How long did it take Google to finally get around using https and secure logins? A long fucking time
You don't know what you're talking about.
Google provided the option for SSL on all Google services back in 2008. At that point in time it was considered infeasible for large web services to do always-on SSL, because it would increase the load too much; SSL was only used for login pages, pages where financial information was entered, etc. In 2010 Google turned it on by default for all users for Gmail and other key services, long before any other major webmail providers did. In 2011 they turned it on by default for everything, including search. Google did this long before any of the other big web companies... heck Yahoo and Bing still don't use SSL for search.
Google was also the first major web service to provide two-factor authentication, in 2010. Yahoo didn't do it until 2012, and Microsoft didn't offer it for Outlook until little more than six months ago. AFAIK, Google is still the only major webmail provider to offer and use secure SMTP when communicating with other mail servers. Most SMTP traffic to and from Google is unencrypted, but only because the other end won't do encryption.
Google also designed SPDY without any unencrypted mode at all. The W3C committee standardizing SPDY as HTTP/2.0 is struggling a little bit with that, though it appears they're going to accept it as encrypted-only. Google's next-gen web protocol, QUIC, not only doesn't have a unencrypted mode, but encryption is baked so deeply into the protocol that when it gets to standardization there will be no question about removing it... you'd have to completely redesign the protocol.
Google has been serious about encrypting everything for a long time and has consistently led the industry.
Bill Gates is on the ground giving billions to eradicate disease -- something that actually improves peoples' lives in a meaningful way
The work of the Gates foundation is fantastic, I completely agree. However, I disagree that providing universal access to useful information, which is Google's stated mission, doesn't "improve peoples' lives in a meaningful way". In fact, I'd say that universal Internet access is one of the most powerful tools we can offer the developing world, enabling them access to the information needed to lift themselves out of poverty and corruption. Of course, Internet access doesn't help when you're dying of malaria, so eradicating, or at least suppressing, disease is critical.
None of the major IT companies gave a rats ass about user privacy until Snowden leaked his information.
You can debate about whether or not they would have without it (I argue they would), but Google has had to care seriously about user privacy for years now, because privacy assurance, including annual privacy audits performed by a third-party auditor, are required by the FTC consent decree. If there's any hint that some design or implementation detail threatens to expose user data, or even put it where it shouldn't be, the privacy team comes down with both feet until it's fixed. I really think that would be the case even without the consent decree, though because of it the privacy team is supervised by legal which undoubtedly gives it even more clout than it would have otherwise.
I realize that /. groupthink paints Google as an enemy of privacy, because the bulk of its business model is based on targeted advertising which means that Google's users give Google permission to learn about them and target ads to them (unless they opt out), but I doubt there are any companies of substantial size that care more or work harder to protect user privacy, precisely because Google's business model places it in such a precarious position. If there were ever any leaks of user data from Google, or if there were any reports of Google employees misusing user data, it would severely damage the company.
(Disclaimer: I'm a Google engineer. I work on the security infrastructure, which is related to but not the same as the privacy infrastructure.)