This is partially the same community that thought these violations would be a good idea in the first place, as long as we get a bit of hamfisted curated content and adtech monetization. Of course some of the invested individuals still want to defend it. Maybe just to maintain the cognitive dissonance and assure ourselves what we're doing to people is okay. Expect to be unpopular, but that's fine--popular is not the same as right.
People are willing to take some outrageous risks in exchange for a trivial amount of convenience. Ever see somebody cut across six lanes on the interstate to make an exit that's about twenty feet away at the very last second? Convenience and speed is everything, we don't give a damn about the consequences. And there are eventually going to be serious issues caused by our wild west data mining. Horrible damages have already happened. It's not just paranoia.
True, not every software company is abusing their default permissions and telemetry. But the fact that default-on is normalized and expected provides cover for many people who do abuse it. It's complicit. Anyone who cares about infosec knows that security has to be the default, not an obscure setting for power users or something that you have to reset and then it always clicks itself back on when you update or use a particular feature. That's wrong and it's very clear why it's wrong. But it's happening more and more often.
Also, security must be the default even if we don't currently see any way for a particular application to be abused, because later there will be attackers more creative than us and they will figure out a way to leverage it. This is like an ironclad law of nature. Pretty much anyone who has made networked software long enough in the past can attest that eventually there's attempts at exploitation that nobody was thinking about at the beginning. I'm sure some of y'all have stories. Every engineer must make it robust at the start, expecting that people will attack and misuse it resulting in damage to real people. Even if we don't see why that would ever happen at the time. We should all responsibly set software defaults to defend the helpless and ignorant, instead of depending on capable people to defend the software.
The fact that Google knows where I work, and what days I work, and uses that information to alert me before I leave whether there's a better route is worth it. That feature alone can save tens of minutes to hours per week, not to mention all the other benefits.
Someone already mentioned it, but the timeline feature is great. I can see where I was, what time, how long it took, etc. It also tells me the last time I went somewhere.
People are willing to take some outrageous risks in exchange for a trivial amount of convenience. Ever see somebody cut across six lanes on the interstate to make an exit that's about twenty feet away at the very last second? Convenience and speed is everything, we don't give a damn about the consequences. And there are eventually going to be serious issues caused by our wild west data mining. Horrible damages have already happened. It's not just paranoia.
True, not every software company is abusing their default permissions and telemetry. But the fact that default-on is normalized and expected provides cover for many people who do abuse it. It's complicit. Anyone who cares about infosec knows that security has to be the default, not an obscure setting for power users or something that you have to reset and then it always clicks itself back on when you update or use a particular feature. That's wrong and it's very clear why it's wrong. But it's happening more and more often.
Also, security must be the default even if we don't currently see any way for a particular application to be abused, because later there will be attackers more creative than us and they will figure out a way to leverage it. This is like an ironclad law of nature. Pretty much anyone who has made networked software long enough in the past can attest that eventually there's attempts at exploitation that nobody was thinking about at the beginning. I'm sure some of y'all have stories. Every engineer must make it robust at the start, expecting that people will attack and misuse it resulting in damage to real people. Even if we don't see why that would ever happen at the time. We should all responsibly set software defaults to defend the helpless and ignorant, instead of depending on capable people to defend the software.