Andy Freeman wrote: "Some supporting evidence would be nice because only one person is raising this concern."
Here's another. I agree with the original poster. We have been thinking about making the significant investment required to convert our application to run on GAE once the service moves beyond the "trial" phase, because as a small company we're enchanted by the prospect of eliminating all of our system administration concerns and our growth pains. However, the only barrier to adoption for us is the data privacy aspect. Because of Google's practice of extensive data- mining in other services (Gmail, for example), we're afraid that Google is planning to profit from offering a free service by treating our extremely private user access information as an advertising datamine playground. Before we start re-coding our application, we would need a stronger privacy policy that outlines exactly what Google can do with our datastore. Best regards, -Maxime Camirand On Jan 17, 2:54 pm, Andy Freeman <ana...@earthlink.net> wrote: > > dataprivacyis probably the number one barrier to > > commercial cloud adoption at the moment. > > Some supporting evidence would be nice because only one person is > raising this concern. Maybe it's so huge a barrier that no one else > is bothering, maybe the discussion is somewhere else, but.... > > > When you put these two statements together, Google is able to > > reproduce, adapt and modify developer contributed code to improve your > > UI, and explicitly *does not* require content owner's permission. > > Actually, there's nothing about the UI. However, there's something > important missing from this discussion, namely "for the sole purpose > of enabling Google to provide you with the Service in accordance with > itsprivacypolicy." > > How about some acceptable wording from a service that provides > computation and storage resources, together with a link to the whole > policy? > > On Jan 17, 9:17 am, hawkett <hawk...@gmail.com> wrote: > > > Hi Marzai, > > > Thanks for the detailed response. It would be great to get those > > clarifications included in the terms of service and/orprivacy > > policy. I can see from my post rating that some people don't share my > > concern, but dataprivacyis probably the number one barrier to > > commercial cloud adoption at the moment. Clear legal statements are > > always better than implied trust, or clarifications made in forums. I > > don't doubt that the constraints you have outlined are correct, but I > > read theprivacypolicy and terms of service to say something > > significantly different. Theprivacypolicy explicitly lists content > > (including code) and says this - > > > 'We use this information internally to deliver the best possible > > service to you, such as improving the Google App Engine user interface > > and maintaining a consistent and reliable user experience.' > > > The terms of service say this (in section 8, which overrides any > > rights outlined in section 6) - > > > 'By submitting, posting or displaying the Content on or through the > > Service you give Google a worldwide, royalty-free, and non-exclusive > > license to reproduce, adapt, modify, translate, publish, publicly > > perform, publicly display and distribute such Content for the sole > > purpose of enabling Google to provide you with the Service in > > accordance with itsprivacypolicy.' > > > When you put these two statements together, Google is able to > > reproduce, adapt and modify developer contributed code to improve your > > UI, and explicitly *does not* require content owner's permission. > > Apparently that permission is given once the data is uploaded. I'm > > not trying to be difficult - that is actually what it says - and those > > documents are actually what business look at when making decisions. > > > I realise that the terms of service andprivacypolicy are produced by > > the legal team and not the engineering team, and the legal guys have a > > responsibility to protect Google from liability and litigation. > > Perhaps the legal team isn't fully aware of the importance of data > > security to GAE adoption. It is probably the engineering team's > > responsibility to raise that awareness. > > > It seems clear to me that Google's strategy is to market GAE > > applications to its Google Apps customers. Both offerings sustain > > each other, and the delivery of the reseller program is a hint that > > this ecosystem is well on its way to being opened up. If you want an > > abundance of vendor supplied, commercial quality applications in that > > ecosystem, then data security needs to be much more clearly respected > > in the legal documentation. Thanks, > > > Colin > > > On Jan 16, 5:23 pm, Marzia Niccolai <ma...@google.com> wrote: > > > > Hi, > > > > First let me say that everyone on the App Engine team takes data > > >privacyvery seriously, and point you to Section 6 and 8 of the App > > > Engine terms of service (http://code.google.com/appengine/terms.html) > > > that deal explicitly with the issue of data ownership and copyright. > > > > Also, it is important to note that the only Google employees who have > > > the ability to access data pertaining to any App Engine app are > > > certain members of the App Engine engineering team, and the access is > > > limited to that which is necessary to perform their job role. > > > > The _only_ circumstances under which a member of the App Engine team > > > would access your application code and/or data is: > > > > - With the developer's permission, in order to troubleshoot a specific > > > issue > > > - If your application is causing system wide instability > > > > Any modification to your app through the Admin Console (by any person) > > > is logged in the Admin Logs, that can be access > > > at:http://appengine.google.com/adminlogs?&app_id=YOURAPPID > > > Access logs are maintained by Google as well. > > > > -Marzia > > > > On Wed, Jan 14, 2009 at 1:06 PM, hawkett <hawk...@gmail.com> wrote: > > > > > Hi, > > > > > Just wanted to query theprivacypolicy, especially as it relates > > > > to code. Would I be right in thinking that the only thing stopping > > > > google stealing an app. or an idea for an app, or an algorithm or data > > > > structure or whatever, is that you are such good guys? > > > > > This is theprivacypolicy I am reading > > > > -http://code.google.com/appengine/privacy.html > > > > > I read theprivacypolicy to pretty much say you can do what you > > > > want with the code? i.e. 'We use this information internally to > > > > deliver the best possible service to you...' - you could interpret > > > > that to mean pretty much anything, including ripping off an idea and > > > > serving it back to us - (yeah, I know you are good guys). > > > > > A second question would be Google's policy for employees or > > > > contractors etc. looking at the code of app engine apps? Are there > > > > any internal controls? Do you maintain access logs? What are your > > > > criteria? > > > > > An obvious situation would be a google employee reading a group > > > > post, and saying 'Hey that's an interesting point, I wonder what app > > > > they are building... let me just go in and look at their code... wow > > > > that's cool... <days pass>... hey boss I have an idea for my 20% spare > > > > time, how about we do this <subtle variation on app they looked at > > > > recently>' - can you confirm that this does or does not happen? > > > > > It doesn't even need to be conscious - knowledge is knowledge, and > > > > you can't 'unsee' something. I challenge anyone to see something done > > > > in a better way, and then continue to do it in an inferior way, > > > > because they are a 'good guy'. > > > > > It might just be a good idea to you, but it is IP and business > > > > value that you shouldn't have access to. It is a significant barrier > > > > to GAE adoption for many organisations. It is completely different > > > > situation on a platform like Amazon (because I can protect my content > > > > myself, among other things), and GAE requires a different policy than > > > > 'to provide a quality service'. > > > > > I realise this is covered > > > > byhttp://code.google.com/p/googleappengine/issues/detail?id=501, > > > > which is an absolutely crucial issue that, naturally, has no input > > > > from google apart from acknowledgement. I'm not writing this post to > > > > register my support of that issue, I've already done that. I'm > > > > writing it to try and get some sort of meaningful response form > > > > Google. > > > > > Would someone at Google please be able to elaborate? When do you > > > > access our code? Thanks.- Hide quoted text - > > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
