> CUSTOMER: Hi Vendor, can you build us application ABC and deploy it in > conjunction with our google apps?
Notice that this customer has already accepted the privacy policy associated with some unspecified google applications. (It's unclear if this is intended as a generic reference to Google-related applications or Google Apps specifically.) > VENDOR: Sure, we can do that for $xyz > CUSTOMER: And we would own the IP right? > VENDOR: Of course. Unfortunately we have to deploy it to a system > that says they have the right to use it for pretty much anything, > including public display, and without mentioning it to you, or asking > your permission. It's not "a system", it's a Google system, under a Google privacy policy. That's importang because we know from above that said customer is happy with at least one Google privacy policy. Maybe there's something different about the AppEngine policy, but they're all written much the same way. Or, maybe this data is different. > CUSTOMER: Ummm.... right. This deal is getting worse all the > time..... And then we get to the meat of the problem this exchange - it's so far removed from reality as to be useless. Serious vendors and serious customers don't have that kind of conversation about security and privacy. Instead, the discussion (from the vendor side) consists of "here's a copy of our actual terms" and "here's where to find the terms of our suppliers". (They don't give copies of the vendors terms if at all possible for obvious reasons.) The big problems with the above are that (1) serious vendors don't interpret other people's terms for their customers and (2) serious vendors don't engage in ad-hoc conversations about their terms. > It seems clear to me that google intends this to be a business > application platform as much as anything else. As I pointed out, the only evidence for this vague proposition is that Google wants folks to resell. It's a vague proposition because "business application platform" covers an incredible range of applications, with a huge range of security/privacy concerns. > It is certainly where > they could drive adoption of google apps, which would drive adoption > of app engine in a lovely money spinning feedback loop. It's a "money spinning feedback loop" only if it's profitable. Different promises (by Google) have different costs. Given the amount of money they're likely to make on most applications, they can't afford significant costs. That's why I asked how likely it was that Google would want to accept a $10-50M risk for an account that bills $50/month. $10-20M is the low-end of the risk associated with business applications that have significant privacy concerns and $50/month buys a lot of GAE. > What do you see the scope of app engine as? Given the proposed App Engine prices and the assumption that Google wants to make money, I see the scope as low-cost&risk applications. Security costs money, and better security costs more money. I don't know Google's margins, but their prices don't seem to have much room for that stuff. That's why I doubt that Google has any interest in applications that have significant security reqts, at least not without significant additional fees. (No, they won't provide auditing and the like for free.) Vendors with significant risk exposure demand compensation for that exposure, well beyond normal margins for "just doing biz" costs. Hawkett is talking about applications with significant risk esposure yet it's not clear how Google is making enough money on App Engine to compensate them for that risk. I note that we have yet to see acceptable terms from other vendors. (No, handwaving and "it says" doesn't count.) On Jan 18, 6:08 am, hawkett <[email protected]> wrote: > Just to clear a few things up :) > > > There's nothing about UI in Section 8 > > Section 8 says this - > > '...such Content for the sole purpose of enabling Google to provide > you with the Service in > accordance with its privacy policy' > > which means you have to read the privacy policy in conjunction, not in > isolation. The privacy policy says, under the personal information > heading - > > 'Content. Google App Engine stores, processes your application source > code and content in order to provide the service to you.' > > It is somewhat explicit about application source code. Great idea to > use the term 'content' to define the term 'content'. > > > > I see this concern all the time. From every business-oriented point > > > of view. I'm surprised that anyone else doubts this. > > > > I thought it could pretty much be considered a given. > > > I was unclear - I was referring to AppEngine specific concerns. > > Here's a simple reason why it is an app engine specific concern. > Google has announced its google apps reseller program. One of the key > advantages to becoming a reseller (according to google) is that you > can market applications to to your customers. So lets look at an > imaginary (but highly likely) dialogue - > > CUSTOMER: Hi Vendor, can you build us application ABC and deploy it in > conjunction with our google apps? > VENDOR: Sure, we can do that for $xyz > CUSTOMER: And we would own the IP right? > VENDOR: Of course. Unfortunately we have to deploy it to a system > that says they have the right to use it for pretty much anything, > including public display, and without mentioning it to you, or asking > your permission. > CUSTOMER: Ummm.... right. This deal is getting worse all the > time..... > > So I'm not sure what you consider to be app engine specific concerns, > but I guess you must see the platform as something different