[HN Gopher] End of the road for Google Drive in Transmit
___________________________________________________________________
End of the road for Google Drive in Transmit
Author : donatj
Score : 266 points
Date : 2024-10-08 18:38 UTC (4 hours ago)
(HTM) web link (blog.panic.com)
(TXT) w3m dump (blog.panic.com)
| mzagaja wrote:
| Google really is wrecking hell on third party integrations.
| Jyaif wrote:
| "The fastest path to wealth is the construction of these
| digital platforms, where other people depend on you."
|
| - Eric Schmidt.
|
| Many products leads at Google seem to disagree!
| indymike wrote:
| Depends.
|
| Build it, get dependent developers, start charging dependent
| developers, ????, profit.
| Lerc wrote:
| ...Try and launch a new platform, Nobody trusts you,
| Platform Dies, Loss?
| teqsun wrote:
| Title on the blog is now (changed?):
|
| "End of the Road for Google Drive _in_ Transmit "
|
| The being unfamiliar with Transmit the "and" gave me a startle
| davedx wrote:
| > But then... a couple of months later, Google completely removed
| the option for us to scan our own code. Instead, to keep access
| to Google Drive, we would now have to pay one of Google's
| business partners to conduct the review.
|
| What a racket. Smells downright anti-competitive The EU will have
| fun with this when it catches up.
| rammer wrote:
| It wasn't even that expensive. Ada security audit from tekta in
| Spain was under 4k.
|
| There's nothing like a racket here. The list of certification
| agencies goes from KPMG at top end to smaller companies.
| anakaine wrote:
| 4k is not expensive in enterprise terms, but in small
| bootstrapped startup terms it is absolutely expensive.
| imhoguy wrote:
| And the issue is the other corporations may likely follow,
| so you have to stack hefty audit sum every year for
| multiple monopolistic cloud vendors because you made some
| cheap documents scanner app with convenient storage options
| for your user.
| aaronharnly wrote:
| Just as a data point, we paid $750 for one of these engagements
| (scan + some discussion about use cases etc) to one of Google's
| preferred providers. There were multiple options for providers.
| petre wrote:
| > Smells downright anti-competitive The EU will have fun with
| this when it catches up
|
| What? The EU wants to introduce certifications for all products
| and services, further kneecapping local innovation through
| regulation and costly certifications.
|
| https://digital-strategy.ec.europa.eu/en/policies/cybersecur...
| mardifoufs wrote:
| The EU absolutely loves adding requirements for certifications,
| so no I don't think they would get involved here. In fact, it's
| something they are pushing for in general.
| teruakohatu wrote:
| I am not sure smaller devs were given the option of self-scanning
| code. I always wondered what the point of that was, given that
| there is no way for Google to ensure that the scanned code was
| the version distributed, and even then, as soon as a minor update
| was released it would have been out of date.
| dewey wrote:
| Because they don't care about security, it's compliance-
| checkbox-driven policies.
| xp84 wrote:
| Bingo! The whole thing is for butt-covering purposes. It's
| just so that when something happens, Google can then say "We
| followed $STANDARDS_BODY Policy #420.69, so we can't be held
| responsible!" Theoretically even Panic would gain a little
| butt-covering from it too. "Look, this vulnerability was so
| hard to spot that even these very professional security
| auditors missed it 8 years in a row!"
|
| It's all still pretty worthless though imho.
| fidotron wrote:
| There is a clear subtext to this and the Play Store changes:
| everyone interacting with the Google ecosystem is going to be
| pinned down and deanonymized with rights assigned based on legal
| identities. This will be done in the name of security. There is
| no freedom in who you trust here.
|
| The big question here is if all this was preemptive or the
| response to something.
| akira2501 wrote:
| All monopolies do this. Once they're past the point where the
| government can effectively regulate them they essentially take
| over and regulate the market for their own interests. Google is
| very good at this. They're probably better at this than
| actually writing code these days.
|
| Which is why anyone and everyone should flat out avoid them as
| a company.
| teruakohatu wrote:
| The original title now reads "...for Google drive in Transmit".
| @donatj can you correct the HN title please.
| donatj wrote:
| Fixed
| quantadev wrote:
| Never hitch your wagon to somebody else's horse.
|
| Entire companies have been destroyed because they rely on Amazon,
| Google, or some other service, and then have the rug pulled.
| Sometimes companies have even been destroyed, notably by Amazon,
| for having the _wrong_ political viewpoints.
|
| My rule of thumb is: Only use open source components, and only
| run my stuff on Linux. So that way I maintain full control over
| my stack, and stay mostly immune from the political rug pulls,
| and other kinds of rug pulls.
| stavros wrote:
| Some of these wagons only managed to move because they were
| hitched to someone else's horse.
| gopher_space wrote:
| My concern is that people aren't building their own horses
| the minute it becomes feasible. The farrier now seems
| mystical and occult to a generation even though they're more
| than capable of picking up the tools themselves.
| stavros wrote:
| You don't build things when it becomes feasible, you build
| things when it becomes less risky to build them than to
| not.
|
| For things like a convenience integration, that moment may
| never come. For other things, it's easy to estimate wrong,
| given how fuzzy the risks are.
| dewey wrote:
| That sounds great, but also for an app that interacts with > 10
| services and companies it's not really a good advice.
|
| > Only use open source components, and only run my stuff on
| Linux
|
| Most people don't have the luxury of never having to interact
| with Google Drive, MS Teams, Slack etc.
| quantadev wrote:
| Sure integration points to all that are great. The mistake is
| when your entire company can no longer function at all
| without Amazon AWS for example. I've worked at a place like
| that.
|
| EDIT: Of course if you're sure your politics are completely
| left-leaning you'll have no censorship worries, because these
| platforms are mostly Silicon Valley run. Also since
| conservatives basically don't play dirty in this way, the
| conservatives won't censor stuff just because it's left-
| leaning. We're for protecting freedom of all legal speech and
| actions.
| mullingitover wrote:
| > Sometimes companies have even been destroyed, notably by
| Amazon, for having the wrong political viewpoints.
