This comes up time and time again on HN, and I continue to struggle to understand it.
Admittedly, Facebook have very recently passed out Google on my rankings, and is now in last place, but it's always been a close one. Facebook is very much a tentative last. Google has been very comfortably last until recently, and could easily slip down again.
What exactly is it that makes people trust Google? How is Google even remotely comparable to Amazon???
How is Microsoft more trustworthy than Google? Google's involvement in OSS vs Microsoft's time-old approach tells a huge story to people who write software.
I trust Amazon less than I do Facebook. Facebook lets me see exactly what kind of advertising data they have on me and lets me export all my data. Google does the same. Amazon just shows me recommendations and tries to sell me android tablets full of crapware or sneak their crapware onto Ubuntu. If you've ever worked at Facebook you'll know internally their culture of openness is very similar to Google's "Don't be evil" ...but less explicit. And explicit company values matter, so that is a knock on them. But yeah, Amazon seems worse. Compare their internal cultures because it does affect what direction their products take.
Apple is trustworthy only in the sense that they make hardware devices that, if backdoored, would be terrible for their business. Their cloud services have the same incentive structures as Google so I feel they're fairly equivalent (plus under the hood Apple uses one of the major cloud providers).
Apple > Google > Microsoft ~= Facebook > Amazon.
This ranking encodes:
1. Which physical devices I would trust more (iPad > Fire Tablet).
2. How wary I would be of using their services (e.g Google Search > Amazon Shopping).
3. Whose culture is better for user trust (Google's track record >> Microsoft or Facebook's track record).
I work at Microsoft, and while what you say may be true for the Microsoft of 20 years ago, the Microsoft of today is very heavily involved in OSS. We use and credit open source tools in our day to day products, contribute back to these projects, and open sourcing some of our existing tools like .NET. We're probably not at the level of Google, but far more than you're giving us credit for in this comment.
I'm very aware of the new Satya MSFT and think it's great. But you can't take away distrust built over years of Microsoft saying "we changed" then committing competition-killing bad-faith practices when they think nobody is watching.
Here's to hoping MSFT is actually different today.
Furthermore part of my calculus is that internal culture matters. Last I checked MSFT's internal culture still doesn't value openness and user trust the way Google or Facebook do, where it's a core company value.
Microsoft saying "we changed" then committing competition-killing bad-faith practices when they think nobody is watching.
As opposed to what Google repeatedly gets slapped by the EU for doing, Facebook vs SnapChat, etc?
Here's to hoping MSFT is actually different today.
* Last I checked MSFT's internal culture still doesn't value openness and user trust the way Google or Facebook do, where it's a core company value.*
Google and Facebook both only open source code that doesn't endanger their competitiveness.
As an extremely happy vscode (and typescript) user, and an avid follower of the ChakraCore Node efforts, I'm well aware of the changes. The Windows telemetry stuff is also a recent change though, so I'm afraid your argument doesn't stand up to scrutiny. Any company will have positive sides if you look close enough.
I would largely agree with others' rankings above, I only find the placement of Google anomalous. I'd go with
Apple > Microsoft >> Amazon >>>> Google == Facebook
The fact that Apple, Microsoft and Amazon run on business models where products are primarily charged for makes a big difference. Then, among them, individual smaller grievances influence levels of trust: MS has a history of security issues with login mechanisms, newer Windows versions collect slightly excessive amounts of telemetry with difficult opt-out, Apple's closed eco systems are user-hostile and anticompetitive, etc. etc. None of them are good companies.
Facebook and Google are on a different level. And products they sell directly are secondary; you are the primary product.
Normally I would be inclined to put Google lower for one reason: Google is everywhere. Facebook is on facebook.com. Yes, there's a large social penalty to avoiding registration, but it's still entirely at your discretion. They keep shadow profiles of you via facial recognition of photos taken of you by other people who have Facebook accounts, but other than that exposure to Facebook is mostly limited by having an account there. Google is only avoidable by cutting yourself off from technological society. They are omnipresent and all powerful. And, while Facebook has a track record of publishing academic research on very creepy experiments they run on their (opted-in) users, Google meanwhile have a strong track of violating the law on collecting data in everyone and everything in the world.
Facebook are terrible, but the blindness to Google's reach is starting to seem scarier tbh.
I don't understand how you conclude that Google is everywhere whereas Facebook is only on Facebook.com. I'm not disagreeing that Google is everywhere, but I'd argue that so is Facebook. Are you making this distinction mainly because of Android and its market share? From the privacy angle, Facebook is also on Instagram, WhatsApp (this to a limited extent) and on most websites that use Facebook for comments and/or have Facebook Like buttons.
I don't have links right now, but I've read that Facebook also engages and buys data from large online tracking and profiling companies.
You're right about WhatsApp and Instagram, but they're similarly opt-in. On the in-website comments/like buttons - this is also true, but quite trivial to block (most blocking extensions will do it out of the box, some browsers are even doing it as a built-in feature). Such blockers will also block some subset of Google stuff - e.g. Google Analytics - but miss the vast majority of it.
Google provides DNS - handling every domain look-up for anyone using it. This setting is often at a router or even ISP level. Google hosts the TLS verification databases used by browsers to bulk-verify the lists of HTTPS sites you visit. Google Analytics is not just in websites, it's embedded in many non-web apps you use, even some CLI ones. Even excluding the ever-pervasive Google Analytics, Google also provides myriad services to 90% of individual websites you visit. StackOverflow relies on HTTP requests to Google servers for all posting/commenting/interactive functionality. Google (or Apple) own and control your mobile phone. They track your every move, wherever you go. They can see every app you open, and often how long you spend in it, regardless of who developed that app. They read the contents of most of the emails you send, regardless of who you host your own emails with (because not only are most personal emails on Gmail, a significant quantity of @corporatedomain ones are too). Google measures the physical location of the WiFi router you have in your house from other people's Android's as they walk by (and from Google StreetView cars).
