personal data and you've been viewing that data yourself on a cell phone running their OS you can't care very much about your privacy to start with. Being forced to sign into a google account at that point is a formality.
schroeding also covered this in their reply to your comment, but "just create a new Google account" is much harder than it sounds. I did this for my Sony TV out of a vague paranoia of Google having access to my living room (I de-googled much of my online presence already, and didn't want to invite Google back in). I remember it took a very long time to get past all of the friction Google puts in place to create an account without a phone number.
The difference between that experience and creating a fitbit account is night and day.
I foolishly bought a Nest and three Nest Protects back when Nest were promising to implement HomeKit. Then Google bought them and they just stopped mentioning it.
Google continuously doing this means I’ll probably never pay for one of their services.
Anyone want to buy a 3 point Nest mesh system I have sitting in a drawer? When Google did this I replaced them with an pfsense router and a couple of UniFi APs.
I bought a Fitbit before it was bought from Google few years ago, and got quite upset with this thing that despite you carefully trying to stay away from buying things that require a meta or Google account, you might end up having to because of acquisitions, so I had an unused Fitbit , fortunately I guess thanks to karma they had a recall for the watch model I had and I got the full money back, but yeah to hell Google, I guess can say that as I don’t even have a Google account
Is there an non-cloud ( Desktop based) alternative to Fitbit Premium ? I hate the idea of having such personal and intimate data being accessible to third parties ?
I hope Google continues to allow downloading of log files. I wrote an app that charts calories burned (from Fitbit), calories consumed and weight loss (from MyNetDiary dieting app), spO2, sleep, heartbeat, etc.
And Google definitely has no tools to link two accounts that are constantly accessed from the same location or IP address so this will definitely provide privacy in spite of using two devices that constantly stream your personal information to Google servers.
And risk getting your main account banned for registering multiple Google accounts. Also you will need a whole new phone number for these alternative accounts which can get expensive
Google's TOS has no objection to users registering multiple Google accounts. I checked this out long ago.
In fact, how could they? I currently hold Google Workspaces accounts at my community college and from my employer. In addition to these two, I also have a "main" personal account where I do most of my stuff, including my Android device. Then, I maintain two other separate accounts for volunteer work in various capacities.
So I have five accounts in total; in fact I've signed up to Google One and gathered three of them into my "family" group. Google actively encourages people to create as many accounts as we can handle. It's nothing like Facebook, which requires a 1:1 correspondence between humans and personal accounts.
We were bought by Fitbit which operated with almost complete disdain for any attempt at security or privacy that could slow down operations. Anybody who wanted paintext access to user data seemed to get it without delay. Security and privacy were not among the things that created shareholder value so every issue I discovered was permanently backlogged.
It was depressing seeing all the data I fought to hard to protect be absorbed into a machine that would sell it off to the highest bidder, or shrug when it got stolen by a blackhat. I quit 3 months before my golden handcuffs would have kicked in because it felt too unethical to keep working there.
Then of course all the data was sold again, this time to Google. No Pebble user ever consented to their health data being sold to Google, but all of this is legal.