|
| Ok, I'll ask: what company did Amazon destroy for having the
| wrong political viewpoint?
|
| AWS hosts some pretty vile stuff without blinking. The last
| time a company made a big "woe is me, my ideas are being
| suppressed" claim against Amazon, it was Parler, and they
| weren't kicked off for their viewpoints. They were kicked off
| for operating a crime-ridden site with zero effective
| moderation.
| kurisufag wrote:
| never forget that Old Cloudflare kept lulzsec's site up
| /while they were defacing .gov pages/, then gave a talk at
| DEF CON about how they managed it.
|
| we can have better standards for speech and platforming than
| "you didn't moderate enough".
| madeofpalk wrote:
| Cloudflare is AWS?
| kurisufag wrote:
| why should pre-2016 cloudflare be the only company with a
| commitment to free speech and platforming?
| mullingitover wrote:
| I read up on that situation, and it sounded like the
| three letter agencies were working with Cloudflare all
| along. They never even asked them nicely to stop hosting
| lulzsec. To top it off, Sabu from lulzsec was an
| informer[1].
|
| So Cloudflare wasn't bravely standing on principle, they
| were just doing garden variety collaboration with the
| feds.
|
| [1] https://www.computerworld.com/article/1386577/us-
| seeks-lenie...
| Spivak wrote:
| Look, they were kicked off for their content. I hesitate to
| call their content "viewpoints" but it's become roughly
| synonymous with speech so I guess it kinda fits. Regardless,
| I'm happy they did it. I think there is room for "exception
| that proves the rule" type behavior. When the bridge too far
| is literal Nazis I'm okay with considering AWS to still be
| politically neutral. No ToS violation (which was flimsy at
| best) needed.
| mullingitover wrote:
| I didn't realize that death threats were a viewpoint.[1]
|
| > People on Parler used the social network to stoke fear,
| spread hate, and allegedly coordinate the insurrection at
| the Capitol building on Wednesday. The app has recently
| been overrun with death threats, celebrations of violence,
| and posts encouraging "Patriots" to march on Washington,
| DC, with weapons on Jan. 19, the day before the
| inauguration of President-elect Joe Biden.
|
| > In an email obtained by BuzzFeed News, an AWS Trust and
| Safety team told Parler Chief Policy Officer Amy Peikoff
| that the calls for violence propagating across the social
| network violated its terms of service. Amazon said it was
| unconvinced that the service's plan to use volunteers to
| moderate calls for violence and hate speech would be
| effective.
|
| Parler was used to coordinate the Jan 6 attacks, and when
| they were caught with their pants down they promised some
| half baked scheme to have unpaid volunteers do moderation.
| It was demonstrably a joke and they were caught failing to
| moderate _more_ attack planning that was happening out in
| the open on their app. I think Parler leadership got off
| easy on this, they frankly should 've been in jail on
| January 7th for being accomplices and not merely getting
| kicked off AWS.
|
| [1] https://www.buzzfeednews.com/article/johnpaczkowski/ama
| zon-p...
| mardifoufs wrote:
| The death threats angle is a complete red herring,
| considering that other social media absolutely does leave
| out such posts for even longer than parler did (and very
| rarely is held accountable for whatever their users are
| posting, even when it takes literal months to moderate).
|
| But regarding your last paragraph. Sure let's agree that
| everything you said was right. So what? It still shows
| that AWS does cut off consumers based on politics. I'm
| not aware of any legal action against Parler so I don't
| think they were accused of anything illegal. The fact
| that you agree with the political reasoning behind the
| decision does not make it any less political.
|
| Especially since the only time that they ever intervened
| for something like this was when it happened in the US.
| It didn't happen during the Arab Spring, or the 2014
| Ukrainian revolution, or any other time where people used
| an AWS hosted platform to coordinate a coup.
| mullingitover wrote:
| > The death threats angle is a complete red herring,
| considering that other social media absolutely does leave
| out such posts for even longer than parler did
|
| Other big social media companies generally own their own
| infra, so they they don't need to get into existential
| crises when their landlords go looking into their
| activities.
|
| > But regarding your last paragraph. Sure let's agree
| that everything you said was right. So what? It still
| shows that AWS does cut off consumers based on politics.
|
| Not sure how you're able contort this argument together.
| Parler was _involved in crimes_. AWS didn 't need to
| prove that beyond a reasonable doubt like the justice
| system did, they merely had to have a good faith belief
| crimes were happening on Parler and Parler wasn't making
| good faith efforts to mitigate them. They didn't merely
| fail to moderate, they basically told Amazon to kick
| rocks when they were provided with evidence of crimes on
| their platform.
|
| It's honestly kind of insulting to cry about political
| repression when it was just garden variety crime the
| whole time.
| mardifoufs wrote:
| How was it involved in crimes? Again, can you be more
| specific?
|
| I agree with you about other social media platforms
| owning their own infra, by the way. But I'm not sure if
| that supports your point? If the only difference is that
| they own their own platforms, meaning they can do
| whatever, doesn't that show that AWS is actually
| unreliable for products like these? Which is what OP was
| arguing?
|
| Also, it's weird to say that I was crying about political
| repression. My point was that your comment itself was
| arguing that they were still removed for political
| reasons. Which meant that you agree with the person you
| replied to, it's just that you think that it was morally
| correct which is besides the point.
|
| And if Parler did commit a crime, or crimes, surely that
| would be public knowledge? Jan 6 lead to a rather intense
| series of prosecutions, so you'd think Parler would also
| face criminal charges. Unless you meant that it was used
| for criminal stuff, which is true. But that's a
| completely different standard, and one that AWS only
| applied to Parler (for obvious reasons). If you are
| saying that enabling criminal activities is a crime, then
| that would apply to other social media too (regardless of
| if they own their infra or no). Yet again, Facebook or
| YouTube has never been charged for anything like that.
|
| It's totally fine since AWS was within its rights to ban
| them, but it's weird to argue that it had nothing to do
| with the politics of the situation. Again, AWS does not
| care about coups outside the US, which are just as
| illegal.