With Facebook you can choose not to sign up to Facebook/WhatsApp or Instagram. Apart from not buying an Android phone, most of the above is not trivial to avoid, and the website stuff I mentioned in particular is only the tip of the iceberg.
For one, their entire business/revenue doesn't revolve around selling advertising. While they (MS) have gotten into tracking more data with Windows 10 and so on, they are still nowhere close to where Google is when you look at what they do with Android, Chrome, Gmail, Google Search, Google Analytics, Google Home, etc.
For me personally, Google is far and away the # 1 threat to my privacy followed by Facebook and Amazon then MS and Apple at the bottom of the list.
A company's involvement in your life should have security/transparency multipliers. Google has more of your data, but they do a better job of keeping things safe and communicating with you what they have and how they use it.
That said it makes sense that if one company has too much of your data you should rightfully be wary of them. +1
When I use a microsoft product, I'm more likely to be paying for it, unlike with many Google products. So for whatever reason, I'd like to think they are protecting my privacy slightly more.
Having less of your data by default means they can do less with it, so you are "safer" for that reason. I'd be wary of confusing that with "they are trying to protect my privacy more."
How is Microsoft more trustworthy than Google? Google's involvement in OSS vs Microsoft's time-old approach tells a huge story to people who write software.
Apple, Google, Facebook, and Microsoft all open source code that isn't part of the Crown Jewels. Even many of the parts of Android that people consider Android are closed source.
I think because although Facebook have quite a strong moral code, and a culture which upholds that, their morals themselves are somewhat questionable. In particular, they seem to see nothing wrong with collecting all the data they possible can and using it for profit-making purposes.
> How is Google even remotely comparable to Amazon???
If you're already scared of Google and Facebook this is an easy one: Amazon's growth will increasingly depend on advertising, and they will continue to grow. Pretty much everything they have done in the last couple years moves in this direction: a search page riddled with sponsored results, Echo (https://gizmodo.com/yes-your-amazon-echo-is-an-ad-machine-18...), my new 30 dollar Fire tablet that always shows me ads, retargeting, etc. Amazon has Google-level information on its users, and will use it in ways that are simialrly invasive.
I see a lot of people writing off Amazon because it's not as ubiquitous as Google in their lives. This is a mistake: their dominance will continue to grow. They have the best product strategy I've ever seen, and everything they are doing will move them in the direction of being a central part of everyone's lives (even non-Americans - when I was in India recently and I saw an Amazon billboard or bus ad every 5 minutes, even in smaller towns).
External attacks are only half the story. What about the thousands of employees (especially the SREs) who may or may not be a few clicks away from root access on the machine which contains your email?
It's amusing that people would actually put Microsoft before Google considering all of the data Microsoft has shared with the NSA. They were also complicit into actually breaking into their user's accounts because they suspected them of selling pirated copies of their software.
And then there's this:
According to this NSA slide Microsoft was volunteering data to the NSA way back in 2007.
In fact, Microsoft was the very first company to sign up.
According to The Guardian, NSA had access to chats and emails on Hotmail.com, Skype, because Microsoft had “developed a surveillance capability to deal” with the interception of chats, and “for Prism collection against Microsoft email services will be unaffected because Prism collects this data prior to encryption.
Microsoft even handed the NSA access to encrypted messages
Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.
The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.
The documents show that:
• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;
• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;
• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".
The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers' privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.
In a statement, Microsoft said: "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers".
In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.
Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant if the target is a foreign national located overseas.
Since Prism's existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.
Microsoft's latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority."
Similarly, Skype's privacy policy states: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."
But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.
The latest documents come from the NSA's Special Source Operations (SSO) division, described by Snowden as the "crown jewel" of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.
The files show that the NSA became concerned about the interception of encrypted chats on Microsoft's Outlook.com portal from the moment the company began testing the service in July last year.
Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats
A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working with the FBI, developed a surveillance capability to deal" with the issue. "These solutions were successfully tested and went live 12 Dec 2012."
Two months later, in February this year, Microsoft officially launched the Outlook.com portal.
Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."
Microsoft's co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked "for many months" with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.
The document describes how this access "means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about".
The NSA explained that "this new capability will result in a much more complete and timely collection response". It continued: "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."
A separate entry identified another area for collaboration. "The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes."
The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.
One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'," it says.
Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.
According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.
The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. "Feedback indicated that a collected Skype call was very clear and the metadata looked complete," the document stated, praising the co-operation between NSA teams and the FBI. "Collaborative teamwork was the key to the successful addition of another provider to the Prism system."
ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," he said. "It's hard to square Microsoft's secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."
The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.
The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that "enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism".
The document continues: "The FBI and CIA then can request a copy of Prism collection of any selector…" As a result, the author notes: "these two activities underscore the point that Prism is a team sport!"
>>>> Apple >>>>> Microsoft >^∞ Amazon > Google >>>>>>>> Facebook
None of these companies are trustworthy, but Apple's business model doesn't require them to be quite as untrustworthy as the others to get your money. Microsoft is quickly headed down the ladder with their difficult to avoid or disable telemetry and an OS that spits ads in your face. Amazon is close to becoming Google's equal on this list with their "Alexa in all of the things" push. Facebook is run by Mark Zuckerberg, who acts as an anchor to keep it firmly planted at the bottom of the list.
Apple > Microsoft >> Google == Amazon >> Facebook
Facebook is dead last by a mile.