But from what I have seen Google takes infosec very seriously, and will fully delete information when they say they delete information. They even point out that it could "linger" for (IIRC) 90 days after you delete it in backups and other replicated copies, but after that should be fully and completely deleted.
Hopefully they so take infosec as seriously as you assume they do.
However, we have repeatedly seen profits prioritized over security in the corporate world with negligible repercussions when the data is inevitably compromised.
I knowingly and happily give my information to Google, and I trust that they do not overstep their bounds when I tell them not to collect something.
If Google ever gives me a reason to not trust them I won't. But thus far they have been okay in my mind and I'm happy with the services I received and the tradeoffs made with regard to my information.
I fully expect more nastygrams and threats from people for saying this, because it happens every time I say I trust a company.
>Saying "I trust company X with my data" is the same as saying "I trust that company X cannot be hacked".
No it is not, and it's also why I didn't reply at first because I had a feeling it would go down this path.
I don't believe for a second that my data will never be "hacked" at Google (for whatever definition you want to think of for "hacked"). But I do believe that Google has done their due diligence in preventing that kind of attack to the fullest extent they can, they give me the tools to remove data that I want removed, they are competent in their architecture to make leaks and hacks have limited scope, and i'm confident that they will be able to uncover evidence of "hacking" and will use the legal system to go after those responsible limiting the damage that a "hack" can do.
I enjoy the benefits I get from Google. I like that they scrape my email for calendar info, flight info, package info, etc... I like that they track my location and create automatic albums for pictures I take (and upload to them) while at a location. I like that they can get location indoors using wifi APs or that they use my voice in ML training to improve the product, or that they offer me relevant ads to pay for those free services and products instead of ads that have little or nothing to do with my interests. I like that I can go back and search my hangouts (then google talk) chats from my friends from over a decade ago, or that they backup my files that i put on google drive, or that they record what apps are on my phone (and some data from those apps) so that if I need a new phone I can quickly set everything back up, or that they store saved passwords on their servers so that I can easily get the same ones on multiple devices, I like that my reviews of apps/places can have my name and face put on them and that reviews from my family and friends show up over random people online, etc... And I especially like that I get most of this for no effort on my part. No servers to maintain, no software to setup and manage, no security needed on my part aside from keeping my username, password, and second factor auth secure. I only have a limited time on this planet, and I don't want to spend it setting up private email, storage, photo backup utilities, and whatever else that I get "for free" through Google services.
I'm not being tricked here, i'm not "missing something" or pretending that these companies are infallible. I'm making a consensus decision to trade information about myself to a company I trust for tangible benefits. If that company becomes untrustworthy, then I will adjust my feelings and behaviors, and I will most likely be hurt by it at some point (because you can't un-give information, especially not to a bad actor), but again that's a risk i'm willing to take.
I don't know why I typed all this out, and I don't mean to target it all at you personally, just at the boogeyman I've built up in my head of "internet person telling me i'm dumb for trusting a company". It's exhausting constantly having to defend against what-if's because I want webmail, or being constantly berated and insulted for making tradeoffs with my own privacy like it's some kind of personal insult to people that I am not as private as they are (there's nothing wrong with privacy, I advocate for it quite a lot, but your whole life doesn't need to be private all the time, i'm happy to share some aspects!).
Fair enough, you seem much more knowledgable of the risks (at least on an individual level) than the vast majority of users.
However, have you considered the threats to national and global security that are posed by the centralized aggregation of billions of the most detailed psychological data profiles the world has ever seen?
But from what I have seen Google takes infosec very seriously, and will fully delete information when they say they delete information. They even point out that it could "linger" for (IIRC) 90 days after you delete it in backups and other replicated copies, but after that should be fully and completely deleted.