| quantadev wrote:
| 1) If you run the numbers on how many man-hours and cost
| it takes to moderate a popular platform, what you end up
| with is a situation where small players (like Social
| Media Startups) can simply never afford to get into the
| game, because of the moderation burdeon.
|
| 2) The other problem regarding censorship is that it has
| to be done by humans, and humans are not objective and
| benevolent. All humans will apply their own political
| ideologies towards their censorship decisions. This is
| true because your sense of morality is involved. That's
| what happened at Old Twitter. They were all Silicon
| Valley leftist moderators, and so they deemed
| conservative speech "immoral" and kicked people off for
| things even as mundane as misgendering or mere
| "impoliteness" to some "protected class". It got WAY out
| of hand. Thank God Musk came along and freed everyone.
| jasonvorhe wrote:
| They quickly kicked off WikiLeaks under political pressure.
| aaronbrethorst wrote:
| AWS's stated reasons seem pretty sound to me:
| https://aws.amazon.com/message/65348/
| mardifoufs wrote:
| Okay, so what? That you agree with the political
| motivation behind the decision does not make the decision
| any less politically motivated, proving that AWS does in
| fact kick out consumers based on politics.
| aaronbrethorst wrote:
| just because you say it was politically motivated doesn't
| make it so.
| quantadev wrote:
| The fact that people will disagree about what's political
| and what isn't is precisely why censorship, in general,
| is illegal. Because when people have _power_ over others
| (including censorship power) it 's guaranteed they'll
| abuse it, even if simply by being convinced their own
| interpretation of reality is correct.
| mardifoufs wrote:
| They literally say it is! In the very article they state
| that the documents will end up hurting american
| interests. How is that not political?
| aaronbrethorst wrote:
| "They literally say it is!"
|
| They literally do not say it is. Citation needed. Quote
| what you're referring to.
| Moto7451 wrote:
| I don't know about the political stuff that poster is talking
| about but this is true for quite a few small stores that
| transitioned to mail order as Amazon really took off. If you
| couldn't handle complaints quickly enough or had too many
| flagged listings (stuff Amazon didn't want to allow on the
| platform for one reason or another) you could get kicked off
| without much recourse except trying to open a new account and
| hope you were not caught.
|
| You could see this as good for the consumer in cases where
| the abuse is bad but the store I was at in the 00s got kicked
| off for selling some Martial Arts equipment legal in 47
| States but on a naughty list we were unaware of. We listed it
| in a few colors and that was enough to get kicked out.
| kayodelycaon wrote:
| AWS and the Amazon store are completely different services.
| People get kicked off the store for stupid reasons every
| day.
| TwiztidK wrote:
| Not too long after Parler was kicked off AWS, I was on a call
| with hundreds of representatives from power utilities about a
| modeling tool we were transitioning to. It was mentioned that
| the tool was hosted on AWS and someone suggested they have a
| fallback plan in case they got kicked off like "other
| companies".
| quantadev wrote:
| Any company that's conservative-oriented in any way is
| coming under attack.
| mullingitover wrote:
| Elon Musk's companies are doing great under the
| democratic administration he publicly rails against. He's
| back on top of the richest list. Peter Thiel's portfolio
| seems to be doing great. PLTR is up 350% in the past five
| years. Facebook altered it's policies in a pro-
| conservative way by allowing falsehoods in political ads,
| and they're doing fine. Right-wing content has flourished
| there for years. Oracle and Larry Ellison are doing
| better than ever. Rupert Murdoch and News Corp are
| financially healthy and not in crisis.
|
| Now _twitter_ is doing badly, but that 's not because of
| their political slant, it's because they're operating the
| business with ideology first, business acumen second
| approach. That's not politics, that's plain old bad
| execution.
| quantadev wrote:
| None of that is evidence conservatives aren't under
| attack, it's evidence that we're winning the culture war.
|
| About Musk, once he took over Twitter, that mostly solved
| the Social Media "Free Speech" problem, because as long
| as the most popular gathering place in the world is free
| we're [mostly] all free. So you're right, there's lots of
| reasons for Conservative optimism.
| 0xdeadbeefbabe wrote:
| Then have the write political viewpoints instead. It seems
| popular.
| AStonesThrow wrote:
| Enjoy the ride https://youtu.be/2mdg9h4HjPw?si=f12DQK1pYt9fILSN
| thelittleone wrote:
| Worth mentioning Stripe among the destroyers. Sure a percentage
| of those who complain on r/stripe are breaking ToS, but it's
| evident that a substantial % are not. Stripe ToS allows them to
| profit from investing held funds. Once funds are held, nobody
| at Stripe responds. Has taken years for some to get their funds
| returned. I wonder how much funds they have on hold at any one
| time and how much they're making on it.
| tiltowait wrote:
| > Never hitch your wagon to somebody else's horse.
|
| Though this was a nice and welcome feature, it wasn't
| Transmit's only feature nor even its main one. I don't think
| this sentiment applies, exactly.
| cyberax wrote:
| > Entire companies have been destroyed because they rely on
| Amazon
|
| I assume the retail side, not the AWS?
| crabmusket wrote:
| That's not really relevant to the problem at hand, which is the
| ability to integrate with the large and widely used tech
| giants' platforms. Customers do use Google Drive
| (unfortunately) and thus the need to integrate.
| dewey wrote:
| Even the "audit" they require for increasing something simple as
| your YouTube API quota is already annoying and a massive waste of
| time, and this is not even close to the one they are requiring
| from Panic.
|
| The quota increase process is roughly:
|
| 1) Fill out the same form every year from scratch
|
| 2) Send it into the black hole that's Google "support"
|
| 3) A few weeks later receive a reply from someone asking a
| irrelevant question to our use case
|
| 4) Two weeks later another person replies asking for screenshots
| of the "implementation", so you send a screenshot of "func
| storeTrailerMetadata()"
|
| 5) Another two weeks later, another automated person replies that
| you got approved.
| kyleee wrote:
| The process is the punishment
| jll29 wrote:
| That's a diamond of a quote; are you a student of Kafka's?