to me. > It seems clear to me that google intends this to be a business > application platform as much as anything else. It is certainly where > they could drive adoption of google apps, which would drive adoption > of app engine in a lovely money spinning feedback loop. > > What do you see the scope of app engine as? > > > And I've never said, suggested, or implied otherwise. We're > > discussing whether Google's stated policies (and previously > > technology) are "good enough for biz use" and possibly whether Google > > cares/wants them to be seen as such. While AppEngine as a whole may > > eventually make lots of money, the margins (and usage) may be such > > that biz applications don't make much money. If that's the case, > > Google may not want the hassle. > > See previous point. > > On Jan 18, 12:23 am, Andy Freeman <[email protected]> wrote: > > > > > > I see this concern all the time. From every business-oriented point > > > of view. I'm surprised that anyone else doubts this. > > > > I thought it could pretty much be considered a given. > > > I was unclear - I was referring to AppEngine specific concerns. > > > > Businesses frequently consider data one of their most valuable > > > assets. And they're reluctant to trust it with anyone else. > > > And I've never said, suggested, or implied otherwise. We're > > discussing whether Google's stated policies (and previously > > technology) are "good enough for biz use" and possibly whether Google > > cares/wants them to be seen as such. While AppEngine as a whole may > > eventually make lots of money, the margins (and usage) may be such > > that biz applications don't make much money. If that's the case, > > Google may not want the hassle. > > > To put it another way, Google may not be willing to accept a $50-100M > > risk for $3-50/month. Since that's the level of risk that Hawkett is > > suggesting.... (Yes, there is an indemnity clause in the App Engine > > agreement, but that's an agreement with the application vendor, not > > with the biz being served. Google, aka "deep pockets", will be sued.) > > > > > Actually, there's nothing about the UI. > > > > That's in there. Maybe it's a recent addition? > > > There's nothing about UI in Section 8, the section under discussion. > > The word "interface" only appears twice > > inhttp://code.google.com/appengine/terms.html > > , both times in Section 2, specifically in reference to not hacking > > Google's adminstrative console interface; that's not a reference to > > Google's use of an application's interface or the application and/or > > content to improve some (unspecified) user interface/experience.. > > > There's a mention of user interface > > inhttp://code.google.com/appengine/privacy.html > > , which contains the following (quoted by Hawkett) "We use this > > information internally to deliver the best possible service to you, > > such as improving the Google App Engine user interface and maintaining > > a consistent and reliable user experience." however the information in > > question is"personal information" as used > > inhttp://www.google.com/privacypolicy.html > > and defined inhttp://www.google.com/privacy_faq.html#personalinfo- > > it has nothing to do with Content or Application. > > > > Have I mentioned before that I really like that whole "sole purpose" > > > phrase? I think I have. > > > Yes, you have. However, you didn't mention that "sole purpose" is > > used throughout Google documents, including in places where a > > "nonstandard interpretation" would cause Google considerable harm. If > > they're not already on (court) record with a strong interpretation, > > they soon will be. > > > On Jan 17, 2:11 pm, James Ashley <[email protected]> wrote: > > > > On Jan 17, 2:54 pm, Andy Freeman <[email protected]> wrote: > > > > > > data privacy is probably the number one barrier to > > > > > commercial cloud adoption at the moment. > > > > > Some supporting evidence would be nice because only one person is > > > > raising this concern. Maybe it's so huge a barrier that no one else > > > > is bothering, maybe the discussion is somewhere else, but.... > > > > I see this concern all the time. From every business-oriented point > > > of view. I'm surprised that anyone else doubts this. > > > > I thought it could pretty much be considered a given. > > > > Businesses frequently consider data one of their most valuable > > > assets. And they're reluctant to trust it with anyone else. > > > > > > When you put these two statements together, Google is able to > > > > > reproduce, adapt and modify developer contributed code to improve your > > > > > UI, and explicitly *does not* require content owner's permission. > > > > > Actually, there's nothing about the UI. > > > > That's in there. Maybe it's a recent addition? > > > > > However, there's something > > > > important missing from this discussion, namely "for the sole purpose > > > > of enabling Google to provide you with the Service in accordance with > > > > its privacy policy." > > > > Have I mentioned before that I really like that whole "sole purpose" > > > phrase? I think I have. > > > > > How about some acceptable wording from a service that provides > > > > computation and storage resources, together with a link to the whole > > > > policy? > > > > Ooh, nice question! > > > > I <3 nearlyfreespeech.net (I'm completely unaffiliated...the guy who > > > owns it probably hates me). But even they don't have anything as > > > explicit as google's. > > > > - Hide quoted text - > > > > - Show quoted text -- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
