I mean come on...someone would have noticed the drives filling up, wondered why, etc.
By the way, the accidentally collected data fit in only four hard drives (according to Ireland update here). Hardly anything, by Google's standards.
1)You don't "accidentally" retain sniffed traffic logs of that size...
Yes, a person can accidentally store data that he should have discarded. Google isn't a magical omniscient being; it's a collection of teams with their own disk quotas.
2)There's no political grandstanding here. This is a major privacy invasion. The "grandstanding" has been international, because people are PISSED...
Not sure what your point is. Clearly, the purpose of the data collection was to associate router MAC addresses with physical location so that Chrome and Android can locate themselves more accurately (after the user grants permission). This is something that many companies such as Skyhook Wireless already do. Nobody that I have seen has intelligibly argued that the a map of MAC addresses is a privacy violation, although I suppose that conceivably a stalker can capture your router's MAC address and then query the database whenever you move.
As for emails, passwords and URLs, what motive would Google have for intentionally collecting a few unencrypted packets in passing? It was just an honest mistake, and the sooner governments allow them to delete the payloads, the sooner they will do so.
3)It's slightly creepy when you go around wardriving. When an international corporation which has a always demonstrated an intense interest in profiling its users and mining its users data for advertising purposes, does it, across the planet? That's just slightly different.
Yes, data mining can be scary, but there's no point in turning a company's attempt to come clean into a witch hunt. Google is honest about what they use your data for--to automatically determine which ads to show you. They don't sell your identity to anyone else. They don't limit your choices based on your identity (although search results are personalized, which you can disable). When it comes to specific privacy concerns and security risks, I'd say that Google is pretty benign.
Disclaimer: I used to work at Google.
I would not want to lend a netbook running Windows, Ubuntu, or Android to my hacker friend because he might install a keylogger or some kind of proxy, just for fun. Or to my grandmother, who might install malware by accident.
With a regular laptop, there's a mental cost in remembering to delete all my personal data before I stop using it. ChromeOS guarantees that your user state can't be accessed by the next person who uses the device.
There is value to having a computing device that you can use without worrying about its health and your data.
What do you expect when businesses stopped being loyal to their employees?
Your description is the exact opposite of the way Google treats their fulltime employees. Their 401(k) match is at least 50%, they pamper employees with food and other benefits, and the few layoffs have been handled with delicacy. People are leaving despite a company that does its best to do the right thing to their employees.
The major design decision of ChromeOS was to make it secure even when used casually. It's unfortunately hidden in the press releases and security documents of the ChromeOS project page. The idea is that you can lend or borrow a netbook and not have to worry about keyloggers getting installed or your friend later viewing your private data. To achieve this goal, Google requires a TPM chip installed on the netbook so that a user can easily tell that the OS is unmodified, and the OS is stateless (modulo careful caching). This design is what makes ChromeOS so difficult to reconcile with Android, which is a single-user OS for very personal devices.
I hope that ChromeOS becomes successful because I do care about securely sharing computers, but if not enough other people care about this use case (or even understand the security concerns), then I can see how it may fail in the market.
Google actually offers two-factor authentication with your cell phone whenever you're at a new browser. It's not perfect yet: you can't revoke access for a browser once it's been verified, and there are unprotected APIs such as GData and IMAP. But at least it's a step in the right direction.
The only possible interpretation of any research whatever in the `social sciences' is: some do, some don't. -- Ernest Rutherford