Personally, I wasn't too concerned with Google knowing my actual identity, but more with the prospect of tons of information leaking to anyone who I ever meet. For example, it's no longer possible to anonymously review or rate android apps. They retroactively changed all older app reviews to be by "An anonymous user", but now all reviews and ratings are done under your Google+ account, so I just stopped reviewing and rating apps.

If I were to rate and review apps as I would prefer to do, then anyone googling my name when they meet me would find my Google+ account, then it would be trivial for them to click around and find out essentially a list of all the apps I use on a regular basis, and how I use them. I don't know that there's anything too personal at the moment, but given that that information is essentially out there forever, I don't want to accidentally rate some app that might reveal my political, religious or cultural affliations (which could bias a future employer or landlord), or something else that might be very telling about my personal life.

For me, Google having a huge trove of information on me only matters to the extent that they'd ever show it to anyone else. I don't care what they do with the data internally, I've disclosed it to them, but it's clear after the Snowden documents that Google doesn't have the ability to fight government intrusion into their databases (making their huge troves a very tempting target), and after the fiasco with Google Buzz (and this nonsense with Google+ and the "real names" policy), it's become obvious that they don't seem to have the sort of mindset that is appropriate for a good steward of my private data. It's sad, because they provide many great products, but they are simply not trustworthy - as that becomes more obvious to more people, I imagine it will start to affect their bottom line.

Even worse, any businesses or places you review on Google Maps are publicly visible under your G+ account. So an internet stalker can know exactly where you have been, what kind of establishments you visit (e.g gay bars, daycare) and approximately when.

You can hide the reviews so that they don't show up on your Google+ profile. If they are hidden, you can only see someone's review by looking at a place that they've reviewed directly.

And you could probably scrape that information from every listed restaurant in the country in a matter of seconds.

Google does not let you scrape.

That doesn't mean that you cannot still write a bot to scrape the content. If it's displayable in a web browser, then it's also parsable from Perl (or whatever language you choose).

Adding delays between page requests and/or distributing the requests would work around a lot of bot detection systems but in worst case scenario, there are projects out there that can solve Captcha's.

Essentially this can be viewed like music of movie piracy; if it can be played then it can be copied.

Sure, but throttling is going to make it really slow to gather all the data you want.

If you're stalking someone then you already have enough data to perform a more targeted scrape (ie what town to look up businesses from)

Laws do not allow employers to use information about protected characteristics to discriminate against employees (or potential employees) yet people are rightly worried about revealing that information.

People scrape Google all of the time, every day. All day long.

nounaut has the technological objection to this idea pretty much covered, but to add on to that, one of my problems is that Google has shown in many occasions that they simply don't understand why you would be concerned about keeping certain things private. That's what happened with Google Buzz, and it's something they didn't consider with their idiotic "real names" policy. The fact that you can hide your reviews today is great, but there's no forward secrecy on that. Google has shown a willingness to make privacy decisions for you in the past, and so I see no reason to trust that they won't come up with something new in the future that completely defeats the "hide my reviews" setting.

I think Google cares more about privacy than most companies.

Everyone (including Google[0]) agrees that they made privacy mistakes with Google Buzz. And I think that they've worked hard to improve privacy in their products since then. That's why Google+ has used circles from the beginning: the Google+ experience emphasizes choosing the right people to share you content with (as opposed to the standard "share with the public" or "share with all my friends" which was standard at the time). At the time when Google+ launched, it had one of the strongest sets of privacy settings on the market[1]. Other competitors have since beefed up their privacy settings to match Google.

Regarding the "Real Names" policy, I think that their goal there was to make it a community of Real People, instead of a completely anonymous community of people using cryptic usernames. And I think that they thought that people would be more likely to make connections if people saw each other's real names instead of some username they came up with. When they realized that some people only go by a username and that most of their friends don't even know their real name, they started allowing people to add their nickname to their profile so that they could be findable with both their real name and their username. I think that these decisions were good ones and I like the community that now exists because of those policies.

I agree that "Real Names" has privacy concerns, but before the policy change yesterday, Google+ had been saying that you didn't have to use your actual name if you were concerned about your privacy - you could just use any name that resembled an real name (i.e., John Smith). I agree that this is a bit wonky, but I think it was one of those hard tradeoffs. I think without such a policy, growth on Google+ would have been a lot slower, and the community would look very different.

