A short thread about Privacy, Silicon Valley Tech, and unintended consequences of software designed by people who do not appreciate the scale of deployment.
Someone sent an message to one of our Signal groups this morning, and one of our engineers immediately responded with "I'm driving right now."
Closer inspection revealed that Android Auto sent this on his behalf.
There's are a couple of problems with this.
Closer inspection revealed that Android Auto sent this on his behalf.
There's are a couple of problems with this.
1. He wasn't driving right then.
2. He wasn't supposed to be driving right then.
3. He didn't explicitly authorize Android Auto to send Signal messages.
4. Android Auto revealed his activities to a large number of people
5. Worse, it was wrong, due to a Bluetooth pairing.
2. He wasn't supposed to be driving right then.
3. He didn't explicitly authorize Android Auto to send Signal messages.
4. Android Auto revealed his activities to a large number of people
5. Worse, it was wrong, due to a Bluetooth pairing.
This bug might seem like a no big deal. A PM at Google writes it up as a cutesy feature. Given the huge amount of privacy sensitive data Google collates and sells, it feels like nothing to have Android Auto leak what you're doing to your friends.
But this kind of casual leak **can and will get people killed**. There are jealous husbands (and maybe wives, too, but the stats are skewed) out there who will go in a rage instead of debugging that it was caused by a bad Bluetooth association and a misfeature plus data leak.
We heard so much about "Google scale."
At Google/Facebook scale, someone *will* get hurt.
At Google/Facebook scale, someone *will* get hurt.
What's the takeaway?
Writing software at that scale requires a different kind of diligence, empathy, understanding, and anticipation.
What seems inconsequential to a valley engineer might be a life or death matter to someone in, say, Riyadh or whatever else.
Writing software at that scale requires a different kind of diligence, empathy, understanding, and anticipation.
What seems inconsequential to a valley engineer might be a life or death matter to someone in, say, Riyadh or whatever else.
I'm not sure how to train the right kind of thinking.
But I'm 1000% sure that we do not, and I'm just as sure that the vast majority of PMs at major tech firms see the world through a comfortable SV lens that is quite cavalier about data leaks to friends.
But I'm 1000% sure that we do not, and I'm just as sure that the vast majority of PMs at major tech firms see the world through a comfortable SV lens that is quite cavalier about data leaks to friends.
Recall that, for years, every instant message on Facebook revealed your location, with great precision, to whomever you messaged. I'm confident people got killed as a result of that feature.
All ideas on how to make SV tech companies understand their responsibilities to a very very large global audience are welcome.
