Google Authenticator is open-source and is based on an open protocol, so if you have some other computing device that you trust to be worm-free, you can save the seed on the device and get subsequent keys using a shell script or whatnot. Or if you have some recommendation for another platform it should be ported to, perhaps you can lobby for or support an additional port.
They did offer a defense: it's the customer data.
I don't think there would be any objection if Microsoft collected queries that IE users make. It probably wouldn't be a problem to add the URLs that people visit to Bing's crawler queue. But explicitly associating the queries on Google with URLs clicked is simply collecting Google's results, which Google has already forbidden using its robots.txt file. The millisecond that the user clicks the Google result link, the (query, URL) pair is not "customer data" in the sense that it can be ethically copied into Bing's database.
Google News, Google Books, even Street View have opt-out mechanisms. And for Google Books, where the copyright owner hasn't stepped forward, the book is "available" only as a title and a few snippets from the query. There is content in the world, and Google is indexing it.
Contrast this to what Bing did. Google's robots.txt has explicitly opted out of other search engines crawling the search results, which is a database of (query, list of url). So Bing went around this by copying IE users' (query, url) pairs anyway. It would have been fine to just add the URLs that people visit to Bing's webpages to crawl, but associating the query with the Google result URL certainly is not OK.
To be fair, Google has done that (in a much bigger way) for IE.
Except that there's a critical difference between the two plugins. Chrome Frame was an attempt to bring standards-compliant CSS and fast Javascript to websites that still have IE6 users. Even if it became ubiquitous, it would only relieve Web developers from having to support IE's broken rendering engine. On the other hand, Microsoft's plugin exists to shift the de-facto meaning of the <video> element in the HTML5 draft to support only the H.264 format instead of WebM. Microsoft's plugin is insidious if you care about the freedom to implement Web browsers and tools.
The underlying question is, should a company or open-source project be able to implement a Web browser from scratch without having to purchase patent licenses? The academics at the W3C think the answer is emphatically yes. This goes back to the beginning, when Tim Berners-Lee and CERN decided not to demand royalties for HTTP and HTML. But commercial OS vendors such as Microsoft and Apple would prefer <video>s in H.264, since forcing H.264 would give their OSes an advantage over open-source OSes and other underdogs that can't afford the licenses.
I mean come on...someone would have noticed the drives filling up, wondered why, etc.
By the way, the accidentally collected data fit in only four hard drives (according to Ireland update here). Hardly anything, by Google's standards.
1)You don't "accidentally" retain sniffed traffic logs of that size...
Yes, a person can accidentally store data that he should have discarded. Google isn't a magical omniscient being; it's a collection of teams with their own disk quotas.
2)There's no political grandstanding here. This is a major privacy invasion. The "grandstanding" has been international, because people are PISSED...
Not sure what your point is. Clearly, the purpose of the data collection was to associate router MAC addresses with physical location so that Chrome and Android can locate themselves more accurately (after the user grants permission). This is something that many companies such as Skyhook Wireless already do. Nobody that I have seen has intelligibly argued that the a map of MAC addresses is a privacy violation, although I suppose that conceivably a stalker can capture your router's MAC address and then query the database whenever you move.
As for emails, passwords and URLs, what motive would Google have for intentionally collecting a few unencrypted packets in passing? It was just an honest mistake, and the sooner governments allow them to delete the payloads, the sooner they will do so.
3)It's slightly creepy when you go around wardriving. When an international corporation which has a always demonstrated an intense interest in profiling its users and mining its users data for advertising purposes, does it, across the planet? That's just slightly different.
Yes, data mining can be scary, but there's no point in turning a company's attempt to come clean into a witch hunt. Google is honest about what they use your data for--to automatically determine which ads to show you. They don't sell your identity to anyone else. They don't limit your choices based on your identity (although search results are personalized, which you can disable). When it comes to specific privacy concerns and security risks, I'd say that Google is pretty benign.
Disclaimer: I used to work at Google.
I would not want to lend a netbook running Windows, Ubuntu, or Android to my hacker friend because he might install a keylogger or some kind of proxy, just for fun. Or to my grandmother, who might install malware by accident.
With a regular laptop, there's a mental cost in remembering to delete all my personal data before I stop using it. ChromeOS guarantees that your user state can't be accessed by the next person who uses the device.
There is value to having a computing device that you can use without worrying about its health and your data.
Only through hard work and perseverance can one truly suffer.