| r2_pilot wrote:
| It's from the eponymous 1979 book by Malcolm Feeley and may
| predate it
| t0mas88 wrote:
| The Google "support" black hole even exists for their high
| budget ad customers. I've seen a case where things went into
| the Google support black hole for a company spending a few
| million _per month_ via DV360 / Google Ads. Nothing anyone
| could do about it, campaign blocked, work with "support" to fix
| it.
| 8338550bff96 wrote:
| Have the same experience with Microsoft support. The difference
| is the timeline is much shorter and when our issues don't get
| any traction our rep intervenes and escalates to engineers.
|
| I understand that level-1 support for these orgs are basically
| documentation librarians. Cool. We pay an incredible amount for
| premium support, but whatever. It's fine. What matters is that
| we have a rep that is engaged and cares about us being
| unblocked and isn't going to let us flounder for issues their
| support team is not going to solve. Have never seen this level
| of commitment from Google.
| happymellon wrote:
| And as much as I dislike Amazon and the juggernaut of AWS,
| this is how they win me over.
|
| It's rarely a complete black hole, and I have spoken to
| product engineers and owners for multiple lines.
| adamc wrote:
| Just another reason to not deal with Google. Eventually,
| gravity is going to catch up with them, and they will never
| recover, because their business culture is shit. Zero interest
| or focus on the customers.
| JamesBarney wrote:
| When we filled ours out for a CRM they wanted a video of the
| CRM. So we showed them a video (from dev with fake data). We
| appealed the process explaining that Mickey Mouse is a not a
| real person. They rejected that appeal. So after going back and
| forth for a week or two we uploaded a video with basically
| everything but the navmenu blurred out and they finally
| approved it.
|
| The entire process was awful.
| jonnybarnes wrote:
| Sounds similar to what iA Writer are going through:
| https://ia.net/topics/our-android-app-is-frozen-in-carbonite
| hoistbypetard wrote:
| Sure does. The article even says, on the first screenful of
| text:
|
| > You may have seen iA Writer's announcement that they are
| stopping development of their Android version for similar
| reasons. Our experience was different, but our circumstances
| are similar. While Google Drive may not be the most popular
| connection option in Transmit, we know many users rely on it,
| and we often use it here at Panic to send and receive files
| from the game developers we work with.
| addisonj wrote:
| Man... this stuff sucks. If I were panic, I would do the same...
| but I also wouldn't want to be the one at google to navigate
| this.
|
| With Google Drive now being at the center of so many companies
| for storing business data, I am certain it is a juicy target, and
| third party access with full access to read and write to that big
| hard drive full of proprietary data is one that I would
| understand want to lock down... but not like this?
|
| I don't think the market is anywhere near to shifting where
| business are going to dump google drive en masse, but as the
| ecosystem shrinks because so few companies can afford the cost to
| play in google's backyard, it does make me wonder how many
| companies are going to absolutely resent google, comparable to
| the way they resented oracle.
| dewey wrote:
| > With Google Drive now being at the center of so many
| companies for storing business data, I am certain it is a juicy
| target, and third party access with full access to read and
| write to that big hard drive full of proprietary data is one
| that I would understand want to lock down... but not like this?
|
| Could be a Google Workspace policy where you can just set that
| employees can't access the corporate Drive account through
| third party apps, while it continues to work for personal
| accounts.
| sadeshmukh wrote:
| That's already how it works for workspace, in my experience.
| resters wrote:
| I think if there is one "value" that stands out from Google's
| culture (as it is reflected onto its customers) it is tremendous
| lack of empathy.
|
| - Google maps appears to be designed by non-drivers. Much of hte
| time it is impossible to find out the name of cross streets near
| one's location by zooming in. Pins get added accidentally and are
| hard to categorize and find, there is no notion of neighborhoods,
| and the voice directions say the same redundant thing over and
| over (and it is often misleading). No intelligent person could
| design the product that way if they actually used it.
|
| - Google's parental control features in android lack granularity,
| and the bias is toward kids watching garbage content as there is
| no way to share curated lists or for creators to become curators
| of high quality youtube content, etc. For anyone with young kids
| this is a must have feature and Google has ignored this kind of
| thing for years. Also if your kid's phone dies there is no way to
| remove it from the FamilyLink app! Someone really tested it
| thoroughly!
|
| - Google Home / Nest. Exceptionally buggy devices. Basic
| functionality like shared speakers (all Nest over Nest wifi) are
| buggy and slow. "Hey Google" takes an extra few seconds to
| respond compared to Alexa and none of it is compatible with
| Google Advanced Security (Google's own feature!). Nobody building
| this tech is using it at home or else they would be furious about
| these big oversights.
|
| - Gemini in Gmail is a total dud. It can't tell me what upcoming
| events are listed in my email inbox. It biases toward searching
| the inbox, and GMail inbox search has been highly broken for
| years. I participated in a user study at Google a while back and
| the PM admitted it was broken and would not be fixed.
|
| Google is now a cash cow advertising business and thanks to Eric
| Schmidt (a brilliant but morally lacking individual) it has
| become a major defense contractor.
|
| Thanks to OpenAI and others, Google search is already dead. The
| market hasn't caught up with this yet. I sincerely regret making
| gmail my main email, as the company seems to have completely lost
| its way. In spite of a lot of brilliance the lack of empathy with
| users and the need to deliver products that solve problems
| continues to persist.
| artooro wrote:
| It's almost like the incentives at Google are misaligned, who
| knew.
| FredPret wrote:
| Probably a big part of the problem is this:
|
| - good engineers and managers earn well, especially in the US
|
| - they want to own premium products
|
| - where Google and Apple compete, Apple has gone for the
| premium end and Google has gone for the mass-market end
|
| - speculation: thus Google employees aren't living in their own
| ecosystem
| hn_throwaway_99 wrote:
| I wrote this response to another front page HN article on a
| similar topic: https://news.ycombinator.com/item?id=41664753
|
| I know everyone loves to dunk on Google, and I definitely agree
| their communication and customer service to app developers is
| shite, but this change to permissions scope is a _good_ thing. If
| you have full, unfettered access to large number of people 's
| Google Drive data, you're a huge target for malevolent actors. If
| you can't afford the new audit requirements (which I've done and
| are quite easy - if anything I'm sympathetic to the argument that
| they're more "box ticking" than valuable security audits), then
| I'd really question your ability to appropriately safeguard so
| much critically private data. For reference, these audits are
| about 1/20th as complicated as a full SOC 2 audit, for example.