[0]: http://gmailblog.blogspot.ca/2010/02/new-buzz-start-up-exper...

[1]: http://bits.blogs.nytimes.com/2011/07/18/privacy-isnt-dead-j...

I think Google cares about privacy in the abstract, but I'm concerned that there are some fundamental mismatches between what Google considers acceptable disclosure and what I consider acceptable disclosure. I don't really understand why a "real enough" name like John Smith or something would be consistent with what they said again and again was the goal of the "real names" policy, which was that they wanted you to have a reputation to maintain so people wouldn't "act out" online. What you're saying is that they just wanted you to have western-style names, and that's all that matters?

In any case, Google Plus perfectly shows what I'm talking about, because it has had serious mission creep since the beginning. If they want to have some community where everyone is forced to use their real names, fine, I'll never join that community because it's not something that interests me. What happened then was that they became downright aggressive in trying to get people to join Google Plus by making it part of the "unified" platform with "one sign in" (and no control over what you're signed in to, mind you). Now your android reviews are all on your Google Plus account, so if you want to review an app you downloaded, you have to join their forced little "community". It's heartening that after Google Buzz they've mostly been preserving some forward secrecy (i.e. "from now on all your comments will be with your real name, stop commenting if you don't like it"), but it's clear that they're deliberately making these "tradeoffs" for you, and they clearly just don't have a corporate mindset that cares about what many people care about, so I'm deeply concerned that they'll make some serious mistakes in the future just because they don't understand what people outside their culture care about, and they don't mind taking unilateral action.

I know this is probably an unpopular idea but it seems like we set up so much infrastructure(intelligence agencies, the entire security industry, etc.) to create and secure private information that I feel like it creates an unnecessary economic burden and has an unnecessary psychological effect on people.

We as a society need to first trust a large entity(which obviously right now is not gonna happen) with as much personally identifying information as possible in the hopes of creating an authority and allowing us to navigate the "system" much more easily(like I said renewing a Driver's License, getting a welfare check more quickly, processing a zoning request more easily, getting a medical history, etc.).

After that happens, we should hopefully then feel okay about sharing that personal information publicly. Not a selective news feed like FB but the equivalent of a publicly available intelligence dossier on yourself that anyone(including yourself) has free access to. I know it seems crazy, but I really believe that's where it's headed anyway.

No more background checks or credit score checks or walled gardens etc. My current location, my current heart rate, my arrest record, all my google searches(eesh) my last mammogram or testicular cancer exam, etc. is on display for all(including myself) to check and find out instantly and for free. The world would collapse. Economies might actually collapse though.

Obviously, society is not ready for that sort of thing just yet, but that should have been the direction Google should have gone with Google+(or Google Identity or whatever they want to call it) eventually.

You can't index the world's information if most of it is "private".

I'm not sure why you think this dystopian vision you have wouldn't be horrible. It would have massive chilling effects on nearly everyone's behavior, since it would be incredibly efficient to seek out and socially punish anyone with transgressive viewpoints.

Protecting your privacy is worth it, and despite what you think, there are strategies that are likely to help protect quite a bit of it, if the impetus becomes strong enough.

> We as a society need to first trust a large entity

That's just not going to happen. Large entities are run by people who are inherently trustworthy. This is why there's a need for privacy. I don't want to be judged on my heart rate, physical ailments, preferred music, or any of the million other items you'd like to be public. I don't think you have any idea what harm revealing such information might cause. Say I'm gay and living in some backwards town in the south. Would I want my neighbors to find out so they can tie me up to a pickup truck and drag me to death? This is just one of infinite possibilities for harm resulting in all data being accessible. Your proposal is absolutely ludicrous.

And if you're oh, say an atheist in a place like Pakistan, you do what exactly...look online to see that there's quite literally no where for you to go, have a nice glass of wine, and wait for your violent death?

For that matter, whatever gave you the idea that most people get to choose what neighborhood they're going to live in? Poor people pretty often live wherever fate deposited them. The whole idea reminds of a joke Bill Maher made during the Hurricane Katrina aftermath, the gist of which was George Bush saying something to Cheney like, "I don't understand what all those people are still doing in the Superdome. Why don't they get in their SUVs and drive to their summer homes?"