|
| FWIW I'm not previously familiar with this Transmit app, but
| based on their use cases (e.g. backup) it sounds like the limited
| "drive.file" scope wouldn't work for them. Still, if you want
| complete, unfettered access to my entire Drive account, I don't
| think it's a bad thing that Google is enforcing some minimal
| security standards.
| dewey wrote:
| > which I've done and are quite easy - if anything
|
| Did you read the part where it took multiple months to continue
| because of slow replies and non-working tooling from Google's
| side?
|
| It's also pretty expensive for a relatively niche app, it might
| be fine if you are Dropbox or a big VC funded Mail app but for
| smaller companies it's not "easy".
|
| > I don't think it's a bad thing that Google is enforcing some
| minimal security standards.
|
| How would Google find out if the version that they are
| "scanning" is the same one that gets uploaded to the app store
| on every small app update? Zero, so there's no security
| benefit.
| rammer wrote:
| We've done it too, first time it was hard but it's required
| and recommended.
|
| It raises the bar for low effort hackers and improves
| security.
|
| I disagree with the op. Sorry mate go through the casa audit
| and get the access .
| dewey wrote:
| How much was the external audit they are now requiring? As
| it's most likely not based on company revenue, it's obvious
| that it's less of an issue for bigger companies who can
| afford to pay an auditor for their stamp of approval and
| task a person with talking to Google over a few months
| every year.
| StewardMcOy wrote:
| If you read the article, they went through the casa audit,
| found that it did not improve the security of their app,
| and came to the conclusion it wasn't worth the time and now
| money to do it a second time.
| masklinn wrote:
| > and came to the conclusion it wasn't worth the time and
| now money to do it a second time.
|
| Especially because they'd now have to go through an other
| third-party to perform the audit process (not just the
| security lab, the entire thing), according to the total
| commander folks[1] that's 75k/year/program.
|
| [1] https://www.ghisler.com/googledrivehelp.htm
| joshuamorton wrote:
| They say it's "up to 75,000" per program, looking at the
| actual assessor websites, most require quotes, but tier 2
| assessments start at $500 and tier 3 start at $5-6000,
| and you're in the land of asking for quotes from
| companies, so "hey we compile the same code into 32 and
| 64 bit versions" probably does not actually require a 2x
| cost increase.
| JamesBarney wrote:
| > It raises the bar for low effort hackers and improves
| security.
|
| There are meaningful ways you can improve the security of
| your app. There are ways to make sure your app passes CASA.
| I found very little if any overlap between those two when
| going through the process.
| SoftTalker wrote:
| > If you can't afford the new audit requirements ... then I'd
| really question your ability to appropriately safeguard so much
| critically private data.
|
| Because large companies that _can_ afford it have proven to be
| exemplars at safeguarding private data?
| ChadNauseam wrote:
| If you can't afford to buy starbucks every day, I'd really
| question your ability to buy a private jet. However, that
| doesn't mean that being able to afford to buy starbucks every
| day is sufficient to being able to afford to buy a private
| jet.
| IncreasePosts wrote:
| Like google? Yes, I think so. Probably one of the best track
| records among big tech, so maybe their security practices
| should carry more weight?
| SoftTalker wrote:
| Lets just say this: the US Federal Government, several
| large health care and health insurance organizations,
| several large financial institutions, a major university,
| and several others have all had to send me "We take
| security seriously" letters. They could all afford to
| undergo (and had passed) various security audits. But in
| the real world they failed.
| kasey_junk wrote:
| They aren't demanding you meet their practices. They are
| demanding you meet whatever the approved auditor thinks the
| practices are.
|
| Certification schemes like that don't have a good track
| record.
| ianlevesque wrote:
| I think it's relevant that Transmit is a _local native app_.
| There 's no hosted app exposed to the internet to hack here.
| Google made one lengthy process that doesn't fit this use case.
| StarterPro wrote:
| If they are connecting to Google Drive, is that not connected
| to the internet?
| acdha wrote:
| There's no way for someone on the internet to reach into
| your Transmit app and make it do something.
| deely3 wrote:
| How can you be so sure? Even after reading all the source
| code, there still can be bugs, attacks, demanding letters
| from different agencies, misconfigurations,
| vulnerabilities in code and in libraries, etc. etc. etc.
| MobiusHorizons wrote:
| exposed to the internet and connected to the internet are
| different. Exposed implies that traffic originating from
| the internet reaches the app. You still do have to worry
| about things like parsing malicious files, but the class of
| relevant attacks is much smaller and generally easier to
| defend against.
| dreadlordbone wrote:
| Everything's connected to the internet, what the OP was
| talking about was attack vectors and since Transmit is a
| local app it really isn't one unless your whole machine is
| compromised, which in that case you're screwed.
| mikeocool wrote:
| Panic runs a cloud-hosted sync service that syncs your
| credentials and connection info between different instances
| of Transmit you may have.
|
| No idea if that's what google is targeting here, but that is
| a cloud service, that presumably gets a copy of people's
| Google Drive OAuth keys if they use Google Drive with
| Transmit and the sync service.
| AlexandrB wrote:
| Google's not my dad. It's not their responsibility (or their
| place) to audit every piece of software I use to interact with
| their services. I'm tired of being treated like a child who
| needs every sharp corner ground down for my safety.
|
| Edit: Next logical step is auditing every IMAP client before
| you can connect it to Gmail. Ridiculous.
| hn_throwaway_99 wrote:
| You say that, but I've been in plenty of situations where
| people say they're comfortable taking on the risk themselves,
| but then when shit blows up, they come and blame the biggest
| actor (with the biggest pockets) they can. I mean, just check
| out some sob stories that made the front pages of NYT and
| Washington Post when people got scammed out of a lot of
| crypto money - I've read a bunch of those and always the
| first thing I think is "lord, there is no way these people
| should have had a dime in crypto in the first place", but
| then when they lose their money they're the first to blame
| everyone else but themselves.
| jasonjayr wrote:
| > Edit: Next logical step is auditing every IMAP client
| before you can connect it to Gmail. Ridiculous.
|
| Actually .... They're not that far away from that, if they're
| not already implementing it. Office365, and Google, if they
| haven't already have disabled basic Auth for IMAP/SMTP, and
| only supporting oauth2. Which requires a AppId/ClientSecret
| handed out out by registering your app with Microsoft/Google.
|
| It seems that you can still steal thunderbirds
| appid/clientsecret from their open source code, for now (
| https://simondobson.org/2024/02/03/getting-email/ ) , but
| ......
| jsnell wrote:
| They're the ones who will take the blame when a third-party
| app gets compromised and is used to siphon off people's data.
|
| This isn't a theoretical concern. It's pretty much exactly
| what happened with Cambridge Analytica. Facebook didn't
| really do anything wrong; they provided an API for data
| access, people explicitly authorized an app with broad access
| their data, and it turned out that the app was basically a
| trojan horse for data collection. And politicians, the media,
| the general public, and even the technologically savvier
| people who should know better all blamed Facebook for this.
| acdha wrote:
| That seems like a poor argument for an app which doesn't mirror
| data or accept commands remotely (if I can control your app on
| your device, I can control the official Google Drive app) but
| there is a general point about full drive access. However, I
| think the answer there is for Google to improve the security
| model for Drive - for example, allow the user to select a non-
| root folder which Transmit or iA Writer can use and have some
| UI indicating that it's shared. Instead, this process serves as
| a competitive moat and isn't very effective - all of the large
| companies that we've seen getting breached are going to pay
| KPMG to spend time on performative box checking, and your data
| will still be exfiltrated but they'll at least say they're very
| sorry.
| joshuamorton wrote:
| > However, I think the answer there is for Google to improve
| the security model for Drive - for example, allow the user to
| select a non-root folder which Transmit or iA Writer can use
| and have some UI indicating that it's shared.
|
| The oauth scope https://www.googleapis.com/auth/drive.file
| [0]basically allows this. If memory serves the app can use
| this scope, create a folder, and have access to things within
| that folder, it can _certainly_ have access to all files
| created via the app (which should in general be true for iA
| and probably also Transmit). Offhand, I don 't actually see
| what iA or Transmit are doing that needs the broader scope,
| though TotalCommander, trying to be a replacement file
| manager would still need the biggest scopes.
|
| [0]: See https://developers.google.com/drive/api/guides/api-
| specific-..., the drive.file scope is non-sensitive so it
| needs a much more cursory approval process
| cpr wrote:
| The problem is that if you want to provide a full-featured file
| picker, and not rely on Google's limited browser-based version,
| your app _will_ require the full "drive" scope. (We do, and we
| do, for our InDesign-to-Google Docs connector plugin.)
|
| If you use some of the lower-tier CASA labs, it's not that
| expensive (4K/year), but it is definitely a nuisance for a pure
| desktop plugin like ours that has absolutely no cloud component
| (other than connecting to GDocs).
| tlogan wrote:
| The problem with Google's security certifications, especially
| when compared to competitors like Salesforce and Microsoft, is
| how disorganized the process is. While these companies all
| require security reviews, Google's approach seems particularly
| disorganized: if something goes wrong, there's almost no one to
| contact for help.
|
| The certifications themselves are valuable, but Google's main
| issue lies in its poor communication and support. Third-party
| developers, even those paying $60k annually for re-
| certification, struggle to get timely responses or any at all.
|
| What's ironic is that the very partners handling these
| certifications often avoid using Google themselves because it's
| "unreliable if something unusual happens."
|
| And that's the crux of the issue--when things do go wrong or
| something unusual happens, it's incredibly difficult to
| resolve.
| hn_throwaway_99 wrote:
| 100% agree. Again, my position is that Google rightfully
| deserves all the criticism they get around communication and
| customer support. I just think it's a mistake to confuse that
| criticism with Google's change to enforce better security for
| highly sensitive permission scopes.
| rakoo wrote:
| This assumes that Google can be trusted with my data and other
| apps can't, and that I'm ok with Google assessing the safety of
| other apps. It's something that is automatic, and right now it
| needs to be explained.
|
| Yes, assessing the trustability of apps is important. No, I
| don't trust Google to do it properly. Maybe I didn't choose
| Google because I find them the best, but because I have to
| (because Google, surprise surprise, forces itself down the
| throat of everyone, so the people I want to collaborate with
| use it).
|
| Did my apps certify Google as a trustable provider ?
| xp84 wrote:
| > if you want complete, unfettered access to my entire Drive
| account,
|
| Panic never got complete or unfettered (or any) access to my
| Google Drive. I got access. I used their application, which can
| easily be supervised with Little Snitch or other software to
| prove that is not sending a copy of my credentials or my files
| to Panic. If it were OSS it would be even more categorically
| provable that it's not giving access to anyone but the end
| user, but these draconian requirements would still apply.
|
| The point is, Google is telling THEIR users, not Panic, that
| they aren't qualified to use their own judgment to select a
| client. It woudl be just as bad as Microsoft saying that if you
| want to check your email or access SharePoint you can't use
| anything but Edge (insert jokes about how they basically did do
| that 20 years ago with MSIE, but let's be serious, that sort of
| thing would be rightfully mocked today).
|
| > I don't think it's a bad thing that Google is enforcing some
| minimal security standards.
|
| These certification programs are 100% a moneymaking program to
| engage in a lot of box-checking, which I'd wager has zero
| correlation with a positive outcome for anyone other than the
| shareholders of the "labs" that do these audits.