Atheism as such isn't usually such a big deal in Pakistan, what gets people's goat is the whole insulting Mohammad thing. In practice people usually leave atheists alone. But yes, I see your point.

> After that happens, we should hopefully then feel okay about sharing that personal information publicly.

Setting aside how comfortable I feel with the rest of your suggestion (I don't), this seems to miss a fundamental point: part of the reason that some information needs to be private is that it is how you authenticate yourself. In a world where you can easily get your welfare check, and where everyone else knows all relevant information about you, how do you stop someone else from getting your welfare check? (For the near future, anyway, presumably a physical presence will trump any information-based authentication; but having to be physically present for these transactions seems like it would erase the very convenience that is your goal.)

In the movie There Will Be Blood a stranger shows up to Daniel Plainview's doorstep pretending to be his half-brother. The stranger relates some story about their childhood together and that's enough to convince Plainview of the stranger's identity(which isn't his actual identity) and relation(half-brother) to Plainview. It's false of course, and Daniel isn't happy when he finds out. But it's interesting comment on the times they lived in. There was no LinkedIn or FB or even a Driver's License for that matter to verify someone was who they said they were.

Regardless, I really don't know how you actually identify someone. Likely, as you say, physically being present(retina scan, fingerprinting, both?). You raise an interesting philosophical question; that is, what is identity?

>Regardless, I really don't know how you actually identify someone. Likely, as you say, physically being present(retina scan, fingerprinting, both?). You raise an interesting philosophical question; that is, what is identity?

It's not really a philosophical question being raised. The question of identity is always, "Is the person trying to authenticate the same person as someone with whom I have some relationship?" Online, you set up a username and password, and the presumption is that any person with that username and password is the same person who set up the account. If you want to prove your "real" identity, you're basically doing the same thing, but you're instead trying to prove that you're the same person as the one who was awarded your driver's license, or the same person whose birth is certified by your birth certificate.

Not that I'm a fan, but here in Portugal we're all issued national ID cards with a private asymmetric key (ISO 7816), with which you can authenticate both offline and online. Technically, it's still hidden information, but it's not about you, just happens to be linked to you.

Replacing the card requires physical presence, of course.

Yes, it's very definitely an unpopular idea. Having all of this available will be great for people who want to find people... like, say, your violent ex, or an oppressive regime.

Or an ex finding an estranged partner and killing them - I worked at a telecoms company where this actually happened some one got a mate to look up his ex's new address/phone number and killed her.

Which is why at least in BT senior developers on some systems had TS clearance.

Would you be ok with being paying more for healthcare because you ate a candybar for lunch?

In a shared resource like health insurance, you either pay for your actions or the actions of others. If you're a health conscious person that only eats healthy food, gets 8 hours if sleep every night and participates in moderate exercise, you're paying the same premium as someone who scarfs down junk food, sleeps 3 hours per night and never exercises.

Maybe if there were a surcharge for every unhealthful thing, people would choose to be healthier and healthcare costs would actually come down.

Not sure why you got downvoted. I would be upset if what you describe happened (although it does happen to a certain degree) but I can't argue with the logic.

> Maybe if there were a surcharge for every unhealthful thing, people would choose to be healthier and healthcare costs would actually come down.

yeah,and why not a mandatory rfid chip so they can monitor your health in realtime and adjust your premium,hey?. And you are driving ? you're then more likely to have an accident so your insurance should go up.Watching TV on the sofa instead of running? not healthy! Here you pay 10% more. Running? it's not unlikely you get a heart attack, what about 5% more?

Do you have any idea how stupid you sound?

Such name calling is uncalled for on a well- meaning comment that you disagree with.

And in broad strokes the concept is sound - Why should I pay for others' bad habits? I'm much more sympathetic to things you can't control (and admittedly there is a gray zone in between).

The example that really bugs me is federally backed flood insurance. People build homes in places that aren't safe, and then taxpayers bail them out. Moral hazard.

Of course it's different - when everyone's at risk, nobody's paying for others' foolishness.

+1 for you - not because I agree with you, but because downvote on HN shouldn't be used to express disagreement.

To be honest, one differentiator that would me use Google+ over Facebook is a -1 button.