| amiantos wrote:
| They're my files in Google Drive. If I've made the choice to
| buy a product from Panic, and I trust Panic as a company
| personally, it should be my right to decide to give Panic
| access to my files in Google Drive. It is not up to Google to
| shuffle money into the pockets of their security partners under
| the guise of doing it for my safety. My safety and the safety
| of my files is my responsibility, not Google's, and it's oddly
| convenient from a monetary perspective (both for Google itself
| and their partners) for Google to suddenly care a lot more
| about this than they used to, so it does not seem particularly
| altruistic in any way.
| zoogeny wrote:
| This is both a curse and an opportunity. Compliance is one of
| those things that is costly and time-consuming but can lead to
| entrenchment in certain industries. I worked for a client eons
| ago that went through the enormous hassle of HIPPA compliance and
| now it is a bit of a moat for them. Having SOC 2 compliance
| almost feels like table stakes for b2b SaaS these days.
|
| It does disgust me that Google is going this route. I wonder how
| much influence is coming from governmental agencies. It is
| possible they are being forced in some way based on some kind of
| KYC-like requirements. Or perhaps the volume of bad actors is
| even higher than I imagine and Google is being forced to do this
| just to keep the lights on for the API at all. But the fact of
| the matter is that they are offloading the cost of whatever
| compliance they need onto their platform users, the people who
| are spending time and effort to improve the Google ecosystem. It
| feels petty and short-sighted but I suppose that Google has
| shifted into an extraction phase on behalf of their investors.
| We'll probably see a lot more of this kind of nickel and diming
| from them.
| imhoguy wrote:
| As per mentioned Ghisler page: "The security assessment would
| have to be performed by a specialized company, and costs up to
| $75'000 per year and program (so $150'000 for 32bit+64-bit). This
| is not sustainable even with a subscription." [0]
|
| This is death kiss to indie developement.
|
| But paradoxically it is great. Killing interoperability is nail
| to coffin. This brings more and more focus to alternative
| solutions out of Google market, especially in independent
| software area. Like yt-dlp, FreeTube, F-Droid - actually all my
| family uses them and I recommend it to everyone. I can't wait to
| get some alternative GDrive client lib which simulates browser to
| throw data over that garden wall, and I don't care if it nags
| with captcha. The more hassle the more people are going to hate
| that ivory tower.
|
| [0] https://www.ghisler.com/googledrivehelp.htm
| LegitShady wrote:
| Its the kiss of death for google drive support, and eventually
| when many apps don't support using google drive people who are
| on it will switch to other cloud storage providers.
| adamc wrote:
| Yep. I use drive but keep waiting for some clear alternative to
| arrive. My biggest use is just keeping D&D campaign-related
| materials there.
|
| Google is a drag.
| ffsm8 wrote:
| WebDAV is pretty easy to configure on all operating systems
| I'm aware of. You wouldn't even need a third party client.
|
| You can do that self hosted or via fastmail or similar
| dghlsakjg wrote:
| I'm surprised that there isn't more support for just using
| object storage via a GUI.
|
| I would love for as user friendly way to just use Backblaze or
| some other S3 compatible provider as my drive.
|
| Edit: I guess that's sort of exactly what Transmit does, but I
| want something that is simple enough that anyone can use it.
| xp84 wrote:
| Transmit is as "easy" as one could imagine software of that
| type being.
|
| You do have to know what a file is and what a directory is,
| mind you, which is something I can non-ironically say does
| rule out half of GenZ or anyone else raised in the postmodern
| era, where 'content' just lives 'in' an 'app' and can be
| searched for (and if you're lucky, found). But I don't think
| people of that minimum level of sophistication are in the
| market for products like Backblaze or S3 - they're just out
| there paying for more iCloud storage (or new laptops) because
| Apple said they are out of space.
| closeparen wrote:
| This is what everyone said they wanted after Cambridge
| Analytica! For platforms to exercise due diligence before
| allowing users to delegate their access to third parties.
| sam_lowry_ wrote:
| Before Cambridge Analytica I could get language stats for
| Belgium down to municipalities.
|
| These are illegal otherwise, but very useful for journalists
| reporting on political matters.
| csinode wrote:
| Wasn't a significant part of the Cambridge Analytica scandal
| that Facebook gave them access to user data _without_ the
| user's consent?
| closeparen wrote:
| In the same sense that if someone uses a third-party Google
| Drive client, the input of other collaborators on shared
| documents is exposed without their consent. (It was data
| about friends of users who authorized the application in
| Facebook's case).
| xp84 wrote:
| This is a fair thing to point out! I as a user feel I'm
| being much more respected when I'm allowed to use some
| independent client software of my choices, than being told
| that "for my own good" I must use the absolute abomination
| that is most of the software provided by Big Tech firms
| themselves. Like, thanks for your opinion, Google, but 90%
| of these "security audits" are about box checking and ass-
| covering. It's the technology equivalent of all of the
| silliest parts of the TSA process, meaning that it
| contributes nothing to security while employing a lot of
| people to do valueless work at the expense of those doing
| useful work.
| michaelt wrote:
| IIRC the way Facebook's "platform" stuff worked was that
| when one user authorized an application, it got to see all
| their friends' data. Farmville had to be able to access
| your friends list to see who you could send a sheep to, you
| see.
|
| Nowerdays this seems like an incredibly dumb idea, sure,
| and personally I disabled it entirely the moment it came
| out. But we can cut them some slack, because back in ~2006
| facebook was a new thing, for young people - and nobody was
| sure where this new "social media" thing was going to go.
|
| On top of that I believe Cambridge Analytica did the usual
| "personality test" trickery where you fill out a survey,
| then it won't show your result until you hand over your
| details and accept some legal mumbo-jumbo.
|
| So your Great Uncle wanted to know what harry potter
| character he was, clicked a consent button, and Cambridge
| Analytica got _your_ PII.
| jsnell wrote:
| Not as far as I know.
|
| Facebook provided a general API for apps, not some kind of
| data feed. The API required user consent from the app user,
| though almost certainly not informed consent.
|
| The API also provided too much data, in particular on the
| user's social graph, which is why a single user giving
| uninformed consent would lead to data being extracted for
| multiple others. But even if the app had informed users
| about intending to steal the social graph, most users would
| still have consented. They would not have read the text, or
| not cared. Just click ok until the computer lets you do
| what you wanted.