I love to dislike things, especially if disliking them would affect their Google ranking (I'm looking at you Quora and your dark patterns!).

Not only I would love the -1 button, but also negative endorsement, and pretty much any Google+ feature, but with a negative twist.

That would really encourage me to use Google+, or should I say Google-.

A -1 button affecting search rank would be used almost entirely by dark-hat SEO firms.

How about a -1 that affects ranking ONLY to people who enables the feature and follows you?

I mean, if I follow an expert in his area, it makes more sense to me to see that he doesn't endorse spammy-website.com, than to see he endorses "Chrome Beta for Android".

This used to exist - SearchWiki gave you the opportunity to either vote up a search result or to remove it entirely. Both of these actions would affect only your own results - there were vague plans to eventually use the data to improve ranking, but the spam/SEO implications were never solved.

Basically people just used it to kill experts-exchange.com. Usage was tiny otherwise, and the experts-exchange case was fixed when StackOverflow started getting traction and Panda put the final nail into experts-exchange's coffin.

I'm honestly still surprised that YouTube has a dislike button. It must be incredibly important to their algorithms there.

But I'm 95% sure Google+ will never get a dislike button, much like Facebook. Dislike buttons don't belong in social media platforms. They sow disappointment and hurt egos (e.g. karma on reddit).

YouTube ia public and searchable and watching a video is relatively expensive, so downvotes help ranking and warn you about bad content.

Posts don't have these features, people don't read complete strangers' posts based on search queries. It's pre-curated peer user.

Do you actually have to watch the video to downvote it?

It would be trivial to check if someone has watched something before they downvoted, and adjust algorithms accordingly (ignore the vote internally and lower that voter's general impact).

> I mean at the end of the day, they DO have your identity.

This was always the dumbest thing about the real name policy: Google knew anyway. They could have let everyone have synonyms and pseudonyms until the cows came home and it would only disadvantage their competitors who don't have enough data to do the linkage of identities. Instead what they did was literally drove me away from putting any important information into G+ profile because it was linked to my real name - so Google is the loser all round.

FWIW - the Real Names policy was never about providing Google with your name. It was about the name that was displayed to others. I was never a supporter of the real names policy, but I can still understand the motivations behind it - even if I think it was a mistake.

Quoting Yonatan (tech lead for G+):

> There were quite a few things we were trying to achieve, some of which turned out to be key and some of which didn't. Greater authenticity was actually one of the big successes: it set the culture to be one where people, by default, act as themselves rather than as a persona. That makes a huge difference to how people behave, and now the culture is stable enough that it's OK to relax that. Reducing trolling, on the other hand, turned out not to be as tied to names as anyone thought. We had lots of reasons to believe that might be the case at first -- look at YouTube, 4chan, and Facebook comments back then -- but in retrospect, the dynamics which control trolling seem to be somewhat different. Or to put it a little more bluntly, people are quite willing to be assholes under their real names, too. 

I find it quite interesting that they didn't realise that making people use their real names pretty much is guaranteed to make a lot of people NOT act as themselves rather than a persona.

Lots of people who are happy to "be themselves" in safe settings, around likeminded people, will "clam up" or take on a persona they don't like immediately if the alternative is that anyone can link something to their name.

Political beliefs, religious beliefs, sexual orientation etc. Even gender - there are plenty of women online in male oriented environments that are uneasy about using their real name in certain settings because of bad experiences with sexism.

If they'd bothered to listen to any of the people they affected, they'd have learned this on day one. But it ought to have been blatantly obvious: In real life we don't go around with name tags and hand out dossiers on ourselves to random strangers, which is the equivalent effect of using full real names online.

I don't know what it says about the culture of Google that this was such a hard realisation for them.

Really shows how out of touch G+ leads were from Internet users. At least they learned eventually.

Yes, but wasn't the lack of effect on trolling obvious immediately? And yet it was continued to be presented as a reason for the policy for over two more years.

Just as important as the Real Name Policy: The Multiple Profile Policy.

This is still, to me, the best way to protect my privacy. The one I use for my company is different from the one I use for me. One will outlive the other. Yet, you can maintain distinct ones. For example all my iPad Google ones require I use the same identity (therefore I make sure I don't use Google Chrome anymore). Even the incognito mode of Chrome suggest that I log in under my real name. How do they know, given it's incognito?