|
| So we really do know that the only way to safeguard the
| data is to design safe scoped APIs for the typical use
| cases, and keep dangerous unscoped APIs around only as an
| escape hatch with much stricter security and safety
| requirements.
| ensignavenger wrote:
| Facebook users shared data with their friends. Those
| friends gave access to the data to CA. So like if you share
| a document with me and I then give CA access to my GDrive.
| kmeisthax wrote:
| Yes, the situation superficially resembles Cambridge
| Analytica, but there's a few differences here. People aren't
| building detailed dossiers of themselves on Google Drive like
| they were on Facebook, and Transmit is a client app that is
| honest, open and up-front about how it uses your data - to
| move it in and out of Google Drive.
|
| To be clear, the problem with Cambridge Analytica was not
| Cambridge Analytica. The problem was - _and still is_ -
| Facebook 's habit of getting everyone to overshare and self-
| surveil. There needs to be _some_ control and vetting over
| the apps that have access to your data but not so much that
| actually honest developers are quitting the game.
|
| My guess is that Google just doesn't want third-party clients
| (you can't shove "AI" or "Investor Advertising" into it), so
| they're slowly turning up the heat by abusing the data scare.
| jsnell wrote:
| A lot of people will have substantially more sensitive data
| in their chosen cloud storage system (whether Drive,
| DropBox, OneDrive, iCloud) than on Facebook or any other
| social network. For example documents like ID scans,
| financial records, and medical records are going to be
| commonplace.
| mikeocool wrote:
| It seems like if a nefarious actor built a seemingly
| helpful app that asked for Google Drive access and
| convinced some people to use it, they could do a lot worse
| than Cambridge Analytica.
|
| My Facebook account is largely limited to information
| that's already largely public. I imagine there are Google
| Drive accounts out there with tax returns, health records,
| background checks, etc in them.
|
| Yes, this sucks that it puts road blocks for well meaning
| developers, but for the general public, it's pretty hard to
| tell who is a well meaning developer and who isn't. Also,
| inexperienced or careless well meaning developers can still
| accidentally put your data in a public internet facing DB.
| hn_throwaway_99 wrote:
| There is some massive confusion around the types and costs of
| audits required for full Drive permissions scope (and I
| definitely blame Google for the lack of communication/direction
| on this). I had to get this audit for an app and it was nowhere
| near 75k - I believe it was well under 10k. Another commenter
| said they had it done for $4k:
| https://news.ycombinator.com/item?id=41781325
| joemi wrote:
| Raising the barrier for access like Google has done feels very
| anti-small company. Sure, it's more secure, but I have to wonder
| if they could improve security without excluding smaller
| companies like this. Seeing as it's Google, they probably could
| and specifically choose not to.
| LegitShady wrote:
| I think its totally reasonable. If google wants to make drive
| functionality expensive and annoying for devs to include, then
| devs are going to drop support.
|
| I appreciate that this seems to be some additional security for
| drive access which is ostensibly a good thing but it doesn't seem
| like the review is very useful or catches any bad actors or
| errors.
| tracerbulletx wrote:
| This policy is to create a moat for AI offerings.
| tiltowait wrote:
| That's a real shame. I use the feature a lot, but I can't blame
| Panic for it.
| fweimer wrote:
| Any idea what this means for Google Drive support in rclone and
| similar tools?
| hyperknot wrote:
| Yes, wanted to ask the same, what will happen to rclone? Is it
| unaffected?
| whalesalad wrote:
| I don't use Google Drive and probably never will but FWIW
| Transmit is still one of the best all-around data transfer apps
| that exist. I always miss it when I am on my Linux workstation.
| Being able to quickly connect to an S3 bucket and dump files and
| edit their permissions is a huge plus. Not to mention basic SFTP
| access like Cyberduck or Filezilla would do. I have never
| regretted my purchase of Transmit, it's great!
| xp84 wrote:
| Same. I used to pirate it back when Serial Box was a thing and
| I was a broke college kid, and I've been licensed since growing
| up. An essential tool. I would say it should be built into the
| OS, but that's a joke since modern-day Microsoft and Apple
| could never provide such a useful tool without sanding
| everything down to a smooth minimalist surface with no
| discoverability.
| xyst wrote:
| > we would now have to pay one of Google's business partners to
| conduct the review
|
| This is straight out of the IBM playbook. Did Google pick up some
| IBM flunkies recently?
|
| What a terrible business practice. This was a company that once
| proudly displayed the motto, "don't be evil" and even proved
| itself in various situations. Those days are long gone as the
| company is filled with more brain dead, unimaginative MBA
| flunkies.
| kulor wrote:
| Having recently had an infuriating experience with an Android app
| submission, it seems there's a horde of people in a similar jam,
| running the senseless bureaucratic review process gauntlet:
| https://www.reddit.com/r/androiddev/comments/1ck1wyp/did_goo...
| cageface wrote:
| I just dropped support for Android on my app. From now on it
| will be iOS only. That's where all the users willing to pay for
| apps seem to be anyway any dealing with Google bureaucracy just
| isn't worth it.
| advisedwang wrote:
| I'm not familiar with Panic, but the blog post really should
| explain why the require "full access to users' files on Drive"
| and moving to a reduced scope isn't viable.
| tkone wrote:
| Transmit is a file transfer client (like FTP). It needs access
| to your entire drive because you might want to copy something
| to/from anywhere in your drive.
| LeoPanthera wrote:
| Transmit is a file transfer app. It includes a file browser for
| your local and remote filesystems. Full access is literally the
| entire point of it.
|
| https://www.panic.com/transmit/
| Cthulhu_ wrote:
| Before anyone else does this... make sure people actually use it
| enough to invest the time and money into it.
|
| I mean for Apple / Android / Windows? app store reviews you often
| don't get much choice (not until EU laws are fully complied with
| anyway), as I've found out the hard way over the years developing
| apps.
___________________________________________________________________
(page generated 2024-10-08 23:01 UTC)